/**
* Displays a login form
* This is the version of the login form displayed in the content area of the
* page (not the side bar). It will present all options (remote authentication
* - including OpenID, new registration link, etc.) according to the current
* configuration settings.
*
* @param array $use_config options to override some of the defaults
* @return string HTML of the login form
*/
function SEC_loginForm($use_config = array())
{
global $_CONF, $LANG01, $LANG04, $_SCRIPTS;
$retval = '';
$have_remote_login = false;
$default_config = array('hide_forgotpw_link' => false, 'hidden_fields' => '', 'no_oauth_login' => false, 'no_3rdparty_login' => false, 'no_openid_login' => false, 'no_newreg_link' => false, 'no_plugin_vars' => false, 'title' => $LANG04[65], 'message' => $LANG04[66], 'button_text' => $LANG04[80]);
$config = array_merge($default_config, $use_config);
$loginform = COM_newTemplate($_CONF['path_layout'] . 'users');
$loginform->set_file('login', 'loginform.thtml');
$loginform->set_var('start_block_loginagain', COM_startBlock($config['title']));
$loginform->set_var('lang_message', $config['message']);
if ($config['no_newreg_link'] || $_CONF['disable_new_user_registration']) {
$loginform->set_var('lang_newreglink', '');
} else {
$loginform->set_var('lang_newreglink', $LANG04[123]);
}
$loginform->set_var('lang_username', $LANG04[2]);
$loginform->set_var('lang_password', $LANG01[57]);
if ($config['hide_forgotpw_link']) {
$loginform->set_var('lang_forgetpassword', '');
$loginform->set_var('forgetpassword_link', '');
} else {
$loginform->set_var('lang_forgetpassword', $LANG04[25]);
$forget = COM_createLink($LANG04[25], $_CONF['site_url'] . '/users.php?mode=getpassword', array('rel' => 'nofollow'));
$loginform->set_var('forgetpassword_link', $forget);
}
$loginform->set_var('lang_login', $config['button_text']);
$loginform->set_var('lang_remote_login', $LANG04[167]);
$loginform->set_var('lang_remote_login_desc', $LANG04[168]);
$loginform->set_var('end_block', COM_endBlock());
// 3rd party remote authentification.
$services = '';
if (!$config['no_3rdparty_login'] && $_CONF['user_login_method']['3rdparty'] && $_CONF['usersubmission'] == 0) {
$modules = SEC_collectRemoteAuthenticationModules();
if (count($modules) > 0) {
if (!$_CONF['user_login_method']['standard'] && count($modules) == 1) {
$select = '<input type="hidden" name="service" value="' . $modules[0] . '"' . XHTML . '>' . $modules[0];
} else {
// Build select
$select = '<select name="service">';
if ($_CONF['user_login_method']['standard']) {
$select .= '<option value="">' . $_CONF['site_name'] . '</option>';
}
foreach ($modules as $service) {
$select .= '<option value="' . $service . '">' . $service . '</option>';
}
$select .= '</select>';
}
$loginform->set_file('services', 'services.thtml');
$loginform->set_var('lang_service', $LANG04[121]);
$loginform->set_var('select_service', $select);
$loginform->parse('output', 'services');
$services .= $loginform->finish($loginform->get_var('output'));
}
}
if (!empty($config['hidden_fields'])) {
// allow caller to (ab)use {services} for hidden fields
$services .= $config['hidden_fields'];
}
$loginform->set_var('services', $services);
// OpenID remote authentification.
if (!$config['no_openid_login'] && $_CONF['user_login_method']['openid'] && $_CONF['usersubmission'] == 0 && !$_CONF['disable_new_user_registration']) {
$have_remote_login = true;
$_SCRIPTS->setJavascriptFile('login', '/javascript/login.js');
$loginform->set_file('openid_login', '../loginform_openid.thtml');
$loginform->set_var('lang_openid_login', $LANG01[128]);
$loginform->set_var('input_field_size', 40);
// for backward compatibility - not used any more
$app_url = isset($_SERVER['SCRIPT_URI']) ? $_SERVER['SCRIPT_URI'] : 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
$loginform->set_var('app_url', $app_url);
$loginform->parse('output', 'openid_login');
$loginform->set_var('openid_login', $loginform->finish($loginform->get_var('output')));
} else {
$loginform->set_var('openid_login', '');
}
// OAuth remote authentification.
if (!$config['no_oauth_login'] && $_CONF['user_login_method']['oauth'] && $_CONF['usersubmission'] == 0 && !$_CONF['disable_new_user_registration']) {
$have_remote_login = true;
$_SCRIPTS->setJavascriptFile('login', '/javascript/login.js');
$modules = SEC_collectRemoteOAuthModules();
if (count($modules) == 0) {
$loginform->set_var('oauth_login', '');
} else {
$html_oauth = '';
// Grab oauth icons from theme
if ($_CONF['theme_oauth_icons']) {
$icon_path = $_CONF['layout_url'] . '/images/';
} else {
$icon_path = $_CONF['site_url'] . '/images/';
}
foreach ($modules as $service) {
$loginform->set_file('oauth_login', '../loginform_oauth.thtml');
$loginform->set_var('oauth_service', $service);
$loginform->set_var('lang_oauth_service', $LANG01[$service]);
// for sign in image
$loginform->set_var('oauth_sign_in_image', $icon_path . $service . '-login-icon.png');
$loginform->parse('output', 'oauth_login');
$html_oauth .= $loginform->finish($loginform->get_var('output'));
}
$loginform->set_var('oauth_login', $html_oauth);
}
} else {
$loginform->set_var('oauth_login', '');
}
if ($have_remote_login) {
$loginform->set_var('remote_login_class', 'remote-login-enabled');
}
if (!$config['no_plugin_vars']) {
PLG_templateSetVars('loginform', $loginform);
}
$loginform->parse('output', 'login');
$retval .= $loginform->finish($loginform->get_var('output'));
return $retval;
}
/**
* Displays a login form
*
* This is the version of the login form displayed in the content area of the
* page (not the side bar). It will present all options (remote authentication
* - including new registration link, etc.) according to the current
* configuration settings.
*
* @param array $use_options options to override default settings
* @return string HTML of the login form
*
*/
function SEC_loginForm($use_options = array())
{
global $_CONF, $_USER, $LANG01, $LANG04;
$retval = '';
$default_options = array('forgotpw_link' => true, 'hidden_fields' => '', 'oauth_login' => true, '3rdparty_login' => true, 'newreg_link' => true, 'verification_link' => false, 'plugin_vars' => true, 'prefill_user' => false, 'title' => $LANG04[65], 'message' => '', 'footer_message' => '', 'button_text' => $LANG04[80], 'form_action' => $_CONF['site_url'] . '/users.php');
$options = array_merge($default_options, $use_options);
$loginform = new Template($_CONF['path_layout'] . 'users');
$loginform->set_file('login', 'loginform.thtml');
$loginform->set_var('form_action', $options['form_action']);
$loginform->set_var('footer_message', $options['footer_message']);
$loginform->set_var('start_block_loginagain', COM_startBlock($options['title']));
$loginform->set_var('lang_message', $options['message']);
if ($options['newreg_link'] == false || $_CONF['disable_new_user_registration']) {
$loginform->set_var('lang_newreglink', '');
} else {
$loginform->set_var('lang_newreglink', $LANG04[123]);
}
$loginform->set_var('lang_username', $LANG04[2]);
$loginform->set_var('lang_password', $LANG01[57]);
if ($options['forgotpw_link']) {
$loginform->set_var('lang_forgetpassword', $LANG04[25]);
$forget = COM_createLink($LANG04[25], $_CONF['site_url'] . '/users.php?mode=getpassword', array('rel' => 'nofollow'));
$loginform->set_var('forgetpassword_link', $forget);
} else {
$loginform->set_var('lang_forgetpassword', '');
$loginform->set_var('forgetpassword_link', '');
}
$loginform->set_var('lang_login', $options['button_text']);
$loginform->set_var('end_block', COM_endBlock());
// 3rd party remote authentication.
$services = '';
if ($options['3rdparty_login'] && $_CONF['user_login_method']['3rdparty'] && $_CONF['usersubmission'] == 0) {
$modules = SEC_collectRemoteAuthenticationModules();
if (count($modules) > 0) {
if (!$_CONF['user_login_method']['standard'] && count($modules) == 1) {
$select = '<input type="hidden" name="service" value="' . $modules[0] . '"/>' . $modules[0] . LB;
} else {
// Build select
$select = '<select name="service">';
if ($_CONF['user_login_method']['standard']) {
$select .= '<option value="">' . $_CONF['site_name'] . '</option>' . LB;
}
foreach ($modules as $service) {
$select .= '<option value="' . $service . '">' . $service . '</option>' . LB;
}
$select .= '</select>';
}
$loginform->set_file('services', 'services.thtml');
$loginform->set_var('lang_service', $LANG04[121]);
$loginform->set_var('select_service', $select);
$loginform->parse('output', 'services');
$services .= $loginform->finish($loginform->get_var('output'));
}
}
if (!empty($options['hidden_fields'])) {
// allow caller to (ab)use {services} for hidden fields
$services .= $options['hidden_fields'];
$loginform->set_var('hidden_fields', $options['hidden_fields']);
}
$loginform->set_var('services', $services);
// OAuth remote authentication.
if ($options['oauth_login'] && $_CONF['user_login_method']['oauth']) {
$modules = SEC_collectRemoteOAuthModules();
if (count($modules) == 0) {
$loginform->set_var('oauth_login', '');
} else {
$html_oauth = '';
foreach ($modules as $service) {
$loginform->set_file('oauth_login', '../loginform_oauth.thtml');
$loginform->set_var('oauth_service', $service);
$loginform->set_var('oauth_service_display', ucwords($service));
// for sign in image
$loginform->set_var('oauth_sign_in_image', $_CONF['site_url'] . '/images/login-with-' . $service . '.png');
$loginform->parse('output', 'oauth_login');
$html_oauth .= $loginform->finish($loginform->get_var('output'));
}
$loginform->set_var('oauth_login', $html_oauth);
}
} else {
$loginform->set_var('oauth_login', '');
}
if ($options['verification_link']) {
$loginform->set_var('lang_verification', $LANG04[169]);
$verify = COM_createLink($LANG04[25], $_CONF['site_url'] . '/users.php?mode=getnewtoken', array('rel' => 'nofollow'));
$loginform->set_var('verification_link', $verify);
} else {
$loginform->set_var('lang_verification', '');
$loginform->set_var('verification_link', '');
}
if ($options['prefill_user'] && isset($_USER['username']) && $_USER['username'] != '') {
$loginform->set_var('loginname', $_USER['username']);
$loginform->set_var('focus', 'passwd');
} else {
$loginform->set_var('loginname', '');
$loginform->set_var('focus', 'loginname');
}
if ($options['plugin_vars']) {
PLG_templateSetVars('loginform', $loginform);
}
$loginform->parse('output', 'login');
$retval .= $loginform->finish($loginform->get_var('output'));
return $retval;
}
/**
* Authenticates the user if authentication headers are present
*
* Our handling of the speedlimit here requires some explanation ...
* Atompub clients will usually try to do everything without logging in first.
* Since that would mean that we can't provide feeds for drafts, items with
* special permissions, etc. we ask them to log in (PLG_RET_AUTH_FAILED).
* That, however, means that every request from an Atompub client will count
* as one failed login attempt. So doing a couple of requests in quick
* succession will surely get the client blocked. Therefore
* - a request without any login credentials counts as one failed login attempt
* - a request with wrong login credentials counts as two failed login attempts
* - if, after a successful login, we have only one failed attempt on record,
* we reset the speedlimit
* This still ensures that
* - repeated failed logins (without or with invalid credentials) will cause the
* client to be blocked eventually
* - this can not be used for dictionary attacks
*
*/
function WS_authenticate()
{
global $_CONF, $_TABLES, $_USER, $_GROUPS, $_RIGHTS, $WS_VERBOSE;
$uid = '';
$username = '';
$password = '';
$status = -1;
if (isset($_SERVER['PHP_AUTH_USER'])) {
$username = COM_applyBasicFilter($_SERVER['PHP_AUTH_USER']);
$password = $_SERVER['PHP_AUTH_PW'];
if ($WS_VERBOSE) {
COM_errorLog("WS: Attempting to log in user '{$username}'");
}
/** this does not work! *******************************************************
} elseif (!empty($_SERVER['HTTP_X_WSSE']) &&
(strpos($_SERVER['HTTP_X_WSSE'], 'UsernameToken') !== false)) {
// this is loosely based on a code snippet taken from Elgg (elgg.org)
$wsse = str_replace('UsernameToken', '', $_SERVER['HTTP_X_WSSE']);
$wsse = explode(',', $wsse);
$username = '';
$pwdigest = '';
$created = '';
$nonce = '';
foreach ($wsse as $element) {
$element = explode('=', $element);
$key = array_shift($element);
if (count($element) == 1) {
$val = $element[0];
} else {
$val = implode('=', $element);
}
$key = trim($key);
$val = trim($val, "\x22\x27");
if ($key == 'Username') {
$username = COM_applyBasicFilter($val);
} elseif ($key == 'PasswordDigest') {
$pwdigest = $val;
} elseif ($key == 'Created') {
$created = $val;
} elseif ($key == 'Nonce') {
$nonce = $val;
}
}
if (!empty($username) && !empty($pwdigest) && !empty($created) &&
!empty($nonce)) {
$uname = DB_escapeString($username);
$pwd = DB_getItem($_TABLES['users'], 'passwd',
"username = '******'");
// ... and here we would need the _unencrypted_ password
if (!empty($pwd)) {
$mydigest = pack('H*', sha1($nonce . $created . $pwd));
$mydigest = base64_encode($mydigest);
if ($pwdigest == $mydigest) {
$password = $pwd;
}
}
}
if ($WS_VERBOSE) {
COM_errorLog("WS: Attempting to log in user '$username' (via WSSE)");
}
******************************************************************************/
} elseif (!empty($_SERVER['REMOTE_USER'])) {
/* PHP installed as CGI may not have access to authorization headers of
* Apache. In that case, use .htaccess to store the auth header as
* explained at
* http://wiki.geeklog.net/wiki/index.php/Webservices_API#Authentication
*/
list($auth_type, $auth_data) = explode(' ', $_SERVER['REMOTE_USER']);
list($username, $password) = explode(':', base64_decode($auth_data));
$username = COM_applyBasicFilter($username);
if ($WS_VERBOSE) {
COM_errorLog("WS: Attempting to log in user '{$username}' (via \$_SERVER['REMOTE_USER'])");
}
} else {
if ($WS_VERBOSE) {
COM_errorLog("WS: No login given");
}
// fallthrough (see below)
}
COM_clearSpeedlimit($_CONF['login_speedlimit'], 'wsauth');
if (COM_checkSpeedlimit('wsauth', $_CONF['login_attempts']) > 0) {
WS_error(PLG_RET_PERMISSION_DENIED, 'Speed Limit exceeded');
}
if (!empty($username) && !empty($password)) {
if ($_CONF['user_login_method']['3rdparty']) {
// remote users will have to use username@servicename
$u = explode('@', $username);
if (count($u) > 1) {
$sv = $u[count($u) - 1];
if (!empty($sv)) {
$modules = SEC_collectRemoteAuthenticationModules();
foreach ($modules as $smod) {
if (strcasecmp($sv, $smod) == 0) {
array_pop($u);
// drop the service name
$uname = implode('@', $u);
$status = SEC_remoteAuthentication($uname, $password, $smod, $uid);
break;
}
}
}
}
}
if ($status == -1 && $_CONF['user_login_method']['standard']) {
$status = SEC_authenticate($username, $password, $uid);
}
}
if ($status == USER_ACCOUNT_ACTIVE) {
$_USER = SESS_getUserDataFromId($uid);
PLG_loginUser($_USER['uid']);
// Global array of groups current user belongs to
$_GROUPS = SEC_getUserGroups($_USER['uid']);
// Global array of current user permissions [read,edit]
$_RIGHTS = explode(',', SEC_getUserPermissions());
if ($_CONF['restrict_webservices']) {
if (!SEC_hasRights('webservices.atompub')) {
COM_updateSpeedlimit('wsauth');
if ($WS_VERBOSE) {
COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) does not have permission to use the webservices");
}
// reset user, groups, and rights, just in case ...
$_USER = array();
$_GROUPS = array();
$_RIGHTS = array();
WS_error(PLG_RET_AUTH_FAILED);
}
}
if ($WS_VERBOSE) {
COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) successfully logged in");
}
// if there were less than 2 failed login attempts, reset speedlimit
if (COM_checkSpeedlimit('wsauth', 2) == 0) {
if ($WS_VERBOSE) {
COM_errorLog("WS: Successful login - resetting speedlimit");
}
COM_resetSpeedlimit('wsauth');
}
} else {
COM_updateSpeedlimit('wsauth');
if (!empty($username) && !empty($password)) {
COM_updateSpeedlimit('wsauth');
if ($WS_VERBOSE) {
COM_errorLog("WS: Wrong login credentials - counting as 2 failed attempts");
}
} elseif ($WS_VERBOSE) {
COM_errorLog("WS: Empty login credentials - counting as 1 failed attempt");
}
WS_error(PLG_RET_AUTH_FAILED);
}
}
/**
* Shows the user their menu options
*
* This shows the average Joe User their menu options. This is the user block on the left side
*
* @param string $help Help file to show
* @param string $title Title of Menu
* @param string $position Side being shown on 'left', 'right'. Though blank works not likely.
* @see function COM_adminMenu
*
*/
function COM_userMenu($help = '', $title = '', $position = '')
{
global $_TABLES, $_CONF, $LANG01, $LANG04, $_BLOCK_TEMPLATE;
$retval = '';
if (!COM_isAnonUser()) {
$usermenu = COM_newTemplate($_CONF['path_layout']);
if (isset($_BLOCK_TEMPLATE['useroption'])) {
$templates = explode(',', $_BLOCK_TEMPLATE['useroption']);
$usermenu->set_file(array('option' => $templates[0], 'current' => $templates[1]));
} else {
$usermenu->set_file(array('option' => 'useroption.thtml', 'current' => 'useroption_off.thtml'));
}
$usermenu->set_var('block_name', str_replace('_', '-', 'user_block'));
if (empty($title)) {
$title = DB_getItem($_TABLES['blocks'], 'title', "name='user_block'");
}
// what's our current URL?
$thisUrl = COM_getCurrentURL();
$retval .= COM_startBlock($title, $help, COM_getBlockTemplate('user_block', 'header', $position));
// This function will show the user options for all installed plugins
// (if any)
$plugin_options = PLG_getUserOptions();
$nrows = count($plugin_options);
for ($i = 0; $i < $nrows; $i++) {
$plg = current($plugin_options);
$usermenu->set_var('option_label', $plg->adminlabel);
if (!empty($plg->numsubmissions)) {
$usermenu->set_var('option_count', '(' . $plg->numsubmissions . ')');
} else {
$usermenu->set_var('option_count', '');
}
$usermenu->set_var('option_url', $plg->adminurl);
if ($thisUrl == $plg->adminurl) {
$retval .= $usermenu->parse('item', 'current');
} else {
$retval .= $usermenu->parse('item', 'option');
}
next($plugin_options);
}
$url = $_CONF['site_url'] . '/usersettings.php';
$usermenu->set_var('option_label', $LANG01[48]);
$usermenu->set_var('option_count', '');
$usermenu->set_var('option_url', $url);
if ($thisUrl == $url) {
$retval .= $usermenu->parse('item', 'current');
} else {
$retval .= $usermenu->parse('item', 'option');
}
$url = $_CONF['site_url'] . '/users.php?mode=logout';
$usermenu->set_var('option_label', $LANG01[19]);
$usermenu->set_var('option_count', '');
$usermenu->set_var('option_url', $url);
$retval .= $usermenu->finish($usermenu->parse('item', 'option'));
$retval .= COM_endBlock(COM_getBlockTemplate('user_block', 'footer', $position));
} else {
$retval .= COM_startBlock($LANG01[47], $help, COM_getBlockTemplate('user_block', 'header', $position));
$login = COM_newTemplate($_CONF['path_layout']);
$login->set_file('form', 'loginform.thtml');
$login->set_var('lang_username', $LANG01[21]);
$login->set_var('lang_password', $LANG01[57]);
$login->set_var('lang_forgetpassword', $LANG01[119]);
$login->set_var('lang_login', $LANG01[58]);
if ($_CONF['disable_new_user_registration']) {
$login->set_var('lang_signup', '');
} else {
$login->set_var('lang_signup', $LANG01[59]);
}
// 3rd party remote authentification.
if ($_CONF['user_login_method']['3rdparty'] && !$_CONF['usersubmission']) {
$modules = SEC_collectRemoteAuthenticationModules();
if (count($modules) == 0) {
$user_templates->set_var('services', '');
} else {
if (!$_CONF['user_login_method']['standard'] && count($modules) == 1) {
$select = '<input type="hidden" name="service" value="' . $modules[0] . '"' . XHTML . '>' . $modules[0];
} else {
// Build select
$select = '<select name="service" id="service">';
if ($_CONF['user_login_method']['standard']) {
$select .= '<option value="">' . $_CONF['site_name'] . '</option>';
}
foreach ($modules as $service) {
$select .= '<option value="' . $service . '">' . $service . '</option>';
}
$select .= '</select>';
}
$login->set_file('services', 'blockservices.thtml');
$login->set_var('lang_service', $LANG04[121]);
$login->set_var('select_service', $select);
$login->parse('output', 'services');
$login->set_var('services', $login->finish($login->get_var('output')));
}
} else {
$login->set_var('services', '');
}
// OpenID remote authentification.
if ($_CONF['user_login_method']['openid'] && $_CONF['usersubmission'] == 0 && !$_CONF['disable_new_user_registration']) {
$login->set_file('openid_login', 'loginform_openid.thtml');
$login->set_var('lang_openid_login', $LANG01[128]);
$login->set_var('input_field_size', 18);
$login->set_var('app_url', $_CONF['site_url'] . '/users.php');
$login->parse('output', 'openid_login');
$login->set_var('openid_login', $login->finish($login->get_var('output')));
} else {
$login->set_var('openid_login', '');
}
// OAuth remote authentification.
if ($_CONF['user_login_method']['oauth'] && $_CONF['usersubmission'] == 0 && !$_CONF['disable_new_user_registration']) {
$modules = SEC_collectRemoteOAuthModules();
if (count($modules) == 0) {
$login->set_var('oauth_login', '');
} else {
$html_oauth = '';
foreach ($modules as $service) {
$login->set_file('oauth_login', 'loginform_oauth.thtml');
$login->set_var('oauth_service', $service);
// for sign in image
$login->set_var('oauth_sign_in_image', $_CONF['site_url'] . '/images/login-with-' . $service . '.png');
$login->set_var('oauth_sign_in_image_style', '');
$login->parse('output', 'oauth_login');
$html_oauth .= $login->finish($login->get_var('output'));
}
$login->set_var('oauth_login', $html_oauth);
}
} else {
$login->set_var('oauth_login', '');
}
PLG_templateSetVars('loginblock', $login);
$retval .= $login->finish($login->parse('output', 'form'));
$retval .= COM_endBlock(COM_getBlockTemplate('user_block', 'footer', $position));
}
return $retval;
}
function USER_accountPanel($U, $newuser = 0)
{
global $_CONF, $_SYSTEM, $_TABLES, $_USER, $LANG_MYACCOUNT, $LANG04, $LANG28;
$uid = $U['uid'];
// set template
$userform = new Template($_CONF['path_layout'] . 'admin/user/');
$userform->set_file('user', 'accountpanel.thtml');
// get users display name
$display_name = COM_getDisplayName($uid);
// define all the language constants...
$userform->set_var(array('lang_name_legend' => $LANG04[128], 'lang_userid' => $LANG28[2], 'lang_regdate' => $LANG28[14], 'lang_lastlogin' => $LANG28[35], 'lang_username' => $LANG04[2], 'lang_fullname' => $LANG04[3], 'lang_user_status' => $LANG28[46], 'lang_password_email_legend' => $LANG04[129], 'lang_password_help_title' => $LANG04[146], 'lang_enter_current_password' => $LANG04[127], 'lang_password_help' => $LANG04[147], 'lang_old_password' => $LANG04[110], 'lang_password' => $LANG04[4], 'lang_password_conf' => $LANG04[108], 'lang_cooktime' => $LANG04[68], 'lang_email' => $LANG04[5], 'lang_email_conf' => $LANG04[124], 'lang_deleteaccount' => $LANG04[156], 'lang_deleteoption' => $LANG04[156], 'lang_button_delete' => $LANG04[96]));
if (empty($uid) || $uid < 2) {
$userform->set_var('lang_email_password', $LANG04[28]);
}
if (!empty($uid) && $uid > 1) {
$curtime = COM_getUserDateTimeFormat($U['regdate']);
$lastlogin = DB_getItem($_TABLES['userinfo'], 'lastlogin', "uid = '{$uid}'");
$lasttime = COM_getUserDateTimeFormat($lastlogin);
} else {
$U['uid'] = '';
$uid = '';
$curtime = COM_getUserDateTimeFormat();
$lastlogin = '';
$lasttime = '';
$A['status'] = USER_ACCOUNT_ACTIVE;
$newuser = 1;
}
if ($U['uid'] == '') {
$userform->set_var('user_id', $LANG28[15]);
} else {
$userform->set_var('user_id', $U['uid']);
}
$userform->set_var('regdate_timestamp', $curtime[1]);
$userform->set_var('user_regdate', $curtime[0]);
if (empty($lastlogin)) {
$userform->set_var('user_lastlogin', $LANG28[36]);
} else {
$userform->set_var('user_lastlogin', $lasttime[0]);
}
$userform->set_var('user_name', $U['username']);
$userform->set_var('fullname_value', @htmlspecialchars($U['fullname'], ENT_NOQUOTES, COM_getEncodingt()));
$remote_user_display = 'none';
$remote_user_checked = '';
$pwd_disabled = '';
$remote_user_edit = 0;
if ($_CONF['user_login_method']['3rdparty'] || $_CONF['user_login_method']['oauth']) {
// && $U['account_type'] & REMOTE_USER /*$allow_remote_user */) {
$modules = array();
if ($U['account_type'] & REMOTE_USER) {
$remote_user_checked = ' checked="checked"';
$pwd_disabled = ' disabled="disabled"';
$remote_user_display = '';
if (isset($U['uid']) && $U['uid'] > 2) {
$remote_user_edit = 1;
}
}
if ($_CONF['user_login_method']['3rdparty']) {
$modules = SEC_collectRemoteAuthenticationModules();
}
$service_select = '<select name="remoteservice" id="remoteservice"';
if ($remote_user_edit == 1) {
$service_select .= ' disabled="disabled"';
}
$service_select .= '>' . LB;
if (count($modules) > 0) {
foreach ($modules as $service) {
$service_select .= '<option value="' . $service . '"' . ($U['remoteservice'] == $service ? ' selected="selected"' : '') . '>' . $service . '</option>' . LB;
}
}
if ($_CONF['user_login_method']['oauth']) {
$modules = SEC_collectRemoteOAuthModules();
if (count($modules) > 0) {
foreach ($modules as $service) {
$service_select .= '<option value="' . 'oauth.' . $service . '"' . ($U['remoteservice'] == 'oauth.' . $service ? ' selected="selected"' : '') . '>' . $service . '</option>' . LB;
}
}
}
$service_select .= '</select>' . LB;
$userform->set_var('remoteusername', @htmlspecialchars($U['remoteusername'], ENT_NOQUOTES, COM_getEncodingt()));
$userform->set_var('remoteservice_select', $service_select);
$userform->set_var('remote_user_checked', $remote_user_checked);
$userform->set_var('remote_user_display', $remote_user_display);
$userform->set_var('remoteuserenable', '1');
$userform->set_var('lang_remoteuser', $LANG04[163]);
$userform->set_var('lang_remoteusername', $LANG04[164]);
$userform->set_var('lang_remoteservice', $LANG04[165]);
$userform->set_var('lang_remoteuserdata', $LANG04[166]);
$userform->set_var('remote_user_disabled', ' disabled="disabled"');
if (!($U['account_type'] & LOCAL_USER)) {
$userform->set_var('pwd_disabled', $pwd_disabled);
}
if (!($U['account_type'] & REMOTE_USER)) {
$userform->set_var('remoteuserenable', '');
}
} else {
$userform->set_var('remoteuserenable', '');
$userform->set_var('remoteusername', '');
$userform->set_var('remoteservice_select', '');
$userform->set_var('remote_user_checked', $remote_user_checked);
$userform->set_var('remote_user_display', $remote_user_display);
$userform->set_var('remote_user_disabled', ' disabled="disabled"');
}
$selection = '<select id="cooktime" name="cooktime">' . LB;
$selection .= COM_optionList($_TABLES['cookiecodes'], 'cc_value,cc_descr', $U['cookietimeout'], 0);
$selection .= '</select>';
$userform->set_var('cooktime_selector', $selection);
$userform->set_var('email_value', @htmlspecialchars($U['email'], ENT_NOQUOTES, COM_getEncodingt()));
$statusarray = array(USER_ACCOUNT_AWAITING_ACTIVATION => $LANG28[43], USER_ACCOUNT_AWAITING_VERIFICATION => $LANG28[16], USER_ACCOUNT_ACTIVE => $LANG28[45]);
$allow_ban = true;
if (!empty($uid)) {
if ($U['uid'] == $_USER['uid']) {
$allow_ban = false;
// do not allow to ban yourself
} else {
if (SEC_inGroup('Root', $U['uid'])) {
// editing a Root user?
$count_root_sql = "SELECT COUNT(ug_uid) AS root_count FROM {$_TABLES['group_assignments']} WHERE ug_main_grp_id = 1 GROUP BY ug_uid;";
$count_root_result = DB_query($count_root_sql);
$C = DB_fetchArray($count_root_result);
// how many are left?
if ($C['root_count'] < 2) {
$allow_ban = false;
// prevent banning the last root user
}
}
}
}
if ($allow_ban) {
$statusarray[USER_ACCOUNT_DISABLED] = $LANG28[42];
}
if ($_CONF['usersubmission'] == 1 && !empty($uid)) {
$statusarray[USER_ACCOUNT_AWAITING_APPROVAL] = $LANG28[44];
}
asort($statusarray);
$statusselect = '<select name="userstatus" id="userstatus">';
foreach ($statusarray as $key => $value) {
$statusselect .= '<option value="' . $key . '"';
if ($key == $U['status']) {
$statusselect .= ' selected="selected"';
}
$statusselect .= '>' . $value . '</option>' . LB;
}
$statusselect .= '</select><input type="hidden" name="oldstatus" value="' . $U['status'] . '"/>';
$userform->set_var('user_status', $statusselect);
if (!empty($uid) && $uid > 1) {
$userform->set_var('plugin_namepass_name', PLG_profileEdit($uid, 'namepass', 'name'));
$userform->set_var('plugin_namepass_pwdemail', PLG_profileEdit($uid, 'namepass', 'pwdemail'));
}
$retval = $userform->finish($userform->parse('output', 'user'));
return $retval;
}
/**
* Authenticates the user if authentication headers are present
*
* Our handling of the speedlimit here requires some explanation ...
* Atompub clients will usually try to do everything without logging in first.
* Since that would mean that we can't provide feeds for drafts, items with
* special permissions, etc. we ask them to log in (PLG_RET_AUTH_FAILED).
* That, however, means that every request from an Atompub client will count
* as one failed login attempt. So doing a couple of requests in quick
* succession will surely get the client blocked. Therefore
* - a request without any login credentials counts as one failed login attempt
* - a request with wrong login credentials counts as two failed login attempts
* - if, after a successful login, we have only one failed attempt on record,
* we reset the speedlimit
* This still ensures that
* - repeated failed logins (without or with invalid credentials) will cause the
* client to be blocked eventually
* - this can not be used for dictionary attacks
*
*/
function WS_authenticate()
{
global $_CONF, $_TABLES, $_USER, $_GROUPS, $_RIGHTS, $WS_VERBOSE;
$uid = '';
$username = '';
$password = '';
$status = -1;
if (isset($_SERVER['PHP_AUTH_USER'])) {
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
$username = COM_applyFilter($username);
$password = COM_applyFilter($password);
if ($WS_VERBOSE) {
COM_errorLog("WS: Attempting to log in user '{$username}'");
}
} elseif (!empty($_SERVER['REMOTE_USER'])) {
/* PHP installed as CGI may not have access to authorization headers of
* Apache. In that case, use .htaccess to store the auth header
*/
list($auth_type, $auth_data) = explode(' ', $_SERVER['REMOTE_USER']);
list($username, $password) = explode(':', base64_decode($auth_data));
$username = COM_applyFilter($username);
$password = COM_applyFilter($password);
if ($WS_VERBOSE) {
COM_errorLog("WS: Attempting to log in user '{$username}' (via \$_SERVER['REMOTE_USER'])");
}
} else {
if ($WS_VERBOSE) {
COM_errorLog("WS: No login given");
}
// fallthrough (see below)
}
COM_clearSpeedlimit($_CONF['login_speedlimit'], 'wsauth');
if (COM_checkSpeedlimit('wsauth', $_CONF['login_attempts']) > 0) {
WS_error(PLG_RET_PERMISSION_DENIED, 'Speed Limit exceeded');
}
if (!empty($username) && !empty($password)) {
if ($_CONF['user_login_method']['3rdparty']) {
// remote users will have to use username@servicename
$u = explode('@', $username);
if (count($u) > 1) {
$sv = $u[count($u) - 1];
if (!empty($sv)) {
$modules = SEC_collectRemoteAuthenticationModules();
foreach ($modules as $smod) {
if (strcasecmp($sv, $smod) == 0) {
array_pop($u);
// drop the service name
$uname = implode('@', $u);
$status = SEC_remoteAuthentication($uname, $password, $smod, $uid);
break;
}
}
}
}
}
if ($status == -1 && $_CONF['user_login_method']['standard']) {
$status = SEC_authenticate($username, $password, $uid);
}
}
if ($status == USER_ACCOUNT_ACTIVE) {
$_USER = SESS_getUserDataFromId($uid);
PLG_loginUser($_USER['uid']);
// Global array of groups current user belongs to
$_GROUPS = SEC_getUserGroups($_USER['uid']);
// Global array of current user permissions [read,edit]
$_RIGHTS = explode(',', SEC_getUserPermissions());
if ($_CONF['restrict_webservices']) {
if (!SEC_hasRights('webservices.atompub')) {
COM_updateSpeedlimit('wsauth');
if ($WS_VERBOSE) {
COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) does not have permission to use the webservices");
}
// reset user, groups, and rights, just in case ...
$_USER = array();
$_GROUPS = array();
$_RIGHTS = array();
WS_error(PLG_RET_AUTH_FAILED);
}
}
if ($WS_VERBOSE) {
COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) successfully logged in");
}
// if there were less than 2 failed login attempts, reset speedlimit
if (COM_checkSpeedlimit('wsauth', 2) == 0) {
if ($WS_VERBOSE) {
COM_errorLog("WS: Successful login - resetting speedlimit");
}
COM_resetSpeedlimit('wsauth');
}
} else {
COM_updateSpeedlimit('wsauth');
if (!empty($username) && !empty($password)) {
COM_updateSpeedlimit('wsauth');
if ($WS_VERBOSE) {
COM_errorLog("WS: Wrong login credentials - counting as 2 failed attempts");
}
} elseif ($WS_VERBOSE) {
COM_errorLog("WS: Empty login credentials - counting as 1 failed attempt");
}
WS_error(PLG_RET_AUTH_FAILED);
}
}
/**
* Shows the user login form after failed attempts to either login or access a page
* requiring login.
*
* @return string HTML for login form
*
*/
function loginform($hide_forgotpw_link = false, $statusmode = -1)
{
global $_CONF, $LANG01, $LANG04;
$retval = '';
$user_templates = new Template($_CONF['path_layout'] . 'users');
$user_templates->set_file('login', 'loginform.thtml');
$user_templates->set_var('xhtml', XHTML);
$user_templates->set_var('site_url', $_CONF['site_url']);
if ($statusmode == 0) {
$user_templates->set_var('start_block_loginagain', COM_startBlock($LANG04[114]));
$user_templates->set_var('lang_message', $LANG04[115]);
} elseif ($statusmode == 2) {
$user_templates->set_var('start_block_loginagain', COM_startBlock($LANG04[116]));
$user_templates->set_var('lang_message', $LANG04[117]);
} else {
$user_templates->set_var('start_block_loginagain', COM_startBlock($LANG04[65]));
if ($_CONF['disable_new_user_registration']) {
$user_templates->set_var('lang_newreglink', '');
} else {
$user_templates->set_var('lang_newreglink', $LANG04[123]);
}
$user_templates->set_var('lang_message', $LANG04[66]);
}
$user_templates->set_var('lang_username', $LANG04[2]);
$user_templates->set_var('lang_password', $LANG01[57]);
if ($hide_forgotpw_link) {
$user_templates->set_var('lang_forgetpassword', '');
} else {
$user_templates->set_var('lang_forgetpassword', $LANG04[25]);
}
$user_templates->set_var('lang_login', $LANG04[80]);
$user_templates->set_var('end_block', COM_endBlock());
// 3rd party remote authentification.
if ($_CONF['user_login_method']['3rdparty'] && !$_CONF['usersubmission']) {
$modules = SEC_collectRemoteAuthenticationModules();
if (count($modules) == 0) {
$user_templates->set_var('services', '');
} else {
if (!$_CONF['user_login_method']['standard'] && count($modules) == 1) {
$select = '<input type="hidden" name="service" value="' . $modules[0] . '"' . XHTML . '>' . $modules[0];
} else {
// Build select
$select = '<select name="service">';
if ($_CONF['user_login_method']['standard']) {
$select .= '<option value="">' . $_CONF['site_name'] . '</option>';
}
foreach ($modules as $service) {
$select .= '<option value="' . $service . '">' . $service . '</option>';
}
$select .= '</select>';
}
$user_templates->set_file('services', 'services.thtml');
$user_templates->set_var('lang_service', $LANG04[121]);
$user_templates->set_var('select_service', $select);
$user_templates->parse('output', 'services');
$user_templates->set_var('services', $user_templates->finish($user_templates->get_var('output')));
}
} else {
$user_templates->set_var('services', '');
}
// OpenID remote authentification.
if ($_CONF['user_login_method']['openid'] && $_CONF['usersubmission'] == 0 && !$_CONF['disable_new_user_registration']) {
$user_templates->set_file('openid_login', '../loginform_openid.thtml');
$user_templates->set_var('lang_openid_login', $LANG01[128]);
$user_templates->set_var('input_field_size', 40);
$app_url = isset($_SERVER['SCRIPT_URI']) ? $_SERVER['SCRIPT_URI'] : 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
$user_templates->set_var('app_url', $app_url);
$user_templates->parse('output', 'openid_login');
$user_templates->set_var('openid_login', $user_templates->finish($user_templates->get_var('output')));
} else {
$user_templates->set_var('openid_login', '');
}
$user_templates->parse('output', 'login');
$retval .= $user_templates->finish($user_templates->get_var('output'));
return $retval;
}
/**
* Shows the user their menu options
*
* This shows the average Joe User their menu options. This is the user block on the left side
*
* @param string $help Help file to show
* @param string $title Title of Menu
* @param string $position Side being shown on 'left', 'right'. Though blank works not likely.
* @see function COM_adminMenu
*
*/
function COM_userMenu($help = '', $title = '', $position = '')
{
global $_TABLES, $_USER, $_CONF, $LANG01, $LANG04, $LANG29, $_BLOCK_TEMPLATE;
$retval = '';
if (!COM_isAnonUser()) {
if (empty($title)) {
$title = DB_getItem($_TABLES['blocks'], 'title', "name='user_block'");
}
// what's our current URL?
$thisUrl = COM_getCurrentURL();
$retval .= COM_startBlock($title, $help, COM_getBlockTemplate('user_block', 'header', $position), 'user_block');
$menuData = getUserMenu();
$retval .= '<div id="usermenu"><ul class="uk-list uk-list-space">';
foreach ($menuData as $item) {
$retval .= '<li><a href="' . $item['url'] . '">' . $item['label'] . '</a></li>';
}
$retval .= '</ul></div>';
$retval .= COM_endBlock(COM_getBlockTemplate('user_block', 'footer'));
} else {
$retval .= COM_startBlock($LANG01[47], $help, COM_getBlockTemplate('login_block', 'header', $position), 'login_block');
$login = new Template($_CONF['path_layout']);
$login->set_file('form', 'loginform.thtml');
$login->set_var('lang_username', $LANG01[21]);
$login->set_var('lang_password', $LANG01[57]);
$login->set_var('lang_forgetpassword', $LANG01[119]);
$login->set_var('lang_login', $LANG01[58]);
if ($_CONF['disable_new_user_registration'] == 1) {
$login->set_var('lang_signup', '');
} else {
$login->set_var('lang_signup', $LANG01[59]);
}
// 3rd party remote authentication.
if ($_CONF['user_login_method']['3rdparty'] && !$_CONF['usersubmission']) {
$modules = SEC_collectRemoteAuthenticationModules();
if (count($modules) == 0) {
$login->set_var('services', '');
} else {
if (!$_CONF['user_login_method']['standard'] && count($modules) == 1) {
$select = '<input type="hidden" name="service" value="' . $modules[0] . '"/>' . $modules[0];
} else {
// Build select
$select = '<select name="service" id="service">';
if ($_CONF['user_login_method']['standard']) {
$select .= '<option value="">' . $_CONF['site_name'] . '</option>';
}
foreach ($modules as $service) {
$select .= '<option value="' . $service . '">' . $service . '</option>';
}
$select .= '</select>';
}
$login->set_file('services', 'blockservices.thtml');
$login->set_var('lang_service', $LANG04[121]);
$login->set_var('select_service', $select);
$login->parse('output', 'services');
$login->set_var('services', $login->finish($login->get_var('output')));
}
} else {
$login->set_var('services', '');
}
// OpenID remote authentication.
if ($_CONF['user_login_method']['openid'] && $_CONF['usersubmission'] == 0 && !$_CONF['disable_new_user_registration']) {
$login->set_file('openid_login', 'loginform_openid.thtml');
$login->set_var('lang_openid_login', $LANG01[128]);
$login->set_var('input_field_size', 16);
$login->set_var('app_url', $_CONF['site_url'] . '/users.php');
$login->parse('output', 'openid_login');
$login->set_var('openid_login', $login->finish($login->get_var('output')));
} else {
$login->set_var('openid_login', '');
}
// OAuth remote authentication.
if ($_CONF['user_login_method']['oauth']) {
$modules = SEC_collectRemoteOAuthModules();
if (count($modules) == 0) {
$login->set_var('oauth_login', '');
} else {
$html_oauth = '';
foreach ($modules as $service) {
$login->set_file('oauth_login', 'loginform_oauth_block.thtml');
$login->set_var('oauth_service', $service);
// for sign in image
$login->set_var('oauth_sign_in_image', $_CONF['site_url'] . '/images/login-with-' . $service . '.png');
$login->set_var('oauth_sign_in_image_style', '');
$login->set_var('oauth_service_display', ucwords($service));
$login->parse('output', 'oauth_login');
$html_oauth .= $login->finish($login->get_var('output'));
}
$login->set_var('oauth_login', $html_oauth);
}
} else {
$login->set_var('oauth_login', '');
}
$retval .= $login->finish($login->parse('output', 'form'));
$retval .= COM_endBlock(COM_getBlockTemplate('login_block', 'footer', $position));
}
return $retval;
}
