/**
* Question the verity of the admin by asking for his or her password.
* - loads Login.template.php and uses the admin_login sub template.
* - sends data to template so the admin is sent on to the page they
* wanted if their password is correct, otherwise they can try again.
*
* @param string $type = 'admin'
*/
function adminLogin($type = 'admin')
{
global $context, $scripturl, $txt, $user_info, $user_settings;
loadLanguage('Admin');
loadTemplate('Login');
// Validate what type of session check this is.
$types = array();
call_integration_hook('integrate_validateSession', array($types));
$type = in_array($type, $types) || $type == 'moderate' ? $type : 'admin';
// They used a wrong password, log it and unset that.
if (isset($_POST[$type . '_hash_pass']) || isset($_POST[$type . '_pass'])) {
$txt['security_wrong'] = sprintf($txt['security_wrong'], isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $txt['unknown'], $_SERVER['HTTP_USER_AGENT'], $user_info['ip']);
log_error($txt['security_wrong'], 'critical');
if (isset($_POST[$type . '_hash_pass'])) {
unset($_POST[$type . '_hash_pass']);
}
if (isset($_POST[$type . '_pass'])) {
unset($_POST[$type . '_pass']);
}
$context['incorrect_password'] = true;
}
createToken('admin-login');
// Figure out the get data and post data.
$context['get_data'] = '?' . construct_query_string($_GET);
$context['post_data'] = '';
// Now go through $_POST. Make sure the session hash is sent.
$_POST[$context['session_var']] = $context['session_id'];
foreach ($_POST as $k => $v) {
$context['post_data'] .= adminLogin_outputPostVars($k, $v);
}
// Now we'll use the admin_login sub template of the Login template.
$context['sub_template'] = 'admin_login';
// And title the page something like "Login".
if (!isset($context['page_title'])) {
$context['page_title'] = $txt['login'];
}
// The type of action.
$context['sessionCheckType'] = $type;
obExit();
// We MUST exit at this point, because otherwise we CANNOT KNOW that the user is privileged.
trigger_error('Hacking attempt...', E_USER_ERROR);
}
function smf_openID_return()
{
global $smcFunc, $user_info, $user_profile, $sourcedir, $modSettings, $context, $sc, $user_settings;
// Is OpenID even enabled?
if (empty($modSettings['enableOpenID'])) {
fatal_lang_error('no_access', false);
}
if (!isset($_GET['openid_mode'])) {
fatal_lang_error('openid_return_no_mode', false);
}
// @todo Check for error status!
if ($_GET['openid_mode'] != 'id_res') {
fatal_lang_error('openid_not_resolved');
}
// SMF has this annoying habit of removing the + from the base64 encoding. So lets put them back.
foreach (array('openid_assoc_handle', 'openid_invalidate_handle', 'openid_sig', 'sf') as $key) {
if (isset($_GET[$key])) {
$_GET[$key] = str_replace(' ', '+', $_GET[$key]);
}
}
// Did they tell us to remove any associations?
if (!empty($_GET['openid_invalidate_handle'])) {
smf_openid_removeAssociation($_GET['openid_invalidate_handle']);
}
$server_info = smf_openid_getServerInfo($_GET['openid_identity']);
// Get the association data.
$assoc = smf_openID_getAssociation($server_info['server'], $_GET['openid_assoc_handle'], true);
if ($assoc === null) {
fatal_lang_error('openid_no_assoc');
}
$secret = base64_decode($assoc['secret']);
$signed = explode(',', $_GET['openid_signed']);
$verify_str = '';
foreach ($signed as $sign) {
$verify_str .= $sign . ':' . strtr($_GET['openid_' . str_replace('.', '_', $sign)], array('&' => '&')) . "\n";
}
$verify_str = base64_encode(sha1_hmac($verify_str, $secret));
if ($verify_str != $_GET['openid_sig']) {
fatal_lang_error('openid_sig_invalid', 'critical');
}
if (!isset($_SESSION['openid']['saved_data'][$_GET['t']])) {
fatal_lang_error('openid_load_data');
}
$openid_uri = $_SESSION['openid']['saved_data'][$_GET['t']]['openid_uri'];
$modSettings['cookieTime'] = $_SESSION['openid']['saved_data'][$_GET['t']]['cookieTime'];
if (empty($openid_uri)) {
fatal_lang_error('openid_load_data');
}
// Any save fields to restore?
$context['openid_save_fields'] = isset($_GET['sf']) ? unserialize(base64_decode($_GET['sf'])) : array();
// Is there a user with this OpenID_uri?
$result = $smcFunc['db_query']('', '
SELECT passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt,
openid_uri
FROM {db_prefix}members
WHERE openid_uri = {string:openid_uri}', array('openid_uri' => $openid_uri));
$member_found = $smcFunc['db_num_rows']($result);
if (!$member_found && isset($_GET['sa']) && $_GET['sa'] == 'change_uri' && !empty($_SESSION['new_openid_uri']) && $_SESSION['new_openid_uri'] == $openid_uri) {
// Update the member.
updateMemberData($user_settings['id_member'], array('openid_uri' => $openid_uri));
unset($_SESSION['new_openid_uri']);
$_SESSION['openid'] = array('verified' => true, 'openid_uri' => $openid_uri);
// Send them back to profile.
redirectexit('action=profile;area=authentication;updated');
} elseif (!$member_found) {
// Store the received openid info for the user when returned to the registration page.
$_SESSION['openid'] = array('verified' => true, 'openid_uri' => $openid_uri);
if (isset($_GET['openid_sreg_nickname'])) {
$_SESSION['openid']['nickname'] = $_GET['openid_sreg_nickname'];
}
if (isset($_GET['openid_sreg_email'])) {
$_SESSION['openid']['email'] = $_GET['openid_sreg_email'];
}
if (isset($_GET['openid_sreg_dob'])) {
$_SESSION['openid']['dob'] = $_GET['openid_sreg_dob'];
}
if (isset($_GET['openid_sreg_gender'])) {
$_SESSION['openid']['gender'] = $_GET['openid_sreg_gender'];
}
// Were we just verifying the registration state?
if (isset($_GET['sa']) && $_GET['sa'] == 'register2') {
require_once $sourcedir . '/Register.php';
return Register2(true);
} else {
redirectexit('action=register');
}
} elseif (isset($_GET['sa']) && $_GET['sa'] == 'revalidate' && $user_settings['openid_uri'] == $openid_uri) {
$_SESSION['openid_revalidate_time'] = time();
// Restore the get data.
require_once $sourcedir . '/Subs-Auth.php';
$_SESSION['openid']['saved_data'][$_GET['t']]['get']['openid_restore_post'] = $_GET['t'];
$query_string = construct_query_string($_SESSION['openid']['saved_data'][$_GET['t']]['get']);
redirectexit($query_string);
} else {
$user_settings = $smcFunc['db_fetch_assoc']($result);
$smcFunc['db_free_result']($result);
$user_settings['passwd'] = sha1(strtolower($user_settings['member_name']) . $secret);
$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
updateMemberData($user_settings['id_member'], array('passwd' => $user_settings['passwd'], 'password_salt' => $user_settings['password_salt']));
// Cleanup on Aisle 5.
$_SESSION['openid'] = array('verified' => true, 'openid_uri' => $openid_uri);
require_once $sourcedir . '/LogInOut.php';
if (!checkActivation()) {
return;
}
DoLogin();
}
}
function adminLogin()
{
global $context, $scripturl, $txt, $user_info, $user_settings;
loadLanguage('Admin');
EoS_Smarty::loadTemplate('generic_skeleton');
EoS_Smarty::getConfigInstance()->registerHookTemplate('generic_content_area', 'loginout/adminlogin');
// They used a wrong password, log it and unset that.
if (isset($_POST['admin_hash_pass']) || isset($_POST['admin_pass'])) {
$txt['security_wrong'] = sprintf($txt['security_wrong'], isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $txt['unknown'], $_SERVER['HTTP_USER_AGENT'], $user_info['ip']);
log_error($txt['security_wrong'], 'critical');
if (isset($_POST['admin_hash_pass'])) {
unset($_POST['admin_hash_pass']);
}
if (isset($_POST['admin_pass'])) {
unset($_POST['admin_pass']);
}
$context['incorrect_password'] = true;
}
// Figure out the get data and post data.
$context['get_data'] = '?' . construct_query_string($_GET);
$context['post_data'] = '';
// Now go through $_POST. Make sure the session hash is sent.
$_POST[$context['session_var']] = $context['session_id'];
foreach ($_POST as $k => $v) {
$context['post_data'] .= adminLogin_outputPostVars($k, $v);
}
// And title the page something like "Login".
if (!isset($context['page_title'])) {
$context['page_title'] = $txt['login'];
}
obExit();
// We MUST exit at this point, because otherwise we CANNOT KNOW that the user is privileged.
trigger_error('Hacking attempt...', E_USER_ERROR);
}
/**
* Callback action handler for OpenID
*/
public function action_openidreturn()
{
global $modSettings, $context, $user_settings;
// We'll need our subs.
require_once SUBSDIR . '/OpenID.subs.php';
// Is OpenID even enabled?
if (empty($modSettings['enableOpenID'])) {
fatal_lang_error('no_access', false);
}
// The OpenID provider did not respond with the OpenID mode? Throw an error..
if (!isset($_GET['openid_mode'])) {
fatal_lang_error('openid_return_no_mode', false);
}
// @todo Check for error status!
if ($_GET['openid_mode'] != 'id_res') {
fatal_lang_error('openid_not_resolved');
}
// this has annoying habit of removing the + from the base64 encoding. So lets put them back.
foreach (array('openid_assoc_handle', 'openid_invalidate_handle', 'openid_sig', 'sf') as $key) {
if (isset($_GET[$key])) {
$_GET[$key] = str_replace(' ', '+', $_GET[$key]);
}
}
$openID = new OpenID();
// Did they tell us to remove any associations?
if (!empty($_GET['openid_invalidate_handle'])) {
$openID->removeAssociation($_GET['openid_invalidate_handle']);
}
// Get the OpenID server info.
$server_info = $openID->getServerInfo($_GET['openid_identity']);
// Get the association data.
$assoc = $openID->getAssociation($server_info['server'], $_GET['openid_assoc_handle'], true);
if ($assoc === null) {
fatal_lang_error('openid_no_assoc');
}
$secret = base64_decode($assoc['secret']);
$signed = explode(',', $_GET['openid_signed']);
$verify_str = '';
foreach ($signed as $sign) {
$verify_str .= $sign . ':' . strtr($_GET['openid_' . str_replace('.', '_', $sign)], array('&' => '&')) . "\n";
}
$verify_str = base64_encode(hash_hmac('sha1', $verify_str, $secret, true));
// Verify the OpenID signature.
if ($verify_str != $_GET['openid_sig']) {
fatal_lang_error('openid_sig_invalid', 'critical');
}
if (!isset($_SESSION['openid']['saved_data'][$_GET['t']])) {
fatal_lang_error('openid_load_data');
}
$openid_uri = $_SESSION['openid']['saved_data'][$_GET['t']]['openid_uri'];
$modSettings['cookieTime'] = $_SESSION['openid']['saved_data'][$_GET['t']]['cookieTime'];
if (empty($openid_uri)) {
fatal_lang_error('openid_load_data');
}
// Any save fields to restore?
$context['openid_save_fields'] = isset($_GET['sf']) ? unserialize(base64_decode($_GET['sf'])) : array();
$context['openid_claimed_id'] = $_GET['openid_claimed_id'];
// Is there a user with this OpenID_uri?
$member_found = memberByOpenID($context['openid_claimed_id']);
if (empty($member_found) && isset($_GET['sa']) && $_GET['sa'] == 'change_uri' && !empty($_SESSION['new_openid_uri']) && $_SESSION['new_openid_uri'] == $context['openid_claimed_id']) {
// Update the member.
updateMemberData($user_settings['id_member'], array('openid_uri' => $context['openid_claimed_id']));
unset($_SESSION['new_openid_uri']);
$_SESSION['openid'] = array('verified' => true, 'openid_uri' => $context['openid_claimed_id']);
// Send them back to profile.
redirectexit('action=profile;area=authentication;updated');
} elseif (empty($member_found)) {
// Store the received openid info for the user when returned to the registration page.
$_SESSION['openid'] = array('verified' => true, 'openid_uri' => $context['openid_claimed_id']);
if (isset($_GET['openid_sreg_nickname'])) {
$_SESSION['openid']['nickname'] = $_GET['openid_sreg_nickname'];
}
if (isset($_GET['openid_sreg_email'])) {
$_SESSION['openid']['email'] = $_GET['openid_sreg_email'];
}
if (isset($_GET['openid_sreg_dob'])) {
$_SESSION['openid']['dob'] = $_GET['openid_sreg_dob'];
}
if (isset($_GET['openid_sreg_gender'])) {
$_SESSION['openid']['gender'] = $_GET['openid_sreg_gender'];
}
// Were we just verifying the registration state?
if (isset($_GET['sa']) && $_GET['sa'] == 'register2') {
require_once CONTROLLERDIR . '/Register.controller.php';
$controller = new Register_Controller();
return $controller->action_register2(true);
} else {
redirectexit('action=register');
}
} elseif (isset($_GET['sa']) && $_GET['sa'] == 'revalidate' && $user_settings['openid_uri'] == $openid_uri) {
$_SESSION['openid_revalidate_time'] = time();
// Restore the get data.
require_once SUBSDIR . '/Auth.subs.php';
$_SESSION['openid']['saved_data'][$_GET['t']]['get']['openid_restore_post'] = $_GET['t'];
$query_string = construct_query_string($_SESSION['openid']['saved_data'][$_GET['t']]['get']);
redirectexit($query_string);
} else {
$user_settings = $member_found;
// @Todo: this seems outdated?
$user_settings['passwd'] = sha1(strtolower($user_settings['member_name']) . $secret);
$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
updateMemberData($user_settings['id_member'], array('passwd' => $user_settings['passwd'], 'password_salt' => $user_settings['password_salt']));
// Cleanup on Aisle 5.
$_SESSION['openid'] = array('verified' => true, 'openid_uri' => $context['openid_claimed_id']);
require_once CONTROLLERDIR . '/Auth.controller.php';
// Activation required?
if (!checkActivation()) {
return;
}
// Finally do the login.
doLogin();
}
}
