/** * Processes and outputs the Add Dir Auth user form. * @return void */ function wpDirAuth_add_user_panel() { _log('WPDIRAUTH - function ' . __FUNCTION__ . ' activated. '); /** * Still needed? */ global $id; /** * get_current_screen()->id = site-users-network will let us know if we are on the sites,edit,user tab */ $strScreenID = get_current_screen()->id; /** * Are we running in a wordpress network and in the network area? */ $boolIsNetworkAdminScreen = is_network_admin() && $strScreenID != 'site-users-network' ? true : false; /** * How do we refer to their SSOID? */ $strMarketingSSOID = get_site_option('dirAuthMarketingSSOID', 'Username'); $strReferer = wpDirAuth_get_referer(); /** * defaults */ $strWpDirAuthSSOID = ''; $strWpDirAuthRole = ''; $boolConfirmationEmail = true; $objErrors = new WP_Error(); $strSuccess = ''; if ($boolIsNetworkAdminScreen) { $arySitesData = wpDirAuth_retrieve_multisite_blog_data(); } if ($_POST) { if (wp_verify_nonce($_POST['_wpnonce_add-da-user'], 'add-da-user')) { /** * We gots a problem.... if they've checked all the boxes and chosen roles but forgot to enter the pawprint (it happens, you did * it yourself!) then we cant rebuild the list of which sites were checked/not checked later because we're jumping out before * we get to the point where we build that data. */ if (isset($_POST['ssoid']) && $_POST['ssoid'] == '') { $objErrors->add('blank_ssoid', __('<p>' . $strMarketingSSOID . ' can not be left blank.</p>')); } else { $strWpDirAuthSSOID = wpDirAuth_sanitize($_POST['ssoid']); if ($boolIsNetworkAdminScreen && $strReferer != 'site-users.php') { $arySitesAndRoles = array(); $aryValidSiteIDs = array_keys($arySitesData); $aryValidRoles = array_keys(get_editable_roles()); _log('contents of the post in function ' . __FUNCTION__ . ' at line ' . __LINE__ . ':' . PHP_EOL . var_export($_POST, true)); //we SHOULD have at least one site set. for ($i = 0; $i < count($arySitesData); ++$i) { $strPostSite = 'site' . $i; $intCountPostSite = count($_POST[$strPostSite]); /** * We need to make sure that the site param is set, that it's an array and that it contains at least one element, but no more than * two */ if (isset($_POST[$strPostSite]) && is_array($_POST[$strPostSite]) && $intCountPostSite > 0 && $intCountPostSite < 3) { if ($intCountPostSite == 1 && is_string(current($_POST[$strPostSite]))) { /** * If the array has only one element, then this site wasnt selected as one we want to add the user to. but we * need, for simplicity sake, to make the array contain two elements before we do input validation */ $_POST[$strPostSite] = array('', current($_POST[$strPostSite])); /** * Since we know that the array has two elements, we'll test to make sure the siteid is valid' */ } elseif (!is_numeric($_POST[$strPostSite][0]) || !in_array($_POST[$strPostSite][0], $aryValidSiteIDs)) { $_POST[$strPostSite][0] = ''; } /** * */ if (!in_array($_POST[$strPostSite][1], $aryValidRoles)) { $_POST[$strPostSite][1] = ''; } /** * If we now have non-empty values for both elements, we'll add them to our array to be used for inserting the user into sites */ if ($_POST[$strPostSite][0] != '' && $_POST[$strPostSite][1] != '') { $arySitesAndRoles[$i] = array('blog_id' => $_POST[$strPostSite][0], 'role' => $_POST[$strPostSite][1]); } } } } $strWpDirAuthRole = isset($_POST['role']) && in_array($_POST['role'], array_keys(get_editable_roles())) ? $_POST['role'] : get_site_option('default_role'); $intBlogID = isset($_POST['id']) && is_numeric($_POST['id']) ? intval($_POST['id']) : ''; if (isset($_POST['noconfirmation']) && $_POST['noconfirmation'] == 1) { $boolConfirmationEmail = false; } if (!isset($arySitesAndRoles) || !$boolIsNetworkAdminScreen) { $aryUserData = wpDirAuth_add_new_user($strWpDirAuthSSOID, $strWpDirAuthRole, $intBlogID); _log('adding a standard user (' . $strWpDirAuthSSOID . ')from either inside a site, or from the edit section of a site'); _log('user data from newly added user is : ' . PHP_EOL . var_export($aryUserData, true) . PHP_EOL); } elseif (count($arySitesAndRoles) < 1) { $aryUserData = new WP_Error('no_site_role_selected', '<p>You will need to select at least one site to add this user to.</p>'); } else { $aryUserData = wpDirAuth_add_new_user_to_multi_sites($strWpDirAuthSSOID, $arySitesAndRoles); _log('adding a user (' . $strWpDirAuthSSOID . ')from the network Add Dir Auth user section'); } if (is_wp_error($aryUserData)) { //foreach($objErrors->) //$mxdErrors = $aryUserData; $objErrors->add($aryUserData->get_error_code(), $aryUserData->get_error_message(), $aryUserData->get_error_data()); } else { $arySitesAddedTo = array(); if (isset($arySitesAndRoles) && count($arySitesAndRoles) != 0) { foreach ($arySitesAndRoles as $arySiteData) { $arySitesAddedTo[] = array('blogname' => $arySitesData[$arySiteData['blog_id']], 'aoran' => wpDirAuth_determine_A_or_An($arySiteData['role']), 'role' => $arySiteData['role'], 'siteurl' => get_site_url($arySiteData['blog_id'], '', 'https')); } } else { $arySitesAddedTo[] = array('blogname' => get_site_option('blogname'), 'aoran' => wpDirAuth_determine_A_or_An($strWpDirAuthRole), 'role' => $strWpDirAuthRole, 'siteurl' => site_url()); } /** * ok, the admin has just successfully added a user to a site from the sites->edit->users tab. Since we cant seem to * redirect them back to the screen automatically, let's give them a link to go back.' */ if ($strReferer == 'site-users.php' && $boolIsNetworkAdminScreen) { $strReturnToURL = wp_get_referer(); $strExtraMessage = '<a href="' . $strReturnToURL . '">Return to the User tab</a> of the ' . $arySitesData[$intBlogID] . ' site.'; } else { $strExtraMessage = ''; } $strSuccess = wpDirAuth_construct_success_msg($strWpDirAuthSSOID, $aryUserData['ID'], $arySitesAddedTo, $strExtraMessage); _log('for user ' . $strWpDirAuthSSOID . ', added them to ' . var_export($arySitesAddedTo, true) . '.'); if ($boolConfirmationEmail) { foreach ($arySitesAddedTo as $arySiteAddedToData) { $strMsg = sprintf(WPDIRAUTH_EMAIL_NEWUSER_NOTIFY, $arySiteAddedToData['blogname'], $arySiteAddedToData['aoran'], $arySiteAddedToData['role'], $strMarketingSSOID, $strWpDirAuthSSOID, $arySiteAddedToData['siteurl'] . '/wp-login.php'); wp_mail($aryUserData['email'], '[' . $arySiteAddedToData['blogname'] . '] You\'ve been added!', $strMsg); } } //reset back to defaults $strWpDirAuthSSOID = ''; $strWpDirAuthRole = ''; $boolConfirmationEmail = true; } } } else { $objErrors->add('invalid-nonce', __('Invalid nonce value')); } } ?> <h3>Add New Directory Authentication User</h3> <?php if (count($objErrors->errors) != 0) { wpDirAuth_print_error_messages($objErrors); } elseif ($strSuccess != '') { echo $strSuccess; } ?> <p><?php _e('Add a directory authenticated user to this site/network'); ?> </p> <p><?php _e('Please note: Your LDAP/AD instance must allow anonymous profile searches, or you must provide a pre-bind account/password in the <a href="options-general.php?page=' . basename(__FILE__) . '">Directory Auth settings page.</a>'); ?> </p> <form action="<?php if (isset($strScreenID) && $strScreenID == 'site-users-network') { echo 'users.php?page=wpDirAuth'; } ?> " method="post" name="adddauser" id="createuser" class="add:users: validate"<?php do_action('user_new_form_tag'); ?> > <?php if (isset($id) && $id != '' && is_multisite()) { echo '<input type="hidden" name="id" value="', $id, '" />', PHP_EOL; } ?> <input name="action" type="hidden" value="add-da-user" /> <?php wp_nonce_field('add-da-user', '_wpnonce_add-da-user'); ?> <table class="form-table"> <tr class="form-field form-required"> <th scope="row"> <label for="ssoid"><?php _e($strMarketingSSOID . '/SSOID'); ?> <span class="description"><?php _e('(required)'); ?> </span></label> </th> <td> <input name="ssoid" type="text" id="ssoid" value="<?php echo esc_attr($strWpDirAuthSSOID); ?> " aria-required="true" /> </td> </tr> <?php if ($boolIsNetworkAdminScreen) { ?> <tr class="form-field"> <th scope="row"><label for="blogs"><?php _e('Site'); ?> </label></th> <th><label for="role"><?php _e('Role'); ?> </label></th> </tr> <?php $i = 0; foreach ($arySitesData as $intSiteID => $strSiteName) { $boolChecked = false; if (isset($arySitesAndRoles[$i])) { $aryFormSiteData = $arySitesAndRoles[$i]; } elseif (isset($_POST['site' . $i])) { $aryFormSiteData = $_POST['site' . $i]; } else { $aryFormSiteData = array(); } _log('aryFormSiteData at line ' . __LINE__ . ': ' . var_export($aryFormSiteData, true)); /** * We are working on the assumption that there are either ALWAYS two elements in aryformSiteData or the array is empty. * If the first element in the array isnt empty, then the current site needs to be checked */ if (reset($aryFormSiteData) != '') { $boolChecked = true; } /** * If the last element (eg second, role) isnt empty, then we want to select it from the list */ $strRoleSelected = end($aryFormSiteData) != '' ? current($aryFormSiteData) : ''; echo '<tr> <td> <input name="site' . $i . '[]" value="' . $intSiteID . '" id="blog_' . $intSiteID . '" type="checkbox"'; if ($boolChecked) { echo ' checked="checked"'; } echo ' /> ' . $strSiteName . ' </td> <td> <select name="site' . $i . '[]" id="role_' . $intSiteID . '">'; wp_dropdown_roles($strRoleSelected); echo PHP_EOL, '</select> </td> </tr>'; ++$i; } ?> <?php } else { ?> <tr class="form-field"> <th scope="row"><label for="role"><?php _e('Role'); ?> </label></th> <td><select name="role" id="role"> <?php $strCurrentRole = empty($strWpDirAuthRole) ? get_site_option('default_role') : $strWpDirAuthRole; wp_dropdown_roles($strCurrentRole); ?> </select> </td> </tr> <?php } ?> <tr> <th scope="row"><label for="noconfirmation"><?php _e('Skip Confirmation Email'); ?> </label></th> <td><label for="noconfirmation"><input type="checkbox" name="noconfirmation" id="noconfirmation" value="1" <?php checked(!$boolConfirmationEmail); ?> /> <?php _e('Add the user without sending them a confirmation email.'); ?> </label></td> </tr> </table> <?php submit_button(__('Add New User '), 'primary', 'createuser', true, array('id' => 'createusersub')); ?> </form> <?php }
/** * wpDirAuth plugin configuration panel. * Processes and outputs the wpDirAuth configuration form. * * @return void * * @uses WPDIRAUTH_DEFAULT_FILTER * @uses WPDIRAUTH_DEFAULT_LOGINSCREENMSG * @uses WPDIRAUTH_DEFAULT_CHANGEPASSMSG * @uses WPDIRAUTH_ALLOWED_TAGS * @uses wpDirAuth_makeCookieMarker * @uses wpDirAuth_sanitize */ function wpDirAuth_optionsPanel() { global $userdata; $wpDARef = WPDIRAUTH_SIGNATURE; $allowedHTML = htmlentities(WPDIRAUTH_ALLOWED_TAGS); $curUserIsDirUser = get_usermeta($userdata->ID, 'wpDirAuthFlag'); if ($curUserIsDirUser) { echo <<<____________EOS <div class="wrap"> <h2>Directory Authentication Options</h2> <p> Because any changes made to directory authentication options can adversly affect your session when logged in as a directory user, you must be logged in as a WordPress-only administrator user to update these settings. </p> <p> If such a user no longer exists in the database, please <a href="./users.php#add-new-user">create a new one</a> using the appropriate WordPress admin tool. </p> <p>{$wpDARef}</p> </div> ____________EOS; return; } if ($_POST) { // Booleans $enable = intval($_POST['dirAuthEnable']) == 1 ? 1 : 0; $enableSsl = intval($_POST['dirAuthEnableSsl']) == 1 ? 1 : 0; $requireSsl = intval($_POST['dirAuthRequireSsl']) == 1 ? 1 : 0; $TOS = intval($_POST['dirAuthTOS']) == 1 ? 1 : 0; // Strings, no HTML $controllers = wpDirAuth_sanitize($_POST['dirAuthControllers']); $baseDn = wpDirAuth_sanitize($_POST['dirAuthBaseDn']); $preBindUser = wpDirAuth_sanitize($_POST['dirAuthPreBindUser']); $preBindPassword = wpDirAuth_sanitize($_POST['dirAuthPreBindPassword']); $preBindPassCheck = wpDirAuth_sanitize($_POST['dirAuthPreBindPassCheck']); $accountSuffix = wpDirAuth_sanitize($_POST['dirAuthAccountSuffix']); $filter = wpDirAuth_sanitize($_POST['dirAuthFilter']); $institution = wpDirAuth_sanitize($_POST['dirAuthInstitution']); // Have to be allowed to contain some HTML $loginScreenMsg = wpDirAuth_sanitize($_POST['dirAuthLoginScreenMsg'], true); $changePassMsg = wpDirAuth_sanitize($_POST['dirAuthChangePassMsg'], true); update_option('dirAuthEnable', $enable); update_option('dirAuthEnableSsl', $enableSsl); update_option('dirAuthRequireSsl', $requireSsl); update_option('dirAuthControllers', $controllers); update_option('dirAuthBaseDn', $baseDn); update_option('dirAuthPreBindUser', $preBindUser); update_option('dirAuthAccountSuffix', $accountSuffix); update_option('dirAuthFilter', $filter); update_option('dirAuthInstitution', $institution); update_option('dirAuthLoginScreenMsg', $loginScreenMsg); update_option('dirAuthChangePassMsg', $changePassMsg); update_option('dirAuthTOS', $TOS); // Only store/override the value if a new one is being sent a bind user is set. if ($preBindUser && $preBindPassword && $preBindPassCheck == $preBindPassword) { update_option('dirAuthPreBindPassword', $preBindPassword); } elseif (!$preBindUser) { update_option('dirAuthPreBindPassword', ''); } if (get_option('dirAuthEnable') && !get_option('dirAuthCookieMarker')) { wpDirAuth_makeCookieMarker(); } echo '<div id="message" class="updated fade"><p>Your new settings were saved successfully.</p></div>'; // Be sure to clear $preBindPassword, not to be displayed onscreen or in source unset($preBindPassword); } else { // Booleans $enable = intval(get_option('dirAuthEnable')) == 1 ? 1 : 0; $enableSsl = intval(get_option('dirAuthEnableSsl')) == 1 ? 1 : 0; $requireSsl = intval(get_option('dirAuthRequireSsl')) == 1 ? 1 : 0; $TOS = intval(get_option('dirAuthTOS')) == 1 ? 1 : 0; // Strings, no HTML $controllers = wpDirAuth_sanitize(get_option('dirAuthControllers')); $baseDn = wpDirAuth_sanitize(get_option('dirAuthBaseDn')); $preBindUser = wpDirAuth_sanitize(get_option('dirAuthPreBindUser')); $accountSuffix = wpDirAuth_sanitize(get_option('dirAuthAccountSuffix')); $filter = wpDirAuth_sanitize(get_option('dirAuthFilter')); $institution = wpDirAuth_sanitize(get_option('dirAuthInstitution')); // Have to be allowed to contain some HTML $loginScreenMsg = wpDirAuth_sanitize(get_option('dirAuthLoginScreenMsg'), true); $changePassMsg = wpDirAuth_sanitize(get_option('dirAuthChangePassMsg'), true); } $controllers = htmlspecialchars($controllers); $baseDn = htmlspecialchars($baseDn); $preBindUser = htmlspecialchars($preBindUser); $accountSuffix = htmlspecialchars($accountSuffix); $filter = htmlspecialchars($filter); $institution = htmlspecialchars($institution); $loginScreenMsg = htmlspecialchars($loginScreenMsg); $changePassMsg = htmlspecialchars($changePassMsg); if ($enable) { $tEnable = "checked"; } else { $fEnable = "checked"; } $defaultFilter = WPDIRAUTH_DEFAULT_FILTER; if (!$filter) { $filter = $defaultFilter; } if (!$institution) { $institution = '[YOUR INSTITUTION]'; } if (!$loginScreenMsg) { $loginScreenMsg = sprintf(WPDIRAUTH_DEFAULT_LOGINSCREENMSG, $institution); } if (!$changePassMsg) { $changePassMsg = sprintf(WPDIRAUTH_DEFAULT_CHANGEPASSMSG, $institution); } if ($enableSsl) { $tSsl = "checked"; } else { $fSsl = "checked"; } if ($requireSsl) { $tWpSsl = "checked"; } else { $fWpSsl = "checked"; } if ($TOS) { $tTOS = "checked"; } else { $fTOS = "checked"; } $wpDAV = WPDIRAUTH_VERSION; echo <<<________EOS <div class="wrap"> <h2>Directory Authentication Options</h2> <form method="post" id="dir_auth_options"> <p class="submit"><input type="submit" name="dirAuthOptionsSave" value="Update Options »" /></p> <fieldset class="options"> <legend>WordPress Settings</legend> <ul> <li> <label for="dirAuthEnable"><strong>Enable Directory Authentication?</strong></label> <br /> <input type="radio" name="dirAuthEnable" value="1" {$tEnable} /> Yes <input type="radio" name="dirAuthEnable" value="0" {$fEnable} /> No <br /> <strong>Note 1</strong>: Users created in WordPress are not affected by your directory authentication settings. <br /> <strong>Note 2</strong>: You will still be able to login with standard WP users if the LDAP server(s) go offline. </li> <li> <label for="dirAuthRequireSsl"><strong>Require SSL Login?</strong></label> <br /> <input type="radio" name="dirAuthRequireSsl" value="1" {$tWpSsl}/> Yes <input type="radio" name="dirAuthRequireSsl" value="0" {$fWpSsl}/> No <br /> <em>Force the WordPress login screen to require encryption (SSL, https:// URL)?</em> </li> </ul> </fieldset> <fieldset class="options"> <legend>Directory Settings</legend> <ul> <li> <label for="dirAuthEnableSsl"><strong>Enable SSL Connectivity?</strong></label> <br /> <input type="radio" name="dirAuthEnableSsl" value="1" {$tSsl}/> Yes <input type="radio" name="dirAuthEnableSsl" value="0" {$fSsl}/> No <br /> <em>Use encryption (SSL, ldaps:// URL) when WordPress connects to the directory server(s)?</em> </li> <li> <label for="dirAuthControllers"><strong>Directory Servers (Domain Controllers)</strong></label> <br /> <input type="text" name="dirAuthControllers" value="{$controllers}" size="40"/><br /> <em>The DNS name or IP address of the directory server(s).</em><br /> <strong>NOTE:</strong> Separate multiple entries by a comma and/or alternate ports with a colon (eg: my.server1.org, my.server2.edu:387). Unfortunately, alternate ports will be ignored when using LDAP/SSL, because of <a href="http://ca3.php.net/ldap_connect">the way</a> PHP handles the protocol. </li> <li> <label for="dirAuthFilter"><strong>Account Filter</strong></label> <br /> <input type="text" name="dirAuthFilter" value="{$filter}" size="40"/> (Defaults to <em>{$defaultFilter}</em>) <br /> <em>What LDAP field should we search the username against to locate the user's profile after successful login?</em> </li> <li> <label for="dirAuthAccountSuffix"><strong>Account Suffix</strong></label> <br /> <input type="text" name="dirAuthAccountSuffix" value="{$accountSuffix}" size="40" /><br /> <em>Suffix to be automatically appended to the username if desired. e.g. @domain.com</em><br /> <strong>NOTE:</strong> Changing this value will cause your existing directory users to have new accounts created the next time they login. </li> <li> <label for="dirAuthBaseDn"><strong>Base DN</strong></label> <br /> <input type="text" name="dirAuthBaseDn" value="{$baseDn}" size="40"/><br /> <em>The base DN for carrying out LDAP searches.</em> </li> <li> <label for="dirAuthPreBindUser"><strong>Bind DN</strong></label> <br /> <input type="text" name="dirAuthPreBindUser" value="{$preBindUser}" size="40"/><br /> <em>Enter a valid user account/DN to pre-bind with if your LDAP server does not allow anonymous profile searches, or requires a user with specific privileges to search.</em> </li> <li> <label for="dirAuthPreBindPassword"><strong>Bind Password</strong></label> <br /> <input type="password" name="dirAuthPreBindPassword" value="" size="40"/><br /> <em>Enter a password for the above Bind DN if a value is needed.</em><br /> <strong>Note 1</strong>: this value will be stored in clear text in your WordPress database.<br /> <strong>Note 2</strong>: Simply clear the Bind DN value if you wish to delete the stored password altogether. </li> <li> <label for="dirAuthPreBindPassCheck"><strong>Confirm Password</strong></label> <br /> <input type="password" name="dirAuthPreBindPassCheck" value="" size="40"/><br /> <em>Confirm the above Bind Password if you are setting a new value.</em> </li> </ul> </fieldset> <fieldset class="options"> <legend>Branding Settings</legend> <ul> <li> <label for="dirAuthInstitution"><strong>Institution Name</strong></label> <br /> <input type="text" name="dirAuthInstitution" value="{$institution}" size="40" /> <br /> <em>Name of your institution/company. Displayed on the login screen.</em> </li> <li> <label for="dirAuthLoginScreenMsg"><strong>Login Screen Message</strong></label> <br /> <textarea name="dirAuthLoginScreenMsg" cols="40" rows="3">{$loginScreenMsg}</textarea> <br /> <em>Displayed on the login screen, underneath the username/password fields.</em><br /> <strong>Note</strong>: Some HTML allowed: {$allowedHTML} </li> <li> <label for="dirAuthChangePassMsg"><strong>Password Change Message</strong></label> <br /> <textarea name="dirAuthChangePassMsg" cols="40" rows="3">{$changePassMsg}</textarea> <br /> <em>Displayed wherever user passwords can be changed, for directory users only.</em><br /> <strong>Note</strong>: Some HTML allowed: {$allowedHTML} </li> <li> <label for="dirAuthTOS"><strong>Terms of Services Agreement</strong></label> <br /> <input type="radio" name="dirAuthTOS" value="1" {$tTOS}/> Yes <input type="radio" name="dirAuthTOS" value="0" {$fTOS}/> No <br /> <em>Ask directory users to agree to terms of services that you link to in the message above?</em><br /> <strong>Note</strong>: Checkbox disappears once checked, date of agreement is stored and users are no longer prompted. </li> </ul> </fieldset> <p class="submit"><input type="submit" name="dirAuthOptionsSave" value="Update Options »" /></p> </form> <p>Powered by {$wpDARef}.</p> </div> ________EOS; }