Example #1
0
 public function ConfigSave()
 {
     global $sso_settings;
     $info = $this->GetInfo();
     $info["email_from"] = $_REQUEST["sso_email_two_factor_email_from"];
     $info["email_subject"] = trim($_REQUEST["sso_email_two_factor_email_subject"]);
     $info["email_msg"] = $_REQUEST["sso_email_two_factor_email_msg"];
     $info["email_msg_text"] = SMTP::ConvertHTMLToText($_REQUEST["sso_email_two_factor_email_msg"]);
     $info["window"] = (int) $_REQUEST["sso_email_two_factor_window"];
     $info["clock_drift"] = (int) $_REQUEST["sso_email_two_factor_clock_drift"];
     if (stripos($info["email_msg"], "@TWOFACTOR@") === false) {
         BB_SetPageMessage("error", "The E-mail Two-Factor Authentication 'E-mail Message' field does not contain '@TWOFACTOR@'.");
     } else {
         if ($info["window"] < 30 || $info["window"] > 300) {
             BB_SetPageMessage("error", "The E-mail Two-Factor Authentication 'Window Size' field contains an invalid value.");
         } else {
             if ($info["clock_drift"] < 0 || $info["clock_drift"] > $info["window"]) {
                 BB_SetPageMessage("error", "The E-mail Two-Factor Authentication 'Window Size' field contains an invalid value.");
             }
         }
     }
     $sso_settings["sso_login"]["modules"]["sso_email_two_factor"] = $info;
 }
Example #2
0
 public function Config()
 {
     global $sso_rng, $sso_db, $sso_db_users, $sso_site_admin, $sso_settings, $sso_menuopts, $sso_select_fields, $g_sso_login_modules;
     $sso_db_sso_login_users = SSO_DB_PREFIX . "p_sso_login_users";
     if ($sso_site_admin && $sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "config") {
         if (isset($_REQUEST["configsave"])) {
             if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
                 $_REQUEST["username_blacklist"] = trim($_REQUEST["username_blacklist"]);
                 $_REQUEST["username_minlen"] = (int) $_REQUEST["username_minlen"];
                 if ($_REQUEST["username_minlen"] < 1) {
                     BB_SetPageMessage("error", "The 'Minimum Username Length' field contains an invalid value.");
                 }
             }
             if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
                 $_REQUEST["email_verify_msg"] = trim($_REQUEST["email_verify_msg"]);
                 $_REQUEST["email_recover_msg"] = trim($_REQUEST["email_recover_msg"]);
                 if ($_REQUEST["email_verify_msg"] != "" && stripos($_REQUEST["email_verify_msg"], "@VERIFY@") === false) {
                     BB_SetPageMessage("error", "The 'Verify E-mail Message' field does not contain '@VERIFY@'.");
                 } else {
                     if ($_REQUEST["email_recover_msg"] != "" && stripos($_REQUEST["email_recover_msg"], "@VERIFY@") === false) {
                         BB_SetPageMessage("error", "The 'Recovery E-mail Message' field does not contain '@VERIFY@'.");
                     }
                 }
                 define("CS_TRANSLATE_FUNC", "BB_Translate");
                 require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/smtp.php";
                 if ($_REQUEST["email_verify_from"] != "") {
                     $email = SMTP::MakeValidEmailAddress($_REQUEST["email_verify_from"]);
                     if (!$email["success"]) {
                         BB_SetPageMessage("error", BB_Translate("The e-mail address '%s' is invalid.  %s", $_REQUEST["email_verify_from"], $email["error"]));
                     } else {
                         if ($email["email"] != trim($_REQUEST["email_verify_from"])) {
                             BB_SetPageMessage("info", BB_Translate("Invalid e-mail address.  Perhaps you meant '%s' instead?", $email["email"]));
                         }
                         $_REQUEST["email_verify_from"] = $email["email"];
                     }
                 }
                 if ($_REQUEST["email_recover_from"] != "") {
                     $email = SMTP::MakeValidEmailAddress($_REQUEST["email_recover_from"]);
                     if (!$email["success"]) {
                         BB_SetPageMessage("error", BB_Translate("The e-mail address '%s' is invalid.  %s", $_REQUEST["email_recover_from"], $email["error"]));
                     } else {
                         if ($email["email"] != trim($_REQUEST["email_recover_from"])) {
                             BB_SetPageMessage("info", BB_Translate("Invalid e-mail address.  Perhaps you meant '%s' instead?", $email["email"]));
                         }
                         $_REQUEST["email_recover_from"] = $email["email"];
                     }
                 }
             }
             $_REQUEST["two_factor_order"] = (int) $_REQUEST["two_factor_order"];
             $_REQUEST["password_minlen"] = (int) $_REQUEST["password_minlen"];
             $_REQUEST["password_mintime"] = (int) $_REQUEST["password_mintime"];
             if ($_REQUEST["two_factor_order"] < 0) {
                 BB_SetPageMessage("error", "The 'Two-Factor Authentication Display Order' field contains an invalid value.");
             } else {
                 if ($_REQUEST["password_minlen"] < 0) {
                     BB_SetPageMessage("error", "The 'Minimum Password Length' field contains an invalid value.");
                 } else {
                     if ($_REQUEST["password_mintime"] < 50) {
                         BB_SetPageMessage("error", "The 'Minimum Password Time' field contains an invalid value.  Must be at least 50 milliseconds.");
                     } else {
                         if ($_REQUEST["password_mintime"] > 5000) {
                             BB_SetPageMessage("error", "The 'Minimum Password Time' field contains an invalid value.  Must be less than 5000 milliseconds (5 seconds).");
                         }
                     }
                 }
             }
             foreach ($g_sso_login_modules as $key => $info) {
                 if ($_REQUEST[$key . "__a"] < 1) {
                     $sso_settings["sso_login"]["modules"][$key]["_a"] = false;
                 }
                 if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
                     $module = "sso_login_module_" . $key;
                     $instance = new $module();
                     if ($instance->DefaultOrder() !== false) {
                         if ((int) $_REQUEST[$key . "__s"] < 0) {
                             BB_SetPageMessage("error", BB_Translate("The '%s Module Display Order' field contains an invalid value.", $info["name"]));
                         } else {
                             $sso_settings["sso_login"]["modules"][$key]["_s"] = $_REQUEST[$key . "__s"];
                         }
                     }
                     $instance->ConfigSave();
                 }
                 $sso_settings["sso_login"]["modules"][$key]["_a"] = $_REQUEST[$key . "__a"] > 0;
             }
             $sso_settings["sso_login"]["iprestrict"] = SSO_ProcessIPFields();
             if (BB_GetPageMessageType() != "error") {
                 if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
                     $sso_settings["sso_login"]["map_username"] = SSO_IsField($_REQUEST["map_username"]) ? $_REQUEST["map_username"] : "";
                     $sso_settings["sso_login"]["username_minlen"] = $_REQUEST["username_minlen"];
                     $sso_settings["sso_login"]["username_blacklist"] = $_REQUEST["username_blacklist"];
                     $sso_settings["sso_login"]["change_username"] = $_REQUEST["change_username"] > 0;
                 }
                 if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
                     $sso_settings["sso_login"]["map_email"] = SSO_IsField($_REQUEST["map_email"]) ? $_REQUEST["map_email"] : "";
                     $sso_settings["sso_login"]["email_verify_from"] = $_REQUEST["email_verify_from"];
                     $sso_settings["sso_login"]["email_verify_subject"] = trim($_REQUEST["email_verify_subject"]);
                     $sso_settings["sso_login"]["email_verify_msg"] = $_REQUEST["email_verify_msg"];
                     $sso_settings["sso_login"]["email_verify_msg_text"] = SMTP::ConvertHTMLToText($_REQUEST["email_verify_msg"]);
                     $sso_settings["sso_login"]["email_recover_from"] = $_REQUEST["email_recover_from"];
                     $sso_settings["sso_login"]["email_recover_subject"] = trim($_REQUEST["email_recover_subject"]);
                     $sso_settings["sso_login"]["email_recover_msg"] = $_REQUEST["email_recover_msg"];
                     $sso_settings["sso_login"]["email_recover_msg_text"] = SMTP::ConvertHTMLToText($_REQUEST["email_recover_msg"]);
                     $sso_settings["sso_login"]["email_session"] = $_REQUEST["email_session"] == "none" || $_REQUEST["email_session"] == "all" ? $_REQUEST["email_session"] : "verify";
                     $sso_settings["sso_login"]["email_bad_domains"] = $_REQUEST["email_bad_domains"];
                     $sso_settings["sso_login"]["change_email"] = $_REQUEST["change_email"] > 0;
                 }
                 $sso_settings["sso_login"]["require_two_factor"] = $_REQUEST["require_two_factor"] > 0;
                 $sso_settings["sso_login"]["two_factor_order"] = $_REQUEST["two_factor_order"];
                 $sso_settings["sso_login"]["password_minlen"] = $_REQUEST["password_minlen"];
                 $modetimechanged = $sso_settings["sso_login"]["password_mode"] != $_REQUEST["password_mode"] || $sso_settings["sso_login"]["password_mintime"] != $_REQUEST["password_mintime"];
                 $sso_settings["sso_login"]["password_mode"] = $_REQUEST["password_mode"];
                 $sso_settings["sso_login"]["password_mintime"] = $_REQUEST["password_mintime"];
                 if ($modetimechanged) {
                     $sso_settings["sso_login"]["password_minrounds"] = self::CalculateOptimalHashRounds($sso_settings["sso_login"]["password_mode"], $sso_settings["sso_login"]["password_mintime"]);
                 }
                 $sso_settings["sso_login"]["open_reg"] = $_REQUEST["open_reg"] > 0;
                 if (!SSO_SaveSettings()) {
                     BB_SetPageMessage("error", "Unable to save settings.");
                 } else {
                     if (BB_GetPageMessageType() == "info") {
                         SSO_ConfigRedirect("config", array(), "info", $_REQUEST["bb_msg"] . "  " . BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName()));
                     } else {
                         SSO_ConfigRedirect("config", array(), "success", BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName()));
                     }
                 }
             }
         }
         $contentopts = array("desc" => BB_Translate("Configure the %s provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_login", "action2" => "config", "configsave" => "1"), "fields" => array(), "submit" => "Save", "focus" => true);
         if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
             $contentopts["fields"][] = array("title" => "Username Settings", "type" => "accordion");
             $contentopts["fields"][] = array("title" => "Map Username", "type" => "select", "name" => "map_username", "options" => $sso_select_fields, "select" => BB_GetValue("map_username", (string) $sso_settings["sso_login"]["map_username"]), "desc" => "The field in the SSO system to map the username to.");
             $contentopts["fields"][] = array("title" => "Minimum Username Length", "type" => "text", "name" => "username_minlen", "value" => BB_GetValue("username_minlen", $sso_settings["sso_login"]["username_minlen"]), "desc" => "The minimum number of characters a username must have.");
             $contentopts["fields"][] = array("title" => "Username Blacklist", "type" => "textarea", "height" => "300px", "name" => "username_blacklist", "value" => BB_GetValue("username_blacklist", $sso_settings["sso_login"]["username_blacklist"]), "desc" => "A blacklist of words that a username may not contain.  One per line.");
             $contentopts["fields"][] = array("title" => "Allow Username Changes", "type" => "select", "name" => "change_username", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("change_username", (string) (int) $sso_settings["sso_login"]["change_username"]), "desc" => "Users may change their usernames.");
             $contentopts["fields"][] = "endaccordion";
         }
         if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
             $contentopts["fields"][] = array("title" => "E-mail Settings", "type" => "accordion");
             $contentopts["fields"][] = array("title" => "Map E-mail Address", "type" => "select", "name" => "map_email", "options" => $sso_select_fields, "select" => BB_GetValue("map_email", (string) $sso_settings["sso_login"]["map_email"]), "desc" => "The field in the SSO system to map the e-mail address to.");
             $contentopts["fields"][] = array("title" => "Verification E-mail - From Address", "type" => "text", "name" => "email_verify_from", "value" => BB_GetValue("email_verify_from", $sso_settings["sso_login"]["email_verify_from"]), "desc" => "The from address for the e-mail message to send to new registrants.  Leave blank for the server default.");
             $contentopts["fields"][] = array("title" => "Verification E-mail - Subject Line", "type" => "text", "name" => "email_verify_subject", "value" => BB_GetValue("email_verify_subject", $sso_settings["sso_login"]["email_verify_subject"]), "desc" => "The subject line for the e-mail message to send to new registrants.");
             $contentopts["fields"][] = array("title" => "Verification E-mail - HTML Message", "type" => "textarea", "height" => "300px", "name" => "email_verify_msg", "value" => BB_GetValue("email_verify_msg", $sso_settings["sso_login"]["email_verify_msg"]), "desc" => "The HTML e-mail message to send to new registrants.  @USERNAME@, @EMAIL@, and @VERIFY@ are special strings that will be replaced with user and system generated values.  @VERIFY@ is required.");
             $contentopts["fields"][] = array("title" => "Recovery E-mail - From Address", "type" => "text", "name" => "email_recover_from", "value" => BB_GetValue("email_recover_from", $sso_settings["sso_login"]["email_recover_from"]), "desc" => "The from address for the e-mail message to send to users recovering access to their account.  Leave blank for the server default.");
             $contentopts["fields"][] = array("title" => "Recovery E-mail - Subject Line", "type" => "text", "name" => "email_recover_subject", "value" => BB_GetValue("email_recover_subject", $sso_settings["sso_login"]["email_recover_subject"]), "desc" => "The subject line for the e-mail message to send to users recovering access to their account.");
             $contentopts["fields"][] = array("title" => "Recovery E-mail - HTML Message", "type" => "textarea", "height" => "300px", "name" => "email_recover_msg", "value" => BB_GetValue("email_recover_msg", $sso_settings["sso_login"]["email_recover_msg"]), "desc" => "The HTML e-mail message to send to users recovering access to their account.  @USERNAME@, @EMAIL@, and @VERIFY@ are special strings that will be replaced with user and system generated values.  @VERIFY@ is required.");
             $contentopts["fields"][] = array("title" => "Verification/Recovery E-mail - Send Session ID", "type" => "select", "name" => "email_session", "options" => array("none" => "Never", "verify" => "Verification e-mail only", "all" => "Verification and recovery e-mails"), "select" => BB_GetValue("email_session", $sso_settings["sso_login"]["email_session"]), "desc" => "Send the session ID as part of the URL in an e-mail.  When the session ID isn't sent, the same browser session must be used with the URL or an error message will appear.  Sending the session ID for recovery e-mails is not recommended.");
             $contentopts["fields"][] = array("title" => "E-mail Domain Blacklist", "type" => "textarea", "height" => "300px", "name" => "email_bad_domains", "value" => BB_GetValue("email_bad_domains", $sso_settings["sso_login"]["email_bad_domains"]), "desc" => "A blacklist of e-mail address domains that are not allowed to create accounts.  One per line.");
             $contentopts["fields"][] = array("title" => "Allow E-mail Address Changes", "type" => "select", "name" => "change_email", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("change_email", (string) (int) $sso_settings["sso_login"]["change_email"]), "desc" => "Users may change their e-mail addresses.");
             $contentopts["fields"][] = "endaccordion";
         }
         $contentopts["fields"][] = array("title" => "Other Settings", "type" => "accordion");
         $contentopts["fields"][] = array("title" => "Require Two-Factor Authentication", "type" => "select", "name" => "require_two_factor", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("require_two_factor", (string) (int) $sso_settings["sso_login"]["require_two_factor"]), "desc" => "Users have to select and sign in with a two-factor authentication method.  Existing users will have to use account recovery to set up two-factor authentication.");
         $contentopts["fields"][] = array("title" => "Two-Factor Authentication Display Order", "type" => "text", "name" => "two_factor_order", "value" => BB_GetValue("two_factor_order", $sso_settings["sso_login"]["two_factor_order"]), "desc" => "The display order to use for the two-factor authentication dropdown.");
         $contentopts["fields"][] = array("title" => "Minimum Password Length", "type" => "text", "name" => "password_minlen", "value" => BB_GetValue("password_minlen", $sso_settings["sso_login"]["password_minlen"]), "desc" => "The minimum number of characters a password must have.");
         $options = array();
         if (function_exists("password_hash")) {
             $options["password_hash_bcrypt"] = "password_hash() - Native PHP Bcrypt hashing";
         }
         $options["blowfish"] = "Blowfish::Hash() - A Bcrypt-like hash";
         $contentopts["fields"][] = array("title" => "Password Hashing Mode", "type" => "select", "name" => "password_mode", "options" => $options, "select" => BB_GetValue("password_mode", $sso_settings["sso_login"]["password_mode"]), "desc" => "The password hashing mode to use.  Note that changing the hashing mode will force all users to change their passwords.  If account recovery is not possible, users will be unable to access their accounts.");
         $contentopts["fields"][] = array("title" => "Minimum Password Time", "type" => "text", "name" => "password_mintime", "value" => BB_GetValue("password_mintime", $sso_settings["sso_login"]["password_mintime"]), "desc" => "The minimum amount of time, in milliseconds, required to spend to initially hash a password.");
         $contentopts["fields"][] = array("title" => "Minimum Password Rounds", "type" => "static", "value" => $sso_settings["sso_login"]["password_minrounds"], "desc" => "The minimum number of rounds required to hash a password.  Automatically calculated." . ($sso_settings["sso_login"]["password_minrounds"] < 128 ? "  WARNING:  Due to the low number of minimum rounds, stored passwords will not be as secure as they should be.  Please select a different password hashing mode and/or increase the minimum hashing time." : ""));
         $contentopts["fields"][] = array("title" => "Open Registration", "type" => "select", "name" => "open_reg", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("open_reg", (string) (int) $sso_settings["sso_login"]["open_reg"]), "desc" => "Users may register for new accounts.");
         $contentopts["fields"][] = "endaccordion";
         $contentopts["fields"][] = "split";
         foreach ($g_sso_login_modules as $key => $info) {
             $contentopts["fields"][] = array("title" => BB_Translate($sso_settings["sso_login"]["modules"][$key]["_a"] ? "%s Module *" : "%s Module", $info["name"]), "type" => "accordion");
             $contentopts["fields"][] = array("title" => BB_Translate("%s Module Enabled?", $info["name"]), "type" => "select", "name" => $key . "__a", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue($key . "__a", (string) (int) $sso_settings["sso_login"]["modules"][$key]["_a"]), "desc" => BB_Translate("Enables the %s module.  %s", $info["name"], $info["desc"]));
             if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
                 $module = "sso_login_module_" . $key;
                 $instance = new $module();
                 if ($instance->DefaultOrder() !== false) {
                     $contentopts["fields"][] = array("title" => BB_Translate("%s Module Display Order", $info["name"]), "type" => "text", "name" => $key . "__s", "value" => BB_GetValue($key . "__s", (string) (int) (isset($sso_settings["sso_login"]["modules"][$key]["_s"]) ? $sso_settings["sso_login"]["modules"][$key]["_s"] : $instance->DefaultOrder())), "desc" => BB_Translate("The display order to use for the %s module.", $info["name"]));
                 }
                 $instance->Config($contentopts);
             }
             $contentopts["fields"][] = "endaccordion";
         }
         SSO_AppendIPFields($contentopts, $sso_settings["sso_login"]["iprestrict"]);
         BB_GeneratePage(BB_Translate("Configure %s", $this->DisplayName()), $sso_menuopts, $contentopts);
     } else {
         if ($sso_site_admin && $sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "disable") {
             $sso_settings["sso_login"]["enabled"] = false;
             if (!SSO_SaveSettings()) {
                 BB_RedirectPage("error", "Unable to save settings.");
             } else {
                 BB_RedirectPage("success", BB_Translate("Successfully disabled the %s provider.", $this->DisplayName()));
             }
         } else {
             if ($sso_site_admin && !$sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "enable") {
                 $sso_settings["sso_login"]["enabled"] = true;
                 if (!SSO_SaveSettings()) {
                     BB_RedirectPage("error", "Unable to save settings.");
                 } else {
                     BB_RedirectPage("success", BB_Translate("Successfully enabled the %s provider.", $this->DisplayName()));
                 }
             } else {
                 if ($sso_site_admin && !$sso_settings["sso_login"]["installed"] && $_REQUEST["action2"] == "install") {
                     if (isset($_REQUEST["type"])) {
                         if ($sso_db->TableExists($sso_db_sso_login_users)) {
                             BB_SetPageMessage("error", "The database table '" . $sso_db_sso_login_users . "' already exists.");
                         }
                         if ($_REQUEST["type"] != "email_username" && $_REQUEST["type"] != "email" && $_REQUEST["type"] != "username") {
                             BB_SetPageMessage("error", "Please select a valid 'Registration Key'.");
                         }
                         if (BB_GetPageMessageType() != "error") {
                             try {
                                 if ($_REQUEST["type"] == "email_username") {
                                     $sso_db->Query("CREATE TABLE", array($sso_db_sso_login_users, array("id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true, "PRIMARY KEY" => true, "AUTO INCREMENT" => true), "username" => array("STRING", 1, 75, "NOT NULL" => true), "email" => array("STRING", 1, 255, "NOT NULL" => true), "verified" => array("INTEGER", 1, "NOT NULL" => true), "created" => array("DATETIME", "NOT NULL" => true), "info" => array("STRING", 3, "NOT NULL" => true)), array(array("UNIQUE", array("username"), "NAME" => $sso_db_sso_login_users . "_username"), array("UNIQUE", array("email"), "NAME" => $sso_db_sso_login_users . "_email"))));
                                 } else {
                                     if ($_REQUEST["type"] == "email") {
                                         $sso_db->Query("CREATE TABLE", array($sso_db_sso_login_users, array("id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true, "PRIMARY KEY" => true, "AUTO INCREMENT" => true), "email" => array("STRING", 1, 255, "NOT NULL" => true), "verified" => array("INTEGER", 1, "NOT NULL" => true), "created" => array("DATETIME", "NOT NULL" => true), "info" => array("STRING", 3, "NOT NULL" => true)), array(array("UNIQUE", array("email"), "NAME" => $sso_db_sso_login_users . "_email"))));
                                     } else {
                                         if ($_REQUEST["type"] == "username") {
                                             $sso_db->Query("CREATE TABLE", array($sso_db_sso_login_users, array("id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true, "PRIMARY KEY" => true, "AUTO INCREMENT" => true), "username" => array("STRING", 1, 75, "NOT NULL" => true), "created" => array("DATETIME", "NOT NULL" => true), "info" => array("STRING", 3, "NOT NULL" => true)), array(array("UNIQUE", array("username"), "NAME" => $sso_db_sso_login_users . "_username"))));
                                         }
                                     }
                                 }
                                 $sso_settings["sso_login"]["installed"] = true;
                                 $sso_settings["sso_login"]["enabled"] = true;
                                 $sso_settings["sso_login"]["install_type"] = $_REQUEST["type"];
                                 if (!SSO_SaveSettings()) {
                                     BB_SetPageMessage("error", "Unable to save settings.");
                                 } else {
                                     SSO_ConfigRedirect("config", array(), "success", BB_Translate("Successfully installed the %s provider.", $this->DisplayName()));
                                 }
                             } catch (Exception $e) {
                                 BB_SetPageMessage("error", "Unable to create the database table '" . htmlspecialchars($sso_db_sso_login_users) . "'.  " . $e->getMessage());
                             }
                         }
                     }
                     $contentopts = array("desc" => BB_Translate("Install the %s provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_login", "action2" => "install"), "fields" => array(array("title" => "Registration Key(s)", "type" => "select", "name" => "type", "options" => array("email_username" => "E-mail Address and Username", "email" => "E-mail Address only", "username" => "Username only"), "select" => BB_GetValue("type", ""), "desc" => "The unique fields to require for a registration system entry.  This can't be changed after installing.  The default is highly recommended.")), "submit" => "Install", "focus" => true);
                     BB_GeneratePage(BB_Translate("Install %s", $this->DisplayName()), $sso_menuopts, $contentopts);
                 } else {
                     if ($sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "activateuser" && $this->CanActivateUser()) {
                         if (!isset($_REQUEST["id"])) {
                             SSO_ConfigRedirect("finduser", array(), "error", "User ID not specified.");
                         }
                         $userrow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_login_users, $_REQUEST["id"]);
                         if (!$userrow) {
                             SSO_ConfigRedirect("finduser", array(), "error", "User not found.");
                         }
                         if (!isset($userrow->email)) {
                             $userrow->email = "";
                         }
                         if (!isset($userrow->username)) {
                             $userrow->username = "";
                         }
                         if (!isset($userrow->verified)) {
                             $userrow->verified = 1;
                         }
                         $userinfo = SSO_DecryptDBData($userrow->info);
                         // Activate the user.
                         $mapinfo = array();
                         if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
                             $mapinfo[$sso_settings["sso_login"]["map_email"]] = $userrow->email;
                         }
                         if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
                             $mapinfo[$sso_settings["sso_login"]["map_username"]] = $userrow->username;
                         }
                         // Initialize active modules.
                         $this->activemodules = array();
                         foreach ($g_sso_login_modules as $key => $info) {
                             if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
                                 $module = "sso_login_module_" . $key;
                                 $instance = new $module();
                                 $instance->LoginAddMap($mapinfo, $userrow, $userinfo, true);
                             }
                         }
                         SSO_ActivateUser($userrow->id, $userinfo["extra"], $mapinfo, CSDB::ConvertFromDBTime($userrow->created), false, false);
                         SSO_ConfigRedirect("edituser", array("id" => $userrow->id), "success", "Successfully activated the user.");
                     } else {
                         if ($sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "edituser") {
                             if (!isset($_REQUEST["id"])) {
                                 SSO_ConfigRedirect("finduser", array(), "error", "User ID not specified.");
                             }
                             $row = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_login_users, $_REQUEST["id"]);
                             if (!$row) {
                                 SSO_ConfigRedirect("finduser", array(), "error", "User not found.");
                             }
                             if (!isset($row->email)) {
                                 $row->email = "";
                             }
                             if (!isset($row->username)) {
                                 $row->username = "";
                             }
                             if (!isset($row->verified)) {
                                 $row->verified = 1;
                             }
                             $userinfo = SSO_DecryptDBData($row->info);
                             // Initialize active modules.
                             $this->activemodules = array();
                             foreach ($g_sso_login_modules as $key => $info) {
                                 if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
                                     $module = "sso_login_module_" . $key;
                                     $this->activemodules[$key] = new $module();
                                 }
                             }
                             if (isset($_REQUEST["reset_password"])) {
                                 $username = $row->username;
                                 $email = $row->email;
                                 if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
                                     if ($_REQUEST["username"] == "") {
                                         BB_SetPageMessage("error", "Please specify a username.");
                                     } else {
                                         if ($_REQUEST["username"] != $row->username && $sso_db->GetOne("SELECT", array("COUNT(*)", "FROM" => "?", "WHERE" => "username = ?"), $sso_db_sso_login_users, $_REQUEST["username"])) {
                                             BB_SetPageMessage("error", "Username is already in use.");
                                         } else {
                                             $username = $_REQUEST["username"];
                                         }
                                     }
                                 }
                                 if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
                                     if ($_REQUEST["email"] == "") {
                                         BB_SetPageMessage("error", "Please specify an e-mail address.");
                                     } else {
                                         if ($_REQUEST["email"] != $row->email && $sso_db->GetOne("SELECT", array("COUNT(*)", "FROM" => "?", "WHERE" => "email = ?"), $sso_db_sso_login_users, $_REQUEST["email"])) {
                                             BB_SetPageMessage("error", "E-mail Address is already in use.");
                                         } else {
                                             $email = $_REQUEST["email"];
                                         }
                                     }
                                 }
                                 foreach ($g_sso_login_modules as $key => $info) {
                                     if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
                                         $module = "sso_login_module_" . $key;
                                         $instance = new $module();
                                         $instance->CheckEditUserFields($userinfo);
                                     }
                                 }
                                 if (BB_GetPageMessageType() != "error" && $_REQUEST["reset_password"] > 0) {
                                     if ($_REQUEST["reset_password"] == 1) {
                                         $phrase = "";
                                         for ($x = 0; $x < 4; $x++) {
                                             $phrase .= " " . SSO_GetRandomWord();
                                         }
                                         $phrase = preg_replace('/\\s+/', " ", trim($phrase));
                                         $salt = $sso_rng->GenerateString();
                                         $data = $username . ":" . $email . ":" . $salt . ":" . $phrase;
                                         $passwordinfo = self::HashPasswordInfo($data, $sso_settings["sso_login"]["password_mode"], $sso_settings["sso_login"]["password_minrounds"]);
                                         if (!$passwordinfo["success"]) {
                                             BB_SetPageMessage("error", "Unexpected cryptography error.");
                                         } else {
                                             $userinfo["salt"] = $salt;
                                             $userinfo["rounds"] = (int) $passwordinfo["rounds"];
                                             $userinfo["password"] = bin2hex($passwordinfo["hash"]);
                                             BB_SetPageMessage("info", BB_Translate("Password has been changed to '%s'.", $phrase));
                                         }
                                     } else {
                                         if ($this->IsRecoveryAllowed(false) && $_REQUEST["reset_password"] == 2) {
                                             $userinfo["rounds"] = 0;
                                             $userinfo["password"] = "";
                                         }
                                     }
                                 }
                                 if (BB_GetPageMessageType() != "error") {
                                     try {
                                         $userinfo2 = SSO_EncryptDBData($userinfo);
                                         if ($sso_settings["sso_login"]["install_type"] == "email_username") {
                                             $sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("username" => $_REQUEST["username"], "email" => $_REQUEST["email"], "verified" => (int) $_REQUEST["verified"] > 0 ? 1 : 0, "info" => $userinfo2), "WHERE" => "id = ?"), $row->id);
                                         } else {
                                             if ($sso_settings["sso_login"]["install_type"] == "email") {
                                                 $sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("email" => $_REQUEST["email"], "verified" => (int) $_REQUEST["verified"] > 0 ? 1 : 0, "info" => $userinfo2), "WHERE" => "id = ?"), $row->id);
                                             } else {
                                                 if ($sso_settings["sso_login"]["install_type"] == "username") {
                                                     $sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("username" => $_REQUEST["username"], "info" => $userinfo2), "WHERE" => "id = ?"), $row->id);
                                                 }
                                             }
                                         }
                                         if (BB_GetPageMessageType() == "info") {
                                             SSO_ConfigRedirect("edituser", array("id" => $row->id), "info", $_REQUEST["bb_msg"] . "  Successfully updated the user.");
                                         } else {
                                             SSO_ConfigRedirect("edituser", array("id" => $row->id), "success", "Successfully updated the user.");
                                         }
                                     } catch (Exception $e) {
                                         BB_SetPageMessage("error", "Database query error.");
                                     }
                                 }
                             }
                             $desc = "<br />";
                             $row2 = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "provider_name = 'sso_login' AND provider_id = ?"), $sso_db_users, $row->id);
                             if ($row2) {
                                 $desc .= "<a href=\"" . BB_GetRequestURLBase() . "?action=edituser&id=" . $row2->id . "&sec_t=" . BB_CreateSecurityToken("edituser") . "\">Edit SSO Server Info</a>";
                             } else {
                                 if ($this->CanActivateUser()) {
                                     $desc .= SSO_CreateConfigLink("Activate User", "activateuser", array("id" => $row->id), "Are you sure you want to activate this user?");
                                 }
                             }
                             $contentopts = array("desc" => BB_Translate("Edit the %s user.", $this->DisplayName()), "htmldesc" => $desc, "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_login", "action2" => "edituser", "id" => $row->id), "fields" => array(array("title" => "ID", "type" => "static", "value" => $row->id)), "submit" => "Save", "focus" => true);
                             if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
                                 $contentopts["fields"][] = array("title" => "Username", "type" => "text", "name" => "username", "value" => BB_GetValue("username", $row->username));
                             }
                             if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
                                 $contentopts["fields"][] = array("title" => "E-mail Address", "type" => "text", "name" => "email", "value" => BB_GetValue("email", $row->email));
                                 $contentopts["fields"][] = array("title" => "Verified", "type" => "select", "name" => "verified", "options" => array("1" => "Yes", "0" => "No"), "select" => BB_GetValue("verified", (string) $row->verified));
                             }
                             $contentopts["fields"][] = array("title" => "Password Hash Rounds", "type" => "static", "value" => number_Format($userinfo["rounds"], 0));
                             $options = array("0" => "No", "1" => "Now - Generate a random password");
                             if ($this->IsRecoveryAllowed(false)) {
                                 $options["2"] = "Next Login - User must use account recovery to set a password";
                             }
                             $contentopts["fields"][] = array("title" => "Reset Password?", "type" => "select", "name" => "reset_password", "options" => $options, "select" => BB_GetValue("reset_password", "0"));
                             foreach ($g_sso_login_modules as $key => $info) {
                                 if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
                                     $module = "sso_login_module_" . $key;
                                     $instance = new $module();
                                     $instance->AddEditUserFields($contentopts, $userinfo);
                                 }
                             }
                             BB_GeneratePage(BB_Translate("Edit %s User", $this->DisplayName()), $sso_menuopts, $contentopts);
                         } else {
                             if ($sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "createuser" && $this->CanActivateUser()) {
                                 // Initialize active modules.
                                 $this->activemodules = array();
                                 foreach ($g_sso_login_modules as $key => $info) {
                                     if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
                                         $module = "sso_login_module_" . $key;
                                         $this->activemodules[$key] = new $module();
                                     }
                                 }
                                 if (isset($_REQUEST["set_password"])) {
                                     $messages = $this->SignupUpdateCheck(false, false, false, true);
                                     if (count($messages["errors"])) {
                                         BB_SetPageMessage("error", implode("  ", array_merge($messages["errors"], $messages["warnings"])));
                                     } else {
                                         // Create the account.
                                         $username = BB_GetValue("username", "");
                                         $email = BB_GetValue("email", "");
                                         $verified = true;
                                         if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
                                             $result = SMTP::MakeValidEmailAddress($email);
                                             $email = $result["email"];
                                         }
                                         $userinfo = array();
                                         $phrase = "";
                                         for ($x = 0; $x < 4; $x++) {
                                             $phrase .= " " . SSO_GetRandomWord();
                                         }
                                         $phrase = preg_replace('/\\s+/', " ", trim($phrase));
                                         $salt = $sso_rng->GenerateString();
                                         $data = $username . ":" . $email . ":" . $salt . ":" . $phrase;
                                         $userinfo["extra"] = $sso_rng->GenerateString();
                                         if ($_REQUEST["set_password"] == 1) {
                                             $passwordinfo = self::HashPasswordInfo($data, $sso_settings["sso_login"]["password_mode"], $sso_settings["sso_login"]["password_minrounds"]);
                                             if (!$passwordinfo["success"]) {
                                                 BB_SetPageMessage("error", "Unexpected cryptography error.");
                                             } else {
                                                 $userinfo["salt"] = $salt;
                                                 $userinfo["rounds"] = (int) $passwordinfo["rounds"];
                                                 $userinfo["password"] = bin2hex($passwordinfo["hash"]);
                                                 BB_SetPageMessage("info", BB_Translate("Initial password has been set to '%s'.", $phrase));
                                             }
                                         } else {
                                             if ($this->IsRecoveryAllowed(false) && $_REQUEST["set_password"] == 2) {
                                                 $userinfo["salt"] = "";
                                                 $userinfo["rounds"] = 0;
                                                 $userinfo["password"] = "";
                                             } else {
                                                 BB_SetPageMessage("error", "Invalid Set Password option.");
                                             }
                                         }
                                         $userinfo["two_factor_key"] = $_REQUEST["two_factor_key"];
                                         $userinfo["two_factor_method"] = isset($_REQUEST["two_factor_method"]) ? $_REQUEST["two_factor_method"] : "";
                                         if (BB_GetPageMessageType() != "error") {
                                             foreach ($this->activemodules as &$instance) {
                                                 $instance->SignupAddInfo($userinfo, true);
                                             }
                                             $userinfo2 = SSO_EncryptDBData($userinfo);
                                             try {
                                                 if ($sso_settings["sso_login"]["install_type"] == "email_username") {
                                                     $sso_db->Query("INSERT", array($sso_db_sso_login_users, array("username" => $username, "email" => $email, "verified" => (int) $verified, "created" => CSDB::ConvertToDBTime(time()), "info" => $userinfo2), "AUTO INCREMENT" => "id"));
                                                 } else {
                                                     if ($sso_settings["sso_login"]["install_type"] == "email") {
                                                         $sso_db->Query("INSERT", array($sso_db_sso_login_users, array("email" => $email, "verified" => (int) $verified, "created" => CSDB::ConvertToDBTime(time()), "info" => $userinfo2), "AUTO INCREMENT" => "id"));
                                                     } else {
                                                         if ($sso_settings["sso_login"]["install_type"] == "username") {
                                                             $sso_db->Query("INSERT", array($sso_db_sso_login_users, array("username" => $username, "created" => CSDB::ConvertToDBTime(time()), "info" => $userinfo2), "AUTO INCREMENT" => "id"));
                                                         } else {
                                                             BB_SetPageMessage("error", "Fatal error:  Login system is broken.");
                                                         }
                                                     }
                                                 }
                                                 if (BB_GetPageMessageType() != "error") {
                                                     $userid = $sso_db->GetInsertID();
                                                     $userrow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_login_users, $userid);
                                                 }
                                             } catch (Exception $e) {
                                                 BB_SetPageMessage("error", "Database query error.");
                                             }
                                             if (BB_GetPageMessageType() != "error") {
                                                 foreach ($this->activemodules as &$instance) {
                                                     $instance->SignupDone($userid, true);
                                                 }
                                                 // Activate the user.
                                                 if (isset($_REQUEST["activate"]) && $_REQUEST["activate"] == "yes") {
                                                     $mapinfo = array();
                                                     if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
                                                         $mapinfo[$sso_settings["sso_login"]["map_email"]] = $userrow->email;
                                                     }
                                                     if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
                                                         $mapinfo[$sso_settings["sso_login"]["map_username"]] = $userrow->username;
                                                     }
                                                     foreach ($this->activemodules as &$instance) {
                                                         $instance->LoginAddMap($mapinfo, $userrow, $userinfo, true);
                                                     }
                                                     SSO_ActivateUser($userrow->id, $userinfo["extra"], $mapinfo, CSDB::ConvertFromDBTime($userrow->created), false, false);
                                                 }
                                                 if (BB_GetPageMessageType() == "info") {
                                                     SSO_ConfigRedirect("edituser", array("id" => $userid), "info", $_REQUEST["bb_msg"] . "  Successfully created the user.");
                                                 } else {
                                                     SSO_ConfigRedirect("edituser", array("id" => $userid), "success", "Successfully created the user.");
                                                 }
                                             }
                                         }
                                     }
                                 }
                                 $_REQUEST["two_factor_key"] = BB_GetValue("two_factor_key", self::GenerateOTPKey(10));
                                 $contentopts = array("desc" => BB_Translate("Create a new user in the %s provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_login", "action2" => "createuser", "two_factor_key" => $_REQUEST["two_factor_key"]), "fields" => array(), "submit" => "Create", "focus" => true);
                                 if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
                                     $contentopts["fields"][] = array("title" => "E-mail Address", "type" => "text", "name" => "email", "value" => BB_GetValue("email", ""), "desc" => "The e-mail address of the new user.  Must be valid and not already in use.");
                                 }
                                 if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
                                     $contentopts["fields"][] = array("title" => "Username", "type" => "text", "name" => "username", "value" => BB_GetValue("username", ""), "desc" => "The username of the new user.  Must be valid and not already in use.");
                                 }
                                 $options = array("1" => "Now - Generate a random password upon account creation");
                                 if ($this->IsRecoveryAllowed(false)) {
                                     $options["2"] = "Next Login - User must use account recovery to set a password";
                                 }
                                 $contentopts["fields"][] = array("title" => "Set Password", "type" => "select", "name" => "set_password", "options" => $options, "select" => BB_GetValue("set_password", "1"), "desc" => "Sets an account password now or later.");
                                 // Two-factor authentication dropdown.
                                 $fieldmap = array();
                                 $options = array();
                                 foreach ($this->activemodules as $key => &$instance) {
                                     $name = $instance->GetTwoFactorName();
                                     if ($name !== false) {
                                         $options[$key] = $name;
                                     }
                                 }
                                 if (!$sso_settings["sso_login"]["require_two_factor"] && count($options)) {
                                     $options = array_merge(array("" => "None"), $options);
                                 }
                                 if (count($options)) {
                                     $fields = array(array("title" => "Two-Factor Authentication Method", "type" => "select", "name" => "two_factor_method", "options" => $options, "select" => BB_GetValue("two_factor_method", ""), "desc" => "Sets the two-factor authentication method."));
                                     $order = $sso_settings["sso_login"]["two_factor_order"];
                                     SSO_AddSortedOutput($fieldmap, $order, "two_factor", $fields);
                                 }
                                 // Other fields.
                                 foreach ($g_sso_login_modules as $key => $info) {
                                     if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
                                         $module = "sso_login_module_" . $key;
                                         $instance = new $module();
                                         $fields = $instance->GenerateSignup(true);
                                         if (isset($fields) && is_array($fields)) {
                                             $order = isset($sso_settings["sso_login"]["modules"][$key]["_s"]) ? $sso_settings["sso_login"]["modules"][$key]["_s"] : $instance->DefaultOrder();
                                             SSO_AddSortedOutput($fieldmap, $order, $key, $fields);
                                         }
                                     }
                                 }
                                 ksort($fieldmap);
                                 foreach ($fieldmap as $fields) {
                                     foreach ($fields as $fields2) {
                                         $contentopts["fields"] = array_merge($contentopts["fields"], $fields2);
                                     }
                                 }
                                 $contentopts["fields"][] = array("title" => "Activate User", "type" => "checkbox", "name" => "activate", "value" => "yes", "check" => BB_GetValue("activate", "yes"), "display" => "Activate the user upon successful account creation");
                                 BB_GeneratePage("Create User", $sso_menuopts, $contentopts);
                             } else {
                                 if ($sso_site_admin && $sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "module" && isset($_REQUEST["module"]) && isset($sso_settings["sso_login"]["modules"][$_REQUEST["module"]]) && $sso_settings["sso_login"]["modules"][$_REQUEST["module"]]["_a"]) {
                                     $module = "sso_login_module_" . $_REQUEST["module"];
                                     $instance = new $module();
                                     $instance->CustomConfig();
                                 }
                             }
                         }
                     }
                 }
             }
         }
     }
 }