</div>
<div class="formitem">
<div class="formitemtitle">SSO Server Session Timeout</div>
<input class="text" id="sso_server_session_timeout" type="text" name="sso_server_session_timeout" value="604800" />
<div class="formitemdesc">How long the SSO Server session data is valid for without a successful SSO Client Validation Check (in seconds). Five minutes (300 seconds) is the minimum the SSO server supports.</div>
</div>
<div class="formitem">
<div class="formitemtitle">SSO Client Cookie Name</div>
<input class="text" id="sso_cookie_name" type="text" name="sso_cookie_name" value="<?php
echo htmlspecialchars(isset($_REQUEST["cookie_name"]) ? $_REQUEST["cookie_name"] : "sso_");
?>
" />
<div class="formitemdesc">The name of the session cookie to use in the web browser for this SSO Client instance. There should be one SSO Client instance per application. Valid characters are A-Z, a-z, 0-9, and underscore '_'.</div>
</div>
<?php
$url = dirname(BB_GetRequestURLBase());
if (substr($url, -1) != "/") {
$url .= "/";
}
?>
<div class="formitem">
<div class="formitemtitle">SSO Client Cookie Path</div>
<input class="text" id="sso_cookie_path" type="text" name="sso_cookie_path" value="<?php
echo htmlspecialchars(isset($_REQUEST["cookie_path"]) ? $_REQUEST["cookie_path"] : $url);
?>
" />
<div class="formitemdesc">The base path where the SSO Client cookie will be applicable. If you are directly installing the SSO Client (i.e. not from within a plugin), then you probably need to change this to avoid an infinite loop in your application.</div>
</div>
<div class="formitem">
<div class="formitemtitle">SSO Client Cookie Timeout</div>
<input class="text" id="sso_cookie_timeout" type="text" name="sso_cookie_timeout" value="<?php
public function Config()
{
global $sso_rng, $sso_db, $sso_db_users, $sso_site_admin, $sso_settings, $sso_menuopts, $sso_select_fields, $g_sso_login_modules;
$sso_db_sso_login_users = SSO_DB_PREFIX . "p_sso_login_users";
if ($sso_site_admin && $sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "config") {
if (isset($_REQUEST["configsave"])) {
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
$_REQUEST["username_blacklist"] = trim($_REQUEST["username_blacklist"]);
$_REQUEST["username_minlen"] = (int) $_REQUEST["username_minlen"];
if ($_REQUEST["username_minlen"] < 1) {
BB_SetPageMessage("error", "The 'Minimum Username Length' field contains an invalid value.");
}
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$_REQUEST["email_verify_msg"] = trim($_REQUEST["email_verify_msg"]);
$_REQUEST["email_recover_msg"] = trim($_REQUEST["email_recover_msg"]);
if ($_REQUEST["email_verify_msg"] != "" && stripos($_REQUEST["email_verify_msg"], "@VERIFY@") === false) {
BB_SetPageMessage("error", "The 'Verify E-mail Message' field does not contain '@VERIFY@'.");
} else {
if ($_REQUEST["email_recover_msg"] != "" && stripos($_REQUEST["email_recover_msg"], "@VERIFY@") === false) {
BB_SetPageMessage("error", "The 'Recovery E-mail Message' field does not contain '@VERIFY@'.");
}
}
define("CS_TRANSLATE_FUNC", "BB_Translate");
require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/smtp.php";
if ($_REQUEST["email_verify_from"] != "") {
$email = SMTP::MakeValidEmailAddress($_REQUEST["email_verify_from"]);
if (!$email["success"]) {
BB_SetPageMessage("error", BB_Translate("The e-mail address '%s' is invalid. %s", $_REQUEST["email_verify_from"], $email["error"]));
} else {
if ($email["email"] != trim($_REQUEST["email_verify_from"])) {
BB_SetPageMessage("info", BB_Translate("Invalid e-mail address. Perhaps you meant '%s' instead?", $email["email"]));
}
$_REQUEST["email_verify_from"] = $email["email"];
}
}
if ($_REQUEST["email_recover_from"] != "") {
$email = SMTP::MakeValidEmailAddress($_REQUEST["email_recover_from"]);
if (!$email["success"]) {
BB_SetPageMessage("error", BB_Translate("The e-mail address '%s' is invalid. %s", $_REQUEST["email_recover_from"], $email["error"]));
} else {
if ($email["email"] != trim($_REQUEST["email_recover_from"])) {
BB_SetPageMessage("info", BB_Translate("Invalid e-mail address. Perhaps you meant '%s' instead?", $email["email"]));
}
$_REQUEST["email_recover_from"] = $email["email"];
}
}
}
$_REQUEST["two_factor_order"] = (int) $_REQUEST["two_factor_order"];
$_REQUEST["password_minlen"] = (int) $_REQUEST["password_minlen"];
$_REQUEST["password_mintime"] = (int) $_REQUEST["password_mintime"];
if ($_REQUEST["two_factor_order"] < 0) {
BB_SetPageMessage("error", "The 'Two-Factor Authentication Display Order' field contains an invalid value.");
} else {
if ($_REQUEST["password_minlen"] < 0) {
BB_SetPageMessage("error", "The 'Minimum Password Length' field contains an invalid value.");
} else {
if ($_REQUEST["password_mintime"] < 50) {
BB_SetPageMessage("error", "The 'Minimum Password Time' field contains an invalid value. Must be at least 50 milliseconds.");
} else {
if ($_REQUEST["password_mintime"] > 5000) {
BB_SetPageMessage("error", "The 'Minimum Password Time' field contains an invalid value. Must be less than 5000 milliseconds (5 seconds).");
}
}
}
}
foreach ($g_sso_login_modules as $key => $info) {
if ($_REQUEST[$key . "__a"] < 1) {
$sso_settings["sso_login"]["modules"][$key]["_a"] = false;
}
if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
$module = "sso_login_module_" . $key;
$instance = new $module();
if ($instance->DefaultOrder() !== false) {
if ((int) $_REQUEST[$key . "__s"] < 0) {
BB_SetPageMessage("error", BB_Translate("The '%s Module Display Order' field contains an invalid value.", $info["name"]));
} else {
$sso_settings["sso_login"]["modules"][$key]["_s"] = $_REQUEST[$key . "__s"];
}
}
$instance->ConfigSave();
}
$sso_settings["sso_login"]["modules"][$key]["_a"] = $_REQUEST[$key . "__a"] > 0;
}
$sso_settings["sso_login"]["iprestrict"] = SSO_ProcessIPFields();
if (BB_GetPageMessageType() != "error") {
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
$sso_settings["sso_login"]["map_username"] = SSO_IsField($_REQUEST["map_username"]) ? $_REQUEST["map_username"] : "";
$sso_settings["sso_login"]["username_minlen"] = $_REQUEST["username_minlen"];
$sso_settings["sso_login"]["username_blacklist"] = $_REQUEST["username_blacklist"];
$sso_settings["sso_login"]["change_username"] = $_REQUEST["change_username"] > 0;
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$sso_settings["sso_login"]["map_email"] = SSO_IsField($_REQUEST["map_email"]) ? $_REQUEST["map_email"] : "";
$sso_settings["sso_login"]["email_verify_from"] = $_REQUEST["email_verify_from"];
$sso_settings["sso_login"]["email_verify_subject"] = trim($_REQUEST["email_verify_subject"]);
$sso_settings["sso_login"]["email_verify_msg"] = $_REQUEST["email_verify_msg"];
$sso_settings["sso_login"]["email_verify_msg_text"] = SMTP::ConvertHTMLToText($_REQUEST["email_verify_msg"]);
$sso_settings["sso_login"]["email_recover_from"] = $_REQUEST["email_recover_from"];
$sso_settings["sso_login"]["email_recover_subject"] = trim($_REQUEST["email_recover_subject"]);
$sso_settings["sso_login"]["email_recover_msg"] = $_REQUEST["email_recover_msg"];
$sso_settings["sso_login"]["email_recover_msg_text"] = SMTP::ConvertHTMLToText($_REQUEST["email_recover_msg"]);
$sso_settings["sso_login"]["email_session"] = $_REQUEST["email_session"] == "none" || $_REQUEST["email_session"] == "all" ? $_REQUEST["email_session"] : "verify";
$sso_settings["sso_login"]["email_bad_domains"] = $_REQUEST["email_bad_domains"];
$sso_settings["sso_login"]["change_email"] = $_REQUEST["change_email"] > 0;
}
$sso_settings["sso_login"]["require_two_factor"] = $_REQUEST["require_two_factor"] > 0;
$sso_settings["sso_login"]["two_factor_order"] = $_REQUEST["two_factor_order"];
$sso_settings["sso_login"]["password_minlen"] = $_REQUEST["password_minlen"];
$modetimechanged = $sso_settings["sso_login"]["password_mode"] != $_REQUEST["password_mode"] || $sso_settings["sso_login"]["password_mintime"] != $_REQUEST["password_mintime"];
$sso_settings["sso_login"]["password_mode"] = $_REQUEST["password_mode"];
$sso_settings["sso_login"]["password_mintime"] = $_REQUEST["password_mintime"];
if ($modetimechanged) {
$sso_settings["sso_login"]["password_minrounds"] = self::CalculateOptimalHashRounds($sso_settings["sso_login"]["password_mode"], $sso_settings["sso_login"]["password_mintime"]);
}
$sso_settings["sso_login"]["open_reg"] = $_REQUEST["open_reg"] > 0;
if (!SSO_SaveSettings()) {
BB_SetPageMessage("error", "Unable to save settings.");
} else {
if (BB_GetPageMessageType() == "info") {
SSO_ConfigRedirect("config", array(), "info", $_REQUEST["bb_msg"] . " " . BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName()));
} else {
SSO_ConfigRedirect("config", array(), "success", BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName()));
}
}
}
}
$contentopts = array("desc" => BB_Translate("Configure the %s provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_login", "action2" => "config", "configsave" => "1"), "fields" => array(), "submit" => "Save", "focus" => true);
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
$contentopts["fields"][] = array("title" => "Username Settings", "type" => "accordion");
$contentopts["fields"][] = array("title" => "Map Username", "type" => "select", "name" => "map_username", "options" => $sso_select_fields, "select" => BB_GetValue("map_username", (string) $sso_settings["sso_login"]["map_username"]), "desc" => "The field in the SSO system to map the username to.");
$contentopts["fields"][] = array("title" => "Minimum Username Length", "type" => "text", "name" => "username_minlen", "value" => BB_GetValue("username_minlen", $sso_settings["sso_login"]["username_minlen"]), "desc" => "The minimum number of characters a username must have.");
$contentopts["fields"][] = array("title" => "Username Blacklist", "type" => "textarea", "height" => "300px", "name" => "username_blacklist", "value" => BB_GetValue("username_blacklist", $sso_settings["sso_login"]["username_blacklist"]), "desc" => "A blacklist of words that a username may not contain. One per line.");
$contentopts["fields"][] = array("title" => "Allow Username Changes", "type" => "select", "name" => "change_username", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("change_username", (string) (int) $sso_settings["sso_login"]["change_username"]), "desc" => "Users may change their usernames.");
$contentopts["fields"][] = "endaccordion";
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$contentopts["fields"][] = array("title" => "E-mail Settings", "type" => "accordion");
$contentopts["fields"][] = array("title" => "Map E-mail Address", "type" => "select", "name" => "map_email", "options" => $sso_select_fields, "select" => BB_GetValue("map_email", (string) $sso_settings["sso_login"]["map_email"]), "desc" => "The field in the SSO system to map the e-mail address to.");
$contentopts["fields"][] = array("title" => "Verification E-mail - From Address", "type" => "text", "name" => "email_verify_from", "value" => BB_GetValue("email_verify_from", $sso_settings["sso_login"]["email_verify_from"]), "desc" => "The from address for the e-mail message to send to new registrants. Leave blank for the server default.");
$contentopts["fields"][] = array("title" => "Verification E-mail - Subject Line", "type" => "text", "name" => "email_verify_subject", "value" => BB_GetValue("email_verify_subject", $sso_settings["sso_login"]["email_verify_subject"]), "desc" => "The subject line for the e-mail message to send to new registrants.");
$contentopts["fields"][] = array("title" => "Verification E-mail - HTML Message", "type" => "textarea", "height" => "300px", "name" => "email_verify_msg", "value" => BB_GetValue("email_verify_msg", $sso_settings["sso_login"]["email_verify_msg"]), "desc" => "The HTML e-mail message to send to new registrants. @USERNAME@, @EMAIL@, and @VERIFY@ are special strings that will be replaced with user and system generated values. @VERIFY@ is required.");
$contentopts["fields"][] = array("title" => "Recovery E-mail - From Address", "type" => "text", "name" => "email_recover_from", "value" => BB_GetValue("email_recover_from", $sso_settings["sso_login"]["email_recover_from"]), "desc" => "The from address for the e-mail message to send to users recovering access to their account. Leave blank for the server default.");
$contentopts["fields"][] = array("title" => "Recovery E-mail - Subject Line", "type" => "text", "name" => "email_recover_subject", "value" => BB_GetValue("email_recover_subject", $sso_settings["sso_login"]["email_recover_subject"]), "desc" => "The subject line for the e-mail message to send to users recovering access to their account.");
$contentopts["fields"][] = array("title" => "Recovery E-mail - HTML Message", "type" => "textarea", "height" => "300px", "name" => "email_recover_msg", "value" => BB_GetValue("email_recover_msg", $sso_settings["sso_login"]["email_recover_msg"]), "desc" => "The HTML e-mail message to send to users recovering access to their account. @USERNAME@, @EMAIL@, and @VERIFY@ are special strings that will be replaced with user and system generated values. @VERIFY@ is required.");
$contentopts["fields"][] = array("title" => "Verification/Recovery E-mail - Send Session ID", "type" => "select", "name" => "email_session", "options" => array("none" => "Never", "verify" => "Verification e-mail only", "all" => "Verification and recovery e-mails"), "select" => BB_GetValue("email_session", $sso_settings["sso_login"]["email_session"]), "desc" => "Send the session ID as part of the URL in an e-mail. When the session ID isn't sent, the same browser session must be used with the URL or an error message will appear. Sending the session ID for recovery e-mails is not recommended.");
$contentopts["fields"][] = array("title" => "E-mail Domain Blacklist", "type" => "textarea", "height" => "300px", "name" => "email_bad_domains", "value" => BB_GetValue("email_bad_domains", $sso_settings["sso_login"]["email_bad_domains"]), "desc" => "A blacklist of e-mail address domains that are not allowed to create accounts. One per line.");
$contentopts["fields"][] = array("title" => "Allow E-mail Address Changes", "type" => "select", "name" => "change_email", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("change_email", (string) (int) $sso_settings["sso_login"]["change_email"]), "desc" => "Users may change their e-mail addresses.");
$contentopts["fields"][] = "endaccordion";
}
$contentopts["fields"][] = array("title" => "Other Settings", "type" => "accordion");
$contentopts["fields"][] = array("title" => "Require Two-Factor Authentication", "type" => "select", "name" => "require_two_factor", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("require_two_factor", (string) (int) $sso_settings["sso_login"]["require_two_factor"]), "desc" => "Users have to select and sign in with a two-factor authentication method. Existing users will have to use account recovery to set up two-factor authentication.");
$contentopts["fields"][] = array("title" => "Two-Factor Authentication Display Order", "type" => "text", "name" => "two_factor_order", "value" => BB_GetValue("two_factor_order", $sso_settings["sso_login"]["two_factor_order"]), "desc" => "The display order to use for the two-factor authentication dropdown.");
$contentopts["fields"][] = array("title" => "Minimum Password Length", "type" => "text", "name" => "password_minlen", "value" => BB_GetValue("password_minlen", $sso_settings["sso_login"]["password_minlen"]), "desc" => "The minimum number of characters a password must have.");
$options = array();
if (function_exists("password_hash")) {
$options["password_hash_bcrypt"] = "password_hash() - Native PHP Bcrypt hashing";
}
$options["blowfish"] = "Blowfish::Hash() - A Bcrypt-like hash";
$contentopts["fields"][] = array("title" => "Password Hashing Mode", "type" => "select", "name" => "password_mode", "options" => $options, "select" => BB_GetValue("password_mode", $sso_settings["sso_login"]["password_mode"]), "desc" => "The password hashing mode to use. Note that changing the hashing mode will force all users to change their passwords. If account recovery is not possible, users will be unable to access their accounts.");
$contentopts["fields"][] = array("title" => "Minimum Password Time", "type" => "text", "name" => "password_mintime", "value" => BB_GetValue("password_mintime", $sso_settings["sso_login"]["password_mintime"]), "desc" => "The minimum amount of time, in milliseconds, required to spend to initially hash a password.");
$contentopts["fields"][] = array("title" => "Minimum Password Rounds", "type" => "static", "value" => $sso_settings["sso_login"]["password_minrounds"], "desc" => "The minimum number of rounds required to hash a password. Automatically calculated." . ($sso_settings["sso_login"]["password_minrounds"] < 128 ? " WARNING: Due to the low number of minimum rounds, stored passwords will not be as secure as they should be. Please select a different password hashing mode and/or increase the minimum hashing time." : ""));
$contentopts["fields"][] = array("title" => "Open Registration", "type" => "select", "name" => "open_reg", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("open_reg", (string) (int) $sso_settings["sso_login"]["open_reg"]), "desc" => "Users may register for new accounts.");
$contentopts["fields"][] = "endaccordion";
$contentopts["fields"][] = "split";
foreach ($g_sso_login_modules as $key => $info) {
$contentopts["fields"][] = array("title" => BB_Translate($sso_settings["sso_login"]["modules"][$key]["_a"] ? "%s Module *" : "%s Module", $info["name"]), "type" => "accordion");
$contentopts["fields"][] = array("title" => BB_Translate("%s Module Enabled?", $info["name"]), "type" => "select", "name" => $key . "__a", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue($key . "__a", (string) (int) $sso_settings["sso_login"]["modules"][$key]["_a"]), "desc" => BB_Translate("Enables the %s module. %s", $info["name"], $info["desc"]));
if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
$module = "sso_login_module_" . $key;
$instance = new $module();
if ($instance->DefaultOrder() !== false) {
$contentopts["fields"][] = array("title" => BB_Translate("%s Module Display Order", $info["name"]), "type" => "text", "name" => $key . "__s", "value" => BB_GetValue($key . "__s", (string) (int) (isset($sso_settings["sso_login"]["modules"][$key]["_s"]) ? $sso_settings["sso_login"]["modules"][$key]["_s"] : $instance->DefaultOrder())), "desc" => BB_Translate("The display order to use for the %s module.", $info["name"]));
}
$instance->Config($contentopts);
}
$contentopts["fields"][] = "endaccordion";
}
SSO_AppendIPFields($contentopts, $sso_settings["sso_login"]["iprestrict"]);
BB_GeneratePage(BB_Translate("Configure %s", $this->DisplayName()), $sso_menuopts, $contentopts);
} else {
if ($sso_site_admin && $sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "disable") {
$sso_settings["sso_login"]["enabled"] = false;
if (!SSO_SaveSettings()) {
BB_RedirectPage("error", "Unable to save settings.");
} else {
BB_RedirectPage("success", BB_Translate("Successfully disabled the %s provider.", $this->DisplayName()));
}
} else {
if ($sso_site_admin && !$sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "enable") {
$sso_settings["sso_login"]["enabled"] = true;
if (!SSO_SaveSettings()) {
BB_RedirectPage("error", "Unable to save settings.");
} else {
BB_RedirectPage("success", BB_Translate("Successfully enabled the %s provider.", $this->DisplayName()));
}
} else {
if ($sso_site_admin && !$sso_settings["sso_login"]["installed"] && $_REQUEST["action2"] == "install") {
if (isset($_REQUEST["type"])) {
if ($sso_db->TableExists($sso_db_sso_login_users)) {
BB_SetPageMessage("error", "The database table '" . $sso_db_sso_login_users . "' already exists.");
}
if ($_REQUEST["type"] != "email_username" && $_REQUEST["type"] != "email" && $_REQUEST["type"] != "username") {
BB_SetPageMessage("error", "Please select a valid 'Registration Key'.");
}
if (BB_GetPageMessageType() != "error") {
try {
if ($_REQUEST["type"] == "email_username") {
$sso_db->Query("CREATE TABLE", array($sso_db_sso_login_users, array("id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true, "PRIMARY KEY" => true, "AUTO INCREMENT" => true), "username" => array("STRING", 1, 75, "NOT NULL" => true), "email" => array("STRING", 1, 255, "NOT NULL" => true), "verified" => array("INTEGER", 1, "NOT NULL" => true), "created" => array("DATETIME", "NOT NULL" => true), "info" => array("STRING", 3, "NOT NULL" => true)), array(array("UNIQUE", array("username"), "NAME" => $sso_db_sso_login_users . "_username"), array("UNIQUE", array("email"), "NAME" => $sso_db_sso_login_users . "_email"))));
} else {
if ($_REQUEST["type"] == "email") {
$sso_db->Query("CREATE TABLE", array($sso_db_sso_login_users, array("id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true, "PRIMARY KEY" => true, "AUTO INCREMENT" => true), "email" => array("STRING", 1, 255, "NOT NULL" => true), "verified" => array("INTEGER", 1, "NOT NULL" => true), "created" => array("DATETIME", "NOT NULL" => true), "info" => array("STRING", 3, "NOT NULL" => true)), array(array("UNIQUE", array("email"), "NAME" => $sso_db_sso_login_users . "_email"))));
} else {
if ($_REQUEST["type"] == "username") {
$sso_db->Query("CREATE TABLE", array($sso_db_sso_login_users, array("id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true, "PRIMARY KEY" => true, "AUTO INCREMENT" => true), "username" => array("STRING", 1, 75, "NOT NULL" => true), "created" => array("DATETIME", "NOT NULL" => true), "info" => array("STRING", 3, "NOT NULL" => true)), array(array("UNIQUE", array("username"), "NAME" => $sso_db_sso_login_users . "_username"))));
}
}
}
$sso_settings["sso_login"]["installed"] = true;
$sso_settings["sso_login"]["enabled"] = true;
$sso_settings["sso_login"]["install_type"] = $_REQUEST["type"];
if (!SSO_SaveSettings()) {
BB_SetPageMessage("error", "Unable to save settings.");
} else {
SSO_ConfigRedirect("config", array(), "success", BB_Translate("Successfully installed the %s provider.", $this->DisplayName()));
}
} catch (Exception $e) {
BB_SetPageMessage("error", "Unable to create the database table '" . htmlspecialchars($sso_db_sso_login_users) . "'. " . $e->getMessage());
}
}
}
$contentopts = array("desc" => BB_Translate("Install the %s provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_login", "action2" => "install"), "fields" => array(array("title" => "Registration Key(s)", "type" => "select", "name" => "type", "options" => array("email_username" => "E-mail Address and Username", "email" => "E-mail Address only", "username" => "Username only"), "select" => BB_GetValue("type", ""), "desc" => "The unique fields to require for a registration system entry. This can't be changed after installing. The default is highly recommended.")), "submit" => "Install", "focus" => true);
BB_GeneratePage(BB_Translate("Install %s", $this->DisplayName()), $sso_menuopts, $contentopts);
} else {
if ($sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "activateuser" && $this->CanActivateUser()) {
if (!isset($_REQUEST["id"])) {
SSO_ConfigRedirect("finduser", array(), "error", "User ID not specified.");
}
$userrow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_login_users, $_REQUEST["id"]);
if (!$userrow) {
SSO_ConfigRedirect("finduser", array(), "error", "User not found.");
}
if (!isset($userrow->email)) {
$userrow->email = "";
}
if (!isset($userrow->username)) {
$userrow->username = "";
}
if (!isset($userrow->verified)) {
$userrow->verified = 1;
}
$userinfo = SSO_DecryptDBData($userrow->info);
// Activate the user.
$mapinfo = array();
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$mapinfo[$sso_settings["sso_login"]["map_email"]] = $userrow->email;
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
$mapinfo[$sso_settings["sso_login"]["map_username"]] = $userrow->username;
}
// Initialize active modules.
$this->activemodules = array();
foreach ($g_sso_login_modules as $key => $info) {
if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
$module = "sso_login_module_" . $key;
$instance = new $module();
$instance->LoginAddMap($mapinfo, $userrow, $userinfo, true);
}
}
SSO_ActivateUser($userrow->id, $userinfo["extra"], $mapinfo, CSDB::ConvertFromDBTime($userrow->created), false, false);
SSO_ConfigRedirect("edituser", array("id" => $userrow->id), "success", "Successfully activated the user.");
} else {
if ($sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "edituser") {
if (!isset($_REQUEST["id"])) {
SSO_ConfigRedirect("finduser", array(), "error", "User ID not specified.");
}
$row = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_login_users, $_REQUEST["id"]);
if (!$row) {
SSO_ConfigRedirect("finduser", array(), "error", "User not found.");
}
if (!isset($row->email)) {
$row->email = "";
}
if (!isset($row->username)) {
$row->username = "";
}
if (!isset($row->verified)) {
$row->verified = 1;
}
$userinfo = SSO_DecryptDBData($row->info);
// Initialize active modules.
$this->activemodules = array();
foreach ($g_sso_login_modules as $key => $info) {
if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
$module = "sso_login_module_" . $key;
$this->activemodules[$key] = new $module();
}
}
if (isset($_REQUEST["reset_password"])) {
$username = $row->username;
$email = $row->email;
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
if ($_REQUEST["username"] == "") {
BB_SetPageMessage("error", "Please specify a username.");
} else {
if ($_REQUEST["username"] != $row->username && $sso_db->GetOne("SELECT", array("COUNT(*)", "FROM" => "?", "WHERE" => "username = ?"), $sso_db_sso_login_users, $_REQUEST["username"])) {
BB_SetPageMessage("error", "Username is already in use.");
} else {
$username = $_REQUEST["username"];
}
}
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
if ($_REQUEST["email"] == "") {
BB_SetPageMessage("error", "Please specify an e-mail address.");
} else {
if ($_REQUEST["email"] != $row->email && $sso_db->GetOne("SELECT", array("COUNT(*)", "FROM" => "?", "WHERE" => "email = ?"), $sso_db_sso_login_users, $_REQUEST["email"])) {
BB_SetPageMessage("error", "E-mail Address is already in use.");
} else {
$email = $_REQUEST["email"];
}
}
}
foreach ($g_sso_login_modules as $key => $info) {
if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
$module = "sso_login_module_" . $key;
$instance = new $module();
$instance->CheckEditUserFields($userinfo);
}
}
if (BB_GetPageMessageType() != "error" && $_REQUEST["reset_password"] > 0) {
if ($_REQUEST["reset_password"] == 1) {
$phrase = "";
for ($x = 0; $x < 4; $x++) {
$phrase .= " " . SSO_GetRandomWord();
}
$phrase = preg_replace('/\\s+/', " ", trim($phrase));
$salt = $sso_rng->GenerateString();
$data = $username . ":" . $email . ":" . $salt . ":" . $phrase;
$passwordinfo = self::HashPasswordInfo($data, $sso_settings["sso_login"]["password_mode"], $sso_settings["sso_login"]["password_minrounds"]);
if (!$passwordinfo["success"]) {
BB_SetPageMessage("error", "Unexpected cryptography error.");
} else {
$userinfo["salt"] = $salt;
$userinfo["rounds"] = (int) $passwordinfo["rounds"];
$userinfo["password"] = bin2hex($passwordinfo["hash"]);
BB_SetPageMessage("info", BB_Translate("Password has been changed to '%s'.", $phrase));
}
} else {
if ($this->IsRecoveryAllowed(false) && $_REQUEST["reset_password"] == 2) {
$userinfo["rounds"] = 0;
$userinfo["password"] = "";
}
}
}
if (BB_GetPageMessageType() != "error") {
try {
$userinfo2 = SSO_EncryptDBData($userinfo);
if ($sso_settings["sso_login"]["install_type"] == "email_username") {
$sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("username" => $_REQUEST["username"], "email" => $_REQUEST["email"], "verified" => (int) $_REQUEST["verified"] > 0 ? 1 : 0, "info" => $userinfo2), "WHERE" => "id = ?"), $row->id);
} else {
if ($sso_settings["sso_login"]["install_type"] == "email") {
$sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("email" => $_REQUEST["email"], "verified" => (int) $_REQUEST["verified"] > 0 ? 1 : 0, "info" => $userinfo2), "WHERE" => "id = ?"), $row->id);
} else {
if ($sso_settings["sso_login"]["install_type"] == "username") {
$sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("username" => $_REQUEST["username"], "info" => $userinfo2), "WHERE" => "id = ?"), $row->id);
}
}
}
if (BB_GetPageMessageType() == "info") {
SSO_ConfigRedirect("edituser", array("id" => $row->id), "info", $_REQUEST["bb_msg"] . " Successfully updated the user.");
} else {
SSO_ConfigRedirect("edituser", array("id" => $row->id), "success", "Successfully updated the user.");
}
} catch (Exception $e) {
BB_SetPageMessage("error", "Database query error.");
}
}
}
$desc = "<br />";
$row2 = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "provider_name = 'sso_login' AND provider_id = ?"), $sso_db_users, $row->id);
if ($row2) {
$desc .= "<a href=\"" . BB_GetRequestURLBase() . "?action=edituser&id=" . $row2->id . "&sec_t=" . BB_CreateSecurityToken("edituser") . "\">Edit SSO Server Info</a>";
} else {
if ($this->CanActivateUser()) {
$desc .= SSO_CreateConfigLink("Activate User", "activateuser", array("id" => $row->id), "Are you sure you want to activate this user?");
}
}
$contentopts = array("desc" => BB_Translate("Edit the %s user.", $this->DisplayName()), "htmldesc" => $desc, "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_login", "action2" => "edituser", "id" => $row->id), "fields" => array(array("title" => "ID", "type" => "static", "value" => $row->id)), "submit" => "Save", "focus" => true);
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
$contentopts["fields"][] = array("title" => "Username", "type" => "text", "name" => "username", "value" => BB_GetValue("username", $row->username));
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$contentopts["fields"][] = array("title" => "E-mail Address", "type" => "text", "name" => "email", "value" => BB_GetValue("email", $row->email));
$contentopts["fields"][] = array("title" => "Verified", "type" => "select", "name" => "verified", "options" => array("1" => "Yes", "0" => "No"), "select" => BB_GetValue("verified", (string) $row->verified));
}
$contentopts["fields"][] = array("title" => "Password Hash Rounds", "type" => "static", "value" => number_Format($userinfo["rounds"], 0));
$options = array("0" => "No", "1" => "Now - Generate a random password");
if ($this->IsRecoveryAllowed(false)) {
$options["2"] = "Next Login - User must use account recovery to set a password";
}
$contentopts["fields"][] = array("title" => "Reset Password?", "type" => "select", "name" => "reset_password", "options" => $options, "select" => BB_GetValue("reset_password", "0"));
foreach ($g_sso_login_modules as $key => $info) {
if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
$module = "sso_login_module_" . $key;
$instance = new $module();
$instance->AddEditUserFields($contentopts, $userinfo);
}
}
BB_GeneratePage(BB_Translate("Edit %s User", $this->DisplayName()), $sso_menuopts, $contentopts);
} else {
if ($sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "createuser" && $this->CanActivateUser()) {
// Initialize active modules.
$this->activemodules = array();
foreach ($g_sso_login_modules as $key => $info) {
if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
$module = "sso_login_module_" . $key;
$this->activemodules[$key] = new $module();
}
}
if (isset($_REQUEST["set_password"])) {
$messages = $this->SignupUpdateCheck(false, false, false, true);
if (count($messages["errors"])) {
BB_SetPageMessage("error", implode(" ", array_merge($messages["errors"], $messages["warnings"])));
} else {
// Create the account.
$username = BB_GetValue("username", "");
$email = BB_GetValue("email", "");
$verified = true;
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$result = SMTP::MakeValidEmailAddress($email);
$email = $result["email"];
}
$userinfo = array();
$phrase = "";
for ($x = 0; $x < 4; $x++) {
$phrase .= " " . SSO_GetRandomWord();
}
$phrase = preg_replace('/\\s+/', " ", trim($phrase));
$salt = $sso_rng->GenerateString();
$data = $username . ":" . $email . ":" . $salt . ":" . $phrase;
$userinfo["extra"] = $sso_rng->GenerateString();
if ($_REQUEST["set_password"] == 1) {
$passwordinfo = self::HashPasswordInfo($data, $sso_settings["sso_login"]["password_mode"], $sso_settings["sso_login"]["password_minrounds"]);
if (!$passwordinfo["success"]) {
BB_SetPageMessage("error", "Unexpected cryptography error.");
} else {
$userinfo["salt"] = $salt;
$userinfo["rounds"] = (int) $passwordinfo["rounds"];
$userinfo["password"] = bin2hex($passwordinfo["hash"]);
BB_SetPageMessage("info", BB_Translate("Initial password has been set to '%s'.", $phrase));
}
} else {
if ($this->IsRecoveryAllowed(false) && $_REQUEST["set_password"] == 2) {
$userinfo["salt"] = "";
$userinfo["rounds"] = 0;
$userinfo["password"] = "";
} else {
BB_SetPageMessage("error", "Invalid Set Password option.");
}
}
$userinfo["two_factor_key"] = $_REQUEST["two_factor_key"];
$userinfo["two_factor_method"] = isset($_REQUEST["two_factor_method"]) ? $_REQUEST["two_factor_method"] : "";
if (BB_GetPageMessageType() != "error") {
foreach ($this->activemodules as &$instance) {
$instance->SignupAddInfo($userinfo, true);
}
$userinfo2 = SSO_EncryptDBData($userinfo);
try {
if ($sso_settings["sso_login"]["install_type"] == "email_username") {
$sso_db->Query("INSERT", array($sso_db_sso_login_users, array("username" => $username, "email" => $email, "verified" => (int) $verified, "created" => CSDB::ConvertToDBTime(time()), "info" => $userinfo2), "AUTO INCREMENT" => "id"));
} else {
if ($sso_settings["sso_login"]["install_type"] == "email") {
$sso_db->Query("INSERT", array($sso_db_sso_login_users, array("email" => $email, "verified" => (int) $verified, "created" => CSDB::ConvertToDBTime(time()), "info" => $userinfo2), "AUTO INCREMENT" => "id"));
} else {
if ($sso_settings["sso_login"]["install_type"] == "username") {
$sso_db->Query("INSERT", array($sso_db_sso_login_users, array("username" => $username, "created" => CSDB::ConvertToDBTime(time()), "info" => $userinfo2), "AUTO INCREMENT" => "id"));
} else {
BB_SetPageMessage("error", "Fatal error: Login system is broken.");
}
}
}
if (BB_GetPageMessageType() != "error") {
$userid = $sso_db->GetInsertID();
$userrow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_login_users, $userid);
}
} catch (Exception $e) {
BB_SetPageMessage("error", "Database query error.");
}
if (BB_GetPageMessageType() != "error") {
foreach ($this->activemodules as &$instance) {
$instance->SignupDone($userid, true);
}
// Activate the user.
if (isset($_REQUEST["activate"]) && $_REQUEST["activate"] == "yes") {
$mapinfo = array();
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$mapinfo[$sso_settings["sso_login"]["map_email"]] = $userrow->email;
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
$mapinfo[$sso_settings["sso_login"]["map_username"]] = $userrow->username;
}
foreach ($this->activemodules as &$instance) {
$instance->LoginAddMap($mapinfo, $userrow, $userinfo, true);
}
SSO_ActivateUser($userrow->id, $userinfo["extra"], $mapinfo, CSDB::ConvertFromDBTime($userrow->created), false, false);
}
if (BB_GetPageMessageType() == "info") {
SSO_ConfigRedirect("edituser", array("id" => $userid), "info", $_REQUEST["bb_msg"] . " Successfully created the user.");
} else {
SSO_ConfigRedirect("edituser", array("id" => $userid), "success", "Successfully created the user.");
}
}
}
}
}
$_REQUEST["two_factor_key"] = BB_GetValue("two_factor_key", self::GenerateOTPKey(10));
$contentopts = array("desc" => BB_Translate("Create a new user in the %s provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_login", "action2" => "createuser", "two_factor_key" => $_REQUEST["two_factor_key"]), "fields" => array(), "submit" => "Create", "focus" => true);
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$contentopts["fields"][] = array("title" => "E-mail Address", "type" => "text", "name" => "email", "value" => BB_GetValue("email", ""), "desc" => "The e-mail address of the new user. Must be valid and not already in use.");
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
$contentopts["fields"][] = array("title" => "Username", "type" => "text", "name" => "username", "value" => BB_GetValue("username", ""), "desc" => "The username of the new user. Must be valid and not already in use.");
}
$options = array("1" => "Now - Generate a random password upon account creation");
if ($this->IsRecoveryAllowed(false)) {
$options["2"] = "Next Login - User must use account recovery to set a password";
}
$contentopts["fields"][] = array("title" => "Set Password", "type" => "select", "name" => "set_password", "options" => $options, "select" => BB_GetValue("set_password", "1"), "desc" => "Sets an account password now or later.");
// Two-factor authentication dropdown.
$fieldmap = array();
$options = array();
foreach ($this->activemodules as $key => &$instance) {
$name = $instance->GetTwoFactorName();
if ($name !== false) {
$options[$key] = $name;
}
}
if (!$sso_settings["sso_login"]["require_two_factor"] && count($options)) {
$options = array_merge(array("" => "None"), $options);
}
if (count($options)) {
$fields = array(array("title" => "Two-Factor Authentication Method", "type" => "select", "name" => "two_factor_method", "options" => $options, "select" => BB_GetValue("two_factor_method", ""), "desc" => "Sets the two-factor authentication method."));
$order = $sso_settings["sso_login"]["two_factor_order"];
SSO_AddSortedOutput($fieldmap, $order, "two_factor", $fields);
}
// Other fields.
foreach ($g_sso_login_modules as $key => $info) {
if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
$module = "sso_login_module_" . $key;
$instance = new $module();
$fields = $instance->GenerateSignup(true);
if (isset($fields) && is_array($fields)) {
$order = isset($sso_settings["sso_login"]["modules"][$key]["_s"]) ? $sso_settings["sso_login"]["modules"][$key]["_s"] : $instance->DefaultOrder();
SSO_AddSortedOutput($fieldmap, $order, $key, $fields);
}
}
}
ksort($fieldmap);
foreach ($fieldmap as $fields) {
foreach ($fields as $fields2) {
$contentopts["fields"] = array_merge($contentopts["fields"], $fields2);
}
}
$contentopts["fields"][] = array("title" => "Activate User", "type" => "checkbox", "name" => "activate", "value" => "yes", "check" => BB_GetValue("activate", "yes"), "display" => "Activate the user upon successful account creation");
BB_GeneratePage("Create User", $sso_menuopts, $contentopts);
} else {
if ($sso_site_admin && $sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "module" && isset($_REQUEST["module"]) && isset($sso_settings["sso_login"]["modules"][$_REQUEST["module"]]) && $sso_settings["sso_login"]["modules"][$_REQUEST["module"]]["_a"]) {
$module = "sso_login_module_" . $_REQUEST["module"];
$instance = new $module();
$instance->CustomConfig();
}
}
}
}
}
}
}
}
}
function BB_GeneratePage($title, $menuopts, $contentopts)
{
global $bb_rootname, $bb_page_layout, $bb_menu_layout, $bb_menu_item_layout, $bb_message_layout;
if (!isset($contentopts["title"])) {
$contentopts["title"] = $title;
}
if (isset($contentopts["hidden"]) && !isset($contentopts["hidden"]["bb_back"])) {
$contentopts["hidden"]["bb_back"] = isset($_POST["bb_back"]) ? $_POST["bb_back"] : BB_GetBackQueryString();
}
header("Content-Type: text/html; charset=UTF-8");
BB_InitLayouts();
// Process the header.
if (defined("BB_ROOT_URL")) {
$rooturl = BB_ROOT_URL;
} else {
if (defined("ROOT_URL")) {
$rooturl = ROOT_URL;
} else {
$rooturl = BB_GetRequestURLBase();
if (substr($rooturl, -1) != "/") {
$rooturl = dirname($rooturl);
}
if (substr($rooturl, -1) == "/") {
$rooturl = substr($rooturl, 0, -1);
}
}
}
if (defined("BB_SUPPORT_PATH")) {
$supportpath = BB_SUPPORT_PATH;
} else {
if (defined("SUPPORT_PATH")) {
$supportpath = SUPPORT_PATH;
} else {
$supportpath = "support";
}
}
$data = str_replace("@ROOTURL@", htmlspecialchars($rooturl), $bb_page_layout);
$data = str_replace("@SUPPORTPATH@", htmlspecialchars($supportpath), $data);
// Process the title and message.
$data = str_replace("@TITLE@", htmlspecialchars(BB_Translate(($bb_rootname != "" ? $bb_rootname . " | " : "") . $title)), $data);
$data = str_replace("@ROOTNAME@", htmlspecialchars(BB_Translate($bb_rootname)), $data);
if (!isset($_REQUEST["bb_msg"])) {
$data = str_replace("@MESSAGE@", "", $data);
} else {
if (!isset($_REQUEST["bb_msgtype"]) || $_REQUEST["bb_msgtype"] != "error" && $_REQUEST["bb_msgtype"] != "success") {
$_REQUEST["bb_msgtype"] = "info";
}
$data2 = str_replace("@MSGTYPE@", htmlspecialchars($_REQUEST["bb_msgtype"]), $bb_message_layout);
$data2 = str_replace("@MESSAGE@", htmlspecialchars(BB_Translate($_REQUEST["bb_msg"])), $data2);
$data = str_replace("@MESSAGE@", $data2, $data);
}
// Process the menu.
$data2 = "";
foreach ($menuopts as $title => $items) {
$data3 = "";
foreach ($items as $name => $opts) {
if (!is_array($opts)) {
$opts = array("href" => $opts);
}
$data5 = array();
foreach ($opts as $name2 => $val) {
$data5[] = htmlspecialchars($name2) . "=\"" . htmlspecialchars($val) . "\"";
}
$data4 = str_replace("@OPTS@", implode(" ", $data5), $bb_menu_item_layout);
$data3 .= str_replace("@NAME@", htmlspecialchars(BB_Translate($name)), $data4);
}
$data3 = str_replace("@ITEMS@", $data3, $bb_menu_layout);
$data2 .= str_replace("@TITLE@", htmlspecialchars(BB_Translate($title)), $data3);
}
$data = str_replace("@MENU@", $data2, $data);
// Process and display the content.
$pos = strpos($data, "@CONTENT@");
echo substr($data, 0, $pos);
BB_PropertyForm($contentopts);
echo substr($data, $pos + 9);
}
public function Generate($options, $errors = array(), $lastform = true)
{
$formvars = $this->InitFormVars($options);
$this->OutputFormCSS();
?>
<div class="bb_formwrap">
<div class="bb_formwrapinner">
<?php
if (isset($options["submit"]) || isset($options["useform"]) && $options["useform"]) {
$this->numforms++;
?>
<form id="form_<?php
echo $this->numforms;
?>
" method="post" enctype="multipart/form-data" action="<?php
echo htmlspecialchars(BB_GetRequestURLBase());
?>
">
<?php
$extra = array();
if (isset($options["hidden"])) {
foreach ($options["hidden"] as $name => $value) {
?>
<input type="hidden" name="<?php
echo htmlspecialchars($name);
?>
" value="<?php
echo htmlspecialchars($value);
?>
" />
<?php
if (isset($options["nonce"]) && $options["nonce"] != $name) {
$extra[$name] = $value;
}
}
if ($options["nonce"]) {
?>
<input type="hidden" name="sec_extra" value="<?php
echo htmlspecialchars(implode(",", array_keys($extra)));
?>
" />
<input type="hidden" name="sec_t" value="<?php
echo htmlspecialchars($this->CreateSecurityToken($options["hidden"][$options["nonce"]], $extra));
?>
" />
<?php
}
}
unset($extra);
}
if (isset($options["fields"])) {
?>
<div class="formfields<?php
if (count($options["fields"]) == 1 && !isset($options["fields"][0]["title"]) && !isset($options["fields"][0]["htmltitle"])) {
echo " alt";
}
?>
">
<?php
foreach ($options["fields"] as $num => $field) {
$id = "f" . $this->numforms . "_" . $num;
if (!is_string($field) && isset($field["name"])) {
if (isset($errors[$field["name"]])) {
$field["error"] = $errors[$field["name"]];
}
if (isset($options["randomnames"]) && $options["randomnames"]) {
$field["origname"] = $field["name"];
$field["name"] = $this->GetRandomizedFieldName($field["name"]);
}
$id .= "_" . $field["name"];
if (isset($options["randomnames"]) && $options["randomnames"] && isset($options["focus"]) && is_string($options["focus"]) && $options["focus"] == $field["origname"]) {
$options["focus"] = $id;
}
}
$this->ProcessField($formvars, $field, $id);
}
$this->CleanupFields($formvars);
?>
</div>
<?php
}
if (isset($options["submit"])) {
$this->ProcessSubmit($formvars, $options);
}
if (isset($options["submit"]) || isset($options["useform"]) && $options["useform"]) {
?>
</form>
<?php
}
?>
</div>
</div>
<?php
if ($lastform) {
$this->Finalize($formvars);
}
if (isset($options["focus"]) && (is_string($options["focus"]) || $options["focus"] === true && $formvars["autofocus"] !== false)) {
?>
<script type="text/javascript">
jQuery('#<?php
echo BB_JSSafe(is_string($options["focus"]) ? $options["focus"] : $formvars["autofocus"]);
?>
').focus();
</script>
<?php
}
}
public function Config()
{
global $sso_rng, $sso_db, $sso_db_apikeys, $sso_site_admin, $sso_settings, $sso_menuopts, $sso_select_fields;
$sso_db_sso_remote = SSO_DB_PREFIX . "p_sso_remote";
$sso_db_sso_remote_users = SSO_DB_PREFIX . "p_sso_remote_users";
if ($sso_site_admin && $sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "editremote") {
$row = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_remote, $_REQUEST["id"]);
if ($row) {
$info = unserialize($row->info);
if (isset($_REQUEST["name"])) {
if (strlen($_REQUEST["name"]) > 75) {
BB_SetPageMessage("error", "'Name' can only be 75 characters long.");
}
if ($_REQUEST["name"] != $row->name && $sso_db->GetOne("SELECT", array("COUNT(*)", "FROM" => "?", "WHERE" => "name = ?"), $sso_db_sso_remote, $_REQUEST["name"])) {
BB_SetPageMessage("error", "The specified remote 'Name' already exists.");
}
$apirow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_apikeys, $_REQUEST["apikey_id"]);
if ($apirow === false) {
BB_SetPageMessage("error", "The specified 'API Key ID' is not valid.");
} else {
$apiinfo = unserialize($apirow->info);
if (!isset($apiinfo["type"])) {
$apiinfo["type"] = "normal";
}
if ($apiinfo["type"] != "remote") {
BB_SetPageMessage("error", "The specified 'API Key ID' is not a remote API key.");
}
}
$info["iprestrict"] = SSO_ProcessIPFields();
if (BB_GetPageMessageType() != "error") {
try {
$info["icon"] = $_REQUEST["icon"];
$info["notes"] = $_REQUEST["notes"];
$info["automate"] = $_REQUEST["automate"] > 0;
$sso_db->Query("UPDATE", array($sso_db_sso_remote, array("name" => $_REQUEST["name"], "apikey_id" => $_REQUEST["apikey_id"], "info" => serialize($info)), "WHERE" => "id = ?"), $row->id);
SSO_ConfigRedirect("editremote", array("id" => $row->id), "success", BB_Translate("Successfully updated the remote."));
} catch (Exception $e) {
BB_SetPageMessage("error", "Unable to update the remote. " . $e->getMessage());
}
}
}
$contentopts = array("desc" => BB_Translate("Edit the remote."), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_remote", "action2" => "editremote", "id" => $row->id), "fields" => array(array("title" => "Remote Key", "type" => "static", "value" => $row->remotekey . "-" . $row->id), array("title" => "Name", "type" => "text", "name" => "name", "value" => BB_GetValue("name", $row->name), "desc" => "The name of this remote. Usually the name of the business or a business unit that will use this remote to sign in (e.g. Intel). Must be unique."), array("title" => "API Key ID", "type" => "text", "name" => "apikey_id", "value" => BB_GetValue("apikey_id", $row->apikey_id), "desc" => "A valid remote API key ID."), array("title" => "Icon URL", "type" => "text", "name" => "icon", "value" => BB_GetValue("icon", $info["icon"]), "desc" => "An optional URL to a 48x48 pixel icon. The URL should start with 'https://'."), array("title" => "Notes", "type" => "textarea", "name" => "notes", "value" => BB_GetValue("notes", $info["notes"]), "desc" => "Optional extra information about this remote such as contract details."), array("title" => "Automate Validation Phase?", "type" => "select", "name" => "automate", "options" => array("No", "Yes"), "select" => BB_GetValue("automate", (string) (int) $info["automate"]), "desc" => "Whether or not to attempt to automate the validation phase after authenticating the user.")), "submit" => "Save", "focus" => true);
SSO_AppendIPFields($contentopts, $info["iprestrict"]);
BB_GeneratePage("Edit Remote", $sso_menuopts, $contentopts);
}
} else {
if ($sso_site_admin && $sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "addremote") {
if (isset($_REQUEST["name"])) {
if ($_REQUEST["name"] == "") {
BB_SetPageMessage("error", "Please fill in 'Name'.");
}
if (strlen($_REQUEST["name"]) > 75) {
BB_SetPageMessage("error", "'Name' can only be 75 characters long.");
}
if ($sso_db->GetOne("SELECT", array("COUNT(*)", "FROM" => "?", "WHERE" => "name = ?"), $sso_db_sso_remote, $_REQUEST["name"])) {
BB_SetPageMessage("error", "The specified remote 'Name' already exists.");
}
$apirow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_apikeys, $_REQUEST["apikey_id"]);
if ($apirow === false) {
BB_SetPageMessage("error", "The specified 'API Key ID' is not valid.");
} else {
$apiinfo = unserialize($apirow->info);
if (!isset($apiinfo["type"])) {
$apiinfo["type"] = "normal";
}
if ($apiinfo["type"] != "remote") {
BB_SetPageMessage("error", "The specified 'API Key ID' is not a remote API key.");
}
}
if (BB_GetPageMessageType() != "error") {
try {
$remotekey = $sso_rng->GenerateString();
$info = array("icon" => "", "notes" => "", "iprestrict" => SSO_InitIPFields(), "automate" => false);
$sso_db->Query("INSERT", array($sso_db_sso_remote, array("name" => $_REQUEST["name"], "remotekey" => $remotekey, "apikey_id" => $_REQUEST["apikey_id"], "created" => CSDB::ConvertToDBTime(time()), "info" => serialize($info)), "AUTO INCREMENT" => "id"));
$id = $sso_db->GetInsertID();
SSO_ConfigRedirect("editremote", array("id" => $id), "success", BB_Translate("Successfully created the remote."));
} catch (Exception $e) {
BB_SetPageMessage("error", "Unable to create the remote. " . $e->getMessage());
}
}
}
$contentopts = array("desc" => BB_Translate("Add a remote."), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_remote", "action2" => "addremote"), "fields" => array(array("title" => "Name", "type" => "text", "name" => "name", "value" => BB_GetValue("name", ""), "desc" => "The name of this remote. Usually the name of the business or a business unit that will use this remote to sign in (e.g. Intel). Must be unique."), array("title" => "API Key ID", "type" => "text", "name" => "apikey_id", "value" => BB_GetValue("apikey_id", ""), "desc" => "A valid remote API key ID.")), "submit" => "Create", "focus" => true);
BB_GeneratePage("Add Remote", $sso_menuopts, $contentopts);
} else {
if ($sso_site_admin && $sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "manageremotes") {
$desc = "<br />";
$desc .= SSO_CreateConfigLink("Add Remote", "addremote");
$rows = array();
$result = $sso_db->Query("SELECT", array("r.id, r.name, r.apikey_id, a.id AS a_id", "FROM" => "? AS r LEFT OUTER JOIN ? AS a ON (r.apikey_id = a.id)"), $sso_db_sso_remote, $sso_db_apikeys);
while ($row = $result->NextRow()) {
$rows[] = array($row->id, htmlspecialchars($row->name), $row->a_id > 0 ? "<a href=\"" . BB_GetRequestURLBase() . "?action=editapikey&id=" . $row->apikey_id . "&sec_t=" . BB_CreateSecurityToken("editapikey") . "\">" . $row->apikey_id . "</a>" : BB_Translate("<i>Invalid</i>"), SSO_CreateConfigLink("Edit", "editremote", array("id" => $row->id)) . " | " . SSO_CreateConfigLink("Delete", "deleteremote", array("id" => $row->id), "Are you sure you want to delete this remote?"));
}
$contentopts = array("desc" => BB_Translate("Manage the remotes."), "htmldesc" => $desc, "fields" => array(array("type" => "table", "cols" => array("ID", "Name", "API Key", "Options"), "rows" => $rows)));
BB_GeneratePage("Manage Remotes", $sso_menuopts, $contentopts);
} else {
if ($sso_site_admin && $sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "config") {
if (isset($_REQUEST["configsave"])) {
$sso_settings["sso_remote"]["iprestrict"] = SSO_ProcessIPFields();
if (BB_GetPageMessageType() != "error") {
$sso_settings["sso_remote"]["map_remote_id"] = SSO_IsField($_REQUEST["map_remote_id"]) ? $_REQUEST["map_remote_id"] : "";
if (!SSO_SaveSettings()) {
BB_SetPageMessage("error", "Unable to save settings.");
} else {
if (BB_GetPageMessageType() == "info") {
SSO_ConfigRedirect("config", array(), "info", $_REQUEST["bb_msg"] . " " . BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName()));
} else {
SSO_ConfigRedirect("config", array(), "success", BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName()));
}
}
}
}
$contentopts = array("desc" => BB_Translate("Configure the %s provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_remote", "action2" => "config", "configsave" => "1"), "fields" => array(array("title" => "Map Remote ID", "type" => "select", "name" => "map_remote_id", "options" => $sso_select_fields, "select" => BB_GetValue("map_remote_id", (string) $sso_settings["sso_remote"]["map_remote_id"]), "desc" => "The field in the SSO system to map the remote ID to. This allows applications to identify an organization and sign all users at that organization into a single instance.")), "submit" => "Save", "focus" => true);
SSO_AppendIPFields($contentopts, $sso_settings["sso_remote"]["iprestrict"]);
BB_GeneratePage(BB_Translate("Configure %s", $this->DisplayName()), $sso_menuopts, $contentopts);
} else {
if ($sso_site_admin && $sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "disable") {
$sso_settings["sso_remote"]["enabled"] = false;
if (!SSO_SaveSettings()) {
BB_RedirectPage("error", "Unable to save settings.");
} else {
BB_RedirectPage("success", BB_Translate("Successfully disabled the %s provider.", $this->DisplayName()));
}
} else {
if ($sso_site_admin && !$sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "enable") {
$sso_settings["sso_remote"]["enabled"] = true;
if (!SSO_SaveSettings()) {
BB_RedirectPage("error", "Unable to save settings.");
} else {
BB_RedirectPage("success", BB_Translate("Successfully enabled the %s provider.", $this->DisplayName()));
}
} else {
if ($sso_site_admin && !$sso_settings["sso_remote"]["installed"] && $_REQUEST["action2"] == "install") {
if (isset($_REQUEST["install"])) {
if ($sso_db->TableExists($sso_db_sso_remote)) {
BB_SetPageMessage("error", "The database table '" . $sso_db_sso_remote . "' already exists.");
}
if ($sso_db->TableExists($sso_db_sso_remote_users)) {
BB_SetPageMessage("error", "The database table '" . $sso_db_sso_remote_users . "' already exists.");
}
if (BB_GetPageMessageType() != "error") {
try {
$sso_db->Query("CREATE TABLE", array($sso_db_sso_remote, array("id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true, "PRIMARY KEY" => true, "AUTO INCREMENT" => true), "name" => array("STRING", 1, 75, "NOT NULL" => true), "remotekey" => array("STRING", 1, 64, "NOT NULL" => true), "apikey_id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true), "created" => array("DATETIME", "NOT NULL" => true), "info" => array("STRING", 3, "NOT NULL" => true)), array(array("UNIQUE", array("name"), "NAME" => $sso_db_sso_remote . "_name"), array("KEY", array("apikey_id"), "NAME" => $sso_db_sso_remote . "_apikey_id"))));
} catch (Exception $e) {
BB_SetPageMessage("error", "Unable to create the database table '" . htmlspecialchars($sso_db_sso_remote) . "'. " . $e->getMessage());
}
if (BB_GetPageMessageType() != "error") {
try {
$sso_db->Query("CREATE TABLE", array($sso_db_sso_remote_users, array("id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true, "PRIMARY KEY" => true, "AUTO INCREMENT" => true), "remote_id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true), "user_id" => array("STRING", 1, 255, "NOT NULL" => true), "created" => array("DATETIME", "NOT NULL" => true)), array(array("UNIQUE", array("remote_id", "user_id"), "NAME" => $sso_db_sso_remote_users . "_remote_user_id"))));
$sso_settings["sso_remote"]["installed"] = true;
$sso_settings["sso_remote"]["enabled"] = true;
if (!SSO_SaveSettings()) {
BB_SetPageMessage("error", "Unable to save settings.");
} else {
SSO_ConfigRedirect("manageremotes", array(), "success", BB_Translate("Successfully installed the %s provider.", $this->DisplayName()));
}
} catch (Exception $e) {
BB_SetPageMessage("error", "Unable to create the database table '" . htmlspecialchars($sso_db_sso_remote_users) . "'. " . $e->getMessage());
}
}
}
}
$contentopts = array("desc" => BB_Translate("Install the %s provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_remote", "action2" => "install", "install" => "1"), "fields" => array(), "submit" => "Install", "focus" => true);
BB_GeneratePage(BB_Translate("Install %s", $this->DisplayName()), $sso_menuopts, $contentopts);
}
}
}
}
}
}
}
}
?>
</div>
<script type="text/javascript">
LoadProperties(<?php
echo BB_CreatePropertiesJS("bb_main_edit_site_opt_view_translation_notifications");
?>
);
</script>
<?php
BB_RunPluginAction("post_bb_main_edit_site_opt_delete_translation_notification");
} else {
if ($_REQUEST["bb_action"] == "bb_main_edit_site_opt_view_translation_notifications") {
BB_RunPluginAction("pre_bb_main_edit_site_opt_view_translation_notifications");
require_once "translate.php";
$rows = array();
$urlbase = BB_GetRequestURLBase();
foreach ($bb_translate_notify as $num => $entry) {
if (!file_exists($entry[2] . "/" . $entry[3] . "_" . $entry[5] . "_page.php")) {
unset($bb_translate_notify[$num]);
} else {
$rows[] = array(BB_FormatTimestamp($entry[1]), "<a href=\"" . $urlbase . "?bb_action=bb_main_edit&lang=" . urlencode($entry[4]) . "¬ify=" . $num . "\" target=\"_blank\">" . htmlspecialchars(BB_Translate(BB_GetIANADesc($entry[4], true, true))) . "</a>", "<a href=\"" . $urlbase . "?bb_action=bb_main_edit&lang=" . urlencode($entry[5]) . "¬ify=" . $num . "\" target=\"_blank\">" . htmlspecialchars(BB_Translate(BB_GetIANADesc($entry[5], true, true))) . "</a>", htmlspecialchars($entry[6]), BB_CreatePropertiesLink(BB_Translate("Delete"), "bb_main_edit_site_opt_delete_translation_notification", array("notify" => $num)));
}
}
BB_RunPluginAction("bb_main_edit_site_opt_view_translation_notifications_active");
BB_SaveTranslationNotifications();
if (!count($rows)) {
BB_PropertyFormLoadError("No notifications found.");
}
$options = array("title" => "View Notifications", "desc" => "View and manage translation notifications.", "fields" => array(array("type" => "table", "cols" => array("Timestamp", "Source", "Target", "Reason", "Options"), "rows" => $rows)));
BB_RunPluginAction("bb_main_edit_site_opt_view_translation_notifications_options");
BB_PropertyForm($options);
function SSO_CreateConfigURL($action2, $extra = array())
{
global $sso_provider;
$extra["provider"] = $sso_provider;
if ($action2 != "") {
$extra["action2"] = $action2;
}
$extra2 = "";
foreach ($extra as $key => $val) {
$extra2 .= "&" . urlencode($key) . "=" . urlencode($val);
}
return BB_GetRequestURLBase() . "?action=config" . $extra2 . "&sec_t=" . BB_CreateSecurityToken("config", array_values($extra)) . "&sec_extra=" . implode(",", array_keys($extra));
}
function BB_PreMainJS()
{
global $bb_pref_lang, $bb_revision_num, $bb_paths;
?>
<script type="text/javascript">
var Gx__RootURL = '<?php
echo BB_JSSafe(isset($bb_paths) ? $bb_paths["ROOT_URL"] : ROOT_URL);
?>
';
var Gx__SupportDebug = <?php
echo defined("DEBUG_JS") ? "true" : "false";
?>
;
var Gx__SupportPath = '<?php
echo BB_JSSafe(isset($bb_paths) ? $bb_paths["SUPPORT_PATH"] : SUPPORT_PATH);
?>
';
var Gx__URLBase = '<?php
echo BB_JSSafe(BB_GetRequestURLBase());
?>
';
var Gx__PrefLang = '<?php
echo BB_JSSafe($bb_pref_lang);
?>
';
var Gx__FullRootURL = '<?php
echo BB_JSSafe(BB_GetFullRootURLBase());
?>
';
var Gx__FullRootURLHTTP = '<?php
echo BB_JSSafe(BB_GetFullRootURLBase("http"));
?>
';
var Gx__FullRootURLHTTPS = '<?php
echo BB_JSSafe(BB_GetFullRootURLBase("https"));
?>
';
var Gx__FullURLBase = '<?php
echo BB_JSSafe(BB_GetFullRequestURLBase());
?>
';
var Gx__FullURLBaseHTTP = '<?php
echo BB_JSSafe(BB_GetFullRequestURLBase("http"));
?>
';
var Gx__FullURLBaseHTTPS = '<?php
echo BB_JSSafe(BB_GetFullRequestURLBase("https"));
?>
';
<?php
if (isset($bb_revision_num)) {
echo "var Gx__RevisionNum = " . $bb_revision_num . ";\n";
}
?>
var Gx__MaxSendSize = <?php
echo min(BB_PHPShorthandToBytes(ini_get("post_max_size")), BB_PHPShorthandToBytes(ini_get("upload_max_filesize")));
?>
;
<?php
BB_RunPluginAction("bb_premainjs");
?>
</script>
<?php
}
