public function ConfigSave() { global $sso_settings; $info = $this->GetInfo(); $info["publickey"] = trim($_REQUEST["sso_recaptcha_publickey"]); $info["privatekey"] = trim($_REQUEST["sso_recaptcha_privatekey"]); $info["register"] = $_REQUEST["sso_recaptcha_register"] > 0; $info["theme2"] = $_REQUEST["sso_recaptcha_theme"] === "dark" ? "dark" : "light"; $info["login_interval"] = (int) $_REQUEST["sso_recaptcha_login_interval"]; $info["login_attempts"] = (int) $_REQUEST["sso_recaptcha_login_attempts"]; $info["remember"] = $_REQUEST["sso_recaptcha_remember"] > 0; if ($info["publickey"] == "") { BB_SetPageMessage("info", "The 'reCAPTCHA Public/Site Key' field is empty."); } else { if ($info["privatekey"] == "") { BB_SetPageMessage("info", "The 'reCAPTCHA Private/Secret Key' field is empty."); } } if ($info["login_interval"] < 1) { BB_SetPageMessage("error", "The 'reCAPTCHA Login/Recovery Attempts Interval' field contains an invalid value."); } else { if ($info["login_attempts"] < 1) { BB_SetPageMessage("error", "The 'reCAPTCHA Login/Recovery Attempts Per Interval' field contains an invalid value."); } } $sso_settings["sso_login"]["modules"]["sso_recaptcha"] = $info; }
public function CheckEditUserFields(&$userinfo) { $data = @json_decode(@file_get_contents(SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/sms_mms_gateways.txt")); if (is_object($data)) { if ($_REQUEST["sso_sms_recovery_phone"] != "" || $_REQUEST["sso_sms_recovery_carrier"] != "") { if ($_REQUEST["sso_sms_recovery_phone"] == "") { if ($_REQUEST["sso_sms_recovery_carrier"] != "") { BB_SetPageMessage("error", "Please specify a SMS recovery phone number."); } } else { if ($_REQUEST["sso_sms_recovery_carrier"] == "") { BB_SetPageMessage("error", "Please specify a SMS recovery carrier."); } else { $info = explode("-", $_REQUEST["sso_sms_recovery_carrier"]); if (count($info) != 2) { BB_SetPageMessage("error", "Please specify a SMS recovery carrier."); } else { $country = $info[0]; $carrier = $info[1]; if (!isset($data->sms_carriers->{$country}) || !isset($data->sms_carriers->{$country}->{$carrier})) { BB_SetPageMessage("error", "Please specify a SMS recovery carrier."); } else { $userinfo["sso_sms_recovery"] = array("phone" => $_REQUEST["sso_sms_recovery_phone"], "carrier" => $_REQUEST["sso_sms_recovery_carrier"]); } } } } } } }
public function Config() { global $sso_site_admin, $sso_settings, $sso_menuopts, $sso_select_fields, $sso_provider; if ($sso_site_admin && $sso_settings["sso_google"]["enabled"] && $_REQUEST["action2"] == "config") { if (isset($_REQUEST["configsave"])) { $_REQUEST["client_id"] = trim($_REQUEST["client_id"]); $_REQUEST["client_secret"] = trim($_REQUEST["client_secret"]); if ($_REQUEST["client_id"] == "") { BB_SetPageMessage("info", "The 'Google API Client ID' field is empty."); } else { if ($_REQUEST["client_secret"] == "") { BB_SetPageMessage("info", "The 'Google API Client Secret' field is empty."); } } $sso_settings["sso_google"]["iprestrict"] = SSO_ProcessIPFields(); if (BB_GetPageMessageType() != "error") { $sso_settings["sso_google"]["client_id"] = $_REQUEST["client_id"]; $sso_settings["sso_google"]["client_secret"] = $_REQUEST["client_secret"]; foreach (self::$fieldmap as $key => $info) { $sso_settings["sso_google"]["map_" . $key] = SSO_IsField($_REQUEST["map_" . $key]) ? $_REQUEST["map_" . $key] : ""; } $sso_settings["sso_google"]["email_bad_domains"] = $_REQUEST["email_bad_domains"]; if (!SSO_SaveSettings()) { BB_SetPageMessage("error", "Unable to save settings."); } else { if (BB_GetPageMessageType() == "info") { SSO_ConfigRedirect("config", array(), "info", $_REQUEST["bb_msg"] . " " . BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName())); } else { SSO_ConfigRedirect("config", array(), "success", BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName())); } } } } $contentopts = array("desc" => BB_Translate("Configure the %s provider. Mapping additional fields that require extra permissions will significantly reduce the likelihood the user will sign in.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_google", "action2" => "config", "configsave" => "1"), "fields" => array(array("title" => "Google API Redirect URI", "type" => "static", "value" => BB_GetRequestHost() . SSO_ROOT_URL . "/index.php?sso_provider=" . urlencode($sso_provider) . "&sso_google_action=signin", "htmldesc" => "<br />When you <a href=\"https://code.google.com/apis/console/\" target=\"_blank\">create a Google APIs Project OAuth 2.0 token</a>, use the above URL for the 'Authorized Redirect URI' under the advanced settings. OAuth 2.0 access can be set up under the 'API Access' tab of a Google APIs Project. This provider will not work without a correct Redirect URI."), array("title" => "Google API Client ID", "type" => "text", "name" => "client_id", "value" => BB_GetValue("client_id", $sso_settings["sso_google"]["client_id"]), "htmldesc" => "You get a Google API Client ID when you <a href=\"https://code.google.com/apis/console/\" target=\"_blank\">create a Google APIs Project OAuth 2.0 token</a>. OAuth 2.0 access can be set up under the 'API Access' tab of a Google APIs Project. This provider will not work without a Client ID."), array("title" => "Google API Client Secret", "type" => "text", "name" => "client_secret", "value" => BB_GetValue("client_secret", $sso_settings["sso_google"]["client_secret"]), "htmldesc" => "You get a Google API Client Secret when you <a href=\"https://code.google.com/apis/console/\" target=\"_blank\">create a Google APIs Project OAuth 2.0 token</a>. OAuth 2.0 access can be set up under the 'API Access' tab of a Google APIs Project. This provider will not work without a Client Secret.")), "submit" => "Save", "focus" => true); foreach (self::$fieldmap as $key => $info) { $contentopts["fields"][] = array("title" => BB_Translate("Map %s", $info["title"]), "type" => "select", "name" => "map_" . $key, "options" => $sso_select_fields, "select" => BB_GetValue("map_" . $key, (string) $sso_settings["sso_google"]["map_" . $key]), "desc" => $info["extra"] == "" ? BB_Translate("The field in the SSO system to map the %s to.%s", BB_Translate($info["desc"]), isset($info["notes"]) ? " " . BB_Translate($info["notes"]) : "") : BB_Translate("The field in the SSO system to map the %s to. Mapping this field will request the '%s' permission from the user.%s", BB_Translate($info["desc"]), $info["extra"], isset($info["notes"]) ? " " . BB_Translate($info["notes"]) : "")); } $contentopts["fields"][] = array("title" => "E-mail Domain Blacklist", "type" => "textarea", "height" => "300px", "name" => "email_bad_domains", "value" => BB_GetValue("email_bad_domains", $sso_settings["sso_google"]["email_bad_domains"]), "desc" => "A blacklist of e-mail address domains that are not allowed to create accounts. One per line. E-mail Address must be mapped."); SSO_AppendIPFields($contentopts, $sso_settings["sso_google"]["iprestrict"]); BB_GeneratePage(BB_Translate("Configure %s", $this->DisplayName()), $sso_menuopts, $contentopts); } else { if ($sso_site_admin && $sso_settings["sso_google"]["enabled"] && $_REQUEST["action2"] == "disable") { $sso_settings["sso_google"]["enabled"] = false; if (!SSO_SaveSettings()) { BB_RedirectPage("error", "Unable to save settings."); } else { BB_RedirectPage("success", BB_Translate("Successfully disabled the %s provider.", $this->DisplayName())); } } else { if ($sso_site_admin && !$sso_settings["sso_google"]["enabled"] && $_REQUEST["action2"] == "enable") { $sso_settings["sso_google"]["enabled"] = true; if (!SSO_SaveSettings()) { BB_RedirectPage("error", "Unable to save settings."); } else { BB_RedirectPage("success", BB_Translate("Successfully enabled the %s provider.", $this->DisplayName())); } } } } }
public function CheckEditUserFields(&$userinfo) { if ($_REQUEST["sso_antiphish"] == "") { BB_SetPageMessage("error", "Please specify an Anti-Phishing Phrase."); } else { $userinfo["sso_antiphish"] = $_REQUEST["sso_antiphish"]; } }
public function ConfigSave() { global $sso_settings; $info = $this->GetInfo(); $info["generate_qr_codes"] = $_REQUEST["sso_google_authenticator_generate_qr_codes"] > 0; $info["clock_drift"] = (int) $_REQUEST["sso_google_authenticator_clock_drift"]; if ($info["clock_drift"] < 0 || $info["clock_drift"] > 30) { BB_SetPageMessage("error", "The Google Authenticator 'Clock Drift' field contains an invalid value."); } $sso_settings["sso_login"]["modules"]["sso_google_authenticator"] = $info; }
public function ConfigSave() { global $sso_settings; $info = $this->GetInfo(); $info["minbits"] = (int) $_REQUEST["sso_password_minbits"]; $info["analyze"] = $_REQUEST["sso_password_analyze"] > 0; $info["analyze_ajax"] = $_REQUEST["sso_password_analyze_ajax"] > 0; $info["suggest"] = $_REQUEST["sso_password_suggest"] > 0; $info["expire"] = (int) $_REQUEST["sso_password_expire"]; if ($info["minbits"] < 1) { BB_SetPageMessage("error", "The 'Minimum Password Strength' field contains an invalid value."); } else { if ($info["expire"] < 0) { BB_SetPageMessage("error", "The 'Password Expiration' field contains an invalid value."); } } $sso_settings["sso_login"]["modules"]["sso_password"] = $info; }
public function ConfigSave() { global $sso_settings; $info = $this->GetInfo(); $info["system_interval"] = (int) $_REQUEST["sso_ratelimit_system_interval"]; $info["system_requests"] = (int) $_REQUEST["sso_ratelimit_system_requests"]; $info["login_interval"] = (int) $_REQUEST["sso_ratelimit_login_interval"]; $info["login_attempts"] = (int) $_REQUEST["sso_ratelimit_login_attempts"]; $info["two_factor_attempts"] = (int) $_REQUEST["sso_ratelimit_two_factor_attempts"]; $info["register_interval"] = (int) $_REQUEST["sso_ratelimit_register_interval"]; $info["register_num"] = (int) $_REQUEST["sso_ratelimit_register_num"]; if ($info["system_interval"] < 1) { BB_SetPageMessage("error", "The 'Total Requests Interval' field contains an invalid value."); } else { if ($info["system_requests"] < 1) { BB_SetPageMessage("error", "The 'Total Requests Per Interval' field contains an invalid value."); } else { if ($info["login_interval"] < 1) { BB_SetPageMessage("error", "The 'Login/Recovery Attempts Interval' field contains an invalid value."); } else { if ($info["login_attempts"] < 1) { BB_SetPageMessage("error", "The 'Login/Recovery Attempts Per Interval' field contains an invalid value."); } else { if ($info["two_factor_attempts"] < 1) { BB_SetPageMessage("error", "The 'Two-Factor Authentication Per Login Attempt' field contains an invalid value."); } else { if ($info["register_interval"] < 1) { BB_SetPageMessage("error", "The 'Registrations Interval' field contains an invalid value."); } else { if ($info["register_num"] < 1) { BB_SetPageMessage("error", "The 'Registrations Per Interval' field contains an invalid value."); } } } } } } } $sso_settings["sso_login"]["modules"]["sso_ratelimit"] = $info; }
public function ConfigSave() { global $sso_settings; $info = $this->GetInfo(); $info["email_from"] = $_REQUEST["sso_email_two_factor_email_from"]; $info["email_subject"] = trim($_REQUEST["sso_email_two_factor_email_subject"]); $info["email_msg"] = $_REQUEST["sso_email_two_factor_email_msg"]; $info["email_msg_text"] = SMTP::ConvertHTMLToText($_REQUEST["sso_email_two_factor_email_msg"]); $info["window"] = (int) $_REQUEST["sso_email_two_factor_window"]; $info["clock_drift"] = (int) $_REQUEST["sso_email_two_factor_clock_drift"]; if (stripos($info["email_msg"], "@TWOFACTOR@") === false) { BB_SetPageMessage("error", "The E-mail Two-Factor Authentication 'E-mail Message' field does not contain '@TWOFACTOR@'."); } else { if ($info["window"] < 30 || $info["window"] > 300) { BB_SetPageMessage("error", "The E-mail Two-Factor Authentication 'Window Size' field contains an invalid value."); } else { if ($info["clock_drift"] < 0 || $info["clock_drift"] > $info["window"]) { BB_SetPageMessage("error", "The E-mail Two-Factor Authentication 'Window Size' field contains an invalid value."); } } } $sso_settings["sso_login"]["modules"]["sso_email_two_factor"] = $info; }
public function Config() { global $sso_site_admin, $sso_settings, $sso_menuopts, $sso_select_fields; if ($sso_site_admin && $sso_settings["sso_facebook"]["enabled"] && $_REQUEST["action2"] == "config") { if (isset($_REQUEST["configsave"])) { $_REQUEST["app_id"] = trim($_REQUEST["app_id"]); $_REQUEST["app_secret"] = trim($_REQUEST["app_secret"]); if ($_REQUEST["app_id"] == "") { BB_SetPageMessage("info", "The 'Facebook App ID' field is empty."); } else { if ($_REQUEST["app_secret"] == "") { BB_SetPageMessage("info", "The 'Facebook App Secret' field is empty."); } } $sso_settings["sso_facebook"]["iprestrict"] = SSO_ProcessIPFields(); if (BB_GetPageMessageType() != "error") { $sso_settings["sso_facebook"]["app_id"] = $_REQUEST["app_id"]; $sso_settings["sso_facebook"]["app_secret"] = $_REQUEST["app_secret"]; foreach (self::$fieldmap as $key => $info) { $sso_settings["sso_facebook"]["map_" . $key] = SSO_IsField($_REQUEST["map_" . $key]) ? $_REQUEST["map_" . $key] : ""; } $sso_settings["sso_facebook"]["username_blacklist"] = $_REQUEST["username_blacklist"]; $sso_settings["sso_facebook"]["email_bad_domains"] = $_REQUEST["email_bad_domains"]; if (!SSO_SaveSettings()) { BB_SetPageMessage("error", "Unable to save settings."); } else { if (BB_GetPageMessageType() == "info") { SSO_ConfigRedirect("config", array(), "info", $_REQUEST["bb_msg"] . " " . BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName())); } else { SSO_ConfigRedirect("config", array(), "success", BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName())); } } } } $contentopts = array("desc" => BB_Translate("Configure the %s provider. Mapping additional fields that require extra permissions will significantly reduce the likelihood the user will sign in.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_facebook", "action2" => "config", "configsave" => "1"), "fields" => array(array("title" => "Facebook App ID", "type" => "text", "name" => "app_id", "value" => BB_GetValue("app_id", $sso_settings["sso_facebook"]["app_id"]), "htmldesc" => "You get a Facebook App ID when you <a href=\"https://developers.facebook.com/\" target=\"_blank\">register as a Facebook developer</a> and then <a href=\"https://developers.facebook.com/apps\" target=\"_blank\">create a Facebook application</a>. This provider will not work without an App ID."), array("title" => "Facebook App Secret", "type" => "text", "name" => "app_secret", "value" => BB_GetValue("app_secret", $sso_settings["sso_facebook"]["app_secret"]), "htmldesc" => "You get a Facebook App Secret when you <a href=\"https://developers.facebook.com/\" target=\"_blank\">register as a Facebook developer</a> and then <a href=\"https://developers.facebook.com/apps\" target=\"_blank\">create a Facebook application</a>. This provider will not work without an App Secret.")), "submit" => "Save", "focus" => true); foreach (self::$fieldmap as $key => $info) { $contentopts["fields"][] = array("title" => BB_Translate("Map %s", $info["title"]), "type" => "select", "name" => "map_" . $key, "options" => $sso_select_fields, "select" => BB_GetValue("map_" . $key, (string) $sso_settings["sso_facebook"]["map_" . $key]), "desc" => $info["extra"] == "" ? BB_Translate("The field in the SSO system to map the %s to.%s", BB_Translate($info["desc"]), isset($info["notes"]) ? " " . BB_Translate($info["notes"]) : "") : BB_Translate("The field in the SSO system to map the %s to. Mapping this field will request the '%s' permission from the user" . ($info["extra"] != "email" ? " and will require approval from Facebook" : "") . ".%s", BB_Translate($info["desc"]), $info["extra"], isset($info["notes"]) ? " " . BB_Translate($info["notes"]) : "")); } $contentopts["fields"][] = array("title" => "Username Blacklist", "type" => "textarea", "height" => "300px", "name" => "username_blacklist", "value" => BB_GetValue("username_blacklist", $sso_settings["sso_facebook"]["username_blacklist"]), "desc" => "A blacklist of words that a username may not contain. One per line. Username must be mapped."); $contentopts["fields"][] = array("title" => "E-mail Domain Blacklist", "type" => "textarea", "height" => "300px", "name" => "email_bad_domains", "value" => BB_GetValue("email_bad_domains", $sso_settings["sso_facebook"]["email_bad_domains"]), "desc" => "A blacklist of e-mail address domains that are not allowed to create accounts. One per line. E-mail Address must be mapped."); SSO_AppendIPFields($contentopts, $sso_settings["sso_facebook"]["iprestrict"]); BB_GeneratePage(BB_Translate("Configure %s", $this->DisplayName()), $sso_menuopts, $contentopts); } else { if ($sso_site_admin && $sso_settings["sso_facebook"]["enabled"] && $_REQUEST["action2"] == "disable") { $sso_settings["sso_facebook"]["enabled"] = false; if (!SSO_SaveSettings()) { BB_RedirectPage("error", "Unable to save settings."); } else { BB_RedirectPage("success", BB_Translate("Successfully disabled the %s provider.", $this->DisplayName())); } } else { if ($sso_site_admin && !$sso_settings["sso_facebook"]["enabled"] && $_REQUEST["action2"] == "enable") { $sso_settings["sso_facebook"]["enabled"] = true; if (!SSO_SaveSettings()) { BB_RedirectPage("error", "Unable to save settings."); } else { BB_RedirectPage("success", BB_Translate("Successfully enabled the %s provider.", $this->DisplayName())); } } } } }
public function Config() { global $sso_rng, $sso_db, $sso_db_users, $sso_site_admin, $sso_settings, $sso_menuopts, $sso_select_fields, $g_sso_login_modules; $sso_db_sso_login_users = SSO_DB_PREFIX . "p_sso_login_users"; if ($sso_site_admin && $sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "config") { if (isset($_REQUEST["configsave"])) { if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") { $_REQUEST["username_blacklist"] = trim($_REQUEST["username_blacklist"]); $_REQUEST["username_minlen"] = (int) $_REQUEST["username_minlen"]; if ($_REQUEST["username_minlen"] < 1) { BB_SetPageMessage("error", "The 'Minimum Username Length' field contains an invalid value."); } } if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") { $_REQUEST["email_verify_msg"] = trim($_REQUEST["email_verify_msg"]); $_REQUEST["email_recover_msg"] = trim($_REQUEST["email_recover_msg"]); if ($_REQUEST["email_verify_msg"] != "" && stripos($_REQUEST["email_verify_msg"], "@VERIFY@") === false) { BB_SetPageMessage("error", "The 'Verify E-mail Message' field does not contain '@VERIFY@'."); } else { if ($_REQUEST["email_recover_msg"] != "" && stripos($_REQUEST["email_recover_msg"], "@VERIFY@") === false) { BB_SetPageMessage("error", "The 'Recovery E-mail Message' field does not contain '@VERIFY@'."); } } define("CS_TRANSLATE_FUNC", "BB_Translate"); require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/smtp.php"; if ($_REQUEST["email_verify_from"] != "") { $email = SMTP::MakeValidEmailAddress($_REQUEST["email_verify_from"]); if (!$email["success"]) { BB_SetPageMessage("error", BB_Translate("The e-mail address '%s' is invalid. %s", $_REQUEST["email_verify_from"], $email["error"])); } else { if ($email["email"] != trim($_REQUEST["email_verify_from"])) { BB_SetPageMessage("info", BB_Translate("Invalid e-mail address. Perhaps you meant '%s' instead?", $email["email"])); } $_REQUEST["email_verify_from"] = $email["email"]; } } if ($_REQUEST["email_recover_from"] != "") { $email = SMTP::MakeValidEmailAddress($_REQUEST["email_recover_from"]); if (!$email["success"]) { BB_SetPageMessage("error", BB_Translate("The e-mail address '%s' is invalid. %s", $_REQUEST["email_recover_from"], $email["error"])); } else { if ($email["email"] != trim($_REQUEST["email_recover_from"])) { BB_SetPageMessage("info", BB_Translate("Invalid e-mail address. Perhaps you meant '%s' instead?", $email["email"])); } $_REQUEST["email_recover_from"] = $email["email"]; } } } $_REQUEST["two_factor_order"] = (int) $_REQUEST["two_factor_order"]; $_REQUEST["password_minlen"] = (int) $_REQUEST["password_minlen"]; $_REQUEST["password_mintime"] = (int) $_REQUEST["password_mintime"]; if ($_REQUEST["two_factor_order"] < 0) { BB_SetPageMessage("error", "The 'Two-Factor Authentication Display Order' field contains an invalid value."); } else { if ($_REQUEST["password_minlen"] < 0) { BB_SetPageMessage("error", "The 'Minimum Password Length' field contains an invalid value."); } else { if ($_REQUEST["password_mintime"] < 50) { BB_SetPageMessage("error", "The 'Minimum Password Time' field contains an invalid value. Must be at least 50 milliseconds."); } else { if ($_REQUEST["password_mintime"] > 5000) { BB_SetPageMessage("error", "The 'Minimum Password Time' field contains an invalid value. Must be less than 5000 milliseconds (5 seconds)."); } } } } foreach ($g_sso_login_modules as $key => $info) { if ($_REQUEST[$key . "__a"] < 1) { $sso_settings["sso_login"]["modules"][$key]["_a"] = false; } if ($sso_settings["sso_login"]["modules"][$key]["_a"]) { $module = "sso_login_module_" . $key; $instance = new $module(); if ($instance->DefaultOrder() !== false) { if ((int) $_REQUEST[$key . "__s"] < 0) { BB_SetPageMessage("error", BB_Translate("The '%s Module Display Order' field contains an invalid value.", $info["name"])); } else { $sso_settings["sso_login"]["modules"][$key]["_s"] = $_REQUEST[$key . "__s"]; } } $instance->ConfigSave(); } $sso_settings["sso_login"]["modules"][$key]["_a"] = $_REQUEST[$key . "__a"] > 0; } $sso_settings["sso_login"]["iprestrict"] = SSO_ProcessIPFields(); if (BB_GetPageMessageType() != "error") { if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") { $sso_settings["sso_login"]["map_username"] = SSO_IsField($_REQUEST["map_username"]) ? $_REQUEST["map_username"] : ""; $sso_settings["sso_login"]["username_minlen"] = $_REQUEST["username_minlen"]; $sso_settings["sso_login"]["username_blacklist"] = $_REQUEST["username_blacklist"]; $sso_settings["sso_login"]["change_username"] = $_REQUEST["change_username"] > 0; } if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") { $sso_settings["sso_login"]["map_email"] = SSO_IsField($_REQUEST["map_email"]) ? $_REQUEST["map_email"] : ""; $sso_settings["sso_login"]["email_verify_from"] = $_REQUEST["email_verify_from"]; $sso_settings["sso_login"]["email_verify_subject"] = trim($_REQUEST["email_verify_subject"]); $sso_settings["sso_login"]["email_verify_msg"] = $_REQUEST["email_verify_msg"]; $sso_settings["sso_login"]["email_verify_msg_text"] = SMTP::ConvertHTMLToText($_REQUEST["email_verify_msg"]); $sso_settings["sso_login"]["email_recover_from"] = $_REQUEST["email_recover_from"]; $sso_settings["sso_login"]["email_recover_subject"] = trim($_REQUEST["email_recover_subject"]); $sso_settings["sso_login"]["email_recover_msg"] = $_REQUEST["email_recover_msg"]; $sso_settings["sso_login"]["email_recover_msg_text"] = SMTP::ConvertHTMLToText($_REQUEST["email_recover_msg"]); $sso_settings["sso_login"]["email_session"] = $_REQUEST["email_session"] == "none" || $_REQUEST["email_session"] == "all" ? $_REQUEST["email_session"] : "verify"; $sso_settings["sso_login"]["email_bad_domains"] = $_REQUEST["email_bad_domains"]; $sso_settings["sso_login"]["change_email"] = $_REQUEST["change_email"] > 0; } $sso_settings["sso_login"]["require_two_factor"] = $_REQUEST["require_two_factor"] > 0; $sso_settings["sso_login"]["two_factor_order"] = $_REQUEST["two_factor_order"]; $sso_settings["sso_login"]["password_minlen"] = $_REQUEST["password_minlen"]; $modetimechanged = $sso_settings["sso_login"]["password_mode"] != $_REQUEST["password_mode"] || $sso_settings["sso_login"]["password_mintime"] != $_REQUEST["password_mintime"]; $sso_settings["sso_login"]["password_mode"] = $_REQUEST["password_mode"]; $sso_settings["sso_login"]["password_mintime"] = $_REQUEST["password_mintime"]; if ($modetimechanged) { $sso_settings["sso_login"]["password_minrounds"] = self::CalculateOptimalHashRounds($sso_settings["sso_login"]["password_mode"], $sso_settings["sso_login"]["password_mintime"]); } $sso_settings["sso_login"]["open_reg"] = $_REQUEST["open_reg"] > 0; if (!SSO_SaveSettings()) { BB_SetPageMessage("error", "Unable to save settings."); } else { if (BB_GetPageMessageType() == "info") { SSO_ConfigRedirect("config", array(), "info", $_REQUEST["bb_msg"] . " " . BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName())); } else { SSO_ConfigRedirect("config", array(), "success", BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName())); } } } } $contentopts = array("desc" => BB_Translate("Configure the %s provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_login", "action2" => "config", "configsave" => "1"), "fields" => array(), "submit" => "Save", "focus" => true); if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") { $contentopts["fields"][] = array("title" => "Username Settings", "type" => "accordion"); $contentopts["fields"][] = array("title" => "Map Username", "type" => "select", "name" => "map_username", "options" => $sso_select_fields, "select" => BB_GetValue("map_username", (string) $sso_settings["sso_login"]["map_username"]), "desc" => "The field in the SSO system to map the username to."); $contentopts["fields"][] = array("title" => "Minimum Username Length", "type" => "text", "name" => "username_minlen", "value" => BB_GetValue("username_minlen", $sso_settings["sso_login"]["username_minlen"]), "desc" => "The minimum number of characters a username must have."); $contentopts["fields"][] = array("title" => "Username Blacklist", "type" => "textarea", "height" => "300px", "name" => "username_blacklist", "value" => BB_GetValue("username_blacklist", $sso_settings["sso_login"]["username_blacklist"]), "desc" => "A blacklist of words that a username may not contain. One per line."); $contentopts["fields"][] = array("title" => "Allow Username Changes", "type" => "select", "name" => "change_username", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("change_username", (string) (int) $sso_settings["sso_login"]["change_username"]), "desc" => "Users may change their usernames."); $contentopts["fields"][] = "endaccordion"; } if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") { $contentopts["fields"][] = array("title" => "E-mail Settings", "type" => "accordion"); $contentopts["fields"][] = array("title" => "Map E-mail Address", "type" => "select", "name" => "map_email", "options" => $sso_select_fields, "select" => BB_GetValue("map_email", (string) $sso_settings["sso_login"]["map_email"]), "desc" => "The field in the SSO system to map the e-mail address to."); $contentopts["fields"][] = array("title" => "Verification E-mail - From Address", "type" => "text", "name" => "email_verify_from", "value" => BB_GetValue("email_verify_from", $sso_settings["sso_login"]["email_verify_from"]), "desc" => "The from address for the e-mail message to send to new registrants. Leave blank for the server default."); $contentopts["fields"][] = array("title" => "Verification E-mail - Subject Line", "type" => "text", "name" => "email_verify_subject", "value" => BB_GetValue("email_verify_subject", $sso_settings["sso_login"]["email_verify_subject"]), "desc" => "The subject line for the e-mail message to send to new registrants."); $contentopts["fields"][] = array("title" => "Verification E-mail - HTML Message", "type" => "textarea", "height" => "300px", "name" => "email_verify_msg", "value" => BB_GetValue("email_verify_msg", $sso_settings["sso_login"]["email_verify_msg"]), "desc" => "The HTML e-mail message to send to new registrants. @USERNAME@, @EMAIL@, and @VERIFY@ are special strings that will be replaced with user and system generated values. @VERIFY@ is required."); $contentopts["fields"][] = array("title" => "Recovery E-mail - From Address", "type" => "text", "name" => "email_recover_from", "value" => BB_GetValue("email_recover_from", $sso_settings["sso_login"]["email_recover_from"]), "desc" => "The from address for the e-mail message to send to users recovering access to their account. Leave blank for the server default."); $contentopts["fields"][] = array("title" => "Recovery E-mail - Subject Line", "type" => "text", "name" => "email_recover_subject", "value" => BB_GetValue("email_recover_subject", $sso_settings["sso_login"]["email_recover_subject"]), "desc" => "The subject line for the e-mail message to send to users recovering access to their account."); $contentopts["fields"][] = array("title" => "Recovery E-mail - HTML Message", "type" => "textarea", "height" => "300px", "name" => "email_recover_msg", "value" => BB_GetValue("email_recover_msg", $sso_settings["sso_login"]["email_recover_msg"]), "desc" => "The HTML e-mail message to send to users recovering access to their account. @USERNAME@, @EMAIL@, and @VERIFY@ are special strings that will be replaced with user and system generated values. @VERIFY@ is required."); $contentopts["fields"][] = array("title" => "Verification/Recovery E-mail - Send Session ID", "type" => "select", "name" => "email_session", "options" => array("none" => "Never", "verify" => "Verification e-mail only", "all" => "Verification and recovery e-mails"), "select" => BB_GetValue("email_session", $sso_settings["sso_login"]["email_session"]), "desc" => "Send the session ID as part of the URL in an e-mail. When the session ID isn't sent, the same browser session must be used with the URL or an error message will appear. Sending the session ID for recovery e-mails is not recommended."); $contentopts["fields"][] = array("title" => "E-mail Domain Blacklist", "type" => "textarea", "height" => "300px", "name" => "email_bad_domains", "value" => BB_GetValue("email_bad_domains", $sso_settings["sso_login"]["email_bad_domains"]), "desc" => "A blacklist of e-mail address domains that are not allowed to create accounts. One per line."); $contentopts["fields"][] = array("title" => "Allow E-mail Address Changes", "type" => "select", "name" => "change_email", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("change_email", (string) (int) $sso_settings["sso_login"]["change_email"]), "desc" => "Users may change their e-mail addresses."); $contentopts["fields"][] = "endaccordion"; } $contentopts["fields"][] = array("title" => "Other Settings", "type" => "accordion"); $contentopts["fields"][] = array("title" => "Require Two-Factor Authentication", "type" => "select", "name" => "require_two_factor", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("require_two_factor", (string) (int) $sso_settings["sso_login"]["require_two_factor"]), "desc" => "Users have to select and sign in with a two-factor authentication method. Existing users will have to use account recovery to set up two-factor authentication."); $contentopts["fields"][] = array("title" => "Two-Factor Authentication Display Order", "type" => "text", "name" => "two_factor_order", "value" => BB_GetValue("two_factor_order", $sso_settings["sso_login"]["two_factor_order"]), "desc" => "The display order to use for the two-factor authentication dropdown."); $contentopts["fields"][] = array("title" => "Minimum Password Length", "type" => "text", "name" => "password_minlen", "value" => BB_GetValue("password_minlen", $sso_settings["sso_login"]["password_minlen"]), "desc" => "The minimum number of characters a password must have."); $options = array(); if (function_exists("password_hash")) { $options["password_hash_bcrypt"] = "password_hash() - Native PHP Bcrypt hashing"; } $options["blowfish"] = "Blowfish::Hash() - A Bcrypt-like hash"; $contentopts["fields"][] = array("title" => "Password Hashing Mode", "type" => "select", "name" => "password_mode", "options" => $options, "select" => BB_GetValue("password_mode", $sso_settings["sso_login"]["password_mode"]), "desc" => "The password hashing mode to use. Note that changing the hashing mode will force all users to change their passwords. If account recovery is not possible, users will be unable to access their accounts."); $contentopts["fields"][] = array("title" => "Minimum Password Time", "type" => "text", "name" => "password_mintime", "value" => BB_GetValue("password_mintime", $sso_settings["sso_login"]["password_mintime"]), "desc" => "The minimum amount of time, in milliseconds, required to spend to initially hash a password."); $contentopts["fields"][] = array("title" => "Minimum Password Rounds", "type" => "static", "value" => $sso_settings["sso_login"]["password_minrounds"], "desc" => "The minimum number of rounds required to hash a password. Automatically calculated." . ($sso_settings["sso_login"]["password_minrounds"] < 128 ? " WARNING: Due to the low number of minimum rounds, stored passwords will not be as secure as they should be. Please select a different password hashing mode and/or increase the minimum hashing time." : "")); $contentopts["fields"][] = array("title" => "Open Registration", "type" => "select", "name" => "open_reg", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("open_reg", (string) (int) $sso_settings["sso_login"]["open_reg"]), "desc" => "Users may register for new accounts."); $contentopts["fields"][] = "endaccordion"; $contentopts["fields"][] = "split"; foreach ($g_sso_login_modules as $key => $info) { $contentopts["fields"][] = array("title" => BB_Translate($sso_settings["sso_login"]["modules"][$key]["_a"] ? "%s Module *" : "%s Module", $info["name"]), "type" => "accordion"); $contentopts["fields"][] = array("title" => BB_Translate("%s Module Enabled?", $info["name"]), "type" => "select", "name" => $key . "__a", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue($key . "__a", (string) (int) $sso_settings["sso_login"]["modules"][$key]["_a"]), "desc" => BB_Translate("Enables the %s module. %s", $info["name"], $info["desc"])); if ($sso_settings["sso_login"]["modules"][$key]["_a"]) { $module = "sso_login_module_" . $key; $instance = new $module(); if ($instance->DefaultOrder() !== false) { $contentopts["fields"][] = array("title" => BB_Translate("%s Module Display Order", $info["name"]), "type" => "text", "name" => $key . "__s", "value" => BB_GetValue($key . "__s", (string) (int) (isset($sso_settings["sso_login"]["modules"][$key]["_s"]) ? $sso_settings["sso_login"]["modules"][$key]["_s"] : $instance->DefaultOrder())), "desc" => BB_Translate("The display order to use for the %s module.", $info["name"])); } $instance->Config($contentopts); } $contentopts["fields"][] = "endaccordion"; } SSO_AppendIPFields($contentopts, $sso_settings["sso_login"]["iprestrict"]); BB_GeneratePage(BB_Translate("Configure %s", $this->DisplayName()), $sso_menuopts, $contentopts); } else { if ($sso_site_admin && $sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "disable") { $sso_settings["sso_login"]["enabled"] = false; if (!SSO_SaveSettings()) { BB_RedirectPage("error", "Unable to save settings."); } else { BB_RedirectPage("success", BB_Translate("Successfully disabled the %s provider.", $this->DisplayName())); } } else { if ($sso_site_admin && !$sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "enable") { $sso_settings["sso_login"]["enabled"] = true; if (!SSO_SaveSettings()) { BB_RedirectPage("error", "Unable to save settings."); } else { BB_RedirectPage("success", BB_Translate("Successfully enabled the %s provider.", $this->DisplayName())); } } else { if ($sso_site_admin && !$sso_settings["sso_login"]["installed"] && $_REQUEST["action2"] == "install") { if (isset($_REQUEST["type"])) { if ($sso_db->TableExists($sso_db_sso_login_users)) { BB_SetPageMessage("error", "The database table '" . $sso_db_sso_login_users . "' already exists."); } if ($_REQUEST["type"] != "email_username" && $_REQUEST["type"] != "email" && $_REQUEST["type"] != "username") { BB_SetPageMessage("error", "Please select a valid 'Registration Key'."); } if (BB_GetPageMessageType() != "error") { try { if ($_REQUEST["type"] == "email_username") { $sso_db->Query("CREATE TABLE", array($sso_db_sso_login_users, array("id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true, "PRIMARY KEY" => true, "AUTO INCREMENT" => true), "username" => array("STRING", 1, 75, "NOT NULL" => true), "email" => array("STRING", 1, 255, "NOT NULL" => true), "verified" => array("INTEGER", 1, "NOT NULL" => true), "created" => array("DATETIME", "NOT NULL" => true), "info" => array("STRING", 3, "NOT NULL" => true)), array(array("UNIQUE", array("username"), "NAME" => $sso_db_sso_login_users . "_username"), array("UNIQUE", array("email"), "NAME" => $sso_db_sso_login_users . "_email")))); } else { if ($_REQUEST["type"] == "email") { $sso_db->Query("CREATE TABLE", array($sso_db_sso_login_users, array("id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true, "PRIMARY KEY" => true, "AUTO INCREMENT" => true), "email" => array("STRING", 1, 255, "NOT NULL" => true), "verified" => array("INTEGER", 1, "NOT NULL" => true), "created" => array("DATETIME", "NOT NULL" => true), "info" => array("STRING", 3, "NOT NULL" => true)), array(array("UNIQUE", array("email"), "NAME" => $sso_db_sso_login_users . "_email")))); } else { if ($_REQUEST["type"] == "username") { $sso_db->Query("CREATE TABLE", array($sso_db_sso_login_users, array("id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true, "PRIMARY KEY" => true, "AUTO INCREMENT" => true), "username" => array("STRING", 1, 75, "NOT NULL" => true), "created" => array("DATETIME", "NOT NULL" => true), "info" => array("STRING", 3, "NOT NULL" => true)), array(array("UNIQUE", array("username"), "NAME" => $sso_db_sso_login_users . "_username")))); } } } $sso_settings["sso_login"]["installed"] = true; $sso_settings["sso_login"]["enabled"] = true; $sso_settings["sso_login"]["install_type"] = $_REQUEST["type"]; if (!SSO_SaveSettings()) { BB_SetPageMessage("error", "Unable to save settings."); } else { SSO_ConfigRedirect("config", array(), "success", BB_Translate("Successfully installed the %s provider.", $this->DisplayName())); } } catch (Exception $e) { BB_SetPageMessage("error", "Unable to create the database table '" . htmlspecialchars($sso_db_sso_login_users) . "'. " . $e->getMessage()); } } } $contentopts = array("desc" => BB_Translate("Install the %s provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_login", "action2" => "install"), "fields" => array(array("title" => "Registration Key(s)", "type" => "select", "name" => "type", "options" => array("email_username" => "E-mail Address and Username", "email" => "E-mail Address only", "username" => "Username only"), "select" => BB_GetValue("type", ""), "desc" => "The unique fields to require for a registration system entry. This can't be changed after installing. The default is highly recommended.")), "submit" => "Install", "focus" => true); BB_GeneratePage(BB_Translate("Install %s", $this->DisplayName()), $sso_menuopts, $contentopts); } else { if ($sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "activateuser" && $this->CanActivateUser()) { if (!isset($_REQUEST["id"])) { SSO_ConfigRedirect("finduser", array(), "error", "User ID not specified."); } $userrow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_login_users, $_REQUEST["id"]); if (!$userrow) { SSO_ConfigRedirect("finduser", array(), "error", "User not found."); } if (!isset($userrow->email)) { $userrow->email = ""; } if (!isset($userrow->username)) { $userrow->username = ""; } if (!isset($userrow->verified)) { $userrow->verified = 1; } $userinfo = SSO_DecryptDBData($userrow->info); // Activate the user. $mapinfo = array(); if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") { $mapinfo[$sso_settings["sso_login"]["map_email"]] = $userrow->email; } if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") { $mapinfo[$sso_settings["sso_login"]["map_username"]] = $userrow->username; } // Initialize active modules. $this->activemodules = array(); foreach ($g_sso_login_modules as $key => $info) { if ($sso_settings["sso_login"]["modules"][$key]["_a"]) { $module = "sso_login_module_" . $key; $instance = new $module(); $instance->LoginAddMap($mapinfo, $userrow, $userinfo, true); } } SSO_ActivateUser($userrow->id, $userinfo["extra"], $mapinfo, CSDB::ConvertFromDBTime($userrow->created), false, false); SSO_ConfigRedirect("edituser", array("id" => $userrow->id), "success", "Successfully activated the user."); } else { if ($sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "edituser") { if (!isset($_REQUEST["id"])) { SSO_ConfigRedirect("finduser", array(), "error", "User ID not specified."); } $row = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_login_users, $_REQUEST["id"]); if (!$row) { SSO_ConfigRedirect("finduser", array(), "error", "User not found."); } if (!isset($row->email)) { $row->email = ""; } if (!isset($row->username)) { $row->username = ""; } if (!isset($row->verified)) { $row->verified = 1; } $userinfo = SSO_DecryptDBData($row->info); // Initialize active modules. $this->activemodules = array(); foreach ($g_sso_login_modules as $key => $info) { if ($sso_settings["sso_login"]["modules"][$key]["_a"]) { $module = "sso_login_module_" . $key; $this->activemodules[$key] = new $module(); } } if (isset($_REQUEST["reset_password"])) { $username = $row->username; $email = $row->email; if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") { if ($_REQUEST["username"] == "") { BB_SetPageMessage("error", "Please specify a username."); } else { if ($_REQUEST["username"] != $row->username && $sso_db->GetOne("SELECT", array("COUNT(*)", "FROM" => "?", "WHERE" => "username = ?"), $sso_db_sso_login_users, $_REQUEST["username"])) { BB_SetPageMessage("error", "Username is already in use."); } else { $username = $_REQUEST["username"]; } } } if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") { if ($_REQUEST["email"] == "") { BB_SetPageMessage("error", "Please specify an e-mail address."); } else { if ($_REQUEST["email"] != $row->email && $sso_db->GetOne("SELECT", array("COUNT(*)", "FROM" => "?", "WHERE" => "email = ?"), $sso_db_sso_login_users, $_REQUEST["email"])) { BB_SetPageMessage("error", "E-mail Address is already in use."); } else { $email = $_REQUEST["email"]; } } } foreach ($g_sso_login_modules as $key => $info) { if ($sso_settings["sso_login"]["modules"][$key]["_a"]) { $module = "sso_login_module_" . $key; $instance = new $module(); $instance->CheckEditUserFields($userinfo); } } if (BB_GetPageMessageType() != "error" && $_REQUEST["reset_password"] > 0) { if ($_REQUEST["reset_password"] == 1) { $phrase = ""; for ($x = 0; $x < 4; $x++) { $phrase .= " " . SSO_GetRandomWord(); } $phrase = preg_replace('/\\s+/', " ", trim($phrase)); $salt = $sso_rng->GenerateString(); $data = $username . ":" . $email . ":" . $salt . ":" . $phrase; $passwordinfo = self::HashPasswordInfo($data, $sso_settings["sso_login"]["password_mode"], $sso_settings["sso_login"]["password_minrounds"]); if (!$passwordinfo["success"]) { BB_SetPageMessage("error", "Unexpected cryptography error."); } else { $userinfo["salt"] = $salt; $userinfo["rounds"] = (int) $passwordinfo["rounds"]; $userinfo["password"] = bin2hex($passwordinfo["hash"]); BB_SetPageMessage("info", BB_Translate("Password has been changed to '%s'.", $phrase)); } } else { if ($this->IsRecoveryAllowed(false) && $_REQUEST["reset_password"] == 2) { $userinfo["rounds"] = 0; $userinfo["password"] = ""; } } } if (BB_GetPageMessageType() != "error") { try { $userinfo2 = SSO_EncryptDBData($userinfo); if ($sso_settings["sso_login"]["install_type"] == "email_username") { $sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("username" => $_REQUEST["username"], "email" => $_REQUEST["email"], "verified" => (int) $_REQUEST["verified"] > 0 ? 1 : 0, "info" => $userinfo2), "WHERE" => "id = ?"), $row->id); } else { if ($sso_settings["sso_login"]["install_type"] == "email") { $sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("email" => $_REQUEST["email"], "verified" => (int) $_REQUEST["verified"] > 0 ? 1 : 0, "info" => $userinfo2), "WHERE" => "id = ?"), $row->id); } else { if ($sso_settings["sso_login"]["install_type"] == "username") { $sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("username" => $_REQUEST["username"], "info" => $userinfo2), "WHERE" => "id = ?"), $row->id); } } } if (BB_GetPageMessageType() == "info") { SSO_ConfigRedirect("edituser", array("id" => $row->id), "info", $_REQUEST["bb_msg"] . " Successfully updated the user."); } else { SSO_ConfigRedirect("edituser", array("id" => $row->id), "success", "Successfully updated the user."); } } catch (Exception $e) { BB_SetPageMessage("error", "Database query error."); } } } $desc = "<br />"; $row2 = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "provider_name = 'sso_login' AND provider_id = ?"), $sso_db_users, $row->id); if ($row2) { $desc .= "<a href=\"" . BB_GetRequestURLBase() . "?action=edituser&id=" . $row2->id . "&sec_t=" . BB_CreateSecurityToken("edituser") . "\">Edit SSO Server Info</a>"; } else { if ($this->CanActivateUser()) { $desc .= SSO_CreateConfigLink("Activate User", "activateuser", array("id" => $row->id), "Are you sure you want to activate this user?"); } } $contentopts = array("desc" => BB_Translate("Edit the %s user.", $this->DisplayName()), "htmldesc" => $desc, "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_login", "action2" => "edituser", "id" => $row->id), "fields" => array(array("title" => "ID", "type" => "static", "value" => $row->id)), "submit" => "Save", "focus" => true); if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") { $contentopts["fields"][] = array("title" => "Username", "type" => "text", "name" => "username", "value" => BB_GetValue("username", $row->username)); } if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") { $contentopts["fields"][] = array("title" => "E-mail Address", "type" => "text", "name" => "email", "value" => BB_GetValue("email", $row->email)); $contentopts["fields"][] = array("title" => "Verified", "type" => "select", "name" => "verified", "options" => array("1" => "Yes", "0" => "No"), "select" => BB_GetValue("verified", (string) $row->verified)); } $contentopts["fields"][] = array("title" => "Password Hash Rounds", "type" => "static", "value" => number_Format($userinfo["rounds"], 0)); $options = array("0" => "No", "1" => "Now - Generate a random password"); if ($this->IsRecoveryAllowed(false)) { $options["2"] = "Next Login - User must use account recovery to set a password"; } $contentopts["fields"][] = array("title" => "Reset Password?", "type" => "select", "name" => "reset_password", "options" => $options, "select" => BB_GetValue("reset_password", "0")); foreach ($g_sso_login_modules as $key => $info) { if ($sso_settings["sso_login"]["modules"][$key]["_a"]) { $module = "sso_login_module_" . $key; $instance = new $module(); $instance->AddEditUserFields($contentopts, $userinfo); } } BB_GeneratePage(BB_Translate("Edit %s User", $this->DisplayName()), $sso_menuopts, $contentopts); } else { if ($sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "createuser" && $this->CanActivateUser()) { // Initialize active modules. $this->activemodules = array(); foreach ($g_sso_login_modules as $key => $info) { if ($sso_settings["sso_login"]["modules"][$key]["_a"]) { $module = "sso_login_module_" . $key; $this->activemodules[$key] = new $module(); } } if (isset($_REQUEST["set_password"])) { $messages = $this->SignupUpdateCheck(false, false, false, true); if (count($messages["errors"])) { BB_SetPageMessage("error", implode(" ", array_merge($messages["errors"], $messages["warnings"]))); } else { // Create the account. $username = BB_GetValue("username", ""); $email = BB_GetValue("email", ""); $verified = true; if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") { $result = SMTP::MakeValidEmailAddress($email); $email = $result["email"]; } $userinfo = array(); $phrase = ""; for ($x = 0; $x < 4; $x++) { $phrase .= " " . SSO_GetRandomWord(); } $phrase = preg_replace('/\\s+/', " ", trim($phrase)); $salt = $sso_rng->GenerateString(); $data = $username . ":" . $email . ":" . $salt . ":" . $phrase; $userinfo["extra"] = $sso_rng->GenerateString(); if ($_REQUEST["set_password"] == 1) { $passwordinfo = self::HashPasswordInfo($data, $sso_settings["sso_login"]["password_mode"], $sso_settings["sso_login"]["password_minrounds"]); if (!$passwordinfo["success"]) { BB_SetPageMessage("error", "Unexpected cryptography error."); } else { $userinfo["salt"] = $salt; $userinfo["rounds"] = (int) $passwordinfo["rounds"]; $userinfo["password"] = bin2hex($passwordinfo["hash"]); BB_SetPageMessage("info", BB_Translate("Initial password has been set to '%s'.", $phrase)); } } else { if ($this->IsRecoveryAllowed(false) && $_REQUEST["set_password"] == 2) { $userinfo["salt"] = ""; $userinfo["rounds"] = 0; $userinfo["password"] = ""; } else { BB_SetPageMessage("error", "Invalid Set Password option."); } } $userinfo["two_factor_key"] = $_REQUEST["two_factor_key"]; $userinfo["two_factor_method"] = isset($_REQUEST["two_factor_method"]) ? $_REQUEST["two_factor_method"] : ""; if (BB_GetPageMessageType() != "error") { foreach ($this->activemodules as &$instance) { $instance->SignupAddInfo($userinfo, true); } $userinfo2 = SSO_EncryptDBData($userinfo); try { if ($sso_settings["sso_login"]["install_type"] == "email_username") { $sso_db->Query("INSERT", array($sso_db_sso_login_users, array("username" => $username, "email" => $email, "verified" => (int) $verified, "created" => CSDB::ConvertToDBTime(time()), "info" => $userinfo2), "AUTO INCREMENT" => "id")); } else { if ($sso_settings["sso_login"]["install_type"] == "email") { $sso_db->Query("INSERT", array($sso_db_sso_login_users, array("email" => $email, "verified" => (int) $verified, "created" => CSDB::ConvertToDBTime(time()), "info" => $userinfo2), "AUTO INCREMENT" => "id")); } else { if ($sso_settings["sso_login"]["install_type"] == "username") { $sso_db->Query("INSERT", array($sso_db_sso_login_users, array("username" => $username, "created" => CSDB::ConvertToDBTime(time()), "info" => $userinfo2), "AUTO INCREMENT" => "id")); } else { BB_SetPageMessage("error", "Fatal error: Login system is broken."); } } } if (BB_GetPageMessageType() != "error") { $userid = $sso_db->GetInsertID(); $userrow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_login_users, $userid); } } catch (Exception $e) { BB_SetPageMessage("error", "Database query error."); } if (BB_GetPageMessageType() != "error") { foreach ($this->activemodules as &$instance) { $instance->SignupDone($userid, true); } // Activate the user. if (isset($_REQUEST["activate"]) && $_REQUEST["activate"] == "yes") { $mapinfo = array(); if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") { $mapinfo[$sso_settings["sso_login"]["map_email"]] = $userrow->email; } if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") { $mapinfo[$sso_settings["sso_login"]["map_username"]] = $userrow->username; } foreach ($this->activemodules as &$instance) { $instance->LoginAddMap($mapinfo, $userrow, $userinfo, true); } SSO_ActivateUser($userrow->id, $userinfo["extra"], $mapinfo, CSDB::ConvertFromDBTime($userrow->created), false, false); } if (BB_GetPageMessageType() == "info") { SSO_ConfigRedirect("edituser", array("id" => $userid), "info", $_REQUEST["bb_msg"] . " Successfully created the user."); } else { SSO_ConfigRedirect("edituser", array("id" => $userid), "success", "Successfully created the user."); } } } } } $_REQUEST["two_factor_key"] = BB_GetValue("two_factor_key", self::GenerateOTPKey(10)); $contentopts = array("desc" => BB_Translate("Create a new user in the %s provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_login", "action2" => "createuser", "two_factor_key" => $_REQUEST["two_factor_key"]), "fields" => array(), "submit" => "Create", "focus" => true); if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") { $contentopts["fields"][] = array("title" => "E-mail Address", "type" => "text", "name" => "email", "value" => BB_GetValue("email", ""), "desc" => "The e-mail address of the new user. Must be valid and not already in use."); } if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") { $contentopts["fields"][] = array("title" => "Username", "type" => "text", "name" => "username", "value" => BB_GetValue("username", ""), "desc" => "The username of the new user. Must be valid and not already in use."); } $options = array("1" => "Now - Generate a random password upon account creation"); if ($this->IsRecoveryAllowed(false)) { $options["2"] = "Next Login - User must use account recovery to set a password"; } $contentopts["fields"][] = array("title" => "Set Password", "type" => "select", "name" => "set_password", "options" => $options, "select" => BB_GetValue("set_password", "1"), "desc" => "Sets an account password now or later."); // Two-factor authentication dropdown. $fieldmap = array(); $options = array(); foreach ($this->activemodules as $key => &$instance) { $name = $instance->GetTwoFactorName(); if ($name !== false) { $options[$key] = $name; } } if (!$sso_settings["sso_login"]["require_two_factor"] && count($options)) { $options = array_merge(array("" => "None"), $options); } if (count($options)) { $fields = array(array("title" => "Two-Factor Authentication Method", "type" => "select", "name" => "two_factor_method", "options" => $options, "select" => BB_GetValue("two_factor_method", ""), "desc" => "Sets the two-factor authentication method.")); $order = $sso_settings["sso_login"]["two_factor_order"]; SSO_AddSortedOutput($fieldmap, $order, "two_factor", $fields); } // Other fields. foreach ($g_sso_login_modules as $key => $info) { if ($sso_settings["sso_login"]["modules"][$key]["_a"]) { $module = "sso_login_module_" . $key; $instance = new $module(); $fields = $instance->GenerateSignup(true); if (isset($fields) && is_array($fields)) { $order = isset($sso_settings["sso_login"]["modules"][$key]["_s"]) ? $sso_settings["sso_login"]["modules"][$key]["_s"] : $instance->DefaultOrder(); SSO_AddSortedOutput($fieldmap, $order, $key, $fields); } } } ksort($fieldmap); foreach ($fieldmap as $fields) { foreach ($fields as $fields2) { $contentopts["fields"] = array_merge($contentopts["fields"], $fields2); } } $contentopts["fields"][] = array("title" => "Activate User", "type" => "checkbox", "name" => "activate", "value" => "yes", "check" => BB_GetValue("activate", "yes"), "display" => "Activate the user upon successful account creation"); BB_GeneratePage("Create User", $sso_menuopts, $contentopts); } else { if ($sso_site_admin && $sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "module" && isset($_REQUEST["module"]) && isset($sso_settings["sso_login"]["modules"][$_REQUEST["module"]]) && $sso_settings["sso_login"]["modules"][$_REQUEST["module"]]["_a"]) { $module = "sso_login_module_" . $_REQUEST["module"]; $instance = new $module(); $instance->CustomConfig(); } } } } } } } } }
public function Config() { global $sso_rng, $sso_db, $sso_db_apikeys, $sso_site_admin, $sso_settings, $sso_menuopts, $sso_select_fields; $sso_db_sso_remote = SSO_DB_PREFIX . "p_sso_remote"; $sso_db_sso_remote_users = SSO_DB_PREFIX . "p_sso_remote_users"; if ($sso_site_admin && $sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "editremote") { $row = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_remote, $_REQUEST["id"]); if ($row) { $info = unserialize($row->info); if (isset($_REQUEST["name"])) { if (strlen($_REQUEST["name"]) > 75) { BB_SetPageMessage("error", "'Name' can only be 75 characters long."); } if ($_REQUEST["name"] != $row->name && $sso_db->GetOne("SELECT", array("COUNT(*)", "FROM" => "?", "WHERE" => "name = ?"), $sso_db_sso_remote, $_REQUEST["name"])) { BB_SetPageMessage("error", "The specified remote 'Name' already exists."); } $apirow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_apikeys, $_REQUEST["apikey_id"]); if ($apirow === false) { BB_SetPageMessage("error", "The specified 'API Key ID' is not valid."); } else { $apiinfo = unserialize($apirow->info); if (!isset($apiinfo["type"])) { $apiinfo["type"] = "normal"; } if ($apiinfo["type"] != "remote") { BB_SetPageMessage("error", "The specified 'API Key ID' is not a remote API key."); } } $info["iprestrict"] = SSO_ProcessIPFields(); if (BB_GetPageMessageType() != "error") { try { $info["icon"] = $_REQUEST["icon"]; $info["notes"] = $_REQUEST["notes"]; $info["automate"] = $_REQUEST["automate"] > 0; $sso_db->Query("UPDATE", array($sso_db_sso_remote, array("name" => $_REQUEST["name"], "apikey_id" => $_REQUEST["apikey_id"], "info" => serialize($info)), "WHERE" => "id = ?"), $row->id); SSO_ConfigRedirect("editremote", array("id" => $row->id), "success", BB_Translate("Successfully updated the remote.")); } catch (Exception $e) { BB_SetPageMessage("error", "Unable to update the remote. " . $e->getMessage()); } } } $contentopts = array("desc" => BB_Translate("Edit the remote."), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_remote", "action2" => "editremote", "id" => $row->id), "fields" => array(array("title" => "Remote Key", "type" => "static", "value" => $row->remotekey . "-" . $row->id), array("title" => "Name", "type" => "text", "name" => "name", "value" => BB_GetValue("name", $row->name), "desc" => "The name of this remote. Usually the name of the business or a business unit that will use this remote to sign in (e.g. Intel). Must be unique."), array("title" => "API Key ID", "type" => "text", "name" => "apikey_id", "value" => BB_GetValue("apikey_id", $row->apikey_id), "desc" => "A valid remote API key ID."), array("title" => "Icon URL", "type" => "text", "name" => "icon", "value" => BB_GetValue("icon", $info["icon"]), "desc" => "An optional URL to a 48x48 pixel icon. The URL should start with 'https://'."), array("title" => "Notes", "type" => "textarea", "name" => "notes", "value" => BB_GetValue("notes", $info["notes"]), "desc" => "Optional extra information about this remote such as contract details."), array("title" => "Automate Validation Phase?", "type" => "select", "name" => "automate", "options" => array("No", "Yes"), "select" => BB_GetValue("automate", (string) (int) $info["automate"]), "desc" => "Whether or not to attempt to automate the validation phase after authenticating the user.")), "submit" => "Save", "focus" => true); SSO_AppendIPFields($contentopts, $info["iprestrict"]); BB_GeneratePage("Edit Remote", $sso_menuopts, $contentopts); } } else { if ($sso_site_admin && $sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "addremote") { if (isset($_REQUEST["name"])) { if ($_REQUEST["name"] == "") { BB_SetPageMessage("error", "Please fill in 'Name'."); } if (strlen($_REQUEST["name"]) > 75) { BB_SetPageMessage("error", "'Name' can only be 75 characters long."); } if ($sso_db->GetOne("SELECT", array("COUNT(*)", "FROM" => "?", "WHERE" => "name = ?"), $sso_db_sso_remote, $_REQUEST["name"])) { BB_SetPageMessage("error", "The specified remote 'Name' already exists."); } $apirow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_apikeys, $_REQUEST["apikey_id"]); if ($apirow === false) { BB_SetPageMessage("error", "The specified 'API Key ID' is not valid."); } else { $apiinfo = unserialize($apirow->info); if (!isset($apiinfo["type"])) { $apiinfo["type"] = "normal"; } if ($apiinfo["type"] != "remote") { BB_SetPageMessage("error", "The specified 'API Key ID' is not a remote API key."); } } if (BB_GetPageMessageType() != "error") { try { $remotekey = $sso_rng->GenerateString(); $info = array("icon" => "", "notes" => "", "iprestrict" => SSO_InitIPFields(), "automate" => false); $sso_db->Query("INSERT", array($sso_db_sso_remote, array("name" => $_REQUEST["name"], "remotekey" => $remotekey, "apikey_id" => $_REQUEST["apikey_id"], "created" => CSDB::ConvertToDBTime(time()), "info" => serialize($info)), "AUTO INCREMENT" => "id")); $id = $sso_db->GetInsertID(); SSO_ConfigRedirect("editremote", array("id" => $id), "success", BB_Translate("Successfully created the remote.")); } catch (Exception $e) { BB_SetPageMessage("error", "Unable to create the remote. " . $e->getMessage()); } } } $contentopts = array("desc" => BB_Translate("Add a remote."), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_remote", "action2" => "addremote"), "fields" => array(array("title" => "Name", "type" => "text", "name" => "name", "value" => BB_GetValue("name", ""), "desc" => "The name of this remote. Usually the name of the business or a business unit that will use this remote to sign in (e.g. Intel). Must be unique."), array("title" => "API Key ID", "type" => "text", "name" => "apikey_id", "value" => BB_GetValue("apikey_id", ""), "desc" => "A valid remote API key ID.")), "submit" => "Create", "focus" => true); BB_GeneratePage("Add Remote", $sso_menuopts, $contentopts); } else { if ($sso_site_admin && $sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "manageremotes") { $desc = "<br />"; $desc .= SSO_CreateConfigLink("Add Remote", "addremote"); $rows = array(); $result = $sso_db->Query("SELECT", array("r.id, r.name, r.apikey_id, a.id AS a_id", "FROM" => "? AS r LEFT OUTER JOIN ? AS a ON (r.apikey_id = a.id)"), $sso_db_sso_remote, $sso_db_apikeys); while ($row = $result->NextRow()) { $rows[] = array($row->id, htmlspecialchars($row->name), $row->a_id > 0 ? "<a href=\"" . BB_GetRequestURLBase() . "?action=editapikey&id=" . $row->apikey_id . "&sec_t=" . BB_CreateSecurityToken("editapikey") . "\">" . $row->apikey_id . "</a>" : BB_Translate("<i>Invalid</i>"), SSO_CreateConfigLink("Edit", "editremote", array("id" => $row->id)) . " | " . SSO_CreateConfigLink("Delete", "deleteremote", array("id" => $row->id), "Are you sure you want to delete this remote?")); } $contentopts = array("desc" => BB_Translate("Manage the remotes."), "htmldesc" => $desc, "fields" => array(array("type" => "table", "cols" => array("ID", "Name", "API Key", "Options"), "rows" => $rows))); BB_GeneratePage("Manage Remotes", $sso_menuopts, $contentopts); } else { if ($sso_site_admin && $sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "config") { if (isset($_REQUEST["configsave"])) { $sso_settings["sso_remote"]["iprestrict"] = SSO_ProcessIPFields(); if (BB_GetPageMessageType() != "error") { $sso_settings["sso_remote"]["map_remote_id"] = SSO_IsField($_REQUEST["map_remote_id"]) ? $_REQUEST["map_remote_id"] : ""; if (!SSO_SaveSettings()) { BB_SetPageMessage("error", "Unable to save settings."); } else { if (BB_GetPageMessageType() == "info") { SSO_ConfigRedirect("config", array(), "info", $_REQUEST["bb_msg"] . " " . BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName())); } else { SSO_ConfigRedirect("config", array(), "success", BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName())); } } } } $contentopts = array("desc" => BB_Translate("Configure the %s provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_remote", "action2" => "config", "configsave" => "1"), "fields" => array(array("title" => "Map Remote ID", "type" => "select", "name" => "map_remote_id", "options" => $sso_select_fields, "select" => BB_GetValue("map_remote_id", (string) $sso_settings["sso_remote"]["map_remote_id"]), "desc" => "The field in the SSO system to map the remote ID to. This allows applications to identify an organization and sign all users at that organization into a single instance.")), "submit" => "Save", "focus" => true); SSO_AppendIPFields($contentopts, $sso_settings["sso_remote"]["iprestrict"]); BB_GeneratePage(BB_Translate("Configure %s", $this->DisplayName()), $sso_menuopts, $contentopts); } else { if ($sso_site_admin && $sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "disable") { $sso_settings["sso_remote"]["enabled"] = false; if (!SSO_SaveSettings()) { BB_RedirectPage("error", "Unable to save settings."); } else { BB_RedirectPage("success", BB_Translate("Successfully disabled the %s provider.", $this->DisplayName())); } } else { if ($sso_site_admin && !$sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "enable") { $sso_settings["sso_remote"]["enabled"] = true; if (!SSO_SaveSettings()) { BB_RedirectPage("error", "Unable to save settings."); } else { BB_RedirectPage("success", BB_Translate("Successfully enabled the %s provider.", $this->DisplayName())); } } else { if ($sso_site_admin && !$sso_settings["sso_remote"]["installed"] && $_REQUEST["action2"] == "install") { if (isset($_REQUEST["install"])) { if ($sso_db->TableExists($sso_db_sso_remote)) { BB_SetPageMessage("error", "The database table '" . $sso_db_sso_remote . "' already exists."); } if ($sso_db->TableExists($sso_db_sso_remote_users)) { BB_SetPageMessage("error", "The database table '" . $sso_db_sso_remote_users . "' already exists."); } if (BB_GetPageMessageType() != "error") { try { $sso_db->Query("CREATE TABLE", array($sso_db_sso_remote, array("id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true, "PRIMARY KEY" => true, "AUTO INCREMENT" => true), "name" => array("STRING", 1, 75, "NOT NULL" => true), "remotekey" => array("STRING", 1, 64, "NOT NULL" => true), "apikey_id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true), "created" => array("DATETIME", "NOT NULL" => true), "info" => array("STRING", 3, "NOT NULL" => true)), array(array("UNIQUE", array("name"), "NAME" => $sso_db_sso_remote . "_name"), array("KEY", array("apikey_id"), "NAME" => $sso_db_sso_remote . "_apikey_id")))); } catch (Exception $e) { BB_SetPageMessage("error", "Unable to create the database table '" . htmlspecialchars($sso_db_sso_remote) . "'. " . $e->getMessage()); } if (BB_GetPageMessageType() != "error") { try { $sso_db->Query("CREATE TABLE", array($sso_db_sso_remote_users, array("id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true, "PRIMARY KEY" => true, "AUTO INCREMENT" => true), "remote_id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true), "user_id" => array("STRING", 1, 255, "NOT NULL" => true), "created" => array("DATETIME", "NOT NULL" => true)), array(array("UNIQUE", array("remote_id", "user_id"), "NAME" => $sso_db_sso_remote_users . "_remote_user_id")))); $sso_settings["sso_remote"]["installed"] = true; $sso_settings["sso_remote"]["enabled"] = true; if (!SSO_SaveSettings()) { BB_SetPageMessage("error", "Unable to save settings."); } else { SSO_ConfigRedirect("manageremotes", array(), "success", BB_Translate("Successfully installed the %s provider.", $this->DisplayName())); } } catch (Exception $e) { BB_SetPageMessage("error", "Unable to create the database table '" . htmlspecialchars($sso_db_sso_remote_users) . "'. " . $e->getMessage()); } } } } $contentopts = array("desc" => BB_Translate("Install the %s provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_remote", "action2" => "install", "install" => "1"), "fields" => array(), "submit" => "Install", "focus" => true); BB_GeneratePage(BB_Translate("Install %s", $this->DisplayName()), $sso_menuopts, $contentopts); } } } } } } } }
public function Config() { global $sso_site_admin, $sso_settings, $sso_menuopts, $sso_select_fields; if ($sso_site_admin && $sso_settings["sso_ldap"]["enabled"] && $_REQUEST["action2"] == "config") { if (isset($_REQUEST["configsave"])) { $_REQUEST["server"] = trim($_REQUEST["server"]); $_REQUEST["dn"] = trim($_REQUEST["dn"]); if ($_REQUEST["server"] == "") { BB_SetPageMessage("info", "The 'LDAP Server URL' field is empty."); } else { if ($_REQUEST["dn"] == "") { BB_SetPageMessage("info", "The 'LDAP Distinguished Name' field is empty."); } else { if (!function_exists("ldap_connect")) { BB_SetPageMessage("info", "The ldap_connect() function does not exist. LDAP won't work until the LDAP PHP extension is enabled."); } } } require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/http.php"; $url = HTTP::ExtractURL($_REQUEST["server"]); if ($url["scheme"] != "ldap") { BB_SetPageMessage("error", "The 'LDAP Server URL' field has an invalid scheme."); } else { if ($url["host"] == "") { BB_SetPageMessage("error", "The 'LDAP Server URL' field has an invalid host."); } } $sso_settings["sso_ldap"]["iprestrict"] = SSO_ProcessIPFields(); if (BB_GetPageMessageType() != "error") { $sso_settings["sso_ldap"]["server"] = $_REQUEST["server"]; $sso_settings["sso_ldap"]["dn"] = $_REQUEST["dn"]; $sso_settings["sso_ldap"]["map_username"] = SSO_IsField($_REQUEST["map_username"]) ? $_REQUEST["map_username"] : ""; $sso_settings["sso_ldap"]["remove_domain"] = $_REQUEST["remove_domain"] > 0; $sso_settings["sso_ldap"]["map_custom"] = trim($_REQUEST["map_custom"]); $sso_settings["sso_ldap"]["password"] = $_REQUEST["password"] > 0; $sso_settings["sso_ldap"]["debug"] = $_REQUEST["debug"] > 0; if (!SSO_SaveSettings()) { BB_SetPageMessage("error", "Unable to save settings."); } else { if (BB_GetPageMessageType() == "info") { SSO_ConfigRedirect("config", array(), "info", $_REQUEST["bb_msg"] . " " . BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName())); } else { SSO_ConfigRedirect("config", array(), "success", BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName())); } } } } $contentopts = array("desc" => BB_Translate("Configure the %s provider. This provider is intended to be used behind a firewall in a relatively trusted environment. Use the IP whitelist to control access to this provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_ldap", "action2" => "config", "configsave" => "1"), "fields" => array(array("title" => "LDAP Server URL", "type" => "text", "name" => "server", "value" => BB_GetValue("server", $sso_settings["sso_ldap"]["server"]), "desc" => "The LDAP URL to a LDAP server. Should be in the format 'ldap://server[:port]/'. Default port is 389."), array("title" => "LDAP Distinguished Name", "type" => "text", "name" => "dn", "value" => BB_GetValue("dn", $sso_settings["sso_ldap"]["dn"]), "desc" => "The LDAP Distinguished Name (DN) pattern to use to check logins against and load user information. Should be in the format 'CN=@USERNAME@,OU=users,DC=somewhere,DC=com' or similar. The special string @USERNAME@ will be replaced with the username."), array("title" => "Map Username", "type" => "select", "name" => "map_username", "options" => $sso_select_fields, "select" => BB_GetValue("map_username", (string) $sso_settings["sso_ldap"]["map_username"]), "desc" => "The field in the SSO system to map the username to. Overrides any custom mapping."), array("title" => "Remove Domain", "type" => "select", "name" => "remove_domain", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("remove_domain", (string) (int) $sso_settings["sso_ldap"]["remove_domain"]), "desc" => "Remove domain prefix from the above mapped username. (e.g. 'NT\\username' becomes 'username')"), array("title" => "Custom Mapping", "type" => "textarea", "name" => "map_custom", "value" => BB_GetValue("map_custom", $sso_settings["sso_ldap"]["map_custom"]), "desc" => "The fields in the SSO system to map LDAP fields to. Format is 'ldapfield=ssofield'. One mapping per line. See 'Debugging Mode' below to turn on debugging to discover valid LDAP field names. See the 'Map Username' dropdown above for valid SSO field names."), array("title" => "Require Password", "type" => "select", "name" => "password", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("password", (string) (int) $sso_settings["sso_ldap"]["password"]), "desc" => "Require passwords to not be empty strings."), array("title" => "Debugging Mode", "type" => "select", "name" => "debug", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("debug", (string) (int) $sso_settings["sso_ldap"]["debug"]), "desc" => "Turn on debugging mode to get an idea of what LDAP fields are available for your LDAP server. When enabled and a login is successful, this will output the fields and data of the user, then output successfully mapped LDAP to SSO fields, and then exit.")), "submit" => "Save", "focus" => true); SSO_AppendIPFields($contentopts, $sso_settings["sso_ldap"]["iprestrict"]); BB_GeneratePage(BB_Translate("Configure %s", $this->DisplayName()), $sso_menuopts, $contentopts); } else { if ($sso_site_admin && $sso_settings["sso_ldap"]["enabled"] && $_REQUEST["action2"] == "disable") { $sso_settings["sso_ldap"]["enabled"] = false; if (!SSO_SaveSettings()) { BB_RedirectPage("error", "Unable to save settings."); } else { BB_RedirectPage("success", BB_Translate("Successfully disabled the %s provider.", $this->DisplayName())); } } else { if ($sso_site_admin && !$sso_settings["sso_ldap"]["enabled"] && $_REQUEST["action2"] == "enable") { if (!function_exists("ldap_connect")) { BB_RedirectPage("error", "The ldap_connect() function does not exist. LDAP won't work until the LDAP PHP extension is enabled."); } $sso_settings["sso_ldap"]["enabled"] = true; if (!SSO_SaveSettings()) { BB_RedirectPage("error", "Unable to save settings."); } else { BB_RedirectPage("success", BB_Translate("Successfully enabled the %s provider.", $this->DisplayName())); } } } } }
function SSO_ProcessIPFields($full = false) { $result = array(); $result["patterns"] = trim($_REQUEST["sso_ipaddr__patterns"]); if (!$full) { $result["allchecks"] = (bool) (int) $_REQUEST["sso_ipaddr__allchecks"]; } $result["dnsrbl_lists"] = trim($_REQUEST["sso_ipaddr__dnsrbl_lists"]); $result["dnsrbl_mincount"] = (int) $_REQUEST["sso_ipaddr__dnsrbl_mincount"]; $result["geoip_lists"] = trim($_REQUEST["sso_ipaddr__geoip_lists"]); if ($full) { $geoip_opts = SSO_GetGeoIPOpts(); foreach ($geoip_opts as $opt => $val) { $result["geoip_map_" . $opt] = SSO_IsField($_REQUEST["sso_ipaddr__geoip_map_" . $opt]) ? $_REQUEST["sso_ipaddr__geoip_map_" . $opt] : ""; } $result["ip_cache_len"] = (int) $_REQUEST["sso_ipaddr__ip_cache_len"]; } if ($result["dnsrbl_mincount"] < 1) { BB_SetPageMessage("error", "The 'DNSRBL - Minimum Matches' field contains an invalid value."); } else { if ($full && $result["ip_cache_len"] < 1) { BB_SetPageMessage("error", "The 'IP Address Cache Length (Days)' field contains an invalid value."); } } return $result; }
$info = unserialize($row->info); $spammer = false; if (isset($info["spaminfo"])) { foreach ($sso_providers as $provider => &$instance) { if (isset($info["spaminfo"][$provider]) && $info["spaminfo"][$provider]["spammer"]) { $spammer = true; } } } $rows[] = array(htmlspecialchars($ipaddr["ipv4"] != "" ? $ipaddr["ipv4"] : $ipaddr["shortipv6"]), htmlspecialchars(BB_Translate($spammer ? "Yes" : "No")), BB_FormatTimestamp("M j, Y @ g:i A", CSDB::ConvertFromDBTime($row->created)), "<a href=\"" . BB_GetRequestURLBase() . "?action=viewipaddr&id=" . $row->id . "&sec_t=" . BB_CreateSecurityToken("viewipaddr") . "\">" . htmlspecialchars(BB_Translate("View")) . "</a>"); } } $table = array("title" => "Search Results", "type" => "table", "cols" => array("IP Address", "Spammer?", "Created", "Options"), "rows" => $rows, "desc" => BB_Translate("The search results for the IP address pattern '%s'.", $pattern)); } else { if (isset($_REQUEST["ipaddr"]) && $_REQUEST["ipaddr"] == "") { BB_SetPageMessage("error", "Please specify an IP address or pattern."); } $ts = time(); $result = $sso_db->Query("SELECT", array("*", "FROM" => "?", "WHERE" => "created >= ?", "ORDER BY" => "created DESC"), $sso_db_ipcache, CSDB::ConvertToDBTime(time() - 2 * 24 * 60 * 60)); while ($row = $result->NextRow()) { $ipaddr = IPAddr::NormalizeIP($row->ipaddr); $info = unserialize($row->info); $spammer = false; if (isset($info["spaminfo"])) { foreach ($sso_providers as $provider => &$instance) { if (isset($info["spaminfo"][$provider]) && $info["spaminfo"][$provider]["spammer"]) { $spammer = true; } } } $rows[] = array(htmlspecialchars($ipaddr["ipv4"] != "" ? $ipaddr["ipv4"] : $ipaddr["shortipv6"]), htmlspecialchars(BB_Translate($spammer ? "Yes" : "No")), BB_FormatTimestamp("M j, Y @ g:i A", CSDB::ConvertFromDBTime($row->created)), "<a href=\"" . BB_GetRequestURLBase() . "?action=viewipaddr&id=" . $row->id . "&sec_t=" . BB_CreateSecurityToken("viewipaddr") . "\">" . htmlspecialchars(BB_Translate("View")) . "</a>");