function SSO_DisplayError($msg, $htmlmsg = "")
{
global $sso_header, $sso_footer;
if (isset($_REQUEST["sso_ajax"])) {
echo htmlspecialchars(BB_Translate($msg)) . $htmlmsg;
} else {
echo $sso_header;
echo "<div class=\"sso_server_message_wrap" . ($htmlmsg == "" ? " sso_server_message_wrap_nosplit" : "") . "\"><div class=\"sso_server_error\">" . htmlspecialchars(BB_Translate($msg)) . "</div></div>";
echo $htmlmsg;
if (isset($_COOKIE["sso_server_lastapp"]) && $_COOKIE["sso_server_lastapp"] !== "") {
$url = @base64_decode($_COOKIE["sso_server_lastapp"]);
if ($url !== false) {
echo "<div class=\"sso_main_info\"><a href=\"" . htmlspecialchars($url) . "\">" . htmlspecialchars(BB_Translate("Return to the application")) . "</a></div>";
}
}
echo $sso_footer;
}
exit;
}
protected function Finalize(&$formvars)
{
if (!$this->output["date"]) {
$this->OutputJQueryUI();
?>
<script type="text/javascript">
jQuery(function() {
if (jQuery.fn.datepicker) jQuery('div.formfields div.formitem input.date').datepicker({ dateFormat: 'yy-mm-dd' });
else alert('<?php
echo BB_JSSafe(BB_Translate("Warning: Missing jQuery UI for date field."));
?>
');
});
</script>
<?php
$this->output["date"] = true;
}
if (!$this->output["accordion"]) {
$this->OutputJQueryUI();
?>
<script type="text/javascript">
jQuery(function() {
if (jQuery.fn.accordion) jQuery('div.formaccordionwrap').accordion({ collapsible : true, active : false, heightStyle : 'content' });
else alert('<?php
echo BB_JSSafe(BB_Translate("Warning: Missing jQuery UI for accordion."));
?>
');
});
</script>
<?php
$this->output["accordion"] = true;
}
}
public function ProcessFrontend()
{
global $sso_settings, $sso_rng, $sso_provider, $sso_target_url, $sso_session_info, $sso_session_id, $sso_db;
if (isset($sso_session_info["setlogin_result"]) && !isset($_REQUEST["tryagain"])) {
// Check the secret.
if (!isset($_REQUEST["sso_setlogin_secret"]) || !isset($sso_session_info["setlogin_info"]) || $_REQUEST["sso_setlogin_secret"] !== $sso_session_info["setlogin_info"]["secret"]) {
$this->DisplayError(BB_Translate("Unable to authenticate the request."));
return;
}
// Should be nearly impossible to get here since browser redirects are executed almost immediately.
if (CSDB::ConvertFromDBTime($sso_session_info["setlogin_info"]["expires"]) < time()) {
$this->DisplayError(BB_Translate("Verification token has expired."));
return;
}
// The user is signed in. Activate the account.
$sso_db_sso_remote_users = SSO_DB_PREFIX . "p_sso_remote_users";
try {
$id = $sso_db->GetOne("SELECT", array("id", "FROM" => "?", "WHERE" => "remote_id = ? AND user_id = ?"), $sso_db_sso_remote_users, $this->info["row"]->id, $sso_session_info["setlogin_result"]["user_id"]);
if ($id === false) {
$sso_db->Query("INSERT", array($sso_db_sso_remote_users, array("remote_id" => $this->info["row"]->id, "user_id" => $sso_session_info["setlogin_result"]["user_id"], "created" => CSDB::ConvertToDBTime(time())), "AUTO INCREMENT" => "id"));
$id = $sso_db->GetInsertID();
}
$mapinfo = $sso_session_info["setlogin_result"]["protected_fields"];
$mapinfo[$sso_settings["sso_remote"]["map_remote_id"]] = $this->info["row"]->id;
SSO_ActivateUser($id, serialize($sso_session_info["setlogin_info"]), $mapinfo, false, $this->info["row_info"]["automate"]);
// Only falls through on account lockout or a fatal error.
$this->DisplayError(BB_Translate("User activation failed."));
} catch (Exception $e) {
$this->DisplayError("A database error has occurred. Most likely cause: Bad SQL query.");
}
} else {
// Check the API key information.
$info = unserialize($this->info["apirow"]->info);
if ($info["type"] != "remote") {
$this->DisplayError(BB_Translate("The target client API key is not a remote API key."));
return;
}
if ($info["url"] == "") {
$this->DisplayError(BB_Translate("The target client API key URL is missing."));
return;
}
// Set up the session so that the endpoint works.
unset($sso_session_info["setlogin_result"]);
$token = $sso_rng->GenerateString();
$sso_session_info["setlogin_info"] = array("provider" => $sso_provider, "apikey_id" => $this->info["apirow"]->id, "redirect_url" => BB_GetRequestHost() . $sso_target_url, "token" => $token, "secret" => $sso_rng->GenerateString(), "expires" => CSDB::ConvertToDBTime(time() + 30 * 60));
if (!SSO_SaveSessionInfo()) {
$this->DisplayError(BB_Translate("Unable to save session information."));
return;
}
// Redirect to the remote host.
$url = $info["url"] . (strpos($info["url"], "?") === false ? "?" : "&") . "from_sso_server=1&sso_setlogin_id=" . urlencode($sso_session_id[1]) . "&sso_setlogin_token=" . urlencode($token) . (isset($_REQUEST["lang"]) ? "&sso_lang=" . urlencode($_REQUEST["lang"]) : "");
SSO_ExternalRedirect($url);
}
}
public function ProcessBBAction()
{
global $bb_widget, $bb_account, $bb_revision_num;
$basepath = BB_GetRealPath(Str::ExtractPathname($bb_widget->_file) . "/base");
if (($bb_account["type"] == "dev" || $bb_account["type"] == "design") && $_REQUEST["bb_action"] == "bb_layout_configure_widget_new_layout_submit") {
BB_RunPluginAction("pre_bb_layout_configure_widget_new_layout_submit");
$found = false;
$dirlist = BB_GetDirectoryList(ROOT_PATH . "/" . WIDGET_PATH . "/" . $basepath);
foreach ($dirlist["files"] as $name) {
$pos = strrpos($name, ".");
if ($pos !== false && substr($name, $pos) == ".html" && substr($name, 0, $pos) == $_REQUEST["pattern"]) {
$found = true;
break;
}
}
if (!$found) {
BB_PropertyFormError("Invalid pattern specified.");
}
$name = $_REQUEST["name"];
if ($name == "") {
BB_PropertyFormError("Name field not filled out.");
}
$dirfile = preg_replace('/[^A-Za-z0-9_\\-]/', "_", $name);
if (file_exists(ROOT_PATH . "/" . WIDGET_PATH . "/" . $this->layoutpath . "/" . $dirfile . ".html")) {
BB_PropertyFormError("A layout with that name already exists.");
}
if (file_exists(ROOT_PATH . "/" . WIDGET_PATH . "/" . $this->layoutpath . "/" . $dirfile . ".css")) {
BB_PropertyFormError("A layout with that name already exists.");
}
$data = file_get_contents(ROOT_PATH . "/" . WIDGET_PATH . "/" . $basepath . "/" . $_REQUEST["pattern"] . ".html");
$data = str_replace(htmlspecialchars($_REQUEST["pattern"]), htmlspecialchars($dirfile), $data);
if (BB_WriteFile(ROOT_PATH . "/" . WIDGET_PATH . "/" . $this->layoutpath . "/" . $dirfile . ".html", $data) === false) {
BB_PropertyFormError("Unable to create layout HTML.");
}
if (!copy(ROOT_PATH . "/" . WIDGET_PATH . "/" . $basepath . "/" . $_REQUEST["pattern"] . ".css", ROOT_PATH . "/" . WIDGET_PATH . "/" . $this->layoutpath . "/" . $dirfile . ".css")) {
BB_PropertyFormError("Unable to create layout CSS.");
}
?>
<div class="success"><?php
echo htmlspecialchars(BB_Translate("Layout created."));
?>
</div>
<script type="text/javascript">
window.parent.LoadProperties(<?php
echo BB_CreateWidgetPropertiesJS("bb_layout_configure_widget");
?>
);
</script>
<?php
BB_RunPluginAction("post_bb_layout_configure_widget_new_layout_submit");
} else {
if (($bb_account["type"] == "dev" || $bb_account["type"] == "design") && $_REQUEST["bb_action"] == "bb_layout_configure_widget_new_layout") {
BB_RunPluginAction("pre_bb_layout_configure_widget_new_layout");
$desc = "<br />";
$desc .= BB_CreateWidgetPropertiesLink(BB_Translate("Back"), "bb_layout_configure_widget");
$patterns = array();
$dirlist = BB_GetDirectoryList(ROOT_PATH . "/" . WIDGET_PATH . "/" . $basepath);
foreach ($dirlist["files"] as $name) {
$pos = strrpos($name, ".");
if ($pos !== false && substr($name, $pos) == ".html") {
$info = $this->ExtractFileInfo(ROOT_PATH . "/" . WIDGET_PATH . "/" . $basepath . "/" . $name);
if ($info !== false) {
$patterns[substr($name, 0, $pos)] = $info[""]["info"][0];
}
}
}
$options = array("title" => BB_Translate("Configure %s - New Layout", $bb_widget->_f), "desc" => "Create a new layout.", "htmldesc" => $desc, "fields" => array(array("title" => "Pattern", "type" => "select", "name" => "pattern", "options" => $patterns, "desc" => "The pattern to use for the new layout."), array("title" => "Name", "type" => "text", "name" => "name", "value" => "", "desc" => "The name of the new layout.")), "submit" => "Create", "focus" => true);
BB_RunPluginActionInfo("bb_layout_configure_widget_new_layout_options", $options);
BB_PropertyForm($options);
BB_RunPluginAction("post_bb_layout_configure_widget_new_layout");
} else {
if (($bb_account["type"] == "dev" || $bb_account["type"] == "design") && $_REQUEST["bb_action"] == "bb_layout_configure_widget_activate_layout" && BB_IsSecExtraOpt("file")) {
BB_RunPluginAction("pre_bb_layout_configure_widget_activate_layout");
$found = false;
$dirlist = BB_GetDirectoryList(ROOT_PATH . "/" . WIDGET_PATH . "/" . $this->layoutpath);
foreach ($dirlist["files"] as $name) {
$pos = strrpos($name, ".");
if ($pos !== false && substr($name, $pos) == ".html" && $name == $_REQUEST["file"]) {
$info = $this->ExtractFileInfo(ROOT_PATH . "/" . WIDGET_PATH . "/" . $this->layoutpath . "/" . $name);
if ($info !== false) {
$bb_widget->layout = $name;
$found = true;
break;
}
}
}
if (!$found) {
BB_PropertyFormLoadError("Invalid layout specified.");
}
if (!BB_SaveLangPage($bb_revision_num)) {
BB_PropertyFormError("Unable to save the layout activation.");
}
?>
<div class="success"><?php
echo htmlspecialchars(BB_Translate("Layout activated."));
?>
</div>
<script type="text/javascript">
window.parent.LoadProperties(<?php
echo BB_CreateWidgetPropertiesJS("bb_layout_configure_widget");
?>
);
window.parent.ReloadIFrame();
</script>
<?php
BB_RunPluginAction("post_bb_layout_configure_widget_activate_layout");
} else {
if (($bb_account["type"] == "dev" || $bb_account["type"] == "design") && $_REQUEST["bb_action"] == "bb_layout_configure_widget_deactivate_layout") {
BB_RunPluginAction("pre_bb_layout_configure_widget_deactivate_layout");
$bb_widget->layout = "";
if (!BB_SaveLangPage($bb_revision_num)) {
BB_PropertyFormError("Unable to save the layout deactivation.");
}
?>
<div class="success"><?php
echo htmlspecialchars(BB_Translate("Layout deactivated."));
?>
</div>
<script type="text/javascript">
window.parent.LoadProperties(<?php
echo BB_CreateWidgetPropertiesJS("bb_layout_configure_widget");
?>
);
window.parent.ReloadIFrame();
</script>
<?php
BB_RunPluginAction("post_bb_layout_configure_widget_deactivate_layout");
} else {
if (($bb_account["type"] == "dev" || $bb_account["type"] == "design") && $_REQUEST["bb_action"] == "bb_layout_configure_widget_delete_layout" && BB_IsSecExtraOpt("file")) {
BB_RunPluginAction("pre_bb_layout_configure_widget_delete_layout");
$found = false;
$dirlist = BB_GetDirectoryList(ROOT_PATH . "/" . WIDGET_PATH . "/" . $this->layoutpath);
foreach ($dirlist["files"] as $name) {
$pos = strrpos($name, ".");
if ($pos !== false && substr($name, $pos) == ".html" && $name == $_REQUEST["file"]) {
$info = $this->ExtractFileInfo(ROOT_PATH . "/" . WIDGET_PATH . "/" . $this->layoutpath . "/" . $name);
if ($info !== false) {
if (!unlink(ROOT_PATH . "/" . WIDGET_PATH . "/" . $this->layoutpath . "/" . $name)) {
BB_PropertyFormLoadError("Unable to delete the layout HTML.");
}
foreach ($info as $profile => $data) {
$filename = ROOT_PATH . "/" . WIDGET_PATH . "/" . $this->layoutpath . "/" . substr($name, 0, $pos) . ($profile != "" ? "." . $profile : "") . ".css";
if (file_exists($filename)) {
@unlink($filename);
}
}
if (file_exists(ROOT_PATH . "/" . WIDGET_PATH . "/" . $this->layoutpath . "/" . $name . ".dat")) {
@unlink(ROOT_PATH . "/" . WIDGET_PATH . "/" . $this->layoutpath . "/" . $name . ".dat");
}
if (isset($bb_widget->layout) && $bb_widget->layout == $name) {
unset($bb_widget->layout);
}
$found = true;
break;
}
}
}
if (!$found) {
BB_PropertyFormLoadError("Invalid layout specified.");
}
if (!BB_SaveLangPage($bb_revision_num)) {
BB_PropertyFormLoadError("Unable to save the layout activation status.");
}
?>
<div class="success"><?php
echo htmlspecialchars(BB_Translate("Layout deleted."));
?>
</div>
<script type="text/javascript">
window.parent.LoadProperties(<?php
echo BB_CreateWidgetPropertiesJS("bb_layout_configure_widget");
?>
);
window.parent.ReloadIFrame();
</script>
<?php
BB_RunPluginAction("post_bb_layout_configure_widget_delete_layout");
} else {
if (($bb_account["type"] == "dev" || $bb_account["type"] == "design") && $_REQUEST["bb_action"] == "bb_layout_configure_widget") {
global $editmap, $extmap;
BB_RunPluginAction("pre_bb_layout_configure_widget");
$editmap = array("ea_html" => array("<a href=\"#\" onclick=\"return EditFile('%%HTML_JS_DIR%%', '%%HTML_JS_FILE%%', '%%HTML_JS_syntax%%', '%%HTML_JS_LOADTOKEN%%', '%%HTML_JS_SAVETOKEN%%');\">" . htmlspecialchars(BB_Translate("Edit HTML")) . "</a>", "syntax"), "ea_css" => array("<a href=\"#\" onclick=\"return EditFile('%%HTML_JS_DIR%%', '%%HTML_JS_FILE%%', '%%HTML_JS_syntax%%', '%%HTML_JS_LOADTOKEN%%', '%%HTML_JS_SAVETOKEN%%');\">" . htmlspecialchars(BB_Translate("Edit CSS")) . "</a>", "syntax"));
$extmap = array(".html" => array("edit" => "ea_html", "syntax" => "html"), ".css" => array("edit" => "ea_css", "syntax" => "css"));
BB_RunPluginAction("bb_layout_configure_widget_exteditmaps");
$desc = "<br />";
$desc .= BB_CreateWidgetPropertiesLink(BB_Translate("New Layout"), "bb_layout_configure_widget_new_layout");
if ($bb_widget->layout != "") {
$desc .= " | " . BB_CreateWidgetPropertiesLink(BB_Translate("Deactivate Current Layout"), "bb_layout_configure_widget_deactivate_layout");
}
$rows = array();
$dirlist = BB_GetDirectoryList(ROOT_PATH . "/" . WIDGET_PATH . "/" . $this->layoutpath);
foreach ($dirlist["files"] as $name) {
$pos = strrpos($name, ".");
if ($pos !== false && substr($name, $pos) == ".html") {
$info = $this->ExtractFileInfo(ROOT_PATH . "/" . WIDGET_PATH . "/" . $this->layoutpath . "/" . $name);
if ($info !== false) {
$rows[] = array("<a href=\"" . htmlspecialchars(ROOT_URL . "/" . WIDGET_PATH . "/" . $this->layoutpath . "/" . $name) . "\" target=\"_blank\">" . htmlspecialchars($name) . "</a>", BB_FileExplorer_GetActionStr(WIDGET_PATH . "/" . $this->layoutpath, $name) . " | " . BB_FileExplorer_GetActionStr(WIDGET_PATH . "/" . $this->layoutpath, substr($name, 0, $pos) . ".css") . " | " . ($bb_widget->layout != $name ? BB_CreateWidgetPropertiesLink(BB_Translate("Activate"), "bb_layout_configure_widget_activate_layout", array("file" => $name)) : BB_CreateWidgetPropertiesLink(BB_Translate("Deactivate"), "bb_layout_configure_widget_deactivate_layout")) . " | " . BB_CreateWidgetPropertiesLink(BB_Translate("Delete"), "bb_layout_configure_widget_delete_layout", array("file" => $name), BB_Translate("Deleting the '%s' layout will immediately affect any pages that utilize the layout. Continue?", $name)));
} else {
if (file_exists(ROOT_PATH . "/" . WIDGET_PATH . "/" . $this->layoutpath . "/" . $name)) {
$rows[] = array(BB_Translate("%s (Broken layout)", "<a href=\"" . htmlspecialchars(ROOT_URL . "/" . WIDGET_PATH . "/" . $this->layoutpath . "/" . $name) . "\" target=\"_blank\">" . htmlspecialchars($name) . "</a>"), BB_FileExplorer_GetActionStr(WIDGET_PATH . "/" . $this->layoutpath, $name));
}
}
}
}
$options = array("title" => BB_Translate("Configure %s", $bb_widget->_f), "desc" => "Select an existing layout or create a new layout.", "htmldesc" => $desc);
if (count($rows)) {
$options["fields"] = array(array("type" => "table", "cols" => array("Layout", "Options"), "rows" => $rows));
}
BB_RunPluginActionInfo("bb_layout_configure_widget_options", $options);
BB_PropertyForm($options);
BB_RunPluginAction("post_bb_layout_configure_widget");
}
}
}
}
}
}
}
public function ProcessFrontend()
{
global $sso_rng, $sso_provider, $sso_settings, $sso_session_info;
$redirect_uri = BB_GetRequestHost() . SSO_ROOT_URL . "/index.php?sso_provider=" . urlencode($sso_provider) . "&sso_google_action=signin";
if (isset($_REQUEST["sso_google_action"]) && $_REQUEST["sso_google_action"] == "signin") {
// Recover the language settings.
if (!isset($sso_session_info["sso_google_info"])) {
$this->DisplayError(BB_Translate("Unable to authenticate the request."));
return;
}
$url = BB_GetRequestHost() . SSO_ROOT_URL . "/index.php?sso_provider=" . urlencode($sso_provider) . "&sso_google_action=signin2";
if (isset($_REQUEST["state"])) {
$url .= "&state=" . urlencode($_REQUEST["state"]);
}
if (isset($_REQUEST["code"])) {
$url .= "&code=" . urlencode($_REQUEST["code"]);
}
if (isset($_REQUEST["error"])) {
$url .= "&error=" . urlencode($_REQUEST["error"]);
}
$url .= "&lang=" . urlencode($sso_session_info["sso_google_info"]["lang"]);
header("Location: " . $url);
} else {
if (isset($_REQUEST["sso_google_action"]) && $_REQUEST["sso_google_action"] == "signin2") {
// Validate the token.
if (!isset($_REQUEST["state"]) || !isset($sso_session_info["sso_google_info"]) || $_REQUEST["state"] !== $sso_session_info["sso_google_info"]["token"]) {
$this->DisplayError(BB_Translate("Unable to authenticate the request."));
return;
}
// Check for token expiration.
if (CSDB::ConvertFromDBTime($sso_session_info["sso_google_info"]["expires"]) < time()) {
$this->DisplayError(BB_Translate("Verification token has expired."));
return;
}
if (isset($_REQUEST["error"])) {
if ($_REQUEST["error"] == "access_denied") {
$message = BB_Translate("The request to sign in with Google was denied.");
} else {
$message = BB_Translate("The error message returned was '%s'.", $_REQUEST["error"]);
}
$this->DisplayError(BB_Translate("Sign in failed. %s", $message));
return;
}
if (!isset($_REQUEST["code"])) {
$this->DisplayError(BB_Translate("Sign in failed. Authorization code missing."));
return;
}
// Get an access token from the authorization code.
require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/http.php";
require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/web_browser.php";
$url = "https://accounts.google.com/o/oauth2/token";
$options = array("postvars" => array("code" => $_REQUEST["code"], "client_id" => $sso_settings["sso_google"]["client_id"], "client_secret" => $sso_settings["sso_google"]["client_secret"], "redirect_uri" => $redirect_uri, "grant_type" => "authorization_code"));
$web = new WebBrowser();
$result = $web->Process($url, "auto", $options);
if (!$result["success"]) {
$this->DisplayError(BB_Translate("Sign in failed. Error retrieving URL for Google access token. %s", $result["error"]));
} else {
if ($result["response"]["code"] != 200) {
$this->DisplayError(BB_Translate("Sign in failed. The Google access token server returned: %s", $result["response"]["code"] . " " . $result["response"]["meaning"]));
} else {
// Get the access token.
$data = @json_decode($result["body"], true);
if ($data === false || !isset($data["access_token"])) {
$this->DisplayError(BB_Translate("Sign in failed. Error retrieving access token from Google."));
} else {
// Get the user's profile information.
$url = "https://www.googleapis.com/oauth2/v1/userinfo?access_token=" . urlencode($data["access_token"]);
$result = $web->Process($url);
if (!$result["success"]) {
$this->DisplayError(BB_Translate("Sign in failed. Error retrieving URL for Google profile information. %s", $result["error"]));
} else {
if ($result["response"]["code"] != 200) {
$this->DisplayError(BB_Translate("Sign in failed. The Google profile information server returned: %s", $result["response"]["code"] . " " . $result["response"]["meaning"]));
} else {
$profile = @json_decode($result["body"], true);
if ($profile === false) {
$this->DisplayError(BB_Translate("Sign in failed. Error retrieving profile information from Google."));
}
$origprofile = $profile;
// Remove unverified e-mail addresses.
if (!isset($profile["verified_email"]) || !$profile["verified_email"]) {
unset($profile["verified_email"]);
unset($profile["email"]);
}
// Convert most profile fields into strings.
foreach ($profile as $key => $val) {
if (is_string($val)) {
continue;
}
if (is_bool($val)) {
$val = (string) (int) $val;
} else {
if (is_numeric($val)) {
$val = (string) $val;
} else {
if (is_object($val) && isset($val->id) && isset($val->name)) {
$val = $val->name;
}
}
}
$profile[$key] = $val;
}
$mapinfo = array();
foreach (self::$fieldmap as $key => $info) {
$key2 = $sso_settings["sso_google"]["map_" . $key];
if ($key2 != "" && isset($profile[$key])) {
$mapinfo[$key2] = $profile[$key];
}
}
SSO_ActivateUser($profile["id"], serialize($origprofile), $mapinfo);
// Only falls through on account lockout or a fatal error.
$this->DisplayError(BB_Translate("User activation failed."));
}
}
}
}
}
} else {
// Create internal data packet.
$token = $sso_rng->GenerateString();
$sso_session_info["sso_google_info"] = array("lang" => isset($_REQUEST["lang"]) ? $_REQUEST["lang"] : "", "token" => $token, "expires" => CSDB::ConvertToDBTime(time() + 30 * 60));
if (!SSO_SaveSessionInfo()) {
$this->DisplayError(BB_Translate("Unable to save session information."));
return;
}
// Calculate the required scope.
$scope = array("https://www.googleapis.com/auth/userinfo.profile" => true);
foreach (self::$fieldmap as $key => $info) {
if ($info["extra"] != "" && $sso_settings["sso_google"]["map_" . $key] != "") {
$scope[$info["extra"]] = true;
}
}
// Get the login redirection URL.
$options = array("response_type" => "code", "client_id" => $sso_settings["sso_google"]["client_id"], "redirect_uri" => $redirect_uri, "scope" => implode(" ", array_keys($scope)), "state" => $token);
$options2 = array();
foreach ($options as $key => $val) {
$options2[] = urlencode($key) . "=" . urlencode($val);
}
$url = "https://accounts.google.com/o/oauth2/auth?" . implode("&", $options2);
SSO_ExternalRedirect($url);
}
}
}
public function ProcessFrontend()
{
global $sso_provider, $sso_settings, $sso_target_url, $sso_header, $sso_footer, $sso_providers, $sso_selectors_url;
require_once SSO_ROOT_PATH . "/" . SSO_PROVIDER_PATH . "/" . $sso_provider . "/facebook.php";
$facebook = new SSO_FacebookSDK(array("appId" => $sso_settings["sso_facebook"]["app_id"], "secret" => $sso_settings["sso_facebook"]["app_secret"]));
$id = $facebook->getUser();
if ($id) {
try {
// Calculate the required fields.
$fields = array("id" => true, "first_name" => true, "last_name" => true);
foreach (self::$fieldmap as $key => $info) {
if ($sso_settings["sso_facebook"]["map_" . $key] != "" && !isset($info["pseudo"])) {
$fields[isset($info["parent"]) ? $info["parent"] : $key] = true;
}
}
$profile = $facebook->api("/me", "GET", array("fields" => implode(",", array_keys($fields))));
} catch (FacebookApiException $e) {
// Fall through here to go to the next step.
$id = 0;
$exceptionmessage = $e->getMessage();
}
}
if (isset($_REQUEST["sso_facebook_action"]) && $_REQUEST["sso_facebook_action"] == "signin") {
if ($id) {
// Create a fake username based on available information.
if ($sso_settings["sso_facebook"]["map_username"] != "") {
if (isset($profile["email"])) {
$profile["username"] = (string) @substr($profile["email"], 0, strpos($profile["email"], "@"));
} else {
if (isset($profile["first_name"]) && isset($profile["last_name"])) {
$profile["username"] = $profile["first_name"] . @substr($profile["last_name"], 0, 1);
} else {
if (isset($profile["name"])) {
$name = explode(" ", $name);
$profile["username"] = $name[0] . @substr($name[count($name) - 1], 0, 1);
} else {
$profile["username"] = (string) $id;
}
}
}
$profile["username"] = preg_replace('/\\s+/', "_", trim(preg_replace('/[^a-z0-9]/', " ", strtolower((string) $profile["username"]))));
}
// Check username blacklist.
$message = "";
if (isset($profile["username"])) {
$blacklist = explode("\n", str_replace("\r", "\n", $sso_settings["sso_facebook"]["username_blacklist"]));
foreach ($blacklist as $word) {
$word = trim($word);
if ($word != "" && stripos($profile["username"], $word) !== false) {
$message = BB_Translate("Username contains a blocked word.");
break;
}
}
}
// Check e-mail domain blacklist.
if (isset($profile["email"])) {
define("CS_TRANSLATE_FUNC", "BB_Translate");
require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/smtp.php";
$email = SMTP::MakeValidEmailAddress($profile["email"]);
if (!$email["success"]) {
$message = BB_Translate("Invalid e-mail address. %s", $email["error"]);
} else {
$domain = strtolower(substr($email["email"], strrpos($email["email"], "@") + 1));
$y = strlen($domain);
$baddomains = explode("\n", strtolower($sso_settings["sso_facebook"]["email_bad_domains"]));
foreach ($baddomains as $baddomain) {
$baddomain = trim($baddomain);
if ($baddomain != "") {
$y2 = strlen($baddomain);
if ($domain == $baddomain || $y < $y2 && substr($domain, $y - $y2 - 1, 1) == "." && substr($domain, $y - $y2) == $baddomain) {
$message = BB_Translate("E-mail address is in a blacklisted domain.");
break;
}
}
}
}
}
if ($message == "") {
// Fix birthday to be in international format YYYY-MM-DD.
if (isset($profile["birthday"])) {
$birthday = explode("/", $profile["birthday"]);
$year = array_pop($birthday);
array_unshift($birthday, $year);
$profile["birthday"] = implode("-", $birthday);
}
// Convert most profile fields into strings.
foreach ($profile as $key => $val) {
if (is_string($val)) {
continue;
}
if (is_bool($val)) {
$val = (string) (int) $val;
} else {
if (is_numeric($val)) {
$val = (string) $val;
} else {
if (is_object($val) && isset($val->id) && isset($val->name)) {
$val = $val->name;
}
}
}
$profile[$key] = $val;
}
// Convert specialized fields into strings.
if (isset($profile["age_range"])) {
$profile["age_range"] = trim($item->min . "-" . $item->max);
}
if (isset($profile["education"])) {
$items = array();
foreach ($profile["education"] as $item) {
$items[] = trim($item->year . " " . $item->type . " " . $item->school->name);
}
$profile["education"] = implode("\n", $items);
}
if (isset($profile["work"])) {
$items = array();
foreach ($profile["work"] as $item) {
$items[] = trim($item->employer . ", " . $item->location . ", " . $item->position);
}
$profile["work"] = implode("\n", $items);
}
$mapinfo = array();
foreach (self::$fieldmap as $key => $info) {
$key2 = $sso_settings["sso_facebook"]["map_" . $key];
if ($key2 != "" && isset($profile[$key])) {
$mapinfo[$key2] = $profile[$key];
}
}
// Process specialized fields.
if (isset($profile["birthday"])) {
$birthday = explode("-", $profile["birthday"]);
$key = "birthday_year";
$key2 = $sso_settings["sso_facebook"]["map_" . $key];
if ($key2 != "") {
$mapinfo[$key2] = $birthday[0];
}
$key = "birthday_month";
$key2 = $sso_settings["sso_facebook"]["map_" . $key];
if ($key2 != "") {
$mapinfo[$key2] = $birthday[1];
}
$key = "birthday_day";
$key2 = $sso_settings["sso_facebook"]["map_" . $key];
if ($key2 != "") {
$mapinfo[$key2] = $birthday[2];
}
}
SSO_ActivateUser($profile["id"], serialize($profile), $mapinfo);
// Only falls through on account lockout or a fatal error.
$message = BB_Translate("User activation failed.");
}
} else {
if (isset($_REQUEST["error"]) && $_REQUEST["error"] == "access_denied") {
$message = BB_Translate("The request to sign in with Facebook was denied.");
} else {
if (isset($_REQUEST["error_description"])) {
$message = BB_Translate($_REQUEST["error_description"]);
} else {
$message = BB_Translate("An unknown error occurred. %s", $exceptionmessage);
}
}
}
$message = BB_Translate("Sign in failed. %s", $message);
echo $sso_header;
SSO_OutputHeartbeat();
?>
<div class="sso_main_wrap">
<div class="sso_main_wrap_inner">
<div class="sso_main_messages_wrap">
<div class="sso_main_messages">
<div class="sso_main_messageerror"><?php
echo htmlspecialchars($message);
?>
</div>
</div>
</div>
<div class="sso_main_info"><a href="<?php
echo htmlspecialchars($sso_target_url);
?>
"><?php
echo htmlspecialchars(BB_Translate("Try again"));
?>
</a><?php
if (count($sso_providers) > 1) {
?>
| <a href="<?php
echo htmlspecialchars($sso_selectors_url);
?>
"><?php
echo htmlspecialchars(BB_Translate("Select another sign in method"));
?>
</a><?php
}
?>
</div>
</div>
</div>
<?php
echo $sso_footer;
} else {
// Calculate the required scope.
$scope = array();
foreach (self::$fieldmap as $key => $info) {
if ($info["extra"] != "" && $sso_settings["sso_facebook"]["map_" . $key] != "") {
$scope[$info["extra"]] = true;
}
}
// Get the login redirection URL.
$options = array("scope" => implode(",", array_keys($scope)), "redirect_uri" => BB_GetRequestHost() . $sso_target_url . "&sso_facebook_action=signin");
$url = $facebook->getLoginUrl($options);
SSO_ExternalRedirect($url);
}
}
function BB_GeneratePage($title, $menuopts, $contentopts)
{
global $bb_rootname, $bb_page_layout, $bb_menu_layout, $bb_menu_item_layout, $bb_message_layout;
if (!isset($contentopts["title"])) {
$contentopts["title"] = $title;
}
if (isset($contentopts["hidden"]) && !isset($contentopts["hidden"]["bb_back"])) {
$contentopts["hidden"]["bb_back"] = isset($_POST["bb_back"]) ? $_POST["bb_back"] : BB_GetBackQueryString();
}
header("Content-Type: text/html; charset=UTF-8");
BB_InitLayouts();
// Process the header.
if (defined("BB_ROOT_URL")) {
$rooturl = BB_ROOT_URL;
} else {
if (defined("ROOT_URL")) {
$rooturl = ROOT_URL;
} else {
$rooturl = BB_GetRequestURLBase();
if (substr($rooturl, -1) != "/") {
$rooturl = dirname($rooturl);
}
if (substr($rooturl, -1) == "/") {
$rooturl = substr($rooturl, 0, -1);
}
}
}
if (defined("BB_SUPPORT_PATH")) {
$supportpath = BB_SUPPORT_PATH;
} else {
if (defined("SUPPORT_PATH")) {
$supportpath = SUPPORT_PATH;
} else {
$supportpath = "support";
}
}
$data = str_replace("@ROOTURL@", htmlspecialchars($rooturl), $bb_page_layout);
$data = str_replace("@SUPPORTPATH@", htmlspecialchars($supportpath), $data);
// Process the title and message.
$data = str_replace("@TITLE@", htmlspecialchars(BB_Translate(($bb_rootname != "" ? $bb_rootname . " | " : "") . $title)), $data);
$data = str_replace("@ROOTNAME@", htmlspecialchars(BB_Translate($bb_rootname)), $data);
if (!isset($_REQUEST["bb_msg"])) {
$data = str_replace("@MESSAGE@", "", $data);
} else {
if (!isset($_REQUEST["bb_msgtype"]) || $_REQUEST["bb_msgtype"] != "error" && $_REQUEST["bb_msgtype"] != "success") {
$_REQUEST["bb_msgtype"] = "info";
}
$data2 = str_replace("@MSGTYPE@", htmlspecialchars($_REQUEST["bb_msgtype"]), $bb_message_layout);
$data2 = str_replace("@MESSAGE@", htmlspecialchars(BB_Translate($_REQUEST["bb_msg"])), $data2);
$data = str_replace("@MESSAGE@", $data2, $data);
}
// Process the menu.
$data2 = "";
foreach ($menuopts as $title => $items) {
$data3 = "";
foreach ($items as $name => $opts) {
if (!is_array($opts)) {
$opts = array("href" => $opts);
}
$data5 = array();
foreach ($opts as $name2 => $val) {
$data5[] = htmlspecialchars($name2) . "=\"" . htmlspecialchars($val) . "\"";
}
$data4 = str_replace("@OPTS@", implode(" ", $data5), $bb_menu_item_layout);
$data3 .= str_replace("@NAME@", htmlspecialchars(BB_Translate($name)), $data4);
}
$data3 = str_replace("@ITEMS@", $data3, $bb_menu_layout);
$data2 .= str_replace("@TITLE@", htmlspecialchars(BB_Translate($title)), $data3);
}
$data = str_replace("@MENU@", $data2, $data);
// Process and display the content.
$pos = strpos($data, "@CONTENT@");
echo substr($data, 0, $pos);
BB_PropertyForm($contentopts);
echo substr($data, $pos + 9);
}
public function SendTwoFactorCode(&$result, $userrow, $userinfo)
{
// Send the two-factor authentication e-mail.
$info = $this->GetInfo();
$fromaddr = BB_PostTranslate($info["email_from"] != "" ? $info["email_from"] : SSO_SMTP_FROM);
$subject = BB_Translate($info["email_subject"]);
$twofactor = sso_login::GetTimeBasedOTP($userinfo["two_factor_key"], time() / $info["window"]);
$htmlmsg = str_ireplace(array("@USERNAME@", "@EMAIL@", "@TWOFACTOR@"), array(htmlspecialchars($userrow->username), htmlspecialchars($userrow->email), htmlspecialchars($twofactor)), BB_PostTranslate($info["email_msg"]));
$textmsg = str_ireplace(array("@USERNAME@", "@EMAIL@", "@TWOFACTOR@"), array($userrow->username, $userrow->email, $twofactor), BB_PostTranslate($info["email_msg_text"]));
$result2 = SSO_SendEmail($fromaddr, $userrow->email, $subject, $htmlmsg, $textmsg);
if (!$result2["success"]) {
$result["errors"][] = BB_Translate("Login exists but a fatal error occurred. Fatal error: Unable to send two-factor authentication e-mail. %s", $result["error"]);
}
}
function SSO_CreateConfigLink($title, $action2, $extra = array(), $confirm = "")
{
return "<a href=\"" . htmlspecialchars(SSO_CreateConfigURL($action2, $extra)) . "\"" . ($confirm != "" ? " onclick=\"return confirm('" . htmlspecialchars(BB_JSSafe(BB_Translate($confirm))) . "');\"" : "") . ">" . htmlspecialchars(BB_Translate($title)) . "</a>";
}
public function LoginCheck(&$result, $userinfo, $recoveryallowed)
{
global $sso_ipaddr_info;
if ($userinfo === false) {
$this->UpdateIPAddrInfo(true, false, false);
$info = $this->GetInfo();
if ($sso_ipaddr_info["sso_login_modules"]["sso_ratelimit"]["sysreq"] >= $info["system_requests"]) {
$result["errors"][] = BB_Translate("Request rate limit exceeded.");
} else {
if ($sso_ipaddr_info["sso_login_modules"]["sso_ratelimit"]["logins"] >= $info["login_attempts"]) {
$result["errors"][] = BB_Translate("Request rate limit exceeded.");
}
}
}
}
function BB_UpdateExtensionsCache($force = false)
{
global $bb_extensions_info, $bb_paths;
if ($force || $bb_extensions_info["nextcheck"] < time()) {
$data = array();
foreach ($bb_extensions_info["exts"] as $extinfo) {
$data[] = (int) $extinfo["id"];
$data[] = urlencode($extinfo["ver"]);
}
$url = "https://barebonescms.com/extend/api/?action=update_check&id_vers=" . implode(",", $data);
BB_RunPluginActionInfo("pre_bb_updateextensionscache_url", $url);
$info = BB_IsValidURL($url);
if ($info["success"]) {
$data = @json_decode(trim($info["data"]), true);
if ($data["success"]) {
if (defined("BB_CORE_VER") && $data["corever"] !== BB_CORE_VER) {
array_unshift($data["updates"], BB_Translate("<strong>New version of Barebones CMS available!</strong><br />Currently installed: %s<br />New: %s", BB_CORE_VER, htmlspecialchars($data["corever"])));
}
$bb_extensions_info["updates"] = $data["updates"];
$bb_extensions_info["vulnerabilities"] = $data["vulnerabilities"];
}
}
$bb_extensions_info["nextcheck"] = time() + 24 * 60 * 60;
$data = "<" . "?php\n\t\$bb_extensions_info = " . BB_CreatePHPStorageData($bb_extensions_info) . ";\n?" . ">";
BB_WriteFile((isset($bb_paths) ? $bb_paths["ROOT_PATH"] : ROOT_PATH) . "/extensions_cache.php", $data);
}
}
public function CustomFrontend()
{
global $g_sso_login_modules, $sso_settings, $sso_header, $sso_footer, $sso_target_url, $sso_db, $sso_session_info, $sso_rng;
$messages = array("errors" => array(), "warnings" => array(), "success" => "");
$info = $this->GetInfo();
if ($info["cookiekey"] != "" && $info["cookieiv"] != "" && $info["cookiekey2"] != "" && $info["cookieiv2"] != "") {
// Initialize active modules.
$this->activemodules = array();
foreach ($g_sso_login_modules as $key => $info2) {
if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
$module = "sso_login_module_" . $key;
$this->activemodules[$key] = new $module();
}
}
$sso_db_sso_login_users = SSO_DB_PREFIX . "p_sso_login_users";
if (isset($_REQUEST["id"]) && isset($_COOKIE["sso_l_rme"])) {
// Decrypt data.
$info2 = @base64_decode($_COOKIE["sso_l_rme"]);
if ($info2 !== false) {
$info2 = Blowfish::ExtractDataPacket($info2, pack("H*", $info["cookiekey"]), array("mode" => "CBC", "iv" => pack("H*", $info["cookieiv"]), "key2" => pack("H*", $info["cookiekey2"]), "iv2" => pack("H*", $info["cookieiv2"]), "lightweight" => true));
}
if ($info2 !== false) {
$info2 = @unserialize($info2);
}
if ($info2 !== false) {
$id = (int) $_REQUEST["id"];
if (isset($info2[$id]) && is_array($info2[$id]) && count($info2[$id]) == 2) {
// Load database information and verify the sign in.
$userrow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_login_users, $id);
if ($userrow && (!isset($userrow->verified) || $userrow->verified)) {
$userinfo = SSO_DecryptDBData($userrow->info);
if ($userinfo !== false && isset($userinfo["sso_remember_me"]) && isset($userinfo["sso_remember_me"][$info2[$userrow->id][0]])) {
$info3 = $userinfo["sso_remember_me"][$info2[$userrow->id][0]];
$ts = CSDB::ConvertFromDBTime($info3["expires"]);
if ($ts > time()) {
$data = $info3["salt"] . ":" . $info2[$userrow->id][1];
if (sso_login::VerifyPasswordInfo($data, $info3["hash"], $info3["rounds"])) {
// Sign in is now verified to be valid.
if (!$info3["bypass"] && ($sso_settings["sso_login"]["require_two_factor"] || isset($userinfo["two_factor_method"]) && $userinfo["two_factor_method"] != "")) {
// Go to two-factor authentication page.
$methods = array();
foreach ($this->activemodules as $key => &$instance) {
$name = $instance->GetTwoFactorName(false);
if ($name !== false) {
$methods[$key] = true;
}
}
if ($sso_settings["sso_login"]["require_two_factor"] && (!isset($userinfo["two_factor_method"]) || !isset($methods[$userinfo["two_factor_method"]]))) {
$messages["errors"][] = BB_Translate("A valid two-factor authentication method for this account is not available. Use account recovery to restore access to the account.");
} else {
$sso_session_info["sso_login_two_factor"] = array("id" => $userrow->id, "v" => $sso_rng->GenerateString(), "expires" => CSDB::ConvertToDBTime(time() + 5 * 60));
if (!SSO_SaveSessionInfo()) {
$messages["errors"][] = BB_Translate("Login exists but a fatal error occurred. Fatal error: Unable to save session information.");
} else {
$this->activemodules[$userinfo["two_factor_method"]]->SendTwoFactorCode($messages, $userrow, $userinfo);
if (!count($messages["errors"])) {
header("Location: " . BB_GetRequestHost() . $sso_target_url . "&sso_login_action=two_factor&sso_v=" . urlencode($sso_session_info["sso_login_two_factor"]["v"]));
exit;
}
}
}
} else {
// Login succeeded. Activate the user.
$mapinfo = array();
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$mapinfo[$sso_settings["sso_login"]["map_email"]] = $userrow->email;
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
$mapinfo[$sso_settings["sso_login"]["map_username"]] = $userrow->username;
}
$origuserinfo = $userinfo;
foreach ($this->activemodules as &$instance) {
$instance->LoginAddMap($mapinfo, $userrow, $userinfo, false);
}
// If a module updated $userinfo, then update the database.
if (serialize($userinfo) !== serialize($origuserinfo)) {
$userinfo2 = SSO_EncryptDBData($userinfo);
try {
$sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("info" => $userinfo2), "WHERE" => "id = ?"), $userrow->id);
} catch (Exception $e) {
$messages["errors"][] = BB_Translate("Database query error.");
}
}
if (!count($messages["errors"])) {
SSO_ActivateUser($userrow->id, $userinfo["extra"], $mapinfo, CSDB::ConvertFromDBTime($userrow->created));
// Only falls through on account lockout or a fatal error.
$messages["errors"][] = BB_Translate("User activation failed.");
}
}
}
}
}
}
}
}
}
echo $sso_header;
SSO_OutputHeartbeat();
?>
<div class="sso_main_wrap sso_login">
<div class="sso_main_wrap_inner">
<div class="sso_main_messages_wrap">
<div class="sso_main_messages">
<?php
if (count($messages["errors"])) {
?>
<div class="sso_main_messageerror"><?php
echo htmlspecialchars($messages["errors"][0]);
?>
</div>
<?php
}
?>
<div class="sso_main_messageerror"><?php
echo htmlspecialchars(BB_Translate("An error occurred while processing the remembered sign in. You will have to sign in normally."));
?>
</div>
</div>
</div>
<div class="sso_login_signin"><a href="<?php
echo htmlspecialchars($sso_target_url);
?>
"><?php
echo htmlspecialchars(BB_Translate("Sign in"));
?>
</a></div>
</div>
</div>
<?php
echo $sso_footer;
}
}
public function LoginCheck(&$result, $userinfo, $recoveryallowed)
{
global $sso_target_url;
if ($userinfo !== false) {
$info = $this->GetInfo();
if ($info["expire"] > 0 && (!isset($userinfo["sso_password"]) || !isset($userinfo["sso_password"]["expires"]) || CSDB::ConvertFromDBTime($userinfo["sso_password"]["expires"]) <= time())) {
if (!$recoveryallowed) {
if (SSO_FrontendFieldValue("update_info", "") != "yes") {
$result["errors"][] = BB_Translate("Password has expired. Check the checkbox under 'Update Information' and sign in again to change your password.");
}
} else {
header("Location: " . BB_GetRequestHost() . $sso_target_url . "&sso_login_action=recover&sso_msg=sso_login_password_expired");
exit;
}
}
}
}
function UpgradeError($str)
{
echo BB_Translate($str) . "<br />\n";
exit;
}
public function GenerateLogin($messages)
{
$info = $this->GetInfo();
if ($info["cookiekey"] != "" && $info["cookieiv"] != "" && $info["cookiekey2"] != "" && $info["cookieiv2"] != "") {
$phrase = "";
if (isset($_COOKIE["sso_l_ap"])) {
// Decrypt data.
$phrase = @base64_decode($_COOKIE["sso_l_ap"]);
if ($phrase !== false) {
$phrase = Blowfish::ExtractDataPacket($phrase, pack("H*", $info["cookiekey"]), array("mode" => "CBC", "iv" => pack("H*", $info["cookieiv"]), "key2" => pack("H*", $info["cookiekey2"]), "iv2" => pack("H*", $info["cookieiv2"]), "lightweight" => true));
}
if ($phrase === false) {
$phrase = "";
}
}
?>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Anti-Phishing Phrase"));
?>
</div>
<?php
if ($phrase != "") {
?>
<div class="sso_main_formdesc"><?php
echo htmlspecialchars($phrase);
?>
</div>
<?php
} else {
?>
<div class="sso_main_formresult"><div class="sso_main_formwarning"><?php
echo htmlspecialchars(BB_Translate("No anti-phishing phrase found."));
?>
</div></div>
<?php
}
?>
</div>
<?php
}
}
function SSO_ExternalRedirect($url, $final = false)
{
SetCookieFixDomain("sso_server_er", base64_encode($url), 0, "", "", SSO_IsSSLRequest(), true);
SetCookieFixDomain("sso_server_ern", md5(SSO_FrontendField("external_redirect") . ":" . $url), 0, "", "", SSO_IsSSLRequest(), true);
$url = BB_GetRequestHost() . SSO_ROOT_URL . "/index.php?sso_action=sso_redirect" . ($final ? "&sso_final=1" : "") . (isset($_REQUEST["lang"]) ? "&lang=" . urlencode($_REQUEST["lang"]) : "");
?>
<!DOCTYPE html>
<html>
<head>
<script type="text/javascript">
document.location.replace('<?php
echo BB_JSSafe($url);
?>
');
</script>
<title><?php
echo BB_Translate("Redirecting...");
?>
</title>
<meta http-equiv="refresh" content="3; URL=<?php
echo htmlspecialchars($url);
?>
" />
</head>
<body>
<div style="text-align: center;"><?php
echo BB_Translate("Redirecting...");
?>
</div>
</body>
</html>
<?php
exit;
}
public function ProcessFrontend()
{
global $g_sso_login_modules, $sso_settings, $sso_rng, $sso_header, $sso_footer, $sso_target_url, $sso_db, $sso_ipaddr_info, $sso_session_info, $sso_providers;
if (!isset($sso_ipaddr_info["sso_login_modules"])) {
$sso_ipaddr_info["sso_login_modules"] = array();
}
// Initialize active modules.
$this->activemodules = array();
foreach ($g_sso_login_modules as $key => $info) {
if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
$module = "sso_login_module_" . $key;
$this->activemodules[$key] = new $module();
}
}
$sso_db_sso_login_users = SSO_DB_PREFIX . "p_sso_login_users";
if (isset($_REQUEST["sso_login_action"]) && $_REQUEST["sso_login_action"] == "module" && isset($_REQUEST["sso_login_module"]) && isset($this->activemodules[$_REQUEST["sso_login_module"]])) {
$this->activemodules[$_REQUEST["sso_login_module"]]->CustomFrontend();
} else {
if (isset($_REQUEST["sso_login_action"]) && $_REQUEST["sso_login_action"] == "verify" && $sso_settings["sso_login"]["open_reg"]) {
$messages = array("errors" => array(), "warnings" => array(), "success" => "");
foreach ($this->activemodules as &$instance) {
$instance->VerifyCheck($messages);
}
if (!count($messages["errors"])) {
if (!isset($_REQUEST["sso_v"]) || !isset($sso_session_info["sso_login_verify"])) {
$messages["errors"][] = BB_Translate("Invalid URL. Verification missing.");
} else {
if (trim($_REQUEST["sso_v"]) !== $sso_session_info["sso_login_verify"]["v"]) {
$messages["errors"][] = BB_Translate("Invalid verification string specified.");
} else {
try {
$sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("verified" => 1), "WHERE" => "id = ?"), $sso_session_info["sso_login_verify"]["id"]);
} catch (Exception $e) {
$messages["errors"][] = BB_Translate("Verification failed. Database query error.");
}
if (!count($messages["errors"])) {
header("Location: " . BB_GetRequestHost() . $sso_target_url . "&sso_msg=verified");
exit;
}
}
}
}
echo $sso_header;
SSO_OutputHeartbeat();
?>
<div class="sso_main_wrap sso_login">
<div class="sso_main_wrap_inner">
<?php
$this->DisplayMessages($messages, false);
?>
<div class="sso_login_signin"><a href="<?php
echo htmlspecialchars($sso_target_url);
?>
"><?php
echo htmlspecialchars(BB_Translate("Sign in"));
?>
</a></div>
</div>
</div>
<?php
echo $sso_footer;
} else {
if (isset($_REQUEST["sso_login_action"]) && $_REQUEST["sso_login_action"] == "signup_check" && $sso_settings["sso_login"]["open_reg"]) {
$result = $this->SignupUpdateCheck(true, false, false, false);
foreach ($result["errors"] as $error) {
echo "<div class=\"sso_main_formerror\">" . htmlspecialchars($error) . "</div>";
}
foreach ($result["warnings"] as $warning) {
echo "<div class=\"sso_main_formwarning\">" . htmlspecialchars($warning) . "</div>";
}
if (!count($result["errors"]) && !count($result["warnings"])) {
if ($result["success"] != "") {
echo "<div class=\"sso_main_formokay\">" . htmlspecialchars($result["success"]) . "</div>";
} else {
if (isset($result["htmlsuccess"]) && $result["htmlsuccess"] != "") {
echo "<div class=\"sso_main_formokay\">" . $result["htmlsuccess"] . "</div>";
}
}
}
} else {
if (isset($_REQUEST["sso_login_action"]) && $_REQUEST["sso_login_action"] == "signup" && $sso_settings["sso_login"]["open_reg"]) {
if (SSO_FrontendFieldValue("submit") === false) {
$messages = false;
} else {
$messages = $this->SignupUpdateCheck(false, false, false, false);
if (!count($messages["errors"])) {
// Create the account.
$username = SSO_FrontendFieldValue("username", "");
$email = SSO_FrontendFieldValue("email", "");
$verified = true;
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$result = SMTP::MakeValidEmailAddress($email);
$email = $result["email"];
$verified = $sso_settings["sso_login"]["email_verify_subject"] == "" || $sso_settings["sso_login"]["email_verify_msg"] == "";
}
$salt = $sso_rng->GenerateString();
$data = $username . ":" . $email . ":" . $salt . ":" . SSO_FrontendFieldValue("createpass");
$passwordinfo = self::HashPasswordInfo($data, $sso_settings["sso_login"]["password_mode"], $sso_settings["sso_login"]["password_minrounds"]);
if (!$passwordinfo["success"]) {
$messages["errors"][] = BB_Translate("Unexpected cryptography error.");
} else {
$userinfo = array();
$userinfo["extra"] = $sso_rng->GenerateString();
$userinfo["two_factor_key"] = $sso_session_info["sso_login_two_factor_key"];
$userinfo["two_factor_method"] = SSO_FrontendFieldValue("two_factor_method", "");
foreach ($this->activemodules as &$instance) {
$instance->SignupAddInfo($userinfo, false);
}
$userinfo["salt"] = $salt;
$userinfo["rounds"] = (int) $passwordinfo["rounds"];
$userinfo["password"] = bin2hex($passwordinfo["hash"]);
$userinfo2 = SSO_EncryptDBData($userinfo);
try {
if ($sso_settings["sso_login"]["install_type"] == "email_username") {
$sso_db->Query("INSERT", array($sso_db_sso_login_users, array("username" => $username, "email" => $email, "verified" => (int) $verified, "created" => CSDB::ConvertToDBTime(time()), "info" => $userinfo2), "AUTO INCREMENT" => "id"));
} else {
if ($sso_settings["sso_login"]["install_type"] == "email") {
$sso_db->Query("INSERT", array($sso_db_sso_login_users, array("email" => $email, "verified" => (int) $verified, "created" => CSDB::ConvertToDBTime(time()), "info" => $userinfo2), "AUTO INCREMENT" => "id"));
} else {
if ($sso_settings["sso_login"]["install_type"] == "username") {
$sso_db->Query("INSERT", array($sso_db_sso_login_users, array("username" => $username, "created" => CSDB::ConvertToDBTime(time()), "info" => $userinfo2), "AUTO INCREMENT" => "id"));
} else {
$messages["errors"][] = BB_Translate("Fatal error: Login system is broken.");
}
}
}
// Send verification e-mail.
if (!count($messages["errors"])) {
$userid = $sso_db->GetInsertID();
}
if (!count($messages["errors"]) && !$verified) {
$this->SendVerificationEmail($userid, $userinfo, $messages, $username, $email);
}
} catch (Exception $e) {
$messages["errors"][] = BB_Translate("Database query error.");
}
if (!count($messages["errors"])) {
foreach ($this->activemodules as &$instance) {
$instance->SignupDone($userid, false);
}
header("Location: " . BB_GetRequestHost() . $sso_target_url . "&sso_msg=" . ($verified ? "verified" : "verify"));
exit;
}
}
}
}
echo $sso_header;
SSO_OutputHeartbeat();
$this->OutputJS($sso_target_url . "&sso_login_action=signup_check&sso_ajax=1");
?>
<div class="sso_main_wrap sso_login">
<div class="sso_main_wrap_inner">
<?php
$this->DisplayMessages($messages);
?>
<div class="sso_login_signin"><a href="<?php
echo htmlspecialchars($sso_target_url);
?>
"><?php
echo htmlspecialchars(BB_Translate("Sign in"));
?>
</a></div>
<div class="sso_main_form_wrap sso_login_signup_form">
<div class="sso_main_form_header"><?php
echo htmlspecialchars(BB_Translate("Sign up"));
?>
</div>
<form class="sso_main_form" name="sso_login_form" method="post" accept-charset="UTF-8" enctype="multipart/form-data" action="<?php
echo htmlspecialchars($sso_target_url . "&sso_login_action=signup");
?>
" autocomplete="off">
<?php
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
?>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Your E-mail Address"));
?>
</div>
<div class="sso_main_formdata"><input class="sso_main_text sso_login_changehook" type="text" name="<?php
echo SSO_FrontendField("email");
?>
" value="<?php
echo htmlspecialchars(SSO_FrontendFieldValue("email", ""));
?>
" /></div>
</div>
<?php
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
?>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Choose Username"));
?>
</div>
<div class="sso_main_formdata"><input class="sso_main_text sso_login_changehook" type="text" name="<?php
echo SSO_FrontendField("username");
?>
" value="<?php
echo htmlspecialchars(SSO_FrontendFieldValue("username", ""));
?>
" /></div>
</div>
<?php
}
?>
<script type="text/javascript">
jQuery('input.sso_main_text:first').focus();
</script>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Choose Password"));
?>
</div>
<div class="sso_main_formdata"><input class="sso_main_text sso_login_changehook" type="password" name="<?php
echo SSO_FrontendField("createpass");
?>
" value="<?php
echo htmlspecialchars(SSO_FrontendFieldValue("createpass", ""));
?>
" /></div>
</div>
<?php
$outputmap = array();
// Two-factor authentication dropdown.
$outputmap2 = array();
$method = SSO_FrontendFieldValue("two_factor_method", "");
foreach ($this->activemodules as $key => &$instance) {
$name = $instance->GetTwoFactorName();
if ($name !== false) {
$order = isset($sso_settings["sso_login"]["modules"][$key]["_s"]) ? $sso_settings["sso_login"]["modules"][$key]["_s"] : $instance->DefaultOrder();
SSO_AddSortedOutput($outputmap2, $order, $key, "<option value=\"" . htmlspecialchars($key) . "\"" . ($method == $key ? " selected" : "") . ">" . htmlspecialchars($name) . "</option>");
}
}
if (!$sso_settings["sso_login"]["require_two_factor"] && count($outputmap2)) {
SSO_AddSortedOutput($outputmap2, 0, "", "<option value=\"\"" . ($method == "" ? " selected" : "") . ">" . htmlspecialchars(BB_Translate("None")) . "</option>");
}
if (count($outputmap2)) {
if (!isset($sso_session_info["sso_login_two_factor_key"])) {
$sso_session_info["sso_login_two_factor_key"] = self::GenerateOTPKey(10);
SSO_SaveSessionInfo();
}
ob_start();
?>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Choose Two-Factor Authentication Method"));
?>
</div>
<div class="sso_main_formdata"><select class="sso_main_dropdown sso_login_changehook_two_factor" name="<?php
echo SSO_FrontendField("two_factor_method");
?>
">
<?php
SSO_DisplaySortedOutput($outputmap2);
?>
</select></div>
<div class="sso_main_formdesc"><?php
echo htmlspecialchars(BB_Translate($sso_settings["sso_login"]["require_two_factor"] ? "Required. Two-factor authentication vastly improves the security of your account." : "Optional. Two-factor authentication vastly improves the security of your account."));
?>
</div>
</div>
<?php
$order = $sso_settings["sso_login"]["two_factor_order"];
SSO_AddSortedOutput($outputmap, $order, "two_factor", ob_get_contents());
ob_end_clean();
}
// Add active module output.
foreach ($this->activemodules as $key => &$instance) {
ob_start();
$instance->GenerateSignup(false);
$order = isset($sso_settings["sso_login"]["modules"][$key]["_s"]) ? $sso_settings["sso_login"]["modules"][$key]["_s"] : $instance->DefaultOrder();
SSO_AddSortedOutput($outputmap, $order, $key, ob_get_contents());
ob_end_clean();
}
SSO_DisplaySortedOutput($outputmap);
?>
<div class="sso_main_formsubmit">
<input type="submit" name="<?php
echo SSO_FrontendField("submit");
?>
" value="<?php
echo htmlspecialchars(BB_Translate("Sign up"));
?>
" />
</div>
</form>
</div>
</div>
</div>
<?php
echo $sso_footer;
} else {
if (isset($_REQUEST["sso_login_action"]) && $_REQUEST["sso_login_action"] == "update_info") {
// Check the session and load the user account.
$messages = array("errors" => array(), "warnings" => array(), "success" => "");
foreach ($this->activemodules as &$instance) {
$instance->UpdateInfoCheck($messages, false, false);
}
$userrow = false;
if (!count($messages["errors"])) {
if (!isset($_REQUEST["sso_v"]) || !isset($sso_session_info["sso_login_update"])) {
$messages["errors"][] = BB_Translate("Invalid URL. Verification missing.");
} else {
if (trim($_REQUEST["sso_v"]) !== $sso_session_info["sso_login_update"]["v"]) {
$messages["errors"][] = BB_Translate("Invalid verification string specified.");
} else {
if (!isset($sso_session_info["sso_login_update"]["expires"]) || CSDB::ConvertFromDBTime($sso_session_info["sso_login_update"]["expires"]) < time()) {
$messages["errors"][] = BB_Translate("Update information is expired or invalid.");
} else {
try {
$userrow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_login_users, $sso_session_info["sso_login_update"]["id"]);
if ($userrow === false) {
$messages["errors"][] = BB_Translate("Update information is expired or invalid.");
} else {
if (!isset($userrow->username)) {
$userrow->username = "";
}
if (!isset($userrow->email)) {
$userrow->email = "";
}
if (!isset($userrow->verified)) {
$userrow->verified = 1;
}
}
} catch (Exception $e) {
$messages["errors"][] = BB_Translate("User check failed. Database query error.");
}
}
}
}
}
if (!count($messages["errors"])) {
$userinfo = SSO_DecryptDBData($userrow->info);
if ($userinfo === false) {
$messages["errors"][] = BB_Translate("Error loading user information.");
}
}
if (isset($_REQUEST["sso_ajax"])) {
if (!count($messages["errors"])) {
$messages = $this->SignupUpdateCheck(true, $userrow, $userinfo, false);
}
foreach ($messages["errors"] as $error) {
echo "<div class=\"sso_main_formerror\">" . htmlspecialchars($error) . "</div>";
}
foreach ($messages["warnings"] as $warning) {
echo "<div class=\"sso_main_formwarning\">" . htmlspecialchars($warning) . "</div>";
}
if (!count($messages["errors"]) && !count($messages["warnings"])) {
if ($messages["success"] != "") {
echo "<div class=\"sso_main_formokay\">" . htmlspecialchars($messages["success"]) . "</div>";
} else {
if ($messages["htmlsuccess"] != "") {
echo "<div class=\"sso_main_formokay\">" . $messages["htmlsuccess"] . "</div>";
}
}
}
} else {
if (count($messages["errors"])) {
echo $sso_header;
SSO_OutputHeartbeat();
?>
<div class="sso_main_wrap sso_login">
<div class="sso_main_wrap_inner">
<?php
$this->DisplayMessages($messages, false);
?>
<div class="sso_login_signin"><a href="<?php
echo htmlspecialchars($sso_target_url);
?>
"><?php
echo htmlspecialchars(BB_Translate("Sign in"));
?>
</a></div>
</div>
</div>
<?php
echo $sso_footer;
} else {
$messagesheader = false;
$messages = false;
if (SSO_FrontendFieldValue("submit") === false) {
if (isset($_REQUEST["sso_msg"])) {
$messages = array("errors" => array(), "warnings" => array(), "success" => "");
foreach ($this->activemodules as &$instance) {
$instance->InitMessages($messages);
}
}
} else {
$messages = $this->SignupUpdateCheck(false, $userrow, $userinfo, false);
if (!count($messages["errors"])) {
// Update the account.
if ($sso_settings["sso_login"]["change_username"] && ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username")) {
$username = SSO_FrontendFieldValue("update_username", "");
} else {
$username = $userrow->username;
}
if ($sso_settings["sso_login"]["change_email"] && ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email")) {
$email = SSO_FrontendFieldValue("update_email", "");
$result = SMTP::MakeValidEmailAddress($email);
$email = $result["email"];
$verified = $sso_settings["sso_login"]["email_verify_subject"] == "" || $sso_settings["sso_login"]["email_verify_msg"] == "" || $userrow->email == $email;
} else {
$email = $userrow->email;
$verified = $userrow->verified;
}
if (SSO_FrontendFieldValue("update_pass", "") != "") {
$salt = $sso_rng->GenerateString();
$data = $username . ":" . $email . ":" . $salt . ":" . SSO_FrontendFieldValue("update_pass");
$passwordinfo = self::HashPasswordInfo($data, $sso_settings["sso_login"]["password_mode"], $sso_settings["sso_login"]["password_minrounds"]);
if (!$passwordinfo["success"]) {
$messages["errors"][] = BB_Translate("Unexpected cryptography error.");
} else {
$numrounds = (int) $passwordinfo["rounds"];
$password = bin2hex($passwordinfo["hash"]);
}
} else {
if ($username != $userrow->username || $email != $userrow->email) {
$messages["errors"][] = BB_Translate("Please enter a new password.");
} else {
$salt = $userinfo["salt"];
$numrounds = $userinfo["rounds"];
$password = $userinfo["password"];
}
}
if (SSO_FrontendFieldValue("reset_two_factor_key", "") == "yes") {
$sso_session_info["sso_login_two_factor_key"] = self::GenerateOTPKey(10);
SSO_SaveSessionInfo();
$messages["errors"][] = BB_Translate("Two-factor authentication security key has been reset.");
}
if (!count($messages["errors"])) {
$userinfo["two_factor_key"] = $sso_session_info["sso_login_two_factor_key"];
$userinfo["two_factor_method"] = SSO_FrontendFieldValue("update_two_factor_method", "");
foreach ($this->activemodules as &$instance) {
$instance->UpdateAddInfo($userinfo);
}
$userinfo["salt"] = $salt;
$userinfo["rounds"] = $numrounds;
$userinfo["password"] = $password;
$userinfo2 = SSO_EncryptDBData($userinfo);
try {
if ($sso_settings["sso_login"]["install_type"] == "email_username") {
$sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("username" => $username, "email" => $email, "verified" => (int) $verified, "info" => $userinfo2), "WHERE" => "id = ?"), $userrow->id);
} else {
if ($sso_settings["sso_login"]["install_type"] == "email") {
$sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("email" => $email, "verified" => (int) $verified, "info" => $userinfo2), "WHERE" => "id = ?"), $userrow->id);
} else {
if ($sso_settings["sso_login"]["install_type"] == "username") {
$sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("username" => $username, "info" => $userinfo2), "WHERE" => "id = ?"), $userrow->id);
} else {
$messages["errors"][] = BB_Translate("Fatal error: Login system is broken.");
}
}
}
// Send verification e-mail.
$userid = $userrow->id;
if (!count($messages["errors"]) && !$verified) {
$this->SendVerificationEmail($userid, $userinfo, $messages, $username, $email);
}
} catch (Exception $e) {
$messages["errors"][] = BB_Translate("Database query error.");
}
if (!count($messages["errors"])) {
foreach ($this->activemodules as &$instance) {
$instance->UpdateInfoDone($userid);
}
header("Location: " . BB_GetRequestHost() . $sso_target_url . "&sso_msg=" . ($verified ? "updated" : "verify"));
exit;
}
}
}
}
echo $sso_header;
SSO_OutputHeartbeat();
$this->OutputJS($sso_target_url . "&sso_login_action=update_info&sso_v=" . urlencode($_REQUEST["sso_v"]) . "&sso_ajax=1");
?>
<div class="sso_main_wrap sso_login">
<div class="sso_main_wrap_inner">
<?php
$this->DisplayMessages($messages);
?>
<div class="sso_login_signin"><a href="<?php
echo htmlspecialchars($sso_target_url);
?>
"><?php
echo htmlspecialchars(BB_Translate("Sign in"));
?>
</a></div>
<div class="sso_main_form_wrap sso_login_updateinfo_form">
<div class="sso_main_form_header"><?php
echo htmlspecialchars(BB_Translate("Update Information"));
?>
</div>
<form class="sso_main_form" name="sso_login_form" method="post" accept-charset="UTF-8" enctype="multipart/form-data" action="<?php
echo htmlspecialchars($sso_target_url . "&sso_login_action=update_info&sso_v=" . urlencode($_REQUEST["sso_v"]));
?>
" autocomplete="off">
<?php
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
?>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Your E-mail Address"));
?>
</div>
<div class="sso_main_formdata"><?php
if ($sso_settings["sso_login"]["change_email"]) {
?>
<input class="sso_main_text sso_login_changehook" type="text" name="<?php
echo SSO_FrontendField("update_email");
?>
" value="<?php
echo htmlspecialchars(SSO_FrontendFieldValue("update_email", $userrow->email));
?>
" /><?php
} else {
?>
<input type="hidden" name="<?php
echo SSO_FrontendField("update_email");
?>
" value="<?php
echo htmlspecialchars(SSO_FrontendFieldValue("update_email", $userrow->email));
?>
" /><div class="sso_main_static"><?php
echo htmlspecialchars($userrow->email);
?>
</div><?php
}
?>
</div>
</div>
<?php
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
?>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Your Username"));
?>
</div>
<div class="sso_main_formdata"><?php
if ($sso_settings["sso_login"]["change_username"]) {
?>
<input class="sso_main_text sso_login_changehook" type="text" name="<?php
echo SSO_FrontendField("update_username");
?>
" value="<?php
echo htmlspecialchars(SSO_FrontendFieldValue("update_username", $userrow->username));
?>
" /><?php
} else {
?>
<input type="hidden" name="<?php
echo SSO_FrontendField("update_username");
?>
" value="<?php
echo htmlspecialchars(SSO_FrontendFieldValue("update_username", $userrow->username));
?>
" /><div class="sso_main_static"><?php
echo htmlspecialchars($userrow->username);
?>
</div><?php
}
?>
</div>
</div>
<?php
}
?>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("New Password"));
?>
</div>
<div class="sso_main_formdata"><input class="sso_main_text sso_login_changehook" type="password" name="<?php
echo SSO_FrontendField("update_pass");
?>
" value="<?php
echo htmlspecialchars(SSO_FrontendFieldValue("update_pass", ""));
?>
" /></div>
<div class="sso_main_formdesc"><?php
echo htmlspecialchars(BB_Translate("Optional. Will change the password for the account."));
?>
</div>
</div>
<script type="text/javascript">
jQuery('input.sso_main_text:first').focus();
</script>
<?php
$outputmap = array();
// Two-factor authentication dropdown.
$outputmap2 = array();
$method = SSO_FrontendFieldValue("update_two_factor_method", isset($updateinfo["two_factor_method"]) ? $updateinfo["two_factor_method"] : "");
foreach ($this->activemodules as $key => &$instance) {
$name = $instance->GetTwoFactorName();
if ($name !== false) {
$order = isset($sso_settings["sso_login"]["modules"][$key]["_s"]) ? $sso_settings["sso_login"]["modules"][$key]["_s"] : $instance->DefaultOrder();
SSO_AddSortedOutput($outputmap2, $order, $key, "<option value=\"" . htmlspecialchars($key) . "\"" . ($method == $key ? " selected" : "") . ">" . htmlspecialchars($name) . "</option>");
}
}
if (!$sso_settings["sso_login"]["require_two_factor"] && count($outputmap2)) {
SSO_AddSortedOutput($outputmap2, 0, "", "<option value=\"\"" . ($method == "" ? " selected" : "") . ">" . htmlspecialchars(BB_Translate("None")) . "</option>");
}
if (count($outputmap2)) {
if (!isset($sso_session_info["sso_login_two_factor_key"])) {
$sso_session_info["sso_login_two_factor_key"] = self::GenerateOTPKey(10);
SSO_SaveSessionInfo();
}
ob_start();
?>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Choose Two-Factor Authentication Method"));
?>
</div>
<div class="sso_main_formdata"><select class="sso_main_dropdown sso_login_changehook_two_factor" name="<?php
echo SSO_FrontendField("update_two_factor_method");
?>
">
<?php
SSO_DisplaySortedOutput($outputmap2);
?>
</select></div>
<div class="sso_main_formdesc"><?php
echo htmlspecialchars(BB_Translate($sso_settings["sso_login"]["require_two_factor"] ? "Required. Two-factor authentication vastly improves the security of your account." : "Optional. Two-factor authentication vastly improves the security of your account."));
?>
</div>
<div class="sso_main_formtwofactorreset"><input id="sso_two_factor_reset" type="checkbox" name="<?php
echo SSO_FrontendField("reset_two_factor_key");
?>
" value="yes"> <label for="sso_two_factor_reset"><?php
echo htmlspecialchars(BB_Translate("Reset two-factor authentication security key"));
?>
</label></div>
</div>
<?php
$order = $sso_settings["sso_login"]["two_factor_order"];
SSO_AddSortedOutput($outputmap, $order, "two_factor", ob_get_contents());
ob_end_clean();
}
// Add active module output.
foreach ($this->activemodules as $key => &$instance) {
ob_start();
$instance->GenerateUpdateInfo($userrow, $userinfo);
$order = isset($sso_settings["sso_login"]["modules"][$key]["_s"]) ? $sso_settings["sso_login"]["modules"][$key]["_s"] : $instance->DefaultOrder();
SSO_AddSortedOutput($outputmap, $order, $key, ob_get_contents());
ob_end_clean();
}
SSO_DisplaySortedOutput($outputmap);
?>
<div class="sso_main_formsubmit">
<input type="submit" name="<?php
echo SSO_FrontendField("submit");
?>
" value="<?php
echo htmlspecialchars(BB_Translate("Update"));
?>
" />
</div>
</form>
</div>
</div>
</div>
<?php
}
}
} else {
if (isset($_REQUEST["sso_login_action"]) && $_REQUEST["sso_login_action"] == "recover2" && isset($_REQUEST["sso_method"]) && $this->IsRecoveryAllowed()) {
// Load and validate the recovery options.
$userrow = false;
if (isset($sso_session_info["sso_login_recover"]) && isset($sso_session_info["sso_login_recover"]["id"]) && isset($sso_session_info["sso_login_recover"]["method"]) && $sso_session_info["sso_login_recover"]["method"] == $_REQUEST["sso_method"]) {
try {
$userrow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_login_users, $sso_session_info["sso_login_recover"]["id"]);
if ($userrow) {
if (!isset($userrow->username)) {
$userrow->username = "";
}
if (!isset($userrow->email)) {
$userrow->email = "";
}
if (!isset($userrow->verified)) {
$userrow->verified = 1;
}
}
} catch (Exception $e) {
header("Location: " . BB_GetRequestHost() . $sso_target_url . "&sso_login_action=recover&sso_msg=recovery_db_error");
exit;
}
}
if ($userrow === false) {
header("Location: " . BB_GetRequestHost() . $sso_target_url . "&sso_login_action=recover&sso_msg=recovery_expired_invalid");
exit;
}
$userinfo = SSO_DecryptDBData($userrow->info);
if ($userinfo === false) {
header("Location: " . BB_GetRequestHost() . $sso_target_url . "&sso_login_action=recover&sso_msg=recovery_db_user_error");
exit;
}
$messagesheader = false;
$messages = false;
if (SSO_FrontendFieldValue("submit") === false) {
if (isset($_REQUEST["sso_msg"])) {
$messages = array("errors" => array(), "warnings" => array(), "success" => "");
foreach ($this->activemodules as &$instance) {
$instance->InitMessages($messages);
}
}
} else {
$messages = array("errors" => array(), "warnings" => array(), "success" => "");
foreach ($this->activemodules as &$instance) {
$instance->RecoveryCheck2($messages, false);
}
if (!count($messages["errors"])) {
foreach ($this->activemodules as &$instance) {
$instance->RecoveryCheck2($messages, $userinfo);
}
if (!count($messages["errors"])) {
$sso_session_info["sso_login_update"] = array("id" => $userrow->id, "v" => $sso_rng->GenerateString(), "expires" => CSDB::ConvertToDBTime(time() + 30 * 60));
$sso_session_info["sso_login_two_factor_key"] = isset($userinfo["two_factor_key"]) && $userinfo["two_factor_key"] != "" ? $userinfo["two_factor_key"] : self::GenerateOTPKey(10);
if (!SSO_SaveSessionInfo()) {
$result["errors"][] = BB_Translate("Recovery was successful but a fatal error occurred. Fatal error: Unable to save session information.");
} else {
header("Location: " . BB_GetRequestHost() . $sso_target_url . "&sso_login_action=update_info&sso_v=" . urlencode($sso_session_info["sso_login_update"]["v"]));
exit;
}
}
}
}
echo $sso_header;
SSO_OutputHeartbeat();
$this->OutputJS();
?>
<div class="sso_main_wrap sso_login">
<div class="sso_main_wrap_inner">
<?php
$this->DisplayMessages($messages, $messagesheader);
?>
<div class="sso_login_signin"><a href="<?php
echo htmlspecialchars($sso_target_url);
?>
"><?php
echo htmlspecialchars(BB_Translate("Sign in"));
?>
</a></div>
<div class="sso_main_form_wrap sso_login_recover_form">
<div class="sso_main_form_header"><?php
echo htmlspecialchars(BB_Translate("Restore Access"));
?>
</div>
<form class="sso_main_form" name="sso_login_form" method="post" accept-charset="UTF-8" enctype="multipart/form-data" action="<?php
echo htmlspecialchars($sso_target_url . "&sso_login_action=recover2&sso_method=" . urlencode($_REQUEST["sso_method"]));
?>
" autocomplete="off">
<?php
$outputmap = array();
foreach ($this->activemodules as $key => &$instance) {
ob_start();
$instance->GenerateRecovery2($messages);
$order = isset($sso_settings["sso_login"]["modules"][$key]["_s"]) ? $sso_settings["sso_login"]["modules"][$key]["_s"] : $instance->DefaultOrder();
SSO_AddSortedOutput($outputmap, $order, $key, ob_get_contents());
ob_end_clean();
}
SSO_DisplaySortedOutput($outputmap);
?>
<script type="text/javascript">
jQuery('input.sso_main_text:first').focus();
</script>
<div class="sso_main_formsubmit">
<input type="submit" name="<?php
echo SSO_FrontendField("submit");
?>
" value="<?php
echo htmlspecialchars(BB_Translate("Next"));
?>
" />
</div>
</form>
</div>
</div>
</div>
<?php
echo $sso_footer;
} else {
if (isset($_REQUEST["sso_login_action"]) && $_REQUEST["sso_login_action"] == "recover" && $this->IsRecoveryAllowed()) {
$messagesheader = false;
$messages = false;
if (SSO_FrontendFieldValue("submit") === false) {
if (isset($_REQUEST["sso_msg"])) {
$messages = array("errors" => array(), "warnings" => array(), "success" => "");
if ($_REQUEST["sso_msg"] == "recovery_db_error") {
$messages["warnings"][] = BB_Translate("A database error occurred while attempting to load recovery information.");
} else {
if ($_REQUEST["sso_msg"] == "recovery_expired_invalid") {
$messages["errors"][] = BB_Translate("Recovery information is expired or invalid.");
} else {
if ($_REQUEST["sso_msg"] == "recovery_db_user_error") {
$messages["errors"][] = BB_Translate("User information in the database is corrupted.");
} else {
foreach ($this->activemodules as &$instance) {
$instance->InitMessages($messages);
}
}
}
}
}
} else {
$messages = array("errors" => array(), "warnings" => array(), "success" => "");
$user = SSO_FrontendFieldValue("user_recover");
$method = SSO_FrontendFieldValue("recover_method");
if ($user === false || $user == "" || $method === false || $method == "") {
$messages["errors"][] = BB_Translate("Please fill in the fields.");
} else {
foreach ($this->activemodules as &$instance) {
$instance->RecoveryCheck($messages, false);
}
if (!count($messages["errors"])) {
$userrow = false;
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
try {
$userrow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "email = ?"), $sso_db_sso_login_users, $user);
if ($userrow) {
if (!isset($userrow->username)) {
$userrow->username = "";
}
}
} catch (Exception $e) {
$messages["errors"][] = BB_Translate("User check failed. Database query error.");
}
} else {
if ($sso_settings["sso_login"]["install_type"] == "username") {
try {
$userrow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "username = ?"), $sso_db_sso_login_users, $user);
if ($userrow) {
if (!isset($userrow->email)) {
$userrow->email = "";
}
if (!isset($userrow->verified)) {
$userrow->verified = 1;
}
}
} catch (Exception $e) {
$messages["errors"][] = BB_Translate("User check failed. Database query error.");
}
} else {
$messages["errors"][] = BB_Translate("Login system is broken.");
}
}
if ($userrow === false) {
$messages["errors"][] = BB_Translate("Invalid login.");
} else {
$userinfo = SSO_DecryptDBData($userrow->info);
if ($userinfo === false) {
$messages["errors"][] = BB_Translate("Error loading user information.");
} else {
foreach ($this->activemodules as &$instance) {
$instance->RecoveryCheck($messages, $userinfo);
}
}
}
if (!count($messages["errors"])) {
if ($method == "email" && $userrow->email != "") {
$sso_session_info["sso_login_update"] = array("id" => $userrow->id, "v" => $sso_rng->GenerateString(), "expires" => CSDB::ConvertToDBTime(time() + 30 * 60));
$sso_session_info["sso_login_two_factor_key"] = isset($userinfo["two_factor_key"]) && $userinfo["two_factor_key"] != "" ? $userinfo["two_factor_key"] : self::GenerateOTPKey(10);
if (!SSO_SaveSessionInfo()) {
$messages["errors"][] = BB_Translate("Login exists but a fatal error occurred. Fatal error: Unable to save session information.");
} else {
$fromaddr = BB_PostTranslate($sso_settings["sso_login"]["email_recover_from"] != "" ? $sso_settings["sso_login"]["email_recover_from"] : SSO_SMTP_FROM);
$subject = BB_Translate($sso_settings["sso_login"]["email_recover_subject"]);
$verifyurl = BB_GetRequestHost() . $sso_target_url . ($sso_settings["sso_login"]["email_session"] == "all" ? "&sso_id=" . urlencode($_REQUEST["sso_id"]) : "") . "&sso_login_action=update_info&sso_v=" . urlencode($sso_session_info["sso_login_update"]["v"]);
$htmlmsg = str_ireplace(array("@USERNAME@", "@EMAIL@", "@VERIFY@"), array(htmlspecialchars($userrow->username), htmlspecialchars($userrow->email), htmlspecialchars($verifyurl)), BB_PostTranslate($sso_settings["sso_login"]["email_recover_msg"]));
$textmsg = str_ireplace(array("@USERNAME@", "@EMAIL@", "@VERIFY@"), array($userrow->username, $userrow->email, $verifyurl), BB_PostTranslate($sso_settings["sso_login"]["email_recover_msg_text"]));
foreach ($this->activemodules as &$instance) {
$instance->ModifyEmail($userinfo, $htmlmsg, $textmsg);
}
$result = SSO_SendEmail($fromaddr, $userrow->email, $subject, $htmlmsg, $textmsg);
if (!$result["success"]) {
$messages["errors"][] = BB_Translate("Login exists but a fatal error occurred. Fatal error: Unable to send verification e-mail. %s", $result["error"]);
} else {
foreach ($this->activemodules as &$instance) {
$instance->RecoveryDone($messages, $method, $userrow, $userinfo);
}
if (!count($messages["errors"])) {
header("Location: " . BB_GetRequestHost() . $sso_target_url . "&sso_msg=recovery_email_sent");
exit;
}
}
}
} else {
foreach ($this->activemodules as &$instance) {
$instance->RecoveryDone($messages, $method, $userrow, $userinfo);
}
}
}
}
}
}
echo $sso_header;
SSO_OutputHeartbeat();
$this->OutputJS();
?>
<div class="sso_main_wrap sso_login">
<div class="sso_main_wrap_inner">
<?php
$this->DisplayMessages($messages, $messagesheader);
?>
<div class="sso_login_signin"><a href="<?php
echo htmlspecialchars($sso_target_url);
?>
"><?php
echo htmlspecialchars(BB_Translate("Sign in"));
?>
</a></div>
<div class="sso_main_form_wrap sso_login_recover_form">
<div class="sso_main_form_header"><?php
echo htmlspecialchars(BB_Translate("Restore Access"));
?>
</div>
<form class="sso_main_form" name="sso_login_form" method="post" accept-charset="UTF-8" enctype="multipart/form-data" action="<?php
echo htmlspecialchars($sso_target_url . "&sso_login_action=recover");
?>
" autocomplete="off">
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
echo htmlspecialchars(BB_Translate("E-mail Address"));
} else {
if ($sso_settings["sso_login"]["install_type"] == "username") {
echo htmlspecialchars(BB_Translate("Username"));
} else {
echo htmlspecialchars(BB_Translate("Login system is broken."));
}
}
?>
</div>
<div class="sso_main_formdata"><input class="sso_main_text" type="text" name="<?php
echo SSO_FrontendField("user_recover");
?>
" /></div>
</div>
<script type="text/javascript">
jQuery('input.sso_main_text:first').focus();
</script>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Recovery Method"));
?>
</div>
<div class="sso_main_formdata"><select class="sso_main_dropdown" name="<?php
echo SSO_FrontendField("recover_method");
?>
">
<?php
$method = SSO_FrontendFieldValue("recover_method", "");
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
echo "<option value=\"email\"" . ($method == "email" ? " selected" : "") . ">" . htmlspecialchars(BB_Translate("E-mail")) . "</option>";
}
foreach ($this->activemodules as &$instance) {
$instance->AddRecoveryMethod($method);
}
?>
</select></div>
</div>
<?php
$outputmap = array();
foreach ($this->activemodules as $key => &$instance) {
ob_start();
$instance->GenerateRecovery($messages);
$order = isset($sso_settings["sso_login"]["modules"][$key]["_s"]) ? $sso_settings["sso_login"]["modules"][$key]["_s"] : $instance->DefaultOrder();
SSO_AddSortedOutput($outputmap, $order, $key, ob_get_contents());
ob_end_clean();
}
SSO_DisplaySortedOutput($outputmap);
?>
<div class="sso_main_formsubmit">
<input type="submit" name="<?php
echo SSO_FrontendField("submit");
?>
" value="<?php
echo htmlspecialchars(BB_Translate("Next"));
?>
" />
</div>
</form>
</div>
</div>
</div>
<?php
echo $sso_footer;
} else {
if (isset($_REQUEST["sso_login_action"]) && $_REQUEST["sso_login_action"] == "two_factor") {
// Check the session and load the user account.
$messages = array("errors" => array(), "warnings" => array(), "success" => "");
foreach ($this->activemodules as &$instance) {
$instance->TwoFactorCheck($messages, false);
}
$userrow = false;
if (!count($messages["errors"])) {
if (!isset($_REQUEST["sso_v"]) || !isset($sso_session_info["sso_login_two_factor"])) {
$messages["errors"][] = BB_Translate("Invalid URL. Verification missing.");
} else {
if (trim($_REQUEST["sso_v"]) !== $sso_session_info["sso_login_two_factor"]["v"]) {
$messages["errors"][] = BB_Translate("Invalid verification string specified.");
} else {
if (!isset($sso_session_info["sso_login_two_factor"]["expires"]) || CSDB::ConvertFromDBTime($sso_session_info["sso_login_two_factor"]["expires"]) < time()) {
$messages["errors"][] = BB_Translate("Two-factor information is expired or invalid.");
} else {
try {
$userrow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_login_users, $sso_session_info["sso_login_two_factor"]["id"]);
if ($userrow === false) {
$messages["errors"][] = BB_Translate("Two-factor information is expired or invalid.");
} else {
if (!isset($userrow->username)) {
$userrow->username = "";
}
if (!isset($userrow->email)) {
$userrow->email = "";
}
if (!isset($userrow->verified)) {
$userrow->verified = 1;
}
}
} catch (Exception $e) {
$messages["errors"][] = BB_Translate("User check failed. Database query error.");
}
}
}
}
}
$method = BB_Translate("Unknown/Invalid.");
if (!count($messages["errors"])) {
$userinfo = SSO_DecryptDBData($userrow->info);
if ($userinfo === false) {
$messages["errors"][] = BB_Translate("Error loading user information.");
} else {
// Check the two-factor authentication method.
$methods = array();
foreach ($this->activemodules as $key => &$instance) {
$name = $instance->GetTwoFactorName(false);
if ($name !== false) {
$methods[$key] = $name;
}
}
if (isset($userinfo["two_factor_method"]) && isset($methods[$userinfo["two_factor_method"]])) {
$method = $methods[$userinfo["two_factor_method"]];
} else {
$messages["errors"][] = BB_Translate("A valid two-factor authentication method for this account is not available. Use account recovery to restore access to the account.");
}
}
}
if (count($messages["errors"])) {
echo $sso_header;
SSO_OutputHeartbeat();
?>
<div class="sso_main_wrap sso_login">
<div class="sso_main_wrap_inner">
<?php
$this->DisplayMessages($messages, false);
?>
<div class="sso_login_signin"><a href="<?php
echo htmlspecialchars($sso_target_url);
?>
"><?php
echo htmlspecialchars(BB_Translate("Sign in"));
?>
</a></div>
</div>
</div>
<?php
echo $sso_footer;
} else {
$messagesheader = false;
$messages = false;
if (SSO_FrontendFieldValue("submit") === false) {
if (isset($_REQUEST["sso_msg"])) {
$messages = array("errors" => array(), "warnings" => array(), "success" => "");
foreach ($this->activemodules as &$instance) {
$instance->InitMessages($messages);
}
}
} else {
$messages = array("errors" => array(), "warnings" => array(), "success" => "");
foreach ($this->activemodules as &$instance) {
$instance->TwoFactorCheck($messages, $userinfo);
}
if (count($messages["errors"])) {
foreach ($this->activemodules as &$instance) {
$instance->TwoFactorFailed($messages, $userinfo);
}
} else {
// Login with two-factor authentication succeeded. Activate the user.
$mapinfo = array();
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$mapinfo[$sso_settings["sso_login"]["map_email"]] = $userrow->email;
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
$mapinfo[$sso_settings["sso_login"]["map_username"]] = $userrow->username;
}
$origuserinfo = $userinfo;
foreach ($this->activemodules as &$instance) {
$instance->LoginAddMap($mapinfo, $userrow, $userinfo, false);
}
// If a module updated $userinfo, then update the database.
if (serialize($userinfo) !== serialize($origuserinfo)) {
$userinfo2 = SSO_EncryptDBData($userinfo);
try {
$sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("info" => $userinfo2), "WHERE" => "id = ?"), $userrow->id);
} catch (Exception $e) {
$messages["errors"][] = BB_Translate("Database query error.");
}
}
if (!count($messages["errors"])) {
SSO_ActivateUser($userrow->id, $userinfo["extra"], $mapinfo, CSDB::ConvertFromDBTime($userrow->created));
// Only falls through on account lockout or a fatal error.
$messages["errors"][] = BB_Translate("User activation failed.");
}
}
}
echo $sso_header;
SSO_OutputHeartbeat();
$this->OutputJS();
?>
<div class="sso_main_wrap sso_login">
<div class="sso_main_wrap_inner">
<?php
$this->DisplayMessages($messages, $messagesheader);
?>
<div class="sso_login_signin"><a href="<?php
echo htmlspecialchars($sso_target_url);
?>
"><?php
echo htmlspecialchars(BB_Translate("Sign in"));
?>
</a></div>
<div class="sso_main_form_wrap sso_login_recover_form">
<div class="sso_main_form_header"><?php
echo htmlspecialchars(BB_Translate("Two-Factor Authentication"));
?>
</div>
<form class="sso_main_form" name="sso_login_form" method="post" accept-charset="UTF-8" enctype="multipart/form-data" action="<?php
echo htmlspecialchars($sso_target_url . "&sso_login_action=two_factor&sso_v=" . urlencode($_REQUEST["sso_v"]));
?>
" autocomplete="off">
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Enter Two-Factor Authentication Code"));
?>
</div>
<div class="sso_main_formdata"><input class="sso_main_text" type="text" name="<?php
echo SSO_FrontendField("two_factor_code");
?>
" /></div>
<div class="sso_main_formdesc"><?php
echo htmlspecialchars(BB_Translate("From %s.", $method));
?>
</div>
</div>
<script type="text/javascript">
jQuery('input.sso_main_text:first').focus();
</script>
<div class="sso_main_formsubmit">
<input type="submit" name="<?php
echo SSO_FrontendField("submit");
?>
" value="<?php
echo htmlspecialchars(BB_Translate("Sign in"));
?>
" />
</div>
</form>
</div>
</div>
</div>
<?php
echo $sso_footer;
}
} else {
$messagesheader = false;
$messages = false;
if (SSO_FrontendFieldValue("submit") === false) {
if (isset($_REQUEST["sso_msg"])) {
$messages = array("errors" => array(), "warnings" => array(), "success" => "");
if ($_REQUEST["sso_msg"] == "verified") {
$messages["success"] = BB_Translate("Your account is ready to use.");
} else {
if ($_REQUEST["sso_msg"] == "verify") {
$messages["warnings"][] = BB_Translate("Account must be verified before it can be used. Check your e-mail.");
} else {
if ($_REQUEST["sso_msg"] == "recovery_email_sent") {
$messages["warnings"][] = BB_Translate("Account recovery URL sent. Check your e-mail.");
} else {
if ($_REQUEST["sso_msg"] == "updated") {
$messages["success"] = BB_Translate("Your account information has been updated and is ready to use.");
} else {
if ($_REQUEST["sso_msg"] == "two_factor_auth_expired") {
$messages["errors"][] = BB_Translate("Two-factor authentication expired. Sign in again.");
} else {
foreach ($this->activemodules as &$instance) {
$instance->InitMessages($messages);
}
}
}
}
}
}
}
} else {
$messages = array("errors" => array(), "warnings" => array(), "success" => "");
$user = SSO_FrontendFieldValue("user");
$password = SSO_FrontendFieldValue("password");
if ($user === false || $user == "" || $password === false || $password == "") {
$messages["errors"][] = BB_Translate("Please fill in the fields.");
} else {
$recoveryallowed = $this->IsRecoveryAllowed(false);
foreach ($this->activemodules as &$instance) {
$instance->LoginCheck($messages, false, $recoveryallowed);
}
if (!count($messages["errors"])) {
$userrow = false;
if (strpos($user, "@") !== false && ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email")) {
try {
$userrow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "email = ?"), $sso_db_sso_login_users, $user);
if ($userrow) {
$userinfo = SSO_DecryptDBData($userrow->info);
if ($userinfo === false) {
$userrow = false;
} else {
if (!isset($userrow->username)) {
$userrow->username = "";
}
$data = $userrow->username . ":" . $userrow->email . ":" . $userinfo["salt"] . ":" . $password;
if (!self::VerifyPasswordInfo($data, $userinfo["password"], $userinfo["rounds"])) {
$userrow = false;
}
}
}
} catch (Exception $e) {
$messages["errors"][] = BB_Translate("Login failed. Database query error.");
}
}
if ($userrow === false && ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username")) {
try {
$userrow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "username = ?"), $sso_db_sso_login_users, $user);
if ($userrow) {
$userinfo = SSO_DecryptDBData($userrow->info);
if ($userinfo === false) {
$userrow = false;
} else {
if (!isset($userrow->email)) {
$userrow->email = "";
}
if (!isset($userrow->verified)) {
$userrow->verified = 1;
}
$data = $userrow->username . ":" . $userrow->email . ":" . $userinfo["salt"] . ":" . $password;
if (!self::VerifyPasswordInfo($data, $userinfo["password"], $userinfo["rounds"])) {
$userrow = false;
}
}
}
} catch (Exception $e) {
$messages["errors"][] = BB_Translate("Login failed. Database query error.");
}
}
if ($userrow === false) {
$messages["errors"][] = BB_Translate("Invalid login.");
} else {
// Make sure the password is stored securely. If not, transparently update the hash information in the database.
if ($userinfo["rounds"] < $sso_settings["sso_login"]["password_minrounds"]) {
$userinfo["salt"] = $sso_rng->GenerateString();
$data = $userrow->username . ":" . $userrow->email . ":" . $userinfo["salt"] . ":" . $password;
$passwordinfo = self::HashPasswordInfo($data, $sso_settings["sso_login"]["password_mode"], $sso_settings["sso_login"]["password_minrounds"]);
if ($passwordinfo["success"]) {
$userinfo["rounds"] = (int) $passwordinfo["rounds"];
$userinfo["password"] = bin2hex($passwordinfo["hash"]);
$userinfo2 = SSO_EncryptDBData($userinfo);
try {
$sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("info" => $userinfo2), "WHERE" => "id = ?"), $userrow->id);
} catch (Exception $e) {
$messages["errors"][] = BB_Translate("Database query error.");
}
}
}
foreach ($this->activemodules as &$instance) {
$instance->LoginCheck($messages, $userinfo, $recoveryallowed);
}
}
if (!count($messages["errors"])) {
// Go to two-factor authentication page.
$methods = array();
foreach ($this->activemodules as $key => &$instance) {
$name = $instance->GetTwoFactorName(false);
if ($name !== false) {
$methods[$key] = true;
}
}
// Resend the verification e-mail.
if (!$userrow->verified) {
$this->SendVerificationEmail($userrow->id, $userinfo, $messages, $userrow->username, $userrow->email);
} else {
if (!$recoveryallowed && SSO_FrontendFieldValue("update_info", "") == "yes") {
$sso_session_info["sso_login_update"] = array("id" => $userrow->id, "v" => $sso_rng->GenerateString(), "expires" => CSDB::ConvertToDBTime(time() + 30 * 60));
$sso_session_info["sso_login_two_factor_key"] = isset($userinfo["two_factor_key"]) && $userinfo["two_factor_key"] != "" ? $userinfo["two_factor_key"] : self::GenerateOTPKey(10);
if (!SSO_SaveSessionInfo()) {
$messages["errors"][] = BB_Translate("Login exists but a fatal error occurred. Fatal error: Unable to save session information.");
} else {
header("Location: " . BB_GetRequestHost() . $sso_target_url . "&sso_login_action=update_info&sso_v=" . urlencode($sso_session_info["sso_login_update"]["v"]));
exit;
}
} else {
if ($sso_settings["sso_login"]["require_two_factor"] || isset($userinfo["two_factor_method"]) && $userinfo["two_factor_method"] != "" && (count($methods) || ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email"))) {
if ($sso_settings["sso_login"]["require_two_factor"] && (!isset($userinfo["two_factor_method"]) || !isset($methods[$userinfo["two_factor_method"]]))) {
$messages["errors"][] = BB_Translate("A valid two-factor authentication method for this account is not available. Use account recovery to restore access to the account.");
} else {
$sso_session_info["sso_login_two_factor"] = array("id" => $userrow->id, "v" => $sso_rng->GenerateString(), "expires" => CSDB::ConvertToDBTime(time() + 5 * 60));
if (!SSO_SaveSessionInfo()) {
$messages["errors"][] = BB_Translate("Login exists but a fatal error occurred. Fatal error: Unable to save session information.");
} else {
$this->activemodules[$userinfo["two_factor_method"]]->SendTwoFactorCode($messages, $userrow, $userinfo);
if (!count($messages["errors"])) {
header("Location: " . BB_GetRequestHost() . $sso_target_url . "&sso_login_action=two_factor&sso_v=" . urlencode($sso_session_info["sso_login_two_factor"]["v"]));
exit;
}
}
}
} else {
// Login succeeded. Activate the user.
$mapinfo = array();
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$mapinfo[$sso_settings["sso_login"]["map_email"]] = $userrow->email;
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
$mapinfo[$sso_settings["sso_login"]["map_username"]] = $userrow->username;
}
$origuserinfo = $userinfo;
foreach ($this->activemodules as &$instance) {
$instance->LoginAddMap($mapinfo, $userrow, $userinfo, false);
}
// If a module updated $userinfo, then update the database.
if (serialize($userinfo) !== serialize($origuserinfo)) {
$userinfo2 = SSO_EncryptDBData($userinfo);
try {
$sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("info" => $userinfo2), "WHERE" => "id = ?"), $userrow->id);
} catch (Exception $e) {
$messages["errors"][] = BB_Translate("Database query error.");
}
}
if (!count($messages["errors"])) {
SSO_ActivateUser($userrow->id, $userinfo["extra"], $mapinfo, CSDB::ConvertFromDBTime($userrow->created));
// Only falls through on account lockout or a fatal error.
$messages["errors"][] = BB_Translate("User activation failed.");
}
}
}
}
}
}
}
}
echo $sso_header;
SSO_OutputHeartbeat();
$this->OutputJS();
?>
<div class="sso_main_wrap sso_login">
<div class="sso_main_wrap_inner">
<?php
$this->DisplayMessages($messages, $messagesheader);
if ($sso_settings["sso_login"]["open_reg"]) {
?>
<div class="sso_login_signup"><a href="<?php
echo htmlspecialchars($sso_target_url . "&sso_login_action=signup");
?>
"><?php
echo htmlspecialchars(BB_Translate("Sign up"));
?>
</a></div>
<?php
}
?>
<div class="sso_main_form_wrap sso_login_signin_form">
<div class="sso_main_form_header"><?php
echo htmlspecialchars(BB_Translate("Sign in"));
?>
</div>
<form class="sso_main_form" name="sso_login_form" method="post" accept-charset="UTF-8" enctype="multipart/form-data" action="<?php
echo htmlspecialchars($sso_target_url);
?>
" autocomplete="off">
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
if ($sso_settings["sso_login"]["install_type"] == "email_username") {
echo htmlspecialchars(BB_Translate("Username or E-mail Address"));
} else {
if ($sso_settings["sso_login"]["install_type"] == "username") {
echo htmlspecialchars(BB_Translate("Username"));
} else {
if ($sso_settings["sso_login"]["install_type"] == "email") {
echo htmlspecialchars(BB_Translate("E-mail Address"));
} else {
echo htmlspecialchars(BB_Translate("Login system is broken."));
}
}
}
?>
</div>
<div class="sso_main_formdata"><input class="sso_main_text" type="text" name="<?php
echo SSO_FrontendField("user");
?>
" /></div>
</div>
<script type="text/javascript">
jQuery('input.sso_main_text:first').focus();
</script>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Password"));
?>
</div>
<div class="sso_main_formdata"><input class="sso_main_text" type="password" name="<?php
echo SSO_FrontendField("password");
?>
" /></div>
</div>
<?php
$outputmap = array();
foreach ($this->activemodules as $key => &$instance) {
ob_start();
$instance->GenerateLogin($messages);
$order = isset($sso_settings["sso_login"]["modules"][$key]["_s"]) ? $sso_settings["sso_login"]["modules"][$key]["_s"] : $instance->DefaultOrder();
SSO_AddSortedOutput($outputmap, $order, $key, ob_get_contents());
ob_end_clean();
}
SSO_DisplaySortedOutput($outputmap);
if (!$this->IsRecoveryAllowed(false)) {
?>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Update Information"));
?>
</div>
<div class="sso_main_formdata"><input id="sso_norecovery_updateinfo" type="checkbox" name="<?php
echo SSO_FrontendField("update_info");
?>
" value="yes"<?php
if (SSO_FrontendFieldValue("update_info", "") == "yes") {
echo " checked";
}
?>
/> <label for="sso_norecovery_updateinfo">Change account information upon successful sign in</label></div>
</div>
<?php
}
?>
<div class="sso_main_formsubmit">
<input type="submit" name="<?php
echo SSO_FrontendField("submit");
?>
" value="<?php
echo htmlspecialchars(BB_Translate("Sign in"));
?>
" />
</div>
</form>
</div>
<?php
if ($this->IsRecoveryAllowed()) {
?>
<div class="sso_login_recover_changeinfo"><a href="<?php
echo htmlspecialchars($sso_target_url . "&sso_login_action=recover");
?>
"><?php
echo htmlspecialchars(BB_Translate("Can't access your account?"));
?>
</a></div>
<?php
}
?>
</div>
</div>
<?php
echo $sso_footer;
}
}
}
}
}
}
}
}
}
public function ProcessBBAction()
{
global $bb_widget, $bb_widget_id, $bb_account, $bb_revision_num;
if (!BB_IsMemberOfPageGroup("_p")) {
exit;
}
if ($_REQUEST["bb_action"] == "bb_code_edit_langmap_submit") {
BB_RunPluginAction("pre_bb_code_edit_langmap_submit");
$bb_widget->langmap = $_REQUEST["langmap"];
if (!BB_SaveLangPage($bb_revision_num)) {
BB_PropertyFormError("Unable to save the language mapping.");
}
?>
<div class="success"><?php
echo htmlspecialchars(BB_Translate("Language mapping saved."));
?>
</div>
<script type="text/javascript">
window.parent.CloseProperties();
window.parent.ReloadIFrame();
</script>
<?php
BB_RunPluginAction("post_bb_code_edit_langmap_submit");
} else {
if ($_REQUEST["bb_action"] == "bb_code_edit_langmap") {
BB_RunPluginAction("pre_bb_code_edit_langmap");
$options = array("title" => BB_Translate("Edit %s Language Map", $bb_widget->_f), "desc" => "Edit the language map. One mapping entry per line. First character indicates the termination character of the key. Empty keys are ignored.", "fields" => array(array("title" => "", "type" => "textarea", "name" => "langmap", "value" => $bb_widget->langmap, "desc" => "Example: |key|value")), "submit" => "Save", "focus" => true);
BB_RunPluginActionInfo("bb_code_edit_langmap_options", $options);
BB_PropertyForm($options);
BB_RunPluginAction("post_bb_code_edit_langmap");
return;
}
}
if ($bb_account["type"] == "dev") {
$types = array("init" => array("ltitle" => "init", "utitle" => "Init"), "action" => array("ltitle" => "action", "utitle" => "Action"), "prehtml" => array("ltitle" => "pre-HTML", "utitle" => "Pre-HTML"), "head" => array("ltitle" => "head", "utitle" => "Head"), "body" => array("ltitle" => "body", "utitle" => "Body"));
foreach ($types as $key => $typeinfo) {
if ($_REQUEST["bb_action"] == "bb_code_edit_" . $key . "_load") {
BB_RunPluginAction("pre_bb_code_edit_" . $key . "_load");
if (isset($bb_widget->{$key})) {
echo rawurlencode($bb_widget->{$key});
}
BB_RunPluginAction("post_bb_code_edit_" . $key . "_load");
return;
} else {
if ($_REQUEST["bb_action"] == "bb_code_edit_" . $key . "_save") {
BB_RunPluginAction("pre_bb_code_edit_" . $key . "_save");
$bb_widget->{$key} = $_REQUEST["content"];
if (!BB_SaveLangPage($bb_revision_num)) {
echo htmlspecialchars(BB_Translate("Unable to save " . $typeinfo["ltitle"] . " content. Try again."));
} else {
echo "OK\n";
echo "<script type=\"text/javascript\">ReloadIFrame();</script>";
}
BB_RunPluginAction("post_bb_code_edit_" . $key . "_save");
return;
} else {
if ($_REQUEST["bb_action"] == "bb_code_edit_" . $key) {
BB_RunPluginAction("pre_bb_code_edit_" . $key);
?>
<script type="text/javascript">
window.parent.LoadConditionalScript(Gx__RootURL + '/' + Gx__SupportPath + '/editfile.js?_=20140418', true, function(loaded) {
return ((!loaded && typeof(window.CreateEditAreaInstance) == 'function') || (loaded && !IsConditionalScriptLoading()));
}, function(params) {
$('#fileeditor').show();
var fileopts = {
loadurl : Gx__URLBase,
loadparams : <?php
echo BB_CreateWidgetPropertiesJS("bb_code_edit_" . $key . "_load", array(), true);
?>
,
id : 'wid_<?php
echo BB_JSSafe($bb_widget_id);
?>
_<?php
echo BB_JSSafe($key);
?>
',
display : '<?php
echo BB_JSSafe($bb_widget->_f . " - " . $typeinfo["utitle"]);
?>
',
saveurl : Gx__URLBase,
saveparams : <?php
echo BB_CreateWidgetPropertiesJS("bb_code_edit_" . $key . "_save", array(), true);
?>
,
syntax : 'php',
aceopts : {
'focus' : true,
'theme' : 'crimson_editor'
}
};
var editopts = {
ismulti : true,
closelast : ClosedAllFiles,
width : '100%',
height : '500px'
};
CreateEditAreaInstance('fileeditor', fileopts, editopts);
});
window.parent.CloseProperties(false);
</script>
<?php
BB_RunPluginAction("post_bb_code_edit_" . $key);
return;
}
}
}
}
}
// Pass other requests onto the action handler.
if (isset($_REQUEST["action"])) {
foreach ($GLOBALS as $key => $val) {
if (substr($key, 0, 3) == "bb_" || substr($key, 0, 2) == "g_") {
global ${$key};
}
}
if (isset($bb_widget->action)) {
eval("?" . ">" . $bb_widget->action);
}
}
}
public function ProcessShortcodeBBAction($parent)
{
global $bb_dir, $bb_pref_lang, $bb_revision_num, $bb_writeperms;
$info = $this->GetInfo($parent->GetSID());
if ($_REQUEST["sc_action"] == "bb_image_upload_ajaxupload") {
BB_RunPluginAction("pre_bb_content_shortcode_bb_image_upload_ajaxupload");
$msg = BB_ValidateAJAXUpload();
if ($msg != "") {
echo htmlspecialchars(BB_Translate($msg));
exit;
}
// Use official magic numbers for each format to determine the real content type.
$data = file_get_contents($_FILES["Filedata"]["tmp_name"]);
$type = BB_GetImageType($data);
if ($type != "gif" && $type != "jpg" && $type != "png") {
echo htmlspecialchars(BB_Translate("Uploaded file is not a valid web image. Must be PNG, JPG, or GIF."));
exit;
}
if (!is_dir($bb_dir . "/images")) {
mkdir($bb_dir . "/images", 0777, true);
}
$dirfile = preg_replace('/\\.+/', ".", preg_replace('/[^A-Za-z0-9_.\\-]/', "_", $bb_pref_lang . "_" . ($bb_revision_num > -1 ? $bb_revision_num . "_" : "") . trim($_FILES["Filedata"]["name"])));
if ($dirfile == ".") {
$dirfile = "";
}
if ($dirfile == "") {
echo htmlspecialchars(BB_Translate("A filename was not specified."));
exit;
}
$pos = strrpos($dirfile, ".");
if ($pos === false || substr($dirfile, $pos + 1) != $type) {
$dirfile .= "." . $type;
}
if (!@move_uploaded_file($_FILES["Filedata"]["tmp_name"], $bb_dir . "/images/" . $dirfile)) {
echo htmlspecialchars(BB_Translate("Unable to move temporary file to final location. Check the permissions of the target directory and destination file."));
exit;
}
@chmod($bb_dir . "/images/" . $dirfile, 0444 | $bb_writeperms);
$info["src"] = "images/" . $dirfile;
if (!$parent->SaveShortcode($info)) {
echo htmlspecialchars(BB_Translate("Unable to save the shortcode."));
exit;
}
echo "OK";
BB_RunPluginAction("post_bb_content_shortcode_bb_image_upload_ajaxupload");
} else {
if ($_REQUEST["sc_action"] == "bb_image_upload_submit") {
BB_RunPluginAction("pre_bb_content_shortcode_bb_image_upload_submit");
$imginfo = BB_IsValidHTMLImage($_REQUEST["url"], array("protocol" => "http"));
if (!$imginfo["success"]) {
BB_PropertyFormError($imginfo["error"]);
}
$dirfile = preg_replace('/\\.+/', ".", preg_replace('/[^A-Za-z0-9_.\\-]/', "_", $_REQUEST["destfile"]));
if ($dirfile == ".") {
$dirfile = "";
}
// Automatically calculate the new filename based on the URL.
if ($dirfile == "") {
$dirfile = $bb_pref_lang . "_" . ($bb_revision_num > -1 ? $bb_revision_num . "_" : "") . BB_MakeFilenameFromURL($imginfo["url"], $imginfo["type"]);
}
if (!is_dir($bb_dir . "/images")) {
mkdir($bb_dir . "/images", 0777, true);
}
if (BB_WriteFile($bb_dir . "/images/" . $dirfile, $imginfo["data"]) === false) {
BB_PropertyFormError("Unable to save the image.");
}
$info["src"] = "images/" . $dirfile;
if (!$parent->SaveShortcode($info)) {
BB_PropertyFormError("Unable to save the shortcode.");
}
?>
<div class="success"><?php
echo htmlspecialchars(BB_Translate("Image transferred."));
?>
</div>
<script type="text/javascript">
LoadProperties(<?php
echo $parent->CreateShortcodePropertiesJS("");
?>
);
ReloadIFrame();
</script>
<?php
BB_RunPluginAction("post_bb_content_shortcode_bb_image_upload_submit");
} else {
if ($_REQUEST["sc_action"] == "bb_image_upload") {
$parent->CreateShortcodeUploader("", array(), "Configure Image", "Image", "image", "*.png;*.jpg;*.gif", "Web Image Files");
} else {
if ($_REQUEST["sc_action"] == "bb_image_configure_submit") {
BB_RunPluginAction("pre_bb_content_shortcode_bb_image_configure_submit");
$src = trim($_REQUEST["src"]);
if ($info["src"] != $src) {
if ($src != "") {
$imginfo = BB_IsValidHTMLImage($src, array("protocol" => "http"));
if (!$imginfo["success"] && function_exists("fsockopen")) {
BB_PropertyFormError("'Image URL' field does not point to a valid image file.");
}
}
$info["src"] = $src;
}
$info["alt"] = $_REQUEST["alt"];
$info["opt-caption"] = $_REQUEST["opt-caption"] == "enable";
$info["opt-caption-width"] = (int) $_REQUEST["opt-caption-width"];
if ($info["opt-caption-width"] < 0) {
$info["opt-caption-width"] = 0;
}
if (!$parent->SaveShortcode($info)) {
BB_PropertyFormError("Unable to save the shortcode.");
}
?>
<div class="success"><?php
echo htmlspecialchars(BB_Translate("Options saved."));
?>
</div>
<script type="text/javascript">
CloseProperties();
ReloadIFrame();
</script>
<?php
BB_RunPluginAction("post_bb_content_shortcode_bb_image_configure_submit");
} else {
if ($_REQUEST["sc_action"] == "bb_image_configure") {
BB_RunPluginAction("pre_bb_content_shortcode_bb_image_configure");
$desc = "<br />";
$desc .= $parent->CreateShortcodePropertiesLink(BB_Translate("Upload/Transfer Image"), "bb_image_upload");
$options = array("title" => "Configure Image", "desc" => "Configure the image or upload/transfer a new image.", "htmldesc" => $desc, "bb_action" => $_REQUEST["bb_action"], "hidden" => array("sid" => $parent->GetSID(), "sc_action" => "bb_image_configure_submit"), "fields" => array(array("title" => "Image URL", "type" => "text", "name" => "src", "value" => $info["src"], "desc" => "The URL of this image."), array("title" => "Alternate Text", "type" => "text", "name" => "alt", "value" => $info["alt"], "desc" => "The alternate text to display if images are not able to be seen (e.g. visually impaired visitors)."), array("title" => "Display Caption", "type" => "select", "name" => "opt-caption", "options" => array("enable" => "Enable", "disable" => "Disable"), "select" => $info["opt-caption"] ? "enable" : "disable", "desc" => "Display the alternate text as a caption below the image."), array("title" => "Caption Width", "type" => "text", "name" => "opt-caption-width", "value" => $info["opt-caption-width"], "desc" => "The width in pixels to constrain the caption to. Typically the width of the image.")), "submit" => "Save", "focus" => true);
BB_RunPluginActionInfo("bb_content_shortcode_bb_image_configure_options", $options);
BB_PropertyForm($options);
BB_RunPluginAction("post_bb_content_shortcode_bb_image_configure");
}
}
}
}
}
}
public function ProcessFrontend()
{
global $sso_provider, $sso_settings, $sso_target_url, $sso_header, $sso_footer, $sso_providers;
$message = "";
if (SSO_FrontendFieldValue("submit") !== false) {
$username = SSO_FrontendFieldValue("username");
$password = SSO_FrontendFieldValue("password");
if ($username === false || $username == "" || $password === false || $sso_settings["sso_ldap"]["password"] && $password == "") {
$message = BB_Translate("Please fill in the fields.");
} else {
$ldap = @ldap_connect($sso_settings["sso_ldap"]["server"]);
if ($ldap === false) {
$message = BB_Translate("Unable to connect to the LDAP server. Error: %s", ldap_error($ldap));
} else {
$replacemap = array("," => "\\,", "\\" => "\\\\", "/" => "\\/", "#" => "\\#", "+" => "\\+", "<" => "\\<", ">" => "\\>", ";" => "\\;", "\"" => "\\\"", "=" => "\\=");
$dnusername = str_replace(array_keys($replacemap), array_values($replacemap), $username);
if (substr($dnusername, 0, 1) === " ") {
$dnusername = "******" . $dnusername;
}
if (strlen($dnusername) > 2 && substr($dnusername, -1) === " ") {
$dnusername = substr($dnusername, 0, -1) . "\\ ";
}
$dn = str_replace("@USERNAME@", $dnusername, $sso_settings["sso_ldap"]["dn"]);
$userinfo = array();
@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
$result = @ldap_bind($ldap, $dn, $password);
if ($result === false && ldap_errno($ldap)) {
$extra = ldap_error($ldap);
} else {
$extra = "";
$result = @ldap_read($ldap, $dn, "objectClass=*");
if (!is_resource($result)) {
$extra = ldap_error($ldap);
$result = false;
} else {
$items = @ldap_get_entries($ldap, $result);
@ldap_free_result($result);
$result = $items["count"] > 0;
// Boil down the results to just key-value pairs.
if ($result === false) {
$extra = "Unable to retrieve entries";
} else {
foreach ($items[0] as $key => $val) {
if (is_string($key) && $key != "count") {
if (is_string($val)) {
$userinfo[$key] = $val;
} else {
if (is_array($val) && $val["count"] > 0) {
$userinfo[$key] = $val[0];
}
}
}
}
if ($sso_settings["sso_ldap"]["debug"]) {
echo "LDAP fields:<br />";
echo "<table>";
foreach ($userinfo as $key => $val) {
echo "<tr><td style=\"padding-right: 15px;\"><b>" . htmlspecialchars($key) . "</b></td><td>" . htmlspecialchars($val) . "</td></tr>";
}
echo "</table>";
}
}
}
}
@ldap_close($ldap);
if ($result === false) {
$message = BB_Translate("Invalid username or password. %s.", $extra);
} else {
$origusername = $username;
if ($sso_settings["sso_ldap"]["remove_domain"]) {
$username = str_replace("\\", "/", $username);
$pos = strrpos("/", $username);
if ($pos !== false) {
$username = substr($username, $pos + 1);
}
}
$mapinfo = array();
$lines = explode("\n", str_replace("\r", "\n", $sso_settings["sso_ldap"]["map_custom"]));
foreach ($lines as $line) {
$line = trim($line);
$pos = strpos($line, "=");
if ($pos !== false) {
$srcfield = substr($line, 0, $pos);
$destfield = substr($line, $pos + 1);
if (isset($userinfo[$srcfield]) && SSO_IsField($destfield)) {
$mapinfo[$destfield] = $userinfo[$srcfield];
}
}
}
$mapinfo[$sso_settings["sso_ldap"]["map_username"]] = $username;
if ($sso_settings["sso_ldap"]["debug"]) {
echo "Mapped fields:<br />";
echo "<table>";
foreach ($mapinfo as $key => $val) {
echo "<tr><td style=\"padding-right: 15px;\"><b>" . htmlspecialchars($key) . "</b></td><td>" . htmlspecialchars($val) . "</td></tr>";
}
echo "</table>";
exit;
}
SSO_ActivateUser($dn, serialize($sso_settings["sso_ldap"]), $mapinfo);
// Only falls through on account lockout or a fatal error.
$message = BB_Translate("User activation failed.");
}
}
}
}
echo $sso_header;
SSO_OutputHeartbeat();
?>
<script type="text/javascript">
SSO_Vars = {
'showpassword' : '<?php
echo htmlspecialchars(BB_JSSafe(BB_Translate("Show password")));
?>
'
};
</script>
<script type="text/javascript" src="<?php
echo htmlspecialchars(SSO_ROOT_URL . "/" . SSO_PROVIDER_PATH . "/sso_ldap/sso_ldap.js");
?>
"></script>
<div class="sso_main_wrap sso_ldap">
<div class="sso_main_wrap_inner">
<?php
if ($message != "") {
?>
<div class="sso_main_messages_wrap">
<div class="sso_main_messages">
<div class="sso_main_messageerror"><?php
echo htmlspecialchars($message);
?>
</div>
</div>
</div>
<?php
}
?>
<div class="sso_main_form_wrap sso_ldap_signin_form">
<div class="sso_main_form_header"><?php
echo htmlspecialchars(BB_Translate("Sign in"));
?>
</div>
<form class="sso_main_form" name="sso_ldap_form" method="post" accept-charset="UTF-8" enctype="multipart/form-data" action="<?php
echo htmlspecialchars($sso_target_url);
?>
">
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Username"));
?>
</div>
<div class="sso_main_formdata"><input class="sso_main_text" type="text" name="<?php
echo SSO_FrontendField("username");
?>
" /></div>
</div>
<script type="text/javascript">
jQuery('input.sso_main_text:first').focus();
</script>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Password"));
?>
</div>
<div class="sso_main_formdata"><input class="sso_main_text" type="password" name="<?php
echo SSO_FrontendField("password");
?>
" /></div>
</div>
<div class="sso_main_formsubmit">
<input type="submit" name="<?php
echo SSO_FrontendField("submit");
?>
" value="<?php
echo htmlspecialchars(BB_Translate("Sign in"));
?>
" />
</div>
</form>
</div>
<?php
?>
</div>
</div>
<?php
echo $sso_footer;
}
public function ProcessBBAction()
{
global $bb_widget, $bb_widget_id, $bb_account, $bb_revision_num, $g_bb_content_shortcodes, $g_bb_content_security, $g_bb_content_security_path;
if (!BB_IsMemberOfPageGroup("_p")) {
exit;
}
if ($bb_account["type"] == "dev" && $_REQUEST["bb_action"] == "bb_content_configure_security_submit") {
BB_RunPluginAction("pre_bb_content_configure_security_submit");
// Rebuild the security context array.
$g_bb_content_security = array();
foreach ($g_bb_content_shortcodes as $sname => $info) {
if (isset($info["security"])) {
foreach ($info["security"] as $key => $desc) {
$key2 = $sname . "|" . $key;
if (isset($_REQUEST[$key2]) && $_REQUEST[$key2] != "" && ($_REQUEST[$key2] == "content" || $_REQUEST[$key2] == "design" || $_REQUEST[$key2] == "dev")) {
if (!isset($g_bb_content_security[$sname])) {
$g_bb_content_security[$sname] = array();
}
$g_bb_content_security[$sname][$key] = $_REQUEST[$key2];
}
}
}
}
// Save security contexts.
$data = "<" . "?php\n\t\$g_bb_content_security = " . BB_CreatePHPStorageData($g_bb_content_security) . ";\n?" . ">";
if (BB_WriteFile($g_bb_content_security_path, $data) === false) {
BB_PropertyFormError("Unable to save the shortcode security options.");
}
?>
<div class="success"><?php
echo htmlspecialchars(BB_Translate("Global shortcode security options updated."));
?>
</div>
<script type="text/javascript">
window.parent.CloseProperties();
window.parent.ReloadIFrame();
</script>
<?php
BB_RunPluginAction("post_bb_content_configure_security_submit");
} else {
if ($bb_account["type"] == "dev" && $_REQUEST["bb_action"] == "bb_content_configure_security") {
BB_RunPluginAction("pre_bb_content_configure_security");
$options = array("title" => "Configure Global Shortcode Security", "desc" => "Configure the global shortcode display options based on login account type.", "fields" => array(), "submit" => "Save", "focus" => true);
foreach ($g_bb_content_shortcodes as $sname => $info) {
if (isset($info["security"])) {
foreach ($info["security"] as $key => $desc) {
if ($key == "") {
$options["fields"][] = array("title" => $desc[0], "type" => "select", "name" => $sname . "|" . $key, "options" => array("dev" => "Developers only", "design" => "Developers and Web Designers", "content" => "Everyone"), "select" => isset($g_bb_content_security[$sname]) && isset($g_bb_content_security[$sname][$key]) ? $g_bb_content_security[$sname][$key] : "", "desc" => $desc[1]);
} else {
$options["fields"][] = array("title" => $desc[0], "type" => "select", "name" => $sname . "|" . $key, "options" => array("" => "None", "content" => "Content Editors only", "design" => "Web Designers and Content Editors", "dev" => "Everyone"), "select" => isset($g_bb_content_security[$sname]) && isset($g_bb_content_security[$sname][$key]) ? $g_bb_content_security[$sname][$key] : "", "desc" => $desc[1]);
}
}
}
}
BB_RunPluginActionInfo("bb_content_configure_security_options", $options);
BB_PropertyForm($options);
BB_RunPluginAction("post_bb_content_configure_security");
} else {
if ($_REQUEST["bb_action"] == "bb_content_edit_load") {
BB_RunPluginAction("pre_bb_content_edit_load");
if (isset($bb_widget->body)) {
echo rawurlencode(UTF8::ConvertToHTML($bb_widget->body));
} else {
echo rawurlencode("<p></p>");
}
BB_RunPluginAction("post_bb_content_edit_load");
} else {
if ($_REQUEST["bb_action"] == "bb_content_edit_save") {
BB_RunPluginAction("pre_bb_content_edit_save");
$options = array("shortcodes" => true, "shortcode_placeholder" => "bb_content_shortcode_placeholder", "shortcode_ids" => array());
$shortcodes = $bb_widget->shortcodes;
$base = "wid_" . htmlspecialchars($bb_widget_id) . "_";
foreach ($shortcodes as $num => $shortcode) {
$options["shortcode_ids"][$base . $num] = isset($shortcode["_sn"]) && isset($g_bb_content_shortcodes[$shortcode["_sn"]]) ? htmlspecialchars($g_bb_content_shortcodes[$shortcode["_sn"]]["mainicon"]) : "";
}
$bb_widget->body = BB_HTMLPurifyForWYMEditor($_REQUEST["content"], $options);
if (!$this->RegenerateContent(true)) {
echo htmlspecialchars(BB_Translate("Unable to save content. Try again."));
} else {
echo "OK\n";
echo "<script type=\"text/javascript\">ReloadIFrame();</script>";
}
BB_RunPluginAction("post_bb_content_edit_save");
} else {
if ($_REQUEST["bb_action"] == "bb_content_edit_add_shortcode" && BB_IsSecExtraOpt("sname")) {
BB_RunPluginAction("pre_bb_content_edit_add_shortcode");
if (!isset($_REQUEST["sname"]) || !isset($g_bb_content_shortcodes[$_REQUEST["sname"]])) {
?>
<script type="text/javascript">
alert('<?php
echo htmlspecialchars(BB_JSSafe(BB_Translate("Shortcode handler not found.")));
?>
');
</script>
<?php
} else {
if (!$this->IsShortcodeAllowed($_REQUEST["sname"], "")) {
?>
<script type="text/javascript">
alert('<?php
echo htmlspecialchars(BB_JSSafe(BB_Translate("Shortcode access denied.")));
?>
');
</script>
<?php
} else {
$sname = $_REQUEST["sname"];
$sid = count($bb_widget->shortcodes);
$bb_widget->shortcodes[] = array("_sn" => $sname, "_id" => $sid);
if (!BB_SaveLangPage($bb_revision_num)) {
?>
<script type="text/javascript">
alert('<?php
echo htmlspecialchars(BB_JSSafe(BB_Translate("Unable to add a new %s.", $g_bb_content_shortcodes[$sname]["name"])));
?>
');
</script>
<?php
} else {
?>
<script type="text/javascript">
InsertWYMEditorContent('contenteditor', 'wid_<?php
echo BB_JSSafe($bb_widget_id);
?>
', '<img id="wid_<?php
echo BB_JSSafe($bb_widget_id);
?>
_<?php
echo $sid;
?>
" class="bb_content_shortcode_placeholder" src="<?php
echo htmlspecialchars(BB_JSSafe($g_bb_content_shortcodes[$sname]["mainicon"]));
?>
" />');
</script>
<?php
}
}
}
BB_RunPluginAction("post_bb_content_edit_add_shortcode");
} else {
if ($_REQUEST["bb_action"] == "bb_content_edit_edit_shortcode" && (!isset($_REQUEST["sc_action"]) || BB_IsSecExtraOpt("sid") && BB_IsSecExtraOpt("sc_action"))) {
BB_RunPluginAction("pre_bb_content_edit_edit_shortcode");
if (!isset($_REQUEST["sid"])) {
BB_PropertyFormLoadError("Shortcode ID not specified.");
}
$sid = $_REQUEST["sid"];
$pos = strrpos($sid, "_");
if ($pos !== false) {
$sid = substr($sid, $pos + 1);
}
$sid = (int) $sid;
if (!isset($bb_widget->shortcodes[$sid]) || !isset($bb_widget->shortcodes[$sid]["_sn"])) {
BB_PropertyFormLoadError("Invalid shortcode ID.");
}
$sname = $bb_widget->shortcodes[$sid]["_sn"];
if (!isset($g_bb_content_shortcodes[$sname])) {
BB_PropertyFormLoadError("Shortcode handler not found.");
}
if (!$this->IsShortcodeAllowed($sname, "")) {
BB_PropertyFormLoadError("Shortcode access denied.");
}
if (!isset($_REQUEST["sc_action"])) {
$_REQUEST["sc_action"] = $sname . "_configure";
}
$shortcode = "bb_content_shortcode_" . $sname;
$shortcode = new $shortcode();
$this->currsid = $sid;
$shortcode->ProcessShortcodeBBAction($this);
BB_RunPluginAction("post_bb_content_edit_edit_shortcode");
} else {
if ($_REQUEST["bb_action"] == "bb_content_edit") {
BB_RunPluginAction("pre_bb_content_edit");
?>
<script type="text/javascript">
html = '<style type="text/css">\n';
<?php
foreach ($g_bb_content_shortcodes as $sname => $info) {
$sname2 = preg_replace('/[^A-Za-z0-9_]/', "_", trim($sname));
?>
html += '.wym_skin_barebones .wym_buttons li.wym_tools_custom_<?php
echo htmlspecialchars(BB_JSSafe($sname2));
?>
a { background-image: url(<?php
echo htmlspecialchars(BB_JSSafe($info["toolbaricon"]));
?>
); background-repeat: no-repeat; }\n';
<?php
}
?>
html += '</style>\n';
$("head").append(html);
window.bb_content_WYMEditorPostInit = function(eid, id, wym) {
<?php
foreach ($g_bb_content_shortcodes as $sname => $info) {
if ($this->IsShortcodeAllowed($sname, "")) {
$sname2 = preg_replace('/[^A-Za-z0-9_]/', "_", trim($sname));
?>
var html = '<li class="wym_tools_custom_<?php
echo htmlspecialchars(BB_JSSafe($sname2));
?>
"><a name="<?php
echo htmlspecialchars(BB_JSSafe($info["name"]));
?>
" href="#"><?php
echo htmlspecialchars(BB_JSSafe($info["name"]));
?>
</a></li>';
$(wym._box).find(wym._options.toolsSelector + wym._options.toolsListSelector).append(html);
$(wym._box).find('li.wym_tools_custom_<?php
echo BB_JSSafe($sname2);
?>
a').click(function() {
$('#' + eid + '_loader').load(Gx__URLBase, <?php
echo BB_CreateWidgetPropertiesJS("bb_content_edit_add_shortcode", array("sname" => $sname), true);
?>
);
return false;
});
<?php
}
}
?>
$(wym._doc).bind('dblclick', function(e) {
if (e.target.tagName == 'IMG' && $(e.target).hasClass('bb_content_shortcode_placeholder') && typeof(e.target.id) == 'string' && e.target.id != '')
{
window.parent.LoadProperties({ 'bb_action' : 'bb_content_edit_edit_shortcode', 'wid' : '<?php
echo BB_JSSafe($bb_widget_id);
?>
', 'sid' : e.target.id, 'bbt' : '<?php
echo BB_JSSafe(BB_CreateSecurityToken("bb_content_edit_edit_shortcode", $bb_widget_id));
?>
' });
}
});
}
if (typeof(window.parent.CreateWYMEditorInstance) != 'function')
{
window.bb_content_ClosedAllContent = function(eid) {
setTimeout(function() { DestroyWYMEditorInstance(eid); $('#' + eid).hide(); }, 250);
}
}
window.parent.LoadConditionalScript(Gx__RootURL + '/' + Gx__SupportPath + '/editcontent.js?_=20090725', true, function(loaded) {
return ((!loaded && typeof(window.CreateWYMEditorInstance) == 'function') || (loaded && !IsConditionalScriptLoading()));
}, function(params) {
$('#contenteditor').show();
var fileopts = {
loadurl : Gx__URLBase,
loadparams : <?php
echo BB_CreateWidgetPropertiesJS("bb_content_edit_load", array(), true);
?>
,
id : 'wid_<?php
echo BB_JSSafe($bb_widget_id);
?>
',
display : '<?php
echo BB_JSSafe($bb_widget->_f);
?>
',
saveurl : Gx__URLBase,
saveparams : <?php
echo BB_CreateWidgetPropertiesJS("bb_content_edit_save", array(), true);
?>
,
wymtoolbar : 'bold,italic,superscript,subscript,pasteword,undo,redo,createlink,unlink,insertorderedlist,insertunorderedlist,indent,outdent',
wymeditorpostinit : bb_content_WYMEditorPostInit
};
var editopts = {
ismulti : true,
closelast : bb_content_ClosedAllContent,
width : '100%',
height : '300px'
};
CreateWYMEditorInstance('contenteditor', fileopts, editopts);
});
window.parent.CloseProperties2(false);
</script>
<?php
BB_RunPluginAction("post_bb_content_edit");
} else {
if (isset($_REQUEST["action"])) {
// Pass other requests onto the shortcode action handler.
if (isset($_REQUEST["sid"])) {
$sid = (int) $_REQUEST["sid"];
if (isset($bb_widget->shortcodes[$sid]) && isset($bb_widget->shortcodes[$sid]["_sn"])) {
$sname = $bb_widget->shortcodes[$sid]["_sn"];
if (isset($g_bb_content_shortcodes[$sname])) {
$shortcode = "bb_content_shortcode_" . $sname;
$shortcode = new $shortcode();
$this->currsid = $sid;
$shortcode->ProcessShortcodeAction($this);
}
}
}
}
}
}
}
}
}
}
}
}
public function GenerateSignup($admin)
{
if ($admin) {
return false;
}
$info = $this->GetInfo();
if ($info["terms"] != "" || $info["privacy"] != "") {
$terms = Str::ReplaceNewlines("\n", trim($info["terms"]));
if ($terms != "") {
if (strpos($terms, "\n") === false && (strtolower(substr($terms, 0, 7)) == "http://" || strtolower(substr($terms, 0, 8)) == "https://")) {
$termsurl = "<a href=\"" . htmlspecialchars($terms) . "\" target=\"_blank\">" . htmlspecialchars(BB_Translate("Terms of Service")) . "</a>";
} else {
$termsurl = htmlspecialchars(BB_Translate("Terms of Service"));
?>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Terms of Service"));
?>
</div>
<div class="sso_main_formdata"><textarea class="sso_main_textarea"><?php
echo htmlspecialchars($terms);
?>
</textarea></div>
</div>
<?php
}
}
$privacy = Str::ReplaceNewlines("\n", trim($info["privacy"]));
if ($privacy != "") {
if (strpos($privacy, "\n") === false && (strtolower(substr($privacy, 0, 7)) == "http://" || strtolower(substr($privacy, 0, 8)) == "https://")) {
$privacyurl = "<a href=\"" . htmlspecialchars($privacy) . "\" target=\"_blank\">" . htmlspecialchars(BB_Translate("Privacy Policy")) . "</a>";
} else {
$privacyurl = htmlspecialchars(BB_Translate("Privacy Policy"));
?>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Privacy Policy"));
?>
</div>
<div class="sso_main_formdata"><textarea class="sso_main_textarea"><?php
echo htmlspecialchars($privacy);
?>
</textarea></div>
</div>
<?php
}
}
if ($terms != "" && $privacy != "") {
$display = BB_Translate("I agree to the %s and %s.", $termsurl, $privacyurl);
} else {
if ($terms != "") {
$display = BB_Translate("I agree to the %s.", $termsurl);
} else {
$display = BB_Translate("I agree to the %s.", $privacyurl);
}
}
?>
<div class="sso_main_formitem">
<div class="sso_main_formdata"><input class="sso_main_checkbox" type="checkbox" id="<?php
echo SSO_FrontendField("sso_login_tos");
?>
" name="<?php
echo SSO_FrontendField("sso_login_tos");
?>
" value="yes"<?php
echo SSO_FrontendFieldValue("sso_login_tos") == "yes" ? " checked" : "";
?>
/> <label for="<?php
echo SSO_FrontendField("sso_login_tos");
?>
"><?php
echo $display;
?>
</label></div>
</div>
<script type="text/javascript">
jQuery('#<?php
echo SSO_FrontendField("sso_login_tos");
?>
').parent().find('label a').click(function(e) {
e.preventDefault();
window.open(jQuery(this).attr('href'));
});
</script>
<?php
}
}
public function GenerateRecovery2($messages)
{
if ($_REQUEST["sso_method"] == "sso_sms_recovery") {
?>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Recovery Phrase"));
?>
</div>
<div class="sso_main_formdata"><input class="sso_main_text" type="text" name="<?php
echo SSO_FrontendField("sso_login_sms_recovery_phrase");
?>
" value="<?php
echo htmlspecialchars(SSO_FrontendFieldValue("sso_login_sms_recovery_phrase", ""));
?>
" /></div>
<div class="sso_main_formdesc"><?php
echo htmlspecialchars(BB_Translate("Enter the recovery phrase that was sent via text message (SMS)."));
?>
</div>
</div>
<?php
}
}
function BB_PropertyFormLoadError($message, $alt = false)
{
BB_RunPluginActionInfo("pre_bb_propertyformloaderror", $message);
?>
<div class="error"><?php
echo htmlspecialchars(BB_Translate($message));
?>
</div>
<script type="text/javascript">
CloseProperties<?php
if ($alt) {
echo "2";
}
?>
();
</script>
<?php
exit;
}
private function DisplayreCAPTCHA($info)
{
global $sso_session_info;
if ($info["publickey"] != "" && $info["privatekey"] != "" && (!$info["remember"] || !isset($sso_session_info["sso_recaptcha_passed"]) || !$sso_session_info["sso_recaptcha_passed"])) {
?>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Human Verification"));
?>
</div>
<script src="https://www.google.com/recaptcha/api.js"></script>
<div class="g-recaptcha" data-sitekey="<?php
echo htmlspecialchars($info["publickey"]);
?>
" data-theme="<?php
echo htmlspecialchars($info["theme2"]);
?>
"></div>
<noscript><div class="sso_main_formdesc"><?php
echo htmlspecialchars(BB_Translate("You must enable Javascript to use this page."));
?>
</div></noscript>
</div>
<?php
}
}
public function GetTwoFactorName()
{
return BB_Translate("Google Authenticator");
}
