function process_attachments()
{
$res = '';
foreach ($this->attachments as $file) {
$content = Hm_Crypt::plaintext(@file_get_contents($file['filename']), Hm_Request_Key::generate());
if ($content) {
$content = chunk_split(base64_encode($content));
$res .= sprintf("\r\n--%s\r\nContent-Type: %s; name=\"%s\"\r\nContent-Description: %s\r\n" . "Content-Disposition: attachment; filename=\"%s\"\r\nContent-Transfer-Encoding: base64\r\n\r\n%s", $this->boundary, $file['type'], $file['name'], $file['name'], $file['name'], $content);
}
}
return $res;
}
public function process()
{
/* new session or one not passed the second auth */
if ($this->session->loaded || $this->session->get('2fa_required', false)) {
/* ini file location */
$ini_file = rtrim($this->config->get('app_data_dir', ''), '/') . '/swipeidentity.ini';
/* data for the swipe api */
$swipe_username = $this->session->get('username', false);
$swipe_address = $this->request->server['REMOTE_ADDR'];
$required = true;
/* get api config and object */
list($api, $api_config) = setup_swipe_api($ini_file);
$started = start_api($api, $api_config);
if (!$started) {
$this->out('2fa_fatal', true);
}
/* get current 2fa state */
if (!array_key_exists('2fa_sms_response', $this->request->post)) {
$state = get_secondfactor_state($api, $api_config, $swipe_username, $swipe_address);
} else {
$state = RC_SMS_DELIVERED;
}
/* pass a key and no redirect flag to the output modules */
$this->out('no_redirect', true);
Hm_Request_Key::load($this->session, $this->request, false);
$this->out('2fa_key', Hm_Request_Key::generate());
$sms_number = false;
$sms_response = false;
/* if the user has not registered a phone number yet look for one in POST */
if ($state == NEED_REGISTER_SMS && array_key_exists('sms_number', $this->request->post)) {
/* remove non numeric delimiters */
$sms_number = preg_replace("/[^\\d]/", "", $this->request->post['sms_number']);
/* US phone numbers only for now */
if (preg_match("/^1\\d{10}\$/", $sms_number)) {
$submit_number = $sms_number;
/* set the phone number using the api */
$api->setUserSmsNumber($swipe_username, $api_config["com.swipeidentity.api.appcode"], $submit_number);
/* refecth the status */
$state = get_secondfactor_state($api, $api_config, $swipe_username, $swipe_address);
/* number rejected by swipe */
if ($state == NEED_REGISTER_SMS) {
$this->out('2fa_error', 'Invalid phone number');
}
} else {
$this->out('2fa_error', 'Invalid phone number format');
}
} elseif ($state == RC_SMS_DELIVERED && array_key_exists('2fa_sms_response', $this->request->post)) {
if (preg_match("/^\\d{5}\$/", $this->request->post['2fa_sms_response'])) {
$sms_response = $this->request->post['2fa_sms_response'];
/* validate the sms response with the api */
$resp = $api->answerSMS($swipe_username, $api_config["com.swipeidentity.api.appcode"], $sms_response);
/* success! allow the user to login */
if ($resp->getReturnCode() == RC_SMS_ANSWER_ACCEPTED) {
$required = false;
} else {
$state = get_secondfactor_state($api, $api_config, $swipe_username, $swipe_address);
$this->out('2fa_error', 'Response did not match! A new sms code has been sent');
}
} else {
$this->out('2fa_error', 'Incorrectly formatted response, please re-enter the sms code');
}
}
/* if required is true we still have not completed the 2fa */
if ($required) {
/* pass required flag to modules */
$this->session->set('2fa_required', true);
$this->out('2fa_required', true);
$this->out('2fa_state', $state);
/* close the session early */
$this->session->close_early();
} else {
/* unset any previously set required flags */
$this->session->set('2fa_required', false);
$this->out('2fa_required', false);
}
}
}
protected function output()
{
$email = '';
$name = '';
$phone = '';
$button = '<input class="add_contact_submit" type="submit" name="add_contact" value="' . $this->trans('Add') . '" />';
$title = $this->trans('Add Local Contact');
$current = $this->get('current_contact', array());
if (!empty($current)) {
if (array_key_exists('email_address', $current)) {
$email = $current['email_address'];
}
if (array_key_exists('display_name', $current)) {
$name = $current['display_name'];
}
if (array_key_exists('phone_number', $current)) {
$phone = $current['phone_number'];
}
$title = $this->trans('Update Local Contact');
$button = '<input type="hidden" name="contact_id" value="' . $this->html_safe($current['id']) . '" />' . '<input class="edit_contact_submit" type="submit" name="edit_contact" value="' . $this->trans('Update') . '" />';
}
return '<div class="add_server"><div class="server_title">' . $title . '</div>' . '<form class="add_contact_form" method="POST">' . '<input type="hidden" name="hm_page_key" value="' . $this->html_safe(Hm_Request_Key::generate()) . '" />' . '<label class="screen_reader" for="contact_email">' . $this->trans('E-mail Address') . '</label>' . '<input autofocus required placeholder="' . $this->trans('E-mail Address') . '" id="contact_email" type="email" name="contact_email" ' . 'value="' . $this->html_safe($email) . '" /> *<br />' . '<label class="screen_reader" for="contact_name">' . $this->trans('Full Name') . '</label>' . '<input required placeholder="' . $this->trans('Full Name') . '" id="contact_name" type="text" name="contact_name" ' . 'value="' . $this->html_safe($name) . '" /> *<br />' . '<label class="screen_reader" for="contact_phone">' . $this->trans('Telephone Number') . '</label>' . '<input placeholder="' . $this->trans('Telephone Number') . '" id="contact_phone" type="text" name="contact_phone" ' . 'value="' . $this->html_safe($phone) . '" /><br />' . $button . ' <input type="button" class="reset_contact" value="' . $this->trans('Reset') . '" /></form></div>';
}
protected function output()
{
return '<div class="add_server"><div class="server_title">' . $this->trans('Add') . '</div>' . '<form class="add_contact_form" method="POST">' . '<input type="hidden" name="hm_page_key" value="' . $this->html_safe(Hm_Request_Key::generate()) . '" />' . '<label class="screen_reader" for="contact_email">' . $this->trans('E-mail Address') . '</label>' . '<input autofocus required placeholder="' . $this->trans('E-mail Address') . '" id="contact_email" type="email" name="contact_email" /> *<br />' . '<label class="screen_reader" for="contact_name">' . $this->trans('Full Name') . '</label>' . '<input required placeholder="' . $this->trans('Full Name') . '" id="contact_name" type="text" name="contact_name" /> *<br />' . '<label class="screen_reader" for="contact_phone">' . $this->trans('Telephone Number') . '</label>' . '<input placeholder="' . $this->trans('Telephone Number') . '" id="contact_phone" type="text" name="contact_phone" /><br />' . '<input class="add_contact_submit" type="submit" name="add_contact" value="' . $this->trans('Add') . '" />' . '</form></div>';
}
protected function output()
{
if ($this->format == 'HTML5') {
$count = count($this->get('feeds', array()));
$count = sprintf($this->trans('%d configured'), $count);
return '<div class="feed_server_setup"><div data-target=".feeds_section" class="server_section">' . '<img alt="" src="' . Hm_Image_Sources::$rss . '" width="16" height="16" />' . ' ' . $this->trans('Feeds') . ' <div class="server_count">' . $count . '</div></div><div class="feeds_section"><form class="add_server" method="POST">' . '<input type="hidden" name="hm_page_key" value="' . $this->html_safe(Hm_Request_Key::generate()) . '" />' . '<div class="subtitle">' . $this->trans('Add an RSS/ATOM Feed') . '</div><table>' . '<tr><td><label class="screen_reader" for="new_feed_name">' . $this->trans('Feed name') . '</label>' . '<input required type="text" id="new_feed_name" name="new_feed_name" class="txt_fld" value="" placeholder="' . $this->trans('Feed name') . '" /></td></tr>' . '<tr><td><label for="new_feed_address" class="screen_reader">' . $this->trans('Site address or feed URL') . '</label>' . '<input required type="url" id="new_feed_address" name="new_feed_address" class="txt_fld" placeholder="' . $this->trans('Site address or feed URL') . '" value="" /></td></tr>' . '<tr><td><input type="submit" value="' . $this->trans('Add') . '" name="submit_feed" /></td></tr>' . '</table></form>';
}
}
/**
* Build HTML for configured POP3 servers on the servers page
*/
protected function output()
{
$res = '';
foreach ($this->get('pop3_servers', array()) as $index => $vals) {
$no_edit = false;
if (isset($vals['user'])) {
$disabled = 'disabled="disabled"';
$user_pc = $vals['user'];
$pass_pc = $this->trans('[saved]');
} else {
$user_pc = '';
$pass_pc = $this->trans('Password');
$disabled = '';
}
if ($vals['name'] == 'Default-Auth-Server') {
$vals['name'] = $this->trans('Default');
$no_edit = true;
}
$res .= '<div class="configured_server">';
$res .= sprintf('<div class="server_title">%s</div><div class="server_subtitle">%s/%d %s</div>', $this->html_safe($vals['name']), $this->html_safe($vals['server']), $this->html_safe($vals['port']), $vals['tls'] ? 'TLS' : '');
$res .= '<form class="pop3_connect" method="POST">' . '<input type="hidden" name="hm_page_key" value="' . $this->html_safe(Hm_Request_Key::generate()) . '" />' . '<input type="hidden" name="pop3_server_id" value="' . $this->html_safe($index) . '" /><span> ' . '<label class="screen_reader" for="pop3_user_' . $index . '">' . $this->trans('POP3 username') . '</label>' . '<input ' . $disabled . ' id="pop3_user_' . $index . '" class="credentials" placeholder="' . $this->trans('Username') . '" type="text" name="pop3_user" value="' . $user_pc . '"></span>' . '<span> <label class="screen_reader" for="pop3_password_' . $index . '">' . $this->trans('POP3 password') . '</label>' . '<input ' . $disabled . ' id="pop3_password_' . $index . '" class="credentials pop3_password" placeholder="' . $pass_pc . '" type="password" name="pop3_pass"></span>';
if (!$no_edit) {
$res .= '<input type="submit" value="Test" class="test_pop3_connect" />';
if (!isset($vals['user']) || !$vals['user']) {
$res .= '<input type="submit" value="' . $this->trans('Delete') . '" class="delete_pop3_connection" />';
$res .= '<input type="submit" value="' . $this->trans('Save') . '" class="save_pop3_connection" />';
} else {
$res .= '<input type="submit" value="' . $this->trans('Delete') . '" class="delete_pop3_connection" />';
$res .= '<input type="submit" value="' . $this->trans('Forget') . '" class="forget_pop3_connection" />';
}
$res .= '<input type="hidden" value="ajax_pop3_debug" name="hm_ajax_hook" />';
}
$res .= '</form></div>';
}
$res .= '<br class="clear_float" /></div></div>';
return $res;
}
/**
* Outputs save form
*/
protected function output()
{
$changed = $this->get('changed_settings', array());
$res = '<div class="save_settings_page"><div class="content_title">' . $this->trans('Save Settings') . '</div>';
$res .= '<div class="save_details">' . $this->trans('Settings are not saved permanently on the server unless you explicitly allow it. ' . 'If you don\'t save your settings, any changes made since you last logged in will be deleted when your ' . 'session expires or you logout. You must re-enter your password for security purposes to save your settings ' . 'permanently.');
$res .= '<div class="save_subtitle">' . $this->trans('Unsaved Changes') . '</div>';
$res .= '<ul class="unsaved_settings">';
if (!empty($changed)) {
$changed = array_count_values($changed);
foreach ($changed as $change => $num) {
$res .= '<li>' . $this->trans($change) . ' (' . $this->html_safe($num) . 'X)</li>';
}
} else {
$res .= '<li>' . $this->trans('No changes need to be saved') . '</li>';
}
$res .= '</ul></div><div class="save_perm_form"><form method="post">' . '<input type="hidden" name="hm_page_key" value="' . $this->html_safe(Hm_Request_Key::generate()) . '" />' . '<label class="screen_reader" for="password">Password</label><input required id="password" ' . 'name="password" class="save_settings_password" type="password" placeholder="' . $this->trans('Password') . '" />' . '<input class="save_settings" type="submit" name="save_settings_permanently" value="' . $this->trans('Save') . '" />' . '<input class="save_settings" type="submit" name="save_settings_permanently_then_logout" value="' . $this->trans('Save and Logout') . '" />' . '</form></div>';
$res .= '</div>';
return $res;
}
protected function output()
{
$details = $this->get('github_connect_details', array());
$res = '<div class="github_connect"><div data-target=".github_connect_section" class="server_section">' . '<img src="' . Hm_Image_Sources::$code . '" alt="" width="16" height="16" /> ' . $this->trans('Github Connect') . '</div><div class="github_connect_section"><div class="add_server">';
if (empty($details)) {
$res .= 'Connect to Github<br /><br />';
$res .= '<a href="' . $this->get('github_auth_url', '') . '">' . $this->trans('Enable') . '</a></div></div>';
} else {
$res .= $this->trans('Already connected');
$res .= '<br /><form method="POST">';
$res .= '<input type="hidden" name="hm_page_key" value="' . $this->html_safe(Hm_Request_Key::generate()) . '" />';
$res .= '<input type="submit" name="github_disconnect" class="github_disconnect" value="' . $this->trans('Disconnect') . '" />';
$res .= '</form>';
}
return $res . '</div>';
}
/**
* @preserveGlobalState disabled
* @runInSeparateProcess
*/
public function test_key_generate()
{
$this->assertEquals('fakefingerprint', Hm_Request_Key::generate());
}
protected function output()
{
$details = $this->get('wp_connect_details', array());
$res = '<div class="wordpress_connect"><div data-target=".wordpress_connect_section" class="server_section">' . '<img src="' . Hm_Image_Sources::$key . '" alt="" width="16" height="16" /> ' . $this->trans('WordPress.com Connect') . '</div><div class="wordpress_connect_section">';
if (empty($details)) {
$res .= 'Connect to WordPress.com to view notifications and posts.<br /><br />';
$res .= '<a href="' . $this->get('wp_auth_url', '') . '">' . $this->trans('Enable') . '</a></div></div>';
} else {
$res .= $this->trans('Already connected');
$res .= '<br /><form method="POST">';
$res .= '<input type="hidden" name="hm_page_key" value="' . $this->html_safe(Hm_Request_Key::generate()) . '" />';
$res .= '<input type="submit" name="wp_disconnect" class="wp_disconnect" value="' . $this->trans('Disconnect') . '" />';
$res .= '</form></div></div>';
}
return $res;
}
/**
* Build the HTML for the add server dialog
*/
protected function output()
{
$count = count($this->get('imap_servers', array()));
$count = sprintf($this->trans('%d configured'), $count);
return '<div class="imap_server_setup"><div data-target=".imap_section" class="server_section">' . '<img alt="" src="' . Hm_Image_Sources::$env_closed . '" width="16" height="16" />' . ' ' . $this->trans('IMAP Servers') . '<div class="server_count">' . $count . '</div></div><div class="imap_section"><form class="add_server" method="POST">' . '<input type="hidden" name="hm_page_key" value="' . $this->html_safe(Hm_Request_Key::generate()) . '" />' . '<div class="subtitle">' . $this->trans('Add an IMAP Server') . '</div><table>' . '<tr><td colspan="2"><label class="screen_reader" for="new_imap_name">' . $this->trans('Account name') . '</label>' . '<input id="new_imap_name" required type="text" name="new_imap_name" class="txt_fld" value="" placeholder="' . $this->trans('Account name') . '" /></td></tr>' . '<tr><td colspan="2"><label class="screen_reader" for="new_imap_address">' . $this->trans('Server address') . '</label>' . '<input required type="text" id="new_imap_address" name="new_imap_address" class="txt_fld" placeholder="' . $this->trans('IMAP server address') . '" value=""/></td></tr>' . '<tr><td colspan="2"><label class="screen_reader" for="new_imap_port">' . $this->trans('IMAP port') . '</label>' . '<input required type="number" id="new_imap_port" name="new_imap_port" class="port_fld" value="" placeholder="' . $this->trans('Port') . '"></td></tr>' . '<tr><td colspan="2"><input type="checkbox" id="new_imap_hidden" name="new_imap_hidden" class="" value="1">' . '<label for="new_imap_hidden">' . $this->trans('Hide From Combined Pages') . '</label></td></tr>' . '<tr><td><input type="checkbox" name="tls" value="1" id="imap_tls" checked="checked" /> <label for="imap_tls">' . $this->trans('Use TLS') . '</label></td>' . '<td><input type="submit" value="' . $this->trans('Add') . '" name="submit_imap_server" /></td></tr>' . '</table></form>';
}
protected function output()
{
$res = '';
if ($this->get('internal_users')) {
$res .= '<div class="chg_pass_page"><div class="content_title">' . $this->trans('Change Password') . '</div>' . '<div class="change_pass"><form method="POST">' . '<input type="hidden" name="hm_page_key" value="' . Hm_Request_Key::generate() . '" />' . '<label class="screen_reader" for="new_pass1">' . $this->trans('New password') . '</label>' . '<input required type="password" id="new_pass1" name="new_pass1" placeholder="' . $this->trans('New password') . '" /><br />' . '<label class="screen_reader" for="new_pass2">' . $this->trans('New password again') . '</label>' . '<input required type="password" id="new_pass2" name="new_pass2" placeholder="' . $this->trans('New password again') . '" /><br />' . '<label class="screen_reader" for="old_pass">' . $this->trans('Current password') . '</label>' . '<input required type="password" id="old_pass" name="old_pass" placeholder="' . $this->trans('Current password') . '" /><br />' . '<input type="submit" name="change_password" value="' . $this->trans('Update') . '" />';
$res .= '</form></div></div>';
}
return $res;
}