$status = SEC_authenticate($loginname, $passwd, $uid); if ($status == USER_ACCOUNT_ACTIVE) { $local_login = true; } } else { $status = -2; } // begin distributed (3rd party) remote authentication method } elseif (!empty($loginname) && $_CONF['user_login_method']['3rdparty'] && $_CONF['usersubmission'] == 0 && $service != '') { COM_updateSpeedlimit('login'); //pass $loginname by ref so we can change it ;-) $status = SEC_remoteAuthentication($loginname, $passwd, $service, $uid); // end distributed (3rd party) remote authentication method // begin OAuth authentication method(s) } elseif ($_CONF['user_login_method']['oauth'] && isset($_GET['oauth_login'])) { $modules = SEC_collectRemoteOAuthModules(); $active_service = count($modules) == 0 ? false : in_array($_GET['oauth_login'], $modules); if (!$active_service) { $status = -1; COM_errorLog("OAuth login failed - there was no consumer available for the service:" . $_GET['oauth_login']); } else { $query = array_merge($_GET, $_POST); $service = $query['oauth_login']; COM_clearSpeedlimit($_CONF['login_speedlimit'], $service); if (COM_checkSpeedlimit($service, $_CONF['login_attempts']) > 0) { displayLoginErrorAndAbort(82, $LANG12[26], $LANG04[112]); } require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php'; $consumer = new OAuthConsumer($service); $callback_url = $_CONF['site_url'] . '/users.php?oauth_login=' . $service; $consumer->setRedirectURL($callback_url);
/** * Displays a login form * * This is the version of the login form displayed in the content area of the * page (not the side bar). It will present all options (remote authentication * - including new registration link, etc.) according to the current * configuration settings. * * @param array $use_options options to override default settings * @return string HTML of the login form * */ function SEC_loginForm($use_options = array()) { global $_CONF, $_USER, $LANG01, $LANG04; $retval = ''; $default_options = array('forgotpw_link' => true, 'hidden_fields' => '', 'oauth_login' => true, '3rdparty_login' => true, 'newreg_link' => true, 'verification_link' => false, 'plugin_vars' => true, 'prefill_user' => false, 'title' => $LANG04[65], 'message' => '', 'footer_message' => '', 'button_text' => $LANG04[80], 'form_action' => $_CONF['site_url'] . '/users.php'); $options = array_merge($default_options, $use_options); $loginform = new Template($_CONF['path_layout'] . 'users'); $loginform->set_file('login', 'loginform.thtml'); $loginform->set_var('form_action', $options['form_action']); $loginform->set_var('footer_message', $options['footer_message']); $loginform->set_var('start_block_loginagain', COM_startBlock($options['title'])); $loginform->set_var('lang_message', $options['message']); if ($options['newreg_link'] == false || $_CONF['disable_new_user_registration']) { $loginform->set_var('lang_newreglink', ''); } else { $loginform->set_var('lang_newreglink', $LANG04[123]); } $loginform->set_var('lang_username', $LANG04[2]); $loginform->set_var('lang_password', $LANG01[57]); if ($options['forgotpw_link']) { $loginform->set_var('lang_forgetpassword', $LANG04[25]); $forget = COM_createLink($LANG04[25], $_CONF['site_url'] . '/users.php?mode=getpassword', array('rel' => 'nofollow')); $loginform->set_var('forgetpassword_link', $forget); } else { $loginform->set_var('lang_forgetpassword', ''); $loginform->set_var('forgetpassword_link', ''); } $loginform->set_var('lang_login', $options['button_text']); $loginform->set_var('end_block', COM_endBlock()); // 3rd party remote authentication. $services = ''; if ($options['3rdparty_login'] && $_CONF['user_login_method']['3rdparty'] && $_CONF['usersubmission'] == 0) { $modules = SEC_collectRemoteAuthenticationModules(); if (count($modules) > 0) { if (!$_CONF['user_login_method']['standard'] && count($modules) == 1) { $select = '<input type="hidden" name="service" value="' . $modules[0] . '"/>' . $modules[0] . LB; } else { // Build select $select = '<select name="service">'; if ($_CONF['user_login_method']['standard']) { $select .= '<option value="">' . $_CONF['site_name'] . '</option>' . LB; } foreach ($modules as $service) { $select .= '<option value="' . $service . '">' . $service . '</option>' . LB; } $select .= '</select>'; } $loginform->set_file('services', 'services.thtml'); $loginform->set_var('lang_service', $LANG04[121]); $loginform->set_var('select_service', $select); $loginform->parse('output', 'services'); $services .= $loginform->finish($loginform->get_var('output')); } } if (!empty($options['hidden_fields'])) { // allow caller to (ab)use {services} for hidden fields $services .= $options['hidden_fields']; $loginform->set_var('hidden_fields', $options['hidden_fields']); } $loginform->set_var('services', $services); // OAuth remote authentication. if ($options['oauth_login'] && $_CONF['user_login_method']['oauth']) { $modules = SEC_collectRemoteOAuthModules(); if (count($modules) == 0) { $loginform->set_var('oauth_login', ''); } else { $html_oauth = ''; foreach ($modules as $service) { $loginform->set_file('oauth_login', '../loginform_oauth.thtml'); $loginform->set_var('oauth_service', $service); $loginform->set_var('oauth_service_display', ucwords($service)); // for sign in image $loginform->set_var('oauth_sign_in_image', $_CONF['site_url'] . '/images/login-with-' . $service . '.png'); $loginform->parse('output', 'oauth_login'); $html_oauth .= $loginform->finish($loginform->get_var('output')); } $loginform->set_var('oauth_login', $html_oauth); } } else { $loginform->set_var('oauth_login', ''); } if ($options['verification_link']) { $loginform->set_var('lang_verification', $LANG04[169]); $verify = COM_createLink($LANG04[25], $_CONF['site_url'] . '/users.php?mode=getnewtoken', array('rel' => 'nofollow')); $loginform->set_var('verification_link', $verify); } else { $loginform->set_var('lang_verification', ''); $loginform->set_var('verification_link', ''); } if ($options['prefill_user'] && isset($_USER['username']) && $_USER['username'] != '') { $loginform->set_var('loginname', $_USER['username']); $loginform->set_var('focus', 'passwd'); } else { $loginform->set_var('loginname', ''); $loginform->set_var('focus', 'loginname'); } if ($options['plugin_vars']) { PLG_templateSetVars('loginform', $loginform); } $loginform->parse('output', 'login'); $retval .= $loginform->finish($loginform->get_var('output')); return $retval; }
/** * Displays a login form * This is the version of the login form displayed in the content area of the * page (not the side bar). It will present all options (remote authentication * - including OpenID, new registration link, etc.) according to the current * configuration settings. * * @param array $use_config options to override some of the defaults * @return string HTML of the login form */ function SEC_loginForm($use_config = array()) { global $_CONF, $LANG01, $LANG04, $_SCRIPTS; $retval = ''; $have_remote_login = false; $default_config = array('hide_forgotpw_link' => false, 'hidden_fields' => '', 'no_oauth_login' => false, 'no_3rdparty_login' => false, 'no_openid_login' => false, 'no_newreg_link' => false, 'no_plugin_vars' => false, 'title' => $LANG04[65], 'message' => $LANG04[66], 'button_text' => $LANG04[80]); $config = array_merge($default_config, $use_config); $loginform = COM_newTemplate($_CONF['path_layout'] . 'users'); $loginform->set_file('login', 'loginform.thtml'); $loginform->set_var('start_block_loginagain', COM_startBlock($config['title'])); $loginform->set_var('lang_message', $config['message']); if ($config['no_newreg_link'] || $_CONF['disable_new_user_registration']) { $loginform->set_var('lang_newreglink', ''); } else { $loginform->set_var('lang_newreglink', $LANG04[123]); } $loginform->set_var('lang_username', $LANG04[2]); $loginform->set_var('lang_password', $LANG01[57]); if ($config['hide_forgotpw_link']) { $loginform->set_var('lang_forgetpassword', ''); $loginform->set_var('forgetpassword_link', ''); } else { $loginform->set_var('lang_forgetpassword', $LANG04[25]); $forget = COM_createLink($LANG04[25], $_CONF['site_url'] . '/users.php?mode=getpassword', array('rel' => 'nofollow')); $loginform->set_var('forgetpassword_link', $forget); } $loginform->set_var('lang_login', $config['button_text']); $loginform->set_var('lang_remote_login', $LANG04[167]); $loginform->set_var('lang_remote_login_desc', $LANG04[168]); $loginform->set_var('end_block', COM_endBlock()); // 3rd party remote authentification. $services = ''; if (!$config['no_3rdparty_login'] && $_CONF['user_login_method']['3rdparty'] && $_CONF['usersubmission'] == 0) { $modules = SEC_collectRemoteAuthenticationModules(); if (count($modules) > 0) { if (!$_CONF['user_login_method']['standard'] && count($modules) == 1) { $select = '<input type="hidden" name="service" value="' . $modules[0] . '"' . XHTML . '>' . $modules[0]; } else { // Build select $select = '<select name="service">'; if ($_CONF['user_login_method']['standard']) { $select .= '<option value="">' . $_CONF['site_name'] . '</option>'; } foreach ($modules as $service) { $select .= '<option value="' . $service . '">' . $service . '</option>'; } $select .= '</select>'; } $loginform->set_file('services', 'services.thtml'); $loginform->set_var('lang_service', $LANG04[121]); $loginform->set_var('select_service', $select); $loginform->parse('output', 'services'); $services .= $loginform->finish($loginform->get_var('output')); } } if (!empty($config['hidden_fields'])) { // allow caller to (ab)use {services} for hidden fields $services .= $config['hidden_fields']; } $loginform->set_var('services', $services); // OpenID remote authentification. if (!$config['no_openid_login'] && $_CONF['user_login_method']['openid'] && $_CONF['usersubmission'] == 0 && !$_CONF['disable_new_user_registration']) { $have_remote_login = true; $_SCRIPTS->setJavascriptFile('login', '/javascript/login.js'); $loginform->set_file('openid_login', '../loginform_openid.thtml'); $loginform->set_var('lang_openid_login', $LANG01[128]); $loginform->set_var('input_field_size', 40); // for backward compatibility - not used any more $app_url = isset($_SERVER['SCRIPT_URI']) ? $_SERVER['SCRIPT_URI'] : 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']; $loginform->set_var('app_url', $app_url); $loginform->parse('output', 'openid_login'); $loginform->set_var('openid_login', $loginform->finish($loginform->get_var('output'))); } else { $loginform->set_var('openid_login', ''); } // OAuth remote authentification. if (!$config['no_oauth_login'] && $_CONF['user_login_method']['oauth'] && $_CONF['usersubmission'] == 0 && !$_CONF['disable_new_user_registration']) { $have_remote_login = true; $_SCRIPTS->setJavascriptFile('login', '/javascript/login.js'); $modules = SEC_collectRemoteOAuthModules(); if (count($modules) == 0) { $loginform->set_var('oauth_login', ''); } else { $html_oauth = ''; // Grab oauth icons from theme if ($_CONF['theme_oauth_icons']) { $icon_path = $_CONF['layout_url'] . '/images/'; } else { $icon_path = $_CONF['site_url'] . '/images/'; } foreach ($modules as $service) { $loginform->set_file('oauth_login', '../loginform_oauth.thtml'); $loginform->set_var('oauth_service', $service); $loginform->set_var('lang_oauth_service', $LANG01[$service]); // for sign in image $loginform->set_var('oauth_sign_in_image', $icon_path . $service . '-login-icon.png'); $loginform->parse('output', 'oauth_login'); $html_oauth .= $loginform->finish($loginform->get_var('output')); } $loginform->set_var('oauth_login', $html_oauth); } } else { $loginform->set_var('oauth_login', ''); } if ($have_remote_login) { $loginform->set_var('remote_login_class', 'remote-login-enabled'); } if (!$config['no_plugin_vars']) { PLG_templateSetVars('loginform', $loginform); } $loginform->parse('output', 'login'); $retval .= $loginform->finish($loginform->get_var('output')); return $retval; }
/** * Shows the user their menu options * * This shows the average Joe User their menu options. This is the user block on the left side * * @param string $help Help file to show * @param string $title Title of Menu * @param string $position Side being shown on 'left', 'right'. Though blank works not likely. * @see function COM_adminMenu * */ function COM_userMenu($help = '', $title = '', $position = '') { global $_TABLES, $_CONF, $LANG01, $LANG04, $_BLOCK_TEMPLATE; $retval = ''; if (!COM_isAnonUser()) { $usermenu = COM_newTemplate($_CONF['path_layout']); if (isset($_BLOCK_TEMPLATE['useroption'])) { $templates = explode(',', $_BLOCK_TEMPLATE['useroption']); $usermenu->set_file(array('option' => $templates[0], 'current' => $templates[1])); } else { $usermenu->set_file(array('option' => 'useroption.thtml', 'current' => 'useroption_off.thtml')); } $usermenu->set_var('block_name', str_replace('_', '-', 'user_block')); if (empty($title)) { $title = DB_getItem($_TABLES['blocks'], 'title', "name='user_block'"); } // what's our current URL? $thisUrl = COM_getCurrentURL(); $retval .= COM_startBlock($title, $help, COM_getBlockTemplate('user_block', 'header', $position)); // This function will show the user options for all installed plugins // (if any) $plugin_options = PLG_getUserOptions(); $nrows = count($plugin_options); for ($i = 0; $i < $nrows; $i++) { $plg = current($plugin_options); $usermenu->set_var('option_label', $plg->adminlabel); if (!empty($plg->numsubmissions)) { $usermenu->set_var('option_count', '(' . $plg->numsubmissions . ')'); } else { $usermenu->set_var('option_count', ''); } $usermenu->set_var('option_url', $plg->adminurl); if ($thisUrl == $plg->adminurl) { $retval .= $usermenu->parse('item', 'current'); } else { $retval .= $usermenu->parse('item', 'option'); } next($plugin_options); } $url = $_CONF['site_url'] . '/usersettings.php'; $usermenu->set_var('option_label', $LANG01[48]); $usermenu->set_var('option_count', ''); $usermenu->set_var('option_url', $url); if ($thisUrl == $url) { $retval .= $usermenu->parse('item', 'current'); } else { $retval .= $usermenu->parse('item', 'option'); } $url = $_CONF['site_url'] . '/users.php?mode=logout'; $usermenu->set_var('option_label', $LANG01[19]); $usermenu->set_var('option_count', ''); $usermenu->set_var('option_url', $url); $retval .= $usermenu->finish($usermenu->parse('item', 'option')); $retval .= COM_endBlock(COM_getBlockTemplate('user_block', 'footer', $position)); } else { $retval .= COM_startBlock($LANG01[47], $help, COM_getBlockTemplate('user_block', 'header', $position)); $login = COM_newTemplate($_CONF['path_layout']); $login->set_file('form', 'loginform.thtml'); $login->set_var('lang_username', $LANG01[21]); $login->set_var('lang_password', $LANG01[57]); $login->set_var('lang_forgetpassword', $LANG01[119]); $login->set_var('lang_login', $LANG01[58]); if ($_CONF['disable_new_user_registration']) { $login->set_var('lang_signup', ''); } else { $login->set_var('lang_signup', $LANG01[59]); } // 3rd party remote authentification. if ($_CONF['user_login_method']['3rdparty'] && !$_CONF['usersubmission']) { $modules = SEC_collectRemoteAuthenticationModules(); if (count($modules) == 0) { $user_templates->set_var('services', ''); } else { if (!$_CONF['user_login_method']['standard'] && count($modules) == 1) { $select = '<input type="hidden" name="service" value="' . $modules[0] . '"' . XHTML . '>' . $modules[0]; } else { // Build select $select = '<select name="service" id="service">'; if ($_CONF['user_login_method']['standard']) { $select .= '<option value="">' . $_CONF['site_name'] . '</option>'; } foreach ($modules as $service) { $select .= '<option value="' . $service . '">' . $service . '</option>'; } $select .= '</select>'; } $login->set_file('services', 'blockservices.thtml'); $login->set_var('lang_service', $LANG04[121]); $login->set_var('select_service', $select); $login->parse('output', 'services'); $login->set_var('services', $login->finish($login->get_var('output'))); } } else { $login->set_var('services', ''); } // OpenID remote authentification. if ($_CONF['user_login_method']['openid'] && $_CONF['usersubmission'] == 0 && !$_CONF['disable_new_user_registration']) { $login->set_file('openid_login', 'loginform_openid.thtml'); $login->set_var('lang_openid_login', $LANG01[128]); $login->set_var('input_field_size', 18); $login->set_var('app_url', $_CONF['site_url'] . '/users.php'); $login->parse('output', 'openid_login'); $login->set_var('openid_login', $login->finish($login->get_var('output'))); } else { $login->set_var('openid_login', ''); } // OAuth remote authentification. if ($_CONF['user_login_method']['oauth'] && $_CONF['usersubmission'] == 0 && !$_CONF['disable_new_user_registration']) { $modules = SEC_collectRemoteOAuthModules(); if (count($modules) == 0) { $login->set_var('oauth_login', ''); } else { $html_oauth = ''; foreach ($modules as $service) { $login->set_file('oauth_login', 'loginform_oauth.thtml'); $login->set_var('oauth_service', $service); // for sign in image $login->set_var('oauth_sign_in_image', $_CONF['site_url'] . '/images/login-with-' . $service . '.png'); $login->set_var('oauth_sign_in_image_style', ''); $login->parse('output', 'oauth_login'); $html_oauth .= $login->finish($login->get_var('output')); } $login->set_var('oauth_login', $html_oauth); } } else { $login->set_var('oauth_login', ''); } PLG_templateSetVars('loginblock', $login); $retval .= $login->finish($login->parse('output', 'form')); $retval .= COM_endBlock(COM_getBlockTemplate('user_block', 'footer', $position)); } return $retval; }
/** * Saves the user's information back to the database * * @param array $A User's data * @return string HTML error message or meta redirect * */ function saveuser($A) { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE; if ($_US_VERBOSE) { COM_errorLog('**** Inside saveuser in usersettings.php ****', 1); } $reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}"); if ($reqid != $A['uid']) { DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']); COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}."); return COM_refresh($_CONF['site_url'] . '/index.php'); } if (!isset($A['cooktime'])) { // If not set or possibly removed from template - set to default $A['cooktime'] = $_CONF['default_perm_cookie_timeout']; } else { $A['cooktime'] = COM_applyFilter($A['cooktime'], true); } // If empty or invalid - set to user default // So code after this does not fail the user password required test if ($A['cooktime'] < 0) { // note that == 0 is allowed! $A['cooktime'] = $_USER['cookietimeout']; } // to change the password, email address, or cookie timeout, // we need the user's current password $service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$_USER['uid']}"); if ($service == '') { if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) { // verify password if (empty($A['old_passwd']) || SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) < 0) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83'); } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}"); } } } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}"); } } } else { if ($A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) { // re athenticate remote user again for these changes to take place // Can't just be done here since user may have to relogin to his service which then sends us back here and we lose his changes } } // no need to filter the password as it's encoded anyway if ($_CONF['allow_username_change'] == 1) { $A['new_username'] = COM_applyFilter($A['new_username']); if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) { $A['new_username'] = DB_escapeString($A['new_username']); if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) { if ($_CONF['allow_user_photo'] == 1) { $photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}"); if (!empty($photo)) { $newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; if (rename($imgpath . $photo, $imgpath . $newphoto) === false) { $display = COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".'); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[21])); return $display; } DB_change($_TABLES['users'], 'photo', DB_escapeString($newphoto), "uid", $_USER['uid']); } } DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']); } else { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51'); } } } // a quick spam check with the unfiltered field contents $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1><p>'; // this is a hack, for some reason remoteservice links made SPAMX SLV check barf if (empty($service)) { $profile .= COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>'; } $profile .= $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>'; $result = PLG_checkforSpam($profile, $_CONF['spamx']); if ($result > 0) { COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $A['email'] = COM_applyFilter($A['email']); $A['email_conf'] = COM_applyFilter($A['email_conf']); $A['homepage'] = COM_applyFilter($A['homepage']); // basic filtering only $A['fullname'] = strip_tags(COM_stripslashes($A['fullname'])); $A['location'] = strip_tags(COM_stripslashes($A['location'])); $A['sig'] = strip_tags(COM_stripslashes($A['sig'])); $A['about'] = strip_tags(COM_stripslashes($A['about'])); $A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey'])); if (!COM_isEmail($A['email'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52'); } else { if ($A['email'] !== $A['email_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78'); } else { if (emailAddressExists($A['email'], $_USER['uid'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56'); } else { $passwd = ''; if ($service == '') { if (!empty($A['passwd'])) { if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) == 0) { SEC_updateUserPassword($A['passwd'], $_USER['uid']); if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; } else { $cooktime = -1000; } SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime); } elseif (SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) < 0) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68'); } elseif ($A['passwd'] != $A['passwd_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67'); } } } else { // Cookie if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; } else { $cooktime = -1000; } SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime); } if ($_US_VERBOSE) { COM_errorLog('cooktime = ' . $A['cooktime'], 1); } if ($A['cooktime'] <= 0) { $cooktime = 1000; SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime); } else { SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']); } if ($_CONF['allow_user_photo'] == 1) { $delete_photo = ''; if (isset($A['delete_photo'])) { $delete_photo = $A['delete_photo']; } $filename = handlePhotoUpload($delete_photo); } if (!empty($A['homepage'])) { $pos = MBYTE_strpos($A['homepage'], ':'); if ($pos === false) { $A['homepage'] = 'http://' . $A['homepage']; } else { $prot = substr($A['homepage'], 0, $pos + 1); if ($prot != 'http:' && $prot != 'https:') { $A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1); } } $A['homepage'] = DB_escapeString($A['homepage']); } $A['fullname'] = DB_escapeString($A['fullname']); $A['email'] = DB_escapeString($A['email']); $A['location'] = DB_escapeString($A['location']); $A['sig'] = DB_escapeString($A['sig']); $A['about'] = DB_escapeString($A['about']); $A['pgpkey'] = DB_escapeString($A['pgpkey']); if (!empty($filename)) { if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) { $filename = ''; } } DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}"); DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}"); // Call custom registration save function if enabled and exists if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($_USER['uid']); } PLG_userInfoChanged($_USER['uid']); // at this point, the user information has been saved, but now we're going to check to see if // the user has requested resynchronization with their remoteservice account $msg = 5; // default msg = Your account information has been successfully saved if (isset($A['resynch'])) { if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) { $modules = SEC_collectRemoteOAuthModules(); $active_service = count($modules) == 0 ? false : in_array(substr($_USER['remoteservice'], 6), $modules); if (!$active_service) { $status = -1; $msg = 115; // Remote service has been disabled. } else { require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php'; $service = substr($_USER['remoteservice'], 6); $consumer = new OAuthConsumer($service); $callback_url = $_CONF['site_url']; $consumer->setRedirectURL($callback_url); $user = $consumer->authenticate_user(); $consumer->doSynch($user); } } if ($msg != 5) { $msg = 114; // Account saved but re-synch failed. COM_errorLog($MESSAGE[$msg]); } } if ($_US_VERBOSE) { COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1); } return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=' . $msg); } } } }
function USER_accountPanel($U, $newuser = 0) { global $_CONF, $_SYSTEM, $_TABLES, $_USER, $LANG_MYACCOUNT, $LANG04, $LANG28; $uid = $U['uid']; // set template $userform = new Template($_CONF['path_layout'] . 'admin/user/'); $userform->set_file('user', 'accountpanel.thtml'); // get users display name $display_name = COM_getDisplayName($uid); // define all the language constants... $userform->set_var(array('lang_name_legend' => $LANG04[128], 'lang_userid' => $LANG28[2], 'lang_regdate' => $LANG28[14], 'lang_lastlogin' => $LANG28[35], 'lang_username' => $LANG04[2], 'lang_fullname' => $LANG04[3], 'lang_user_status' => $LANG28[46], 'lang_password_email_legend' => $LANG04[129], 'lang_password_help_title' => $LANG04[146], 'lang_enter_current_password' => $LANG04[127], 'lang_password_help' => $LANG04[147], 'lang_old_password' => $LANG04[110], 'lang_password' => $LANG04[4], 'lang_password_conf' => $LANG04[108], 'lang_cooktime' => $LANG04[68], 'lang_email' => $LANG04[5], 'lang_email_conf' => $LANG04[124], 'lang_deleteaccount' => $LANG04[156], 'lang_deleteoption' => $LANG04[156], 'lang_button_delete' => $LANG04[96])); if (empty($uid) || $uid < 2) { $userform->set_var('lang_email_password', $LANG04[28]); } if (!empty($uid) && $uid > 1) { $curtime = COM_getUserDateTimeFormat($U['regdate']); $lastlogin = DB_getItem($_TABLES['userinfo'], 'lastlogin', "uid = '{$uid}'"); $lasttime = COM_getUserDateTimeFormat($lastlogin); } else { $U['uid'] = ''; $uid = ''; $curtime = COM_getUserDateTimeFormat(); $lastlogin = ''; $lasttime = ''; $A['status'] = USER_ACCOUNT_ACTIVE; $newuser = 1; } if ($U['uid'] == '') { $userform->set_var('user_id', $LANG28[15]); } else { $userform->set_var('user_id', $U['uid']); } $userform->set_var('regdate_timestamp', $curtime[1]); $userform->set_var('user_regdate', $curtime[0]); if (empty($lastlogin)) { $userform->set_var('user_lastlogin', $LANG28[36]); } else { $userform->set_var('user_lastlogin', $lasttime[0]); } $userform->set_var('user_name', $U['username']); $userform->set_var('fullname_value', @htmlspecialchars($U['fullname'], ENT_NOQUOTES, COM_getEncodingt())); $remote_user_display = 'none'; $remote_user_checked = ''; $pwd_disabled = ''; $remote_user_edit = 0; if ($_CONF['user_login_method']['3rdparty'] || $_CONF['user_login_method']['oauth']) { // && $U['account_type'] & REMOTE_USER /*$allow_remote_user */) { $modules = array(); if ($U['account_type'] & REMOTE_USER) { $remote_user_checked = ' checked="checked"'; $pwd_disabled = ' disabled="disabled"'; $remote_user_display = ''; if (isset($U['uid']) && $U['uid'] > 2) { $remote_user_edit = 1; } } if ($_CONF['user_login_method']['3rdparty']) { $modules = SEC_collectRemoteAuthenticationModules(); } $service_select = '<select name="remoteservice" id="remoteservice"'; if ($remote_user_edit == 1) { $service_select .= ' disabled="disabled"'; } $service_select .= '>' . LB; if (count($modules) > 0) { foreach ($modules as $service) { $service_select .= '<option value="' . $service . '"' . ($U['remoteservice'] == $service ? ' selected="selected"' : '') . '>' . $service . '</option>' . LB; } } if ($_CONF['user_login_method']['oauth']) { $modules = SEC_collectRemoteOAuthModules(); if (count($modules) > 0) { foreach ($modules as $service) { $service_select .= '<option value="' . 'oauth.' . $service . '"' . ($U['remoteservice'] == 'oauth.' . $service ? ' selected="selected"' : '') . '>' . $service . '</option>' . LB; } } } $service_select .= '</select>' . LB; $userform->set_var('remoteusername', @htmlspecialchars($U['remoteusername'], ENT_NOQUOTES, COM_getEncodingt())); $userform->set_var('remoteservice_select', $service_select); $userform->set_var('remote_user_checked', $remote_user_checked); $userform->set_var('remote_user_display', $remote_user_display); $userform->set_var('remoteuserenable', '1'); $userform->set_var('lang_remoteuser', $LANG04[163]); $userform->set_var('lang_remoteusername', $LANG04[164]); $userform->set_var('lang_remoteservice', $LANG04[165]); $userform->set_var('lang_remoteuserdata', $LANG04[166]); $userform->set_var('remote_user_disabled', ' disabled="disabled"'); if (!($U['account_type'] & LOCAL_USER)) { $userform->set_var('pwd_disabled', $pwd_disabled); } if (!($U['account_type'] & REMOTE_USER)) { $userform->set_var('remoteuserenable', ''); } } else { $userform->set_var('remoteuserenable', ''); $userform->set_var('remoteusername', ''); $userform->set_var('remoteservice_select', ''); $userform->set_var('remote_user_checked', $remote_user_checked); $userform->set_var('remote_user_display', $remote_user_display); $userform->set_var('remote_user_disabled', ' disabled="disabled"'); } $selection = '<select id="cooktime" name="cooktime">' . LB; $selection .= COM_optionList($_TABLES['cookiecodes'], 'cc_value,cc_descr', $U['cookietimeout'], 0); $selection .= '</select>'; $userform->set_var('cooktime_selector', $selection); $userform->set_var('email_value', @htmlspecialchars($U['email'], ENT_NOQUOTES, COM_getEncodingt())); $statusarray = array(USER_ACCOUNT_AWAITING_ACTIVATION => $LANG28[43], USER_ACCOUNT_AWAITING_VERIFICATION => $LANG28[16], USER_ACCOUNT_ACTIVE => $LANG28[45]); $allow_ban = true; if (!empty($uid)) { if ($U['uid'] == $_USER['uid']) { $allow_ban = false; // do not allow to ban yourself } else { if (SEC_inGroup('Root', $U['uid'])) { // editing a Root user? $count_root_sql = "SELECT COUNT(ug_uid) AS root_count FROM {$_TABLES['group_assignments']} WHERE ug_main_grp_id = 1 GROUP BY ug_uid;"; $count_root_result = DB_query($count_root_sql); $C = DB_fetchArray($count_root_result); // how many are left? if ($C['root_count'] < 2) { $allow_ban = false; // prevent banning the last root user } } } } if ($allow_ban) { $statusarray[USER_ACCOUNT_DISABLED] = $LANG28[42]; } if ($_CONF['usersubmission'] == 1 && !empty($uid)) { $statusarray[USER_ACCOUNT_AWAITING_APPROVAL] = $LANG28[44]; } asort($statusarray); $statusselect = '<select name="userstatus" id="userstatus">'; foreach ($statusarray as $key => $value) { $statusselect .= '<option value="' . $key . '"'; if ($key == $U['status']) { $statusselect .= ' selected="selected"'; } $statusselect .= '>' . $value . '</option>' . LB; } $statusselect .= '</select><input type="hidden" name="oldstatus" value="' . $U['status'] . '"/>'; $userform->set_var('user_status', $statusselect); if (!empty($uid) && $uid > 1) { $userform->set_var('plugin_namepass_name', PLG_profileEdit($uid, 'namepass', 'name')); $userform->set_var('plugin_namepass_pwdemail', PLG_profileEdit($uid, 'namepass', 'pwdemail')); } $retval = $userform->finish($userform->parse('output', 'user')); return $retval; }
/** * Saves the user's information back to the database * * @A array User's data * */ function saveuser($A) { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE; if ($_US_VERBOSE) { COM_errorLog('**** Inside saveuser in usersettings.php ****', 1); } $reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = " . (int) $_USER['uid']); if ($reqid != $A['uid']) { DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', (int) $_USER['uid']); COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}."); return COM_refresh($_CONF['site_url'] . '/index.php'); } if (isset($_POST['merge'])) { if (COM_applyFilter($_POST['remoteuid'], true) != $_USER['uid']) { echo COM_refresh($_CONF['site_url'] . '/usersettings.php?mode=edit'); } USER_mergeAccounts(); } // If not set or possibly removed from template - initialize variable if (!isset($A['cooktime'])) { $A['cooktime'] = 0; } else { $A['cooktime'] = COM_applyFilter($A['cooktime'], true); } // If empty or invalid - set to user default // So code after this does not fail the user password required test if ($A['cooktime'] < 0) { // note that == 0 is allowed! $A['cooktime'] = $_USER['cookietimeout']; } // to change the password, email address, or cookie timeout, // we need the user's current password $account_type = DB_getItem($_TABLES['users'], 'account_type', "uid = {$_USER['uid']}"); $service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$_USER['uid']}"); if ($service == '') { $current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}"); if (!empty($A['newp']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) { if (empty($A['passwd']) || !SEC_check_hash($A['passwd'], $current_password)) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83'); } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret)) { $ret['number'] = 97; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret}"); } } } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message hander - if not numeric use default message // - if not numeric use default message if (!is_numeric($ret)) { $ret = 97; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret}"); } } } // Let plugins have a chance to decide what to do before saving the user, return errors. $msg = PLG_itemPreSave('useredit', $A['username']); if (!empty($msg)) { // need a numeric return value - otherwise use default message if (!is_numeric($msg)) { $msg = 97; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$msg}"); } // no need to filter the password as it's encoded anyway if ($_CONF['allow_username_change'] == 1) { $A['new_username'] = $A['new_username']; if (!empty($A['new_username']) && USER_validateUsername($A['new_username']) && $A['new_username'] != $_USER['username']) { $A['new_username'] = DB_escapeString($A['new_username']); if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) { if ($_CONF['allow_user_photo'] == 1) { $photo = DB_getItem($_TABLES['users'], 'photo', "uid = " . (int) $_USER['uid']); if (!empty($photo) && strstr($photo, $_USER['username']) !== false) { $newphoto = preg_replace('/' . $_USER['username'] . '/', $_USER['uid'], $photo, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; @rename($imgpath . $photo, $imgpath . $newphoto); DB_change($_TABLES['users'], 'photo', DB_escapeString($newphoto), "uid", (int) $_USER['uid']); } } DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", (int) $_USER['uid']); } else { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51'); } } } // a quick spam check with the unfiltered field contents $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1><p>'; // this is a hack, for some reason remoteservice links made SPAMX SLV check barf if (empty($service)) { $profile .= COM_createLink($A['homepage'], $A['homepage']) . '<br />'; } $profile .= $A['location'] . '<br />' . $A['sig'] . '<br />' . $A['about'] . '<br />' . $A['pgpkey'] . '</p>'; $result = PLG_checkforSpam($profile, $_CONF['spamx']); if ($result > 0) { COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $A['email'] = COM_applyFilter($A['email']); $A['email_conf'] = COM_applyFilter($A['email_conf']); $A['homepage'] = COM_applyFilter($A['homepage']); // basic filtering only $A['fullname'] = COM_truncate(trim(USER_sanitizeName($A['fullname'])), 80); $A['location'] = strip_tags($A['location']); $A['sig'] = strip_tags($A['sig']); $A['about'] = strip_tags($A['about']); $A['pgpkey'] = strip_tags($A['pgpkey']); if (!COM_isEmail($A['email'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52'); } else { if ($A['email'] !== $A['email_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78'); } else { if (emailAddressExists($A['email'], $_USER['uid'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56'); } else { if ($service == '') { if (!empty($A['newp'])) { $A['newp'] = trim($A['newp']); $A['newp_conf'] = trim($A['newp_conf']); if ($A['newp'] == $A['newp_conf'] && SEC_check_hash($A['passwd'], $current_password)) { $passwd = SEC_encryptPassword($A['newp']); DB_change($_TABLES['users'], 'passwd', DB_escapeString($passwd), "uid", (int) $_USER['uid']); if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; $token_ttl = $A['cooktime']; } else { $cooktime = 0; $token_ttl = 14400; } $ltToken = SEC_createTokenGeneral('ltc', $token_ttl); SEC_setCookie($_CONF['cookie_password'], $ltToken, time() + $cooktime); } elseif (!SEC_check_hash($A['passwd'], $current_password)) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68'); } elseif ($A['newp'] != $A['newp_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67'); } } } else { // Cookie if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; } else { $cooktime = 0; } $ltToken = SEC_createTokenGeneral('ltc', $cooktime); SEC_setCookie($_CONF['cookie_password'], $ltToken, time() + $cooktime); } if ($_US_VERBOSE) { COM_errorLog('cooktime = ' . $A['cooktime'], 1); } if ($A['cooktime'] <= 0) { $cookie_timeout = 0; $token_ttl = 14400; } else { $cookie_timeout = time() + $A['cooktime']; $token_ttl = $A['cooktime']; } SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], $cookie_timeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); DB_query("DELETE FROM {$_TABLES['tokens']} WHERE owner_id=" . (int) $_USER['uid'] . " AND urlfor='ltc'"); if ($cookie_timeout > 0) { $ltToken = SEC_createTokenGeneral('ltc', $token_ttl); SEC_setCookie($_CONF['cookie_password'], $ltToken, $cookie_timeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); } else { SEC_setCookie($_CONF['cookie_password'], '', -10000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); } if ($_CONF['allow_user_photo'] == 1) { $delete_photo = ''; if (isset($A['delete_photo'])) { $delete_photo = $A['delete_photo']; } $filename = handlePhotoUpload($delete_photo); } if (!empty($A['homepage'])) { $pos = MBYTE_strpos($A['homepage'], ':'); if ($pos === false) { $A['homepage'] = 'http://' . $A['homepage']; } else { $prot = substr($A['homepage'], 0, $pos + 1); if ($prot != 'http:' && $prot != 'https:') { $A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1); } } $A['homepage'] = DB_escapeString($A['homepage']); } $A['fullname'] = DB_escapeString($A['fullname']); $A['email'] = DB_escapeString($A['email']); $A['location'] = DB_escapeString($A['location']); $A['sig'] = DB_escapeString($A['sig']); $A['about'] = DB_escapeString($A['about']); $A['pgpkey'] = DB_escapeString($A['pgpkey']); if (!empty($filename)) { if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) { $filename = ''; } } DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout=" . (int) $A['cooktime'] . ",photo='" . DB_escapeString($filename) . "' WHERE uid=" . (int) $_USER['uid']); DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid=" . (int) $_USER['uid']); // Call custom registration save function if enabled and exists if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($_USER['uid']); } PLG_userInfoChanged((int) $_USER['uid']); // at this point, the user information has been saved, but now we're going to check to see if // the user has requested resynchronization with their remoteservice account $msg = 5; // default msg = Your account information has been successfully saved if (isset($A['resynch'])) { if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) { $modules = SEC_collectRemoteOAuthModules(); $active_service = count($modules) == 0 ? false : in_array(substr($_USER['remoteservice'], 6), $modules); if (!$active_service) { $status = -1; $msg = 115; // Remote service has been disabled. } else { require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php'; $service = substr($_USER['remoteservice'], 6); $consumer = new OAuthConsumer($service); $callback_url = $_CONF['site_url']; $consumer->setRedirectURL($callback_url); $user = $consumer->authenticate_user(); $consumer->doSynch($user); } } if ($msg != 5) { $msg = 114; // Account saved but re-synch failed. COM_errorLog($MESSAGE[$msg]); } } PLG_profileExtrasSave(); PLG_profileSave(); if ($_US_VERBOSE) { COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1); } return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=' . $msg); } } } }
/** * Shows the user their menu options * * This shows the average Joe User their menu options. This is the user block on the left side * * @param string $help Help file to show * @param string $title Title of Menu * @param string $position Side being shown on 'left', 'right'. Though blank works not likely. * @see function COM_adminMenu * */ function COM_userMenu($help = '', $title = '', $position = '') { global $_TABLES, $_USER, $_CONF, $LANG01, $LANG04, $LANG29, $_BLOCK_TEMPLATE; $retval = ''; if (!COM_isAnonUser()) { if (empty($title)) { $title = DB_getItem($_TABLES['blocks'], 'title', "name='user_block'"); } // what's our current URL? $thisUrl = COM_getCurrentURL(); $retval .= COM_startBlock($title, $help, COM_getBlockTemplate('user_block', 'header', $position), 'user_block'); $menuData = getUserMenu(); $retval .= '<div id="usermenu"><ul class="uk-list uk-list-space">'; foreach ($menuData as $item) { $retval .= '<li><a href="' . $item['url'] . '">' . $item['label'] . '</a></li>'; } $retval .= '</ul></div>'; $retval .= COM_endBlock(COM_getBlockTemplate('user_block', 'footer')); } else { $retval .= COM_startBlock($LANG01[47], $help, COM_getBlockTemplate('login_block', 'header', $position), 'login_block'); $login = new Template($_CONF['path_layout']); $login->set_file('form', 'loginform.thtml'); $login->set_var('lang_username', $LANG01[21]); $login->set_var('lang_password', $LANG01[57]); $login->set_var('lang_forgetpassword', $LANG01[119]); $login->set_var('lang_login', $LANG01[58]); if ($_CONF['disable_new_user_registration'] == 1) { $login->set_var('lang_signup', ''); } else { $login->set_var('lang_signup', $LANG01[59]); } // 3rd party remote authentication. if ($_CONF['user_login_method']['3rdparty'] && !$_CONF['usersubmission']) { $modules = SEC_collectRemoteAuthenticationModules(); if (count($modules) == 0) { $login->set_var('services', ''); } else { if (!$_CONF['user_login_method']['standard'] && count($modules) == 1) { $select = '<input type="hidden" name="service" value="' . $modules[0] . '"/>' . $modules[0]; } else { // Build select $select = '<select name="service" id="service">'; if ($_CONF['user_login_method']['standard']) { $select .= '<option value="">' . $_CONF['site_name'] . '</option>'; } foreach ($modules as $service) { $select .= '<option value="' . $service . '">' . $service . '</option>'; } $select .= '</select>'; } $login->set_file('services', 'blockservices.thtml'); $login->set_var('lang_service', $LANG04[121]); $login->set_var('select_service', $select); $login->parse('output', 'services'); $login->set_var('services', $login->finish($login->get_var('output'))); } } else { $login->set_var('services', ''); } // OpenID remote authentication. if ($_CONF['user_login_method']['openid'] && $_CONF['usersubmission'] == 0 && !$_CONF['disable_new_user_registration']) { $login->set_file('openid_login', 'loginform_openid.thtml'); $login->set_var('lang_openid_login', $LANG01[128]); $login->set_var('input_field_size', 16); $login->set_var('app_url', $_CONF['site_url'] . '/users.php'); $login->parse('output', 'openid_login'); $login->set_var('openid_login', $login->finish($login->get_var('output'))); } else { $login->set_var('openid_login', ''); } // OAuth remote authentication. if ($_CONF['user_login_method']['oauth']) { $modules = SEC_collectRemoteOAuthModules(); if (count($modules) == 0) { $login->set_var('oauth_login', ''); } else { $html_oauth = ''; foreach ($modules as $service) { $login->set_file('oauth_login', 'loginform_oauth_block.thtml'); $login->set_var('oauth_service', $service); // for sign in image $login->set_var('oauth_sign_in_image', $_CONF['site_url'] . '/images/login-with-' . $service . '.png'); $login->set_var('oauth_sign_in_image_style', ''); $login->set_var('oauth_service_display', ucwords($service)); $login->parse('output', 'oauth_login'); $html_oauth .= $login->finish($login->get_var('output')); } $login->set_var('oauth_login', $html_oauth); } } else { $login->set_var('oauth_login', ''); } $retval .= $login->finish($login->parse('output', 'form')); $retval .= COM_endBlock(COM_getBlockTemplate('login_block', 'footer', $position)); } return $retval; }