Exemplo n.º 1
0
    /**
     * Processes and outputs the Add Dir Auth user form.
     * @return void
     */
    function wpDirAuth_add_user_panel()
    {
        _log('WPDIRAUTH - function ' . __FUNCTION__ . ' activated. ');
        /**
         * Still needed?
         */
        global $id;
        /**
         * get_current_screen()->id = site-users-network will let us know if we are on the sites,edit,user tab
         */
        $strScreenID = get_current_screen()->id;
        /**
         * Are we running in a wordpress network and in the network area?
         */
        $boolIsNetworkAdminScreen = is_network_admin() && $strScreenID != 'site-users-network' ? true : false;
        /**
         * How do we refer to their SSOID?
         */
        $strMarketingSSOID = get_site_option('dirAuthMarketingSSOID', 'Username');
        $strReferer = wpDirAuth_get_referer();
        /**
         * defaults
         */
        $strWpDirAuthSSOID = '';
        $strWpDirAuthRole = '';
        $boolConfirmationEmail = true;
        $objErrors = new WP_Error();
        $strSuccess = '';
        if ($boolIsNetworkAdminScreen) {
            $arySitesData = wpDirAuth_retrieve_multisite_blog_data();
        }
        if ($_POST) {
            if (wp_verify_nonce($_POST['_wpnonce_add-da-user'], 'add-da-user')) {
                /**
                 * We gots a problem....  if they've checked all the boxes and chosen roles but forgot to enter the pawprint (it happens, you did
                 * it yourself!) then we cant rebuild the list of which sites were checked/not checked later because we're jumping out before
                 * we get to the point where we build that data.
                 */
                if (isset($_POST['ssoid']) && $_POST['ssoid'] == '') {
                    $objErrors->add('blank_ssoid', __('<p>' . $strMarketingSSOID . ' can not be left blank.</p>'));
                } else {
                    $strWpDirAuthSSOID = wpDirAuth_sanitize($_POST['ssoid']);
                    if ($boolIsNetworkAdminScreen && $strReferer != 'site-users.php') {
                        $arySitesAndRoles = array();
                        $aryValidSiteIDs = array_keys($arySitesData);
                        $aryValidRoles = array_keys(get_editable_roles());
                        _log('contents of the post in function ' . __FUNCTION__ . ' at line ' . __LINE__ . ':' . PHP_EOL . var_export($_POST, true));
                        //we SHOULD have at least one site set.
                        for ($i = 0; $i < count($arySitesData); ++$i) {
                            $strPostSite = 'site' . $i;
                            $intCountPostSite = count($_POST[$strPostSite]);
                            /**
                             * We need to make sure that the site param is set, that it's an array and that it contains at least one element, but no more than
                             * two
                             */
                            if (isset($_POST[$strPostSite]) && is_array($_POST[$strPostSite]) && $intCountPostSite > 0 && $intCountPostSite < 3) {
                                if ($intCountPostSite == 1 && is_string(current($_POST[$strPostSite]))) {
                                    /**
                                     *  If the array has only one element, then this site wasnt selected as one we want to add the user to.  but we
                                     *  need, for simplicity sake, to make the array contain two elements before we do input validation
                                     */
                                    $_POST[$strPostSite] = array('', current($_POST[$strPostSite]));
                                    /**
                                     * Since we know that the array has two elements, we'll test to make sure the siteid is valid'
                                     */
                                } elseif (!is_numeric($_POST[$strPostSite][0]) || !in_array($_POST[$strPostSite][0], $aryValidSiteIDs)) {
                                    $_POST[$strPostSite][0] = '';
                                }
                                /**
                                 *
                                 */
                                if (!in_array($_POST[$strPostSite][1], $aryValidRoles)) {
                                    $_POST[$strPostSite][1] = '';
                                }
                                /**
                                 * If we now have non-empty values for both elements, we'll add them to our array to be used for inserting the user into sites
                                 */
                                if ($_POST[$strPostSite][0] != '' && $_POST[$strPostSite][1] != '') {
                                    $arySitesAndRoles[$i] = array('blog_id' => $_POST[$strPostSite][0], 'role' => $_POST[$strPostSite][1]);
                                }
                            }
                        }
                    }
                    $strWpDirAuthRole = isset($_POST['role']) && in_array($_POST['role'], array_keys(get_editable_roles())) ? $_POST['role'] : get_site_option('default_role');
                    $intBlogID = isset($_POST['id']) && is_numeric($_POST['id']) ? intval($_POST['id']) : '';
                    if (isset($_POST['noconfirmation']) && $_POST['noconfirmation'] == 1) {
                        $boolConfirmationEmail = false;
                    }
                    if (!isset($arySitesAndRoles) || !$boolIsNetworkAdminScreen) {
                        $aryUserData = wpDirAuth_add_new_user($strWpDirAuthSSOID, $strWpDirAuthRole, $intBlogID);
                        _log('adding a standard user (' . $strWpDirAuthSSOID . ')from either inside a site, or from the edit section of a site');
                        _log('user data from newly added user is : ' . PHP_EOL . var_export($aryUserData, true) . PHP_EOL);
                    } elseif (count($arySitesAndRoles) < 1) {
                        $aryUserData = new WP_Error('no_site_role_selected', '<p>You will need to select at least one site to add this user to.</p>');
                    } else {
                        $aryUserData = wpDirAuth_add_new_user_to_multi_sites($strWpDirAuthSSOID, $arySitesAndRoles);
                        _log('adding a user (' . $strWpDirAuthSSOID . ')from the network Add Dir Auth user section');
                    }
                    if (is_wp_error($aryUserData)) {
                        //foreach($objErrors->)
                        //$mxdErrors = $aryUserData;
                        $objErrors->add($aryUserData->get_error_code(), $aryUserData->get_error_message(), $aryUserData->get_error_data());
                    } else {
                        $arySitesAddedTo = array();
                        if (isset($arySitesAndRoles) && count($arySitesAndRoles) != 0) {
                            foreach ($arySitesAndRoles as $arySiteData) {
                                $arySitesAddedTo[] = array('blogname' => $arySitesData[$arySiteData['blog_id']], 'aoran' => wpDirAuth_determine_A_or_An($arySiteData['role']), 'role' => $arySiteData['role'], 'siteurl' => get_site_url($arySiteData['blog_id'], '', 'https'));
                            }
                        } else {
                            $arySitesAddedTo[] = array('blogname' => get_site_option('blogname'), 'aoran' => wpDirAuth_determine_A_or_An($strWpDirAuthRole), 'role' => $strWpDirAuthRole, 'siteurl' => site_url());
                        }
                        /**
                         * ok, the admin has just successfully added a user to a site from the sites->edit->users tab.  Since we cant seem to
                         * redirect them back to the screen automatically, let's give them a link to go back.'
                         */
                        if ($strReferer == 'site-users.php' && $boolIsNetworkAdminScreen) {
                            $strReturnToURL = wp_get_referer();
                            $strExtraMessage = '<a href="' . $strReturnToURL . '">Return to the User tab</a> of the ' . $arySitesData[$intBlogID] . ' site.';
                        } else {
                            $strExtraMessage = '';
                        }
                        $strSuccess = wpDirAuth_construct_success_msg($strWpDirAuthSSOID, $aryUserData['ID'], $arySitesAddedTo, $strExtraMessage);
                        _log('for user ' . $strWpDirAuthSSOID . ', added them to ' . var_export($arySitesAddedTo, true) . '.');
                        if ($boolConfirmationEmail) {
                            foreach ($arySitesAddedTo as $arySiteAddedToData) {
                                $strMsg = sprintf(WPDIRAUTH_EMAIL_NEWUSER_NOTIFY, $arySiteAddedToData['blogname'], $arySiteAddedToData['aoran'], $arySiteAddedToData['role'], $strMarketingSSOID, $strWpDirAuthSSOID, $arySiteAddedToData['siteurl'] . '/wp-login.php');
                                wp_mail($aryUserData['email'], '[' . $arySiteAddedToData['blogname'] . '] You\'ve been added!', $strMsg);
                            }
                        }
                        //reset back to defaults
                        $strWpDirAuthSSOID = '';
                        $strWpDirAuthRole = '';
                        $boolConfirmationEmail = true;
                    }
                }
            } else {
                $objErrors->add('invalid-nonce', __('Invalid nonce value'));
            }
        }
        ?>
        <h3>Add New Directory Authentication User</h3>
        <?php 
        if (count($objErrors->errors) != 0) {
            wpDirAuth_print_error_messages($objErrors);
        } elseif ($strSuccess != '') {
            echo $strSuccess;
        }
        ?>
      <p><?php 
        _e('Add a directory authenticated user to this site/network');
        ?>
</p>
        <p><?php 
        _e('Please note: Your LDAP/AD instance must allow anonymous profile searches, or you must provide a pre-bind account/password in the <a href="options-general.php?page=' . basename(__FILE__) . '">Directory Auth settings page.</a>');
        ?>
</p>

        <form action="<?php 
        if (isset($strScreenID) && $strScreenID == 'site-users-network') {
            echo 'users.php?page=wpDirAuth';
        }
        ?>
" method="post" name="adddauser" id="createuser" class="add:users: validate"<?php 
        do_action('user_new_form_tag');
        ?>
>
            <?php 
        if (isset($id) && $id != '' && is_multisite()) {
            echo '<input type="hidden" name="id" value="', $id, '" />', PHP_EOL;
        }
        ?>
            <input name="action" type="hidden" value="add-da-user" />
            <?php 
        wp_nonce_field('add-da-user', '_wpnonce_add-da-user');
        ?>
            <table class="form-table">
                <tr class="form-field form-required">
                    <th scope="row">
                        <label for="ssoid"><?php 
        _e($strMarketingSSOID . '/SSOID');
        ?>
 <span class="description"><?php 
        _e('(required)');
        ?>
</span></label>
                    </th>
                    <td>
                        <input name="ssoid" type="text" id="ssoid" value="<?php 
        echo esc_attr($strWpDirAuthSSOID);
        ?>
" aria-required="true" />
                    </td>
                </tr>
                <?php 
        if ($boolIsNetworkAdminScreen) {
            ?>
                    <tr class="form-field">
                        <th scope="row"><label for="blogs"><?php 
            _e('Site');
            ?>
</label></th>
                        <th><label for="role"><?php 
            _e('Role');
            ?>
</label></th>
                    </tr>
                    <?php 
            $i = 0;
            foreach ($arySitesData as $intSiteID => $strSiteName) {
                $boolChecked = false;
                if (isset($arySitesAndRoles[$i])) {
                    $aryFormSiteData = $arySitesAndRoles[$i];
                } elseif (isset($_POST['site' . $i])) {
                    $aryFormSiteData = $_POST['site' . $i];
                } else {
                    $aryFormSiteData = array();
                }
                _log('aryFormSiteData at line ' . __LINE__ . ': ' . var_export($aryFormSiteData, true));
                /**
                 * We are working on the assumption that there are either ALWAYS two elements in aryformSiteData or the array is empty.
                 * If the first element in the array isnt empty, then the current site needs to be checked
                 */
                if (reset($aryFormSiteData) != '') {
                    $boolChecked = true;
                }
                /**
                 * If the last element (eg second, role) isnt empty, then we want to select it from the list
                 */
                $strRoleSelected = end($aryFormSiteData) != '' ? current($aryFormSiteData) : '';
                echo '<tr>
                            <td>
                                <input name="site' . $i . '[]" value="' . $intSiteID . '" id="blog_' . $intSiteID . '" type="checkbox"';
                if ($boolChecked) {
                    echo ' checked="checked"';
                }
                echo ' />&nbsp;&nbsp;' . $strSiteName . '
                            </td>
                            <td>
                                <select name="site' . $i . '[]" id="role_' . $intSiteID . '">';
                wp_dropdown_roles($strRoleSelected);
                echo PHP_EOL, '</select>
                        </td>
                    </tr>';
                ++$i;
            }
            ?>
                <?php 
        } else {
            ?>
                    <tr class="form-field">
                        <th scope="row"><label for="role"><?php 
            _e('Role');
            ?>
</label></th>
                        <td><select name="role" id="role">
                                <?php 
            $strCurrentRole = empty($strWpDirAuthRole) ? get_site_option('default_role') : $strWpDirAuthRole;
            wp_dropdown_roles($strCurrentRole);
            ?>
                            </select>
                        </td>
                    </tr>
                <?php 
        }
        ?>
                <tr>
                    <th scope="row"><label for="noconfirmation"><?php 
        _e('Skip Confirmation Email');
        ?>
</label></th>
                    <td><label for="noconfirmation"><input type="checkbox" name="noconfirmation" id="noconfirmation" value="1"  <?php 
        checked(!$boolConfirmationEmail);
        ?>
 /> <?php 
        _e('Add the user without sending them a confirmation email.');
        ?>
</label></td>
                </tr>
            </table>

            <?php 
        submit_button(__('Add New User '), 'primary', 'createuser', true, array('id' => 'createusersub'));
        ?>

        </form>

    <?php 
    }
Exemplo n.º 2
0
    /**
     * wpDirAuth plugin configuration panel.
     * Processes and outputs the wpDirAuth configuration form.
     * 
     * @return void
     * 
     * @uses WPDIRAUTH_DEFAULT_FILTER
     * @uses WPDIRAUTH_DEFAULT_LOGINSCREENMSG
     * @uses WPDIRAUTH_DEFAULT_CHANGEPASSMSG
     * @uses WPDIRAUTH_ALLOWED_TAGS
     * @uses wpDirAuth_makeCookieMarker
     * @uses wpDirAuth_sanitize
     */
    function wpDirAuth_optionsPanel()
    {
        global $userdata;
        $wpDARef = WPDIRAUTH_SIGNATURE;
        $allowedHTML = htmlentities(WPDIRAUTH_ALLOWED_TAGS);
        $curUserIsDirUser = get_usermeta($userdata->ID, 'wpDirAuthFlag');
        if ($curUserIsDirUser) {
            echo <<<____________EOS
            <div class="wrap">
                <h2>Directory Authentication Options</h2>
                <p>
                    Because any changes made to directory authentication
                    options can adversly affect your session when logged in
                    as a directory user, you must be logged in as a
                    WordPress-only administrator user to update these settings.
                </p>
                <p>
                    If such a user no longer exists in the database, please
                    <a href="./users.php#add-new-user">create a new one</a>
                    using the appropriate WordPress admin tool.
                </p>
                <p>{$wpDARef}</p>
            </div>        
____________EOS;
            return;
        }
        if ($_POST) {
            // Booleans
            $enable = intval($_POST['dirAuthEnable']) == 1 ? 1 : 0;
            $enableSsl = intval($_POST['dirAuthEnableSsl']) == 1 ? 1 : 0;
            $requireSsl = intval($_POST['dirAuthRequireSsl']) == 1 ? 1 : 0;
            $TOS = intval($_POST['dirAuthTOS']) == 1 ? 1 : 0;
            // Strings, no HTML
            $controllers = wpDirAuth_sanitize($_POST['dirAuthControllers']);
            $baseDn = wpDirAuth_sanitize($_POST['dirAuthBaseDn']);
            $preBindUser = wpDirAuth_sanitize($_POST['dirAuthPreBindUser']);
            $preBindPassword = wpDirAuth_sanitize($_POST['dirAuthPreBindPassword']);
            $preBindPassCheck = wpDirAuth_sanitize($_POST['dirAuthPreBindPassCheck']);
            $accountSuffix = wpDirAuth_sanitize($_POST['dirAuthAccountSuffix']);
            $filter = wpDirAuth_sanitize($_POST['dirAuthFilter']);
            $institution = wpDirAuth_sanitize($_POST['dirAuthInstitution']);
            // Have to be allowed to contain some HTML
            $loginScreenMsg = wpDirAuth_sanitize($_POST['dirAuthLoginScreenMsg'], true);
            $changePassMsg = wpDirAuth_sanitize($_POST['dirAuthChangePassMsg'], true);
            update_option('dirAuthEnable', $enable);
            update_option('dirAuthEnableSsl', $enableSsl);
            update_option('dirAuthRequireSsl', $requireSsl);
            update_option('dirAuthControllers', $controllers);
            update_option('dirAuthBaseDn', $baseDn);
            update_option('dirAuthPreBindUser', $preBindUser);
            update_option('dirAuthAccountSuffix', $accountSuffix);
            update_option('dirAuthFilter', $filter);
            update_option('dirAuthInstitution', $institution);
            update_option('dirAuthLoginScreenMsg', $loginScreenMsg);
            update_option('dirAuthChangePassMsg', $changePassMsg);
            update_option('dirAuthTOS', $TOS);
            // Only store/override the value if a new one is being sent a bind user is set.
            if ($preBindUser && $preBindPassword && $preBindPassCheck == $preBindPassword) {
                update_option('dirAuthPreBindPassword', $preBindPassword);
            } elseif (!$preBindUser) {
                update_option('dirAuthPreBindPassword', '');
            }
            if (get_option('dirAuthEnable') && !get_option('dirAuthCookieMarker')) {
                wpDirAuth_makeCookieMarker();
            }
            echo '<div id="message" class="updated fade"><p>Your new settings were saved successfully.</p></div>';
            // Be sure to clear $preBindPassword, not to be displayed onscreen or in source
            unset($preBindPassword);
        } else {
            // Booleans
            $enable = intval(get_option('dirAuthEnable')) == 1 ? 1 : 0;
            $enableSsl = intval(get_option('dirAuthEnableSsl')) == 1 ? 1 : 0;
            $requireSsl = intval(get_option('dirAuthRequireSsl')) == 1 ? 1 : 0;
            $TOS = intval(get_option('dirAuthTOS')) == 1 ? 1 : 0;
            // Strings, no HTML
            $controllers = wpDirAuth_sanitize(get_option('dirAuthControllers'));
            $baseDn = wpDirAuth_sanitize(get_option('dirAuthBaseDn'));
            $preBindUser = wpDirAuth_sanitize(get_option('dirAuthPreBindUser'));
            $accountSuffix = wpDirAuth_sanitize(get_option('dirAuthAccountSuffix'));
            $filter = wpDirAuth_sanitize(get_option('dirAuthFilter'));
            $institution = wpDirAuth_sanitize(get_option('dirAuthInstitution'));
            // Have to be allowed to contain some HTML
            $loginScreenMsg = wpDirAuth_sanitize(get_option('dirAuthLoginScreenMsg'), true);
            $changePassMsg = wpDirAuth_sanitize(get_option('dirAuthChangePassMsg'), true);
        }
        $controllers = htmlspecialchars($controllers);
        $baseDn = htmlspecialchars($baseDn);
        $preBindUser = htmlspecialchars($preBindUser);
        $accountSuffix = htmlspecialchars($accountSuffix);
        $filter = htmlspecialchars($filter);
        $institution = htmlspecialchars($institution);
        $loginScreenMsg = htmlspecialchars($loginScreenMsg);
        $changePassMsg = htmlspecialchars($changePassMsg);
        if ($enable) {
            $tEnable = "checked";
        } else {
            $fEnable = "checked";
        }
        $defaultFilter = WPDIRAUTH_DEFAULT_FILTER;
        if (!$filter) {
            $filter = $defaultFilter;
        }
        if (!$institution) {
            $institution = '[YOUR INSTITUTION]';
        }
        if (!$loginScreenMsg) {
            $loginScreenMsg = sprintf(WPDIRAUTH_DEFAULT_LOGINSCREENMSG, $institution);
        }
        if (!$changePassMsg) {
            $changePassMsg = sprintf(WPDIRAUTH_DEFAULT_CHANGEPASSMSG, $institution);
        }
        if ($enableSsl) {
            $tSsl = "checked";
        } else {
            $fSsl = "checked";
        }
        if ($requireSsl) {
            $tWpSsl = "checked";
        } else {
            $fWpSsl = "checked";
        }
        if ($TOS) {
            $tTOS = "checked";
        } else {
            $fTOS = "checked";
        }
        $wpDAV = WPDIRAUTH_VERSION;
        echo <<<________EOS
        <div class="wrap">
            <h2>Directory Authentication Options</h2>
            <form method="post" id="dir_auth_options">
                <p class="submit"><input type="submit" name="dirAuthOptionsSave" value="Update Options &raquo;" /></p>
                <fieldset class="options">
                    <legend>WordPress Settings</legend>  
                    <ul>
                        <li>
                            <label for="dirAuthEnable"><strong>Enable Directory Authentication?</strong></label>
                            <br />
                            <input type="radio" name="dirAuthEnable" value="1" {$tEnable} /> Yes &nbsp;
                            <input type="radio" name="dirAuthEnable" value="0" {$fEnable} /> No
                            <br />
                            <strong>Note 1</strong>: Users created in WordPress are not affected by your directory authentication settings.
                            <br />
                            <strong>Note 2</strong>: You will still be able to login with standard WP users if the LDAP server(s) go offline.
                            </li>
                        <li>
                            <label for="dirAuthRequireSsl"><strong>Require SSL Login?</strong></label>
                            <br />
                            <input type="radio" name="dirAuthRequireSsl" value="1" {$tWpSsl}/> Yes &nbsp;
                            <input type="radio" name="dirAuthRequireSsl" value="0" {$fWpSsl}/> No
                            <br />
                            <em>Force the WordPress login screen to require encryption (SSL, https:// URL)?</em>
                        </li>
                    </ul>
                </fieldset>
                <fieldset class="options">
                    <legend>Directory Settings</legend>
                    <ul>
                        <li>
                            <label for="dirAuthEnableSsl"><strong>Enable SSL Connectivity?</strong></label>
                            <br />
                            <input type="radio" name="dirAuthEnableSsl" value="1" {$tSsl}/> Yes &nbsp;
                            <input type="radio" name="dirAuthEnableSsl" value="0" {$fSsl}/> No
                            <br />
                            <em>Use encryption (SSL, ldaps:// URL) when WordPress connects to the directory server(s)?</em>
                        </li>
                        <li>
                            <label for="dirAuthControllers"><strong>Directory Servers (Domain Controllers)</strong></label>
                            <br />
                            <input type="text" name="dirAuthControllers" value="{$controllers}" size="40"/><br />
                            <em>The DNS name or IP address of the directory server(s).</em><br />
                            <strong>NOTE:</strong> Separate multiple entries by a comma and/or alternate ports with a colon (eg: my.server1.org, my.server2.edu:387).
                            Unfortunately, alternate ports will be ignored when using LDAP/SSL, because of <a href="http://ca3.php.net/ldap_connect">the way</a> PHP handles the protocol.
                            
                        </li>
                        <li>
                            <label for="dirAuthFilter"><strong>Account Filter</strong></label>
                            <br />
                            <input type="text" name="dirAuthFilter" value="{$filter}" size="40"/>
                            (Defaults to <em>{$defaultFilter}</em>) 
                            <br />
                            <em>What LDAP field should we search the username against to locate the user's profile after successful login?</em>
                        </li>
                        <li>
                            <label for="dirAuthAccountSuffix"><strong>Account Suffix</strong></label>
                            <br />
                            <input type="text" name="dirAuthAccountSuffix" value="{$accountSuffix}" size="40" /><br />
                            <em>Suffix to be automatically appended to the username if desired. e.g. @domain.com</em><br />
                            <strong>NOTE:</strong> Changing this value will cause your existing directory users to have new accounts created the next time they login.
                        </li>
                        <li>
                            <label for="dirAuthBaseDn"><strong>Base DN</strong></label>
                            <br />
                            <input type="text" name="dirAuthBaseDn" value="{$baseDn}" size="40"/><br />
                            <em>The base DN for carrying out LDAP searches.</em>
                        </li>
                        <li>
                            <label for="dirAuthPreBindUser"><strong>Bind DN</strong></label>
                            <br />
                            <input type="text" name="dirAuthPreBindUser" value="{$preBindUser}" size="40"/><br />
                            <em>Enter a valid user account/DN to pre-bind with if your LDAP server does not allow anonymous profile searches, or requires a user with specific privileges to search.</em>
                        </li>
                        <li>
                            <label for="dirAuthPreBindPassword"><strong>Bind Password</strong></label>
                            <br />
                            <input type="password" name="dirAuthPreBindPassword" value="" size="40"/><br />
                            <em>Enter a password for the above Bind DN if a value is needed.</em><br />
                            <strong>Note 1</strong>: this value will be stored in clear text in your WordPress database.<br />
                            <strong>Note 2</strong>: Simply clear the Bind DN value if you wish to delete the stored password altogether.
                        </li>
                        <li>
                            <label for="dirAuthPreBindPassCheck"><strong>Confirm Password</strong></label>
                            <br />
                            <input type="password" name="dirAuthPreBindPassCheck" value="" size="40"/><br />
                            <em>Confirm the above Bind Password if you are setting a new value.</em>
                        </li>
                    </ul>
                </fieldset>
                <fieldset class="options">
                    <legend>Branding Settings</legend>
                    <ul>
                        <li>
                            <label for="dirAuthInstitution"><strong>Institution Name</strong></label>
                            <br />
                            <input type="text" name="dirAuthInstitution" value="{$institution}" size="40" />
                            <br />
                            <em>Name of your institution/company. Displayed on the login screen.</em>
                        </li>
                        <li>
                            <label for="dirAuthLoginScreenMsg"><strong>Login Screen Message</strong></label>
                            <br />
                            <textarea name="dirAuthLoginScreenMsg" cols="40" rows="3">{$loginScreenMsg}</textarea>
                            <br />
                            <em>Displayed on the login screen, underneath the username/password fields.</em><br />
                            <strong>Note</strong>: Some HTML allowed: {$allowedHTML}
                        </li>
                        <li>
                            <label for="dirAuthChangePassMsg"><strong>Password Change Message</strong></label>
                            <br />
                            <textarea name="dirAuthChangePassMsg" cols="40" rows="3">{$changePassMsg}</textarea>
                            <br />
                            <em>Displayed wherever user passwords can be changed, for directory users only.</em><br />
                            <strong>Note</strong>: Some HTML allowed: {$allowedHTML}
                            
                        </li>
                        <li>
                            <label for="dirAuthTOS"><strong>Terms of Services Agreement</strong></label>
                            <br />
                            <input type="radio" name="dirAuthTOS" value="1" {$tTOS}/> Yes &nbsp;
                            <input type="radio" name="dirAuthTOS" value="0" {$fTOS}/> No
                            <br />
                            <em>Ask directory users to agree to terms of services that you link to in the message above?</em><br />
                            <strong>Note</strong>: Checkbox disappears once checked, date of agreement is stored and users are no longer prompted.
                        </li>
                        </ul>
                </fieldset>
                <p class="submit"><input type="submit" name="dirAuthOptionsSave" value="Update Options &raquo;" /></p>
            </form>
            <p>Powered by {$wpDARef}.</p>
        </div>
________EOS;
    }