public function ProcessBBAction()
{
global $bb_widget, $bb_widget_id, $bb_account, $bb_revision_num, $g_bb_content_shortcodes, $g_bb_content_security, $g_bb_content_security_path;
if (!BB_IsMemberOfPageGroup("_p")) {
exit;
}
if ($bb_account["type"] == "dev" && $_REQUEST["bb_action"] == "bb_content_configure_security_submit") {
BB_RunPluginAction("pre_bb_content_configure_security_submit");
// Rebuild the security context array.
$g_bb_content_security = array();
foreach ($g_bb_content_shortcodes as $sname => $info) {
if (isset($info["security"])) {
foreach ($info["security"] as $key => $desc) {
$key2 = $sname . "|" . $key;
if (isset($_REQUEST[$key2]) && $_REQUEST[$key2] != "" && ($_REQUEST[$key2] == "content" || $_REQUEST[$key2] == "design" || $_REQUEST[$key2] == "dev")) {
if (!isset($g_bb_content_security[$sname])) {
$g_bb_content_security[$sname] = array();
}
$g_bb_content_security[$sname][$key] = $_REQUEST[$key2];
}
}
}
}
// Save security contexts.
$data = "<" . "?php\n\t\$g_bb_content_security = " . BB_CreatePHPStorageData($g_bb_content_security) . ";\n?" . ">";
if (BB_WriteFile($g_bb_content_security_path, $data) === false) {
BB_PropertyFormError("Unable to save the shortcode security options.");
}
?>
<div class="success"><?php
echo htmlspecialchars(BB_Translate("Global shortcode security options updated."));
?>
</div>
<script type="text/javascript">
window.parent.CloseProperties();
window.parent.ReloadIFrame();
</script>
<?php
BB_RunPluginAction("post_bb_content_configure_security_submit");
} else {
if ($bb_account["type"] == "dev" && $_REQUEST["bb_action"] == "bb_content_configure_security") {
BB_RunPluginAction("pre_bb_content_configure_security");
$options = array("title" => "Configure Global Shortcode Security", "desc" => "Configure the global shortcode display options based on login account type.", "fields" => array(), "submit" => "Save", "focus" => true);
foreach ($g_bb_content_shortcodes as $sname => $info) {
if (isset($info["security"])) {
foreach ($info["security"] as $key => $desc) {
if ($key == "") {
$options["fields"][] = array("title" => $desc[0], "type" => "select", "name" => $sname . "|" . $key, "options" => array("dev" => "Developers only", "design" => "Developers and Web Designers", "content" => "Everyone"), "select" => isset($g_bb_content_security[$sname]) && isset($g_bb_content_security[$sname][$key]) ? $g_bb_content_security[$sname][$key] : "", "desc" => $desc[1]);
} else {
$options["fields"][] = array("title" => $desc[0], "type" => "select", "name" => $sname . "|" . $key, "options" => array("" => "None", "content" => "Content Editors only", "design" => "Web Designers and Content Editors", "dev" => "Everyone"), "select" => isset($g_bb_content_security[$sname]) && isset($g_bb_content_security[$sname][$key]) ? $g_bb_content_security[$sname][$key] : "", "desc" => $desc[1]);
}
}
}
}
BB_RunPluginActionInfo("bb_content_configure_security_options", $options);
BB_PropertyForm($options);
BB_RunPluginAction("post_bb_content_configure_security");
} else {
if ($_REQUEST["bb_action"] == "bb_content_edit_load") {
BB_RunPluginAction("pre_bb_content_edit_load");
if (isset($bb_widget->body)) {
echo rawurlencode(UTF8::ConvertToHTML($bb_widget->body));
} else {
echo rawurlencode("<p></p>");
}
BB_RunPluginAction("post_bb_content_edit_load");
} else {
if ($_REQUEST["bb_action"] == "bb_content_edit_save") {
BB_RunPluginAction("pre_bb_content_edit_save");
$options = array("shortcodes" => true, "shortcode_placeholder" => "bb_content_shortcode_placeholder", "shortcode_ids" => array());
$shortcodes = $bb_widget->shortcodes;
$base = "wid_" . htmlspecialchars($bb_widget_id) . "_";
foreach ($shortcodes as $num => $shortcode) {
$options["shortcode_ids"][$base . $num] = isset($shortcode["_sn"]) && isset($g_bb_content_shortcodes[$shortcode["_sn"]]) ? htmlspecialchars($g_bb_content_shortcodes[$shortcode["_sn"]]["mainicon"]) : "";
}
$bb_widget->body = BB_HTMLPurifyForWYMEditor($_REQUEST["content"], $options);
if (!$this->RegenerateContent(true)) {
echo htmlspecialchars(BB_Translate("Unable to save content. Try again."));
} else {
echo "OK\n";
echo "<script type=\"text/javascript\">ReloadIFrame();</script>";
}
BB_RunPluginAction("post_bb_content_edit_save");
} else {
if ($_REQUEST["bb_action"] == "bb_content_edit_add_shortcode" && BB_IsSecExtraOpt("sname")) {
BB_RunPluginAction("pre_bb_content_edit_add_shortcode");
if (!isset($_REQUEST["sname"]) || !isset($g_bb_content_shortcodes[$_REQUEST["sname"]])) {
?>
<script type="text/javascript">
alert('<?php
echo htmlspecialchars(BB_JSSafe(BB_Translate("Shortcode handler not found.")));
?>
');
</script>
<?php
} else {
if (!$this->IsShortcodeAllowed($_REQUEST["sname"], "")) {
?>
<script type="text/javascript">
alert('<?php
echo htmlspecialchars(BB_JSSafe(BB_Translate("Shortcode access denied.")));
?>
');
</script>
<?php
} else {
$sname = $_REQUEST["sname"];
$sid = count($bb_widget->shortcodes);
$bb_widget->shortcodes[] = array("_sn" => $sname, "_id" => $sid);
if (!BB_SaveLangPage($bb_revision_num)) {
?>
<script type="text/javascript">
alert('<?php
echo htmlspecialchars(BB_JSSafe(BB_Translate("Unable to add a new %s.", $g_bb_content_shortcodes[$sname]["name"])));
?>
');
</script>
<?php
} else {
?>
<script type="text/javascript">
InsertWYMEditorContent('contenteditor', 'wid_<?php
echo BB_JSSafe($bb_widget_id);
?>
', '<img id="wid_<?php
echo BB_JSSafe($bb_widget_id);
?>
_<?php
echo $sid;
?>
" class="bb_content_shortcode_placeholder" src="<?php
echo htmlspecialchars(BB_JSSafe($g_bb_content_shortcodes[$sname]["mainicon"]));
?>
" />');
</script>
<?php
}
}
}
BB_RunPluginAction("post_bb_content_edit_add_shortcode");
} else {
if ($_REQUEST["bb_action"] == "bb_content_edit_edit_shortcode" && (!isset($_REQUEST["sc_action"]) || BB_IsSecExtraOpt("sid") && BB_IsSecExtraOpt("sc_action"))) {
BB_RunPluginAction("pre_bb_content_edit_edit_shortcode");
if (!isset($_REQUEST["sid"])) {
BB_PropertyFormLoadError("Shortcode ID not specified.");
}
$sid = $_REQUEST["sid"];
$pos = strrpos($sid, "_");
if ($pos !== false) {
$sid = substr($sid, $pos + 1);
}
$sid = (int) $sid;
if (!isset($bb_widget->shortcodes[$sid]) || !isset($bb_widget->shortcodes[$sid]["_sn"])) {
BB_PropertyFormLoadError("Invalid shortcode ID.");
}
$sname = $bb_widget->shortcodes[$sid]["_sn"];
if (!isset($g_bb_content_shortcodes[$sname])) {
BB_PropertyFormLoadError("Shortcode handler not found.");
}
if (!$this->IsShortcodeAllowed($sname, "")) {
BB_PropertyFormLoadError("Shortcode access denied.");
}
if (!isset($_REQUEST["sc_action"])) {
$_REQUEST["sc_action"] = $sname . "_configure";
}
$shortcode = "bb_content_shortcode_" . $sname;
$shortcode = new $shortcode();
$this->currsid = $sid;
$shortcode->ProcessShortcodeBBAction($this);
BB_RunPluginAction("post_bb_content_edit_edit_shortcode");
} else {
if ($_REQUEST["bb_action"] == "bb_content_edit") {
BB_RunPluginAction("pre_bb_content_edit");
?>
<script type="text/javascript">
html = '<style type="text/css">\n';
<?php
foreach ($g_bb_content_shortcodes as $sname => $info) {
$sname2 = preg_replace('/[^A-Za-z0-9_]/', "_", trim($sname));
?>
html += '.wym_skin_barebones .wym_buttons li.wym_tools_custom_<?php
echo htmlspecialchars(BB_JSSafe($sname2));
?>
a { background-image: url(<?php
echo htmlspecialchars(BB_JSSafe($info["toolbaricon"]));
?>
); background-repeat: no-repeat; }\n';
<?php
}
?>
html += '</style>\n';
$("head").append(html);
window.bb_content_WYMEditorPostInit = function(eid, id, wym) {
<?php
foreach ($g_bb_content_shortcodes as $sname => $info) {
if ($this->IsShortcodeAllowed($sname, "")) {
$sname2 = preg_replace('/[^A-Za-z0-9_]/', "_", trim($sname));
?>
var html = '<li class="wym_tools_custom_<?php
echo htmlspecialchars(BB_JSSafe($sname2));
?>
"><a name="<?php
echo htmlspecialchars(BB_JSSafe($info["name"]));
?>
" href="#"><?php
echo htmlspecialchars(BB_JSSafe($info["name"]));
?>
</a></li>';
$(wym._box).find(wym._options.toolsSelector + wym._options.toolsListSelector).append(html);
$(wym._box).find('li.wym_tools_custom_<?php
echo BB_JSSafe($sname2);
?>
a').click(function() {
$('#' + eid + '_loader').load(Gx__URLBase, <?php
echo BB_CreateWidgetPropertiesJS("bb_content_edit_add_shortcode", array("sname" => $sname), true);
?>
);
return false;
});
<?php
}
}
?>
$(wym._doc).bind('dblclick', function(e) {
if (e.target.tagName == 'IMG' && $(e.target).hasClass('bb_content_shortcode_placeholder') && typeof(e.target.id) == 'string' && e.target.id != '')
{
window.parent.LoadProperties({ 'bb_action' : 'bb_content_edit_edit_shortcode', 'wid' : '<?php
echo BB_JSSafe($bb_widget_id);
?>
', 'sid' : e.target.id, 'bbt' : '<?php
echo BB_JSSafe(BB_CreateSecurityToken("bb_content_edit_edit_shortcode", $bb_widget_id));
?>
' });
}
});
}
if (typeof(window.parent.CreateWYMEditorInstance) != 'function')
{
window.bb_content_ClosedAllContent = function(eid) {
setTimeout(function() { DestroyWYMEditorInstance(eid); $('#' + eid).hide(); }, 250);
}
}
window.parent.LoadConditionalScript(Gx__RootURL + '/' + Gx__SupportPath + '/editcontent.js?_=20090725', true, function(loaded) {
return ((!loaded && typeof(window.CreateWYMEditorInstance) == 'function') || (loaded && !IsConditionalScriptLoading()));
}, function(params) {
$('#contenteditor').show();
var fileopts = {
loadurl : Gx__URLBase,
loadparams : <?php
echo BB_CreateWidgetPropertiesJS("bb_content_edit_load", array(), true);
?>
,
id : 'wid_<?php
echo BB_JSSafe($bb_widget_id);
?>
',
display : '<?php
echo BB_JSSafe($bb_widget->_f);
?>
',
saveurl : Gx__URLBase,
saveparams : <?php
echo BB_CreateWidgetPropertiesJS("bb_content_edit_save", array(), true);
?>
,
wymtoolbar : 'bold,italic,superscript,subscript,pasteword,undo,redo,createlink,unlink,insertorderedlist,insertunorderedlist,indent,outdent',
wymeditorpostinit : bb_content_WYMEditorPostInit
};
var editopts = {
ismulti : true,
closelast : bb_content_ClosedAllContent,
width : '100%',
height : '300px'
};
CreateWYMEditorInstance('contenteditor', fileopts, editopts);
});
window.parent.CloseProperties2(false);
</script>
<?php
BB_RunPluginAction("post_bb_content_edit");
} else {
if (isset($_REQUEST["action"])) {
// Pass other requests onto the shortcode action handler.
if (isset($_REQUEST["sid"])) {
$sid = (int) $_REQUEST["sid"];
if (isset($bb_widget->shortcodes[$sid]) && isset($bb_widget->shortcodes[$sid]["_sn"])) {
$sname = $bb_widget->shortcodes[$sid]["_sn"];
if (isset($g_bb_content_shortcodes[$sname])) {
$shortcode = "bb_content_shortcode_" . $sname;
$shortcode = new $shortcode();
$this->currsid = $sid;
$shortcode->ProcessShortcodeAction($this);
}
}
}
}
}
}
}
}
}
}
}
}
function BB_ProcessPageToken($name)
{
// Check the security token. If it doesn't exist, load the main page.
if (isset($_REQUEST[$name]) && (!isset($_REQUEST["sec_t"]) || $_REQUEST["sec_t"] != BB_CreateSecurityToken($_REQUEST[$name], isset($_REQUEST["sec_extra"]) ? $_REQUEST["sec_extra"] : ""))) {
echo BB_Translate("Invalid security token.");
exit;
}
}
public function Config()
{
global $sso_rng, $sso_db, $sso_db_users, $sso_site_admin, $sso_settings, $sso_menuopts, $sso_select_fields, $g_sso_login_modules;
$sso_db_sso_login_users = SSO_DB_PREFIX . "p_sso_login_users";
if ($sso_site_admin && $sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "config") {
if (isset($_REQUEST["configsave"])) {
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
$_REQUEST["username_blacklist"] = trim($_REQUEST["username_blacklist"]);
$_REQUEST["username_minlen"] = (int) $_REQUEST["username_minlen"];
if ($_REQUEST["username_minlen"] < 1) {
BB_SetPageMessage("error", "The 'Minimum Username Length' field contains an invalid value.");
}
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$_REQUEST["email_verify_msg"] = trim($_REQUEST["email_verify_msg"]);
$_REQUEST["email_recover_msg"] = trim($_REQUEST["email_recover_msg"]);
if ($_REQUEST["email_verify_msg"] != "" && stripos($_REQUEST["email_verify_msg"], "@VERIFY@") === false) {
BB_SetPageMessage("error", "The 'Verify E-mail Message' field does not contain '@VERIFY@'.");
} else {
if ($_REQUEST["email_recover_msg"] != "" && stripos($_REQUEST["email_recover_msg"], "@VERIFY@") === false) {
BB_SetPageMessage("error", "The 'Recovery E-mail Message' field does not contain '@VERIFY@'.");
}
}
define("CS_TRANSLATE_FUNC", "BB_Translate");
require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/smtp.php";
if ($_REQUEST["email_verify_from"] != "") {
$email = SMTP::MakeValidEmailAddress($_REQUEST["email_verify_from"]);
if (!$email["success"]) {
BB_SetPageMessage("error", BB_Translate("The e-mail address '%s' is invalid. %s", $_REQUEST["email_verify_from"], $email["error"]));
} else {
if ($email["email"] != trim($_REQUEST["email_verify_from"])) {
BB_SetPageMessage("info", BB_Translate("Invalid e-mail address. Perhaps you meant '%s' instead?", $email["email"]));
}
$_REQUEST["email_verify_from"] = $email["email"];
}
}
if ($_REQUEST["email_recover_from"] != "") {
$email = SMTP::MakeValidEmailAddress($_REQUEST["email_recover_from"]);
if (!$email["success"]) {
BB_SetPageMessage("error", BB_Translate("The e-mail address '%s' is invalid. %s", $_REQUEST["email_recover_from"], $email["error"]));
} else {
if ($email["email"] != trim($_REQUEST["email_recover_from"])) {
BB_SetPageMessage("info", BB_Translate("Invalid e-mail address. Perhaps you meant '%s' instead?", $email["email"]));
}
$_REQUEST["email_recover_from"] = $email["email"];
}
}
}
$_REQUEST["two_factor_order"] = (int) $_REQUEST["two_factor_order"];
$_REQUEST["password_minlen"] = (int) $_REQUEST["password_minlen"];
$_REQUEST["password_mintime"] = (int) $_REQUEST["password_mintime"];
if ($_REQUEST["two_factor_order"] < 0) {
BB_SetPageMessage("error", "The 'Two-Factor Authentication Display Order' field contains an invalid value.");
} else {
if ($_REQUEST["password_minlen"] < 0) {
BB_SetPageMessage("error", "The 'Minimum Password Length' field contains an invalid value.");
} else {
if ($_REQUEST["password_mintime"] < 50) {
BB_SetPageMessage("error", "The 'Minimum Password Time' field contains an invalid value. Must be at least 50 milliseconds.");
} else {
if ($_REQUEST["password_mintime"] > 5000) {
BB_SetPageMessage("error", "The 'Minimum Password Time' field contains an invalid value. Must be less than 5000 milliseconds (5 seconds).");
}
}
}
}
foreach ($g_sso_login_modules as $key => $info) {
if ($_REQUEST[$key . "__a"] < 1) {
$sso_settings["sso_login"]["modules"][$key]["_a"] = false;
}
if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
$module = "sso_login_module_" . $key;
$instance = new $module();
if ($instance->DefaultOrder() !== false) {
if ((int) $_REQUEST[$key . "__s"] < 0) {
BB_SetPageMessage("error", BB_Translate("The '%s Module Display Order' field contains an invalid value.", $info["name"]));
} else {
$sso_settings["sso_login"]["modules"][$key]["_s"] = $_REQUEST[$key . "__s"];
}
}
$instance->ConfigSave();
}
$sso_settings["sso_login"]["modules"][$key]["_a"] = $_REQUEST[$key . "__a"] > 0;
}
$sso_settings["sso_login"]["iprestrict"] = SSO_ProcessIPFields();
if (BB_GetPageMessageType() != "error") {
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
$sso_settings["sso_login"]["map_username"] = SSO_IsField($_REQUEST["map_username"]) ? $_REQUEST["map_username"] : "";
$sso_settings["sso_login"]["username_minlen"] = $_REQUEST["username_minlen"];
$sso_settings["sso_login"]["username_blacklist"] = $_REQUEST["username_blacklist"];
$sso_settings["sso_login"]["change_username"] = $_REQUEST["change_username"] > 0;
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$sso_settings["sso_login"]["map_email"] = SSO_IsField($_REQUEST["map_email"]) ? $_REQUEST["map_email"] : "";
$sso_settings["sso_login"]["email_verify_from"] = $_REQUEST["email_verify_from"];
$sso_settings["sso_login"]["email_verify_subject"] = trim($_REQUEST["email_verify_subject"]);
$sso_settings["sso_login"]["email_verify_msg"] = $_REQUEST["email_verify_msg"];
$sso_settings["sso_login"]["email_verify_msg_text"] = SMTP::ConvertHTMLToText($_REQUEST["email_verify_msg"]);
$sso_settings["sso_login"]["email_recover_from"] = $_REQUEST["email_recover_from"];
$sso_settings["sso_login"]["email_recover_subject"] = trim($_REQUEST["email_recover_subject"]);
$sso_settings["sso_login"]["email_recover_msg"] = $_REQUEST["email_recover_msg"];
$sso_settings["sso_login"]["email_recover_msg_text"] = SMTP::ConvertHTMLToText($_REQUEST["email_recover_msg"]);
$sso_settings["sso_login"]["email_session"] = $_REQUEST["email_session"] == "none" || $_REQUEST["email_session"] == "all" ? $_REQUEST["email_session"] : "verify";
$sso_settings["sso_login"]["email_bad_domains"] = $_REQUEST["email_bad_domains"];
$sso_settings["sso_login"]["change_email"] = $_REQUEST["change_email"] > 0;
}
$sso_settings["sso_login"]["require_two_factor"] = $_REQUEST["require_two_factor"] > 0;
$sso_settings["sso_login"]["two_factor_order"] = $_REQUEST["two_factor_order"];
$sso_settings["sso_login"]["password_minlen"] = $_REQUEST["password_minlen"];
$modetimechanged = $sso_settings["sso_login"]["password_mode"] != $_REQUEST["password_mode"] || $sso_settings["sso_login"]["password_mintime"] != $_REQUEST["password_mintime"];
$sso_settings["sso_login"]["password_mode"] = $_REQUEST["password_mode"];
$sso_settings["sso_login"]["password_mintime"] = $_REQUEST["password_mintime"];
if ($modetimechanged) {
$sso_settings["sso_login"]["password_minrounds"] = self::CalculateOptimalHashRounds($sso_settings["sso_login"]["password_mode"], $sso_settings["sso_login"]["password_mintime"]);
}
$sso_settings["sso_login"]["open_reg"] = $_REQUEST["open_reg"] > 0;
if (!SSO_SaveSettings()) {
BB_SetPageMessage("error", "Unable to save settings.");
} else {
if (BB_GetPageMessageType() == "info") {
SSO_ConfigRedirect("config", array(), "info", $_REQUEST["bb_msg"] . " " . BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName()));
} else {
SSO_ConfigRedirect("config", array(), "success", BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName()));
}
}
}
}
$contentopts = array("desc" => BB_Translate("Configure the %s provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_login", "action2" => "config", "configsave" => "1"), "fields" => array(), "submit" => "Save", "focus" => true);
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
$contentopts["fields"][] = array("title" => "Username Settings", "type" => "accordion");
$contentopts["fields"][] = array("title" => "Map Username", "type" => "select", "name" => "map_username", "options" => $sso_select_fields, "select" => BB_GetValue("map_username", (string) $sso_settings["sso_login"]["map_username"]), "desc" => "The field in the SSO system to map the username to.");
$contentopts["fields"][] = array("title" => "Minimum Username Length", "type" => "text", "name" => "username_minlen", "value" => BB_GetValue("username_minlen", $sso_settings["sso_login"]["username_minlen"]), "desc" => "The minimum number of characters a username must have.");
$contentopts["fields"][] = array("title" => "Username Blacklist", "type" => "textarea", "height" => "300px", "name" => "username_blacklist", "value" => BB_GetValue("username_blacklist", $sso_settings["sso_login"]["username_blacklist"]), "desc" => "A blacklist of words that a username may not contain. One per line.");
$contentopts["fields"][] = array("title" => "Allow Username Changes", "type" => "select", "name" => "change_username", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("change_username", (string) (int) $sso_settings["sso_login"]["change_username"]), "desc" => "Users may change their usernames.");
$contentopts["fields"][] = "endaccordion";
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$contentopts["fields"][] = array("title" => "E-mail Settings", "type" => "accordion");
$contentopts["fields"][] = array("title" => "Map E-mail Address", "type" => "select", "name" => "map_email", "options" => $sso_select_fields, "select" => BB_GetValue("map_email", (string) $sso_settings["sso_login"]["map_email"]), "desc" => "The field in the SSO system to map the e-mail address to.");
$contentopts["fields"][] = array("title" => "Verification E-mail - From Address", "type" => "text", "name" => "email_verify_from", "value" => BB_GetValue("email_verify_from", $sso_settings["sso_login"]["email_verify_from"]), "desc" => "The from address for the e-mail message to send to new registrants. Leave blank for the server default.");
$contentopts["fields"][] = array("title" => "Verification E-mail - Subject Line", "type" => "text", "name" => "email_verify_subject", "value" => BB_GetValue("email_verify_subject", $sso_settings["sso_login"]["email_verify_subject"]), "desc" => "The subject line for the e-mail message to send to new registrants.");
$contentopts["fields"][] = array("title" => "Verification E-mail - HTML Message", "type" => "textarea", "height" => "300px", "name" => "email_verify_msg", "value" => BB_GetValue("email_verify_msg", $sso_settings["sso_login"]["email_verify_msg"]), "desc" => "The HTML e-mail message to send to new registrants. @USERNAME@, @EMAIL@, and @VERIFY@ are special strings that will be replaced with user and system generated values. @VERIFY@ is required.");
$contentopts["fields"][] = array("title" => "Recovery E-mail - From Address", "type" => "text", "name" => "email_recover_from", "value" => BB_GetValue("email_recover_from", $sso_settings["sso_login"]["email_recover_from"]), "desc" => "The from address for the e-mail message to send to users recovering access to their account. Leave blank for the server default.");
$contentopts["fields"][] = array("title" => "Recovery E-mail - Subject Line", "type" => "text", "name" => "email_recover_subject", "value" => BB_GetValue("email_recover_subject", $sso_settings["sso_login"]["email_recover_subject"]), "desc" => "The subject line for the e-mail message to send to users recovering access to their account.");
$contentopts["fields"][] = array("title" => "Recovery E-mail - HTML Message", "type" => "textarea", "height" => "300px", "name" => "email_recover_msg", "value" => BB_GetValue("email_recover_msg", $sso_settings["sso_login"]["email_recover_msg"]), "desc" => "The HTML e-mail message to send to users recovering access to their account. @USERNAME@, @EMAIL@, and @VERIFY@ are special strings that will be replaced with user and system generated values. @VERIFY@ is required.");
$contentopts["fields"][] = array("title" => "Verification/Recovery E-mail - Send Session ID", "type" => "select", "name" => "email_session", "options" => array("none" => "Never", "verify" => "Verification e-mail only", "all" => "Verification and recovery e-mails"), "select" => BB_GetValue("email_session", $sso_settings["sso_login"]["email_session"]), "desc" => "Send the session ID as part of the URL in an e-mail. When the session ID isn't sent, the same browser session must be used with the URL or an error message will appear. Sending the session ID for recovery e-mails is not recommended.");
$contentopts["fields"][] = array("title" => "E-mail Domain Blacklist", "type" => "textarea", "height" => "300px", "name" => "email_bad_domains", "value" => BB_GetValue("email_bad_domains", $sso_settings["sso_login"]["email_bad_domains"]), "desc" => "A blacklist of e-mail address domains that are not allowed to create accounts. One per line.");
$contentopts["fields"][] = array("title" => "Allow E-mail Address Changes", "type" => "select", "name" => "change_email", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("change_email", (string) (int) $sso_settings["sso_login"]["change_email"]), "desc" => "Users may change their e-mail addresses.");
$contentopts["fields"][] = "endaccordion";
}
$contentopts["fields"][] = array("title" => "Other Settings", "type" => "accordion");
$contentopts["fields"][] = array("title" => "Require Two-Factor Authentication", "type" => "select", "name" => "require_two_factor", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("require_two_factor", (string) (int) $sso_settings["sso_login"]["require_two_factor"]), "desc" => "Users have to select and sign in with a two-factor authentication method. Existing users will have to use account recovery to set up two-factor authentication.");
$contentopts["fields"][] = array("title" => "Two-Factor Authentication Display Order", "type" => "text", "name" => "two_factor_order", "value" => BB_GetValue("two_factor_order", $sso_settings["sso_login"]["two_factor_order"]), "desc" => "The display order to use for the two-factor authentication dropdown.");
$contentopts["fields"][] = array("title" => "Minimum Password Length", "type" => "text", "name" => "password_minlen", "value" => BB_GetValue("password_minlen", $sso_settings["sso_login"]["password_minlen"]), "desc" => "The minimum number of characters a password must have.");
$options = array();
if (function_exists("password_hash")) {
$options["password_hash_bcrypt"] = "password_hash() - Native PHP Bcrypt hashing";
}
$options["blowfish"] = "Blowfish::Hash() - A Bcrypt-like hash";
$contentopts["fields"][] = array("title" => "Password Hashing Mode", "type" => "select", "name" => "password_mode", "options" => $options, "select" => BB_GetValue("password_mode", $sso_settings["sso_login"]["password_mode"]), "desc" => "The password hashing mode to use. Note that changing the hashing mode will force all users to change their passwords. If account recovery is not possible, users will be unable to access their accounts.");
$contentopts["fields"][] = array("title" => "Minimum Password Time", "type" => "text", "name" => "password_mintime", "value" => BB_GetValue("password_mintime", $sso_settings["sso_login"]["password_mintime"]), "desc" => "The minimum amount of time, in milliseconds, required to spend to initially hash a password.");
$contentopts["fields"][] = array("title" => "Minimum Password Rounds", "type" => "static", "value" => $sso_settings["sso_login"]["password_minrounds"], "desc" => "The minimum number of rounds required to hash a password. Automatically calculated." . ($sso_settings["sso_login"]["password_minrounds"] < 128 ? " WARNING: Due to the low number of minimum rounds, stored passwords will not be as secure as they should be. Please select a different password hashing mode and/or increase the minimum hashing time." : ""));
$contentopts["fields"][] = array("title" => "Open Registration", "type" => "select", "name" => "open_reg", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("open_reg", (string) (int) $sso_settings["sso_login"]["open_reg"]), "desc" => "Users may register for new accounts.");
$contentopts["fields"][] = "endaccordion";
$contentopts["fields"][] = "split";
foreach ($g_sso_login_modules as $key => $info) {
$contentopts["fields"][] = array("title" => BB_Translate($sso_settings["sso_login"]["modules"][$key]["_a"] ? "%s Module *" : "%s Module", $info["name"]), "type" => "accordion");
$contentopts["fields"][] = array("title" => BB_Translate("%s Module Enabled?", $info["name"]), "type" => "select", "name" => $key . "__a", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue($key . "__a", (string) (int) $sso_settings["sso_login"]["modules"][$key]["_a"]), "desc" => BB_Translate("Enables the %s module. %s", $info["name"], $info["desc"]));
if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
$module = "sso_login_module_" . $key;
$instance = new $module();
if ($instance->DefaultOrder() !== false) {
$contentopts["fields"][] = array("title" => BB_Translate("%s Module Display Order", $info["name"]), "type" => "text", "name" => $key . "__s", "value" => BB_GetValue($key . "__s", (string) (int) (isset($sso_settings["sso_login"]["modules"][$key]["_s"]) ? $sso_settings["sso_login"]["modules"][$key]["_s"] : $instance->DefaultOrder())), "desc" => BB_Translate("The display order to use for the %s module.", $info["name"]));
}
$instance->Config($contentopts);
}
$contentopts["fields"][] = "endaccordion";
}
SSO_AppendIPFields($contentopts, $sso_settings["sso_login"]["iprestrict"]);
BB_GeneratePage(BB_Translate("Configure %s", $this->DisplayName()), $sso_menuopts, $contentopts);
} else {
if ($sso_site_admin && $sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "disable") {
$sso_settings["sso_login"]["enabled"] = false;
if (!SSO_SaveSettings()) {
BB_RedirectPage("error", "Unable to save settings.");
} else {
BB_RedirectPage("success", BB_Translate("Successfully disabled the %s provider.", $this->DisplayName()));
}
} else {
if ($sso_site_admin && !$sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "enable") {
$sso_settings["sso_login"]["enabled"] = true;
if (!SSO_SaveSettings()) {
BB_RedirectPage("error", "Unable to save settings.");
} else {
BB_RedirectPage("success", BB_Translate("Successfully enabled the %s provider.", $this->DisplayName()));
}
} else {
if ($sso_site_admin && !$sso_settings["sso_login"]["installed"] && $_REQUEST["action2"] == "install") {
if (isset($_REQUEST["type"])) {
if ($sso_db->TableExists($sso_db_sso_login_users)) {
BB_SetPageMessage("error", "The database table '" . $sso_db_sso_login_users . "' already exists.");
}
if ($_REQUEST["type"] != "email_username" && $_REQUEST["type"] != "email" && $_REQUEST["type"] != "username") {
BB_SetPageMessage("error", "Please select a valid 'Registration Key'.");
}
if (BB_GetPageMessageType() != "error") {
try {
if ($_REQUEST["type"] == "email_username") {
$sso_db->Query("CREATE TABLE", array($sso_db_sso_login_users, array("id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true, "PRIMARY KEY" => true, "AUTO INCREMENT" => true), "username" => array("STRING", 1, 75, "NOT NULL" => true), "email" => array("STRING", 1, 255, "NOT NULL" => true), "verified" => array("INTEGER", 1, "NOT NULL" => true), "created" => array("DATETIME", "NOT NULL" => true), "info" => array("STRING", 3, "NOT NULL" => true)), array(array("UNIQUE", array("username"), "NAME" => $sso_db_sso_login_users . "_username"), array("UNIQUE", array("email"), "NAME" => $sso_db_sso_login_users . "_email"))));
} else {
if ($_REQUEST["type"] == "email") {
$sso_db->Query("CREATE TABLE", array($sso_db_sso_login_users, array("id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true, "PRIMARY KEY" => true, "AUTO INCREMENT" => true), "email" => array("STRING", 1, 255, "NOT NULL" => true), "verified" => array("INTEGER", 1, "NOT NULL" => true), "created" => array("DATETIME", "NOT NULL" => true), "info" => array("STRING", 3, "NOT NULL" => true)), array(array("UNIQUE", array("email"), "NAME" => $sso_db_sso_login_users . "_email"))));
} else {
if ($_REQUEST["type"] == "username") {
$sso_db->Query("CREATE TABLE", array($sso_db_sso_login_users, array("id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true, "PRIMARY KEY" => true, "AUTO INCREMENT" => true), "username" => array("STRING", 1, 75, "NOT NULL" => true), "created" => array("DATETIME", "NOT NULL" => true), "info" => array("STRING", 3, "NOT NULL" => true)), array(array("UNIQUE", array("username"), "NAME" => $sso_db_sso_login_users . "_username"))));
}
}
}
$sso_settings["sso_login"]["installed"] = true;
$sso_settings["sso_login"]["enabled"] = true;
$sso_settings["sso_login"]["install_type"] = $_REQUEST["type"];
if (!SSO_SaveSettings()) {
BB_SetPageMessage("error", "Unable to save settings.");
} else {
SSO_ConfigRedirect("config", array(), "success", BB_Translate("Successfully installed the %s provider.", $this->DisplayName()));
}
} catch (Exception $e) {
BB_SetPageMessage("error", "Unable to create the database table '" . htmlspecialchars($sso_db_sso_login_users) . "'. " . $e->getMessage());
}
}
}
$contentopts = array("desc" => BB_Translate("Install the %s provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_login", "action2" => "install"), "fields" => array(array("title" => "Registration Key(s)", "type" => "select", "name" => "type", "options" => array("email_username" => "E-mail Address and Username", "email" => "E-mail Address only", "username" => "Username only"), "select" => BB_GetValue("type", ""), "desc" => "The unique fields to require for a registration system entry. This can't be changed after installing. The default is highly recommended.")), "submit" => "Install", "focus" => true);
BB_GeneratePage(BB_Translate("Install %s", $this->DisplayName()), $sso_menuopts, $contentopts);
} else {
if ($sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "activateuser" && $this->CanActivateUser()) {
if (!isset($_REQUEST["id"])) {
SSO_ConfigRedirect("finduser", array(), "error", "User ID not specified.");
}
$userrow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_login_users, $_REQUEST["id"]);
if (!$userrow) {
SSO_ConfigRedirect("finduser", array(), "error", "User not found.");
}
if (!isset($userrow->email)) {
$userrow->email = "";
}
if (!isset($userrow->username)) {
$userrow->username = "";
}
if (!isset($userrow->verified)) {
$userrow->verified = 1;
}
$userinfo = SSO_DecryptDBData($userrow->info);
// Activate the user.
$mapinfo = array();
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$mapinfo[$sso_settings["sso_login"]["map_email"]] = $userrow->email;
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
$mapinfo[$sso_settings["sso_login"]["map_username"]] = $userrow->username;
}
// Initialize active modules.
$this->activemodules = array();
foreach ($g_sso_login_modules as $key => $info) {
if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
$module = "sso_login_module_" . $key;
$instance = new $module();
$instance->LoginAddMap($mapinfo, $userrow, $userinfo, true);
}
}
SSO_ActivateUser($userrow->id, $userinfo["extra"], $mapinfo, CSDB::ConvertFromDBTime($userrow->created), false, false);
SSO_ConfigRedirect("edituser", array("id" => $userrow->id), "success", "Successfully activated the user.");
} else {
if ($sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "edituser") {
if (!isset($_REQUEST["id"])) {
SSO_ConfigRedirect("finduser", array(), "error", "User ID not specified.");
}
$row = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_login_users, $_REQUEST["id"]);
if (!$row) {
SSO_ConfigRedirect("finduser", array(), "error", "User not found.");
}
if (!isset($row->email)) {
$row->email = "";
}
if (!isset($row->username)) {
$row->username = "";
}
if (!isset($row->verified)) {
$row->verified = 1;
}
$userinfo = SSO_DecryptDBData($row->info);
// Initialize active modules.
$this->activemodules = array();
foreach ($g_sso_login_modules as $key => $info) {
if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
$module = "sso_login_module_" . $key;
$this->activemodules[$key] = new $module();
}
}
if (isset($_REQUEST["reset_password"])) {
$username = $row->username;
$email = $row->email;
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
if ($_REQUEST["username"] == "") {
BB_SetPageMessage("error", "Please specify a username.");
} else {
if ($_REQUEST["username"] != $row->username && $sso_db->GetOne("SELECT", array("COUNT(*)", "FROM" => "?", "WHERE" => "username = ?"), $sso_db_sso_login_users, $_REQUEST["username"])) {
BB_SetPageMessage("error", "Username is already in use.");
} else {
$username = $_REQUEST["username"];
}
}
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
if ($_REQUEST["email"] == "") {
BB_SetPageMessage("error", "Please specify an e-mail address.");
} else {
if ($_REQUEST["email"] != $row->email && $sso_db->GetOne("SELECT", array("COUNT(*)", "FROM" => "?", "WHERE" => "email = ?"), $sso_db_sso_login_users, $_REQUEST["email"])) {
BB_SetPageMessage("error", "E-mail Address is already in use.");
} else {
$email = $_REQUEST["email"];
}
}
}
foreach ($g_sso_login_modules as $key => $info) {
if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
$module = "sso_login_module_" . $key;
$instance = new $module();
$instance->CheckEditUserFields($userinfo);
}
}
if (BB_GetPageMessageType() != "error" && $_REQUEST["reset_password"] > 0) {
if ($_REQUEST["reset_password"] == 1) {
$phrase = "";
for ($x = 0; $x < 4; $x++) {
$phrase .= " " . SSO_GetRandomWord();
}
$phrase = preg_replace('/\\s+/', " ", trim($phrase));
$salt = $sso_rng->GenerateString();
$data = $username . ":" . $email . ":" . $salt . ":" . $phrase;
$passwordinfo = self::HashPasswordInfo($data, $sso_settings["sso_login"]["password_mode"], $sso_settings["sso_login"]["password_minrounds"]);
if (!$passwordinfo["success"]) {
BB_SetPageMessage("error", "Unexpected cryptography error.");
} else {
$userinfo["salt"] = $salt;
$userinfo["rounds"] = (int) $passwordinfo["rounds"];
$userinfo["password"] = bin2hex($passwordinfo["hash"]);
BB_SetPageMessage("info", BB_Translate("Password has been changed to '%s'.", $phrase));
}
} else {
if ($this->IsRecoveryAllowed(false) && $_REQUEST["reset_password"] == 2) {
$userinfo["rounds"] = 0;
$userinfo["password"] = "";
}
}
}
if (BB_GetPageMessageType() != "error") {
try {
$userinfo2 = SSO_EncryptDBData($userinfo);
if ($sso_settings["sso_login"]["install_type"] == "email_username") {
$sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("username" => $_REQUEST["username"], "email" => $_REQUEST["email"], "verified" => (int) $_REQUEST["verified"] > 0 ? 1 : 0, "info" => $userinfo2), "WHERE" => "id = ?"), $row->id);
} else {
if ($sso_settings["sso_login"]["install_type"] == "email") {
$sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("email" => $_REQUEST["email"], "verified" => (int) $_REQUEST["verified"] > 0 ? 1 : 0, "info" => $userinfo2), "WHERE" => "id = ?"), $row->id);
} else {
if ($sso_settings["sso_login"]["install_type"] == "username") {
$sso_db->Query("UPDATE", array($sso_db_sso_login_users, array("username" => $_REQUEST["username"], "info" => $userinfo2), "WHERE" => "id = ?"), $row->id);
}
}
}
if (BB_GetPageMessageType() == "info") {
SSO_ConfigRedirect("edituser", array("id" => $row->id), "info", $_REQUEST["bb_msg"] . " Successfully updated the user.");
} else {
SSO_ConfigRedirect("edituser", array("id" => $row->id), "success", "Successfully updated the user.");
}
} catch (Exception $e) {
BB_SetPageMessage("error", "Database query error.");
}
}
}
$desc = "<br />";
$row2 = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "provider_name = 'sso_login' AND provider_id = ?"), $sso_db_users, $row->id);
if ($row2) {
$desc .= "<a href=\"" . BB_GetRequestURLBase() . "?action=edituser&id=" . $row2->id . "&sec_t=" . BB_CreateSecurityToken("edituser") . "\">Edit SSO Server Info</a>";
} else {
if ($this->CanActivateUser()) {
$desc .= SSO_CreateConfigLink("Activate User", "activateuser", array("id" => $row->id), "Are you sure you want to activate this user?");
}
}
$contentopts = array("desc" => BB_Translate("Edit the %s user.", $this->DisplayName()), "htmldesc" => $desc, "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_login", "action2" => "edituser", "id" => $row->id), "fields" => array(array("title" => "ID", "type" => "static", "value" => $row->id)), "submit" => "Save", "focus" => true);
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
$contentopts["fields"][] = array("title" => "Username", "type" => "text", "name" => "username", "value" => BB_GetValue("username", $row->username));
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$contentopts["fields"][] = array("title" => "E-mail Address", "type" => "text", "name" => "email", "value" => BB_GetValue("email", $row->email));
$contentopts["fields"][] = array("title" => "Verified", "type" => "select", "name" => "verified", "options" => array("1" => "Yes", "0" => "No"), "select" => BB_GetValue("verified", (string) $row->verified));
}
$contentopts["fields"][] = array("title" => "Password Hash Rounds", "type" => "static", "value" => number_Format($userinfo["rounds"], 0));
$options = array("0" => "No", "1" => "Now - Generate a random password");
if ($this->IsRecoveryAllowed(false)) {
$options["2"] = "Next Login - User must use account recovery to set a password";
}
$contentopts["fields"][] = array("title" => "Reset Password?", "type" => "select", "name" => "reset_password", "options" => $options, "select" => BB_GetValue("reset_password", "0"));
foreach ($g_sso_login_modules as $key => $info) {
if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
$module = "sso_login_module_" . $key;
$instance = new $module();
$instance->AddEditUserFields($contentopts, $userinfo);
}
}
BB_GeneratePage(BB_Translate("Edit %s User", $this->DisplayName()), $sso_menuopts, $contentopts);
} else {
if ($sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "createuser" && $this->CanActivateUser()) {
// Initialize active modules.
$this->activemodules = array();
foreach ($g_sso_login_modules as $key => $info) {
if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
$module = "sso_login_module_" . $key;
$this->activemodules[$key] = new $module();
}
}
if (isset($_REQUEST["set_password"])) {
$messages = $this->SignupUpdateCheck(false, false, false, true);
if (count($messages["errors"])) {
BB_SetPageMessage("error", implode(" ", array_merge($messages["errors"], $messages["warnings"])));
} else {
// Create the account.
$username = BB_GetValue("username", "");
$email = BB_GetValue("email", "");
$verified = true;
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$result = SMTP::MakeValidEmailAddress($email);
$email = $result["email"];
}
$userinfo = array();
$phrase = "";
for ($x = 0; $x < 4; $x++) {
$phrase .= " " . SSO_GetRandomWord();
}
$phrase = preg_replace('/\\s+/', " ", trim($phrase));
$salt = $sso_rng->GenerateString();
$data = $username . ":" . $email . ":" . $salt . ":" . $phrase;
$userinfo["extra"] = $sso_rng->GenerateString();
if ($_REQUEST["set_password"] == 1) {
$passwordinfo = self::HashPasswordInfo($data, $sso_settings["sso_login"]["password_mode"], $sso_settings["sso_login"]["password_minrounds"]);
if (!$passwordinfo["success"]) {
BB_SetPageMessage("error", "Unexpected cryptography error.");
} else {
$userinfo["salt"] = $salt;
$userinfo["rounds"] = (int) $passwordinfo["rounds"];
$userinfo["password"] = bin2hex($passwordinfo["hash"]);
BB_SetPageMessage("info", BB_Translate("Initial password has been set to '%s'.", $phrase));
}
} else {
if ($this->IsRecoveryAllowed(false) && $_REQUEST["set_password"] == 2) {
$userinfo["salt"] = "";
$userinfo["rounds"] = 0;
$userinfo["password"] = "";
} else {
BB_SetPageMessage("error", "Invalid Set Password option.");
}
}
$userinfo["two_factor_key"] = $_REQUEST["two_factor_key"];
$userinfo["two_factor_method"] = isset($_REQUEST["two_factor_method"]) ? $_REQUEST["two_factor_method"] : "";
if (BB_GetPageMessageType() != "error") {
foreach ($this->activemodules as &$instance) {
$instance->SignupAddInfo($userinfo, true);
}
$userinfo2 = SSO_EncryptDBData($userinfo);
try {
if ($sso_settings["sso_login"]["install_type"] == "email_username") {
$sso_db->Query("INSERT", array($sso_db_sso_login_users, array("username" => $username, "email" => $email, "verified" => (int) $verified, "created" => CSDB::ConvertToDBTime(time()), "info" => $userinfo2), "AUTO INCREMENT" => "id"));
} else {
if ($sso_settings["sso_login"]["install_type"] == "email") {
$sso_db->Query("INSERT", array($sso_db_sso_login_users, array("email" => $email, "verified" => (int) $verified, "created" => CSDB::ConvertToDBTime(time()), "info" => $userinfo2), "AUTO INCREMENT" => "id"));
} else {
if ($sso_settings["sso_login"]["install_type"] == "username") {
$sso_db->Query("INSERT", array($sso_db_sso_login_users, array("username" => $username, "created" => CSDB::ConvertToDBTime(time()), "info" => $userinfo2), "AUTO INCREMENT" => "id"));
} else {
BB_SetPageMessage("error", "Fatal error: Login system is broken.");
}
}
}
if (BB_GetPageMessageType() != "error") {
$userid = $sso_db->GetInsertID();
$userrow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_login_users, $userid);
}
} catch (Exception $e) {
BB_SetPageMessage("error", "Database query error.");
}
if (BB_GetPageMessageType() != "error") {
foreach ($this->activemodules as &$instance) {
$instance->SignupDone($userid, true);
}
// Activate the user.
if (isset($_REQUEST["activate"]) && $_REQUEST["activate"] == "yes") {
$mapinfo = array();
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$mapinfo[$sso_settings["sso_login"]["map_email"]] = $userrow->email;
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
$mapinfo[$sso_settings["sso_login"]["map_username"]] = $userrow->username;
}
foreach ($this->activemodules as &$instance) {
$instance->LoginAddMap($mapinfo, $userrow, $userinfo, true);
}
SSO_ActivateUser($userrow->id, $userinfo["extra"], $mapinfo, CSDB::ConvertFromDBTime($userrow->created), false, false);
}
if (BB_GetPageMessageType() == "info") {
SSO_ConfigRedirect("edituser", array("id" => $userid), "info", $_REQUEST["bb_msg"] . " Successfully created the user.");
} else {
SSO_ConfigRedirect("edituser", array("id" => $userid), "success", "Successfully created the user.");
}
}
}
}
}
$_REQUEST["two_factor_key"] = BB_GetValue("two_factor_key", self::GenerateOTPKey(10));
$contentopts = array("desc" => BB_Translate("Create a new user in the %s provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_login", "action2" => "createuser", "two_factor_key" => $_REQUEST["two_factor_key"]), "fields" => array(), "submit" => "Create", "focus" => true);
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email") {
$contentopts["fields"][] = array("title" => "E-mail Address", "type" => "text", "name" => "email", "value" => BB_GetValue("email", ""), "desc" => "The e-mail address of the new user. Must be valid and not already in use.");
}
if ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username") {
$contentopts["fields"][] = array("title" => "Username", "type" => "text", "name" => "username", "value" => BB_GetValue("username", ""), "desc" => "The username of the new user. Must be valid and not already in use.");
}
$options = array("1" => "Now - Generate a random password upon account creation");
if ($this->IsRecoveryAllowed(false)) {
$options["2"] = "Next Login - User must use account recovery to set a password";
}
$contentopts["fields"][] = array("title" => "Set Password", "type" => "select", "name" => "set_password", "options" => $options, "select" => BB_GetValue("set_password", "1"), "desc" => "Sets an account password now or later.");
// Two-factor authentication dropdown.
$fieldmap = array();
$options = array();
foreach ($this->activemodules as $key => &$instance) {
$name = $instance->GetTwoFactorName();
if ($name !== false) {
$options[$key] = $name;
}
}
if (!$sso_settings["sso_login"]["require_two_factor"] && count($options)) {
$options = array_merge(array("" => "None"), $options);
}
if (count($options)) {
$fields = array(array("title" => "Two-Factor Authentication Method", "type" => "select", "name" => "two_factor_method", "options" => $options, "select" => BB_GetValue("two_factor_method", ""), "desc" => "Sets the two-factor authentication method."));
$order = $sso_settings["sso_login"]["two_factor_order"];
SSO_AddSortedOutput($fieldmap, $order, "two_factor", $fields);
}
// Other fields.
foreach ($g_sso_login_modules as $key => $info) {
if ($sso_settings["sso_login"]["modules"][$key]["_a"]) {
$module = "sso_login_module_" . $key;
$instance = new $module();
$fields = $instance->GenerateSignup(true);
if (isset($fields) && is_array($fields)) {
$order = isset($sso_settings["sso_login"]["modules"][$key]["_s"]) ? $sso_settings["sso_login"]["modules"][$key]["_s"] : $instance->DefaultOrder();
SSO_AddSortedOutput($fieldmap, $order, $key, $fields);
}
}
}
ksort($fieldmap);
foreach ($fieldmap as $fields) {
foreach ($fields as $fields2) {
$contentopts["fields"] = array_merge($contentopts["fields"], $fields2);
}
}
$contentopts["fields"][] = array("title" => "Activate User", "type" => "checkbox", "name" => "activate", "value" => "yes", "check" => BB_GetValue("activate", "yes"), "display" => "Activate the user upon successful account creation");
BB_GeneratePage("Create User", $sso_menuopts, $contentopts);
} else {
if ($sso_site_admin && $sso_settings["sso_login"]["enabled"] && $_REQUEST["action2"] == "module" && isset($_REQUEST["module"]) && isset($sso_settings["sso_login"]["modules"][$_REQUEST["module"]]) && $sso_settings["sso_login"]["modules"][$_REQUEST["module"]]["_a"]) {
$module = "sso_login_module_" . $_REQUEST["module"];
$instance = new $module();
$instance->CustomConfig();
}
}
}
}
}
}
}
}
}
public function Config()
{
global $sso_rng, $sso_db, $sso_db_apikeys, $sso_site_admin, $sso_settings, $sso_menuopts, $sso_select_fields;
$sso_db_sso_remote = SSO_DB_PREFIX . "p_sso_remote";
$sso_db_sso_remote_users = SSO_DB_PREFIX . "p_sso_remote_users";
if ($sso_site_admin && $sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "editremote") {
$row = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_remote, $_REQUEST["id"]);
if ($row) {
$info = unserialize($row->info);
if (isset($_REQUEST["name"])) {
if (strlen($_REQUEST["name"]) > 75) {
BB_SetPageMessage("error", "'Name' can only be 75 characters long.");
}
if ($_REQUEST["name"] != $row->name && $sso_db->GetOne("SELECT", array("COUNT(*)", "FROM" => "?", "WHERE" => "name = ?"), $sso_db_sso_remote, $_REQUEST["name"])) {
BB_SetPageMessage("error", "The specified remote 'Name' already exists.");
}
$apirow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_apikeys, $_REQUEST["apikey_id"]);
if ($apirow === false) {
BB_SetPageMessage("error", "The specified 'API Key ID' is not valid.");
} else {
$apiinfo = unserialize($apirow->info);
if (!isset($apiinfo["type"])) {
$apiinfo["type"] = "normal";
}
if ($apiinfo["type"] != "remote") {
BB_SetPageMessage("error", "The specified 'API Key ID' is not a remote API key.");
}
}
$info["iprestrict"] = SSO_ProcessIPFields();
if (BB_GetPageMessageType() != "error") {
try {
$info["icon"] = $_REQUEST["icon"];
$info["notes"] = $_REQUEST["notes"];
$info["automate"] = $_REQUEST["automate"] > 0;
$sso_db->Query("UPDATE", array($sso_db_sso_remote, array("name" => $_REQUEST["name"], "apikey_id" => $_REQUEST["apikey_id"], "info" => serialize($info)), "WHERE" => "id = ?"), $row->id);
SSO_ConfigRedirect("editremote", array("id" => $row->id), "success", BB_Translate("Successfully updated the remote."));
} catch (Exception $e) {
BB_SetPageMessage("error", "Unable to update the remote. " . $e->getMessage());
}
}
}
$contentopts = array("desc" => BB_Translate("Edit the remote."), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_remote", "action2" => "editremote", "id" => $row->id), "fields" => array(array("title" => "Remote Key", "type" => "static", "value" => $row->remotekey . "-" . $row->id), array("title" => "Name", "type" => "text", "name" => "name", "value" => BB_GetValue("name", $row->name), "desc" => "The name of this remote. Usually the name of the business or a business unit that will use this remote to sign in (e.g. Intel). Must be unique."), array("title" => "API Key ID", "type" => "text", "name" => "apikey_id", "value" => BB_GetValue("apikey_id", $row->apikey_id), "desc" => "A valid remote API key ID."), array("title" => "Icon URL", "type" => "text", "name" => "icon", "value" => BB_GetValue("icon", $info["icon"]), "desc" => "An optional URL to a 48x48 pixel icon. The URL should start with 'https://'."), array("title" => "Notes", "type" => "textarea", "name" => "notes", "value" => BB_GetValue("notes", $info["notes"]), "desc" => "Optional extra information about this remote such as contract details."), array("title" => "Automate Validation Phase?", "type" => "select", "name" => "automate", "options" => array("No", "Yes"), "select" => BB_GetValue("automate", (string) (int) $info["automate"]), "desc" => "Whether or not to attempt to automate the validation phase after authenticating the user.")), "submit" => "Save", "focus" => true);
SSO_AppendIPFields($contentopts, $info["iprestrict"]);
BB_GeneratePage("Edit Remote", $sso_menuopts, $contentopts);
}
} else {
if ($sso_site_admin && $sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "addremote") {
if (isset($_REQUEST["name"])) {
if ($_REQUEST["name"] == "") {
BB_SetPageMessage("error", "Please fill in 'Name'.");
}
if (strlen($_REQUEST["name"]) > 75) {
BB_SetPageMessage("error", "'Name' can only be 75 characters long.");
}
if ($sso_db->GetOne("SELECT", array("COUNT(*)", "FROM" => "?", "WHERE" => "name = ?"), $sso_db_sso_remote, $_REQUEST["name"])) {
BB_SetPageMessage("error", "The specified remote 'Name' already exists.");
}
$apirow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_apikeys, $_REQUEST["apikey_id"]);
if ($apirow === false) {
BB_SetPageMessage("error", "The specified 'API Key ID' is not valid.");
} else {
$apiinfo = unserialize($apirow->info);
if (!isset($apiinfo["type"])) {
$apiinfo["type"] = "normal";
}
if ($apiinfo["type"] != "remote") {
BB_SetPageMessage("error", "The specified 'API Key ID' is not a remote API key.");
}
}
if (BB_GetPageMessageType() != "error") {
try {
$remotekey = $sso_rng->GenerateString();
$info = array("icon" => "", "notes" => "", "iprestrict" => SSO_InitIPFields(), "automate" => false);
$sso_db->Query("INSERT", array($sso_db_sso_remote, array("name" => $_REQUEST["name"], "remotekey" => $remotekey, "apikey_id" => $_REQUEST["apikey_id"], "created" => CSDB::ConvertToDBTime(time()), "info" => serialize($info)), "AUTO INCREMENT" => "id"));
$id = $sso_db->GetInsertID();
SSO_ConfigRedirect("editremote", array("id" => $id), "success", BB_Translate("Successfully created the remote."));
} catch (Exception $e) {
BB_SetPageMessage("error", "Unable to create the remote. " . $e->getMessage());
}
}
}
$contentopts = array("desc" => BB_Translate("Add a remote."), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_remote", "action2" => "addremote"), "fields" => array(array("title" => "Name", "type" => "text", "name" => "name", "value" => BB_GetValue("name", ""), "desc" => "The name of this remote. Usually the name of the business or a business unit that will use this remote to sign in (e.g. Intel). Must be unique."), array("title" => "API Key ID", "type" => "text", "name" => "apikey_id", "value" => BB_GetValue("apikey_id", ""), "desc" => "A valid remote API key ID.")), "submit" => "Create", "focus" => true);
BB_GeneratePage("Add Remote", $sso_menuopts, $contentopts);
} else {
if ($sso_site_admin && $sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "manageremotes") {
$desc = "<br />";
$desc .= SSO_CreateConfigLink("Add Remote", "addremote");
$rows = array();
$result = $sso_db->Query("SELECT", array("r.id, r.name, r.apikey_id, a.id AS a_id", "FROM" => "? AS r LEFT OUTER JOIN ? AS a ON (r.apikey_id = a.id)"), $sso_db_sso_remote, $sso_db_apikeys);
while ($row = $result->NextRow()) {
$rows[] = array($row->id, htmlspecialchars($row->name), $row->a_id > 0 ? "<a href=\"" . BB_GetRequestURLBase() . "?action=editapikey&id=" . $row->apikey_id . "&sec_t=" . BB_CreateSecurityToken("editapikey") . "\">" . $row->apikey_id . "</a>" : BB_Translate("<i>Invalid</i>"), SSO_CreateConfigLink("Edit", "editremote", array("id" => $row->id)) . " | " . SSO_CreateConfigLink("Delete", "deleteremote", array("id" => $row->id), "Are you sure you want to delete this remote?"));
}
$contentopts = array("desc" => BB_Translate("Manage the remotes."), "htmldesc" => $desc, "fields" => array(array("type" => "table", "cols" => array("ID", "Name", "API Key", "Options"), "rows" => $rows)));
BB_GeneratePage("Manage Remotes", $sso_menuopts, $contentopts);
} else {
if ($sso_site_admin && $sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "config") {
if (isset($_REQUEST["configsave"])) {
$sso_settings["sso_remote"]["iprestrict"] = SSO_ProcessIPFields();
if (BB_GetPageMessageType() != "error") {
$sso_settings["sso_remote"]["map_remote_id"] = SSO_IsField($_REQUEST["map_remote_id"]) ? $_REQUEST["map_remote_id"] : "";
if (!SSO_SaveSettings()) {
BB_SetPageMessage("error", "Unable to save settings.");
} else {
if (BB_GetPageMessageType() == "info") {
SSO_ConfigRedirect("config", array(), "info", $_REQUEST["bb_msg"] . " " . BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName()));
} else {
SSO_ConfigRedirect("config", array(), "success", BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName()));
}
}
}
}
$contentopts = array("desc" => BB_Translate("Configure the %s provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_remote", "action2" => "config", "configsave" => "1"), "fields" => array(array("title" => "Map Remote ID", "type" => "select", "name" => "map_remote_id", "options" => $sso_select_fields, "select" => BB_GetValue("map_remote_id", (string) $sso_settings["sso_remote"]["map_remote_id"]), "desc" => "The field in the SSO system to map the remote ID to. This allows applications to identify an organization and sign all users at that organization into a single instance.")), "submit" => "Save", "focus" => true);
SSO_AppendIPFields($contentopts, $sso_settings["sso_remote"]["iprestrict"]);
BB_GeneratePage(BB_Translate("Configure %s", $this->DisplayName()), $sso_menuopts, $contentopts);
} else {
if ($sso_site_admin && $sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "disable") {
$sso_settings["sso_remote"]["enabled"] = false;
if (!SSO_SaveSettings()) {
BB_RedirectPage("error", "Unable to save settings.");
} else {
BB_RedirectPage("success", BB_Translate("Successfully disabled the %s provider.", $this->DisplayName()));
}
} else {
if ($sso_site_admin && !$sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "enable") {
$sso_settings["sso_remote"]["enabled"] = true;
if (!SSO_SaveSettings()) {
BB_RedirectPage("error", "Unable to save settings.");
} else {
BB_RedirectPage("success", BB_Translate("Successfully enabled the %s provider.", $this->DisplayName()));
}
} else {
if ($sso_site_admin && !$sso_settings["sso_remote"]["installed"] && $_REQUEST["action2"] == "install") {
if (isset($_REQUEST["install"])) {
if ($sso_db->TableExists($sso_db_sso_remote)) {
BB_SetPageMessage("error", "The database table '" . $sso_db_sso_remote . "' already exists.");
}
if ($sso_db->TableExists($sso_db_sso_remote_users)) {
BB_SetPageMessage("error", "The database table '" . $sso_db_sso_remote_users . "' already exists.");
}
if (BB_GetPageMessageType() != "error") {
try {
$sso_db->Query("CREATE TABLE", array($sso_db_sso_remote, array("id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true, "PRIMARY KEY" => true, "AUTO INCREMENT" => true), "name" => array("STRING", 1, 75, "NOT NULL" => true), "remotekey" => array("STRING", 1, 64, "NOT NULL" => true), "apikey_id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true), "created" => array("DATETIME", "NOT NULL" => true), "info" => array("STRING", 3, "NOT NULL" => true)), array(array("UNIQUE", array("name"), "NAME" => $sso_db_sso_remote . "_name"), array("KEY", array("apikey_id"), "NAME" => $sso_db_sso_remote . "_apikey_id"))));
} catch (Exception $e) {
BB_SetPageMessage("error", "Unable to create the database table '" . htmlspecialchars($sso_db_sso_remote) . "'. " . $e->getMessage());
}
if (BB_GetPageMessageType() != "error") {
try {
$sso_db->Query("CREATE TABLE", array($sso_db_sso_remote_users, array("id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true, "PRIMARY KEY" => true, "AUTO INCREMENT" => true), "remote_id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true), "user_id" => array("STRING", 1, 255, "NOT NULL" => true), "created" => array("DATETIME", "NOT NULL" => true)), array(array("UNIQUE", array("remote_id", "user_id"), "NAME" => $sso_db_sso_remote_users . "_remote_user_id"))));
$sso_settings["sso_remote"]["installed"] = true;
$sso_settings["sso_remote"]["enabled"] = true;
if (!SSO_SaveSettings()) {
BB_SetPageMessage("error", "Unable to save settings.");
} else {
SSO_ConfigRedirect("manageremotes", array(), "success", BB_Translate("Successfully installed the %s provider.", $this->DisplayName()));
}
} catch (Exception $e) {
BB_SetPageMessage("error", "Unable to create the database table '" . htmlspecialchars($sso_db_sso_remote_users) . "'. " . $e->getMessage());
}
}
}
}
$contentopts = array("desc" => BB_Translate("Install the %s provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_remote", "action2" => "install", "install" => "1"), "fields" => array(), "submit" => "Install", "focus" => true);
BB_GeneratePage(BB_Translate("Install %s", $this->DisplayName()), $sso_menuopts, $contentopts);
}
}
}
}
}
}
}
}
function BB_FileExplorer_GetActionStr($dir, $file, $wid = "")
{
global $editmap, $extmap;
$pos = strrpos($file, ".");
if ($pos === false) {
return "";
}
$ext = substr($file, $pos);
if (!isset($extmap[$ext]) || !isset($extmap[$ext]["edit"]) || !isset($editmap[$extmap[$ext]["edit"]])) {
return "";
}
$data = $editmap[$extmap[$ext]["edit"]];
$result = $data[0];
$result = BB_FileExplorer_ReplaceStr("DIR", $dir, $result);
$result = BB_FileExplorer_ReplaceStr("FILE", $file, $result);
$result = BB_FileExplorer_ReplaceStr("LOADTOKEN", BB_CreateSecurityToken("bb_main_edit_site_opt_file_explorer_edit_load", $wid, array($dir . "/" . $file)), $result);
$result = BB_FileExplorer_ReplaceStr("SAVETOKEN", BB_CreateSecurityToken("bb_main_edit_site_opt_file_explorer_edit_save", $wid, array($dir . "/" . $file)), $result);
$opts = explode(",", $data[1]);
foreach ($opts as $opt) {
$result = BB_FileExplorer_ReplaceStr($opt, isset($extmap[$ext][$opt]) ? $extmap[$ext][$opt] : "", $result);
}
return $result;
}
function SSO_CreateConfigURL($action2, $extra = array())
{
global $sso_provider;
$extra["provider"] = $sso_provider;
if ($action2 != "") {
$extra["action2"] = $action2;
}
$extra2 = "";
foreach ($extra as $key => $val) {
$extra2 .= "&" . urlencode($key) . "=" . urlencode($val);
}
return BB_GetRequestURLBase() . "?action=config" . $extra2 . "&sec_t=" . BB_CreateSecurityToken("config", array_values($extra)) . "&sec_extra=" . implode(",", array_keys($extra));
}
