projects / authserver.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
move settings sanitation to utils, move whitelist for client registration to settings
[authserver.git] / app / index.php
CommitLineData
133aecbe
RK		 1<?php
2/* This Source Code Form is subject to the terms of the Mozilla Public
3 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
4 * You can obtain one at http://mozilla.org/MPL/2.0/. */
5
6// Include the common auth system files (including the OAuth2 Server object).
7require_once(__DIR__.'/authsystem.inc.php');
8
4c6d8064 9$errors = $utils->checkForSecureConnection();
b0e48c35 10$utils->sendSecurityHeaders();
d26d08a1 11
7be13777
RK		 12// Initialize the HTML document with our basic elements.
13extract($utils->initHTMLDocument('KaiRo.at Authentication Server')); // sets $document, $html, $head, $title, $body
d26d08a1
RK		 14
15if (!count($errors)) {
4c6d8064 16 $session = $utils->initSession(); // Read session or create new session and set cookie.
d26d08a1 17 $user = array('id' => 0, 'email' => '');
b19743bc 18 $pagetype = 'default';
4c6d8064 19 if (is_null($session)) {
9cab985c 20 $errors[] = _('The session system is not working.').' '._('Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
4c6d8064
RK		 21 }
22 elseif (array_key_exists('logout', $_GET)) {
23 $result = $db->prepare('UPDATE `auth_sessions` SET `logged_in` = FALSE WHERE `id` = :sessid;');
24 if (!$result->execute(array(':sessid' => $session['id']))) {
25 $utils->log('logout_failure', 'session: '.$session['id']);
b217e836 26 $errors[] = _('Unexpected error while logging out.');
4c6d8064
RK		 27 }
28 $session['logged_in'] = 0;
29 }
30 elseif (array_key_exists('email', $_POST)) {
fb7b39f0 31 if (!preg_match('/^[^@]+@([^@]+\.[^@]+|localhost)$/', $_POST['email'])) {
4c6d8064
RK		 32 $errors[] = _('The email address is invalid.');
33 }
34 elseif ($utils->verifyTimeCode(@$_POST['tcode'], $session)) {
60e46184 35 $result = $db->prepare('SELECT `id`, `pwdhash`, `email`, `status`, `verify_hash`,`group_id` FROM `auth_users` WHERE `email` = :email;');
4c6d8064
RK		 36 $result->execute(array(':email' => $_POST['email']));
37 $user = $result->fetch(PDO::FETCH_ASSOC);
60e46184
RK		 38 // If we need to add the email to a group, note here which user's group we should be added to - otherwise, set to 0.
39 $addgroup = (array_key_exists('grouptoexisting', $_POST) && intval($session['user']) && ($session['user'] != @$user['id'])) ? $session['user'] : 0;
4c6d8064
RK		 40 if ($user['id'] && array_key_exists('pwd', $_POST)) {
41 // existing user, check password
42 if (($user['status'] == 'ok') && $utils->pwdVerify(@$_POST['pwd'], $user)) {
43 // Check if a newer hashing algorithm is available
44 // or the cost has changed
45 if ($utils->pwdNeedsRehash($user)) {
46 // If so, create a new hash, and replace the old one
47 $newHash = $utils->pwdHash($_POST['pwd']);
48 $result = $db->prepare('UPDATE `auth_users` SET `pwdhash` = :pwdhash WHERE `id` = :userid;');
49 if (!$result->execute(array(':pwdhash' => $newHash, ':userid' => $user['id']))) {
50 $utils->log('user_hash_save_failure', 'user: '.$user['id']);
51 }
52 else {
53 $utils->log('pwd_rehash_success', 'user: '.$user['id']);
54 }
55 }
d26d08a1 56
4c6d8064
RK		 57 // Log user in - update session key for that, see https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Login
58 $utils->log('login', 'user: '.$user['id']);
60e46184
RK		 59 $prev_session = $session;
60 $session = $utils->getLoginSession($user['id'], $session);
4c6d8064
RK		 61 // If a verify_hash if set on a verified user, a password reset had been requested. As a login works right now, cancel that reset request by deleting the hash.
62 if (strlen(@$user['verify_hash'])) {
63 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = \'\' WHERE `id` = :userid;');
64 if (!$result->execute(array(':userid' => $user['id']))) {
65 $utils->log('empty_vhash_failure', 'user: '.$user['id']);
66 }
67 else {
68 $user['verify_hash'] = '';
69 }
70 }
60e46184 71 $utils->doRedirectIfSet($prev_session);
d26d08a1 72 }
89975cb9 73 else {
4c6d8064 74 $errors[] = _('This password is invalid or your email is not verified yet. Did you type them correctly?');
89975cb9 75 }
d26d08a1 76 }
4c6d8064
RK		 77 else {
78 // new user: check password, create user and send verification; existing users: re-send verification or send password change instructions
79 if (array_key_exists('pwd', $_POST)) {
80 $errors += $utils->checkPasswordConstraints(strval($_POST['pwd']), $_POST['email']);
81 }
82 if (!count($errors)) {
83 // Put user into the DB
e876642c 84 if (!$user['id']) {
4c6d8064
RK		 85 $newHash = $utils->pwdHash($_POST['pwd']);
86 $vcode = $utils->createVerificationCode();
87 $result = $db->prepare('INSERT INTO `auth_users` (`email`, `pwdhash`, `status`, `verify_hash`) VALUES (:email, :pwdhash, \'unverified\', :vcode);');
88 if (!$result->execute(array(':email' => $_POST['email'], ':pwdhash' => $newHash, ':vcode' => $vcode))) {
60e46184 89 $utils->log('user_insert_failure', 'email: '.$_POST['email'].' - '.$result->errorInfo()[2]);
9cab985c 90 $errors[] = _('Could not add user.').' '._('Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
4c6d8064
RK		 91 }
92 $user = array('id' => $db->lastInsertId(),
93 'email' => $_POST['email'],
94 'pwdhash' => $newHash,
95 'status' => 'unverified',
96 'verify_hash' => $vcode);
97 $utils->log('new_user', 'user: '.$user['id'].', email: '.$user['email']);
e876642c 98 }
4c6d8064
RK		 99 if ($user['status'] == 'unverified') {
100 // Send email for verification and show message to point to it.
101 $mail = new email();
102 $mail->setCharset('utf-8');
103 $mail->addHeader('X-KAIRO-AUTH', 'email_verification');
104 $mail->addRecipient($user['email']);
105 $mail->setSender('noreply@auth.kairo.at', _('KaiRo.at Authentication Service'));
106 $mail->setSubject('Email Verification for KaiRo.at Authentication');
107 $mail->addMailText(_('Welcome!')."\n\n");
108 $mail->addMailText(sprintf(_('This email address, %s, has been used for registration on "%s".'),
109 $user['email'], _('KaiRo.at Authentication Service'))."\n\n");
110 $mail->addMailText(_('Please confirm that registration by clicking the following link (or calling it up in your browser):')."\n");
409b55f4 111 $mail->addMailText($utils->getDomainBaseURL().strstr($_SERVER['REQUEST_URI'], '?', true)
4c6d8064
RK		 112 .'?email='.rawurlencode($user['email']).'&verification_code='.rawurlencode($user['verify_hash'])."\n\n");
113 $mail->addMailText(_('With this confirmation, you accept that we handle your data for the purpose of logging you into other websites when you request that.')."\n");
114 $mail->addMailText(_('Those websites will get to know your email address but not your password, which we store securely.')."\n");
115 $mail->addMailText(_('If you do not call this confirmation link within 72 hours, your data will be deleted from our database.')."\n\n");
116 $mail->addMailText(sprintf(_('The %s team'), 'KaiRo.at'));
117 //$mail->setDebugAddress("robert@localhost");
118 $mailsent = $mail->send();
119 if ($mailsent) {
120 $pagetype = 'verification_sent';
121 }
122 else {
123 $utils->log('verify_mail_failure', 'user: '.$user['id'].', email: '.$user['email']);
9cab985c 124 $errors[] = _('The confirmation email could not be sent to you.').' '._('Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
4c6d8064 125 }
b19743bc 126 }
4c6d8064
RK		 127 else {
128 // Password reset requested with "Password forgotten?" function.
129 $vcode = $utils->createVerificationCode();
130 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = :vcode WHERE `id` = :userid;');
131 if (!$result->execute(array(':vcode' => $vcode, ':userid' => $user['id']))) {
132 $utils->log('vhash_set_failure', 'user: '.$user['id']);
9cab985c 133 $errors[] = _('Could not initiate reset request.').' '._('Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
4c6d8064
RK		 134 }
135 else {
136 $utils->log('pwd_reset_request', 'user: '.$user['id'].', email: '.$user['email']);
137 $resetcode = $vcode.dechex($user['id'] + $session['id']).'_'.$utils->createTimeCode($session, null, 60);
138 // Send email with instructions for resetting the password.
139 $mail = new email();
140 $mail->setCharset('utf-8');
141 $mail->addHeader('X-KAIRO-AUTH', 'password_reset');
142 $mail->addRecipient($user['email']);
143 $mail->setSender('noreply@auth.kairo.at', _('KaiRo.at Authentication Service'));
144 $mail->setSubject('How to reset your password for KaiRo.at Authentication');
145 $mail->addMailText(_('Hi,')."\n\n");
146 $mail->addMailText(sprintf(_('A request for setting a new password for this email address, %s, has been submitted on "%s".'),
147 $user['email'], _('KaiRo.at Authentication Service'))."\n\n");
148 $mail->addMailText(_('You can set a new password by clicking the following link (or calling it up in your browser):')."\n");
409b55f4 149 $mail->addMailText($utils->getDomainBaseURL().strstr($_SERVER['REQUEST_URI'], '?', true)
4c6d8064
RK		 150 .'?email='.rawurlencode($user['email']).'&reset_code='.rawurlencode($resetcode)."\n\n");
151 $mail->addMailText(_('If you do not call this confirmation link within 1 hour, this link expires and the existing password is being kept in place.')."\n\n");
152 $mail->addMailText(sprintf(_('The %s team'), 'KaiRo.at'));
153 //$mail->setDebugAddress("robert@localhost");
154 $mailsent = $mail->send();
155 if ($mailsent) {
156 $pagetype = 'resetmail_sent';
157 }
158 else {
159 $utils->log('pwd_reset_mail_failure', 'user: '.$user['id'].', email: '.$user['email']);
9cab985c 160 $errors[] = _('The email with password reset instructions could not be sent to you.').' '._('Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
89975cb9
RK		 161 }
162 }
163 }
164 }
89975cb9 165 }
60e46184
RK		 166 if (!count($errors) && ($addgroup > 0)) {
167 // We should add the login email to the group of that existing user.
168 $result = $db->prepare('SELECT `group_id` FROM `auth_users` WHERE `id` = :userid;');
169 $result->execute(array(':userid' => $addgroup));
170 $grpuser = $result->fetch(PDO::FETCH_ASSOC);
171 if (!intval($grpuser['group_id'])) {
172 // If that user doesn't have a group, put him into a group with his own user ID.
173 $result = $db->prepare('UPDATE `auth_users` SET `group_id` = :groupid WHERE `id` = :userid;');
174 if (!$result->execute(array(':groupid' => $addgroup, ':userid' => $addgroup))) {
175 $utils->log('group_save_failure', 'user: '.$addgroup);
176 }
177 else {
178 $utils->log('new grouping', 'user: '.$addgroup.', group: '.$addgroup);
179 }
180 }
181 // Save grouping for the new or logged-in user.
182 $result = $db->prepare('UPDATE `auth_users` SET `group_id` = :groupid WHERE `id` = :userid;');
183 if (!$result->execute(array(':groupid' => $addgroup, ':userid' => $user['id']))) {
184 $utils->log('group_save_failure', 'user: '.$user['id']);
185 }
186 else {
187 $utils->log('new grouping', 'user: '.$user['id'].', group: '.$addgroup);
188 $user['group_id'] = $addgroup;
189 }
190 }
4c6d8064
RK		 191 }
192 else {
e66b9a25 193 $errors[] = _('The form you used was not valid. Possibly it has expired and you need to initiate the action again, or you have disabled cookies for this site.');
4c6d8064
RK		 194 }
195 }
196 elseif (array_key_exists('reset', $_GET)) {
197 if ($session['logged_in']) {
fb7b39f0 198 $result = $db->prepare('SELECT `id`,`email`,`group_id` FROM `auth_users` WHERE `id` = :userid;');
4c6d8064
RK		 199 $result->execute(array(':userid' => $session['user']));
200 $user = $result->fetch(PDO::FETCH_ASSOC);
201 if (!$user['id']) {
202 $utils->log('reset_user_read_failure', 'user: '.$session['user']);
203 }
204 $pagetype = 'resetpwd';
205 }
206 else {
207 // Display form for entering email.
208 $pagetype = 'resetstart';
209 }
210 }
211 elseif (array_key_exists('verification_code', $_GET)) {
fb7b39f0 212 $result = $db->prepare('SELECT `id`,`email`,`group_id` FROM `auth_users` WHERE `email` = :email AND `status` = \'unverified\' AND `verify_hash` = :vcode;');
4c6d8064
RK		 213 $result->execute(array(':email' => @$_GET['email'], ':vcode' => $_GET['verification_code']));
214 $user = $result->fetch(PDO::FETCH_ASSOC);
215 if ($user['id']) {
216 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = \'\', `status` = \'ok\' WHERE `id` = :userid;');
217 if (!$result->execute(array(':userid' => $user['id']))) {
218 $utils->log('verification_save_failure', 'user: '.$user['id']);
9cab985c 219 $errors[] = _('Could not save confirmation.').' '._('Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
4c6d8064
RK		 220 }
221 $pagetype = 'verification_done';
222 }
223 else {
224 $errors[] = _('The confirmation link you called is not valid. Possibly it has expired and you need to try registering again.');
225 }
226 }
227 elseif (array_key_exists('reset_code', $_GET)) {
228 $reset_fail = true;
fb7b39f0 229 $result = $db->prepare('SELECT `id`,`email`,`verify_hash`,`group_id` FROM `auth_users` WHERE `email` = :email');
4c6d8064
RK		 230 $result->execute(array(':email' => @$_GET['email']));
231 $user = $result->fetch(PDO::FETCH_ASSOC);
232 if ($user['id']) {
233 // Deconstruct reset code and verify it.
234 if (preg_match('/^([0-9a-f]{'.strlen($user['verify_hash']).'})([0-9a-f]+)_(\d+\.\d+)$/', $_GET['reset_code'], $regs)) {
235 $tcode_sessid = hexdec($regs[2]) - $user['id'];
236 $result = $db->prepare('SELECT `id`,`sesskey` FROM `auth_sessions` WHERE `id` = :sessid;');
237 $result->execute(array(':sessid' => $tcode_sessid));
238 $row = $result->fetch(PDO::FETCH_ASSOC);
239 if ($row) {
240 $tcode_session = $row;
241 if (($regs[1] == $user['verify_hash']) &&
242 $utils->verifyTimeCode($regs[3], $session, 60)) {
243 // Set a new verify_hash for the actual password reset.
244 $user['verify_hash'] = $utils->createVerificationCode();
245 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = :vcode WHERE `id` = :userid;');
246 if (!$result->execute(array(':vcode' => $user['verify_hash'], ':userid' => $user['id']))) {
247 $utils->log('vhash_reset_failure', 'user: '.$user['id']);
e876642c 248 }
4c6d8064
RK		 249 $result = $db->prepare('UPDATE `auth_sessions` SET `user` = :userid WHERE `id` = :sessid;');
250 if (!$result->execute(array(':userid' => $user['id'], ':sessid' => $session['id']))) {
251 $utils->log('reset_session_set_user_failure', 'session: '.$session['id']);
e876642c 252 }
4c6d8064
RK		 253 $pagetype = 'resetpwd';
254 $reset_fail = false;
e876642c
RK		 255 }
256 }
b19743bc 257 }
d26d08a1 258 }
4c6d8064
RK		 259 if ($reset_fail) {
260 $errors[] = _('The password reset link you called is not valid. Possibly it has expired and you need to call the "Password forgotten?" function again.');
261 }
d26d08a1 262 }
ea0452ad 263 elseif (array_key_exists('clients', $_GET)) {
fb7b39f0 264 $result = $db->prepare('SELECT `id`,`email`,`group_id` FROM `auth_users` WHERE `id` = :userid;');
ea0452ad
RK		 265 $result->execute(array(':userid' => $session['user']));
266 $user = $result->fetch(PDO::FETCH_ASSOC);
267 if ($session['logged_in'] && $user['id']) {
268 if (array_key_exists('client_id', $_POST) && (strlen($_POST['client_id']) >= 5)) {
269 $clientid = $_POST['client_id'];
270 $clientsecret = $utils->createClientSecret();
271 $rediruri = strval(@$_POST['redirect_uri']);
272 $scope = strval(@$_POST['scope']);
273 $result = $db->prepare('INSERT INTO `oauth_clients` (`client_id`, `client_secret`, `redirect_uri`, `scope`, `user_id`) VALUES (:clientid, :secret, :rediruri, :scope, :userid);');
274 if (!$result->execute(array(':clientid' => $clientid,
275 ':secret' => $clientsecret,
276 ':rediruri' => $rediruri,
277 ':scope' => $scope,
278 ':userid' => $user['id']))) {
279 $utils->log('client_save_failure', 'client: '.$clientid);
9cab985c 280 $errors[] = _('Unexpectedly failed to save new client information.').' '._('Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
ea0452ad
RK		 281 }
282 }
283 if (!count($errors)) {
284 // List clients
285 $result = $db->prepare('SELECT `client_id`,`client_secret`,`redirect_uri`,`scope` FROM `oauth_clients` WHERE `user_id` = :userid;');
286 $result->execute(array(':userid' => $user['id']));
287 $clients = $result->fetchAll(PDO::FETCH_ASSOC);
288 if (!$clients) { $clients = array(); }
289 $pagetype = 'clientlist';
290 }
291 }
292 else {
293 $errors[] = _('This function is only available if you are logged in.');
294 }
295 }
4c6d8064 296 elseif (intval($session['user'])) {
60e46184 297 $result = $db->prepare('SELECT `id`,`email`,`verify_hash`,`group_id` FROM `auth_users` WHERE `id` = :userid;');
4c6d8064
RK		 298 $result->execute(array(':userid' => $session['user']));
299 $user = $result->fetch(PDO::FETCH_ASSOC);
300 if (!$user['id']) {
301 $utils->log('user_read_failure', 'user: '.$session['user']);
d26d08a1 302 }
4c6d8064
RK		 303 // Password reset requested.
304 if (array_key_exists('pwd', $_POST) && array_key_exists('reset', $_POST) && array_key_exists('tcode', $_POST)) {
305 // If not logged in, a password reset needs to have the proper vcode set.
306 if (!$session['logged_in'] && (!strlen(@$_POST['vcode']) || ($_POST['vcode'] != $user['verify_hash']))) {
307 $errors[] = _('Password reset failed. The reset form you used was not valid. Possibly it has expired and you need to initiate the password reset again.');
308 }
309 // If not logged in, a password reset also needs to have the proper email set.
310 if (!$session['logged_in'] && !count($errors) && (@$_POST['email_hidden'] != $user['email'])) {
311 $errors[] = _('Password reset failed. The reset form you used was not valid. Possibly it has expired and you need to initiate the password reset again.');
312 }
313 // Check validity of time code.
314 if (!count($errors) && !$utils->verifyTimeCode($_POST['tcode'], $session)) {
315 $errors[] = _('Password reset failed. The reset form you used was not valid. Possibly it has expired and you need to initiate the password reset again.');
316 }
317 $errors += $utils->checkPasswordConstraints(strval($_POST['pwd']), $user['email']);
318 if (!count($errors)) {
319 $newHash = $utils->pwdHash($_POST['pwd']);
320 $result = $db->prepare('UPDATE `auth_users` SET `pwdhash` = :pwdhash, `verify_hash` = \'\' WHERE `id` = :userid;');
321 if (!$result->execute(array(':pwdhash' => $newHash, ':userid' => $session['user']))) {
322 $utils->log('pwd_reset_failure', 'user: '.$session['user']);
9cab985c 323 $errors[] = _('Password reset failed.').' '._('Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
4c6d8064
RK		 324 }
325 else {
326 $pagetype = 'reset_done';
327 }
328 }
b19743bc 329 }
60e46184
RK		 330 else {
331 $utils->doRedirectIfSet($session);
332 }
d26d08a1
RK		 333 }
334}
335
336if (!count($errors)) {
b19743bc
RK		 337 if ($pagetype == 'verification_sent') {
338 $para = $body->appendElement('p', sprintf(_('An email for confirmation has been sent to %s. Please follow the link provided there to complete the process.'), $user['email']));
339 $para->setAttribute('class', 'verifyinfo pending');
409b55f4
RK		 340 $para = $body->appendElement('p', _('Reload this page after you confirm to continue.'));
341 $para->setAttribute('class', 'verifyinfo pending');
e66b9a25
RK		 342 $para = $body->appendElement('p');
343 $para->setAttribute('class', 'verifyinfo pending');
344 $link = $para->appendLink('./', _('Reload'));
b19743bc 345 }
89975cb9
RK		 346 elseif ($pagetype == 'resetmail_sent') {
347 $para = $body->appendElement('p',
348 _('An email has been sent to the requested account with further information. If you do not receive an email then please confirm you have entered the same email address used during account registration.'));
349 $para->setAttribute('class', 'resetinfo pending');
e66b9a25
RK		 350 $para = $body->appendElement('p');
351 $para->setAttribute('class', 'resetinfo pending small');
352 $link = $para->appendLink('./', _('Back to top'));
89975cb9 353 }
b19743bc
RK		 354 elseif ($pagetype == 'resetstart') {
355 $para = $body->appendElement('p', _('If you forgot your password or didn\'t receive the registration confirmation, please enter your email here.'));
356 $para->setAttribute('class', '');
77f0f9ff 357 $form = $body->appendForm('./?reset', 'POST', 'resetform');
b19743bc
RK		 358 $form->setAttribute('id', 'loginform');
359 $form->setAttribute('class', 'loginarea hidden');
360 $ulist = $form->appendElement('ul');
361 $ulist->setAttribute('class', 'flat login');
362 $litem = $ulist->appendElement('li');
363 $inptxt = $litem->appendInputEmail('email', 30, 20, 'login_email');
364 $inptxt->setAttribute('autocomplete', 'email');
365 $inptxt->setAttribute('required', '');
366 $inptxt->setAttribute('placeholder', _('Email'));
367 $litem = $ulist->appendElement('li');
ac442755 368 $litem->appendInputHidden('tcode', $utils->createTimeCode($session));
b19743bc 369 $submit = $litem->appendInputSubmit(_('Send instructions to email'));
e66b9a25
RK		 370 $para = $form->appendElement('p');
371 $para->setAttribute('class', 'toplink small');
372 $link = $para->appendLink('./', _('Cancel'));
b19743bc
RK		 373 }
374 elseif ($pagetype == 'resetpwd') {
89975cb9 375 $para = $body->appendElement('p', sprintf(_('You can set a new password for %s here.'), $user['email']));
e66b9a25 376 $para->setAttribute('class', 'newpwdinfo');
77f0f9ff 377 $form = $body->appendForm('./', 'POST', 'newpwdform');
b19743bc
RK		 378 $form->setAttribute('id', 'loginform');
379 $form->setAttribute('class', 'loginarea hidden');
380 $ulist = $form->appendElement('ul');
381 $ulist->setAttribute('class', 'flat login');
382 $litem = $ulist->appendElement('li');
e876642c
RK		 383 $litem->setAttribute('class', 'donotshow');
384 $inptxt = $litem->appendInputEmail('email_hidden', 30, 20, 'login_email', $user['email']);
385 $inptxt->setAttribute('autocomplete', 'email');
386 $inptxt->setAttribute('placeholder', _('Email'));
387 $litem = $ulist->appendElement('li');
b19743bc
RK		 388 $inptxt = $litem->appendInputPassword('pwd', 20, 20, 'login_pwd', '');
389 $inptxt->setAttribute('required', '');
390 $inptxt->setAttribute('placeholder', _('Password'));
391 $inptxt->setAttribute('class', 'login');
392 $litem = $ulist->appendElement('li');
e876642c 393 $litem->appendInputHidden('reset', '');
ac442755 394 $litem->appendInputHidden('tcode', $utils->createTimeCode($session));
89975cb9
RK		 395 if (!$session['logged_in'] && strlen(@$user['verify_hash'])) {
396 $litem->appendInputHidden('vcode', $user['verify_hash']);
397 }
b19743bc 398 $submit = $litem->appendInputSubmit(_('Save password'));
e66b9a25
RK		 399 $para = $form->appendElement('p');
400 $para->setAttribute('class', 'toplink small');
401 $link = $para->appendLink('./', _('Cancel'));
b19743bc 402 }
ea0452ad
RK		 403 elseif ($pagetype == 'clientlist') {
404 $scopes = array('clientreg', 'email');
405 $form = $body->appendForm('?clients', 'POST', 'newclientform');
406 $form->setAttribute('id', 'clientform');
407 $tbl = $form->appendElement('table');
408 $tbl->setAttribute('class', 'clientlist border');
409 $thead = $tbl->appendElement('thead');
410 $trow = $thead->appendElement('tr');
411 $trow->appendElement('th', _('Client ID'));
412 $trow->appendElement('th', _('Client Secrect'));
413 $trow->appendElement('th', _('Redirect URI'));
414 $trow->appendElement('th', _('Scope'));
415 $trow->appendElement('th');
416 $tbody = $tbl->appendElement('tbody');
417 foreach ($clients as $client) {
418 $trow = $tbody->appendElement('tr');
419 $trow->appendElement('td', $client['client_id']);
420 $trow->appendElement('td', $client['client_secret']);
421 $trow->appendElement('td', $client['redirect_uri']);
422 $trow->appendElement('td', $client['scope']);
423 $trow->appendElement('td'); // Future: Delete link?
424 }
425 // Form fields for adding a new one.
426 $tfoot = $tbl->appendElement('tfoot');
427 $trow = $tfoot->appendElement('tr');
428 $cell = $trow->appendElement('td');
429 $inptxt = $cell->appendInputText('client_id', 80, 25, 'client_id');
430 $cell = $trow->appendElement('td'); // Empty, as secret will be generated.
431 $cell = $trow->appendElement('td');
432 $inptxt = $cell->appendInputText('redirect_uri', 500, 50, 'redirect_uri');
433 $cell = $trow->appendElement('td');
434 $select = $cell->appendElementSelect('scope');
435 foreach ($scopes as $scope) {
436 $select->appendElementOption($scope, $scope);
437 }
438 //$inptxt = $cell->appendInputText('scope', 100, 20, 'scope');
439 $cell = $trow->appendElement('td');
440 $submit = $cell->appendInputSubmit(_('Create'));
e66b9a25
RK		 441 $para = $form->appendElement('p');
442 $para->setAttribute('class', 'toplink');
443 $link = $para->appendLink('./', _('Back to top'));
ea0452ad 444 }
60e46184 445 elseif ($session['logged_in'] && (!array_key_exists('addemail', $_GET))) {
e876642c
RK		 446 if ($pagetype == 'reset_done') {
447 $para = $body->appendElement('p', _('Your password has successfully been reset.'));
448 $para->setAttribute('class', 'resetinfo done');
449 }
d26d08a1
RK		 450 $div = $body->appendElement('div', $user['email']);
451 $div->setAttribute('class', 'loginheader');
60e46184
RK		 452 $groupmails = $utils->getGroupedEmails($user['group_id'], $user['email']);
453 if (count($groupmails)) {
454 $para = $div->appendElement('p', _('Grouped with: ').implode(', ', $groupmails));
455 $para->setAttribute('class', 'small groupmails');
456 }
d26d08a1
RK		 457 $div = $body->appendElement('div');
458 $div->setAttribute('class', 'loginlinks');
b19743bc
RK		 459 $ulist = $div->appendElement('ul');
460 $ulist->setAttribute('class', 'flat');
461 $litem = $ulist->appendElement('li');
77f0f9ff 462 $link = $litem->appendLink('./?logout', _('Log out'));
60e46184
RK		 463 $litem = $ulist->appendElement('li');
464 $link = $litem->appendLink('./?addemail', _('Add another email address'));
3875e0fb 465 if (($utils->client_reg_email_whitelist === false) || (in_array($user['email'], $utils->client_reg_email_whitelist))) {
ea0452ad
RK		 466 $litem = $ulist->appendElement('li');
467 $link = $litem->appendLink('./?clients', _('Manage OAuth2 clients'));
468 }
b19743bc 469 $litem = $ulist->appendElement('li');
77f0f9ff 470 $litem->appendLink('./?reset', _('Set new password'));
d26d08a1
RK		 471 }
472 else { // not logged in
60e46184 473 $addfields = array();
b19743bc
RK		 474 if ($pagetype == 'verification_done') {
475 $para = $body->appendElement('p', _('Hooray! Your email was successfully confirmed! You can log in now.'));
476 $para->setAttribute('class', 'verifyinfo done');
477 }
e876642c
RK		 478 elseif ($pagetype == 'reset_done') {
479 $para = $body->appendElement('p', _('Your password has successfully been reset. You can log in now with the new password.'));
480 $para->setAttribute('class', 'resetinfo done');
481 }
60e46184
RK		 482 elseif (array_key_exists('addemail', $_GET)) {
483 $para = $body->appendElement('p', sprintf(_('Add another email grouped with %s by either logging in with it or specifying the email and a new password to use.'), $user['email']));
484 $para->setAttribute('class', 'addemailinfo');
485 $addfields['grouptoexisting'] = '1';
486 }
487 $utils->appendLoginForm($body, $session, $user, $addfields);
d26d08a1
RK		 488 }
489}
490
491if (count($errors)) {
492 $body->appendElement('p', ((count($errors) <= 1)
493 ?_('The following error was detected')
494 :_('The following errors were detected')).':');
495 $list = $body->appendElement('ul');
496 $list->setAttribute('class', 'flat warn');
497 foreach ($errors as $msg) {
9b32cdeb
RK		 498 $item = $list->appendElement('li');
499 $item->appendHTMLMarkup($msg);
d26d08a1 500 }
b19743bc 501 $body->appendButton(_('Back'), 'history.back();');
133aecbe
RK		 502}
503
504// Send HTML to client.
505print($document->saveHTML());
506?>
OAuth2-capable authorization/login server