projects / authserver.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
use better variant to deal with missing entries instead of error suppression to fix...
[authserver.git] / app / index.php
CommitLineData
133aecbe
RK		 1<?php
2/* This Source Code Form is subject to the terms of the Mozilla Public
3 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
4 * You can obtain one at http://mozilla.org/MPL/2.0/. */
5
6// Include the common auth system files (including the OAuth2 Server object).
7require_once(__DIR__.'/authsystem.inc.php');
8
4c6d8064 9$errors = $utils->checkForSecureConnection();
b0e48c35 10$utils->sendSecurityHeaders();
d26d08a1 11
7be13777 12// Initialize the HTML document with our basic elements.
3f24953f 13extract($utils->initHTMLDocument(sprintf(_('%s Authentication Server'), $utils->settings['operator_name']))); // sets $document, $html, $head, $title, $body
d26d08a1
RK		 14
15if (!count($errors)) {
4c6d8064 16 $session = $utils->initSession(); // Read session or create new session and set cookie.
d26d08a1 17 $user = array('id' => 0, 'email' => '');
b19743bc 18 $pagetype = 'default';
4c6d8064 19 if (is_null($session)) {
3f24953f
RK		 20 $errors[] = _('The session system is not working.').' '
21 .sprintf(_('Please <a href="%s">contact %s</a> and tell the team about this.'), $utils->settings['operator_contact_url'], $utils->settings['operator_name']);
4c6d8064
RK		 22 }
23 elseif (array_key_exists('logout', $_GET)) {
24 $result = $db->prepare('UPDATE `auth_sessions` SET `logged_in` = FALSE WHERE `id` = :sessid;');
25 if (!$result->execute(array(':sessid' => $session['id']))) {
26 $utils->log('logout_failure', 'session: '.$session['id']);
b217e836 27 $errors[] = _('Unexpected error while logging out.');
4c6d8064
RK		 28 }
29 $session['logged_in'] = 0;
30 }
31 elseif (array_key_exists('email', $_POST)) {
fb7b39f0 32 if (!preg_match('/^[^@]+@([^@]+\.[^@]+|localhost)$/', $_POST['email'])) {
4c6d8064
RK		 33 $errors[] = _('The email address is invalid.');
34 }
35 elseif ($utils->verifyTimeCode(@$_POST['tcode'], $session)) {
60e46184 36 $result = $db->prepare('SELECT `id`, `pwdhash`, `email`, `status`, `verify_hash`,`group_id` FROM `auth_users` WHERE `email` = :email;');
4c6d8064
RK		 37 $result->execute(array(':email' => $_POST['email']));
38 $user = $result->fetch(PDO::FETCH_ASSOC);
60e46184
RK		 39 // If we need to add the email to a group, note here which user's group we should be added to - otherwise, set to 0.
40 $addgroup = (array_key_exists('grouptoexisting', $_POST) && intval($session['user']) && ($session['user'] != @$user['id'])) ? $session['user'] : 0;
4c6d8064
RK		 41 if ($user['id'] && array_key_exists('pwd', $_POST)) {
42 // existing user, check password
43 if (($user['status'] == 'ok') && $utils->pwdVerify(@$_POST['pwd'], $user)) {
44 // Check if a newer hashing algorithm is available
45 // or the cost has changed
46 if ($utils->pwdNeedsRehash($user)) {
47 // If so, create a new hash, and replace the old one
48 $newHash = $utils->pwdHash($_POST['pwd']);
49 $result = $db->prepare('UPDATE `auth_users` SET `pwdhash` = :pwdhash WHERE `id` = :userid;');
50 if (!$result->execute(array(':pwdhash' => $newHash, ':userid' => $user['id']))) {
51 $utils->log('user_hash_save_failure', 'user: '.$user['id']);
52 }
53 else {
54 $utils->log('pwd_rehash_success', 'user: '.$user['id']);
55 }
56 }
d26d08a1 57
4c6d8064
RK		 58 // Log user in - update session key for that, see https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Login
59 $utils->log('login', 'user: '.$user['id']);
60e46184
RK		 60 $prev_session = $session;
61 $session = $utils->getLoginSession($user['id'], $session);
4c6d8064
RK		 62 // If a verify_hash if set on a verified user, a password reset had been requested. As a login works right now, cancel that reset request by deleting the hash.
63 if (strlen(@$user['verify_hash'])) {
64 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = \'\' WHERE `id` = :userid;');
65 if (!$result->execute(array(':userid' => $user['id']))) {
66 $utils->log('empty_vhash_failure', 'user: '.$user['id']);
67 }
68 else {
69 $user['verify_hash'] = '';
70 }
71 }
60e46184 72 $utils->doRedirectIfSet($prev_session);
d26d08a1 73 }
89975cb9 74 else {
4c6d8064 75 $errors[] = _('This password is invalid or your email is not verified yet. Did you type them correctly?');
89975cb9 76 }
d26d08a1 77 }
4c6d8064
RK		 78 else {
79 // new user: check password, create user and send verification; existing users: re-send verification or send password change instructions
80 if (array_key_exists('pwd', $_POST)) {
81 $errors += $utils->checkPasswordConstraints(strval($_POST['pwd']), $_POST['email']);
82 }
83 if (!count($errors)) {
84 // Put user into the DB
e876642c 85 if (!$user['id']) {
4c6d8064
RK		 86 $newHash = $utils->pwdHash($_POST['pwd']);
87 $vcode = $utils->createVerificationCode();
88 $result = $db->prepare('INSERT INTO `auth_users` (`email`, `pwdhash`, `status`, `verify_hash`) VALUES (:email, :pwdhash, \'unverified\', :vcode);');
89 if (!$result->execute(array(':email' => $_POST['email'], ':pwdhash' => $newHash, ':vcode' => $vcode))) {
60e46184 90 $utils->log('user_insert_failure', 'email: '.$_POST['email'].' - '.$result->errorInfo()[2]);
3f24953f
RK		 91 $errors[] = _('Could not add user.').' '
92 .sprintf(_('Please <a href="%s">contact %s</a> and tell the team about this.'), $utils->settings['operator_contact_url'], $utils->settings['operator_name']);
4c6d8064
RK		 93 }
94 $user = array('id' => $db->lastInsertId(),
95 'email' => $_POST['email'],
96 'pwdhash' => $newHash,
97 'status' => 'unverified',
98 'verify_hash' => $vcode);
99 $utils->log('new_user', 'user: '.$user['id'].', email: '.$user['email']);
e876642c 100 }
4c6d8064
RK		 101 if ($user['status'] == 'unverified') {
102 // Send email for verification and show message to point to it.
103 $mail = new email();
104 $mail->setCharset('utf-8');
105 $mail->addHeader('X-KAIRO-AUTH', 'email_verification');
106 $mail->addRecipient($user['email']);
3f24953f
RK		 107 $mail->setSender($utils->settings['info_from_email'], sprintf(_('%s Authentication Service'), $utils->settings['operator_name']));
108 $mail->setSubject(sprintf(_('Email Verification for %s Authentication'), $utils->settings['operator_name']));
4c6d8064
RK		 109 $mail->addMailText(_('Welcome!')."\n\n");
110 $mail->addMailText(sprintf(_('This email address, %s, has been used for registration on "%s".'),
3f24953f 111 $user['email'], sprintf(_('%s Authentication Service'), $utils->settings['operator_name']))."\n\n");
4c6d8064 112 $mail->addMailText(_('Please confirm that registration by clicking the following link (or calling it up in your browser):')."\n");
409b55f4 113 $mail->addMailText($utils->getDomainBaseURL().strstr($_SERVER['REQUEST_URI'], '?', true)
4c6d8064
RK		 114 .'?email='.rawurlencode($user['email']).'&verification_code='.rawurlencode($user['verify_hash'])."\n\n");
115 $mail->addMailText(_('With this confirmation, you accept that we handle your data for the purpose of logging you into other websites when you request that.')."\n");
116 $mail->addMailText(_('Those websites will get to know your email address but not your password, which we store securely.')."\n");
117 $mail->addMailText(_('If you do not call this confirmation link within 72 hours, your data will be deleted from our database.')."\n\n");
3f24953f 118 $mail->addMailText(sprintf(_('The %s team'), $utils->settings['operator_name']));
4c6d8064
RK		 119 //$mail->setDebugAddress("robert@localhost");
120 $mailsent = $mail->send();
121 if ($mailsent) {
122 $pagetype = 'verification_sent';
123 }
124 else {
125 $utils->log('verify_mail_failure', 'user: '.$user['id'].', email: '.$user['email']);
3f24953f
RK		 126 $errors[] = _('The confirmation email could not be sent to you.').' '
127 .sprintf(_('Please <a href="%s">contact %s</a> and tell the team about this.'), $utils->settings['operator_contact_url'], $utils->settings['operator_name']);
4c6d8064 128 }
b19743bc 129 }
4c6d8064
RK		 130 else {
131 // Password reset requested with "Password forgotten?" function.
132 $vcode = $utils->createVerificationCode();
133 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = :vcode WHERE `id` = :userid;');
134 if (!$result->execute(array(':vcode' => $vcode, ':userid' => $user['id']))) {
135 $utils->log('vhash_set_failure', 'user: '.$user['id']);
3f24953f
RK		 136 $errors[] = _('Could not initiate reset request.').' '
137 .sprintf(_('Please <a href="%s">contact %s</a> and tell the team about this.'), $utils->settings['operator_contact_url'], $utils->settings['operator_name']);
4c6d8064
RK		 138 }
139 else {
140 $utils->log('pwd_reset_request', 'user: '.$user['id'].', email: '.$user['email']);
141 $resetcode = $vcode.dechex($user['id'] + $session['id']).'_'.$utils->createTimeCode($session, null, 60);
142 // Send email with instructions for resetting the password.
143 $mail = new email();
144 $mail->setCharset('utf-8');
145 $mail->addHeader('X-KAIRO-AUTH', 'password_reset');
146 $mail->addRecipient($user['email']);
3f24953f
RK		 147 $mail->setSender($utils->settings['info_from_email'], sprintf(_('%s Authentication Service'), $utils->settings['operator_name']));
148 $mail->setSubject(sprintf(_('How to reset your password for %s Authentication'), $utils->settings['operator_name']));
4c6d8064
RK		 149 $mail->addMailText(_('Hi,')."\n\n");
150 $mail->addMailText(sprintf(_('A request for setting a new password for this email address, %s, has been submitted on "%s".'),
3f24953f 151 $user['email'], sprintf(_('%s Authentication Service'), $utils->settings['operator_name']))."\n\n");
4c6d8064 152 $mail->addMailText(_('You can set a new password by clicking the following link (or calling it up in your browser):')."\n");
409b55f4 153 $mail->addMailText($utils->getDomainBaseURL().strstr($_SERVER['REQUEST_URI'], '?', true)
4c6d8064
RK		 154 .'?email='.rawurlencode($user['email']).'&reset_code='.rawurlencode($resetcode)."\n\n");
155 $mail->addMailText(_('If you do not call this confirmation link within 1 hour, this link expires and the existing password is being kept in place.')."\n\n");
3f24953f 156 $mail->addMailText(sprintf(_('The %s team'), $utils->settings['operator_name']));
4c6d8064
RK		 157 //$mail->setDebugAddress("robert@localhost");
158 $mailsent = $mail->send();
159 if ($mailsent) {
160 $pagetype = 'resetmail_sent';
161 }
162 else {
163 $utils->log('pwd_reset_mail_failure', 'user: '.$user['id'].', email: '.$user['email']);
3f24953f
RK		 164 $errors[] = _('The email with password reset instructions could not be sent to you.').' '
165 .sprintf(_('Please <a href="%s">contact %s</a> and tell the team about this.'), $utils->settings['operator_contact_url'], $utils->settings['operator_name']);
89975cb9
RK		 166 }
167 }
168 }
169 }
89975cb9 170 }
60e46184
RK		 171 if (!count($errors) && ($addgroup > 0)) {
172 // We should add the login email to the group of that existing user.
173 $result = $db->prepare('SELECT `group_id` FROM `auth_users` WHERE `id` = :userid;');
174 $result->execute(array(':userid' => $addgroup));
175 $grpuser = $result->fetch(PDO::FETCH_ASSOC);
176 if (!intval($grpuser['group_id'])) {
177 // If that user doesn't have a group, put him into a group with his own user ID.
178 $result = $db->prepare('UPDATE `auth_users` SET `group_id` = :groupid WHERE `id` = :userid;');
179 if (!$result->execute(array(':groupid' => $addgroup, ':userid' => $addgroup))) {
180 $utils->log('group_save_failure', 'user: '.$addgroup);
181 }
182 else {
183 $utils->log('new grouping', 'user: '.$addgroup.', group: '.$addgroup);
184 }
185 }
186 // Save grouping for the new or logged-in user.
187 $result = $db->prepare('UPDATE `auth_users` SET `group_id` = :groupid WHERE `id` = :userid;');
188 if (!$result->execute(array(':groupid' => $addgroup, ':userid' => $user['id']))) {
189 $utils->log('group_save_failure', 'user: '.$user['id']);
190 }
191 else {
192 $utils->log('new grouping', 'user: '.$user['id'].', group: '.$addgroup);
193 $user['group_id'] = $addgroup;
194 }
195 }
4c6d8064
RK		 196 }
197 else {
e66b9a25 198 $errors[] = _('The form you used was not valid. Possibly it has expired and you need to initiate the action again, or you have disabled cookies for this site.');
4c6d8064
RK		 199 }
200 }
201 elseif (array_key_exists('reset', $_GET)) {
202 if ($session['logged_in']) {
fb7b39f0 203 $result = $db->prepare('SELECT `id`,`email`,`group_id` FROM `auth_users` WHERE `id` = :userid;');
4c6d8064
RK		 204 $result->execute(array(':userid' => $session['user']));
205 $user = $result->fetch(PDO::FETCH_ASSOC);
206 if (!$user['id']) {
207 $utils->log('reset_user_read_failure', 'user: '.$session['user']);
208 }
209 $pagetype = 'resetpwd';
210 }
211 else {
212 // Display form for entering email.
213 $pagetype = 'resetstart';
214 }
215 }
216 elseif (array_key_exists('verification_code', $_GET)) {
fb7b39f0 217 $result = $db->prepare('SELECT `id`,`email`,`group_id` FROM `auth_users` WHERE `email` = :email AND `status` = \'unverified\' AND `verify_hash` = :vcode;');
4c6d8064
RK		 218 $result->execute(array(':email' => @$_GET['email'], ':vcode' => $_GET['verification_code']));
219 $user = $result->fetch(PDO::FETCH_ASSOC);
220 if ($user['id']) {
221 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = \'\', `status` = \'ok\' WHERE `id` = :userid;');
222 if (!$result->execute(array(':userid' => $user['id']))) {
223 $utils->log('verification_save_failure', 'user: '.$user['id']);
3f24953f
RK		 224 $errors[] = _('Could not save confirmation.').' '
225 .sprintf(_('Please <a href="%s">contact %s</a> and tell the team about this.'), $utils->settings['operator_contact_url'], $utils->settings['operator_name']);
4c6d8064
RK		 226 }
227 $pagetype = 'verification_done';
228 }
229 else {
230 $errors[] = _('The confirmation link you called is not valid. Possibly it has expired and you need to try registering again.');
231 }
232 }
233 elseif (array_key_exists('reset_code', $_GET)) {
234 $reset_fail = true;
fb7b39f0 235 $result = $db->prepare('SELECT `id`,`email`,`verify_hash`,`group_id` FROM `auth_users` WHERE `email` = :email');
4c6d8064
RK		 236 $result->execute(array(':email' => @$_GET['email']));
237 $user = $result->fetch(PDO::FETCH_ASSOC);
238 if ($user['id']) {
239 // Deconstruct reset code and verify it.
240 if (preg_match('/^([0-9a-f]{'.strlen($user['verify_hash']).'})([0-9a-f]+)_(\d+\.\d+)$/', $_GET['reset_code'], $regs)) {
241 $tcode_sessid = hexdec($regs[2]) - $user['id'];
242 $result = $db->prepare('SELECT `id`,`sesskey` FROM `auth_sessions` WHERE `id` = :sessid;');
243 $result->execute(array(':sessid' => $tcode_sessid));
244 $row = $result->fetch(PDO::FETCH_ASSOC);
245 if ($row) {
246 $tcode_session = $row;
247 if (($regs[1] == $user['verify_hash']) &&
248 $utils->verifyTimeCode($regs[3], $session, 60)) {
249 // Set a new verify_hash for the actual password reset.
250 $user['verify_hash'] = $utils->createVerificationCode();
251 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = :vcode WHERE `id` = :userid;');
252 if (!$result->execute(array(':vcode' => $user['verify_hash'], ':userid' => $user['id']))) {
253 $utils->log('vhash_reset_failure', 'user: '.$user['id']);
e876642c 254 }
4c6d8064
RK		 255 $result = $db->prepare('UPDATE `auth_sessions` SET `user` = :userid WHERE `id` = :sessid;');
256 if (!$result->execute(array(':userid' => $user['id'], ':sessid' => $session['id']))) {
257 $utils->log('reset_session_set_user_failure', 'session: '.$session['id']);
e876642c 258 }
4c6d8064
RK		 259 $pagetype = 'resetpwd';
260 $reset_fail = false;
e876642c
RK		 261 }
262 }
b19743bc 263 }
d26d08a1 264 }
4c6d8064
RK		 265 if ($reset_fail) {
266 $errors[] = _('The password reset link you called is not valid. Possibly it has expired and you need to call the "Password forgotten?" function again.');
267 }
d26d08a1 268 }
ea0452ad 269 elseif (array_key_exists('clients', $_GET)) {
fb7b39f0 270 $result = $db->prepare('SELECT `id`,`email`,`group_id` FROM `auth_users` WHERE `id` = :userid;');
ea0452ad
RK		 271 $result->execute(array(':userid' => $session['user']));
272 $user = $result->fetch(PDO::FETCH_ASSOC);
273 if ($session['logged_in'] && $user['id']) {
274 if (array_key_exists('client_id', $_POST) && (strlen($_POST['client_id']) >= 5)) {
275 $clientid = $_POST['client_id'];
276 $clientsecret = $utils->createClientSecret();
277 $rediruri = strval(@$_POST['redirect_uri']);
278 $scope = strval(@$_POST['scope']);
279 $result = $db->prepare('INSERT INTO `oauth_clients` (`client_id`, `client_secret`, `redirect_uri`, `scope`, `user_id`) VALUES (:clientid, :secret, :rediruri, :scope, :userid);');
280 if (!$result->execute(array(':clientid' => $clientid,
281 ':secret' => $clientsecret,
282 ':rediruri' => $rediruri,
283 ':scope' => $scope,
284 ':userid' => $user['id']))) {
285 $utils->log('client_save_failure', 'client: '.$clientid);
3f24953f
RK		 286 $errors[] = _('Unexpectedly failed to save new client information.').' '
287 .sprintf(_('Please <a href="%s">contact %s</a> and tell the team about this.'), $utils->settings['operator_contact_url'], $utils->settings['operator_name']);
ea0452ad
RK		 288 }
289 }
290 if (!count($errors)) {
291 // List clients
292 $result = $db->prepare('SELECT `client_id`,`client_secret`,`redirect_uri`,`scope` FROM `oauth_clients` WHERE `user_id` = :userid;');
293 $result->execute(array(':userid' => $user['id']));
294 $clients = $result->fetchAll(PDO::FETCH_ASSOC);
295 if (!$clients) { $clients = array(); }
296 $pagetype = 'clientlist';
297 }
298 }
299 else {
300 $errors[] = _('This function is only available if you are logged in.');
301 }
302 }
4c6d8064 303 elseif (intval($session['user'])) {
60e46184 304 $result = $db->prepare('SELECT `id`,`email`,`verify_hash`,`group_id` FROM `auth_users` WHERE `id` = :userid;');
4c6d8064
RK		 305 $result->execute(array(':userid' => $session['user']));
306 $user = $result->fetch(PDO::FETCH_ASSOC);
307 if (!$user['id']) {
308 $utils->log('user_read_failure', 'user: '.$session['user']);
d26d08a1 309 }
4c6d8064
RK		 310 // Password reset requested.
311 if (array_key_exists('pwd', $_POST) && array_key_exists('reset', $_POST) && array_key_exists('tcode', $_POST)) {
312 // If not logged in, a password reset needs to have the proper vcode set.
313 if (!$session['logged_in'] && (!strlen(@$_POST['vcode']) || ($_POST['vcode'] != $user['verify_hash']))) {
314 $errors[] = _('Password reset failed. The reset form you used was not valid. Possibly it has expired and you need to initiate the password reset again.');
315 }
316 // If not logged in, a password reset also needs to have the proper email set.
317 if (!$session['logged_in'] && !count($errors) && (@$_POST['email_hidden'] != $user['email'])) {
318 $errors[] = _('Password reset failed. The reset form you used was not valid. Possibly it has expired and you need to initiate the password reset again.');
319 }
320 // Check validity of time code.
321 if (!count($errors) && !$utils->verifyTimeCode($_POST['tcode'], $session)) {
322 $errors[] = _('Password reset failed. The reset form you used was not valid. Possibly it has expired and you need to initiate the password reset again.');
323 }
324 $errors += $utils->checkPasswordConstraints(strval($_POST['pwd']), $user['email']);
325 if (!count($errors)) {
326 $newHash = $utils->pwdHash($_POST['pwd']);
327 $result = $db->prepare('UPDATE `auth_users` SET `pwdhash` = :pwdhash, `verify_hash` = \'\' WHERE `id` = :userid;');
328 if (!$result->execute(array(':pwdhash' => $newHash, ':userid' => $session['user']))) {
329 $utils->log('pwd_reset_failure', 'user: '.$session['user']);
3f24953f
RK		 330 $errors[] = _('Password reset failed.').' '
331 .sprintf(_('Please <a href="%s">contact %s</a> and tell the team about this.'), $utils->settings['operator_contact_url'], $utils->settings['operator_name']);
4c6d8064
RK		 332 }
333 else {
334 $pagetype = 'reset_done';
335 }
336 }
b19743bc 337 }
60e46184
RK		 338 else {
339 $utils->doRedirectIfSet($session);
340 }
d26d08a1
RK		 341 }
342}
343
344if (!count($errors)) {
b19743bc
RK		 345 if ($pagetype == 'verification_sent') {
346 $para = $body->appendElement('p', sprintf(_('An email for confirmation has been sent to %s. Please follow the link provided there to complete the process.'), $user['email']));
347 $para->setAttribute('class', 'verifyinfo pending');
409b55f4
RK		 348 $para = $body->appendElement('p', _('Reload this page after you confirm to continue.'));
349 $para->setAttribute('class', 'verifyinfo pending');
e66b9a25
RK		 350 $para = $body->appendElement('p');
351 $para->setAttribute('class', 'verifyinfo pending');
352 $link = $para->appendLink('./', _('Reload'));
b19743bc 353 }
89975cb9
RK		 354 elseif ($pagetype == 'resetmail_sent') {
355 $para = $body->appendElement('p',
356 _('An email has been sent to the requested account with further information. If you do not receive an email then please confirm you have entered the same email address used during account registration.'));
357 $para->setAttribute('class', 'resetinfo pending');
e66b9a25
RK		 358 $para = $body->appendElement('p');
359 $para->setAttribute('class', 'resetinfo pending small');
360 $link = $para->appendLink('./', _('Back to top'));
89975cb9 361 }
b19743bc
RK		 362 elseif ($pagetype == 'resetstart') {
363 $para = $body->appendElement('p', _('If you forgot your password or didn\'t receive the registration confirmation, please enter your email here.'));
364 $para->setAttribute('class', '');
77f0f9ff 365 $form = $body->appendForm('./?reset', 'POST', 'resetform');
b19743bc
RK		 366 $form->setAttribute('id', 'loginform');
367 $form->setAttribute('class', 'loginarea hidden');
368 $ulist = $form->appendElement('ul');
369 $ulist->setAttribute('class', 'flat login');
370 $litem = $ulist->appendElement('li');
371 $inptxt = $litem->appendInputEmail('email', 30, 20, 'login_email');
372 $inptxt->setAttribute('autocomplete', 'email');
373 $inptxt->setAttribute('required', '');
374 $inptxt->setAttribute('placeholder', _('Email'));
375 $litem = $ulist->appendElement('li');
ac442755 376 $litem->appendInputHidden('tcode', $utils->createTimeCode($session));
b19743bc 377 $submit = $litem->appendInputSubmit(_('Send instructions to email'));
e66b9a25
RK		 378 $para = $form->appendElement('p');
379 $para->setAttribute('class', 'toplink small');
380 $link = $para->appendLink('./', _('Cancel'));
b19743bc
RK		 381 }
382 elseif ($pagetype == 'resetpwd') {
89975cb9 383 $para = $body->appendElement('p', sprintf(_('You can set a new password for %s here.'), $user['email']));
e66b9a25 384 $para->setAttribute('class', 'newpwdinfo');
77f0f9ff 385 $form = $body->appendForm('./', 'POST', 'newpwdform');
b19743bc
RK		 386 $form->setAttribute('id', 'loginform');
387 $form->setAttribute('class', 'loginarea hidden');
388 $ulist = $form->appendElement('ul');
389 $ulist->setAttribute('class', 'flat login');
390 $litem = $ulist->appendElement('li');
e876642c
RK		 391 $litem->setAttribute('class', 'donotshow');
392 $inptxt = $litem->appendInputEmail('email_hidden', 30, 20, 'login_email', $user['email']);
393 $inptxt->setAttribute('autocomplete', 'email');
394 $inptxt->setAttribute('placeholder', _('Email'));
395 $litem = $ulist->appendElement('li');
b19743bc
RK		 396 $inptxt = $litem->appendInputPassword('pwd', 20, 20, 'login_pwd', '');
397 $inptxt->setAttribute('required', '');
398 $inptxt->setAttribute('placeholder', _('Password'));
399 $inptxt->setAttribute('class', 'login');
400 $litem = $ulist->appendElement('li');
e876642c 401 $litem->appendInputHidden('reset', '');
ac442755 402 $litem->appendInputHidden('tcode', $utils->createTimeCode($session));
89975cb9
RK		 403 if (!$session['logged_in'] && strlen(@$user['verify_hash'])) {
404 $litem->appendInputHidden('vcode', $user['verify_hash']);
405 }
b19743bc 406 $submit = $litem->appendInputSubmit(_('Save password'));
e66b9a25
RK		 407 $para = $form->appendElement('p');
408 $para->setAttribute('class', 'toplink small');
409 $link = $para->appendLink('./', _('Cancel'));
b19743bc 410 }
ea0452ad
RK		 411 elseif ($pagetype == 'clientlist') {
412 $scopes = array('clientreg', 'email');
413 $form = $body->appendForm('?clients', 'POST', 'newclientform');
414 $form->setAttribute('id', 'clientform');
415 $tbl = $form->appendElement('table');
416 $tbl->setAttribute('class', 'clientlist border');
417 $thead = $tbl->appendElement('thead');
418 $trow = $thead->appendElement('tr');
419 $trow->appendElement('th', _('Client ID'));
420 $trow->appendElement('th', _('Client Secrect'));
421 $trow->appendElement('th', _('Redirect URI'));
422 $trow->appendElement('th', _('Scope'));
423 $trow->appendElement('th');
424 $tbody = $tbl->appendElement('tbody');
425 foreach ($clients as $client) {
426 $trow = $tbody->appendElement('tr');
427 $trow->appendElement('td', $client['client_id']);
428 $trow->appendElement('td', $client['client_secret']);
429 $trow->appendElement('td', $client['redirect_uri']);
430 $trow->appendElement('td', $client['scope']);
431 $trow->appendElement('td'); // Future: Delete link?
432 }
433 // Form fields for adding a new one.
434 $tfoot = $tbl->appendElement('tfoot');
435 $trow = $tfoot->appendElement('tr');
436 $cell = $trow->appendElement('td');
437 $inptxt = $cell->appendInputText('client_id', 80, 25, 'client_id');
438 $cell = $trow->appendElement('td'); // Empty, as secret will be generated.
439 $cell = $trow->appendElement('td');
440 $inptxt = $cell->appendInputText('redirect_uri', 500, 50, 'redirect_uri');
441 $cell = $trow->appendElement('td');
442 $select = $cell->appendElementSelect('scope');
443 foreach ($scopes as $scope) {
444 $select->appendElementOption($scope, $scope);
445 }
446 //$inptxt = $cell->appendInputText('scope', 100, 20, 'scope');
447 $cell = $trow->appendElement('td');
448 $submit = $cell->appendInputSubmit(_('Create'));
e66b9a25
RK		 449 $para = $form->appendElement('p');
450 $para->setAttribute('class', 'toplink');
451 $link = $para->appendLink('./', _('Back to top'));
ea0452ad 452 }
60e46184 453 elseif ($session['logged_in'] && (!array_key_exists('addemail', $_GET))) {
e876642c
RK		 454 if ($pagetype == 'reset_done') {
455 $para = $body->appendElement('p', _('Your password has successfully been reset.'));
456 $para->setAttribute('class', 'resetinfo done');
457 }
d26d08a1
RK		 458 $div = $body->appendElement('div', $user['email']);
459 $div->setAttribute('class', 'loginheader');
60e46184
RK		 460 $groupmails = $utils->getGroupedEmails($user['group_id'], $user['email']);
461 if (count($groupmails)) {
462 $para = $div->appendElement('p', _('Grouped with: ').implode(', ', $groupmails));
463 $para->setAttribute('class', 'small groupmails');
464 }
d26d08a1
RK		 465 $div = $body->appendElement('div');
466 $div->setAttribute('class', 'loginlinks');
b19743bc
RK		 467 $ulist = $div->appendElement('ul');
468 $ulist->setAttribute('class', 'flat');
469 $litem = $ulist->appendElement('li');
77f0f9ff 470 $link = $litem->appendLink('./?logout', _('Log out'));
60e46184
RK		 471 $litem = $ulist->appendElement('li');
472 $link = $litem->appendLink('./?addemail', _('Add another email address'));
3875e0fb 473 if (($utils->client_reg_email_whitelist === false) || (in_array($user['email'], $utils->client_reg_email_whitelist))) {
ea0452ad
RK		 474 $litem = $ulist->appendElement('li');
475 $link = $litem->appendLink('./?clients', _('Manage OAuth2 clients'));
476 }
b19743bc 477 $litem = $ulist->appendElement('li');
77f0f9ff 478 $litem->appendLink('./?reset', _('Set new password'));
d26d08a1
RK		 479 }
480 else { // not logged in
60e46184 481 $addfields = array();
b19743bc
RK		 482 if ($pagetype == 'verification_done') {
483 $para = $body->appendElement('p', _('Hooray! Your email was successfully confirmed! You can log in now.'));
484 $para->setAttribute('class', 'verifyinfo done');
485 }
e876642c
RK		 486 elseif ($pagetype == 'reset_done') {
487 $para = $body->appendElement('p', _('Your password has successfully been reset. You can log in now with the new password.'));
488 $para->setAttribute('class', 'resetinfo done');
489 }
60e46184
RK		 490 elseif (array_key_exists('addemail', $_GET)) {
491 $para = $body->appendElement('p', sprintf(_('Add another email grouped with %s by either logging in with it or specifying the email and a new password to use.'), $user['email']));
492 $para->setAttribute('class', 'addemailinfo');
493 $addfields['grouptoexisting'] = '1';
494 }
495 $utils->appendLoginForm($body, $session, $user, $addfields);
d26d08a1
RK		 496 }
497}
498
499if (count($errors)) {
500 $body->appendElement('p', ((count($errors) <= 1)
501 ?_('The following error was detected')
502 :_('The following errors were detected')).':');
503 $list = $body->appendElement('ul');
504 $list->setAttribute('class', 'flat warn');
505 foreach ($errors as $msg) {
9b32cdeb
RK		 506 $item = $list->appendElement('li');
507 $item->appendHTMLMarkup($msg);
d26d08a1 508 }
b19743bc 509 $body->appendButton(_('Back'), 'history.back();');
133aecbe
RK		 510}
511
512// Send HTML to client.
513print($document->saveHTML());
514?>
OAuth2-capable authorization/login server