projects / authserver.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
make rewrites actually work correctly so that even for JSON we do not have to supple...
[authserver.git] / index.php
CommitLineData
133aecbe
RK		 1<?php
2/* This Source Code Form is subject to the terms of the Mozilla Public
3 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
4 * You can obtain one at http://mozilla.org/MPL/2.0/. */
5
6// Include the common auth system files (including the OAuth2 Server object).
7require_once(__DIR__.'/authsystem.inc.php');
8
9// Start HTML document as a DOM object.
10extract(ExtendedDocument::initHTML5()); // sets $document, $html, $head, $title, $body
11$document->formatOutput = true; // we want a nice output
12
13$style = $head->appendElement('link');
14$style->setAttribute('rel', 'stylesheet');
15$style->setAttribute('href', 'authsystem.css');
d26d08a1 16$head->appendJSFile('authsystem.js');
133aecbe
RK		 17$title->appendText('KaiRo.at Authentication Server');
18$h1 = $body->appendElement('h1', 'KaiRo.at Authentication Server');
19
4c6d8064 20$errors = $utils->checkForSecureConnection();
d26d08a1
RK		 21
22$para = $body->appendElement('p', _('This login system does not work without JavaScript. Please activate JavaScript for this site to log in.'));
23$para->setAttribute('id', 'jswarning');
24$para->setAttribute('class', 'warn');
25
26if (!count($errors)) {
4c6d8064 27 $session = $utils->initSession(); // Read session or create new session and set cookie.
d26d08a1 28 $user = array('id' => 0, 'email' => '');
b19743bc 29 $pagetype = 'default';
4c6d8064
RK		 30 if (is_null($session)) {
31 $errors[] = _('The session system is not working. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
32 }
33 elseif (array_key_exists('logout', $_GET)) {
34 $result = $db->prepare('UPDATE `auth_sessions` SET `logged_in` = FALSE WHERE `id` = :sessid;');
35 if (!$result->execute(array(':sessid' => $session['id']))) {
36 $utils->log('logout_failure', 'session: '.$session['id']);
37 $errors[] = _('The email address is invalid.');
38 }
39 $session['logged_in'] = 0;
40 }
41 elseif (array_key_exists('email', $_POST)) {
42 if (!preg_match('/^[^@]+@[^@]+\.[^@]+$/', $_POST['email'])) {
43 $errors[] = _('The email address is invalid.');
44 }
45 elseif ($utils->verifyTimeCode(@$_POST['tcode'], $session)) {
46 $result = $db->prepare('SELECT `id`, `pwdhash`, `email`, `status`, `verify_hash` FROM `auth_users` WHERE `email` = :email;');
47 $result->execute(array(':email' => $_POST['email']));
48 $user = $result->fetch(PDO::FETCH_ASSOC);
49 if ($user['id'] && array_key_exists('pwd', $_POST)) {
50 // existing user, check password
51 if (($user['status'] == 'ok') && $utils->pwdVerify(@$_POST['pwd'], $user)) {
52 // Check if a newer hashing algorithm is available
53 // or the cost has changed
54 if ($utils->pwdNeedsRehash($user)) {
55 // If so, create a new hash, and replace the old one
56 $newHash = $utils->pwdHash($_POST['pwd']);
57 $result = $db->prepare('UPDATE `auth_users` SET `pwdhash` = :pwdhash WHERE `id` = :userid;');
58 if (!$result->execute(array(':pwdhash' => $newHash, ':userid' => $user['id']))) {
59 $utils->log('user_hash_save_failure', 'user: '.$user['id']);
60 }
61 else {
62 $utils->log('pwd_rehash_success', 'user: '.$user['id']);
63 }
64 }
d26d08a1 65
4c6d8064
RK		 66 // Log user in - update session key for that, see https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Login
67 $utils->log('login', 'user: '.$user['id']);
68 $sesskey = $utils->createSessionKey();
69 setcookie('sessionkey', $sesskey, 0, "", "", !$utils->running_on_localhost, true); // Last two params are secure and httponly, secure is not set on localhost.
409b55f4
RK		 70 // If the session has a redirect set, make sure it's performed.
71 if (strlen(@$session['saved_redirect'])) {
72 header('Location: '.$utils->getDomainBaseURL().$session['saved_redirect']);
3ae47861
RK		 73 // Remove redirect.
74 $result = $db->prepare('UPDATE `auth_sessions` SET `saved_redirect` = :redir WHERE `id` = :sessid;');
75 if (!$result->execute(array(':redir' => '', ':sessid' => $session['id']))) {
76 $utils->log('redir_save_failure', 'session: '.$session['id'].', redirect: (empty)');
77 }
409b55f4 78 }
4c6d8064
RK		 79 // If the session has a user set, create a new one - otherwise take existing session entry.
80 if (intval($session['user'])) {
81 $result = $db->prepare('INSERT INTO `auth_sessions` (`sesskey`, `time_expire`, `user`, `logged_in`) VALUES (:sesskey, :expire, :userid, TRUE);');
82 $result->execute(array(':sesskey' => $sesskey, ':userid' => $user['id'], ':expire' => gmdate('Y-m-d H:i:s', strtotime('+1 day'))));
83 // After insert, actually fetch the session row from the DB so we have all values.
84 $result = $db->prepare('SELECT * FROM auth_sessions WHERE `sesskey` = :sesskey AND `time_expire` > :expire;');
85 $result->execute(array(':sesskey' => $sesskey, ':expire' => gmdate('Y-m-d H:i:s')));
86 $row = $result->fetch(PDO::FETCH_ASSOC);
87 if ($row) {
88 $session = $row;
d26d08a1
RK		 89 }
90 else {
4c6d8064
RK		 91 $utils->log('create_session_failure', 'at login, prev session: '.$session['id'].', new user: '.$user['id']);
92 $errors[] = _('The session system is not working. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
d26d08a1
RK		 93 }
94 }
95 else {
4c6d8064
RK		 96 $result = $db->prepare('UPDATE `auth_sessions` SET `sesskey` = :sesskey, `user` = :userid, `logged_in` = TRUE, `time_expire` = :expire WHERE `id` = :sessid;');
97 if (!$result->execute(array(':sesskey' => $sesskey, ':userid' => $user['id'], ':expire' => gmdate('Y-m-d H:i:s', strtotime('+1 day')), ':sessid' => $session['id']))) {
98 $utils->log('login_failure', 'session: '.$session['id'].', user: '.$user['id']);
99 $errors[] = _('Login failed unexpectedly. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
d26d08a1 100 }
4c6d8064
RK		 101 else {
102 // After update, actually fetch the session row from the DB so we have all values.
103 $result = $db->prepare('SELECT * FROM auth_sessions WHERE `sesskey` = :sesskey AND `time_expire` > :expire;');
104 $result->execute(array(':sesskey' => $sesskey, ':expire' => gmdate('Y-m-d H:i:s')));
105 $row = $result->fetch(PDO::FETCH_ASSOC);
106 if ($row) {
107 $session = $row;
b19743bc 108 }
d26d08a1
RK		 109 }
110 }
4c6d8064
RK		 111 // If a verify_hash if set on a verified user, a password reset had been requested. As a login works right now, cancel that reset request by deleting the hash.
112 if (strlen(@$user['verify_hash'])) {
113 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = \'\' WHERE `id` = :userid;');
114 if (!$result->execute(array(':userid' => $user['id']))) {
115 $utils->log('empty_vhash_failure', 'user: '.$user['id']);
116 }
117 else {
118 $user['verify_hash'] = '';
119 }
120 }
d26d08a1 121 }
89975cb9 122 else {
4c6d8064 123 $errors[] = _('This password is invalid or your email is not verified yet. Did you type them correctly?');
89975cb9 124 }
d26d08a1 125 }
4c6d8064
RK		 126 else {
127 // new user: check password, create user and send verification; existing users: re-send verification or send password change instructions
128 if (array_key_exists('pwd', $_POST)) {
129 $errors += $utils->checkPasswordConstraints(strval($_POST['pwd']), $_POST['email']);
130 }
131 if (!count($errors)) {
132 // Put user into the DB
e876642c 133 if (!$user['id']) {
4c6d8064
RK		 134 $newHash = $utils->pwdHash($_POST['pwd']);
135 $vcode = $utils->createVerificationCode();
136 $result = $db->prepare('INSERT INTO `auth_users` (`email`, `pwdhash`, `status`, `verify_hash`) VALUES (:email, :pwdhash, \'unverified\', :vcode);');
137 if (!$result->execute(array(':email' => $_POST['email'], ':pwdhash' => $newHash, ':vcode' => $vcode))) {
138 $utils->log('user_insert_failure', 'email: '.$_POST['email']);
139 $errors[] = _('Could not add user. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
140 }
141 $user = array('id' => $db->lastInsertId(),
142 'email' => $_POST['email'],
143 'pwdhash' => $newHash,
144 'status' => 'unverified',
145 'verify_hash' => $vcode);
146 $utils->log('new_user', 'user: '.$user['id'].', email: '.$user['email']);
e876642c 147 }
4c6d8064
RK		 148 if ($user['status'] == 'unverified') {
149 // Send email for verification and show message to point to it.
150 $mail = new email();
151 $mail->setCharset('utf-8');
152 $mail->addHeader('X-KAIRO-AUTH', 'email_verification');
153 $mail->addRecipient($user['email']);
154 $mail->setSender('noreply@auth.kairo.at', _('KaiRo.at Authentication Service'));
155 $mail->setSubject('Email Verification for KaiRo.at Authentication');
156 $mail->addMailText(_('Welcome!')."\n\n");
157 $mail->addMailText(sprintf(_('This email address, %s, has been used for registration on "%s".'),
158 $user['email'], _('KaiRo.at Authentication Service'))."\n\n");
159 $mail->addMailText(_('Please confirm that registration by clicking the following link (or calling it up in your browser):')."\n");
409b55f4 160 $mail->addMailText($utils->getDomainBaseURL().strstr($_SERVER['REQUEST_URI'], '?', true)
4c6d8064
RK		 161 .'?email='.rawurlencode($user['email']).'&verification_code='.rawurlencode($user['verify_hash'])."\n\n");
162 $mail->addMailText(_('With this confirmation, you accept that we handle your data for the purpose of logging you into other websites when you request that.')."\n");
163 $mail->addMailText(_('Those websites will get to know your email address but not your password, which we store securely.')."\n");
164 $mail->addMailText(_('If you do not call this confirmation link within 72 hours, your data will be deleted from our database.')."\n\n");
165 $mail->addMailText(sprintf(_('The %s team'), 'KaiRo.at'));
166 //$mail->setDebugAddress("robert@localhost");
167 $mailsent = $mail->send();
168 if ($mailsent) {
169 $pagetype = 'verification_sent';
170 }
171 else {
172 $utils->log('verify_mail_failure', 'user: '.$user['id'].', email: '.$user['email']);
173 $errors[] = _('The confirmation email could not be sent to you. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
174 }
b19743bc 175 }
4c6d8064
RK		 176 else {
177 // Password reset requested with "Password forgotten?" function.
178 $vcode = $utils->createVerificationCode();
179 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = :vcode WHERE `id` = :userid;');
180 if (!$result->execute(array(':vcode' => $vcode, ':userid' => $user['id']))) {
181 $utils->log('vhash_set_failure', 'user: '.$user['id']);
182 $errors[] = _('Could not initiate reset request. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
183 }
184 else {
185 $utils->log('pwd_reset_request', 'user: '.$user['id'].', email: '.$user['email']);
186 $resetcode = $vcode.dechex($user['id'] + $session['id']).'_'.$utils->createTimeCode($session, null, 60);
187 // Send email with instructions for resetting the password.
188 $mail = new email();
189 $mail->setCharset('utf-8');
190 $mail->addHeader('X-KAIRO-AUTH', 'password_reset');
191 $mail->addRecipient($user['email']);
192 $mail->setSender('noreply@auth.kairo.at', _('KaiRo.at Authentication Service'));
193 $mail->setSubject('How to reset your password for KaiRo.at Authentication');
194 $mail->addMailText(_('Hi,')."\n\n");
195 $mail->addMailText(sprintf(_('A request for setting a new password for this email address, %s, has been submitted on "%s".'),
196 $user['email'], _('KaiRo.at Authentication Service'))."\n\n");
197 $mail->addMailText(_('You can set a new password by clicking the following link (or calling it up in your browser):')."\n");
409b55f4 198 $mail->addMailText($utils->getDomainBaseURL().strstr($_SERVER['REQUEST_URI'], '?', true)
4c6d8064
RK		 199 .'?email='.rawurlencode($user['email']).'&reset_code='.rawurlencode($resetcode)."\n\n");
200 $mail->addMailText(_('If you do not call this confirmation link within 1 hour, this link expires and the existing password is being kept in place.')."\n\n");
201 $mail->addMailText(sprintf(_('The %s team'), 'KaiRo.at'));
202 //$mail->setDebugAddress("robert@localhost");
203 $mailsent = $mail->send();
204 if ($mailsent) {
205 $pagetype = 'resetmail_sent';
206 }
207 else {
208 $utils->log('pwd_reset_mail_failure', 'user: '.$user['id'].', email: '.$user['email']);
209 $errors[] = _('The email with password reset instructions could not be sent to you. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
89975cb9
RK		 210 }
211 }
212 }
213 }
89975cb9 214 }
4c6d8064
RK		 215 }
216 else {
217 $errors[] = _('The form you used was not valid. Possibly it has expired and you need to initiate the action again.');
218 }
219 }
220 elseif (array_key_exists('reset', $_GET)) {
221 if ($session['logged_in']) {
222 $result = $db->prepare('SELECT `id`,`email` FROM `auth_users` WHERE `id` = :userid;');
223 $result->execute(array(':userid' => $session['user']));
224 $user = $result->fetch(PDO::FETCH_ASSOC);
225 if (!$user['id']) {
226 $utils->log('reset_user_read_failure', 'user: '.$session['user']);
227 }
228 $pagetype = 'resetpwd';
229 }
230 else {
231 // Display form for entering email.
232 $pagetype = 'resetstart';
233 }
234 }
235 elseif (array_key_exists('verification_code', $_GET)) {
236 $result = $db->prepare('SELECT `id`,`email` FROM `auth_users` WHERE `email` = :email AND `status` = \'unverified\' AND `verify_hash` = :vcode;');
237 $result->execute(array(':email' => @$_GET['email'], ':vcode' => $_GET['verification_code']));
238 $user = $result->fetch(PDO::FETCH_ASSOC);
239 if ($user['id']) {
240 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = \'\', `status` = \'ok\' WHERE `id` = :userid;');
241 if (!$result->execute(array(':userid' => $user['id']))) {
242 $utils->log('verification_save_failure', 'user: '.$user['id']);
243 $errors[] = _('Could not save confirmation. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
244 }
245 $pagetype = 'verification_done';
246 }
247 else {
248 $errors[] = _('The confirmation link you called is not valid. Possibly it has expired and you need to try registering again.');
249 }
250 }
251 elseif (array_key_exists('reset_code', $_GET)) {
252 $reset_fail = true;
253 $result = $db->prepare('SELECT `id`,`email`,`verify_hash` FROM `auth_users` WHERE `email` = :email');
254 $result->execute(array(':email' => @$_GET['email']));
255 $user = $result->fetch(PDO::FETCH_ASSOC);
256 if ($user['id']) {
257 // Deconstruct reset code and verify it.
258 if (preg_match('/^([0-9a-f]{'.strlen($user['verify_hash']).'})([0-9a-f]+)_(\d+\.\d+)$/', $_GET['reset_code'], $regs)) {
259 $tcode_sessid = hexdec($regs[2]) - $user['id'];
260 $result = $db->prepare('SELECT `id`,`sesskey` FROM `auth_sessions` WHERE `id` = :sessid;');
261 $result->execute(array(':sessid' => $tcode_sessid));
262 $row = $result->fetch(PDO::FETCH_ASSOC);
263 if ($row) {
264 $tcode_session = $row;
265 if (($regs[1] == $user['verify_hash']) &&
266 $utils->verifyTimeCode($regs[3], $session, 60)) {
267 // Set a new verify_hash for the actual password reset.
268 $user['verify_hash'] = $utils->createVerificationCode();
269 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = :vcode WHERE `id` = :userid;');
270 if (!$result->execute(array(':vcode' => $user['verify_hash'], ':userid' => $user['id']))) {
271 $utils->log('vhash_reset_failure', 'user: '.$user['id']);
e876642c 272 }
4c6d8064
RK		 273 $result = $db->prepare('UPDATE `auth_sessions` SET `user` = :userid WHERE `id` = :sessid;');
274 if (!$result->execute(array(':userid' => $user['id'], ':sessid' => $session['id']))) {
275 $utils->log('reset_session_set_user_failure', 'session: '.$session['id']);
e876642c 276 }
4c6d8064
RK		 277 $pagetype = 'resetpwd';
278 $reset_fail = false;
e876642c
RK		 279 }
280 }
b19743bc 281 }
d26d08a1 282 }
4c6d8064
RK		 283 if ($reset_fail) {
284 $errors[] = _('The password reset link you called is not valid. Possibly it has expired and you need to call the "Password forgotten?" function again.');
285 }
d26d08a1 286 }
ea0452ad
RK		 287 elseif (array_key_exists('clients', $_GET)) {
288 $result = $db->prepare('SELECT `id`,`email` FROM `auth_users` WHERE `id` = :userid;');
289 $result->execute(array(':userid' => $session['user']));
290 $user = $result->fetch(PDO::FETCH_ASSOC);
291 if ($session['logged_in'] && $user['id']) {
292 if (array_key_exists('client_id', $_POST) && (strlen($_POST['client_id']) >= 5)) {
293 $clientid = $_POST['client_id'];
294 $clientsecret = $utils->createClientSecret();
295 $rediruri = strval(@$_POST['redirect_uri']);
296 $scope = strval(@$_POST['scope']);
297 $result = $db->prepare('INSERT INTO `oauth_clients` (`client_id`, `client_secret`, `redirect_uri`, `scope`, `user_id`) VALUES (:clientid, :secret, :rediruri, :scope, :userid);');
298 if (!$result->execute(array(':clientid' => $clientid,
299 ':secret' => $clientsecret,
300 ':rediruri' => $rediruri,
301 ':scope' => $scope,
302 ':userid' => $user['id']))) {
303 $utils->log('client_save_failure', 'client: '.$clientid);
304 $errors[] = 'Unexpectedly failed to save new client information. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.';
305 }
306 }
307 if (!count($errors)) {
308 // List clients
309 $result = $db->prepare('SELECT `client_id`,`client_secret`,`redirect_uri`,`scope` FROM `oauth_clients` WHERE `user_id` = :userid;');
310 $result->execute(array(':userid' => $user['id']));
311 $clients = $result->fetchAll(PDO::FETCH_ASSOC);
312 if (!$clients) { $clients = array(); }
313 $pagetype = 'clientlist';
314 }
315 }
316 else {
317 $errors[] = _('This function is only available if you are logged in.');
318 }
319 }
4c6d8064
RK		 320 elseif (intval($session['user'])) {
321 $result = $db->prepare('SELECT `id`,`email`,`verify_hash` FROM `auth_users` WHERE `id` = :userid;');
322 $result->execute(array(':userid' => $session['user']));
323 $user = $result->fetch(PDO::FETCH_ASSOC);
324 if (!$user['id']) {
325 $utils->log('user_read_failure', 'user: '.$session['user']);
d26d08a1 326 }
4c6d8064
RK		 327 // Password reset requested.
328 if (array_key_exists('pwd', $_POST) && array_key_exists('reset', $_POST) && array_key_exists('tcode', $_POST)) {
329 // If not logged in, a password reset needs to have the proper vcode set.
330 if (!$session['logged_in'] && (!strlen(@$_POST['vcode']) || ($_POST['vcode'] != $user['verify_hash']))) {
331 $errors[] = _('Password reset failed. The reset form you used was not valid. Possibly it has expired and you need to initiate the password reset again.');
332 }
333 // If not logged in, a password reset also needs to have the proper email set.
334 if (!$session['logged_in'] && !count($errors) && (@$_POST['email_hidden'] != $user['email'])) {
335 $errors[] = _('Password reset failed. The reset form you used was not valid. Possibly it has expired and you need to initiate the password reset again.');
336 }
337 // Check validity of time code.
338 if (!count($errors) && !$utils->verifyTimeCode($_POST['tcode'], $session)) {
339 $errors[] = _('Password reset failed. The reset form you used was not valid. Possibly it has expired and you need to initiate the password reset again.');
340 }
341 $errors += $utils->checkPasswordConstraints(strval($_POST['pwd']), $user['email']);
342 if (!count($errors)) {
343 $newHash = $utils->pwdHash($_POST['pwd']);
344 $result = $db->prepare('UPDATE `auth_users` SET `pwdhash` = :pwdhash, `verify_hash` = \'\' WHERE `id` = :userid;');
345 if (!$result->execute(array(':pwdhash' => $newHash, ':userid' => $session['user']))) {
346 $utils->log('pwd_reset_failure', 'user: '.$session['user']);
347 $errors[] = _('Password reset failed. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
348 }
349 else {
350 $pagetype = 'reset_done';
351 }
352 }
b19743bc 353 }
d26d08a1
RK		 354 }
355}
356
357if (!count($errors)) {
b19743bc
RK		 358 if ($pagetype == 'verification_sent') {
359 $para = $body->appendElement('p', sprintf(_('An email for confirmation has been sent to %s. Please follow the link provided there to complete the process.'), $user['email']));
360 $para->setAttribute('class', 'verifyinfo pending');
409b55f4
RK		 361 $para = $body->appendElement('p', _('Reload this page after you confirm to continue.'));
362 $para->setAttribute('class', 'verifyinfo pending');
b19743bc 363 }
89975cb9
RK		 364 elseif ($pagetype == 'resetmail_sent') {
365 $para = $body->appendElement('p',
366 _('An email has been sent to the requested account with further information. If you do not receive an email then please confirm you have entered the same email address used during account registration.'));
367 $para->setAttribute('class', 'resetinfo pending');
368 }
b19743bc
RK		 369 elseif ($pagetype == 'resetstart') {
370 $para = $body->appendElement('p', _('If you forgot your password or didn\'t receive the registration confirmation, please enter your email here.'));
371 $para->setAttribute('class', '');
77f0f9ff 372 $form = $body->appendForm('./?reset', 'POST', 'resetform');
b19743bc
RK		 373 $form->setAttribute('id', 'loginform');
374 $form->setAttribute('class', 'loginarea hidden');
375 $ulist = $form->appendElement('ul');
376 $ulist->setAttribute('class', 'flat login');
377 $litem = $ulist->appendElement('li');
378 $inptxt = $litem->appendInputEmail('email', 30, 20, 'login_email');
379 $inptxt->setAttribute('autocomplete', 'email');
380 $inptxt->setAttribute('required', '');
381 $inptxt->setAttribute('placeholder', _('Email'));
382 $litem = $ulist->appendElement('li');
ac442755 383 $litem->appendInputHidden('tcode', $utils->createTimeCode($session));
b19743bc
RK		 384 $submit = $litem->appendInputSubmit(_('Send instructions to email'));
385 }
386 elseif ($pagetype == 'resetpwd') {
89975cb9 387 $para = $body->appendElement('p', sprintf(_('You can set a new password for %s here.'), $user['email']));
b19743bc 388 $para->setAttribute('class', '');
77f0f9ff 389 $form = $body->appendForm('./', 'POST', 'newpwdform');
b19743bc
RK		 390 $form->setAttribute('id', 'loginform');
391 $form->setAttribute('class', 'loginarea hidden');
392 $ulist = $form->appendElement('ul');
393 $ulist->setAttribute('class', 'flat login');
394 $litem = $ulist->appendElement('li');
e876642c
RK		 395 $litem->setAttribute('class', 'donotshow');
396 $inptxt = $litem->appendInputEmail('email_hidden', 30, 20, 'login_email', $user['email']);
397 $inptxt->setAttribute('autocomplete', 'email');
398 $inptxt->setAttribute('placeholder', _('Email'));
399 $litem = $ulist->appendElement('li');
b19743bc
RK		 400 $inptxt = $litem->appendInputPassword('pwd', 20, 20, 'login_pwd', '');
401 $inptxt->setAttribute('required', '');
402 $inptxt->setAttribute('placeholder', _('Password'));
403 $inptxt->setAttribute('class', 'login');
404 $litem = $ulist->appendElement('li');
e876642c 405 $litem->appendInputHidden('reset', '');
ac442755 406 $litem->appendInputHidden('tcode', $utils->createTimeCode($session));
89975cb9
RK		 407 if (!$session['logged_in'] && strlen(@$user['verify_hash'])) {
408 $litem->appendInputHidden('vcode', $user['verify_hash']);
409 }
b19743bc
RK		 410 $submit = $litem->appendInputSubmit(_('Save password'));
411 }
ea0452ad
RK		 412 elseif ($pagetype == 'clientlist') {
413 $scopes = array('clientreg', 'email');
414 $form = $body->appendForm('?clients', 'POST', 'newclientform');
415 $form->setAttribute('id', 'clientform');
416 $tbl = $form->appendElement('table');
417 $tbl->setAttribute('class', 'clientlist border');
418 $thead = $tbl->appendElement('thead');
419 $trow = $thead->appendElement('tr');
420 $trow->appendElement('th', _('Client ID'));
421 $trow->appendElement('th', _('Client Secrect'));
422 $trow->appendElement('th', _('Redirect URI'));
423 $trow->appendElement('th', _('Scope'));
424 $trow->appendElement('th');
425 $tbody = $tbl->appendElement('tbody');
426 foreach ($clients as $client) {
427 $trow = $tbody->appendElement('tr');
428 $trow->appendElement('td', $client['client_id']);
429 $trow->appendElement('td', $client['client_secret']);
430 $trow->appendElement('td', $client['redirect_uri']);
431 $trow->appendElement('td', $client['scope']);
432 $trow->appendElement('td'); // Future: Delete link?
433 }
434 // Form fields for adding a new one.
435 $tfoot = $tbl->appendElement('tfoot');
436 $trow = $tfoot->appendElement('tr');
437 $cell = $trow->appendElement('td');
438 $inptxt = $cell->appendInputText('client_id', 80, 25, 'client_id');
439 $cell = $trow->appendElement('td'); // Empty, as secret will be generated.
440 $cell = $trow->appendElement('td');
441 $inptxt = $cell->appendInputText('redirect_uri', 500, 50, 'redirect_uri');
442 $cell = $trow->appendElement('td');
443 $select = $cell->appendElementSelect('scope');
444 foreach ($scopes as $scope) {
445 $select->appendElementOption($scope, $scope);
446 }
447 //$inptxt = $cell->appendInputText('scope', 100, 20, 'scope');
448 $cell = $trow->appendElement('td');
449 $submit = $cell->appendInputSubmit(_('Create'));
450 }
b19743bc 451 elseif ($session['logged_in']) {
e876642c
RK		 452 if ($pagetype == 'reset_done') {
453 $para = $body->appendElement('p', _('Your password has successfully been reset.'));
454 $para->setAttribute('class', 'resetinfo done');
455 }
d26d08a1
RK		 456 $div = $body->appendElement('div', $user['email']);
457 $div->setAttribute('class', 'loginheader');
458 $div = $body->appendElement('div');
459 $div->setAttribute('class', 'loginlinks');
b19743bc
RK		 460 $ulist = $div->appendElement('ul');
461 $ulist->setAttribute('class', 'flat');
462 $litem = $ulist->appendElement('li');
77f0f9ff 463 $link = $litem->appendLink('./?logout', _('Log out'));
ea0452ad
RK		 464 if (in_array($user['email'], $utils->client_reg_email_whitelist)) {
465 $litem = $ulist->appendElement('li');
466 $link = $litem->appendLink('./?clients', _('Manage OAuth2 clients'));
467 }
b19743bc 468 $litem = $ulist->appendElement('li');
77f0f9ff 469 $litem->appendLink('./?reset', _('Set new password'));
d26d08a1
RK		 470 }
471 else { // not logged in
b19743bc
RK		 472 if ($pagetype == 'verification_done') {
473 $para = $body->appendElement('p', _('Hooray! Your email was successfully confirmed! You can log in now.'));
474 $para->setAttribute('class', 'verifyinfo done');
475 }
e876642c
RK		 476 elseif ($pagetype == 'reset_done') {
477 $para = $body->appendElement('p', _('Your password has successfully been reset. You can log in now with the new password.'));
478 $para->setAttribute('class', 'resetinfo done');
479 }
409b55f4 480 $utils->appendLoginForm($body, $session, $user);
d26d08a1
RK		 481 }
482}
483
484if (count($errors)) {
485 $body->appendElement('p', ((count($errors) <= 1)
486 ?_('The following error was detected')
487 :_('The following errors were detected')).':');
488 $list = $body->appendElement('ul');
489 $list->setAttribute('class', 'flat warn');
490 foreach ($errors as $msg) {
491 $item = $list->appendElement('li', $msg);
492 }
b19743bc 493 $body->appendButton(_('Back'), 'history.back();');
133aecbe
RK		 494}
495
496// Send HTML to client.
497print($document->saveHTML());
498?>
OAuth2-capable authorization/login server