X-Git-Url: https://git-public.kairo.at/?p=authserver.git;a=blobdiff_plain;f=app%2Fauthutils.php-class;h=42f585910458ca7f5f516c3f76cce2432d6f7c49;hp=f76ac18f9ffc9245f8def3d43dbbd16c1cd4630f;hb=2b9aa8f3c5aeb5d3fa414a985ad14b351a12cfcd;hpb=8b69f29ccce4f236a8954a80c837bcd20987ca53;ds=sidebyside

diff --git a/app/authutils.php-class b/app/authutils.php-class
index f76ac18..42f5859 100755
--- a/app/authutils.php-class
+++ b/app/authutils.php-class
@@ -34,6 +34,9 @@ class AuthUtils {
   // function checkForSecureConnection()
   //   Check is the connection is secure and return an array of error messages (empty if it's secure).
   //
+  // function sendSecurityHeaders()
+  //   Rend HTTP headers for improving security.
+  //
   // function initSession()
   //   Initialize a session. Returns an associative array of all the DB fields of the session.
   //
@@ -88,6 +91,11 @@ class AuthUtils {
   // function getGroupedEmails($group_id, [$exclude_email])
   //   Return all emails grouped in the specified group ID, optionally exclude a specific email (e.g. because you only want non-current entries)
   //
+  // function initHTMLDocument($titletext, [$headlinetext]) {
+  //   initialize the HTML document for the auth system, with some elements we always use, esp. all the scripts and stylesheet.
+  //     Sets the title of the document to the given title, the main headline will be the same as the title if not set explicitly.
+  //     Returns an associative array with the following elements: 'document', 'html', 'head', 'title', 'body'.
+  //
   // function appendLoginForm($dom_element, $session, $user, [$addfields])
   //   Append a login form for the given session to the given DOM element, possibly prefilling the email from the given user info array.
   //     The optional $addfields parameter is an array of name=>value pairs of hidden fields to add to the form.
@@ -195,14 +203,14 @@ class AuthUtils {
       }
       else {
         $utils->log('create_session_failure', 'at login, prev session: '.$session['id'].', new user: '.$userid);
-        $errors[] = _('The session system is not working. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
+        $errors[] = _('The session system is not working.').' '._('Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
       }
     }
     else {
       $result = $this->db->prepare('UPDATE `auth_sessions` SET `sesskey` = :sesskey, `user` = :userid, `logged_in` = TRUE, `time_expire` = :expire WHERE `id` = :sessid;');
       if (!$result->execute(array(':sesskey' => $sesskey, ':userid' => $userid, ':expire' => gmdate('Y-m-d H:i:s', strtotime('+1 day')), ':sessid' => $session['id']))) {
         $utils->log('login_failure', 'session: '.$session['id'].', user: '.$userid);
-        $errors[] = _('Login failed unexpectedly. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
+        $errors[] = _('Login failed unexpectedly.').' '._('Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
       }
       else {
         // After update, actually fetch the session row from the DB so we have all values.
@@ -359,7 +367,7 @@ class AuthUtils {
   function negotiateLocale($supportedLanguages) {
     $nlocale = $supportedLanguages[0];
     $headers = getAllHeaders();
-    $accLcomp = explode(',', $headers['Accept-Language']);
+    $accLcomp = explode(',', @$headers['Accept-Language']);
     $accLang = array();
     foreach ($accLcomp as $lcomp) {
       if (strlen($lcomp)) {
@@ -392,6 +400,49 @@ class AuthUtils {
     return $emails;
   }
 
+  function initHTMLDocument($titletext, $headlinetext = null) {
+    global $settings;
+    if (is_null($headlinetext)) { $headlinetext = $titletext; }
+    // Start HTML document as a DOM object.
+    extract(ExtendedDocument::initHTML5()); // sets $document, $html, $head, $title, $body
+    $document->formatOutput = true; // we want a nice output
+
+    $style = $head->appendElement('link');
+    $style->setAttribute('rel', 'stylesheet');
+    $style->setAttribute('href', 'authsystem.css');
+    $head->appendJSFile('authsystem.js');
+    if ($settings['piwik_enabled']) {
+      $head->setAttribute('data-piwiksite', $settings['piwik_site_id']);
+      $head->setAttribute('data-piwikurl', $settings['piwik_url']);
+      $head->appendJSFile('piwik.js', true, true);
+    }
+    $title->appendText($titletext);
+    $h1 = $body->appendElement('h1', $headlinetext);
+
+    if ($settings['piwik_enabled']) {
+      // Piwik noscript element
+      $noscript = $body->appendElement('noscript');
+      $para = $noscript->appendElement('p');
+      $img = $para->appendImage($settings['piwik_url'].'piwik.php?idsite='.$settings['piwik_site_id']);
+      $img->setAttribute('style', 'border:0;');
+    }
+
+    // Make the document not be scaled on mobile devices.
+    $vpmeta = $head->appendElement('meta');
+    $vpmeta->setAttribute('name', 'viewport');
+    $vpmeta->setAttribute('content', 'width=device-width, height=device-height');
+
+    $para = $body->appendElement('p', _('This login system does not work without JavaScript. Please activate JavaScript for this site to log in.'));
+    $para->setAttribute('id', 'jswarning');
+    $para->setAttribute('class', 'warn');
+
+    return array('document' => $document,
+                 'html' => $html,
+                 'head' => $head,
+                 'title' => $title,
+                 'body' => $body);
+  }
+
   function appendLoginForm($dom_element, $session, $user, $addfields = array()) {
     $form = $dom_element->appendForm('./', 'POST', 'loginform');
     $form->setAttribute('id', 'loginform');