Nico Huber | ee52fbc | 2023-06-24 11:52:57 +0000 | [diff] [blame] | 1 | <?php |
| 2 | /* |
| 3 | * SimpleID |
| 4 | * |
| 5 | * Copyright (C) Kelvin Mo 2009 |
| 6 | * |
| 7 | * This program is free software; you can redistribute it and/or |
| 8 | * modify it under the terms of the GNU General Public |
| 9 | * License as published by the Free Software Foundation; either |
| 10 | * version 2 of the License, or (at your option) any later version. |
| 11 | * |
| 12 | * This program is distributed in the hope that it will be useful, |
| 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 15 | * General Public License for more details. |
| 16 | * |
| 17 | * You should have received a copy of the GNU General Public |
| 18 | * License along with this program; if not, write to the Free |
| 19 | * Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
| 20 | * |
| 21 | * $Id$ |
| 22 | */ |
| 23 | |
| 24 | /** |
| 25 | * Functions for displaying various pages in SimpleID. |
| 26 | * |
| 27 | * @package simpleid |
| 28 | * @filesource |
| 29 | * @since 0.7 |
| 30 | */ |
| 31 | |
| 32 | /** |
| 33 | * Displays the dashboard page. |
| 34 | */ |
| 35 | function page_dashboard() { |
| 36 | global $user; |
| 37 | global $xtpl; |
| 38 | |
| 39 | // Require HTTPS, redirect if necessary |
| 40 | check_https('redirect', true); |
| 41 | |
| 42 | if ($user == NULL) { |
| 43 | user_login_form(''); |
| 44 | return; |
| 45 | } |
| 46 | |
| 47 | user_header(); |
| 48 | page_nav(); |
| 49 | |
| 50 | $blocks = _page_welcome_block(); |
| 51 | |
| 52 | $blocks = array_merge($blocks, _page_dashboard_otp_block(), extension_invoke_all('page_dashboard')); |
| 53 | $blocks = array_map('page_render_block', $blocks); |
| 54 | $xtpl->assign('blocks', implode($blocks)); |
| 55 | $xtpl->parse('main.blocks'); |
| 56 | |
| 57 | $xtpl->assign('title', t('Dashboard')); |
| 58 | $xtpl->parse('main'); |
| 59 | $xtpl->out('main'); |
| 60 | |
| 61 | } |
| 62 | |
| 63 | /** |
| 64 | * Displays the profile page. |
| 65 | */ |
| 66 | function page_profile() { |
| 67 | global $user; |
| 68 | global $xtpl; |
| 69 | |
| 70 | // Require HTTPS, redirect if necessary |
| 71 | check_https('redirect', true); |
| 72 | |
| 73 | if ($user == NULL) { |
| 74 | user_login_form('my/profile'); |
| 75 | return; |
| 76 | } |
| 77 | |
| 78 | user_header(); |
| 79 | page_nav(); |
| 80 | |
| 81 | $blocks = _page_discovery_block(); |
| 82 | |
| 83 | $blocks = array_merge($blocks, _user_page_profile(), extension_invoke_all('page_profile')); |
| 84 | $blocks = array_map('page_render_block', $blocks); |
| 85 | $xtpl->assign('blocks', implode($blocks)); |
| 86 | $xtpl->parse('main.blocks'); |
| 87 | |
| 88 | $xtpl->assign(array('js_locale_label' => 'code', 'js_locale_text' => addslashes(t('<em>You need to set at least one of OpenID 1.x or OpenID 2 to generate the code.</em>')))); |
| 89 | $xtpl->parse('main.js_locale'); |
| 90 | |
| 91 | $xtpl->assign('javascript', '<script src="' . get_base_path() . 'html/page-profile.js" type="text/javascript"></script>'); |
| 92 | $xtpl->assign('title', t('My Profile')); |
| 93 | $xtpl->parse('main'); |
| 94 | $xtpl->out('main'); |
| 95 | } |
| 96 | |
| 97 | /** |
| 98 | * Returns the user's home page. |
| 99 | */ |
| 100 | function page_sites() { |
| 101 | global $user; |
| 102 | global $xtpl; |
| 103 | |
| 104 | // Require HTTPS, redirect if necessary |
| 105 | check_https('redirect', true); |
| 106 | |
| 107 | if ($user == NULL) { |
| 108 | user_login_form('my/sites'); |
| 109 | return; |
| 110 | } |
| 111 | |
| 112 | user_header(); |
| 113 | page_nav(); |
| 114 | |
| 115 | if (isset($user['rp'])) { |
| 116 | $user_rps =& $user['rp']; |
| 117 | } else { |
| 118 | $user_rps = array(); |
| 119 | } |
| 120 | |
| 121 | if (isset($_POST['tk'])) { |
| 122 | if (!validate_form_token($_POST['tk'], 'autorelease')) { |
| 123 | set_message(t('SimpleID detected a potential security attack. Please try again.')); |
| 124 | } else { |
| 125 | if (isset($_POST['autorelease'])) { |
| 126 | foreach ($_POST['autorelease'] as $realm => $autorelease) { |
| 127 | if (isset($user_rps[$realm])) { |
| 128 | $user_rps[$realm]['auto_release'] = ($autorelease) ? 1 : 0; |
| 129 | } |
| 130 | } |
| 131 | } |
| 132 | |
| 133 | if (isset($_POST['remove'])) { |
| 134 | foreach ($_POST['remove'] as $realm => $autorelease) { |
| 135 | if (isset($user_rps[$realm])) { |
| 136 | unset($user_rps[$realm]); |
| 137 | } |
| 138 | } |
| 139 | } |
| 140 | |
| 141 | if (isset($_POST['update-all'])) { |
| 142 | foreach ($user_rps as $realm => $values) { |
| 143 | $user_rps[$realm]['auto_release'] = (isset($_POST['autorelease'][$realm]) && $_POST['autorelease'][$realm]) ? 1 : 0; |
| 144 | } |
| 145 | } |
| 146 | |
| 147 | user_save($user); |
| 148 | |
| 149 | set_message(t('Your preferences have been saved.')); |
| 150 | } |
| 151 | } |
| 152 | |
| 153 | if ($user_rps) { |
| 154 | uksort($user_rps, '_page_sites_sort'); |
| 155 | foreach ($user_rps as $realm => $rp) { |
| 156 | $xtpl->assign('realm_name', preg_replace('@^https?://(www\.|\*\.)?@', '<span class="url-elide">$0</span>', htmlspecialchars($rp['realm'], ENT_QUOTES, 'UTF-8'))); |
| 157 | $xtpl->assign('realm', htmlspecialchars($rp['realm'], ENT_QUOTES, 'UTF-8')); |
| 158 | $xtpl->assign('last_time', htmlspecialchars($rp['last_time'], ENT_QUOTES, 'UTF-8')); |
| 159 | $xtpl->assign('last_time_formatted', htmlspecialchars(strftime(SIMPLEID_DATE_TIME_FORMAT, $rp['last_time']), ENT_QUOTES, 'UTF-8')); |
| 160 | $xtpl->assign('auto_release', (isset($rp['auto_release']) && $rp['auto_release']) ? 'checked="checked"' : ''); |
| 161 | |
| 162 | if (SIMPLEID_VERIFY_RETURN_URL_USING_REALM) { |
| 163 | // $rp_info would usually expire by now, so we allow for stale results to be retrieved to improve performance |
| 164 | $rp_info = simpleid_get_rp_info($realm, TRUE); |
| 165 | if (!isset($rp_info['return_to_verified']) || !$rp_info['return_to_verified']) $xtpl->assign('realm_class', 'return-to-suspect'); |
| 166 | } |
| 167 | |
| 168 | $xtpl->parse('main.sites.realm'); |
| 169 | } |
| 170 | } |
| 171 | |
| 172 | if (!$user_rps || (count($user_rps) == 0)) { |
| 173 | $xtpl->assign('disabled', 'disabled="disabled"'); |
| 174 | } |
| 175 | |
| 176 | $xtpl->assign('token', get_form_token('autorelease')); |
| 177 | |
| 178 | $xtpl->assign('realm_label', t('Site')); |
| 179 | $xtpl->assign('last_time_label', t('Last access')); |
| 180 | $xtpl->assign('auto_release_label', t('Automatic')); |
| 181 | $xtpl->assign('remove_label', t('Remove')); |
| 182 | $xtpl->assign('submit_button', t('Submit')); |
| 183 | |
| 184 | $xtpl->parse('main.sites'); |
| 185 | |
| 186 | $xtpl->assign(array('js_locale_label' => 'openid_suspect', 'js_locale_text' => addslashes(t('This web site has not confirmed its identity and might be fraudulent.')) . '\n\n' . addslashes(t('Are you sure you wish to automatically send your information to this site for any future requests?')))); |
| 187 | $xtpl->parse('main.js_locale'); |
| 188 | |
| 189 | $xtpl->assign('title', t('My Sites')); |
| 190 | $xtpl->assign('javascript', '<script src="' . get_base_path() . 'html/openid-consent.js" type="text/javascript"></script>'); |
| 191 | $xtpl->parse('main'); |
| 192 | $xtpl->out('main'); |
| 193 | } |
| 194 | |
| 195 | /** |
| 196 | * A custom sort function for realms. This strips out the following: |
| 197 | * |
| 198 | * - http:// |
| 199 | * - https:// |
| 200 | * - www. |
| 201 | * - *. |
| 202 | * |
| 203 | * @param string $a |
| 204 | * @param string $b |
| 205 | * @return int |
| 206 | */ |
| 207 | function _page_sites_sort($a, $b) { |
| 208 | $a = preg_replace('@^https?://(www\.|\*\.)?@', '', $a); |
| 209 | $b = preg_replace('@^https?://(www\.|\*\.)?@', '', $b); |
| 210 | return strcasecmp($a, $b); |
| 211 | } |
| 212 | |
| 213 | /** |
| 214 | * Set up the navigation section in the header |
| 215 | */ |
| 216 | function page_nav() { |
| 217 | global $user; |
| 218 | global $xtpl; |
| 219 | |
| 220 | $xtpl->assign('nav_base', trim(simpleid_url(' ', '', true))); |
| 221 | |
| 222 | $xtpl->assign('nav_dashboard_label', t('Dashboard')); |
| 223 | $xtpl->assign('nav_profile_label', t('My Profile')); |
| 224 | $xtpl->assign('nav_sites_label', t('My Sites')); |
| 225 | |
| 226 | $xtpl->parse('main.nav_toggle'); |
| 227 | $xtpl->parse('main.nav'); |
| 228 | } |
| 229 | |
| 230 | /** |
| 231 | * Renders a particular block. |
| 232 | * |
| 233 | * @param array $block the block to render |
| 234 | * @return string the HTML of the rendered block |
| 235 | */ |
| 236 | function page_render_block($block) { |
| 237 | static $xtpl_block; |
| 238 | |
| 239 | if (!$xtpl_block) $xtpl_block = new XTemplate('html/block.xtpl'); |
| 240 | |
| 241 | $xtpl_block->reset('block'); |
| 242 | $xtpl_block->assign('id', $block['id']); |
| 243 | $xtpl_block->assign('title', $block['title']); |
| 244 | $xtpl_block->assign('content', $block['content']); |
| 245 | |
| 246 | if (isset($block['links'])) { |
| 247 | $xtpl_block->assign('links', $block['links']); |
| 248 | $xtpl_block->parse('block.links'); |
| 249 | } |
| 250 | |
| 251 | $xtpl_block->parse('block'); |
| 252 | return $xtpl_block->text('block'); |
| 253 | } |
| 254 | |
| 255 | /** |
| 256 | * Returns the welcome block. |
| 257 | * |
| 258 | * @return array the welcome block |
| 259 | */ |
| 260 | function _page_welcome_block() { |
| 261 | global $user; |
| 262 | |
| 263 | return array(array( |
| 264 | 'id' => 'welcome', |
| 265 | 'title' => t('Welcome'), |
| 266 | 'content' => t('You are logged in as %uid (%identity).', array('%uid' => $user['uid'], '%identity' => $user['identity'])) |
| 267 | )); |
| 268 | } |
| 269 | |
| 270 | /** |
| 271 | * Returns the dashboard OTP block. |
| 272 | * |
| 273 | * @return array the dashboard OTP block |
| 274 | */ |
| 275 | function _page_dashboard_otp_block() { |
| 276 | global $user; |
| 277 | |
| 278 | $base_path = get_base_path(); |
| 279 | |
| 280 | $html = '<p>' . t('Login verification adds an extra layer of protection to your account. When enabled, you will need to enter an additional security code whenever you log into SimpleID.') . '</p>'; |
| 281 | |
| 282 | if (isset($user['otp'])) { |
| 283 | $html .= '<p>' . t('Login verification is <strong>enabled</strong>.') . '</p>'; |
| 284 | $html .= '<form action="' . $base_path . 'index.php" method="post" enctype="application/x-www-form-urlencoded"><input type="hidden" name="tk" value="'. get_form_token('dashboard_otp') . '"/>'; |
| 285 | $html .= '<input type="hidden" name="q" value="otp"/><input type="submit" name="op" value="' . t('Disable') . '" /></form>'; |
| 286 | } else { |
| 287 | $html .= '<p>' . t('Login verification is <strong>disabled</strong>. To enable login verification, click the button below.') . '</p>'; |
| 288 | $html .= '<form action="' . $base_path . 'index.php" method="post" enctype="application/x-www-form-urlencoded"><input type="hidden" name="tk" value="'. get_form_token('dashboard_otp') . '"/>'; |
| 289 | $html .= '<input type="hidden" name="q" value="otp"/><input type="submit" name="op" value="' . t('Enable') . '" /></form>'; |
| 290 | } |
| 291 | |
| 292 | return array(array( |
| 293 | 'id' => 'otp', |
| 294 | 'title' => t('Login Verification'), |
| 295 | 'content' => $html |
| 296 | )); |
| 297 | } |
| 298 | |
| 299 | /** |
| 300 | * Returns a block containing discovery information. |
| 301 | * |
| 302 | * @return array the discovery block |
| 303 | */ |
| 304 | function _page_discovery_block() { |
| 305 | global $user; |
| 306 | |
| 307 | $html = "<h3>" . t('<link> tags') . "</h3>"; |
| 308 | |
| 309 | $html .= "<div><label><input type=\"checkbox\" name=\"openid1\" value=\"1\" id=\"discovery-openid1\" class=\"discovery-checkbox\" />" . t('OpenID 1.x') . "</label>"; |
| 310 | $html .= "<label><input type=\"checkbox\" name=\"openid2\" value=\"1\" id=\"discovery-openid2\" class=\"discovery-checkbox\" />" . t('OpenID 2.0') . "</label>"; |
| 311 | $html .= "<label><input type=\"checkbox\" name=\"local-id\" value=\"1\" id=\"discovery-local-id\" class=\"discovery-checkbox\" />" . t('Claim a different identifier') . "</label></div>"; |
| 312 | $html .= "<pre id=\"discovery-link-tags\">"; |
| 313 | $html .= "</pre>"; |
| 314 | $html .= "<ul id=\"discovery-templates\"><li class=\"openid1\"><link rel="openid.server" href="" . htmlspecialchars(simpleid_url(), ENT_QUOTES, 'UTF-8') . "" /></li>\n"; |
| 315 | $html .= "<li class=\"openid2\"><link rel="openid2.provider" href="" . htmlspecialchars(simpleid_url(), ENT_QUOTES, 'UTF-8') ."" /></li>\n"; |
| 316 | $html .= "<li class=\"openid1-local-id\"><link rel="openid.delegate" href="" . htmlspecialchars($user['identity'], ENT_QUOTES, 'UTF-8') . "" /></li>\n"; |
| 317 | $html .= "<li class=\"openid2-local-id\"><link rel="openid2.local_id" href="" . htmlspecialchars($user['identity'], ENT_QUOTES, 'UTF-8') ."" /></li></ul>\n"; |
| 318 | |
| 319 | $html .= "<h3>" . t('YADIS') . "</h3>"; |
| 320 | $html .= "<ol><li>" . t('Write your own or <a href="!url">download</a> your YADIS document', array('!url' => simpleid_url('xrds/'. $user['uid'], '', true))) . "</li>"; |
| 321 | $html .= "<li><div>" . t('Add HTTP headers or <meta> tag, e.g.:') . "<div><pre><meta http-equiv="X-XRDS-Location" content="" . htmlspecialchars(simpleid_url('xrds/'. $user['uid']), ENT_QUOTES, 'UTF-8') . "" /></pre>"; |
| 322 | $html .= "</li></ol>"; |
| 323 | |
| 324 | return array(array( |
| 325 | 'id' => 'discovery', |
| 326 | 'title' => t('Claim your Identifier'), |
| 327 | 'content' => $html, |
| 328 | 'links' => '<a href="http://simpleid.org/docs/1/identity-claim/">More information</a>' |
| 329 | )); |
| 330 | } |
| 331 | ?> |