Gitiles
Code Review Sign In
review.sourcearcade.org / sourcearcade / ee52fbc1915703d37abe23c297f5f4e077a1a0af / . / simpleid / www / page.inc.php
blob: c1c5ef6259dbfe9f69541cc2f10261b561d242f1 [file] [log] [blame]
Nico Huberee52fbc2023-06-24 11:52:57 +0000[diff] [blame^]1<?php
2/*
3 * SimpleID
4 *
5 * Copyright (C) Kelvin Mo 2009
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public
18 * License along with this program; if not, write to the Free
19 * Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 *
21 * $Id$
22 */
23
24/**
25 * Functions for displaying various pages in SimpleID.
26 *
27 * @package simpleid
28 * @filesource
29 * @since 0.7
30 */
31
32/**
33 * Displays the dashboard page.
34 */
35function page_dashboard() {
36 global $user;
37 global $xtpl;
38
39 // Require HTTPS, redirect if necessary
40 check_https('redirect', true);
41
42 if ($user == NULL) {
43 user_login_form('');
44 return;
45 }
46
47 user_header();
48 page_nav();
49
50 $blocks = _page_welcome_block();
51
52 $blocks = array_merge($blocks, _page_dashboard_otp_block(), extension_invoke_all('page_dashboard'));
53 $blocks = array_map('page_render_block', $blocks);
54 $xtpl->assign('blocks', implode($blocks));
55 $xtpl->parse('main.blocks');
56
57 $xtpl->assign('title', t('Dashboard'));
58 $xtpl->parse('main');
59 $xtpl->out('main');
60
61}
62
63/**
64 * Displays the profile page.
65 */
66function page_profile() {
67 global $user;
68 global $xtpl;
69
70 // Require HTTPS, redirect if necessary
71 check_https('redirect', true);
72
73 if ($user == NULL) {
74 user_login_form('my/profile');
75 return;
76 }
77
78 user_header();
79 page_nav();
80
81 $blocks = _page_discovery_block();
82
83 $blocks = array_merge($blocks, _user_page_profile(), extension_invoke_all('page_profile'));
84 $blocks = array_map('page_render_block', $blocks);
85 $xtpl->assign('blocks', implode($blocks));
86 $xtpl->parse('main.blocks');
87
88 $xtpl->assign(array('js_locale_label' => 'code', 'js_locale_text' => addslashes(t('<em>You need to set at least one of OpenID 1.x or OpenID 2 to generate the code.</em>'))));
89 $xtpl->parse('main.js_locale');
90
91 $xtpl->assign('javascript', '<script src="' . get_base_path() . 'html/page-profile.js" type="text/javascript"></script>');
92 $xtpl->assign('title', t('My Profile'));
93 $xtpl->parse('main');
94 $xtpl->out('main');
95}
96
97/**
98 * Returns the user's home page.
99 */
100function page_sites() {
101 global $user;
102 global $xtpl;
103
104 // Require HTTPS, redirect if necessary
105 check_https('redirect', true);
106
107 if ($user == NULL) {
108 user_login_form('my/sites');
109 return;
110 }
111
112 user_header();
113 page_nav();
114
115 if (isset($user['rp'])) {
116 $user_rps =& $user['rp'];
117 } else {
118 $user_rps = array();
119 }
120
121 if (isset($_POST['tk'])) {
122 if (!validate_form_token($_POST['tk'], 'autorelease')) {
123 set_message(t('SimpleID detected a potential security attack. Please try again.'));
124 } else {
125 if (isset($_POST['autorelease'])) {
126 foreach ($_POST['autorelease'] as $realm => $autorelease) {
127 if (isset($user_rps[$realm])) {
128 $user_rps[$realm]['auto_release'] = ($autorelease) ? 1 : 0;
129 }
130 }
131 }
132
133 if (isset($_POST['remove'])) {
134 foreach ($_POST['remove'] as $realm => $autorelease) {
135 if (isset($user_rps[$realm])) {
136 unset($user_rps[$realm]);
137 }
138 }
139 }
140
141 if (isset($_POST['update-all'])) {
142 foreach ($user_rps as $realm => $values) {
143 $user_rps[$realm]['auto_release'] = (isset($_POST['autorelease'][$realm]) && $_POST['autorelease'][$realm]) ? 1 : 0;
144 }
145 }
146
147 user_save($user);
148
149 set_message(t('Your preferences have been saved.'));
150 }
151 }
152
153 if ($user_rps) {
154 uksort($user_rps, '_page_sites_sort');
155 foreach ($user_rps as $realm => $rp) {
156 $xtpl->assign('realm_name', preg_replace('@^https?://(www\.|\*\.)?@', '<span class="url-elide">$0</span>', htmlspecialchars($rp['realm'], ENT_QUOTES, 'UTF-8')));
157 $xtpl->assign('realm', htmlspecialchars($rp['realm'], ENT_QUOTES, 'UTF-8'));
158 $xtpl->assign('last_time', htmlspecialchars($rp['last_time'], ENT_QUOTES, 'UTF-8'));
159 $xtpl->assign('last_time_formatted', htmlspecialchars(strftime(SIMPLEID_DATE_TIME_FORMAT, $rp['last_time']), ENT_QUOTES, 'UTF-8'));
160 $xtpl->assign('auto_release', (isset($rp['auto_release']) && $rp['auto_release']) ? 'checked="checked"' : '');
161
162 if (SIMPLEID_VERIFY_RETURN_URL_USING_REALM) {
163 // $rp_info would usually expire by now, so we allow for stale results to be retrieved to improve performance
164 $rp_info = simpleid_get_rp_info($realm, TRUE);
165 if (!isset($rp_info['return_to_verified']) || !$rp_info['return_to_verified']) $xtpl->assign('realm_class', 'return-to-suspect');
166 }
167
168 $xtpl->parse('main.sites.realm');
169 }
170 }
171
172 if (!$user_rps || (count($user_rps) == 0)) {
173 $xtpl->assign('disabled', 'disabled="disabled"');
174 }
175
176 $xtpl->assign('token', get_form_token('autorelease'));
177
178 $xtpl->assign('realm_label', t('Site'));
179 $xtpl->assign('last_time_label', t('Last access'));
180 $xtpl->assign('auto_release_label', t('Automatic'));
181 $xtpl->assign('remove_label', t('Remove'));
182 $xtpl->assign('submit_button', t('Submit'));
183
184 $xtpl->parse('main.sites');
185
186 $xtpl->assign(array('js_locale_label' => 'openid_suspect', 'js_locale_text' => addslashes(t('This web site has not confirmed its identity and might be fraudulent.')) . '\n\n' . addslashes(t('Are you sure you wish to automatically send your information to this site for any future requests?'))));
187 $xtpl->parse('main.js_locale');
188
189 $xtpl->assign('title', t('My Sites'));
190 $xtpl->assign('javascript', '<script src="' . get_base_path() . 'html/openid-consent.js" type="text/javascript"></script>');
191 $xtpl->parse('main');
192 $xtpl->out('main');
193}
194
195/**
196 * A custom sort function for realms. This strips out the following:
197 *
198 * - http://
199 * - https://
200 * - www.
201 * - *.
202 *
203 * @param string $a
204 * @param string $b
205 * @return int
206 */
207function _page_sites_sort($a, $b) {
208 $a = preg_replace('@^https?://(www\.|\*\.)?@', '', $a);
209 $b = preg_replace('@^https?://(www\.|\*\.)?@', '', $b);
210 return strcasecmp($a, $b);
211}
212
213/**
214 * Set up the navigation section in the header
215 */
216function page_nav() {
217 global $user;
218 global $xtpl;
219
220 $xtpl->assign('nav_base', trim(simpleid_url(' ', '', true)));
221
222 $xtpl->assign('nav_dashboard_label', t('Dashboard'));
223 $xtpl->assign('nav_profile_label', t('My Profile'));
224 $xtpl->assign('nav_sites_label', t('My Sites'));
225
226 $xtpl->parse('main.nav_toggle');
227 $xtpl->parse('main.nav');
228}
229
230/**
231 * Renders a particular block.
232 *
233 * @param array $block the block to render
234 * @return string the HTML of the rendered block
235 */
236function page_render_block($block) {
237 static $xtpl_block;
238
239 if (!$xtpl_block) $xtpl_block = new XTemplate('html/block.xtpl');
240
241 $xtpl_block->reset('block');
242 $xtpl_block->assign('id', $block['id']);
243 $xtpl_block->assign('title', $block['title']);
244 $xtpl_block->assign('content', $block['content']);
245
246 if (isset($block['links'])) {
247 $xtpl_block->assign('links', $block['links']);
248 $xtpl_block->parse('block.links');
249 }
250
251 $xtpl_block->parse('block');
252 return $xtpl_block->text('block');
253}
254
255/**
256 * Returns the welcome block.
257 *
258 * @return array the welcome block
259 */
260function _page_welcome_block() {
261 global $user;
262
263 return array(array(
264 'id' => 'welcome',
265 'title' => t('Welcome'),
266 'content' => t('You are logged in as %uid (%identity).', array('%uid' => $user['uid'], '%identity' => $user['identity']))
267 ));
268}
269
270/**
271 * Returns the dashboard OTP block.
272 *
273 * @return array the dashboard OTP block
274 */
275function _page_dashboard_otp_block() {
276 global $user;
277
278 $base_path = get_base_path();
279
280 $html = '<p>' . t('Login verification adds an extra layer of protection to your account. When enabled, you will need to enter an additional security code whenever you log into SimpleID.') . '</p>';
281
282 if (isset($user['otp'])) {
283 $html .= '<p>' . t('Login verification is <strong>enabled</strong>.') . '</p>';
284 $html .= '<form action="' . $base_path . 'index.php" method="post" enctype="application/x-www-form-urlencoded"><input type="hidden" name="tk" value="'. get_form_token('dashboard_otp') . '"/>';
285 $html .= '<input type="hidden" name="q" value="otp"/><input type="submit" name="op" value="' . t('Disable') . '" /></form>';
286 } else {
287 $html .= '<p>' . t('Login verification is <strong>disabled</strong>. To enable login verification, click the button below.') . '</p>';
288 $html .= '<form action="' . $base_path . 'index.php" method="post" enctype="application/x-www-form-urlencoded"><input type="hidden" name="tk" value="'. get_form_token('dashboard_otp') . '"/>';
289 $html .= '<input type="hidden" name="q" value="otp"/><input type="submit" name="op" value="' . t('Enable') . '" /></form>';
290 }
291
292 return array(array(
293 'id' => 'otp',
294 'title' => t('Login Verification'),
295 'content' => $html
296 ));
297}
298
299/**
300 * Returns a block containing discovery information.
301 *
302 * @return array the discovery block
303 */
304function _page_discovery_block() {
305 global $user;
306
307 $html = "<h3>" . t('&lt;link&gt; tags') . "</h3>";
308
309 $html .= "<div><label><input type=\"checkbox\" name=\"openid1\" value=\"1\" id=\"discovery-openid1\" class=\"discovery-checkbox\" />" . t('OpenID 1.x') . "</label>";
310 $html .= "<label><input type=\"checkbox\" name=\"openid2\" value=\"1\" id=\"discovery-openid2\" class=\"discovery-checkbox\" />" . t('OpenID 2.0') . "</label>";
311 $html .= "<label><input type=\"checkbox\" name=\"local-id\" value=\"1\" id=\"discovery-local-id\" class=\"discovery-checkbox\" />" . t('Claim a different identifier') . "</label></div>";
312 $html .= "<pre id=\"discovery-link-tags\">";
313 $html .= "</pre>";
314 $html .= "<ul id=\"discovery-templates\"><li class=\"openid1\">&lt;link rel=&quot;openid.server&quot; href=&quot;" . htmlspecialchars(simpleid_url(), ENT_QUOTES, 'UTF-8') . "&quot; /&gt;</li>\n";
315 $html .= "<li class=\"openid2\">&lt;link rel=&quot;openid2.provider&quot; href=&quot;" . htmlspecialchars(simpleid_url(), ENT_QUOTES, 'UTF-8') ."&quot; /&gt;</li>\n";
316 $html .= "<li class=\"openid1-local-id\">&lt;link rel=&quot;openid.delegate&quot; href=&quot;" . htmlspecialchars($user['identity'], ENT_QUOTES, 'UTF-8') . "&quot; /&gt;</li>\n";
317 $html .= "<li class=\"openid2-local-id\">&lt;link rel=&quot;openid2.local_id&quot; href=&quot;" . htmlspecialchars($user['identity'], ENT_QUOTES, 'UTF-8') ."&quot; /&gt;</li></ul>\n";
318
319 $html .= "<h3>" . t('YADIS') . "</h3>";
320 $html .= "<ol><li>" . t('Write your own or <a href="!url">download</a> your YADIS document', array('!url' => simpleid_url('xrds/'. $user['uid'], '', true))) . "</li>";
321 $html .= "<li><div>" . t('Add HTTP headers or &lt;meta&gt; tag, e.g.:') . "<div><pre>&lt;meta http-equiv=&quot;X-XRDS-Location&quot; content=&quot;" . htmlspecialchars(simpleid_url('xrds/'. $user['uid']), ENT_QUOTES, 'UTF-8') . "&quot; /></pre>";
322 $html .= "</li></ol>";
323
324 return array(array(
325 'id' => 'discovery',
326 'title' => t('Claim your Identifier'),
327 'content' => $html,
328 'links' => '<a href="http://simpleid.org/docs/1/identity-claim/">More information</a>'
329 ));
330}
331?>