From 947109668e6cae8a82ddace0e0135d5d6097f8ad Mon Sep 17 00:00:00 2001
From: cdujeu <charles@ajaxplorer.info>
Date: Tue, 13 May 2014 13:00:53 +0200
Subject: [PATCH] Forgot captcha Fix \ in new install web uri detection Adapt
 auth.multi (override login action)

---
 .../auth.multi/class.multiAuthDriver.php      |  72 +++++++----
 core/src/plugins/auth.multi/manifest.xml      | 118 ++++++++++++++++++
 .../authfront.session_login/manifest.xml      |   5 +
 .../boot.conf/class.BootConfLoader.php        |   2 +-
 4 files changed, 170 insertions(+), 27 deletions(-)

diff --git a/core/src/plugins/auth.multi/class.multiAuthDriver.php b/core/src/plugins/auth.multi/class.multiAuthDriver.php
index e45457e9bf..ed1a8203d8 100644
--- a/core/src/plugins/auth.multi/class.multiAuthDriver.php
+++ b/core/src/plugins/auth.multi/class.multiAuthDriver.php
@@ -98,36 +98,56 @@ private function detectCurrentDriver()
     protected function parseSpecificContributions(&$contribNode)
     {
         parent::parseSpecificContributions($contribNode);
-        if($this->masterSlaveMode) return;
         if($contribNode->nodeName != "actions") return ;
-        // Replace callback code
-        $actionXpath=new DOMXPath($contribNode->ownerDocument);
-        $loginCallbackNodeList = $actionXpath->query('action[@name="login"]/processing/clientCallback', $contribNode);
-        if(!$loginCallbackNodeList->length) return ;
-        $xmlContent = file_get_contents(AJXP_INSTALL_PATH."/plugins/auth.multi/login_patch.xml");
-        $sources = array();
-        if(!isSet($this->options) || !isSet($this->options["DRIVERS"]) || !is_array($this->options["DRIVERS"])) return;
-        foreach ($this->getOption("DRIVERS") as $driverDef) {
-            $dName = $driverDef["NAME"];
-            if (isSet($driverDef["LABEL"])) {
-                $dLabel = $driverDef["LABEL"];
-            } else {
-                $dLabel = $driverDef["NAME"];
+
+        if($this->masterSlaveMode) {
+            // REMOVE CHILD
+            $actionXpath=new DOMXPath($contribNode->ownerDocument);
+            $actionOverrideNodeList = $actionXpath->query('//action', $contribNode);
+            $actionNode = $actionOverrideNodeList->item(0);
+            $actionNode->parentNode->removeChild($actionNode);
+
+        }else{
+
+            $actionXpath=new DOMXPath($contribNode->ownerDocument);
+            $loginCallbackNodeList = $actionXpath->query('//clientCallback', $contribNode);
+            $callbackNode = $loginCallbackNodeList->item(0);
+            $xmlContent = $callbackNode->firstChild->wholeText;
+
+            $sources = array();
+            if(!isSet($this->options) || !isSet($this->options["DRIVERS"]) || !is_array($this->options["DRIVERS"])) return;
+            foreach ($this->getOption("DRIVERS") as $driverDef) {
+                $dName = $driverDef["NAME"];
+                if (isSet($driverDef["LABEL"])) {
+                    $dLabel = $driverDef["LABEL"];
+                } else {
+                    $dLabel = $driverDef["NAME"];
+                }
+                $sources[$dName] = $dLabel;
             }
-            $sources[$dName] = $dLabel;
-        }
-        $xmlContent = str_replace("AJXP_MULTIAUTH_SOURCES", json_encode($sources), $xmlContent);
-        $xmlContent = str_replace("AJXP_MULTIAUTH_MASTER", $this->getOption("MASTER_DRIVER"), $xmlContent);
-        $xmlContent = str_replace("AJXP_USER_ID_SEPARATOR", $this->getOption("USER_ID_SEPARATOR"), $xmlContent);
-        $patchDoc = new DOMDocument();
-        $patchDoc->loadXML($xmlContent);
-        $patchNode = $patchDoc->documentElement;
-        $imported = $contribNode->ownerDocument->importNode($patchNode, true);
-        $loginCallback = $loginCallbackNodeList->item(0);
-        $loginCallback->parentNode->replaceChild($imported, $loginCallback);
-        //var_dump($contribNode->ownerDocument->saveXML($contribNode));
+            $xmlContent = str_replace("AJXP_MULTIAUTH_SOURCES", json_encode($sources), $xmlContent);
+            $xmlContent = str_replace("AJXP_MULTIAUTH_MASTER", $this->getOption("MASTER_DRIVER"), $xmlContent);
+            $xmlContent = str_replace("AJXP_USER_ID_SEPARATOR", $this->getOption("USER_ID_SEPARATOR"), $xmlContent);
+            $callbackNode->removeChild($callbackNode->firstChild);
+            $callbackNode->appendChild($contribNode->ownerDocument->createCDATASection($xmlContent));
+
+        }
+    }
+/*
+    public function getLoginRedirect(){
+
+        $l = $this->drivers[$this->masterName]->getLoginRedirect();
+        if(!empty($l)) return $l;
+        return $this->drivers[$this->slaveName]->getLoginRedirect();
     }
 
+    public function getLogoutRedirect(){
+
+        $l = $this->drivers[$this->masterName]->getLogoutRedirect();
+        if(!empty($l)) return $l;
+        return $this->drivers[$this->slaveName]->getLogoutRedirect();
+    }
+*/
     protected function setCurrentDriverName($name)
     {
         $this->currentDriver = $name;
diff --git a/core/src/plugins/auth.multi/manifest.xml b/core/src/plugins/auth.multi/manifest.xml
index dbab32053a..619dabae3b 100755
--- a/core/src/plugins/auth.multi/manifest.xml
+++ b/core/src/plugins/auth.multi/manifest.xml
@@ -19,5 +19,123 @@
 	<class_definition filename="plugins/auth.multi/class.multiAuthDriver.php" classname="multiAuthDriver"/>
 	<registry_contributions>
 		<external_file filename="plugins/core.auth/standard_auth_actions.xml" include="actions/*" exclude=""/>
+        <actions>
+            <action name="login">
+                <processing>
+                    <clientCallback prepareModal="true"><![CDATA[
+                        var loginRedirect = AJXP_LOGIN_REDIRECT;
+                        var authSources = AJXP_MULTIAUTH_SOURCES;
+                        var masterAuthSource = 'AJXP_MULTIAUTH_MASTER';
+                        var userIdSeparator = 'AJXP_USER_ID_SEPARATOR';
+                        if(loginRedirect){
+                            document.location.href=loginRedirect;
+                        }else{
+                            modal.showDialogForm('Log In', ($('login_form')?'login_form':'login_form_dynamic'),
+                            function(oForm){
+                                $("generic_dialog_box").setStyle({
+                                    top:$("progressBox").getStyle('top'),
+                                    left:$("progressBox").getStyle('left')
+                                });
+                                if(!Modernizr.input.placeholder) oForm.addClassName('no_placeholder');
+                                $("generic_dialog_box").down(".titleString").hide();
+                                $("generic_dialog_box").down("#modalCloseBtn").hide();
+                                $("generic_dialog_box").down(".dialogTitle").setAttribute("style", $("progressBox").down(".dialogTitle").getAttribute("style"));
+                                if(!$("generic_dialog_box").down("#progressCustomMessage")){
+                                    if($("progressBox").down("#progressCustomMessage")) $("generic_dialog_box").down(".dialogContent").insert({top:$("progressBox").down("#progressCustomMessage").cloneNode(true)});
+                                }
+                                oForm.setStyle({display:'block'});
+                                oForm.up(".dialogContent").setStyle({backgroundImage:'none', borderWidth:0});
+
+                                if(!$('auth_source')){
+                                    var auth_chooser = '<div class="SF_element"> \
+                                        <div class="SF_label"><ajxp:message ajxp_message_id="396">'+MessageHash[396]+'</ajxp:message></div> \
+                                        <div class="SF_input"><select id="auth_source" name="auth_source" style="width: 210px; height:28px; padding:3px 0px; font-size:14px;" class="dialogFocus"></select></div> \
+                                    </div>';
+                                    oForm.down('div.SF_element').insert({before:auth_chooser});
+                                    $H(authSources).each(function(pair){
+                                        $('auth_source').insert(new Element("option", {value:pair.key}).update(pair.value));
+                                    });
+                                }
+                                ajaxplorer.loadSeedOrCaptcha(oForm.down('#login_seed'), oForm.down('img#captcha_image'), oForm.down('div.dialogLegend'), 'before');
+                                if(Prototype.Browser.IE && !oForm.down('input[type="text"]').key_enter_attached){
+                                    oForm.select('input').invoke("observe", "keydown", function(event){
+                                        if(event.keyCode == Event.KEY_RETURN){
+                                            var el = Event.findElement(event);
+                                            if(el.hasClassName('dialogButton')){
+                                                el.click();
+                                            }else{
+                                                el.form.down('input.dialogButton').click();
+                                            }
+                                        }
+                                    });
+                                    oForm.down('input[type="text"]').key_enter_attached = true;
+                                }
+                                var authConfs = ajaxplorer.getPluginConfigs("auth");
+                                if(authConfs && authConfs.get("SECURE_LOGIN_FORM")){
+                                    try{
+                                        oForm.down('input[name="remember_me"]').up("div.SF_element").remove();
+                                        oForm.down('input[name="userid"]').setAttribute("autocomplete", "off");
+                                        oForm.down('input[name="password"]').setAttribute("autocomplete", "off");
+                                        oForm.setAttribute("autocomplete", "off");
+                                    }catch(e){}
+                                }
+                                if(authConfs && authConfs.get("ENABLE_FORGOT_PASSWORD") && !oForm.down('a.forgot-password-link')){
+                                    try{
+                                        oForm.down('input[name="password"]').up("div.SF_element").insert({after:'<div class="SF_element"><a href="#" class="forgot-password-link">AJXP_MESSAGE[479]</a></div>'});
+                                        oForm.down('a.forgot-password-link').observe("click", function(e){
+                                            Event.stop(e);
+                                            ajaxplorer.actionBar.fireAction(authConfs.get("FORGOT_PASSWORD_ACTION"));
+                                        });
+                                    }catch(e){ if(console) console.log(e); }
+                                }
+                                modal.refreshDialogPosition();
+                            },
+                            function(){
+                                var oForm = modal.getForm();
+                                var connexion = new Connexion();
+                                connexion.addParameter('get_action', 'login');
+                                var selectedSource = oForm.auth_source.value;
+                                if(selectedSource == masterAuthSource){
+                                    connexion.addParameter('userid', oForm.userid.value);
+                                }else{
+                                    connexion.addParameter('userid', selectedSource+userIdSeparator+oForm.userid.value);
+                                }
+                                connexion.addParameter('login_seed', oForm.login_seed.value);
+                                connexion.addParameter('auth_source', selectedSource);
+                                connexion.addParameter('remember_me', (oForm.remember_me && oForm.remember_me.checked?"true":"false"));
+                                if(oForm.login_seed.value != '-1'){
+                                    connexion.addParameter('password', hex_md5(hex_md5(oForm.password.value)+oForm.login_seed.value));
+                                }else{
+                                    connexion.addParameter('password', oForm.password.value);
+                                }
+                                if(oForm.captcha_code){
+                                    connexion.addParameter('captcha_code', oForm.captcha_code.value);
+                                }
+                                connexion.onComplete = function(transport){
+                                    ajaxplorer.actionBar.parseXmlMessage(transport.responseXML);
+                                    if(XPathGetSingleNodeText(transport.responseXML.documentElement, "logging_result/@value") == "-4"){
+                                        ajaxplorer.loadSeedOrCaptcha(oForm.down('#login_seed'), oForm.down('img#captcha_image'), oForm.down('div.dialogLegend'), 'before');
+                                    }
+                                };
+                                connexion.setMethod('put');
+                                document.observeOnce("ajaxplorer:user_logged", function(){
+                                    if($('logging_string') && $('logging_string').down('i')){
+                                        var ht = $('logging_string').down('i').innerHTML;
+                                        var exp = ht.split(userIdSeparator);
+                                        if(exp.length > 1){
+                                            $('logging_string').down('i').update(exp[1]);
+                                        }
+                                    }
+                                });
+                                connexion.sendAsync();
+                                oForm.userid.value = '';
+                                oForm.password.value = '';
+                                return false;
+                            });
+                        }
+                    ]]></clientCallback>
+                </processing>
+            </action>
+        </actions>
 	</registry_contributions>
 </authdriver>
diff --git a/core/src/plugins/authfront.session_login/manifest.xml b/core/src/plugins/authfront.session_login/manifest.xml
index 73987a3f82..8dded2aa87 100644
--- a/core/src/plugins/authfront.session_login/manifest.xml
+++ b/core/src/plugins/authfront.session_login/manifest.xml
@@ -184,6 +184,11 @@
                     <serverCallback methodName="switchAction"/>
                 </processing>
             </action>
+            <action name="get_captcha">
+                <processing>
+                    <serverCallback methodName="switchAction"/>
+                </processing>
+            </action>
         </actions>
     </registry_contributions>
     <dependencies>
diff --git a/core/src/plugins/boot.conf/class.BootConfLoader.php b/core/src/plugins/boot.conf/class.BootConfLoader.php
index b231e23c24..2c8e1240b2 100644
--- a/core/src/plugins/boot.conf/class.BootConfLoader.php
+++ b/core/src/plugins/boot.conf/class.BootConfLoader.php
@@ -106,7 +106,7 @@ public function loadInstallerForm($action, $httpVars, $fileVars)
             }
         }
         $uri = $_SERVER["REQUEST_URI"];
-        if(strpos($uri, '.php') !== false) $uri = dirname($uri);
+        if(strpos($uri, '.php') !== false) $uri = AJXP_Utils::safeDirname($uri);
         if(empty($uri)) $uri = "/";
         $loadedValues = array(
             "ENCODING"  => (defined('AJXP_LOCALE')?AJXP_LOCALE:SystemTextEncoding::getEncoding()),