Skip to content
Browse files

google authenticator,captcha

  • Loading branch information...
1 parent f8e3096 commit da0d10d5851caeeb9ff0b17bec522ea48535a0b2 Hmayak Tigranyan committed
View
201 3rd/GoogleAuthenticator.php
@@ -0,0 +1,201 @@
+<?php
+
+/**
+ * PHP Class for handling Google Authenticator 2-factor authentication
+ *
+ * @author Michael Kliewe
+ * @copyright 2012 Michael Kliewe
+ * @license http://www.opensource.org/licenses/bsd-license.php BSD License
+ * @link http://www.phpgangsta.de/
+ */
+
+class GoogleAuthenticator
+{
+ protected $_codeLength = 6;
+
+ /**
+ * Create new secret.
+ * 16 characters, randomly chosen from the allowed base32 characters.
+ *
+ * @param int $secretLength
+ * @return string
+ */
+ public function createSecret($secretLength = 16)
+ {
+ $validChars = $this->_getBase32LookupTable();
+ unset($validChars[32]);
+
+ $secret = '';
+ for ($i = 0; $i < $secretLength; $i++) {
+ $secret .= $validChars[array_rand($validChars)];
+ }
+ return $secret;
+ }
+
+ /**
+ * Calculate the code, with given secret and point in time
+ *
+ * @param string $secret
+ * @param int|null $timeSlice
+ * @return string
+ */
+ public function getCode($secret, $timeSlice = null)
+ {
+ if ($timeSlice === null) {
+ $timeSlice = floor(time() / 30);
+ }
+
+ $secretkey = $this->_base32Decode($secret);
+
+ // Pack time into binary string
+ $time = chr(0).chr(0).chr(0).chr(0).pack('N*', $timeSlice);
+ // Hash it with users secret key
+ $hm = hash_hmac('SHA1', $time, $secretkey, true);
+ // Use last nipple of result as index/offset
+ $offset = ord(substr($hm, -1)) & 0x0F;
+ // grab 4 bytes of the result
+ $hashpart = substr($hm, $offset, 4);
+
+ // Unpak binary value
+ $value = unpack('N', $hashpart);
+ $value = $value[1];
+ // Only 32 bits
+ $value = $value & 0x7FFFFFFF;
+
+ $modulo = pow(10, $this->_codeLength);
+ return str_pad($value % $modulo, $this->_codeLength, '0', STR_PAD_LEFT);
+ }
+
+ /**
+ * Get QR-Code URL for image, from google charts
+ *
+ * @param string $name
+ * @param string $secret
+ * @return string
+ */
+ public function getQRCodeGoogleUrl($name, $secret) {
+ $urlencoded = urlencode('otpauth://totp/'.$name.'?secret='.$secret.'');
+ return 'https://chart.googleapis.com/chart?chs=200x200&chld=M|0&cht=qr&chl='.$urlencoded.'';
+ }
+
+ /**
+ * Check if the code is correct. This will accept codes starting from $discrepancy*30sec ago to $discrepancy*30sec from now
+ *
+ * @param string $secret
+ * @param string $code
+ * @param int $discrepancy This is the allowed time drift in 30 second units (8 means 4 minutes before or after)
+ * @return bool
+ */
+ public function verifyCode($secret, $code, $discrepancy = 1)
+ {
+ $currentTimeSlice = floor(time() / 30);
+
+ for ($i = -$discrepancy; $i <= $discrepancy; $i++) {
+ $calculatedCode = $this->getCode($secret, $currentTimeSlice + $i);
+ if ($calculatedCode == $code ) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ /**
+ * Set the code length, should be >=6
+ *
+ * @param int $length
+ * @return PHPGangsta_GoogleAuthenticator
+ */
+ public function setCodeLength($length)
+ {
+ $this->_codeLength = $length;
+ return $this;
+ }
+
+ /**
+ * Helper class to decode base32
+ *
+ * @param $secret
+ * @return bool|string
+ */
+ protected function _base32Decode($secret)
+ {
+ if (empty($secret)) return '';
+
+ $base32chars = $this->_getBase32LookupTable();
+ $base32charsFlipped = array_flip($base32chars);
+
+ $paddingCharCount = substr_count($secret, $base32chars[32]);
+ $allowedValues = array(6, 4, 3, 1, 0);
+ if (!in_array($paddingCharCount, $allowedValues)) return false;
+ for ($i = 0; $i < 4; $i++){
+ if ($paddingCharCount == $allowedValues[$i] &&
+ substr($secret, -($allowedValues[$i])) != str_repeat($base32chars[32], $allowedValues[$i])) return false;
+ }
+ $secret = str_replace('=','', $secret);
+ $secret = str_split($secret);
+ $binaryString = "";
+ for ($i = 0; $i < count($secret); $i = $i+8) {
+ $x = "";
+ if (!in_array($secret[$i], $base32chars)) return false;
+ for ($j = 0; $j < 8; $j++) {
+ $x .= str_pad(base_convert(@$base32charsFlipped[@$secret[$i + $j]], 10, 2), 5, '0', STR_PAD_LEFT);
+ }
+ $eightBits = str_split($x, 8);
+ for ($z = 0; $z < count($eightBits); $z++) {
+ $binaryString .= ( ($y = chr(base_convert($eightBits[$z], 2, 10))) || ord($y) == 48 ) ? $y:"";
+ }
+ }
+ return $binaryString;
+ }
+
+ /**
+ * Helper class to encode base32
+ *
+ * @param string $secret
+ * @param bool $padding
+ * @return string
+ */
+ protected function _base32Encode($secret, $padding = true)
+ {
+ if (empty($secret)) return '';
+
+ $base32chars = $this->_getBase32LookupTable();
+
+ $secret = str_split($secret);
+ $binaryString = "";
+ for ($i = 0; $i < count($secret); $i++) {
+ $binaryString .= str_pad(base_convert(ord($secret[$i]), 10, 2), 8, '0', STR_PAD_LEFT);
+ }
+ $fiveBitBinaryArray = str_split($binaryString, 5);
+ $base32 = "";
+ $i = 0;
+ while ($i < count($fiveBitBinaryArray)) {
+ $base32 .= $base32chars[base_convert(str_pad($fiveBitBinaryArray[$i], 5, '0'), 2, 10)];
+ $i++;
+ }
+ if ($padding && ($x = strlen($binaryString) % 40) != 0) {
+ if ($x == 8) $base32 .= str_repeat($base32chars[32], 6);
+ elseif ($x == 16) $base32 .= str_repeat($base32chars[32], 4);
+ elseif ($x == 24) $base32 .= str_repeat($base32chars[32], 3);
+ elseif ($x == 32) $base32 .= $base32chars[32];
+ }
+ return $base32;
+ }
+
+ /**
+ * Get array with all 32 characters for decoding from/encoding to base32
+ *
+ * @return array
+ */
+ protected function _getBase32LookupTable()
+ {
+ return array(
+ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', // 7
+ 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', // 15
+ 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', // 23
+ 'Y', 'Z', '2', '3', '4', '5', '6', '7', // 31
+ '=' // padding char
+ );
+ }
+}
View
22 3rd/recaptcha/LICENSE
@@ -0,0 +1,22 @@
+Copyright (c) 2007 reCAPTCHA -- http://recaptcha.net
+AUTHORS:
+ Mike Crawford
+ Ben Maurer
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
View
7 3rd/recaptcha/README
@@ -0,0 +1,7 @@
+reCAPTCHA README
+================
+
+The reCAPTCHA PHP Lirary helps you use the reCAPTCHA API. Documentation
+for this library can be found at
+
+ http://recaptcha.net/plugins/php
View
37 3rd/recaptcha/example-captcha.php
@@ -0,0 +1,37 @@
+<html>
+ <body>
+ <form action="" method="post">
+<?php
+
+require_once('recaptchalib.php');
+
+// Get a key from https://www.google.com/recaptcha/admin/create
+$publickey = "";
+$privatekey = "";
+
+# the response from reCAPTCHA
+$resp = null;
+# the error code from reCAPTCHA, if any
+$error = null;
+
+# was there a reCAPTCHA response?
+if ($_POST["recaptcha_response_field"]) {
+ $resp = recaptcha_check_answer ($privatekey,
+ $_SERVER["REMOTE_ADDR"],
+ $_POST["recaptcha_challenge_field"],
+ $_POST["recaptcha_response_field"]);
+
+ if ($resp->is_valid) {
+ echo "You got it!";
+ } else {
+ # set the error code so that we can display it
+ $error = $resp->error;
+ }
+}
+echo recaptcha_get_html($publickey, $error);
+?>
+ <br/>
+ <input type="submit" value="submit" />
+ </form>
+ </body>
+</html>
View
17 3rd/recaptcha/example-mailhide.php
@@ -0,0 +1,17 @@
+<html><body>
+<?
+require_once ("recaptchalib.php");
+
+// get a key at http://www.google.com/recaptcha/mailhide/apikey
+$mailhide_pubkey = '';
+$mailhide_privkey = '';
+
+?>
+
+The Mailhide version of example@example.com is
+<? echo recaptcha_mailhide_html ($mailhide_pubkey, $mailhide_privkey, "example@example.com"); ?>. <br>
+
+The url for the email is:
+<? echo recaptcha_mailhide_url ($mailhide_pubkey, $mailhide_privkey, "example@example.com"); ?> <br>
+
+</body></html>
View
277 3rd/recaptcha/recaptchalib.php
@@ -0,0 +1,277 @@
+<?php
+/*
+ * This is a PHP library that handles calling reCAPTCHA.
+ * - Documentation and latest version
+ * http://recaptcha.net/plugins/php/
+ * - Get a reCAPTCHA API Key
+ * https://www.google.com/recaptcha/admin/create
+ * - Discussion group
+ * http://groups.google.com/group/recaptcha
+ *
+ * Copyright (c) 2007 reCAPTCHA -- http://recaptcha.net
+ * AUTHORS:
+ * Mike Crawford
+ * Ben Maurer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * The reCAPTCHA server URL's
+ */
+define("RECAPTCHA_API_SERVER", "http://www.google.com/recaptcha/api");
+define("RECAPTCHA_API_SECURE_SERVER", "https://www.google.com/recaptcha/api");
+define("RECAPTCHA_VERIFY_SERVER", "www.google.com");
+
+/**
+ * Encodes the given data into a query string format
+ * @param $data - array of string elements to be encoded
+ * @return string - encoded request
+ */
+function _recaptcha_qsencode ($data) {
+ $req = "";
+ foreach ( $data as $key => $value )
+ $req .= $key . '=' . urlencode( stripslashes($value) ) . '&';
+
+ // Cut the last '&'
+ $req=substr($req,0,strlen($req)-1);
+ return $req;
+}
+
+
+
+/**
+ * Submits an HTTP POST to a reCAPTCHA server
+ * @param string $host
+ * @param string $path
+ * @param array $data
+ * @param int port
+ * @return array response
+ */
+function _recaptcha_http_post($host, $path, $data, $port = 80) {
+
+ $req = _recaptcha_qsencode ($data);
+
+ $http_request = "POST $path HTTP/1.0\r\n";
+ $http_request .= "Host: $host\r\n";
+ $http_request .= "Content-Type: application/x-www-form-urlencoded;\r\n";
+ $http_request .= "Content-Length: " . strlen($req) . "\r\n";
+ $http_request .= "User-Agent: reCAPTCHA/PHP\r\n";
+ $http_request .= "\r\n";
+ $http_request .= $req;
+
+ $response = '';
+ if( false == ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) {
+ die ('Could not open socket');
+ }
+
+ fwrite($fs, $http_request);
+
+ while ( !feof($fs) )
+ $response .= fgets($fs, 1160); // One TCP-IP packet
+ fclose($fs);
+ $response = explode("\r\n\r\n", $response, 2);
+
+ return $response;
+}
+
+
+
+/**
+ * Gets the challenge HTML (javascript and non-javascript version).
+ * This is called from the browser, and the resulting reCAPTCHA HTML widget
+ * is embedded within the HTML form it was called from.
+ * @param string $pubkey A public key for reCAPTCHA
+ * @param string $error The error given by reCAPTCHA (optional, default is null)
+ * @param boolean $use_ssl Should the request be made over ssl? (optional, default is false)
+
+ * @return string - The HTML to be embedded in the user's form.
+ */
+function recaptcha_get_html ($pubkey, $error = null, $use_ssl = false)
+{
+ if ($pubkey == null || $pubkey == '') {
+ die ("To use reCAPTCHA you must get an API key from <a href='https://www.google.com/recaptcha/admin/create'>https://www.google.com/recaptcha/admin/create</a>");
+ }
+
+ if ($use_ssl) {
+ $server = RECAPTCHA_API_SECURE_SERVER;
+ } else {
+ $server = RECAPTCHA_API_SERVER;
+ }
+
+ $errorpart = "";
+ if ($error) {
+ $errorpart = "&amp;error=" . $error;
+ }
+ return '<script type="text/javascript" src="'. $server . '/challenge?k=' . $pubkey . $errorpart . '"></script>
+
+ <noscript>
+ <iframe src="'. $server . '/noscript?k=' . $pubkey . $errorpart . '" height="300" width="500" frameborder="0"></iframe><br/>
+ <textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea>
+ <input type="hidden" name="recaptcha_response_field" value="manual_challenge"/>
+ </noscript>';
+}
+
+
+
+
+/**
+ * A ReCaptchaResponse is returned from recaptcha_check_answer()
+ */
+class ReCaptchaResponse {
+ var $is_valid;
+ var $error;
+}
+
+
+/**
+ * Calls an HTTP POST function to verify if the user's guess was correct
+ * @param string $privkey
+ * @param string $remoteip
+ * @param string $challenge
+ * @param string $response
+ * @param array $extra_params an array of extra variables to post to the server
+ * @return ReCaptchaResponse
+ */
+function recaptcha_check_answer ($privkey, $remoteip, $challenge, $response, $extra_params = array())
+{
+ if ($privkey == null || $privkey == '') {
+ die ("To use reCAPTCHA you must get an API key from <a href='https://www.google.com/recaptcha/admin/create'>https://www.google.com/recaptcha/admin/create</a>");
+ }
+
+ if ($remoteip == null || $remoteip == '') {
+ die ("For security reasons, you must pass the remote ip to reCAPTCHA");
+ }
+
+
+
+ //discard spam submissions
+ if ($challenge == null || strlen($challenge) == 0 || $response == null || strlen($response) == 0) {
+ $recaptcha_response = new ReCaptchaResponse();
+ $recaptcha_response->is_valid = false;
+ $recaptcha_response->error = 'incorrect-captcha-sol';
+ return $recaptcha_response;
+ }
+
+ $response = _recaptcha_http_post (RECAPTCHA_VERIFY_SERVER, "/recaptcha/api/verify",
+ array (
+ 'privatekey' => $privkey,
+ 'remoteip' => $remoteip,
+ 'challenge' => $challenge,
+ 'response' => $response
+ ) + $extra_params
+ );
+
+ $answers = explode ("\n", $response [1]);
+ $recaptcha_response = new ReCaptchaResponse();
+
+ if (trim ($answers [0]) == 'true') {
+ $recaptcha_response->is_valid = true;
+ }
+ else {
+ $recaptcha_response->is_valid = false;
+ $recaptcha_response->error = $answers [1];
+ }
+ return $recaptcha_response;
+
+}
+
+/**
+ * gets a URL where the user can sign up for reCAPTCHA. If your application
+ * has a configuration page where you enter a key, you should provide a link
+ * using this function.
+ * @param string $domain The domain where the page is hosted
+ * @param string $appname The name of your application
+ */
+function recaptcha_get_signup_url ($domain = null, $appname = null) {
+ return "https://www.google.com/recaptcha/admin/create?" . _recaptcha_qsencode (array ('domains' => $domain, 'app' => $appname));
+}
+
+function _recaptcha_aes_pad($val) {
+ $block_size = 16;
+ $numpad = $block_size - (strlen ($val) % $block_size);
+ return str_pad($val, strlen ($val) + $numpad, chr($numpad));
+}
+
+/* Mailhide related code */
+
+function _recaptcha_aes_encrypt($val,$ky) {
+ if (! function_exists ("mcrypt_encrypt")) {
+ die ("To use reCAPTCHA Mailhide, you need to have the mcrypt php module installed.");
+ }
+ $mode=MCRYPT_MODE_CBC;
+ $enc=MCRYPT_RIJNDAEL_128;
+ $val=_recaptcha_aes_pad($val);
+ return mcrypt_encrypt($enc, $ky, $val, $mode, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
+}
+
+
+function _recaptcha_mailhide_urlbase64 ($x) {
+ return strtr(base64_encode ($x), '+/', '-_');
+}
+
+/* gets the reCAPTCHA Mailhide url for a given email, public key and private key */
+function recaptcha_mailhide_url($pubkey, $privkey, $email) {
+ if ($pubkey == '' || $pubkey == null || $privkey == "" || $privkey == null) {
+ die ("To use reCAPTCHA Mailhide, you have to sign up for a public and private key, " .
+ "you can do so at <a href='http://www.google.com/recaptcha/mailhide/apikey'>http://www.google.com/recaptcha/mailhide/apikey</a>");
+ }
+
+
+ $ky = pack('H*', $privkey);
+ $cryptmail = _recaptcha_aes_encrypt ($email, $ky);
+
+ return "http://www.google.com/recaptcha/mailhide/d?k=" . $pubkey . "&c=" . _recaptcha_mailhide_urlbase64 ($cryptmail);
+}
+
+/**
+ * gets the parts of the email to expose to the user.
+ * eg, given johndoe@example,com return ["john", "example.com"].
+ * the email is then displayed as john...@example.com
+ */
+function _recaptcha_mailhide_email_parts ($email) {
+ $arr = preg_split("/@/", $email );
+
+ if (strlen ($arr[0]) <= 4) {
+ $arr[0] = substr ($arr[0], 0, 1);
+ } else if (strlen ($arr[0]) <= 6) {
+ $arr[0] = substr ($arr[0], 0, 3);
+ } else {
+ $arr[0] = substr ($arr[0], 0, 4);
+ }
+ return $arr;
+}
+
+/**
+ * Gets html to display an email address given a public an private key.
+ * to get a key, go to:
+ *
+ * http://www.google.com/recaptcha/mailhide/apikey
+ */
+function recaptcha_mailhide_html($pubkey, $privkey, $email) {
+ $emailparts = _recaptcha_mailhide_email_parts ($email);
+ $url = recaptcha_mailhide_url ($pubkey, $privkey, $email);
+
+ return htmlentities($emailparts[0]) . "<a href='" . htmlentities ($url) .
+ "' onclick=\"window.open('" . htmlentities ($url) . "', '', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300'); return false;\" title=\"Reveal this e-mail address\">...</a>@" . htmlentities ($emailparts [1]);
+
+}
+
+
+?>
View
14 conf/conf_meta.php
@@ -1,13 +1,15 @@
<?php
# set the changeable $conf
$alt_conf=array(/*"base_uuid","acl_base","root_name",
-"root_email","root_tel","db_host","db_port",*/ "theme",
-/*"db_name","db_user","db_pass","debug" ,*/"session_writer",
-"session_name","session_timeout",/*"dbal_lib_name","db_engine","storage_engine",
-"enable_cache","cache_dir","locale",*/ "locale_lib",/*
+"root_email","root_tel","db_host","db_port",*/ "theme"=>_t("Theme"),
+/*"db_name","db_user","db_pass","debug" ,*/"session_writer"=>_t("Session writer"),
+"session_name"=>_t("Session name"),"session_timeout"=>_t("Session timeout"),/*"dbal_lib_name","db_engine","storage_engine",
+"enable_cache","cache_dir","locale",*/ "locale_lib"=>_t("Locale lib"),/*
"fb_locale","custom_form","related_search", "media_dir",
-"media_mode" */);
+"media_mode" */
+ "use_recaptcha"=>_t("Use reCAPTCHA "),"recaptcha_public_key"=>_t("reCAPTCHA Public Key"),
+ "recaptcha_private_key"=>_t("reCAPTCHA Private Key"));
$alt_conf_check=array("acl_base"=>"t","debug"=>"t","enable_cache"=>"t","custom_form"=>"t",
-"related_search"=>"t");
+"related_search"=>"t","use_recaptcha"=>"t");
View
578 data/User.php
@@ -1,4 +1,5 @@
-<?php
+<?php
+
/**
* DataObject For system users of OpenEvSys.
*
@@ -20,283 +21,350 @@
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
-
+
* @author Nilushan Silva <nilushan@respere.com>
*
* @package OpenEvsys
* @subpackage DataModel
*
*/
+require_once( APPROOT . 'data/DataObject.php' );
+require_once( APPROOT . '3rd/GoogleAuthenticator.php');
+
+class User extends ADODB_Active_Record {
+
+ protected $username = '';
+ protected $password = '';
+ protected $salt;
+ protected $old_password;
+ protected $old_salt;
+ protected $role = '';
+ protected $created = ''; // store the date format used by mysql
+ protected $last_login = '';
+ protected $user_profile = null;
+ protected $user_code;
+ private $pkey = array('username');
+ public $config;
+
+ public function __construct($table = false, $pkeyarr = false, $db = false, $options = array()) {
+
+ $table = 'user';
+
+ parent::__construct($table, $pkey, $db, $options);
+
+ $this->belongsTo('user_profile', 'username', 'username');
+ $this->hasMany('user_code', 'username');
+ }
+
+ //getters
+
+
+
+ public function getUserName() {
+ return $this->username;
+ }
+
+ public function getPasswordHash() {
+ return $this->password;
+ }
+
+ public function getSalt() {
+
+ return $this->salt;
+ }
+
+ public function getOldPasswordHash() {
+ return $this->old_password;
+ }
+
+ public function getOldSalt() {
+ return $this->old_salt;
+ }
+
+ public function getUserType() {
+ return $this->role;
+ }
+
+ public function getCreatedDate() {
+ $mysqldate = $this->created;
+ $phpdate = strtotime($mysqldate);
+ return $phpdate;
+ }
+
+ public function getLastLoginDate() {
+ $mysqldate = $this->last_login;
+ $phpdate = strtotime($mysqldate);
+ return $phpdate;
+ }
-require_once ( APPROOT . 'data/DataObject.php' );
-
-
-
-class User extends ADODB_Active_Record{
-
-
- protected $username = '';
- protected $password = '';
- protected $salt;
- protected $old_password;
- protected $old_salt;
- protected $role = '';
- protected $created =''; // store the date format used by mysql
- protected $last_login = '';
- protected $user_profile = null ;
- protected $user_code;
-
- private $pkey = array('username');
-
- public function __construct($table = false, $pkeyarr=false, $db=false, $options=array()){
-
- $table = 'user';
-
- parent::__construct($table, $pkey ,$db , $options);
-
- $this->belongsTo( 'user_profile' , 'username' , 'username' ) ;
- $this->hasMany( 'user_code' , 'username' ) ;
-
-
- }
-
-
-
- //getters
-
-
-
- public function getUserName(){
- return $this->username;
- }
-
- public function getPasswordHash(){
- return $this->password;
- }
-
- public function getSalt(){
-
- return $this->salt;
- }
-
- public function getOldPasswordHash(){
- return $this->old_password;
- }
-
- public function getOldSalt(){
- return $this->old_salt;
- }
-
- public function getUserType(){
- return $this->role;
- }
-
- public function getCreatedDate(){
- $mysqldate = $this->created;
- $phpdate = strtotime( $mysqldate );
- return $phpdate;
- }
-
- public function getLastLoginDate(){
- $mysqldate = $this->last_login;
- $phpdate = strtotime( $mysqldate );
- return $phpdate;
- }
-
- public function getUserProfile(){
-
- //$this->loadUserProfile();
- $this->user_profile;
- return $this->user_profile;
- }
-
-
- public function getUserCodeCode(){
- //$this->loadUserCode();
- $this->user_code;
- echo '<br /> getusercodecode() :' .$this->user_code->code;
- return $this->user_code->code;
- }
-
- public function getUserCodeAction(){
- //$this->loadUserCode();
- return $this->user_code->action;
- }
-
- public function getUserCodeExpiry(){
- //$this->loadUserCode();
+ public function getUserProfile() {
+
+ //$this->loadUserProfile();
+ $this->user_profile;
+ return $this->user_profile;
+ }
+
+ public function getUserCodeCode() {
+ //$this->loadUserCode();
+ $this->user_code;
+ echo '<br /> getusercodecode() :' . $this->user_code->code;
+ return $this->user_code->code;
+ }
+
+ public function getUserCodeAction() {
+ //$this->loadUserCode();
+ return $this->user_code->action;
+ }
+
+ public function getUserCodeExpiry() {
+ //$this->loadUserCode();
$mysqldate = $this->user_code->expiry;
- $phpdate = strtotime( $mysqldate );
+ $phpdate = strtotime($mysqldate);
return $phpdate;
- }
-
- //setters
-
-
-
- public function setUserName($username){
- $this->username = $username;
- }
-
- public function setPassword($password){
-
- $this->password = shn_auth_generateHash( $password , $this->getSalt() ) ;
- }
-
- public function setSalt($salt){
- $this->salt = $salt;
- }
-
- public function setOldPasswordHash($oldPasswordHash){
- $this->old_password = $oldPasswordHash ;
- }
-
- public function setOldSalt($oldSalt){
- $this->old_salt = $oldSalt;
- }
-
- public function setRole($role){
- $this->role = $role;
- }
-
- public function setCreatedDate($phpdate){
-
- $mysqldate = date( 'Y-m-d H:i:s', $phpdate );
- $this->created = $mysqldate;
- }
-
- public function setLastLoginDate($phpdate){
- $mysqldate = date( 'Y-m-d H:i:s', $phpdate );
- $this->last_login = $mysqldate;
- }
-
- public function setUserProfile($user_profile){
- $this->user_profile = $user_profile;
- }
-
- public function setUserCodeCode($userCode){
+ }
+
+ //setters
+
+
+
+ public function setUserName($username) {
+ $this->username = $username;
+ }
+
+ public function setPassword($password) {
+
+ $this->password = shn_auth_generateHash($password, $this->getSalt());
+ }
+
+ public function setSalt($salt) {
+ $this->salt = $salt;
+ }
+
+ public function setOldPasswordHash($oldPasswordHash) {
+ $this->old_password = $oldPasswordHash;
+ }
+
+ public function setOldSalt($oldSalt) {
+ $this->old_salt = $oldSalt;
+ }
+
+ public function setRole($role) {
+ $this->role = $role;
+ }
+
+ public function setCreatedDate($phpdate) {
+
+ $mysqldate = date('Y-m-d H:i:s', $phpdate);
+ $this->created = $mysqldate;
+ }
+
+ public function setLastLoginDate($phpdate) {
+ $mysqldate = date('Y-m-d H:i:s', $phpdate);
+ $this->last_login = $mysqldate;
+ }
+
+ public function setUserProfile($user_profile) {
+ $this->user_profile = $user_profile;
+ }
+
+ public function setUserCodeCode($userCode) {
$this->user_code->code = $userCode;
}
-
- public function setUserCodeCodeGenerated(){
- $this->user_code->code = $this->auth_generateSalt();
+
+ public function setUserCodeCodeGenerated() {
+ $this->user_code->code = $this->auth_generateSalt();
}
-
- public function setUserCodeAction($action){
+
+ public function setUserCodeAction($action) {
$this->user_code->action = $action;
}
-
- public function setUserCodeExpiry($expiry){
- $mysqldate = date( 'Y-m-d H:i:s', $expiry );
+
+ public function setUserCodeExpiry($expiry) {
+ $mysqldate = date('Y-m-d H:i:s', $expiry);
$this->user_code->expiry = $mysqldate;
}
-
- /////////////////////////////////////////////////////////////////////
-
- public function loadUserProfile(){
- //if( isset($this->user_profile ) ){
- $this->user_profile;
- //}
- }
-
- public function loadUserCode(){
- //if( $this->user_code == null ){
- $this->user_code;
- //}
- }
-
+
+ /////////////////////////////////////////////////////////////////////
+
+ public function loadUserProfile() {
+ //if( isset($this->user_profile ) ){
+ $this->user_profile;
+ //}
+ }
+
+ public function loadUserCode() {
+ //if( $this->user_code == null ){
+ $this->user_code;
+ //}
+ }
+
/////////////////////////////////////////////////////////////////////
-
- public function Save(){
-
- $ok = parent::Save();
- if (!$ok){
+ public function Save() {
+
+
+ $ok = parent::Save();
+ if (!$ok) {
+ $err = $this->ErrorMsg();
+ echo $err;
+ //throw new ADODB_Exception();// Exception($err); // should remove exception and add error handling routines
+ }
+
+ //Save UserProfile
+ if ($this->user_profile != null) {
+ $this->user_profile->username = $this->username;
+ $ok = $this->user_profile->Save();
+ if (!$ok) {
$err = $this->ErrorMsg();
echo $err;
//throw new ADODB_Exception();// Exception($err); // should remove exception and add error handling routines
}
-
- //Save UserProfile
- if($this->user_profile!=null){
- $this->user_profile->username = $this->username;
- $ok = $this->user_profile->Save();
- if (!$ok){
- $err = $this->ErrorMsg();
- echo $err;
- //throw new ADODB_Exception();// Exception($err); // should remove exception and add error handling routines
- }
- }
-
- //Save UserCodes
- if($this->user_code!=null){
- $this->user_code->username = $this->username;
- $ok = $this->user_code->Save();
- if (!$ok){
- $err = $this->ErrorMsg();
- echo $err;
+ }
+
+ //Save UserCodes
+ if ($this->user_code != null) {
+ $this->user_code->username = $this->username;
+ $ok = $this->user_code->Save();
+ if (!$ok) {
+ $err = $this->ErrorMsg();
+ echo $err;
//throw new ADODB_Exception();// Exception($err); // should remove exception and add error handling routines
- }
-
}
-
- if($err==null)
+ }
+
+ if ($err == null)
+ return true;
+ }
+
+ function Delete($field, $value) {
+ $db = $this->DB();
+ if (!$db)
+ return false;
+ $table = $this->TableInfo();
+
+ $where = "$field='" . $value . "'";
+ $sql = 'DELETE FROM ' . $this->_table . ' WHERE ' . $where;
+ $ok = $db->Execute($sql);
+
+ if (!$ok) {
+ $err = $this->ErrorMsg();
+ //throw new DbException($err);
+ echo $err;
+ }else
return true;
-
- }
-
- function Delete( $field , $value )
- {
- $db = $this->DB(); if (!$db) return false;
- $table = $this->TableInfo();
-
- $where = "$field='" . $value . "'";
- $sql = 'DELETE FROM '.$this->_table.' WHERE '.$where;
- $ok = $db->Execute($sql);
-
- if (!$ok){
- $err = $this->ErrorMsg();
- //throw new DbException($err);
- echo $err;
- }else
- return true;
- }
-
-
- public function toString(){
-
-
- echo 'Username - ' . $this->getUserName() . '<br />';
- echo 'Password - ' . $this->getPasswordHash(). '<br />';
- echo 'Created - ' . $this->getCreatedDate() . '<br />';
- echo 'Last loggin- ' . $this->getLastLoginDate() . '<br />';
- $userProfile = $this->getUserProfile();
- //$userProfile = new UserProfile();
- echo 'First Name - ' . $userProfile->getFirstName() . '<br />';
- //var_dump($userProfileO);
-
- }
-
-
- ////authentication related functions////////////////////////////////////////////////////////////
-
- public function isPasswordMatch($plainTextPassword){
- //var_dump('password hash' , $this->getPasswordHash() );
- //var_dump('generated' , generate_password($plainTextPassword , $this->getSalt() ) );
- return ( $this->getPasswordHash() == shn_auth_generateHash($plainTextPassword , $this->getSalt() ) );
- }
-
- private function auth_generateHash($plainText, $salt ){
- return sha1($salt . $plainText);
- }
-
- private function auth_generateSalt(){
- return substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
- }
- //validation functions
-
- //relasionship Data
-
-
-
+ }
+
+ public function toString() {
+
+
+ echo 'Username - ' . $this->getUserName() . '<br />';
+ echo 'Password - ' . $this->getPasswordHash() . '<br />';
+ echo 'Created - ' . $this->getCreatedDate() . '<br />';
+ echo 'Last loggin- ' . $this->getLastLoginDate() . '<br />';
+ $userProfile = $this->getUserProfile();
+ //$userProfile = new UserProfile();
+ echo 'First Name - ' . $userProfile->getFirstName() . '<br />';
+ //var_dump($userProfileO);
+ }
+
+ ////authentication related functions////////////////////////////////////////////////////////////
+
+ public function isPasswordMatch($plainTextPassword) {
+ //var_dump('password hash' , $this->getPasswordHash() );
+ //var_dump('generated' , generate_password($plainTextPassword , $this->getSalt() ) );
+ return ( $this->getPasswordHash() == shn_auth_generateHash($plainTextPassword, $this->getSalt()) );
+ }
+
+ private function auth_generateHash($plainText, $salt) {
+ return sha1($salt . $plainText);
+ }
+
+ private function auth_generateSalt() {
+ return substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
+ }
+
+ //validation functions
+ //relasionship Data
+
+
+ public function TSVSaveMGA($code) {
+ if ($this->verifyGACode($code)) {
+ $cfg = array();
+ if (!empty($this->config)) {
+ $cfg = @json_decode($this->config, true);
+ }
+ $cfg['security']['TSV']['method'] = 'MGA';
+
+ $this->config = json_encode($cfg);
+ $this->Save();
+ } else {
+ return false;
+ }
+
+ return true;
+ }
+
+ public function disableTSV() {
+ $cfg = array();
+ if (!empty($this->config)) {
+ $cfg = @json_decode($this->config, true);
+ }
+
+ unset($cfg['security']['TSV']['method']);
+ unset($cfg['security']['TSV']['secret']);
+ $this->config = json_encode($cfg);
+ $this->Save();
+ return true;
+ }
+
+ /* get Google Authenticator secret key */
+
+ public function getGASk() {
+ $result = array('secret' => 'xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx');
+ $cfg = array();
+ if (!empty($this->config)) {
+ $cfg = @json_decode($this->config, true);
+ }
+ if (empty($cfg['security'])) {
+ $cfg['security'] = array();
+ }
+ if (empty($cfg['security']['TSV'])) {
+ $cfg['security']['TSV'] = array();
+ }
+
+ $ga = new GoogleAuthenticator();
+
+ if (empty($cfg['security']['TSV']['secret'])) {
+ $cfg['security']['TSV']['secret'] = $ga->createSecret(16);
+ $this->config = json_encode($cfg);
+ $this->Save();
+ }
+ $result['secret'] = $cfg['security']['TSV']['secret'];
+
+ $result['url'] = $ga->getQRCodeGoogleUrl($_SERVER['SERVER_NAME'], $result['secret']);
+
+
+ return $result;
+ }
+
+ /* get code for Google Authenticator */
+
+ private function getGACode() {
+ $sk = $this->getGASk();
+ $sk = $sk['secret'];
+ $ga = new GoogleAuthenticator();
+
+ return $ga->getCode($sk);
+ }
+
+ /* verify given Google Authenticator code */
+
+ public function verifyGACode($code) {
+ $sk = $this->getGASk();
+ $sk = $sk['secret'];
+ $ga = new GoogleAuthenticator();
+
+ return $ga->verifyCode($sk, $code);
+ }
+
}
View
131 inc/security/handler_auth.inc
@@ -1,90 +1,111 @@
<?php
+global $global, $conf;
-global $global;
+define(ANONYMOUS_USER, 0);
-define(ANONYMOUS_USER,0);
+include_once APPROOT . '/inc/security/lib_auth.inc';
+include_once APPROOT . '/inc/security/lib_acl_cas.inc';
-include_once APPROOT.'/inc/security/lib_auth.inc';
-include_once APPROOT.'/inc/security/lib_acl_cas.inc';
+if (isset($_POST['login']) && 'login' == $_POST['login']) {
+ $captchavalid = true;
+ if ($conf['use_recaptcha']) {
+ require_once(APPROOT . '3rd/recaptcha/recaptchalib.php');
+ $publickey = $conf['recaptcha_public_key'];
+ $privatekey = $conf['recaptcha_private_key'];
+ $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
-if(isset($_POST['login'])&&'login'==$_POST['login']){
+ if (!$resp->is_valid) {
+ $global['loginerror'] = _t("The reCAPTCHA wasn't entered correctly.");
+ $captchavalid = false;
+ }
+ }
+
+ $username = addslashes($_POST['username']);
+ $password = addslashes($_POST['password']);
- $username=addslashes($_POST['username']);
- $password=addslashes($_POST['password']);
-
$user = UserHelper::loadFromUsername($username);
-
- if($user==null){
- $global['nouser'] =_t('USER_NOT_FOUND__INVALID_USERNAME_OR_PASSWORD__PLEASE_TRY_AGAIN_');
- }
- else if($user->status != 'active'){
+ if ($captchavalid) {
+ if ($user == null) {
+ $global['nouser'] = _t('USER_NOT_FOUND__INVALID_USERNAME_OR_PASSWORD__PLEASE_TRY_AGAIN_');
+ } else if ($user->status != 'active') {
$global['loginerror'] = _t('INVALID_USERNAME_OR_PASSWORD__PLEASE_TRY_AGAIN_');
- }
- else{
- if( $user->isPasswordMatch($password) ){
- //if so registor the user in the session.
- //MUST REMEMBER ALLWAYS REGENERATE SESSION ID WHEN PERMISSION LEVEL CHANGES *******
- if (!isset($_COOKIE['cookie-check'])) {
- // cookies disabled
- $global['loginerror'] = _t("YOUR_BROWSER_S_COOKIE_FUNCTIONALITY_IS_TURNED_OFF__PLEASE_TURN_IT_ON");
- }else{
- session_regenerate_id();
- $_SESSION['username']=$user->getUserName();
+ } else {
+ if ($user->isPasswordMatch($password)) {
+ //if so registor the user in the session.
+ //MUST REMEMBER ALLWAYS REGENERATE SESSION ID WHEN PERMISSION LEVEL CHANGES *******
+ if (!isset($_COOKIE['cookie-check'])) {
+ // cookies disabled
+ $global['loginerror'] = _t("YOUR_BROWSER_S_COOKIE_FUNCTIONALITY_IS_TURNED_OFF__PLEASE_TURN_IT_ON");
+ } else {
+ session_regenerate_id();
+ $_SESSION['username'] = $user->getUserName();
+ $cfg = array();
+ if (!empty($user->config)) {
+ $cfg = @json_decode($user->config, true);
+ }
+ if (!empty($cfg['security']['TSV']['method'])) {
+ $_SESSION['check_TSV'] = time();
+ }
+ }
}
+ else
+ $global['loginerror'] = _t('INVALID_USER_ID_OR_PASSWORD__PLEASE_TRY_AGAIN_');
}
- else
- $global['loginerror'] = _t('INVALID_USER_ID_OR_PASSWORD__PLEASE_TRY_AGAIN_');
}
-}else{
- setcookie("cookie-check", "some-value");
+}elseif( !empty($_SESSION['check_TSV']) && !empty($_POST['code']) ){
+ $user = UserHelper::loadFromUsername($_SESSION['username']);
+ if( $user->verifyGACode($_POST['code']) ){
+ unset($_SESSION['check_TSV']);
+ }else{
+ $global['loginerror'] = _t('Wrong verification code. Please try again.');
+ }
+}else {
+ setcookie("cookie-check", "some-value");
}
//check if a remember key is set
-/*if(!isset($_SESSION['username']) && isset($_COOKIE["R"]) && isset($_COOKIE["U"])){
- $code = shn_auth_getcode( $_COOKIE["U"] ,'remember');
- $value = shn_auth_generateHash($_SERVER['HTTP_USER_AGENT'] , $code);
- if($_COOKIE["R"]==$value)
- $_SESSION['username'] = $_COOKIE["U"];
-}
-*/
+/* if(!isset($_SESSION['username']) && isset($_COOKIE["R"]) && isset($_COOKIE["U"])){
+ $code = shn_auth_getcode( $_COOKIE["U"] ,'remember');
+ $value = shn_auth_generateHash($_SERVER['HTTP_USER_AGENT'] , $code);
+ if($_COOKIE["R"]==$value)
+ $_SESSION['username'] = $_COOKIE["U"];
+ }
+ */
//check if the action is log out
-if( $_GET['act']=='logout'){
-
+if ($_GET['act'] == 'logout') {
+
+
-
//remove any remember key if exists
- shn_auth_del_code($_SESSION['username'] , 'remember');
-
- session_regenerate_id();
+ shn_auth_del_code($_SESSION['username'], 'remember');
+
+ session_regenerate_id();
session_unset();
session_destroy();
- $_SESSION['username']=null;
- if(isCasAuth()){ // cas auth
- casLogout();
+ $_SESSION['username'] = null;
+ if (isCasAuth()) { // cas auth
+ casLogout();
}
-
}
//check if the user session exists
-if(!isset($_SESSION['username'])){
- //normal auth
- include_once APPROOT.'/tpls/html_login.php';
- exit(0);
-
-
+if (!isset($_SESSION['username']) || $_SESSION['check_TSV']) {
+ //normal auth
+ include_once APPROOT . '/tpls/html_login.php';
+ exit(0);
+
+
//if not set the user as anonymous
//$_SESSION['username']=ANONYMOUS_USER;
//$global['username']=ANONYMOUS_USER;
-}else{
+} else {
//if exists set the global username
- $global['username']=$_SESSION['username'];
+ $global['username'] = $_SESSION['username'];
}
-
-
?>
View
51 mod/admin/adminModule.class.php
@@ -53,7 +53,7 @@ public function act_field_customization() {
if ($this->entity_select == 'event' || $this->entity_select == 'person' || $this->entity_select == 'supporting_docs_meta') {
$this->browse_needed = true;
}
- if($this->entity_select == 'biographic_details' && $conf['menus']['biography_list']){
+ if ($this->entity_select == 'biographic_details' && $conf['menus']['biography_list']) {
$this->browse_needed = true;
}
@@ -297,6 +297,36 @@ public function act_edit_password() {
$this->change_password_form = $change_password_form;
}
+ public function act_edit_security() {
+ include_once 'lib_user.inc';
+
+ $user = user_get_selected();
+ $result = $user->getGASk();
+
+ if (isset($_POST['disable'])) {
+ $user->disableTSV();
+ } elseif (isset($_POST['code'])) {
+ $resp = $user->TSVSaveMGA($_POST['code']);
+ if (!$resp) {
+ $this->wrongcode = true;
+ } else {
+ $this->changed = true;
+ }
+ }
+ $cfg = array();
+ if (!empty($user->config)) {
+ $cfg = @json_decode($user->config, true);
+ }
+ if ($cfg['security']['TSV']['method'] == "MGA") {
+ $this->enabled = true;
+ }
+
+
+ $this->url = $result['url'];
+ $this->secret = $result['secret'];
+ $this->user = $user;
+ }
+
public function act_add_user() {
// var_dump($_POST);
@@ -478,10 +508,9 @@ public function act_mt_customization() {
if (isset($this->mt_select)) {
//handle delete requests
- if($_POST['bulkaction'] && !$_POST['vocab_number_list']){
- shnMessageQueue::addError(_t('Please select items to perform action'));
-
- }
+ if ($_POST['bulkaction'] && !$_POST['vocab_number_list']) {
+ shnMessageQueue::addError(_t('Please select items to perform action'));
+ }
if (isset($_POST['bulkaction']) && $_POST['bulkaction'] == "deleteselected") {
$this->has_children = false;
foreach ($_POST['vocab_number_list'] as $vocab_number => $v) {
@@ -521,6 +550,10 @@ public function act_mt_customization() {
}
}
+ public function act_menu(){
+
+
+ }
/* }}} */
/* {{{ Acl functions */
@@ -596,7 +629,7 @@ public function act_permissions() {
$gacl = new gacl_api(array('db' => $global['db'], 'db_table_prefix' => 'gacl_'));
//select role
$this->roles = acl_get_roles();
-
+
if (isset($_REQUEST['role']))
$this->role = $_REQUEST['role'];
@@ -698,7 +731,7 @@ public function act_set_locale() {
public function act_change_print() {
global $conf;
if (isset($_POST["save"])) {
- $keys = array('print_report_header', 'print_event_header','print_person_header');// 'print_event_sidebar', , 'print_person_sidebar');
+ $keys = array('print_report_header', 'print_event_header', 'print_person_header'); // 'print_event_sidebar', , 'print_person_sidebar');
foreach ($keys as $key) {
$value = $_POST[$key];
$conf[$key] = $value;
@@ -885,14 +918,14 @@ public function act_export() {
/* }}} */
public function act_System_configuration() {
- global $alt_conf;
+ global $alt_conf, $alt_conf_check;
require_once(APPROOT . 'conf/conf_meta.php');
if (isset($_POST["submit"])) {
global $conf;
$this->conf = $conf;
unset($_POST["submit"]);
- global $alt_conf_check;
+
$this->alt_conf_check = $alt_conf_check;
foreach ($alt_conf_check as $key => $value) {
if (!isset($_POST[$key])) {
View
159 mod/admin/tpls/act_System_configuration.php
@@ -1,84 +1,91 @@
-<h2><?php echo _t('SYSTEM_CONFIGURATION')?></h2>
+
+<h2><?php echo _t('SYSTEM_CONFIGURATION') ?></h2>
<br>
-<form class="form-horizontal" action='<?php
-echo get_url('admin','System_configuration')
- ?>' method='post'>
- <?php global $conf; ?>
-<script type="text/javascript" src="res/jquery/tinymce/4.0b3/jquery.tinymce.min.js"></script>
-<script type="text/javascript" src="res/jquery/tinymce/4.0b3/tinymce.min.js"></script>
+<form class="form-horizontal" action='<?php
+echo get_url('admin', 'System_configuration')
+?>' method='post'>
+ <?php global $conf; ?>
+ <script type="text/javascript" src="res/jquery/tinymce/4.0b3/jquery.tinymce.min.js"></script>
+ <script type="text/javascript" src="res/jquery/tinymce/4.0b3/tinymce.min.js"></script>
-<div class="row-fluid">
- <div class="span12" >
- <h3><?php echo _t('Header for login page') ?></h3>
+
+ <table class='table table-bordered table-striped table-hover'>
+ <thead>
+ <tr>
+ <th><?php echo _t("CONFIG_VARIABLE") ?></th>
+ <th><?php echo _t("CURRENT_VALUE") ?></th>
+ <th><?php echo _t("MODIFIED_VALUE") ?></th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php
+ $i = 0;
+//FirePHP::getInstance(true)->log('Iterators');
+ global $alt_conf;
+ $this->alt_conf = $alt_conf;
+ global $conf;
+ $this->conf = $conf;
+ global $alt_conf_check;
+ $this->alt_conf_check = $alt_conf_check;
+ //$conf value changes according to the database change
+ if(!$conf['recaptcha_public_key']){
+ $conf['recaptcha_public_key'] = '6LeRsucSAAAAAMvoR-tFeiOj3nncUaqqo4I0EBjq';
+ $conf['recaptcha_private_key'] = '6LeRsucSAAAAAPBCrflRDXa1ijm2Zw1u2hGXNPjD';
+}
+ foreach ($alt_conf as $key => $value) {
+ ?>
+ <tr <?php echo ($i++ % 2 == 1) ? 'class="odd"' : ''; ?>>
+ <td>
+ <?php echo $value; ?>
+ </td>
+ <td><?php if (isset($alt_conf_check[$key])) {
+ /*?>
+ <input type='checkbox'
+ <?php
+ $checked = ($conf[$value] == _t('TRUE')) ? 'checked="true"' : '';
+ echo $checked;
+ echo "disabled"
+ ?>
+ />
+ <?php*/
+ } else {
+ echo $conf[$key];
+ }
+ ?></td>
+ <td >
+ <input
+ <?php if (isset($alt_conf_check[$key])) { ?>
+ type='checkbox' name='<?php echo $key; ?>'
+ <?php
+ echo "value='true'";
+ $checked = ($conf[$key] == _t('TRUE')) ? 'checked="true"' : '';
+ echo $checked;
+ ?>
+ <?php } else { ?>
+ type="text" name="<?php echo $key ?>" id="<?php echo $key ?>" <?php echo $readonly ?> value="<?php echo $conf[$key] ?>"
+ <?php } ?>
+ />
+ <?php
+ //$extra_opts['required']="y";
+ // $extra_opts["help"]=(4000+$key);
+ // shn_form_extra_opts($extra_opts);
+ ?>
+ </td>
+ </tr>
+<?php } ?>
+ </tbody>
+ </table>
+ <div class="row-fluid">
+ <div class="span12" >
+ <h3><?php echo _t('Header for login page') ?></h3>
- <textarea class="tinymce" name="login_header" rows="15"><?php echo htmlentities($conf['login_header'], ENT_QUOTES, "UTF-8")?></textarea>
+ <textarea class="tinymce" name="login_header" rows="15"><?php echo htmlentities($conf['login_header'], ENT_QUOTES, "UTF-8") ?></textarea>
- </div>
</div>
-<table class='table table-bordered table-striped table-hover'>
-<thead>
-<tr>
-<th><?php echo _t("CONFIG_VARIABLE")?></th>
-<th><?php echo _t("CURRENT_VALUE")?></th>
-<th><?php echo _t("MODIFIED_VALUE")?></th>
-</tr>
-</thead>
-<tbody>
-<?php $i=0;
-//FirePHP::getInstance(true)->log('Iterators');
- global $alt_conf;
- $this->alt_conf = $alt_conf;
- global $conf;
- $this->conf = $conf;
- global $alt_conf_check;
- $this->alt_conf_check = $alt_conf_check;
- //$conf value changes according to the database change
- foreach($alt_conf as $key=>$value){?>
- <tr <?php echo ($i++%2==1)?'class="odd"':''; ?>>
- <td>
- <?php echo $value;?>
- </td>
- <td><?php
- if(isset($alt_conf_check[$value])){?>
- <input type='checkbox'
- <?php
- $checked = ($conf[$value]==_t('TRUE')) ? 'checked="true"' : '';
- echo $checked;
- echo "disabled"
- ?>
- />
- <?php
- }else{
- echo $conf[$value];
- }
- ?></td>
- <td >
- <input
- <?php if(isset($alt_conf_check[$value])){ ?>
- type='checkbox' name='<?php echo $value; ?>'
- <?php
- echo "value='true'";
- $checked = ($conf[$value]==_t('TRUE')) ? 'checked="true"' : '';
- echo $checked;
- ?>
- <?php }else{ ?>
- type="text" name="<?php echo $value?>" id="<?php echo $value?>" <?php echo $readonly?> value="<?php echo $conf[$value]?>"
- <?php } ?>
- />
- <?php
- //$extra_opts['required']="y";
- // $extra_opts["help"]=(4000+$key);
- // shn_form_extra_opts($extra_opts);
- ?>
- </td>
- </tr>
-<?php }?>
-</tbody>
-</table>
-<center>
-<br />
-<button type="submit" class="btn btn-primary" name='submit' ><i class="icon-ok icon-white"></i> <?php echo _t('SAVE') ?></button>
-</center>
+ </div><center>
+ <br />
+ <button type="submit" class="btn btn-primary" name='submit' ><i class="icon-ok icon-white"></i> <?php echo _t('SAVE') ?></button>
+ </center>
</form>
<script>
tinymce.init({
View
2 mod/admin/tpls/act_edit_password.php
@@ -12,6 +12,8 @@
</li>
<li class="active"><a href="<?php get_url('admin', 'edit_password', null, array('uid' => $username)); ?> " ><?php echo _t('CHANGE_PASSWORD') ?></a>
</li>
+ <li><a href="<?php get_url('admin', 'edit_security', null, array('uid' => $username)); ?> " ><?php echo _t('Security') ?></a>
+ </li>
</ul></div>
<div class='panel'>
<div class="form-container">
View
85 mod/admin/tpls/act_edit_security.php
@@ -0,0 +1,85 @@
+<?php
+global $conf;
+$username = $user->getUserName();
+?>
+<h2><?php echo _t('EDIT_USER') . " : <span class='red'> $username </span>" ?></h2>
+<br />
+<?php $fields = shn_form_get_html_fields($change_password_form); ?>
+<div>
+ <ul class="nav nav-tabs tabnav">
+
+ <li><a href="<?php get_url('admin', 'edit_user', null, array('uid' => $username)); ?> " ><?php echo _t('EDIT_PROFILE') ?></a>
+ </li>
+ <li><a href="<?php get_url('admin', 'edit_password', null, array('uid' => $username)); ?> " ><?php echo _t('CHANGE_PASSWORD') ?></a>
+ </li>
+ <li class="active"><a href="<?php get_url('admin', 'edit_security', null, array('uid' => $username)); ?> " ><?php echo _t('Security') ?></a>
+ </li>
+ </ul></div>
+<div class='panel'>
+
+ <div class="form-container">
+ <h2><?php echo _t('Google Authenticator') ?></h2>
+
+ <form class="form-horizontal" action='<?php echo get_url('admin', 'edit_security', null, array('uid' => $username)) ?>' method='post'>
+ <?php if ($enabled) {
+ if($changed){
+ ?>
+ <div class="alert alert-success">
+ <div><b><?php echo _t('Enabled successfully.') ?></b></div>
+ </div>
+ <?php
+ }
+ ?>
+
+ <button type="submit" class="btn" name="disable" ><i class="icon-remove-circle"></i> <?php echo _t('Disable') ?></button>
+
+ <?php
+ } else {
+ ?>
+
+
+ <div class="control-group">
+ <p class="fwB"> Install the Google Authenticator app for your phone</p>
+ <ol class="ol p10">
+ <li> On your phone, open a web browser. </li>
+ <li> Go to <span class="fwB">m.google.com/authenticator</span>. </li>
+ <li> Download and install the Google Authenticator application. </li>
+ </ol>
+ <p class="fwB"> Now open and configure Google Authenticator. </p>
+ <br /><p>Scan following Barcode to register the application automaticly:<p>
+ <div class="taC p10">
+ <img src="<?php echo $url ?>" width="100" height="100" />
+ </div>
+ <p> Or use the following secret key to register the application manually:</p>
+ <div class="alert alert-info">
+ <div><b><?php echo $secret ?></b></div>
+ </div><br />
+ <p> Once you manually entered and saved your key, enter the 6-digit verification code generated<br /> by the Authenticator app. </p>
+ </div>
+ <div class='control-group <?php if ($wrongcode) {
+ echo ' error';
+ } ?>'>
+ <label class="control-label" for="code"><?php echo _t('Code') ?></label>
+
+ <div class="controls">
+ <input type="text" name="code" value="" class='input-large <?php if ($wrongcode) {
+ echo ' error';
+ } ?>' />
+ <div class="help-inline">
+ <span class="label label-important"><?php echo _t('IS_REQUIRED') ?></span>
+ <?php if ($wrongcode) { ?> <span class="help-inline">The code is incorrect. Try again</span><?php } ?>
+ </div>
+ </div>
+ </div>
+ <div class="control-group">
+ <div class="controls">
+
+ <button type="submit" class="btn btn-primary" name="save" ><i class="icon-ok icon-white"></i> <?php echo _t('SAVE') ?></button>
+ </div></div>
+ <?php
+}
+?>
+ </form>
+ </div>
+</div>
+
View
2 mod/admin/tpls/act_edit_user.php
@@ -11,6 +11,8 @@
</li>
<li><a href="<?php get_url('admin', 'edit_password', null, array('uid' => $username)); ?> " ><?php echo _t('CHANGE_PASSWORD') ?></a>
</li>
+ <li ><a href="<?php get_url('admin', 'edit_security', null, array('uid' => $username)); ?> " ><?php echo _t('Security') ?></a>
+ </li>
</ul></div>
<div class='panel'>
<?php $fields = shn_form_get_html_fields($user_form); ?>
View
165 mod/admin/tpls/act_menu.php
@@ -0,0 +1,165 @@
+<?php
+$defaultMenu = array(
+ "eventsbrowse"=>array("level"=>0,"title"=>_t('EVENTS')),
+ "get_event"=>array("level"=>1,"title"=>_t('EVENT_DESCRIPTION'),"parent"=>"eventsbrowse"),
+ "vp_list"=>array("level"=>1,"title"=>_t('VICTIMS_AND_PERPETRATORS'),"parent"=>"eventsbrowse"),
+ "src_list"=>array("level"=>1,"title"=>_t('SOURCES'),"parent"=>"eventsbrowse"),
+ "intv_list"=>array("level"=>1,"title"=>_t('INTERVENTIONS'),"parent"=>"eventsbrowse"),
+ "coe_list"=>array("level"=>1,"title"=>_t('CHAIN_OF_EVENTS'),"parent"=>"eventsbrowse"),
+ "event_doc_list"=>array("level"=>1,"title"=>_t('DOCUMENTS'),"parent"=>"eventsbrowse"),
+ "event_audit"=>array("level"=>1,"title"=>_t('AUDIT_LOG'),"parent"=>"eventsbrowse"),
+ "event_permissions"=>array("level"=>1,"title"=>_t('PERMISSIONS'),"parent"=>"eventsbrowse"),
+
+ "personsbrowse"=>array("level"=>0,"title"=>_t('PERSONS')),
+ "person"=>array("level"=>1,"title"=>_t('PERSON_RECORDS_S_'),"parent"=>"personsbrowse"),
+ "person_address_list"=>array("level"=>1,"title"=>_t('PERSON_ADDRESS_ES_'),"parent"=>"personsbrowse"),
+ "person_biography_list"=>array("level"=>1,"title"=>_t('BIOGRAPHIC_DETAIL_S_'),"parent"=>"personsbrowse"),
+ "person_role_list"=>array("level"=>1,"title"=>_t('ROLE_LIST'),"parent"=>"personsbrowse"),
+ "person_audit_log"=>array("level"=>1,"title"=>_t('AUDIT_LOG'),"parent"=>"personsbrowse"),
+ "person_permissions"=>array("level"=>1,"title"=>_t('PERMISSIONS'),"parent"=>"personsbrowse"),
+
+ "documentsbrowse"=>array("level"=>0,"title"=>_t('DOCUMENTS')),
+ "view_document"=>array("level"=>1,"title"=>_t('DOCUMENT_DETAILS'),"parent"=>"documentsbrowse"),
+ "document_link"=>array("level"=>1,"title"=>_t('LINKS'),"parent"=>"documentsbrowse"),
+ "document_audit"=>array("level"=>1,"title"=>_t('AUDIT_LOG'),"parent"=>"documentsbrowse"),
+
+ "biographybrowse"=>array("level"=>0,"title"=>_t('BIOGRAPHIC_DETAILS')),
+
+ "addnew"=>array("level"=>0,"url"=>"#","title"=>_t('ADD_NEW')),
+ "new_event"=>array("level"=>1,"title"=>_t('ADD_NEW_EVENT'),"parent"=>"addnew"),
+ "new_person"=>array("level"=>1,"title"=>_t('ADD_NEW_PERSON'),"parent"=>"addnew"),
+ "new_document"=>array("level"=>1,"title"=>_t('ADD_NEW_DOCUMENT'),"parent"=>"addnew"),
+ "add_user"=>array("level"=>1,"title"=>_t('ADD_NEW_USER'),"parent"=>"addnew"),
+
+);
+
+$defaultMenuRight = array(
+ "dashboard"=>array("level"=>0,"title"=>_t('Dashboard')),
+ "analysis"=>array("level"=>0,"title"=>_t('ANALYSIS')),
+ "adv_search"=>array("level"=>1,"title"=>_t('ADVANCED_SEARCH'),"parent"=>"analysis"),
+ "search_query"=>array("level"=>1,"title"=>_t('SAVED_QUERIES'),"parent"=>"analysis"),
+ "facetsearch"=>array("level"=>1,"title"=>_t('Charts and map'),"parent"=>"analysis"),
+
+
+);
+
+$defaultMenuOrdered = array();
+$order = 0;
+foreach($defaultMenu as $key=>$value){
+ $value['order'] = $order;
+ $value['slug'] = $key;
+ $defaultMenuOrdered[] = $value;
+ $order++;
+}
+?>
+<script type="text/javascript" src="res/jquery/jquery.nestable.js"></script>
+<h2><?php echo _t('Menu') ?></h2>
+<div class="row-fluid">
+ <div class="span3">
+ <div class="sidebar-nav">
+ <div class="well" style="padding: 8px 0;">
+ </div>
+ </div>
+ </div>
+ <div class="span9">
+
+ <?php
+ $activemenu = $_REQUEST['menu'];
+ if (!$activemenu) {
+ $activemenu = "top";
+ }
+ $menuNames = array("top" => _t("Top menu"),
+ "top_right" => _t("Top right menu"),
+ );
+ ?>
+ <div>
+ <ul class="nav nav-tabs tabnav">
+ <?php foreach ($menuNames as $menu => $label) {
+ ?>
+ <li <?php if ($menu == $activemenu) echo " class='active'"; ?> >
+ <a href="<?php get_url('admin', 'menu', null, array('menu' => $menu)) ?>" >
+ <?php echo $label ?>
+ </a>
+ </li>
+ <?php
+ }
+ ?>
+
+ </ul>
+ </div>
+
+ <div class="dd" id="nestable" style="width:100%">
+ <ol class="dd-list">
+ <?php
+ $menuItems = $defaultMenuOrdered;
+ $count = count($menuItems);
+ $levelsarray = array(-1 => 0);
+
+ foreach ($menuItems as $key=>$menu ) {
+
+ $element1 = $menu;
+ $element2 = $menuItems[$key+1];
+
+ $levelsarray[$level] = $menu['slug'];
+
+ $level = $element1['level'];
+ ?>
+ <li class="dd-item" data-id="<?php echo $menu['slug']; ?>">
+
+ <div class="dd-handle nestableorderbg"><?php echo $menu['title']; ?></div>
+ <?php
+ if ($element2['parent'] == $menu['slug']) {
+ $level++;
+ ?>
+ <ol class="dd-list">
+ <?php
+ } elseif ($element2['parent'] == $element1['parent']) {
+ ?>
+ </li>
+ <?php
+ } else {
+ $level2 = $element2['level'];
+ //$key = array_search($element2['parent_vocab_number'], $levelsarray);
+ echo str_repeat("</li></ol>", $level - $level2);
+
+ /* if($key !== false){
+ echo str_repeat("</li></ol>", $level-$key-1);
+ $level = $key+1;
+ } */
+ }
+ ?>
+
+ <?php
+ }
+ echo str_repeat("</li></ol>", $level);
+ echo "</li>";
+ ?>
+ </ol>
+ </div>
+ <div style="clear:both;"></div>
+ <input type="hidden" name="order" id="order" value="used"/>
+
+ <input type="hidden" name="itemsorder" id="itemsorder" value=""/>
+ <br/>
+ <script>
+
+ $(document).ready(function()
+ {
+ var updateHidden = function(e)
+ {
+
+ if (window.JSON) {
+ $('#itemsorder').val(window.JSON.stringify($('#nestable').nestable('serialize')));//, null, 2));
+ }
+ };
+ $('#nestable').nestable({
+ maxDepth :2,
+ group:1
+ }).on('change', updateHidden);
+
+ updateHidden($('#nestable').data('output', $('#itemsorder')));
+
+ });
+ </script>
+ </div>
+</div>
View
36 mod/admin/tpls/sec_mod_sidebar.php
@@ -7,22 +7,20 @@
<?php
global $conf;
$action = $_GET['act'];
-
+ ?>
+ <li><a href='<?php get_url('admin', 'field_customization') ?>'><?php echo _t('FORM_CUSTOMIZATION') ?></a>
+ </li>
+ <li class="subnav <?php if ($action == "field_customization") echo "active" ?>"><a href="<?php get_url('admin', 'field_customization') ?>"><?php echo _t('EXISTING_FIELDS') ?></a></li>
+ <li class="subnav <?php if ($action == "new_field") echo "active" ?>"><a href="<?php get_url('admin', 'new_field') ?>"><?php echo _t('ADD_NEW_FIELD') ?></a></li>
+ <!--
+ <li><a href="<?php get_url('admin', 'shuffel_result') ?>"><?php echo _t('COMBINED_SEARCH_FORMS') ?></a></li>
+ -->
- ?>
- <li><a href='<?php get_url('admin', 'field_customization') ?>'><?php echo _t('FORM_CUSTOMIZATION') ?></a>
- </li>
- <li class="subnav <?php if ($action == "field_customization") echo "active" ?>"><a href="<?php get_url('admin', 'field_customization') ?>"><?php echo _t('EXISTING_FIELDS') ?></a></li>
- <li class="subnav <?php if ($action == "new_field") echo "active" ?>"><a href="<?php get_url('admin', 'new_field') ?>"><?php echo _t('ADD_NEW_FIELD') ?></a></li>
- <!--
- <li><a href="<?php get_url('admin', 'shuffel_result') ?>"><?php echo _t('COMBINED_SEARCH_FORMS') ?></a></li>
- -->
+ <li class="<?php if ($action == "mt_customization") echo "active" ?>"><a href="<?php get_url('admin', 'mt_customization') ?>"><?php echo _t('MICRO_THESAURI') ?></a></li>