<?php

/*

Plugin Name: Special user/login-related pages

Plugin URI: http://enanocms.org/

Description: Provides the pages Special:Login, Special:Logout, Special:Register, and Special:Preferences.

Author: Dan Fuhry

Version: 1.0.1

Author URI: http://enanocms.org/

*/

/*

 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between

 * Version 1.0 release candidate 2

 * Copyright (C) 2006-2007 Dan Fuhry

 *

 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License

 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied

 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.

 */

global $db, $session, $paths, $template, $plugins; // Common objects

$plugins->attachHook('base_classes_initted', '

  global $paths;

    $paths->add_page(Array(

      \'name\'=>\'Log in\',

      \'urlname\'=>\'Login\',

      \'namespace\'=>\'Special\',

      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',

      ));

    $paths->add_page(Array(

      \'name\'=>\'Log out\',

      \'urlname\'=>\'Logout\',

      \'namespace\'=>\'Special\',

      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',

      ));

    $paths->add_page(Array(

      \'name\'=>\'Register\',

      \'urlname\'=>\'Register\',

      \'namespace\'=>\'Special\',

      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',

      ));

    $paths->add_page(Array(

      \'name\'=>\'Edit Profile\',

      \'urlname\'=>\'Preferences\',

      \'namespace\'=>\'Special\',

      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',

      ));

    $paths->add_page(Array(

      \'name\'=>\'Contributions\',

      \'urlname\'=>\'Contributions\',

      \'namespace\'=>\'Special\',

      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',

      ));

    $paths->add_page(Array(

      \'name\'=>\'Change style\',

      \'urlname\'=>\'ChangeStyle\',

      \'namespace\'=>\'Special\',

      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',

      ));

    $paths->add_page(Array(

      \'name\'=>\'Activate user account\',

      \'urlname\'=>\'ActivateAccount\',

      \'namespace\'=>\'Special\',

      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',

      ));

    $paths->add_page(Array(

      \'name\'=>\'Captcha\',

      \'urlname\'=>\'Captcha\',

      \'namespace\'=>\'Special\',

      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',

      ));

    $paths->add_page(Array(

      \'name\'=>\'Forgot password\',

      \'urlname\'=>\'PasswordReset\',

      \'namespace\'=>\'Special\',

      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',

      ));

    $paths->add_page(Array(

      \'name\'=>\'Member list\',

      \'urlname\'=>\'Memberlist\',

      \'namespace\'=>\'Special\',

      \'special\'=>0,\'visible\'=>1,\'comments_on\'=>0,\'protected\'=>1,\'delvotes\'=>0,\'delvote_ips\'=>\'\',

      ));

    ');

// function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>

$__login_status = '';

function page_Special_Login()

{

  global $db, $session, $paths, $template, $plugins; // Common objects

  global $__login_status;

  $pubkey = $session->rijndael_genkey();

  $challenge = $session->dss_rand();

  if ( isset($_GET['act']) && $_GET['act'] == 'getkey' )

  {

    $username = ( $session->user_logged_in ) ? $session->username : false;

    $response = Array(

      'username' => $username,

      'key' => $pubkey,

      'challenge' => $challenge

      );

    $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);

    $response = $json->encode($response);

    echo $response;

    return null;

  }

  $level = ( isset($_GET['level']) && in_array($_GET['level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) ) ? intval($_GET['level']) : USER_LEVEL_MEMBER;

  if ( isset($_POST['login']) )

  {

    if ( in_array($_POST['auth_level'], array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9') ) )

    {

      $level = intval($_POST['auth_level']);

    }

  }

  if ( $level > USER_LEVEL_MEMBER && !$session->user_logged_in )

  {

    $level = USER_LEVEL_MEMBER;

  }

  if ( $level <= USER_LEVEL_MEMBER && $session->user_logged_in )

    $paths->main_page();

  $template->header();

  echo '<form action="'.makeUrl($paths->nslist['Special'].'Login').'" method="post" name="loginform" onsubmit="runEncryption();">';

  $header = ( $level > USER_LEVEL_MEMBER ) ? 'Please re-enter your login details' : 'Please enter your username and password to log in.';

  if ( isset($_POST['login']) )

  {

    echo '<p>'.$__login_status.'</p>';

  }

  if ( $p = $paths->getAllParams() )

  {

    echo '<input type="hidden" name="return_to" value="'.$p.'" />';

  }

  else if ( isset($_POST['login']) && isset($_POST['return_to']) )

  {

    echo '<input type="hidden" name="return_to" value="'.htmlspecialchars($_POST['return_to']).'" />';

  }

  ?>

    <div class="tblholder">

      <table border="0" style="width: 100%;" cellspacing="1" cellpadding="4">

        <tr>

          <th colspan="3"><?php echo $header; ?></th>

        </tr>

        <tr>

          <td colspan="3" class="row1">

            <?php

            if ( $level <= USER_LEVEL_MEMBER )

            {

              echo '<p>Logging in enables you to use your preferences and access member information. If you don\'t have a username and password here, you can <a href="'.makeUrl($paths->nslist['Special'].'Register').'">create an account</a>.</p>';

            }

            else

            {

              echo '<p>You are requesting that a sensitive operation be performed. To continue, please re-enter your password to confirm your identity.</p>';

            }

            ?>

          </td>

        </tr>

        <tr>

          <td class="row2">

            Username:

          </td>

          <td class="row1">

            <input name="username" size="25" type="text" <?php

              if ( $level <= USER_LEVEL_MEMBER )

              {

                echo 'tabindex="1" ';

              }

              else

              {

                echo 'tabindex="3" ';

              }

              if ( $session->user_logged_in )

              {

                echo 'value="' . $session->username . '"';

              }

              ?> />

          </td>

          <?php if ( $level <= USER_LEVEL_MEMBER ) { ?>

          <td rowspan="2" class="row3">

            <small>Forgot your password? <a href="<?php echo makeUrlNS('Special', 'PasswordReset'); ?>">No problem.</a><br />

            Maybe you need to <a href="<?php echo makeUrlNS('Special', 'Register'); ?>">create an account</a>.</small>

          </td>

          <?php } ?>

        </tr>

        <tr>

          <td class="row2">Password:<br /></td><td class="row1"><input name="pass" size="25" type="password" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '2' : '1'; ?>" /></td>

         </tr>

         <?php if ( $level <= USER_LEVEL_MEMBER ) { ?>

         <tr>

           <td class="row3" colspan="3">

             <p><b>Important note regarding cryptography:</b> Some countries do not allow the import or use of cryptographic technology. If you live in one of the countries listed below, you should <a href="<?php if($p=$paths->getParam(0))$u='/'.$p;else $u='';echo makeUrl($paths->page.$u, 'level='.$level.'&use_crypt=0', true); ?>">log in without using encryption</a>.</p>

             <p>This restriction applies to the following countries: Belarus, China, India, Israel, Kazakhstan, Mongolia, Pakistan, Russia, Saudi Arabia, Singapore, Tunisia, Venezuela, and Vietnam.</p>

           </td>

         </tr>

         <?php } ?>

         <tr>

           <th colspan="3" style="text-align: center" class="subhead"><input type="submit" name="login" value="Log in" tabindex="<?php echo ( $level <= USER_LEVEL_MEMBER ) ? '3' : '2'; ?>" /></th>

         </tr>

      </table>

    </div>

      <input type="hidden" name="challenge_data" value="<?php echo $challenge; ?>" />

      <input type="hidden" name="use_crypt" value="no" />

      <input type="hidden" name="crypt_key" value="<?php echo $pubkey; ?>" />

      <input type="hidden" name="crypt_data" value="" />

      <input type="hidden" name="auth_level" value="<?php echo (string)$level; ?>" />

      <?php if ( $level <= USER_LEVEL_MEMBER ): ?>

      <script type="text/javascript">

        document.forms.loginform.username.focus();

      </script>

      <?php else: ?>

      <script type="text/javascript">

        document.forms.loginform.pass.focus();

      </script>

      <?php endif; ?>

    </form>

    <?php

      echo $session->aes_javascript('loginform', 'pass', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data');

    ?>

  <?php

  $template->footer();

}

function page_Special_Login_preloader() // adding _preloader to the end of the function name calls the function before $session and $paths setup routines are called

{

  global $db, $session, $paths, $template, $plugins; // Common objects

  global $__login_status;

  if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' )

  {

    $plugins->attachHook('login_password_reset', 'SpecialLogin_SendResponse_PasswordReset($row[\'user_id\'], $row[\'temp_password\']);');

    $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);

    $data = $json->decode($_POST['params']);

    $level = ( isset($data['level']) ) ? intval($data['level']) : USER_LEVEL_MEMBER;

    $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level);

    $session->start();

    //echo "$result\n$session->sid_super";

    //exit;

    if ( $result == 'success' )

    {

      $response = Array(

          'result' => 'success',

          'key' => $session->sid_super // ( ( $session->sid_super ) ? $session->sid_super : $session->sid )

        );

    }

    else

    {

      $response = Array(

          'result' => 'error',

          'error' => $result

        );

    }

    $response = $json->encode($response);

    echo $response;

    $db->close();

    exit;

  }

  if(isset($_POST['login'])) {

    if($_POST['use_crypt'] == 'yes')

    {

      $result = $session->login_with_crypto($_POST['username'], $_POST['crypt_data'], $_POST['crypt_key'], $_POST['challenge_data'], intval($_POST['auth_level']));

    }

    else

    {

      $result = $session->login_without_crypto($_POST['username'], $_POST['pass'], false, intval($_POST['auth_level']));

    }

    $session->start();

    $paths->init();

    if($result == 'success')

    {

      $template->load_theme($session->theme, $session->style);

      if(isset($_POST['return_to']))

      {

        $name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to'];

        redirect( makeUrl($_POST['return_to'], false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . $name . '...' );

      }

      else

      {

        redirect( makeUrl(getConfig('main_page'), false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to the main page...' );

      }

    }

    else

    {

      $GLOBALS['__login_status'] = $result;

    }

  }

}

function SpecialLogin_SendResponse_PasswordReset($user_id, $passkey)

{

  $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);

  $response = Array(

      'result' => 'success_reset',

      'user_id' => $user_id,

      'temppass' => $passkey

    );

  $response = $json->encode($response);

  echo $response;

  $db->close();

  exit;

}

function page_Special_Logout() {

  global $db, $session, $paths, $template, $plugins; // Common objects

  if ( !$session->user_logged_in )

    $paths->main_page();

  $l = $session->logout();

  if ( $l == 'success' )

  {

    redirect(makeUrl(getConfig('main_page'), false, true), 'Logged out', 'You have been successfully logged out, and all cookies have been cleared. You will now be transferred to the main page.', 4);

  }

  $template->header();

  echo '<h3>An error occurred during the logout process.</h3><p>'.$l.'</p>';

  $template->footer();

}

function page_Special_Register()

{

  global $db, $session, $paths, $template, $plugins; // Common objects

  if(getConfig('account_activation') == 'disable' && ( ( $session->user_level >= USER_LEVEL_ADMIN && !isset($_GET['IWannaPlayToo']) ) || $session->user_level < USER_LEVEL_ADMIN || !$session->user_logged_in ))

  {

    $s = ($session->user_level >= USER_LEVEL_ADMIN) ? '<p>Oops...it seems that you <em>are</em> the administrator...hehe...you can also <a href="'.makeUrl($paths->page, 'IWannaPlayToo', true).'">force account registration to work</a>.</p>' : '';

    die_friendly('Registration disabled', '<p>The administrator has disabled new user registration on this site.</p>' . $s);

  }

  if ( $session->user_level < USER_LEVEL_ADMIN && $session->user_logged_in )

  {

    $paths->main_page();

  }

  if(isset($_POST['submit'])) 

  {

    $_GET['coppa'] = ( isset($_POST['coppa']) ) ? $_POST['coppa'] : 'x';

    $captcharesult = $session->get_captcha($_POST['captchahash']);

    if($captcharesult != $_POST['captchacode'])

    {

      $s = 'The confirmation code you entered was incorrect.';

    }

    else

    {

      if ( getConfig('enable_coppa') == '1' && ( !isset($_POST['coppa']) || ( isset($_POST['coppa']) && !in_array($_POST['coppa'], array('yes', 'no')) ) ) )

      {

        $s = 'Invalid COPPA input';

      }

      else

      {

        $coppa = ( isset($_POST['coppa']) && $_POST['coppa'] == 'yes' );

        // CAPTCHA code was correct, create the account

        $s = $session->create_user($_POST['username'], $_POST['password'], $_POST['email'], $_POST['real_name'], $coppa);

      }

    }

    if($s == 'success' && !$coppa)

    {

      switch(getConfig('account_activation'))

      {

        case "none":

        default:

          $str = 'You may now <a href="'.makeUrlNS('Special', 'Login').'">log in</a> with the username and password that you created.';

          break;

        case "user":

          $str = 'Because this site requires account activation, you have been sent an e-mail with further instructions. Please follow the instructions in that e-mail to continue your registration.';

          break;

        case "admin":

          $str = 'Because this site requires administrative account activation, you cannot use your account at the moment. A notice has been sent to the site administration team that will alert them that your account has been created.';

          break;

      }

      die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>');

    }

    else if ( $s == 'success' && $coppa )

    {

      $str = 'However, in compliance with the Childrens\' Online Privacy Protection Act, you must have your parent or legal guardian activate your account. Please ask them to check their e-mail for further information.';

      die_friendly('Registration successful', '<p>Thank you for registering, your user account has been created. '.$str.'</p>');

    }

  }

  $template->header();

  echo 'A user account enables you to have greater control over your browsing experience.';

  if ( getConfig('enable_coppa') != '1' || ( isset($_GET['coppa']) && in_array($_GET['coppa'], array('yes', 'no')) ) )

  {

    $coppa = ( isset($_GET['coppa']) && $_GET['coppa'] == 'yes' );

    $session->kill_captcha();

    $captchacode = $session->make_captcha();

    ?>

      <h3>Create a user account</h3>

      <form name="regform" action="<?php echo makeUrl($paths->page); ?>" method="post">

        <div class="tblholder">

          <table border="0" width="100%" cellspacing="1" cellpadding="4">

            <tr><th class="subhead" colspan="3">Please tell us a little bit about yourself.</th></tr>

            <?php if(isset($_POST['submit'])) echo '<tr><td colspan="3" class="row2" style="color: red;">'.$s.'</td></tr>'; ?>

            <!-- FIELD: Username -->

            <tr>

              <td class="row1" style="width: 50%;">

                Preferred username:

                <span id="e_username"></span>

              </td>

              <td class="row1" style="width: 50%;">

                <input type="text" name="username" size="30" onkeyup="namegood = false; validateForm();" onblur="checkUsername();" />

              </td>

              <td class="row1" style="max-width: 24px;">

                <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_username" />

              </td>

            </tr>

            <!-- FIELD: Password -->

            <tr>

              <td class="row3" style="width: 50%;" rowspan="2">

                Password:

                <span id="e_password"></span>

              </td>

              <td class="row3" style="width: 50%;">

                <input type="password" name="password" size="30" onkeyup="validateForm();" />

              </td>

              <td rowspan="2" class="row3" style="max-width: 24px;">

                <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_password" />

              </td>

            </tr>

            <!-- FIELD: Password confirmation -->

            <tr>

              <td class="row3" style="width: 50%;">

                <input type="password" name="password_confirm" size="30" onkeyup="validateForm();" /> <small>Enter your password again to confirm.</small>

              </td>

            </tr>

            <!-- FIELD: E-mail address -->

            <tr>

              <td class="row1" style="width: 50%;">

                <?php

                  if ( $coppa ) echo 'Your parent or guardian\'s e'; 

                  else echo 'E';

                ?>-mail address:

                <?php

                  if ( ( $x = getConfig('account_activation') ) == 'user' )

                  {

                    echo '<br /><small>An e-mail with an account activation key will be sent to this address, so please ensure that it is correct.</small>';

                  }

                ?>

              </td>

              <td class="row1" style="width: 50%;">

                <input type="text" name="email" size="30" onkeyup="validateForm();" />

              </td>

              <td class="row1" style="max-width: 24px;">

                <img alt="Good/bad icon" src="<?php echo scriptPath; ?>/images/bad.gif" id="s_email" />

              </td>

            </tr>

            <!-- FIELD: Real name -->

            <tr>

              <td class="row3" style="width: 50%;">

                Real name:<br />

                <small>Giving your real name is totally optional. If you choose to provide your real name, it will be used to provide attribution for any edits or contributions you may make to this site.</small>

              </td>

              <td class="row3" style="width: 50%;">

                <input type="text" name="real_name" size="30" /></td><td class="row3" style="max-width: 24px;">

              </td>

            </tr>

            <!-- FIELD: CAPTCHA image -->

            <tr>

              <td class="row1" style="width: 50%;" rowspan="2">

                Visual confirmation<br />

                <small>

                  Please enter the code shown in the image to the right into the text box. This process helps to ensure that this registration is not being performed by an automated bot. If the image to the right is illegible, you can <a href="#" onclick="regenCaptcha(); return false;">generate a new image</a>.<br />

                  <br />

                  If you are visually impaired or otherwise cannot read the text shown to the right, please contact the site management and they will create an account for you.

                </small>

              </td>

              <td colspan="2" class="row1">

                <img id="captchaimg" alt="CAPTCHA image" src="<?php echo makeUrlNS('Special', 'Captcha/'.$captchacode); ?>" />

                <span id="b_username"></span>

              </td>

            </tr>

            <!-- FIELD: CAPTCHA input field -->

            <tr>

              <td class="row1" colspan="2">

                Code:

                <input name="captchacode" type="text" size="10" />

                <input type="hidden" name="captchahash" value="<?php echo $captchacode; ?>" />

              </td>

            </tr>

            <!-- FIELD: submit button -->

            <tr>

              <th class="subhead" colspan="3" style="text-align: center;">

                <input type="submit" name="submit" value="Create my account" />

              </td>

            </tr>

          </table>

        </div>

        <?php

          $val = ( $coppa ) ? 'yes' : 'no';

          echo '<input type="hidden" name="coppa" value="' . $val . '" />';