+<?php

+/**

+*

+* @package ucp

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @package module_install

+*/

+class ucp_auth_link_info

+{

+ function module()

+ {

+ return array(

+ 'filename' => 'ucp_auth_link',

+ 'title' => 'UCP_AUTH_LINK',

+ 'version' => '1.0.0',

+ 'modes' => array(

+ 'auth_link' => array('title' => 'UCP_AUTH_LINK_MANAGE', 'auth' => '', 'cat' => array('UCP_PROFILE')),

+ ),

+ );

+ }

+

+ function install()

+ {

+ }

+

+ function uninstall()

+ {

+ }

+}

+<?php

+/**

+*

+* @package ucp

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+class ucp_auth_link

+{

+ /**

+ * @var string

+ */

+ public $u_action;

+

+ /**

+ * Generates the ucp_auth_link page and handles the auth link process

+ *

+ * @param int $id

+ * @param string $mode

+ */

+ public function main($id, $mode)

+ {

+ global $config, $request, $template, $phpbb_container, $user;

+

+ $error = array();

+

+ $auth_provider = $phpbb_container->get('auth.provider.' . $config['auth_method']);

+

+ // confirm that the auth provider supports this page

+ $provider_data = $auth_provider->get_auth_link_data();

+ if ($provider_data === null)

+ {

+ $error[] = 'UCP_AUTH_LINK_NOT_SUPPORTED';

+ }

+

+ $s_hidden_fields = array();

+ add_form_key('ucp_auth_link');

+

+ $submit = $request->variable('submit', false, false, phpbb_request_interface::POST);

+

+ // This path is only for primary actions

+ if (!sizeof($error) && $submit)

+ {

+ if (!check_form_key('ucp_auth_link'))

+ {

+ $error[] = 'FORM_INVALID';

+ }

+

+ if (!sizeof($error))

+ {

+ // Any post data could be necessary for auth (un)linking

+ $link_data = $request->get_super_global(phpbb_request_interface::POST);

+

+ // The current user_id is also necessary

+ $link_data['user_id'] = $user->data['user_id'];

+

+ // Tell the provider that the method is auth_link not login_link

+ $link_data['link_method'] = 'auth_link';

+

+ if ($request->variable('link', 0, false, phpbb_request_interface::POST))

+ {

+ $error[] = $auth_provider->link_account($link_data);

+ }

+ else

+ {

+ $error[] = $auth_provider->unlink_account($link_data);

+ }

+

+ // Template data may have changed, get new data

+ $provider_data = $auth_provider->get_auth_link_data();

+ }

+ }

+

+ // In some cases, a request to an external server may be required. In

+ // these cases, the GET parameter 'link' should exist and should be true

+ if ($request->variable('link', false))

+ {

+ // In this case the link data should only be populated with the

+ // link_method as the provider dictates how data is returned to it.

+ $link_data = array('link_method' => 'auth_link');

+

+ $error[] = $auth_provider->link_account($link_data);

+

+ // Template data may have changed, get new data

+ $provider_data = $auth_provider->get_auth_link_data();

+ }

+

+ if (isset($provider_data['VARS']))

+ {

+ // Handle hidden fields separately

+ if (isset($provider_data['VARS']['HIDDEN_FIELDS']))

+ {

+ $s_hidden_fields = array_merge($s_hidden_fields, $provider_data['VARS']['HIDDEN_FIELDS']);

+ unset($provider_data['VARS']['HIDDEN_FIELDS']);

+ }

+

+ $template->assign_vars($provider_data['VARS']);

+ }

+

+ if (isset($provider_data['BLOCK_VAR_NAME']))

+ {

+ foreach ($provider_data['BLOCK_VARS'] as $block_vars)

+ {

+ // See if there are additional hidden fields. This should be an associative array

+ if (isset($block_vars['HIDDEN_FIELDS']))

+ {

+ $block_vars['HIDDEN_FIELDS'] = build_hidden_fields($block_vars['HIDDEN_FIELDS']);

+ }

+

+ $template->assign_block_vars($provider_data['BLOCK_VAR_NAME'], $block_vars);

+ }

+ }

+

+ $s_hidden_fields = build_hidden_fields($s_hidden_fields);

+

+ // Replace "error" strings with their real, localised form

+ $error = array_map(array($user, 'lang'), $error);

+ $error = implode('<br />', $error);

+

+ $template->assign_vars(array(

+ 'ERROR' => $error,

+

+ 'PROVIDER_TEMPLATE_FILE' => $provider_data['TEMPLATE_FILE'],

+

+ 'S_HIDDEN_FIELDS' => $s_hidden_fields,

+ 'S_UCP_ACTION' => $this->u_action,

+ ));

+

+ $this->tpl_name = 'ucp_auth_link';

+ $this->page_title = 'UCP_AUTH_LINK';

+ }

+}

+<?php

+/**

+*

+* @package ucp

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+/**

+* ucp_login_link

+* Allows users of external accounts link those accounts to their phpBB accounts

+* during an attempted login.

+* @package ucp

+*/

+class ucp_login_link

+{

+ /**

+ * @var string

+ */

+ public $u_action;

+

+ /**

+ * Generates the ucp_login_link page and handles login link process

+ *

+ * @param int $id

+ * @param string $mode

+ */

+ function main($id, $mode)

+ {

+ global $config, $phpbb_container, $request, $template, $user;

+ global $phpbb_root_path, $phpEx;

+

+ // Initialize necessary variables

+ $login_error = null;

+ $login_link_error = null;

+ $login_username = null;

+

+ // Build the data array

+ $data = $this->get_login_link_data_array();

+

+ // Ensure the person was sent here with login_link data

+ if (empty($data))

+ {

+ $login_link_error = $user->lang['LOGIN_LINK_NO_DATA_PROVIDED'];

+ }

+

+ // Use the auth_provider requested even if different from configured

+ $auth_provider = 'auth.provider.' . $request->variable('auth_provider', $config['auth_method']);

+ $auth_provider = $phpbb_container->get($auth_provider);

+

+ // Set the link_method to login_link

+ $data['link_method'] = 'login_link';

+

+ // Have the authentication provider check that all necessary data is available

+ $result = $auth_provider->login_link_has_necessary_data($data);

+ if ($result !== null)

+ {

+ $login_link_error = $user->lang[$result];

+ }

+

+ // Perform link action if there is no error

+ if (!$login_link_error)

+ {

+ if ($request->is_set_post('login'))

+ {

+ $login_username = $request->variable('login_username', '', false, phpbb_request_interface::POST);

+ $login_password = $request->untrimmed_variable('login_password', '', true, phpbb_request_interface::POST);

+

+ $login_result = $auth_provider->login($login_username, $login_password);

+

+ // We only care if there is or is not an error

+ $login_error = $this->process_login_result($login_result);

+

+ if (!$login_error)

+ {

+ // Give the user_id to the data

+ $data['user_id'] = $login_result['user_row']['user_id'];

+

+ // The user is now logged in, attempt to link the user to the external account

+ $result = $auth_provider->link_account($data);

+

+ if ($result)

+ {

+ $login_link_error = $user->lang[$result];

+ }

+ else

+ {

+ // Finish login

+ $result = $user->session_create($login_result['user_row']['user_id'], false, false, true);

+

+ // Perform a redirect as the account has been linked

+ $this->perform_redirect();

+ }

+ }

+ }

+ }

+

+ $template->assign_vars(array(

+ // Common template elements

+ 'LOGIN_LINK_ERROR' => $login_link_error,

+ 'PASSWORD_CREDENTIAL' => 'login_password',

+ 'USERNAME_CREDENTIAL' => 'login_username',

+ 'S_HIDDEN_FIELDS' => $this->get_hidden_fields($data),

+

+ // Registration elements

+ 'REGISTER_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'),

+

+ // Login elements

+ 'LOGIN_ERROR' => $login_error,

+ 'LOGIN_USERNAME' => $login_username,

+ ));

+

+ $this->tpl_name = 'ucp_login_link';

+ $this->page_title = 'UCP_LOGIN_LINK';

+ }

+

+ /**

+ * Builds the hidden fields string from the data array.

+ *

+ * @param array $data This function only includes data in the array

+ * that has a key that begins with 'login_link_'

+ * @return string A string of hidden fields that can be included in the

+ * template

+ */

+ protected function get_hidden_fields($data)

+ {

+ $fields = array();

+

+ foreach ($data as $key => $value)

+ {

+ $fields['login_link_' . $key] = $value;

+ }

+

+ return build_hidden_fields($fields);

+ }

+

+ /**

+ * Builds the login_link data array

+ *

+ * @return array All login_link data. This is all GET data whose names

+ * begin with 'login_link_'

+ */

+ protected function get_login_link_data_array()

+ {

+ global $request;

+

+ $var_names = $request->variable_names(phpbb_request_interface::GET);

+ $login_link_data = array();

+ $string_start_length = strlen('login_link_');

+

+ foreach ($var_names as $var_name)

+ {

+ if (strpos($var_name, 'login_link_') === 0)

+ {

+ $key_name = substr($var_name, $string_start_length);

+ $login_link_data[$key_name] = $request->variable($var_name, '', false, phpbb_request_interface::GET);

+ }

+ }

+

+ return $login_link_data;

+ }

+

+ /**

+ * Processes the result array from the login process

+ * @param array $result The login result array

+ * @return string|null If there was an error in the process, a string is

+ * returned. If the login was successful, then null is

+ * returned.

+ */

+ protected function process_login_result($result)

+ {

+ global $config, $request, $template, $user;

+

+ $login_error = null;

+

+ if ($result['status'] != LOGIN_SUCCESS)

+ {

+ // Handle all errors first

+ if ($result['status'] == LOGIN_BREAK)

+ {

+ trigger_error($result['error_msg']);

+ }

+

+ switch ($result['status'])

+ {

+ case LOGIN_ERROR_ATTEMPTS:

+

+ $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']);

+ $captcha->init(CONFIRM_LOGIN);

+

+ $template->assign_vars(array(

+ 'CAPTCHA_TEMPLATE' => $captcha->get_template(),

+ ));

+

+ $login_error = $user->lang[$result['error_msg']];

+ break;

+

+ case LOGIN_ERROR_PASSWORD_CONVERT:

+ $login_error = sprintf(

+ $user->lang[$result['error_msg']],

+ ($config['email_enable']) ? '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') . '">' : '',

+ ($config['email_enable']) ? '</a>' : '',

+ ($config['board_contact']) ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '',

+ ($config['board_contact']) ? '</a>' : ''

+ );

+ break;

+

+ // Username, password, etc...

+ default:

+ $login_error = $user->lang[$result['error_msg']];

+

+ // Assign admin contact to some error messages

+ if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD')

+ {

+ $login_error = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');

+ }

+

+ break;

+ }

+ }

+

+ return $login_error;

+ }

+

+ /**

+ * Performs a post login redirect

+ */

+ protected function perform_redirect()

+ {

+ global $phpbb_root_path, $phpEx;

+ $url = append_sid($phpbb_root_path . 'index.' . $phpEx);

+ redirect($url);

+ }

+}

+ global $config, $db, $user, $auth, $template, $phpbb_dispatcher, $phpbb_root_path, $phpEx;

+ /**

+ * Add UCP edit global settings data before they are assigned to the template or submitted

+ *

+ * To assign data to the template, use $template->assign_vars()

+ *

+ * @event core.ucp_prefs_personal_data

+ * @var bool submit Do we display the form only

+ * or did the user press submit

+ * @var array data Array with current ucp options data

+ * @since 3.1-A1

+ */

+ $vars = array('submit', 'data');

+ extract($phpbb_dispatcher->trigger_event('core.ucp_prefs_personal_data', compact($vars)));

+

+ /**

+ * Update UCP edit global settings data on form submit

+ *

+ * @event core.ucp_prefs_personal_update_data

+ * @var array data Submitted display options data

+ * @var array sql_ary Display options data we udpate

+ * @since 3.1-A1

+ */

+ $vars = array('data', 'sql_ary');

+ extract($phpbb_dispatcher->trigger_event('core.ucp_prefs_personal_update_data', compact($vars)));

+

+ /**

+ * Add UCP edit display options data before they are assigned to the template or submitted

+ *

+ * To assign data to the template, use $template->assign_vars()

+ *

+ * @event core.ucp_prefs_view_data

+ * @var bool submit Do we display the form only

+ * or did the user press submit

+ * @var array data Array with current ucp options data

+ * @since 3.1-A1

+ */

+ $vars = array('submit', 'data');

+ extract($phpbb_dispatcher->trigger_event('core.ucp_prefs_view_data', compact($vars)));

+

+ /**

+ * Update UCP edit display options data on form submit

+ *

+ * @event core.ucp_prefs_view_update_data

+ * @var array data Submitted display options data

+ * @var array sql_ary Display options data we udpate

+ * @since 3.1-A1

+ */

+ $vars = array('data', 'sql_ary');

+ extract($phpbb_dispatcher->trigger_event('core.ucp_prefs_view_update_data', compact($vars)));

+

+ /**

+ * Add UCP edit posting defaults data before they are assigned to the template or submitted

+ *

+ * To assign data to the template, use $template->assign_vars()

+ *

+ * @event core.ucp_prefs_post_data

+ * @var bool submit Do we display the form only

+ * or did the user press submit

+ * @var array data Array with current ucp options data

+ * @since 3.1-A1

+ */

+ $vars = array('submit', 'data');

+ extract($phpbb_dispatcher->trigger_event('core.ucp_prefs_post_data', compact($vars)));

+

+ /**

+ * Update UCP edit posting defaults data on form submit

+ *

+ * @event core.ucp_prefs_post_update_data

+ * @var array data Submitted display options data

+ * @var array sql_ary Display options data we udpate

+ * @since 3.1-A1

+ */

+ $vars = array('data', 'sql_ary');

+ extract($phpbb_dispatcher->trigger_event('core.ucp_prefs_post_update_data', compact($vars)));

+

+ global $request, $phpbb_container;

+ $s_hidden_fields = array();

+

+ // Handle login_link data added to $_hidden_fields

+ $login_link_data = $this->get_login_link_data_array();

+

+ if (!empty($login_link_data))

+ {

+ // Confirm that we have all necessary data

+ $auth_provider = 'auth.provider.' . $request->variable('auth_provider', $config['auth_method']);

+ $auth_provider = $phpbb_container->get($auth_provider);

+

+ $result = $auth_provider->login_link_has_necessary_data($login_link_data);

+ if ($result !== null)

+ {

+ $error[] = $user->lang[$result];

+ }

+

+ $s_hidden_fields = array_merge($s_hidden_fields, $this->get_login_link_data_for_hidden_fields($login_link_data));

+ }

+ $s_hidden_fields = array_merge($s_hidden_fields, array(

+ ));

+ // Perform account linking if necessary

+ if (!empty($login_link_data))

+ {

+ $login_link_data['user_id'] = $user_id;

+

+ $result = $auth_provider->link_account($login_link_data);

+

+ if ($result)

+ {

+ $message = $message . '<br /><br />' . $user->lang[$result];

+ }

+ }

+

+ $s_hidden_fields = array_merge($s_hidden_fields, array(

+ ));

+

+ /**

+ * Creates the login_link data array

+ *

+ * @return array Returns an array of all POST paramaters whose names

+ * begin with 'login_link_'

+ */

+ protected function get_login_link_data_array()

+ {

+ global $request;

+

+ $var_names = $request->variable_names(phpbb_request_interface::POST);

+ $login_link_data = array();

+ $string_start_length = strlen('login_link_');

+

+ foreach ($var_names as $var_name)

+ {

+ if (strpos($var_name, 'login_link_') === 0)

+ {

+ $key_name = substr($var_name, $string_start_length);

+ $login_link_data[$key_name] = $request->variable($var_name, '', false, phpbb_request_interface::POST);

+ }

+ }

+

+ return $login_link_data;

+ }

+

+ /**

+ * Prepends they key names of an associative array with 'login_link_' for

+ * inclusion on the page as hidden fields.

+ *

+ * @param array $data The array to be modified

+ * @return array The modified array

+ */

+ protected function get_login_link_data_for_hidden_fields($data)

+ {

+ $new_data = array();

+

+ foreach ($data as $key => $value)

+ {

+ $new_data['login_link_' . $key] = $value;

+ }

+

+ return $new_data;

+ }

+ $messenger->anti_abuse_headers($config, $user);

+