@ -327,7 +327,6 @@ class Pref_Prefs extends Handler_Protected {
print "< / form > ";
print "< / form > ";
print "< / div > "; # content pane
print "< / div > "; # content pane
print "< div dojoType = 'dijit.layout.ContentPane' title = \"".__('Password')."\" > ";
if ($_SESSION["auth_module"]) {
if ($_SESSION["auth_module"]) {
$authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
$authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
@ -335,6 +334,8 @@ class Pref_Prefs extends Handler_Protected {
$authenticator = false;
$authenticator = false;
}
}
print "< div dojoType = 'dijit.layout.ContentPane' title = \"" . __ ( ' Password ' ) . " \ " > ";
if ($authenticator & & method_exists($authenticator, "change_password")) {
if ($authenticator & & method_exists($authenticator, "change_password")) {
print "< div style = 'display : none' id = 'pwd_change_infobox' > < / div > ";
print "< div style = 'display : none' id = 'pwd_change_infobox' > < / div > ";
@ -375,17 +376,17 @@ class Pref_Prefs extends Handler_Protected {
}
}
print "< fieldset > ";
print "< fieldset > ";
print "< label > ".__("Old password:")."< / label > ";
print "< label > " . __("Old password:") . "< / label > ";
print "< input dojoType = 'dijit.form.ValidationTextBox' type = 'password' required = '1' name = 'old_password' > ";
print "< input dojoType = 'dijit.form.ValidationTextBox' type = 'password' required = '1' name = 'old_password' > ";
print "< / fieldset > ";
print "< / fieldset > ";
print "< fieldset > ";
print "< fieldset > ";
print "< label > ".__("New password:")."< / label > ";
print "< label > " . __("New password:") . "< / label > ";
print "< input dojoType = 'dijit.form.ValidationTextBox' type = 'password' required = '1' name = 'new_password' > ";
print "< input dojoType = 'dijit.form.ValidationTextBox' type = 'password' required = '1' name = 'new_password' > ";
print "< / fieldset > ";
print "< / fieldset > ";
print "< fieldset > ";
print "< fieldset > ";
print "< label > ".__("Confirm password:")."< / label > ";
print "< label > " . __("Confirm password:") . "< / label > ";
print "< input dojoType = 'dijit.form.ValidationTextBox' type = 'password' required = '1' name = 'confirm_password' > ";
print "< input dojoType = 'dijit.form.ValidationTextBox' type = 'password' required = '1' name = 'confirm_password' > ";
print "< / fieldset > ";
print "< / fieldset > ";
@ -394,152 +395,156 @@ class Pref_Prefs extends Handler_Protected {
print "< hr / > ";
print "< hr / > ";
print "< button dojoType = 'dijit.form.Button' type = 'submit' class = 'alt-primary' > ".
print "< button dojoType = 'dijit.form.Button' type = 'submit' class = 'alt-primary' > " .
__("Change password")."< / button > ";
__("Change password") . "< / button > ";
print "< / form > ";
print "< / form > ";
print "< / div > "; # content pane
} else {
print_notice(T_sprintf("Authentication module used for this session (< b > %s< / b > ) does not provide an ability to set passwords.",
$_SESSION["auth_module"]));
}
if ($_SESSION["auth_module"] == "auth_internal") {
print "< / div > "; # content pane
print "< div dojoType = 'dijit.layout.ContentPane' title = \"" . __ ( ' App passwords ' ) . " \ " > "; print "< div dojoType = 'dijit.layout.ContentPane' title = \"" . __ ( ' App passwords ' ) . " \ " > ";
print_notice("You can create separate passwords for API clients. Using one is required if you enable OTP."); print_notice("You can create separate passwords for API clients. Using one is required if you enable OTP.");
print "< div id = 'app_passwords_holder' > "; print "< div id = 'app_passwords_holder' > ";
$this->appPasswordList(); $this->appPasswordList();
print "< / div > "; print "< / div > ";
print "< hr > "; print "< hr > ";
print "< button style = 'float : left' class = 'alt-primary' dojoType = 'dijit.form.Button' print "< button style = 'float : left' class = 'alt-primary' dojoType = 'dijit.form.Button'
onclick=\"Helpers.AppPasswords.generate()\">" .
onclick=\"Helpers.AppPasswords.generate()\">" .
__('Generate new password') . "< / button > ";
__('Generate new password') . "< / button > ";
print "< button style = 'float : left' class = 'alt-danger' dojoType = 'dijit.form.Button' print "< button style = 'float : left' class = 'alt-danger' dojoType = 'dijit.form.Button'
onclick=\"Helpers.AppPasswords.removeSelected()\">" .
onclick=\"Helpers.AppPasswords.removeSelected()\">" .
__('Remove selected passwords') . "< / button > ";
__('Remove selected passwords') . "< / button > ";
print "< / div > "; # content pane
print "< / div > "; # content pane
}
print "< div dojoType = 'dijit.layout.ContentPane' title = \"".__('One time passwords / Authenticator ' ) . " \ " > ";
print "< div dojoType = 'dijit.layout.ContentPane' title = \"".__('One time passwords / Authenticator ' ) . " \ " > ";
if ($_SESSION["auth_module"] == "auth_internal") {
if ($_SESSION["auth_module"] == "auth_internal") {
if ($otp_enabled) {
if ($otp_enabled) {
print_warning("One time passwords are currently enabled. Enter your current password below to disable.");
print_warning("One time passwords are currently enabled. Enter your current password below to disable.");
print "< form dojoType = 'dijit.form.Form' > ";
print "< script type = 'dojo/method' event = 'onSubmit' args = 'evt' >
evt.preventDefault();
if (this.validate()) {
Notify.progress('Disabling OTP', true);
new Ajax.Request('backend.php', {
parameters: dojo.objectToQuery(this.getValues()),
onComplete: function(transport) {
Notify.close();
if (transport.responseText.indexOf('ERROR: ') == 0) {
Notify.error(transport.responseText.replace('ERROR: ', ''));
} else {
window.location.reload();
}
}});
this.reset();
}
< / script > ";
print "< form dojoType = 'dijit.form.Form' > ";
print "< fieldset > ";
print "< label > ".__("Your password:")."< / label > ";
print "< input dojoType = 'dijit.form.ValidationTextBox' type = 'password' required = '1' name = 'password' > ";
print "< / fieldset > ";
print "< script type = 'dojo/method' event = 'onSubmit' args = 'evt' >
print_hidden("op", "pref-prefs");
evt.preventDefault();
print_hidden("method", "otpdisable");
if (this.validate()) {
Notify.progress('Disabling OTP', true);
new Ajax.Request('backend.php', {
print "< hr / > ";
parameters: dojo.objectToQuery(this.getValues()),
onComplete: function(transport) {
Notify.close();
if (transport.responseText.indexOf('ERROR: ') == 0) {
Notify.error(transport.responseText.replace('ERROR: ', ''));
} else {
window.location.reload();
}
}});
this.reset();
}
< / script > ";
print "< fieldset > ";
print "< button dojoType = 'dijit.form.Button' type = 'submit' > ".
print "< label > ".__("Your password:")."< / label > ";
__("Disable OTP")."< / button > ";
print "< input dojoType = 'dijit.form.ValidationTextBox' type = 'password' required = '1' name = 'password' > ";
print "< / fieldset > ";
print_hidden("op", "pref-prefs");
print "< / form > ";
print_hidden("method", "otpdisable");
print "< hr / > ";
} else {
print "< button dojoType = 'dijit.form.Button' type = 'submit' > ".
print_warning("You will need a compatible Authenticator to use this. Changing your password would automatically disable OTP.");
__("Disable OTP")."< / button > " ;
print_notice("You will need to generate app passwords for the API clients if you enable OTP.");
print "< / form > ";
if (function_exists("imagecreatefromstring")) {
print "< h3 > " . __("Scan the following code by the Authenticator application or copy the key manually") . "< / h3 > ";
$csrf_token = $_SESSION["csrf_token"];
print "< img alt = 'otp qr-code' src = 'backend.php?op=pref-prefs&method=otpqrcode&csrf_token=$csrf_token' > ";
} else {
} else {
print_error("PHP GD functions are required to generate QR codes.");
print "< h3 > " . __("Use the following OTP key with a compatible Authenticator application") . "< / h3 > ";
}
print_warning("You will need a compatible Authenticator to use this. Changing your password would automatically disable OTP.");
print "< form dojoType = 'dijit.form.Form' id = 'changeOtpForm' > ";
print_notice("You will need to generate app passwords for the API clients if you enable OTP.");
if (function_exists("imagecreatefromstring")) {
print "< h3 > " . __("Scan the following code by the Authenticator application or copy the key manually") . "< / h3 > ";
$csrf_token = $_SESSION["csrf_token"];
print "< img alt = 'otp qr-code' src = 'backend.php?op=pref-prefs&method=otpqrcode&csrf_token=$csrf_token' > ";
} else {
print_error("PHP GD functions are required to generate QR codes.");
print "< h3 > " . __("Use the following OTP key with a compatible Authenticator application") . "< / h3 > ";
}
print "< form dojoType = 'dijit.form.Form' id = 'changeOtpForm' > ";
$otp_secret = $this->otpsecret();
$otp_secret = $this->otpsecret();
print "< fieldset > ";
print "< fieldset > ";
print "< label > ".__("OTP Key:")."< / label > ";
print "< label > ".__("OTP Key:")."< / label > ";
print "< input dojoType = 'dijit.form.ValidationTextBox' disabled = 'disabled' value = '$otp_secret' size = '32' > ";
print "< input dojoType = 'dijit.form.ValidationTextBox' disabled = 'disabled' value = '$otp_secret' size = '32' > ";
print "< / fieldset > ";
print "< / fieldset > ";
print_hidden("op", "pref-prefs");
print_hidden("op", "pref-prefs");
print_hidden("method", "otpenable");
print_hidden("method", "otpenable");
print "< script type = 'dojo/method' event = 'onSubmit' args = 'evt' >
print "< script type = 'dojo/method' event = 'onSubmit' args = 'evt' >
evt.preventDefault();
evt.preventDefault();
if (this.validate()) {
if (this.validate()) {
Notify.progress('Saving data...', true);
Notify.progress('Saving data...', true);
new Ajax.Request('backend.php', {
new Ajax.Request('backend.php', {
parameters: dojo.objectToQuery(this.getValues()),
parameters: dojo.objectToQuery(this.getValues()),
onComplete: function(transport) {
onComplete: function(transport) {
Notify.close();
Notify.close();
if (transport.responseText.indexOf('ERROR:') == 0) {
if (transport.responseText.indexOf('ERROR:') == 0) {
Notify.error(transport.responseText.replace('ERROR:', ''));
Notify.error(transport.responseText.replace('ERROR:', ''));
} else {
} else {
window.location.reload();
window.location.reload();
}
}
} });
} });
}
}
< / script > ";
< / script > ";
print "< fieldset > ";
print "< fieldset > ";
print "< label > ".__("Your password:")."< / label > ";
print "< label > ".__("Your password:")."< / label > ";
print "< input dojoType = 'dijit.form.ValidationTextBox' type = 'password' required = '1'
print "< input dojoType = 'dijit.form.ValidationTextBox' type = 'password' required = '1'
name='password'>";
name='password'>";
print "< / fieldset > ";
print "< / fieldset > ";
print "< fieldset > ";
print "< fieldset > ";
print "< label > ".__("One time password:")."< / label > ";
print "< label > ".__("One time password:")."< / label > ";
print "< input dojoType = 'dijit.form.ValidationTextBox' autocomplete = 'off'
print "< input dojoType = 'dijit.form.ValidationTextBox' autocomplete = 'off'
required='1' name='otp'>";
required='1' name='otp'>";
print "< / fieldset > ";
print "< / fieldset > ";
print "< hr / > ";
print "< hr / > ";
print "< button dojoType = 'dijit.form.Button' type = 'submit' class = 'alt-primary' > ".
print "< button dojoType = 'dijit.form.Button' type = 'submit' class = 'alt-primary' > ".
__("Enable OTP")."< / button > ";
__("Enable OTP")."< / button > ";
print "< / form > ";
print "< / form > ";
}
}
}
print "< / div > "; # content pane
} else {
print "< / div > "; # tab container
print_notice("OTP is only available when using < b > auth_internal< / b > authentication module.");
}
}
print "< / div > "; # content pane
print "< / div > "; # tab container
PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION,
PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION,
"hook_prefs_tab_section", "prefPrefsAuth");
"hook_prefs_tab_section", "prefPrefsAuth");
Andrew Dolgov
5 years ago