RADIUS authentication: RadiusAuthentication.php@7e0b422b1725 (annotated)

0 7e0b422b1725 First working revision. Dan parents: diff changeset	1	<?php
7e0b422b1725 First working revision. Dan parents: diff changeset	2	/!info
7e0b422b1725 First working revision. Dan parents: diff changeset	3	{
7e0b422b1725 First working revision. Dan parents: diff changeset	4	"Plugin Name" : "RADIUS authentication",
7e0b422b1725 First working revision. Dan parents: diff changeset	5	"Plugin URI" : "http://enanocms.org/plugin/radiusauth",
7e0b422b1725 First working revision. Dan parents: diff changeset	6	"Description" : "Allows authentication to Enano via a RADIUS server.",
7e0b422b1725 First working revision. Dan parents: diff changeset	7	"Author" : "Dan Fuhry",
7e0b422b1725 First working revision. Dan parents: diff changeset	8	"Version" : "1.0",
7e0b422b1725 First working revision. Dan parents: diff changeset	9	"Author URI" : "http://enanocms.org/",
7e0b422b1725 First working revision. Dan parents: diff changeset	10	"Auth plugin" : true
7e0b422b1725 First working revision. Dan parents: diff changeset	11	}
7e0b422b1725 First working revision. Dan parents: diff changeset	12	*!/
7e0b422b1725 First working revision. Dan parents: diff changeset	13
7e0b422b1725 First working revision. Dan parents: diff changeset	14	/*
7e0b422b1725 First working revision. Dan parents: diff changeset	15	* RADIUS authentication plugin for Enano
7e0b422b1725 First working revision. Dan parents: diff changeset	16	* (C) 2010 Dan Fuhry
7e0b422b1725 First working revision. Dan parents: diff changeset	17	*
7e0b422b1725 First working revision. Dan parents: diff changeset	18	* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
7e0b422b1725 First working revision. Dan parents: diff changeset	19	* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
7e0b422b1725 First working revision. Dan parents: diff changeset	20	*
7e0b422b1725 First working revision. Dan parents: diff changeset	21	* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
7e0b422b1725 First working revision. Dan parents: diff changeset	22	* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
7e0b422b1725 First working revision. Dan parents: diff changeset	23	*
7e0b422b1725 First working revision. Dan parents: diff changeset	24	* Please note: the back-end RADIUS library files, libradauth.php and libmschap.php, are under the BSD license.
7e0b422b1725 First working revision. Dan parents: diff changeset	25	*/
7e0b422b1725 First working revision. Dan parents: diff changeset	26
7e0b422b1725 First working revision. Dan parents: diff changeset	27	if ( getConfig('radius_enable', 0) == 1 )
7e0b422b1725 First working revision. Dan parents: diff changeset	28	{
7e0b422b1725 First working revision. Dan parents: diff changeset	29	$plugins->attachHook('login_process_userdata_json', 'return radius_auth_hook($userinfo, $req["level"], $req["remember"]);');
7e0b422b1725 First working revision. Dan parents: diff changeset	30	}
7e0b422b1725 First working revision. Dan parents: diff changeset	31
7e0b422b1725 First working revision. Dan parents: diff changeset	32	function radius_auth_hook($userinfo, $level, $remember)
7e0b422b1725 First working revision. Dan parents: diff changeset	33	{
7e0b422b1725 First working revision. Dan parents: diff changeset	34	global $db, $session, $paths, $template, $plugins; // Common objects
7e0b422b1725 First working revision. Dan parents: diff changeset	35
7e0b422b1725 First working revision. Dan parents: diff changeset	36	// First try to just authenticate the user in RADIUS
7e0b422b1725 First working revision. Dan parents: diff changeset	37	require_once(ENANO_ROOT . '/plugins/radiusauth/libradauth.php');
7e0b422b1725 First working revision. Dan parents: diff changeset	38
7e0b422b1725 First working revision. Dan parents: diff changeset	39	$server = getConfig('radius_server', false);
7e0b422b1725 First working revision. Dan parents: diff changeset	40	$port = getConfig('radius_port', 1812);
7e0b422b1725 First working revision. Dan parents: diff changeset	41	$secret = getConfig('radius_secret', '');
7e0b422b1725 First working revision. Dan parents: diff changeset	42	$method = getConfig('radius_method', 'pap');
7e0b422b1725 First working revision. Dan parents: diff changeset	43	if ( empty($server) )
7e0b422b1725 First working revision. Dan parents: diff changeset	44	// bad server? break out and continue the Enano auth chain
7e0b422b1725 First working revision. Dan parents: diff changeset	45	return null;
7e0b422b1725 First working revision. Dan parents: diff changeset	46
7e0b422b1725 First working revision. Dan parents: diff changeset	47	// We're ready to do a RADIUS auth attempt
7e0b422b1725 First working revision. Dan parents: diff changeset	48	try
7e0b422b1725 First working revision. Dan parents: diff changeset	49	{
7e0b422b1725 First working revision. Dan parents: diff changeset	50	$radius = new RadiusAuth($server, $secret, $port);
7e0b422b1725 First working revision. Dan parents: diff changeset	51	$auth_result = $radius->authenticate($userinfo['username'], $userinfo['password'], $method);
7e0b422b1725 First working revision. Dan parents: diff changeset	52	}
7e0b422b1725 First working revision. Dan parents: diff changeset	53	catch ( RadiusError $e )
7e0b422b1725 First working revision. Dan parents: diff changeset	54	{
7e0b422b1725 First working revision. Dan parents: diff changeset	55	return array(
7e0b422b1725 First working revision. Dan parents: diff changeset	56	'mode' => 'error',
7e0b422b1725 First working revision. Dan parents: diff changeset	57	'error' => "The RADIUS interface returned a technical error."
7e0b422b1725 First working revision. Dan parents: diff changeset	58	);
7e0b422b1725 First working revision. Dan parents: diff changeset	59	}
7e0b422b1725 First working revision. Dan parents: diff changeset	60
7e0b422b1725 First working revision. Dan parents: diff changeset	61	if ( $auth_result )
7e0b422b1725 First working revision. Dan parents: diff changeset	62	{
7e0b422b1725 First working revision. Dan parents: diff changeset	63	// RADIUS authentication was successful.
7e0b422b1725 First working revision. Dan parents: diff changeset	64	$username = $db->escape(strtolower($userinfo['username']));
7e0b422b1725 First working revision. Dan parents: diff changeset	65	$q = $db->sql_query("SELECT user_id, password FROM " . table_prefix . "users WHERE " . ENANO_SQLFUNC_LOWERCASE . "(username) = '$username';");
7e0b422b1725 First working revision. Dan parents: diff changeset	66	if ( !$q )
7e0b422b1725 First working revision. Dan parents: diff changeset	67	$db->_die();
7e0b422b1725 First working revision. Dan parents: diff changeset	68	if ( $db->numrows() < 1 )
7e0b422b1725 First working revision. Dan parents: diff changeset	69	{
7e0b422b1725 First working revision. Dan parents: diff changeset	70	// This user doesn't exist.
7e0b422b1725 First working revision. Dan parents: diff changeset	71	// Is creating it our job?
7e0b422b1725 First working revision. Dan parents: diff changeset	72	if ( getConfig('radius_disable_local_auth', 0) == 1 )
7e0b422b1725 First working revision. Dan parents: diff changeset	73	{
7e0b422b1725 First working revision. Dan parents: diff changeset	74	// Yep, register him
7e0b422b1725 First working revision. Dan parents: diff changeset	75	$email = strtolower($userinfo['username']) . '@' . getConfig('radius_email_domain', 'localhost');
7e0b422b1725 First working revision. Dan parents: diff changeset	76	$random_pass = md5(microtime() . mt_rand());
7e0b422b1725 First working revision. Dan parents: diff changeset	77	// load the language
7e0b422b1725 First working revision. Dan parents: diff changeset	78	$session->register_guest_session();
7e0b422b1725 First working revision. Dan parents: diff changeset	79	$reg_result = $session->create_user($userinfo['username'], $random_pass, $email);
7e0b422b1725 First working revision. Dan parents: diff changeset	80	if ( $reg_result != 'success' )
7e0b422b1725 First working revision. Dan parents: diff changeset	81	{
7e0b422b1725 First working revision. Dan parents: diff changeset	82	// o_O
7e0b422b1725 First working revision. Dan parents: diff changeset	83	// Registration failed.
7e0b422b1725 First working revision. Dan parents: diff changeset	84	return array(
7e0b422b1725 First working revision. Dan parents: diff changeset	85	'mode' => 'error',
7e0b422b1725 First working revision. Dan parents: diff changeset	86	'error' => 'Your username and password were valid, but there was a problem instanciating your local user account.'
7e0b422b1725 First working revision. Dan parents: diff changeset	87	);
7e0b422b1725 First working revision. Dan parents: diff changeset	88	}
7e0b422b1725 First working revision. Dan parents: diff changeset	89	// Get user ID
7e0b422b1725 First working revision. Dan parents: diff changeset	90	$q = $db->sql_query("SELECT user_id, password FROM " . table_prefix . "users WHERE " . ENANO_SQLFUNC_LOWERCASE . "(username) = '$username';");
7e0b422b1725 First working revision. Dan parents: diff changeset	91	if ( !$q )
7e0b422b1725 First working revision. Dan parents: diff changeset	92	$db->_die();
7e0b422b1725 First working revision. Dan parents: diff changeset	93	if ( $db->numrows() < 1 )
7e0b422b1725 First working revision. Dan parents: diff changeset	94	return array(
7e0b422b1725 First working revision. Dan parents: diff changeset	95	'mode' => 'error',
7e0b422b1725 First working revision. Dan parents: diff changeset	96	'error' => 'Your username and password were valid, but there was a problem getting your user ID.'
7e0b422b1725 First working revision. Dan parents: diff changeset	97	);
7e0b422b1725 First working revision. Dan parents: diff changeset	98	$row = $db->fetchrow();
7e0b422b1725 First working revision. Dan parents: diff changeset	99	$db->free_result();
7e0b422b1725 First working revision. Dan parents: diff changeset	100	// Quick - lock the account
7e0b422b1725 First working revision. Dan parents: diff changeset	101	$q = $db->sql_query('UPDATE ' . table_prefix . "users SET password = 'Locked by RADIUS plugin', password_salt = 'Locked by RADIUS plugin' WHERE user_id = {$row['user_id']};");
7e0b422b1725 First working revision. Dan parents: diff changeset	102	if ( !$q )
7e0b422b1725 First working revision. Dan parents: diff changeset	103	$db->_die();
7e0b422b1725 First working revision. Dan parents: diff changeset	104
7e0b422b1725 First working revision. Dan parents: diff changeset	105	$row['password'] = 'Locked by RADIUS plugin';
7e0b422b1725 First working revision. Dan parents: diff changeset	106	}
7e0b422b1725 First working revision. Dan parents: diff changeset	107	else
7e0b422b1725 First working revision. Dan parents: diff changeset	108	{
7e0b422b1725 First working revision. Dan parents: diff changeset	109	// Nope. Just let Enano fail it properly.
7e0b422b1725 First working revision. Dan parents: diff changeset	110	return null;
7e0b422b1725 First working revision. Dan parents: diff changeset	111	}
7e0b422b1725 First working revision. Dan parents: diff changeset	112	}
7e0b422b1725 First working revision. Dan parents: diff changeset	113	else
7e0b422b1725 First working revision. Dan parents: diff changeset	114	{
7e0b422b1725 First working revision. Dan parents: diff changeset	115	$row = $db->fetchrow();
7e0b422b1725 First working revision. Dan parents: diff changeset	116	$db->free_result();
7e0b422b1725 First working revision. Dan parents: diff changeset	117	}
7e0b422b1725 First working revision. Dan parents: diff changeset	118
7e0b422b1725 First working revision. Dan parents: diff changeset	119	$session->register_session($row['user_id'], $userinfo['username'], $row['password'], $level, $remember);
7e0b422b1725 First working revision. Dan parents: diff changeset	120	return true;
7e0b422b1725 First working revision. Dan parents: diff changeset	121	}
7e0b422b1725 First working revision. Dan parents: diff changeset	122	else
7e0b422b1725 First working revision. Dan parents: diff changeset	123	{
7e0b422b1725 First working revision. Dan parents: diff changeset	124	// RADIUS authentication failed.
7e0b422b1725 First working revision. Dan parents: diff changeset	125
7e0b422b1725 First working revision. Dan parents: diff changeset	126	// Are local logons allowed?
7e0b422b1725 First working revision. Dan parents: diff changeset	127	if ( getConfig('radius_disable_local_auth', 0) == 0 )
7e0b422b1725 First working revision. Dan parents: diff changeset	128	{
7e0b422b1725 First working revision. Dan parents: diff changeset	129	// Yes, allow auth to continue
7e0b422b1725 First working revision. Dan parents: diff changeset	130	return null;
7e0b422b1725 First working revision. Dan parents: diff changeset	131	}
7e0b422b1725 First working revision. Dan parents: diff changeset	132
7e0b422b1725 First working revision. Dan parents: diff changeset	133	// Block the login attempt unless the username is a local admin.
7e0b422b1725 First working revision. Dan parents: diff changeset	134	$username = $db->escape(strtolower($userinfo['username']));
7e0b422b1725 First working revision. Dan parents: diff changeset	135	$q = $db->sql_query("SELECT user_level FROM " . table_prefix . "users WHERE " . ENANO_SQLFUNC_LOWERCASE . "(username) = '$username';");
7e0b422b1725 First working revision. Dan parents: diff changeset	136	if ( !$q )
7e0b422b1725 First working revision. Dan parents: diff changeset	137	$db->_die();
7e0b422b1725 First working revision. Dan parents: diff changeset	138	if ( $db->numrows() > 0 )
7e0b422b1725 First working revision. Dan parents: diff changeset	139	{
7e0b422b1725 First working revision. Dan parents: diff changeset	140	// Well, the user exists...
7e0b422b1725 First working revision. Dan parents: diff changeset	141	list($ul) = $db->fetchrow_num();
7e0b422b1725 First working revision. Dan parents: diff changeset	142	$db->free_result();
7e0b422b1725 First working revision. Dan parents: diff changeset	143	if ( $ul >= USER_LEVEL_ADMIN )
7e0b422b1725 First working revision. Dan parents: diff changeset	144	{
7e0b422b1725 First working revision. Dan parents: diff changeset	145	// They're an admin, allow local logon
7e0b422b1725 First working revision. Dan parents: diff changeset	146	return null;
7e0b422b1725 First working revision. Dan parents: diff changeset	147	}
7e0b422b1725 First working revision. Dan parents: diff changeset	148	}
7e0b422b1725 First working revision. Dan parents: diff changeset	149	$db->free_result();
7e0b422b1725 First working revision. Dan parents: diff changeset	150
7e0b422b1725 First working revision. Dan parents: diff changeset	151	// User doesn't exist, or is not an admin, and users are not allowed to log on locally. Lock them out.
7e0b422b1725 First working revision. Dan parents: diff changeset	152	$q = $db->sql_query('INSERT INTO ' . table_prefix . "lockout(ipaddr, timestamp, action, username)\n"
7e0b422b1725 First working revision. Dan parents: diff changeset	153	. " VALUES('" . $db->escape($_SERVER['REMOTE_ADDR']) . "', " . time() . ", 'credential', '" . $db->escape($userinfo['username']) . "');");
7e0b422b1725 First working revision. Dan parents: diff changeset	154	if ( !$q )
7e0b422b1725 First working revision. Dan parents: diff changeset	155	$db->_die();
7e0b422b1725 First working revision. Dan parents: diff changeset	156
7e0b422b1725 First working revision. Dan parents: diff changeset	157	return array(
7e0b422b1725 First working revision. Dan parents: diff changeset	158	'mode' => 'error',
7e0b422b1725 First working revision. Dan parents: diff changeset	159	'error' => 'Invalid RADIUS authentication credentials.'
7e0b422b1725 First working revision. Dan parents: diff changeset	160	);
7e0b422b1725 First working revision. Dan parents: diff changeset	161	}
7e0b422b1725 First working revision. Dan parents: diff changeset	162	}
7e0b422b1725 First working revision. Dan parents: diff changeset	163
7e0b422b1725 First working revision. Dan parents: diff changeset	164	// Registration blocking hook
7e0b422b1725 First working revision. Dan parents: diff changeset	165	if ( getConfig('radius_disable_local_auth', 0) == 1 )
7e0b422b1725 First working revision. Dan parents: diff changeset	166	{
7e0b422b1725 First working revision. Dan parents: diff changeset	167	$plugins->attachHook('ucp_register_validate', 'radius_auth_reg_block($error);');
7e0b422b1725 First working revision. Dan parents: diff changeset	168	}
7e0b422b1725 First working revision. Dan parents: diff changeset	169
7e0b422b1725 First working revision. Dan parents: diff changeset	170	function radius_auth_reg_block(&$error)
7e0b422b1725 First working revision. Dan parents: diff changeset	171	{
7e0b422b1725 First working revision. Dan parents: diff changeset	172	$error = 'Registration on this website is disabled because RADIUS authentication is configured. Please log in using a valid RADIUS username and password, and an account will be created for you automatically.';
7e0b422b1725 First working revision. Dan parents: diff changeset	173	}
7e0b422b1725 First working revision. Dan parents: diff changeset	174
7e0b422b1725 First working revision. Dan parents: diff changeset	175	//
7e0b422b1725 First working revision. Dan parents: diff changeset	176	// ADMIN
7e0b422b1725 First working revision. Dan parents: diff changeset	177	//
7e0b422b1725 First working revision. Dan parents: diff changeset	178
7e0b422b1725 First working revision. Dan parents: diff changeset	179	$plugins->attachHook('session_started', 'radius_session_hook();');
7e0b422b1725 First working revision. Dan parents: diff changeset	180
7e0b422b1725 First working revision. Dan parents: diff changeset	181	if ( getConfig('radius_disable_local_auth', 0) == 1 )
7e0b422b1725 First working revision. Dan parents: diff changeset	182	{
7e0b422b1725 First working revision. Dan parents: diff changeset	183	$plugins->attachHook('common_post', 'radius_tou_hook();');
7e0b422b1725 First working revision. Dan parents: diff changeset	184	}
7e0b422b1725 First working revision. Dan parents: diff changeset	185
7e0b422b1725 First working revision. Dan parents: diff changeset	186	function radius_session_hook()
7e0b422b1725 First working revision. Dan parents: diff changeset	187	{
7e0b422b1725 First working revision. Dan parents: diff changeset	188	global $db, $session, $paths, $template, $plugins; // Common objects
7e0b422b1725 First working revision. Dan parents: diff changeset	189
7e0b422b1725 First working revision. Dan parents: diff changeset	190	// Register the admin page
7e0b422b1725 First working revision. Dan parents: diff changeset	191	$paths->addAdminNode('adm_cat_security', 'RADIUS Authentication', 'RadiusConfig');
7e0b422b1725 First working revision. Dan parents: diff changeset	192
7e0b422b1725 First working revision. Dan parents: diff changeset	193	// Disable password change
7e0b422b1725 First working revision. Dan parents: diff changeset	194	if ( getConfig('radius_disable_local_auth', 0) == 1 && $session->user_level < USER_LEVEL_ADMIN )
7e0b422b1725 First working revision. Dan parents: diff changeset	195	{
7e0b422b1725 First working revision. Dan parents: diff changeset	196	$link_text = getConfig('radius_password_text', false);
7e0b422b1725 First working revision. Dan parents: diff changeset	197	if ( empty($link_text) )
7e0b422b1725 First working revision. Dan parents: diff changeset	198	$link_text = false;
7e0b422b1725 First working revision. Dan parents: diff changeset	199	$link_url = str_replace('%u', $session->username, getConfig('radius_password_url', ''));
7e0b422b1725 First working revision. Dan parents: diff changeset	200	if ( empty($link_url) )
7e0b422b1725 First working revision. Dan parents: diff changeset	201	$link_url = false;
7e0b422b1725 First working revision. Dan parents: diff changeset	202	$session->disable_password_change($link_url, $link_text);
7e0b422b1725 First working revision. Dan parents: diff changeset	203	}
7e0b422b1725 First working revision. Dan parents: diff changeset	204	}
7e0b422b1725 First working revision. Dan parents: diff changeset	205
7e0b422b1725 First working revision. Dan parents: diff changeset	206	function radius_tou_hook()
7e0b422b1725 First working revision. Dan parents: diff changeset	207	{
7e0b422b1725 First working revision. Dan parents: diff changeset	208	global $db, $session, $paths, $template, $plugins; // Common objects
7e0b422b1725 First working revision. Dan parents: diff changeset	209
7e0b422b1725 First working revision. Dan parents: diff changeset	210	// Are we pending TOU acceptance?
7e0b422b1725 First working revision. Dan parents: diff changeset	211	if ( $session->user_logged_in && !$session->on_critical_page() && trim(getConfig('register_tou', '')) != '' )
7e0b422b1725 First working revision. Dan parents: diff changeset	212	{
7e0b422b1725 First working revision. Dan parents: diff changeset	213	$q = $db->sql_query('SELECT account_active FROM ' . table_prefix . "users WHERE user_id = $session->user_id;");
7e0b422b1725 First working revision. Dan parents: diff changeset	214	if ( !$q )
7e0b422b1725 First working revision. Dan parents: diff changeset	215	$db->_die();
7e0b422b1725 First working revision. Dan parents: diff changeset	216
7e0b422b1725 First working revision. Dan parents: diff changeset	217	list($active) = $db->fetchrow_num();
7e0b422b1725 First working revision. Dan parents: diff changeset	218	$db->free_result();
7e0b422b1725 First working revision. Dan parents: diff changeset	219	if ( $active == 1 )
7e0b422b1725 First working revision. Dan parents: diff changeset	220	{
7e0b422b1725 First working revision. Dan parents: diff changeset	221	// Pending TOU accept
7e0b422b1725 First working revision. Dan parents: diff changeset	222	// Basically, what we do here is force the user to accept the TOU and record it by setting account_active to 2 instead of a 1
7e0b422b1725 First working revision. Dan parents: diff changeset	223	// A bit of a hack, but hey, it works, at least in 1.1.8.
7e0b422b1725 First working revision. Dan parents: diff changeset	224	// In 1.1.7, it just breaks your whole account, and $session->on_critical_page() is broken in 1.1.7 so you won't even be able
7e0b422b1725 First working revision. Dan parents: diff changeset	225	// to go the admin CP and re-activate yourself. Good times... erhm, sorry.
7e0b422b1725 First working revision. Dan parents: diff changeset	226
7e0b422b1725 First working revision. Dan parents: diff changeset	227	if ( isset($_POST['tou_agreed']) && $_POST['tou_agreed'] === 'I accept the terms and conditions displayed on this site' )
7e0b422b1725 First working revision. Dan parents: diff changeset	228	{
7e0b422b1725 First working revision. Dan parents: diff changeset	229	// Accepted
7e0b422b1725 First working revision. Dan parents: diff changeset	230	$q = $db->sql_query('UPDATE ' . table_prefix . "users SET account_active = 2 WHERE user_id = $session->user_id;");
7e0b422b1725 First working revision. Dan parents: diff changeset	231	if ( !$q )
7e0b422b1725 First working revision. Dan parents: diff changeset	232	$db->_die();
7e0b422b1725 First working revision. Dan parents: diff changeset	233
7e0b422b1725 First working revision. Dan parents: diff changeset	234	return true;
7e0b422b1725 First working revision. Dan parents: diff changeset	235	}
7e0b422b1725 First working revision. Dan parents: diff changeset	236
7e0b422b1725 First working revision. Dan parents: diff changeset	237	global $output, $lang;
7e0b422b1725 First working revision. Dan parents: diff changeset	238	$output->set_title('Terms of Use');
7e0b422b1725 First working revision. Dan parents: diff changeset	239	$output->header();
7e0b422b1725 First working revision. Dan parents: diff changeset	240
7e0b422b1725 First working revision. Dan parents: diff changeset	241	?>
7e0b422b1725 First working revision. Dan parents: diff changeset	242	<p>Please read and accept the following terms:</p>
7e0b422b1725 First working revision. Dan parents: diff changeset	243
7e0b422b1725 First working revision. Dan parents: diff changeset	244	<div style="border: 1px solid #000000; height: 300px; width: 60%; clip: rect(0px,auto,auto,0px); overflow: auto; background-color: #FFF; margin: 0 auto; padding: 4px;">
7e0b422b1725 First working revision. Dan parents: diff changeset	245	<?php
7e0b422b1725 First working revision. Dan parents: diff changeset	246	$terms = getConfig('register_tou', '');
7e0b422b1725 First working revision. Dan parents: diff changeset	247	echo RenderMan::render($terms);
7e0b422b1725 First working revision. Dan parents: diff changeset	248	?>
7e0b422b1725 First working revision. Dan parents: diff changeset	249	</div>
7e0b422b1725 First working revision. Dan parents: diff changeset	250
7e0b422b1725 First working revision. Dan parents: diff changeset	251	<form method="post">
7e0b422b1725 First working revision. Dan parents: diff changeset	252	<p style="text-align: center;">
7e0b422b1725 First working revision. Dan parents: diff changeset	253	<label>
7e0b422b1725 First working revision. Dan parents: diff changeset	254	<input tabindex="7" type="checkbox" name="tou_agreed" value="I accept the terms and conditions displayed on this site" />
7e0b422b1725 First working revision. Dan parents: diff changeset	255	<b><?php echo $lang->get('user_reg_lbl_field_tou'); ?></b>
7e0b422b1725 First working revision. Dan parents: diff changeset	256	</label>
7e0b422b1725 First working revision. Dan parents: diff changeset	257	</p>
7e0b422b1725 First working revision. Dan parents: diff changeset	258	<p style="text-align: center;">
7e0b422b1725 First working revision. Dan parents: diff changeset	259	<input type="submit" value="Continue" />
7e0b422b1725 First working revision. Dan parents: diff changeset	260	</p>
7e0b422b1725 First working revision. Dan parents: diff changeset	261	</form>
7e0b422b1725 First working revision. Dan parents: diff changeset	262
7e0b422b1725 First working revision. Dan parents: diff changeset	263	<?php
7e0b422b1725 First working revision. Dan parents: diff changeset	264
7e0b422b1725 First working revision. Dan parents: diff changeset	265	$output->footer();
7e0b422b1725 First working revision. Dan parents: diff changeset	266
7e0b422b1725 First working revision. Dan parents: diff changeset	267	$db->close();
7e0b422b1725 First working revision. Dan parents: diff changeset	268	exit;
7e0b422b1725 First working revision. Dan parents: diff changeset	269	}
7e0b422b1725 First working revision. Dan parents: diff changeset	270	}
7e0b422b1725 First working revision. Dan parents: diff changeset	271	}
7e0b422b1725 First working revision. Dan parents: diff changeset	272
7e0b422b1725 First working revision. Dan parents: diff changeset	273	function page_Admin_RadiusConfig()
7e0b422b1725 First working revision. Dan parents: diff changeset	274	{
7e0b422b1725 First working revision. Dan parents: diff changeset	275	// Security check
7e0b422b1725 First working revision. Dan parents: diff changeset	276	global $db, $session, $paths, $template, $plugins; // Common objects
7e0b422b1725 First working revision. Dan parents: diff changeset	277	if ( $session->auth_level < USER_LEVEL_ADMIN )
7e0b422b1725 First working revision. Dan parents: diff changeset	278	return false;
7e0b422b1725 First working revision. Dan parents: diff changeset	279
7e0b422b1725 First working revision. Dan parents: diff changeset	280	if ( isset($_POST['submit']) )
7e0b422b1725 First working revision. Dan parents: diff changeset	281	{
7e0b422b1725 First working revision. Dan parents: diff changeset	282	setConfig('radius_enable', isset($_POST['radius_enable']) ? '1' : '0');
7e0b422b1725 First working revision. Dan parents: diff changeset	283	setConfig('radius_server', $_POST['radius_server']);
7e0b422b1725 First working revision. Dan parents: diff changeset	284	setConfig('radius_port', intval($_POST['radius_port']) > 0 && intval($_POST['radius_port']) < 65535 ? intval($_POST['radius_port']) : 1812 );
7e0b422b1725 First working revision. Dan parents: diff changeset	285	setConfig('radius_secret', $_POST['radius_secret']);
7e0b422b1725 First working revision. Dan parents: diff changeset	286	setConfig('radius_disable_local_auth', isset($_POST['radius_disable_local_auth']) ? '1' : '0');
7e0b422b1725 First working revision. Dan parents: diff changeset	287	setConfig('radius_password_text', $_POST['radius_password_text']);
7e0b422b1725 First working revision. Dan parents: diff changeset	288	setConfig('radius_password_url', $_POST['radius_password_url']);
7e0b422b1725 First working revision. Dan parents: diff changeset	289	setConfig('radius_email_domain', $_POST['radius_email_domain']);
7e0b422b1725 First working revision. Dan parents: diff changeset	290	setConfig('radius_method', $_POST['radius_method']);
7e0b422b1725 First working revision. Dan parents: diff changeset	291
7e0b422b1725 First working revision. Dan parents: diff changeset	292	echo '<div class="info-box">Your changes have been saved.</div>';
7e0b422b1725 First working revision. Dan parents: diff changeset	293	}
7e0b422b1725 First working revision. Dan parents: diff changeset	294
7e0b422b1725 First working revision. Dan parents: diff changeset	295	acp_start_form();
7e0b422b1725 First working revision. Dan parents: diff changeset	296	?>
7e0b422b1725 First working revision. Dan parents: diff changeset	297	<div class="tblholder">
7e0b422b1725 First working revision. Dan parents: diff changeset	298	<table border="0" cellspacing="1" cellpadding="4">
7e0b422b1725 First working revision. Dan parents: diff changeset	299	<tr>
7e0b422b1725 First working revision. Dan parents: diff changeset	300	<th colspan="2">
7e0b422b1725 First working revision. Dan parents: diff changeset	301	RADIUS Authentication Configuration
7e0b422b1725 First working revision. Dan parents: diff changeset	302	</th>
7e0b422b1725 First working revision. Dan parents: diff changeset	303	</tr>
7e0b422b1725 First working revision. Dan parents: diff changeset	304
7e0b422b1725 First working revision. Dan parents: diff changeset	305	<!-- RADIUS enable -->
7e0b422b1725 First working revision. Dan parents: diff changeset	306
7e0b422b1725 First working revision. Dan parents: diff changeset	307	<tr>
7e0b422b1725 First working revision. Dan parents: diff changeset	308	<td class="row2" style="width: 50%;">
7e0b422b1725 First working revision. Dan parents: diff changeset	309	Enable RADIUS authentication:
7e0b422b1725 First working revision. Dan parents: diff changeset	310	</td>
7e0b422b1725 First working revision. Dan parents: diff changeset	311	<td class="row1" style="width: 50%;">
7e0b422b1725 First working revision. Dan parents: diff changeset	312	<label>
7e0b422b1725 First working revision. Dan parents: diff changeset	313	<input type="checkbox" name="radius_enable" <?php if ( getConfig('radius_enable', 0) ) echo 'checked="checked" '; ?>/>
7e0b422b1725 First working revision. Dan parents: diff changeset	314	Enabled
7e0b422b1725 First working revision. Dan parents: diff changeset	315	</label>
7e0b422b1725 First working revision. Dan parents: diff changeset	316	</td>
7e0b422b1725 First working revision. Dan parents: diff changeset	317	</tr>
7e0b422b1725 First working revision. Dan parents: diff changeset	318
7e0b422b1725 First working revision. Dan parents: diff changeset	319	<!-- Server -->
7e0b422b1725 First working revision. Dan parents: diff changeset	320
7e0b422b1725 First working revision. Dan parents: diff changeset	321	<tr>
7e0b422b1725 First working revision. Dan parents: diff changeset	322	<td class="row2">
7e0b422b1725 First working revision. Dan parents: diff changeset	323	RADIUS server:
7e0b422b1725 First working revision. Dan parents: diff changeset	324	</td>
7e0b422b1725 First working revision. Dan parents: diff changeset	325	<td class="row1">
7e0b422b1725 First working revision. Dan parents: diff changeset	326	<input type="text" name="radius_server" value="<?php echo htmlspecialchars(getConfig('radius_server', '')); ?>" size="15" />
7e0b422b1725 First working revision. Dan parents: diff changeset	327	Port:
7e0b422b1725 First working revision. Dan parents: diff changeset	328	<input type="text" name="radius_port" value="<?php echo getConfig('radius_port', 1812); ?>" size="5" />
7e0b422b1725 First working revision. Dan parents: diff changeset	329	</td>
7e0b422b1725 First working revision. Dan parents: diff changeset	330	</tr>
7e0b422b1725 First working revision. Dan parents: diff changeset	331
7e0b422b1725 First working revision. Dan parents: diff changeset	332	<!-- Secret -->
7e0b422b1725 First working revision. Dan parents: diff changeset	333
7e0b422b1725 First working revision. Dan parents: diff changeset	334	<tr>
7e0b422b1725 First working revision. Dan parents: diff changeset	335	<td class="row2">
7e0b422b1725 First working revision. Dan parents: diff changeset	336	Shared secret:
7e0b422b1725 First working revision. Dan parents: diff changeset	337	</td>
7e0b422b1725 First working revision. Dan parents: diff changeset	338	<td class="row1">
7e0b422b1725 First working revision. Dan parents: diff changeset	339	<input type="text" name="radius_secret" value="<?php echo htmlspecialchars(getConfig('radius_secret', '')); ?>" size="30" />
7e0b422b1725 First working revision. Dan parents: diff changeset	340	</td>
7e0b422b1725 First working revision. Dan parents: diff changeset	341	</tr>
7e0b422b1725 First working revision. Dan parents: diff changeset	342
7e0b422b1725 First working revision. Dan parents: diff changeset	343	<!-- Auth method -->
7e0b422b1725 First working revision. Dan parents: diff changeset	344
7e0b422b1725 First working revision. Dan parents: diff changeset	345	<tr>
7e0b422b1725 First working revision. Dan parents: diff changeset	346	<td class="row2">
7e0b422b1725 First working revision. Dan parents: diff changeset	347	Authentication method:
7e0b422b1725 First working revision. Dan parents: diff changeset	348	</td>
7e0b422b1725 First working revision. Dan parents: diff changeset	349	<td class="row1">
7e0b422b1725 First working revision. Dan parents: diff changeset	350	<select name="radius_method">
7e0b422b1725 First working revision. Dan parents: diff changeset	351	<?php
7e0b422b1725 First working revision. Dan parents: diff changeset	352	$methods = array(
7e0b422b1725 First working revision. Dan parents: diff changeset	353	'pap' => 'PAP',
7e0b422b1725 First working revision. Dan parents: diff changeset	354	'chap' => 'CHAP',
7e0b422b1725 First working revision. Dan parents: diff changeset	355	'mschap' => 'MS-CHAP v1',
7e0b422b1725 First working revision. Dan parents: diff changeset	356	'mschapv2' => 'MS-CHAP v2'
7e0b422b1725 First working revision. Dan parents: diff changeset	357	);
7e0b422b1725 First working revision. Dan parents: diff changeset	358	foreach ( $methods as $method => $name )
7e0b422b1725 First working revision. Dan parents: diff changeset	359	{
7e0b422b1725 First working revision. Dan parents: diff changeset	360	$select = getConfig('radius_method', 'pap') == $method ? ' selected="selected"' : '';
7e0b422b1725 First working revision. Dan parents: diff changeset	361	echo "<option value=\"$method\"{$select}>$name</option>";
7e0b422b1725 First working revision. Dan parents: diff changeset	362	}
7e0b422b1725 First working revision. Dan parents: diff changeset	363	?>
7e0b422b1725 First working revision. Dan parents: diff changeset	364	</select>
7e0b422b1725 First working revision. Dan parents: diff changeset	365	</td>
7e0b422b1725 First working revision. Dan parents: diff changeset	366	</tr>
7e0b422b1725 First working revision. Dan parents: diff changeset	367
7e0b422b1725 First working revision. Dan parents: diff changeset	368	<!-- Block local auth -->
7e0b422b1725 First working revision. Dan parents: diff changeset	369
7e0b422b1725 First working revision. Dan parents: diff changeset	370	<tr>
7e0b422b1725 First working revision. Dan parents: diff changeset	371	<td class="row2">
7e0b422b1725 First working revision. Dan parents: diff changeset	372	Enforce RADIUS for single-sign-on:<br />
7e0b422b1725 First working revision. Dan parents: diff changeset	373	<small>Use this option to force RADIUS passwords and accounts to be used, regardless of local accounts, except for administrators.</small>
7e0b422b1725 First working revision. Dan parents: diff changeset	374	</td>
7e0b422b1725 First working revision. Dan parents: diff changeset	375	<td class="row1">
7e0b422b1725 First working revision. Dan parents: diff changeset	376	<label>
7e0b422b1725 First working revision. Dan parents: diff changeset	377	<input type="checkbox" name="radius_disable_local_auth" <?php if ( getConfig('radius_disable_local_auth', 0) ) echo 'checked="checked" '; ?>/>
7e0b422b1725 First working revision. Dan parents: diff changeset	378	Enabled
7e0b422b1725 First working revision. Dan parents: diff changeset	379	</label>
7e0b422b1725 First working revision. Dan parents: diff changeset	380	</td>
7e0b422b1725 First working revision. Dan parents: diff changeset	381	</tr>
7e0b422b1725 First working revision. Dan parents: diff changeset	382
7e0b422b1725 First working revision. Dan parents: diff changeset	383	<!-- E-mail domain -->
7e0b422b1725 First working revision. Dan parents: diff changeset	384
7e0b422b1725 First working revision. Dan parents: diff changeset	385	<tr>
7e0b422b1725 First working revision. Dan parents: diff changeset	386	<td class="row2">
7e0b422b1725 First working revision. Dan parents: diff changeset	387	E-mail address domain for autoregistered users:<br />
7e0b422b1725 First working revision. Dan parents: diff changeset	388	<small>When a user is automatically registered, this domain will be used as the domain for their e-mail address. This way, activation e-mails will
7e0b422b1725 First working revision. Dan parents: diff changeset	389	(ideally) reach the user.</small>
7e0b422b1725 First working revision. Dan parents: diff changeset	390	</td>
7e0b422b1725 First working revision. Dan parents: diff changeset	391	<td class="row1">
7e0b422b1725 First working revision. Dan parents: diff changeset	392	<input type="text" name="radius_email_domain" value="<?php echo htmlspecialchars(getConfig('radius_email_domain', '')); ?>" size="30" />
7e0b422b1725 First working revision. Dan parents: diff changeset	393	</td>
7e0b422b1725 First working revision. Dan parents: diff changeset	394	</tr>
7e0b422b1725 First working revision. Dan parents: diff changeset	395
7e0b422b1725 First working revision. Dan parents: diff changeset	396	<!-- Site password change link -->
7e0b422b1725 First working revision. Dan parents: diff changeset	397
7e0b422b1725 First working revision. Dan parents: diff changeset	398	<tr>
7e0b422b1725 First working revision. Dan parents: diff changeset	399	<td class="row2">
7e0b422b1725 First working revision. Dan parents: diff changeset	400	External password management link:<br />
7e0b422b1725 First working revision. Dan parents: diff changeset	401	<small>Enter a URL here to link to from Enano's Change Password page. Leave blank to not display a link. The text "%u" will be replaced with the user's username.</small>
7e0b422b1725 First working revision. Dan parents: diff changeset	402	</td>
7e0b422b1725 First working revision. Dan parents: diff changeset	403	<td class="row1">
7e0b422b1725 First working revision. Dan parents: diff changeset	404	Link text: <input type="text" name="radius_password_text" value="<?php echo htmlspecialchars(getConfig('radius_password_text', '')); ?>" size="30" /><br />
7e0b422b1725 First working revision. Dan parents: diff changeset	405	Link URL: <input type="text" name="radius_password_url" value="<?php echo htmlspecialchars(getConfig('radius_password_url', '')); ?>" size="30" />
7e0b422b1725 First working revision. Dan parents: diff changeset	406	</td>
7e0b422b1725 First working revision. Dan parents: diff changeset	407	</tr>
7e0b422b1725 First working revision. Dan parents: diff changeset	408
7e0b422b1725 First working revision. Dan parents: diff changeset	409	<tr>
7e0b422b1725 First working revision. Dan parents: diff changeset	410	<th class="subhead" colspan="2">
7e0b422b1725 First working revision. Dan parents: diff changeset	411	<input type="submit" name="submit" value="Save changes" />
7e0b422b1725 First working revision. Dan parents: diff changeset	412	</th>
7e0b422b1725 First working revision. Dan parents: diff changeset	413	</tr>
7e0b422b1725 First working revision. Dan parents: diff changeset	414	</table>
7e0b422b1725 First working revision. Dan parents: diff changeset	415	</div>
7e0b422b1725 First working revision. Dan parents: diff changeset	416	<?php
7e0b422b1725 First working revision. Dan parents: diff changeset	417	echo '</form>';
7e0b422b1725 First working revision. Dan parents: diff changeset	418	}

author	Dan
	Wed, 06 Jan 2010 02:57:23 -0500
changeset 0	7e0b422b1725
permissions	-rw-r--r--