<?php

function page_Special_YMS()

{

  global $db, $session, $paths, $template, $plugins; // Common objects

  global $lang;

  global $output;

  global $yms_client_id;

  // Require re-auth?

  if ( $session->auth_level < USER_LEVEL_CHPREF && getConfig('yms_require_reauth', 1) == 1 )

  {

    redirect(makeUrlNS('Special', "Login/$paths->fullpage", 'level=' . USER_LEVEL_CHPREF), '', '', 0);

  }

  // Check for Yubikey plugin

  if ( !function_exists('yubikey_validate_otp') )

  {

    die_friendly($lang->get('yms_err_yubikey_plugin_missing_title'), '<p>' . $lang->get('yms_err_yubikey_plugin_missing_body') . '</p>');

  }

  // Client switch allowed?

  if ( $session->user_level >= USER_LEVEL_ADMIN && getConfig('yms_claim_enable', 0) == 1 )

  {

    $on_home = empty($_POST) && !$paths->getParam(0);

    // yes.

    $configkey = "yms_zeroeditsess_{$session->user_id}";

    if ( getConfig($configkey, 0) == 1 && !isset($_GET['client_switch']) )

    {

      // set to zero

      $yms_client_id = 0;

    }

    else if ( !getConfig($configkey) && isset($_GET['client_switch']) )

    {

      // set to zero + update config

      $yms_client_id = 0;

      setConfig($configkey, 1);

    }

    else if ( getConfig($configkey) && isset($_GET['client_switch']) )

    {

      // turning off

      setConfig($configkey, false);

    }

    // display a notice

    if ( $yms_client_id == 0 && $on_home )

    {

      $output->add_after_header('<div class="info-box">' . $lang->get('yms_msg_editing_zero') . '</div>');

    }

  }

  // Does the client exist?

  $q = $db->sql_query('SELECT 1 FROM ' . table_prefix . "yms_clients WHERE id = {$yms_client_id};");

  if ( !$q )

    $db->_die();

  $client_exists = $db->numrows();

  $db->free_result();

  if ( !$client_exists && $yms_client_id > 0 )

  {

    redirect(makeUrlNS('Special', 'YMSCreateClient'), '', '', 0);

  }

  // Check for a subpage request

  if ( $subpage = $paths->getParam(0) )

  {

    if ( preg_match('/^[A-z0-9]+$/', $subpage) )

    {

      if ( function_exists("page_Special_YMS_{$subpage}") )

      {

        // call the subpage

        $return = call_user_func("page_Special_YMS_{$subpage}");

        if ( !$return )

          return false;

        // return true = continue exec

      }

    }

  }

  //

  // POST processing

  //

  if ( isset($_POST['add_aes']) && isset($_POST['add_otp']) )

  {

    $client_id = false;

    $enabled = $_POST['state'] == 'active';

    $any_client = isset($_POST['any_client']);

    $notes = $_POST['notes'];

    // Release key?

    if ( $session->user_level >= USER_LEVEL_ADMIN && getConfig('yms_claim_enable', 0) == 1 && isset($_POST['allow_claim']) )

    {

      $client_id = 0;

      // also allow anyone to validate OTPs from it and mark it as active

      $any_client = true;

      $enabled = true;

    }

    $result = yms_add_yubikey($_POST['add_aes'], $_POST['add_otp'], $client_id, $enabled, $any_client, $notes);

    yms_send_response('yms_msg_addkey_success', $result);

  }

  else if ( isset($_POST['claim_otp']) && getConfig('yms_claim_enable', 0) == 1 )

  {

    // do we need to validate a custom field?

    if ( ($url = getConfig('yms_claim_auth_url')) && getConfig('yms_claim_auth_field') && getConfig('yms_claim_auth_enable', 0) == 1 )

    {

      if ( ($result = yms_validate_custom_field($_POST['custom_field'], $_POST['claim_otp'], $url)) !== true )

        yms_send_response('n/a', $result);

    }

    // validate this OTP, make sure it's all good

    $result = strtolower(yms_validate_otp($_POST['claim_otp'], 0));

    if ( $result !== 'ok' )

      yms_send_response('n/a', "yubiauth_err_response_{$result}");

    // change owner

    $client_id = false;

    $enabled = $_POST['state'] == 'active';

    $any_client = isset($_POST['any_client']);

    $notes = $_POST['notes'];

    $result = yms_chown_yubikey($_POST['claim_otp'], $client_id, $enabled, $any_client, $notes);

    yms_send_response('yms_msg_addkey_success', $result);

  }

  else if ( $paths->getParam(0) == 'DeleteKey' && $paths->getParam(2) == 'Confirm' )

  {

    csrf_request_confirm();

    $id = intval($paths->getParam(1));

    $result = yms_delete_key($id);

    yms_send_response('yms_msg_delete_success', $result);

  }

  else if ( isset($_POST['update_counters']) )

  {

    $yk_id  = $_POST['update_counters'];

    $scount = $_POST['session_count'];

    $tcount = $_POST['token_count'];

    $any_client = isset($_POST['any_client']);

    $result = yms_update_counters($yk_id, $scount, $tcount, false, $any_client);

    yms_send_response('yms_msg_counter_update_success', $result);

  }

  if ( isset($_GET['toggle']) && isset($_GET['state']) )

  {

    $id = intval($_GET['toggle']);

    if ( $_GET['state'] === 'active' )

      $expr = 'flags | ' . YMS_ENABLED;

    else

      $expr = 'flags & ~' . YMS_ENABLED;

    $q = $db->sql_query('UPDATE ' . table_prefix . "yms_yubikeys SET flags = $expr WHERE id = $id AND client_id = {$yms_client_id};");

    if ( !$q )

      $db->die_json();

  }

  // Preload JS libraries we need for Yubikey

  $template->preload_js(array('jquery', 'jquery-ui', 'l10n', 'flyin', 'messagebox', 'fadefilter'));

  // Load CSS

  $template->add_header('<link rel="stylesheet" type="text/css" href="' . scriptPath . '/plugins/yms/styles.css" />');

  // Load JS

  $template->add_header('<script type="text/javascript" src="' . scriptPath . '/plugins/yms/cp.js"></script>');

  // Send header

  $output->header();

  // Message container

  if ( !isset($_GET['ajax'] ) )

    echo '<div id="yms-messages"></div><div id="yms-keylist">';

  // Buttons

  ?>

  <div class="yms-buttons">

    <a class="abutton abutton_green icon" style="background-image: url(<?php echo scriptPath; ?>/plugins/yms/icons/key_add.png);"

       href="<?php echo makeUrlNS('Special', 'YMS/AddKey'); ?>" onclick="yms_showpage('AddKey'); return false;">

      <?php echo $lang->get('yms_btn_add_key'); ?>

    </a>

    <?php if ( getConfig('yms_claim_enable', 0) == 1 && $yms_client_id > 0 ): ?>

    <a class="abutton abutton_blue icon" style="background-image: url(<?php echo scriptPath; ?>/plugins/yms/icons/key_add.png);"

       href="<?php echo makeUrlNS('Special', 'YMS/AddPreregisteredKey'); ?>" onclick="yms_showpage('AddPreregisteredKey'); return false;">

      <?php echo $lang->get('yms_btn_add_key_preregistered'); ?>

    </a>

    <?php endif; ?>

  </div>

  <?php

  // Pull all Yubikeys

  $q = $db->sql_query('SELECT id, public_id, session_count, create_time, access_time, flags, notes FROM ' . table_prefix . "yms_yubikeys WHERE client_id = {$yms_client_id} ORDER BY id ASC;");

  if ( !$q )

    $db->_die();

  if ( $db->numrows() < 1 )

  {

    echo '<h2 class="emptymessage">' . $lang->get('yms_msg_no_yubikeys') . '</h2>';

  }

  else

  {

    ?>

    <div class="tblholder">

    <table border="0" cellspacing="1" cellpadding="4">

    <!-- Table header -->

      <tr>

        <th><?php echo $lang->get('yms_th_id'); ?></th>

        <th><?php echo $lang->get('yms_th_publicid'); ?></th>

        <th><?php echo $lang->get('yms_th_createtime'); ?></th>

        <th><?php echo $lang->get('yms_th_accesstime'); ?></th>

        <th><?php echo $lang->get('yms_th_state'); ?></th>

        <th><?php echo $lang->get('yms_th_note'); ?></th>

        <th></th>

      </tr>

    <?php

      $cls = 'row2';

      while ( $row = $db->fetchrow($q) )

      {

        $cls = $cls == 'row2' ? 'row1' : 'row2';

        ?>

        <tr>

          <!-- Key ID -->

          <td style="text-align: center;" class="<?php echo $cls; ?>"><?php echo $row['id']; ?></td>

          <!-- Public UID -->

          <td style="text-align: left;" class="<?php echo $cls; ?>"><?php echo yms_modhex_encode($row['public_id']); ?></td>

          <!-- Create time -->

          <td style="text-align: left;" class="<?php echo $cls; ?>"><?php echo yms_date($row['create_time']); ?></td>

          <!-- Access time -->

          <td style="text-align: left;" class="<?php echo $cls; ?>"><?php echo $row['access_time'] <= $row['create_time'] ? $lang->get('yms_msg_access_never') : yms_date($row['access_time']); ?></td>

          <!-- State -->

          <td style="text-align: center;" class="<?php echo $cls; ?>"><?php echo yms_state_indicator($row['flags'], $row['id']); ?></td>

          <!-- Notes -->

          <td style="text-align: center;" class="<?php echo $cls; ?>"><?php echo yms_notes_cell($row['notes'], $row['id']); ?></td>

          <!-- Actions -->

          <td style="text-align: center;" class="<?php echo $cls; ?>"><?php echo yms_show_actions($row);  ?></td>

        </tr>

        <?php

      }

    ?>

    </table>

    </div>

    <br /><br />

    <?php

  }

  ?>

  <a href="<?php echo makeUrlNS('Special', 'YMS/Converter'); ?>" onclick="yms_showpage('Converter'); return false;" class="abutton abutton_red icon"

     style="background-image: url(<?php echo scriptPath; ?>/plugins/yms/icons/application_view_icons.png);">

    <?php echo $lang->get('yms_btn_show_converter'); ?>

  </a>

  <a href="<?php echo makeUrlNS('Special', 'YMS/ShowClientInfo'); ?>" onclick="yms_showpage('ShowClientInfo'); return false;" class="abutton abutton_blue icon"

     style="background-image: url(<?php echo scriptPath; ?>/plugins/yms/icons/show_client_info.png);">

    <?php echo $lang->get('yms_btn_show_client_info'); ?>

  </a>

  <?php if ( getConfig('yms_claim_enable', 0) == 1 ): ?>

  <a href="<?php echo makeUrlNS('Special', 'YMS', 'client_switch', true); ?>" class="abutton abutton_green">

    <?php echo $yms_client_id == 0 ? $lang->get('yms_btn_switch_from_zero') : $lang->get('yms_btn_switch_to_zero'); ?>

  </a>

  <?php endif; ?>

  <?php

  $db->free_result($q);

  // close off inner div (yms-keylist)

  if ( !isset($_GET['ajax'] ) )

    echo '</div>';

  // Send footer

  $output->footer();

}

// Add key, using AES secret

function page_Special_YMS_AddKey()

{

  global $output;

  global $lang;

  $output->add_after_header('<div class="breadcrumbs">

      <a href="' . makeUrlNS('Special', 'YMS') . '">' . $lang->get('yms_specialpage_yms') . '</a> &raquo;

      ' . $lang->get('yms_btn_add_key') . '

    </div>');

  $output->header();

  ?>

  <h3><?php echo $lang->get('yms_lbl_addkey_heading'); ?></h3>

  <p><?php echo $lang->get('yms_lbl_addkey_desc'); ?></p>

  <form action="<?php echo makeUrlNS('Special', 'YMS'); ?>" method="post">

    <div class="tblholder">

    <table border="0" cellspacing="1" cellspacing="4">

      <!-- AES secret -->

      <tr>

        <td class="row2">

          <?php echo $lang->get('yms_lbl_addkey_field_secret'); ?><br />

          <small><?php echo $lang->get('yms_lbl_addkey_field_secret_hint'); ?></small>

        </td>

        <td class="row1">

          <input type="text" name="add_aes" value="" size="40" />

        </td>

      </tr>

      <!-- OTP -->

      <tr>

        <td class="row2">

          <?php echo $lang->get('yms_lbl_addkey_field_otp'); ?>

        </td>

        <td class="row1">

          <?php echo generate_yubikey_field('add_otp'); ?>

        </td>

      </tr>

      <!-- State -->

      <tr>

        <td class="row2">

          <?php echo $lang->get('yms_lbl_addkey_field_state'); ?>

        </td>

        <td class="row1">

          <select name="state">

            <option value="active" selected="selected"><?php echo $lang->get('yms_state_active'); ?></option>

            <option value="inactive"><?php echo $lang->get('yms_state_inactive'); ?></option>

          </select>

        </td>

      </tr>

      <!-- Any client -->

      <tr>

        <td class="row2">

          <?php echo $lang->get('yms_lbl_addkey_field_any_client_name'); ?><br />

          <small><?php echo $lang->get('yms_lbl_addkey_field_any_client_hint'); ?></small>

        </td>

        <td class="row1">

          <label>

            <input type="checkbox" name="any_client" />

            <?php echo $lang->get('yms_lbl_addkey_field_any_client'); ?>

          </label>

        </td>

      </tr>

      <!-- Allow claim -->

      <?php if ( getConfig('yms_claim_enable', 0) == 1 ): ?>

      <tr>

        <td class="row2">

          <?php echo $lang->get('yms_lbl_addkey_field_allow_claim_name'); ?><br />

          <small><?php echo $lang->get('yms_lbl_addkey_field_allow_claim_hint'); ?></small>

        </td>

        <td class="row1">

          <label>

            <input type="checkbox" name="allow_claim" />

            <?php echo $lang->get('yms_lbl_addkey_field_allow_claim'); ?>

          </label>

        </td>

      </tr>

      <?php endif; ?>

      <!-- Notes -->

      <tr>

        <td class="row2">

          <?php echo $lang->get('yms_lbl_addkey_field_notes'); ?>

        </td>

        <td class="row1">

          <textarea style="font-family: sans-serif; font-size: 9pt;" name="notes" rows="5" cols="40"></textarea>

        </td>

      </tr>

      <!-- Submit -->

      <tr>

        <th class="subhead" colspan="2">

          <input type="submit" value="<?php echo $lang->get('yms_btn_addkey_submit'); ?>" />

        </th>

      </tr>

    </table>

    </div>

  </form>

  <?php

  $output->footer();

}

// Add key, using just an OTP

// Requires the key to be in the database as client ID 0

function page_Special_YMS_AddPreregisteredKey()

{

  global $db, $session, $paths, $template, $plugins; // Common objects

  global $lang, $output;

  if ( getConfig('yms_claim_enable', 0) != 1 )

    die();

  $output->add_after_header('<div class="breadcrumbs">

      <a href="' . makeUrlNS('Special', 'YMS') . '">' . $lang->get('yms_specialpage_yms') . '</a> &raquo;

      ' . $lang->get('yms_btn_add_key_preregistered') . '

    </div>');

  $output->header();

  ?>

  <h3><?php echo $lang->get('yms_lbl_claimkey_heading'); ?></h3>

  <p><?php echo $lang->get('yms_lbl_claimkey_desc'); ?></p>

  <form action="<?php echo makeUrlNS('Special', 'YMS'); ?>" method="post">

    <div class="tblholder">

    <table border="0" cellspacing="1" cellspacing="4">

      <!-- OTP -->

      <tr>

        <td class="row2">

          <?php echo $lang->get('yms_lbl_addkey_field_otp'); ?>

        </td>

        <td class="row1">

          <?php echo generate_yubikey_field('claim_otp'); ?>

        </td>

      </tr>

      <!-- State -->

      <tr>

        <td class="row2">

          <?php echo $lang->get('yms_lbl_addkey_field_state'); ?>

        </td>

        <td class="row1">

          <select name="state">

            <option value="active" selected="selected"><?php echo $lang->get('yms_state_active'); ?></option>

            <option value="inactive"><?php echo $lang->get('yms_state_inactive'); ?></option>

          </select>

        </td>

      </tr>

      <!-- Any client -->

      <tr>

        <td class="row2">

          <?php echo $lang->get('yms_lbl_addkey_field_any_client_name'); ?><br />

          <small><?php echo $lang->get('yms_lbl_addkey_field_any_client_hint'); ?></small>

        </td>

        <td class="row1">

          <label>

            <input type="checkbox" name="any_client" />

            <?php echo $lang->get('yms_lbl_addkey_field_any_client'); ?>

          </label>

        </td>

      </tr>

      <!-- Notes -->

      <tr>

        <td class="row2">

          <?php echo $lang->get('yms_lbl_addkey_field_notes'); ?>

        </td>

        <td class="row1">

          <textarea style="font-family: sans-serif; font-size: 9pt;" name="notes" rows="5" cols="40"></textarea>

        </td>

      </tr>

      <?php if ( ($field = getConfig('yms_claim_auth_field', '')) && getConfig('yms_claim_auth_url') ): ?>

      <!-- Custom field -->

      <tr>

        <td class="row2">

          <?php echo htmlspecialchars($field); ?>

        </td>

        <td class="row1">

          <input type="text" name="custom_field" value="" size="30" />

        </td>

      </tr>

      <?php endif; ?>

      <!-- Submit -->

      <tr>

        <th class="subhead" colspan="2">

          <input type="submit" value="<?php echo $lang->get('yms_btn_addkey_submit'); ?>" />

        </th>

      </tr>

    </table>

    </div>

  </form>

  <?php

  $output->footer();

}

// Show the AES secret for a key

function page_Special_YMS_ShowAESKey()

{

  global $db, $session, $paths, $template, $plugins; // Common objects

  global $lang, $output, $yms_client_id;

  $output->add_after_header('<div class="breadcrumbs">

      <a href="' . makeUrlNS('Special', 'YMS') . '">' . $lang->get('yms_specialpage_yms') . '</a> &raquo;

      ' . $lang->get('yms_btn_show_aes') . '

    </div>');

  $id = intval($paths->getParam(1));

  // verify ownership, retrieve key

  $q = $db->sql_query('SELECT client_id, public_id, aes_secret, session_count, token_count, flags FROM ' . table_prefix . "yms_yubikeys WHERE id = $id;");

  if ( !$q )

    $db->_die();

  if ( $db->numrows() < 1 )

  {

    die_friendly('no rows', '<p>key not found</p>');

  }

  list($client_id, $public_id, $secret, $scount, $tcount, $flags) = $db->fetchrow_num();

  $db->free_result();

  if ( $client_id !== $yms_client_id )