[Summary view] [Print] [Text view]

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  // Disallow direct access to this file for security reasons
  12  if(!defined("IN_MYBB"))
  13  {
  14      die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined.");
  15  }
  16  
  17  $page->add_breadcrumb_item($lang->preferences_and_personal_notes, "index.php?module=home-preferences");
  18  
  19  $plugins->run_hooks("admin_home_preferences_begin");
  20  
  21  if($mybb->input['action'] == "recovery_codes")
  22  {
  23      $page->add_breadcrumb_item($lang->recovery_codes, "index.php?module=home-preferences&action=recovery_codes");
  24  
  25      // First: regenerate the codes
  26      $codes = generate_recovery_codes();
  27      $db->update_query("adminoptions", array("recovery_codes" => $db->escape_string(my_serialize($codes))), "uid='{$mybb->user['uid']}'");
  28  
  29      // And now display them
  30      $page->output_header($lang->recovery_codes);
  31  
  32      $table = new Table;
  33      $table->construct_header($lang->recovery_codes);
  34  
  35      $table->construct_cell("{$lang->recovery_codes_warning} <strong><a href=\"javascript:window.print()\">{$lang->print_recovery_codes}</a></strong>");
  36      $table->construct_row();
  37  
  38      $table->construct_cell(implode("<br />", $codes));
  39      $table->construct_row();
  40  
  41      $table->output($lang->recovery_codes);
  42  
  43      $page->output_footer();
  44  }
  45  
  46  if(!$mybb->input['action'])
  47  {
  48      require_once  MYBB_ROOT."inc/3rdparty/2fa/GoogleAuthenticator.php";
  49      $auth = new PHPGangsta_GoogleAuthenticator;
  50  
  51      $plugins->run_hooks("admin_home_preferences_start");
  52  
  53      if($mybb->request_method == "post")
  54      {
  55          $query = $db->simple_select("adminoptions", "permissions, defaultviews, authsecret, recovery_codes", "uid='{$mybb->user['uid']}'");
  56          $adminopts = $db->fetch_array($query);
  57  
  58          $secret = $adminopts['authsecret'];
  59          // Was the option changed? empty = disabled so ==
  60          if($mybb->input['2fa'] == empty($secret))
  61          {
  62              // 2FA was enabled -> create secret and log
  63              if($mybb->input['2fa'])
  64              {
  65                  $secret = $auth->createSecret();
  66                  // We don't want to close this session now
  67                  $db->update_query("adminsessions", array("authenticated" => 1), "sid='".$db->escape_string($mybb->cookies['adminsid'])."'");
  68                  log_admin_action("enabled");
  69              }
  70              // 2FA was disabled -> clear secret
  71              else
  72              {
  73                  $secret = "";
  74                  $adminopts['recovery_codes'] = "";
  75                  log_admin_action("disabled");
  76              }
  77          }
  78  
  79          $sqlarray = array(
  80              "notes" => $db->escape_string($mybb->input['notes']),
  81              "cpstyle" => $db->escape_string($mybb->input['cpstyle']),
  82              "cplanguage" => $db->escape_string($mybb->input['cplanguage']),
  83              "permissions" => $db->escape_string($adminopts['permissions']),
  84              "defaultviews" => $db->escape_string($adminopts['defaultviews']),
  85              "uid" => $mybb->user['uid'],
  86              "codepress" => $mybb->get_input('codepress', MyBB::INPUT_INT), // It's actually CodeMirror but for compatibility purposes lets leave it codepress
  87              "authsecret" => $db->escape_string($secret),
  88              "recovery_codes" => $db->escape_string($adminopts['recovery_codes']),
  89          );
  90  
  91          $db->replace_query("adminoptions", $sqlarray, "uid");
  92  
  93          $plugins->run_hooks("admin_home_preferences_start_commit");
  94  
  95          flash_message($lang->success_preferences_updated, 'success');
  96          admin_redirect("index.php?module=home-preferences");
  97      }
  98  
  99      $page->output_header($lang->preferences_and_personal_notes);
 100  
 101      $sub_tabs['preferences'] = array(
 102          'title' => $lang->preferences_and_personal_notes,
 103          'link' => "index.php?module=home-preferences",
 104          'description' => $lang->prefs_and_personal_notes_description
 105      );
 106  
 107      $page->output_nav_tabs($sub_tabs, 'preferences');
 108  
 109      $query = $db->simple_select("adminoptions", "notes, cpstyle, cplanguage, codepress, authsecret", "uid='".$mybb->user['uid']."'", array('limit' => 1));
 110      $admin_options = $db->fetch_array($query);
 111  
 112      $form = new Form("index.php?module=home-preferences", "post");
 113      $dir = @opendir(MYBB_ADMIN_DIR."/styles");
 114  
 115      $folders = array();
 116      while($folder = readdir($dir))
 117      {
 118          if($folder != "." && $folder != ".." && @file_exists(MYBB_ADMIN_DIR."/styles/$folder/main.css"))
 119          {
 120              $folders[$folder] = ucfirst($folder);
 121          }
 122      }
 123      closedir($dir);
 124      ksort($folders);
 125      $styles = array_merge(array('' => $lang->use_default), $folders);
 126      $setting_code = $form->generate_select_box("cpstyle", $styles, $admin_options['cpstyle']);
 127  
 128      $languages = array_merge(array('' => $lang->use_default), $lang->get_languages(1));
 129      $language_code = $form->generate_select_box("cplanguage", $languages, $admin_options['cplanguage']);
 130  
 131      $form_container = new FormContainer($lang->preferences);
 132      $form_container->output_row_header($lang->global_preferences);    
 133      $form_container->output_row($lang->acp_theme, $lang->select_acp_theme, $setting_code);
 134      $form_container->output_row($lang->acp_language, $lang->select_acp_language, $language_code);
 135      $form_container->output_row($lang->codemirror, $lang->use_codemirror_desc, $form->generate_on_off_radio('codepress', $admin_options['codepress']));
 136      
 137      // If 2FA is enabled we need to display a link to the recovery codes page
 138      if(!empty($admin_options['authsecret']))
 139      {
 140          $lang->use_2fa_desc .= "<br />".$lang->recovery_codes_desc." ".$lang->recovery_codes_warning;
 141      }    
 142      $form_container->output_row($lang->my2fa, $lang->use_2fa_desc, $form->generate_on_off_radio('2fa', (int)!empty($admin_options['authsecret'])));
 143      
 144      if(!empty($admin_options['authsecret']))
 145      {
 146          $qr = $auth->getQRCodeGoogleUrl($mybb->user['username']."@".str_replace(" ", "", $mybb->settings['bbname']), $admin_options['authsecret']);
 147          $form_container->output_row($lang->my2fa_qr . "<br /><img src=\"{$qr}\"");
 148      }    
 149                  
 150      $form_container->end();
 151  
 152      $table = new Table;
 153  
 154      $table->construct_header($lang->notes_not_shared);
 155  
 156      $table->construct_cell($form->generate_text_area("notes", $admin_options['notes'], array('style' => 'width: 99%; height: 300px;')));
 157      $table->construct_row();
 158  
 159      $table->output($lang->personal_notes);
 160  
 161      $buttons[] = $form->generate_submit_button($lang->save_notes_and_prefs);
 162      $form->output_submit_wrapper($buttons);
 163  
 164      $form->end();
 165  
 166      $page->output_footer();
 167  }
 168  
 169  /**
 170   * Generate 10 random recovery codes, each with a length of 6 and without duplicates
 171   *
 172   * @return array
 173   */
 174  function generate_recovery_codes()
 175  {
 176      $t = array();
 177      while(count($t) < 10)
 178      {
 179          $g = random_str(6);
 180          if(!in_array($g, $t))
 181          {
 182              $t[] = $g;
 183          }
 184      }
 185      return $t;
 186  }