boinc/html/inc/account.inc

<?php
// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2018 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation,
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.

// functions related to account creation and login:
// - forms for create / login
// - function to make login token

// If have recent token, return it.
// Else make login token, store in user record, return token
//
function make_login_token($user) {
    $now = time();
    if ($now - $user->login_token_time < 86400) {
        return $user->login_token;
    }
    $token = substr(random_string(), 0, 8);
    $user->update("login_token='$token', login_token_time=$now");
    return $token;
}

// return HTML string for a checkbox for toggling password visibility
//
function passwd_visible_checkbox($name) {
    return sprintf('
<script>
function toggle_passwd() {
    var x = document.getElementById("%s");
    if (x.type === "password") {
        x.type = "text";
    } else {
        x.type = "password";
    }
}
</script>
<input type="checkbox" onclick="toggle_passwd()"><small> Show password</small>
        ', $name
    );
}

function create_account_form($teamid, $next_url) {
    global $recaptcha_public_key;
    form_input_hidden('next_url', $next_url);

    if ($teamid) {
        form_input_hidden('teamid', $teamid);
    }

    // Using invitation codes to restrict access?
    //
    if (defined('INVITE_CODES')) {
        form_input_text(
            sprintf('<span title="%s">%s</span>',
                tra("An invitation code is required to create an account."),
                tra("Invitation code")
            ),
            "invite_code"
        );
    }

    form_input_text(
        sprintf('<span title="%s">%s</span>',
            tra("Identifies you on our web site. Use your real name or a nickname."),
            tra("Screen name")
        ),
        "new_name"
    );
    form_input_text(
        sprintf('<span title="%s">%s</span>',
            tra("Must be a valid address of the form 'name@domain'."),
            tra("Email address")
        ),
        "new_email_addr"
    );
    $min_passwd_length = parse_element(get_config(), "<min_passwd_length>");
    if (!$min_passwd_length) {
        $min_passwd_length = 6;
    }

    form_input_text(
        sprintf('<span title="%s">%s</span>',
            tra("Must be at least %1 characters", $min_passwd_length),
            tra("Password")
        ),
        "passwd", "", "password"
    );
    form_input_text(tra("Confirm password"), "passwd2", "", "password");
    form_select(
        sprintf('<span title="%s">%s</span>',
            tra("Select the country you want to represent, if any."),
            tra("Country")
        ),
        "country",
        country_select_options()
    );
    if (POSTAL_CODE) {
        form_input_text(
            tra("Postal or ZIP Code")."<br><small>".tra("Optional")."</small>",
            "postal_code"
        );
    }
}

function login_form($next_url) {
    form_start(secure_url_base()."/login_action.php", "post");
    form_input_hidden("next_url", $next_url);
    if (LDAP_HOST) {
        $x = "Email address or LDAP user name:";
    } else {
        $x = tra("Email address:");
    }
    form_input_text($x, "email_addr");
    form_input_text(
        tra("Password:").'<br><small><a href="get_passwd.php">' . tra("forgot password?") . "</a></small>",
        "passwd",
        "",
        "password",
        'id="passwd"',
        passwd_visible_checkbox("passwd")
    );
    form_checkboxes(tra("Stay logged in"),
        array(array("stay_logged_in", "", true))
    );
    form_submit("Log in");
    form_end();
}

?>
web: fix PHP errors on empty team search; when delete spam team, delete user too 2015-01-09 18:54:05 +00:00			`<?php`
			`// This file is part of BOINC.`
			`// http://boinc.berkeley.edu`
web: add "show password" checkbox to login form 2018-02-28 00:56:59 +00:00			`// Copyright (C) 2018 University of California`
web: fix PHP errors on empty team search; when delete spam team, delete user too 2015-01-09 18:54:05 +00:00			`//`
			`// BOINC is free software; you can redistribute it and/or modify it`
			`// under the terms of the GNU Lesser General Public License`
			`// as published by the Free Software Foundation,`
			`// either version 3 of the License, or (at your option) any later version.`
			`//`
			`// BOINC is distributed in the hope that it will be useful,`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.`
			`// See the GNU Lesser General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Lesser General Public License`
			`// along with BOINC. If not, see <http://www.gnu.org/licenses/>.`

Add server-side support for simplified register/download/attach Add the server parts of the scheme described here: https://boinc.berkeley.edu/trac/wiki/SimpleAttach This includes: - add login_token table and function for creating login tokens - add Web RPC login_token_lookup.php for mapping token to auth - change concierge protocol to take project ID and login token - update download.php so that it gets client version info from versions.xml (from BOINC web site) and displays buttons with OS name, versions and file sizes like on the BOINC download page - make "register.php" work I've tested this all the way through downloading the installer file with the augmented name. Changes to the installer and client are needed to complete the system. 2017-10-31 04:38:07 +00:00			`// functions related to account creation and login:`
			`// - forms for create / login`
			`// - function to make login token`

web: in download.php, use current login token if recent Generate a new login token only if the current one is older than a day. That way if a user does several downloads in quick succession (for whatever reason) autoattach will work with all of them. 2018-03-01 00:27:00 +00:00			`// If have recent token, return it.`
			`// Else make login token, store in user record, return token`
Add server-side support for simplified register/download/attach Add the server parts of the scheme described here: https://boinc.berkeley.edu/trac/wiki/SimpleAttach This includes: - add login_token table and function for creating login tokens - add Web RPC login_token_lookup.php for mapping token to auth - change concierge protocol to take project ID and login token - update download.php so that it gets client version info from versions.xml (from BOINC web site) and displays buttons with OS name, versions and file sizes like on the BOINC download page - make "register.php" work I've tested this all the way through downloading the installer file with the augmented name. Changes to the installer and client are needed to complete the system. 2017-10-31 04:38:07 +00:00			`//`
			`function make_login_token($user) {`
			`$now = time();`
web: in download.php, use current login token if recent Generate a new login token only if the current one is older than a day. That way if a user does several downloads in quick succession (for whatever reason) autoattach will work with all of them. 2018-03-01 00:27:00 +00:00			`if ($now - $user->login_token_time < 86400) {`
			`return $user->login_token;`
			`}`
			`$token = substr(random_string(), 0, 8);`
Time out login tokens after 1 day Also add user_id arg to login_token_lookup RPC, so we don't need to index user.login_token. Pass user_id to concierge. 2017-11-03 20:07:51 +00:00			`$user->update("login_token='$token', login_token_time=$now");`
Add server-side support for simplified register/download/attach Add the server parts of the scheme described here: https://boinc.berkeley.edu/trac/wiki/SimpleAttach This includes: - add login_token table and function for creating login tokens - add Web RPC login_token_lookup.php for mapping token to auth - change concierge protocol to take project ID and login token - update download.php so that it gets client version info from versions.xml (from BOINC web site) and displays buttons with OS name, versions and file sizes like on the BOINC download page - make "register.php" work I've tested this all the way through downloading the installer file with the augmented name. Changes to the installer and client are needed to complete the system. 2017-10-31 04:38:07 +00:00			`return $token;`
			`}`
web: preliminary support for simplified attach See http://boinc.berkeley.edu/trac/wiki/SimpleAttach 2015-01-14 17:19:11 +00:00
Add support for "visible password" checkbox - make redundant password and country optional in create account. - fix appearance of form items - remove unused code 2018-01-08 08:35:53 +00:00			`// return HTML string for a checkbox for toggling password visibility`
			`//`
			`function passwd_visible_checkbox($name) {`
			`return sprintf('`
			`<script>`
			`function toggle_passwd() {`
			`var x = document.getElementById("%s");`
			`if (x.type === "password") {`
			`x.type = "text";`
			`} else {`
			`x.type = "password";`
			`}`
			`}`
			`</script>`
			`<input type="checkbox" onclick="toggle_passwd()"><small> Show password</small>`
			`', $name`
			`);`
			`}`

web: fix PHP errors on empty team search; when delete spam team, delete user too 2015-01-09 18:54:05 +00:00			`function create_account_form($teamid, $next_url) {`
web: try to get Recaptcha working on IE 2017-02-02 06:13:21 +00:00			`global $recaptcha_public_key;`
web: encapsulate PHP In bootstrap.inc there are some functions for creating forms. They conceal Bootstrap (and HTML itself) from the caller. I changed a couple of forms (edit user into and create account) to use this API. There are many other forms that we could change as well. This is how I'd like the PHP code to evolve: encapsulate HTML in utility functions. We have this for tables, forms, and header/footer. Also finish the NO_COMPUTING changes. 2017-06-20 07:38:11 +00:00			`form_input_hidden('next_url', $next_url);`
web: fix PHP errors on empty team search; when delete spam team, delete user too 2015-01-09 18:54:05 +00:00
			`if ($teamid) {`
web: encapsulate PHP In bootstrap.inc there are some functions for creating forms. They conceal Bootstrap (and HTML itself) from the caller. I changed a couple of forms (edit user into and create account) to use this API. There are many other forms that we could change as well. This is how I'd like the PHP code to evolve: encapsulate HTML in utility functions. We have this for tables, forms, and header/footer. Also finish the NO_COMPUTING changes. 2017-06-20 07:38:11 +00:00			`form_input_hidden('teamid', $teamid);`
web: fix PHP errors on empty team search; when delete spam team, delete user too 2015-01-09 18:54:05 +00:00			`}`

			`// Using invitation codes to restrict access?`
			`//`
			`if (defined('INVITE_CODES')) {`
web: encapsulate PHP In bootstrap.inc there are some functions for creating forms. They conceal Bootstrap (and HTML itself) from the caller. I changed a couple of forms (edit user into and create account) to use this API. There are many other forms that we could change as well. This is how I'd like the PHP code to evolve: encapsulate HTML in utility functions. We have this for tables, forms, and header/footer. Also finish the NO_COMPUTING changes. 2017-06-20 07:38:11 +00:00			`form_input_text(`
Web: change account creation page to use tooltips for details 2017-09-26 05:08:40 +00:00			`sprintf('<span title="%s">%s</span>',`
			`tra("An invitation code is required to create an account."),`
			`tra("Invitation code")`
			`),`
			`"invite_code"`
web: encapsulate PHP In bootstrap.inc there are some functions for creating forms. They conceal Bootstrap (and HTML itself) from the caller. I changed a couple of forms (edit user into and create account) to use this API. There are many other forms that we could change as well. This is how I'd like the PHP code to evolve: encapsulate HTML in utility functions. We have this for tables, forms, and header/footer. Also finish the NO_COMPUTING changes. 2017-06-20 07:38:11 +00:00			`);`
web: fix PHP errors on empty team search; when delete spam team, delete user too 2015-01-09 18:54:05 +00:00			`}`

web: encapsulate PHP In bootstrap.inc there are some functions for creating forms. They conceal Bootstrap (and HTML itself) from the caller. I changed a couple of forms (edit user into and create account) to use this API. There are many other forms that we could change as well. This is how I'd like the PHP code to evolve: encapsulate HTML in utility functions. We have this for tables, forms, and header/footer. Also finish the NO_COMPUTING changes. 2017-06-20 07:38:11 +00:00			`form_input_text(`
Web: change account creation page to use tooltips for details 2017-09-26 05:08:40 +00:00			`sprintf('<span title="%s">%s</span>',`
			`tra("Identifies you on our web site. Use your real name or a nickname."),`
			`tra("Screen name")`
			`),`
web: encapsulate PHP In bootstrap.inc there are some functions for creating forms. They conceal Bootstrap (and HTML itself) from the caller. I changed a couple of forms (edit user into and create account) to use this API. There are many other forms that we could change as well. This is how I'd like the PHP code to evolve: encapsulate HTML in utility functions. We have this for tables, forms, and header/footer. Also finish the NO_COMPUTING changes. 2017-06-20 07:38:11 +00:00			`"new_name"`
web: fix PHP errors on empty team search; when delete spam team, delete user too 2015-01-09 18:54:05 +00:00			`);`
web: encapsulate PHP In bootstrap.inc there are some functions for creating forms. They conceal Bootstrap (and HTML itself) from the caller. I changed a couple of forms (edit user into and create account) to use this API. There are many other forms that we could change as well. This is how I'd like the PHP code to evolve: encapsulate HTML in utility functions. We have this for tables, forms, and header/footer. Also finish the NO_COMPUTING changes. 2017-06-20 07:38:11 +00:00			`form_input_text(`
Web: change account creation page to use tooltips for details 2017-09-26 05:08:40 +00:00			`sprintf('<span title="%s">%s</span>',`
			`tra("Must be a valid address of the form 'name@domain'."),`
			`tra("Email address")`
			`),`
web: encapsulate PHP In bootstrap.inc there are some functions for creating forms. They conceal Bootstrap (and HTML itself) from the caller. I changed a couple of forms (edit user into and create account) to use this API. There are many other forms that we could change as well. This is how I'd like the PHP code to evolve: encapsulate HTML in utility functions. We have this for tables, forms, and header/footer. Also finish the NO_COMPUTING changes. 2017-06-20 07:38:11 +00:00			`"new_email_addr"`
web: fix PHP errors on empty team search; when delete spam team, delete user too 2015-01-09 18:54:05 +00:00			`);`
			`$min_passwd_length = parse_element(get_config(), "<min_passwd_length>");`
			`if (!$min_passwd_length) {`
			`$min_passwd_length = 6;`
			`}`

web: encapsulate PHP In bootstrap.inc there are some functions for creating forms. They conceal Bootstrap (and HTML itself) from the caller. I changed a couple of forms (edit user into and create account) to use this API. There are many other forms that we could change as well. This is how I'd like the PHP code to evolve: encapsulate HTML in utility functions. We have this for tables, forms, and header/footer. Also finish the NO_COMPUTING changes. 2017-06-20 07:38:11 +00:00			`form_input_text(`
Web: change account creation page to use tooltips for details 2017-09-26 05:08:40 +00:00			`sprintf('<span title="%s">%s</span>',`
			`tra("Must be at least %1 characters", $min_passwd_length),`
			`tra("Password")`
			`),`
web: encapsulate PHP In bootstrap.inc there are some functions for creating forms. They conceal Bootstrap (and HTML itself) from the caller. I changed a couple of forms (edit user into and create account) to use this API. There are many other forms that we could change as well. This is how I'd like the PHP code to evolve: encapsulate HTML in utility functions. We have this for tables, forms, and header/footer. Also finish the NO_COMPUTING changes. 2017-06-20 07:38:11 +00:00			`"passwd", "", "password"`
web: fix PHP errors on empty team search; when delete spam team, delete user too 2015-01-09 18:54:05 +00:00			`);`
web: encapsulate PHP In bootstrap.inc there are some functions for creating forms. They conceal Bootstrap (and HTML itself) from the caller. I changed a couple of forms (edit user into and create account) to use this API. There are many other forms that we could change as well. This is how I'd like the PHP code to evolve: encapsulate HTML in utility functions. We have this for tables, forms, and header/footer. Also finish the NO_COMPUTING changes. 2017-06-20 07:38:11 +00:00			`form_input_text(tra("Confirm password"), "passwd2", "", "password");`
			`form_select(`
Web: change account creation page to use tooltips for details 2017-09-26 05:08:40 +00:00			`sprintf('<span title="%s">%s</span>',`
			`tra("Select the country you want to represent, if any."),`
			`tra("Country")`
			`),`
web: encapsulate PHP In bootstrap.inc there are some functions for creating forms. They conceal Bootstrap (and HTML itself) from the caller. I changed a couple of forms (edit user into and create account) to use this API. There are many other forms that we could change as well. This is how I'd like the PHP code to evolve: encapsulate HTML in utility functions. We have this for tables, forms, and header/footer. Also finish the NO_COMPUTING changes. 2017-06-20 07:38:11 +00:00			`"country",`
			`country_select_options()`
web: fix PHP errors on empty team search; when delete spam team, delete user too 2015-01-09 18:54:05 +00:00			`);`
Web: don't request postal code by default We were asking for postal code (optional) on registration. The purpose was to let projects study the geographical distribution of their volunteers. But AFAIK no one ever did this, and some volunteers have said (understandably, I think) that asking for postal code seems like an invasion of privacy. So I conditioned the postal-code code on a boolean constant POSTAL_CODE. If you put define('POSTAL_CODE', true); in your html/project/project.inc, you'll get the old behavior. Otherwise users won't see postal-code related stuff any more. 2017-06-05 21:26:42 +00:00			`if (POSTAL_CODE) {`
web: encapsulate PHP In bootstrap.inc there are some functions for creating forms. They conceal Bootstrap (and HTML itself) from the caller. I changed a couple of forms (edit user into and create account) to use this API. There are many other forms that we could change as well. This is how I'd like the PHP code to evolve: encapsulate HTML in utility functions. We have this for tables, forms, and header/footer. Also finish the NO_COMPUTING changes. 2017-06-20 07:38:11 +00:00			`form_input_text(`
web: make some strings translatable Also: on default home page, don't show the big green Join button if the user is logged in; they're presumably running BOINC on at least one computer. However, in this case put a Join item in the Project menu in case this is a new computer and they forgot where to download from. 2016-11-29 08:34:26 +00:00			`tra("Postal or ZIP Code")."<br><small>".tra("Optional")."</small>",`
web: encapsulate PHP In bootstrap.inc there are some functions for creating forms. They conceal Bootstrap (and HTML itself) from the caller. I changed a couple of forms (edit user into and create account) to use this API. There are many other forms that we could change as well. This is how I'd like the PHP code to evolve: encapsulate HTML in utility functions. We have this for tables, forms, and header/footer. Also finish the NO_COMPUTING changes. 2017-06-20 07:38:11 +00:00			`"postal_code"`
web: preliminary support for simplified attach See http://boinc.berkeley.edu/trac/wiki/SimpleAttach 2015-01-14 17:19:11 +00:00			`);`
			`}`
web: fix PHP errors on empty team search; when delete spam team, delete user too 2015-01-09 18:54:05 +00:00			`}`

			`function login_form($next_url) {`
web: improve password reset form - call it "Reset password" - move authenticator-based login to a new file, login_auth.php This is intended for admins, not users - Use bootstrap forms 2017-11-21 23:32:42 +00:00			`form_start(secure_url_base()."/login_action.php", "post");`
			`form_input_hidden("next_url", $next_url);`
web: fix PHP errors on empty team search; when delete spam team, delete user too 2015-01-09 18:54:05 +00:00			`if (LDAP_HOST) {`
			`$x = "Email address or LDAP user name:";`
			`} else {`
			`$x = tra("Email address:");`
			`}`
web: improve password reset form - call it "Reset password" - move authenticator-based login to a new file, login_auth.php This is intended for admins, not users - Use bootstrap forms 2017-11-21 23:32:42 +00:00			`form_input_text($x, "email_addr");`
			`form_input_text(`
			`tra("Password:").'<br><small><a href="get_passwd.php">' . tra("forgot password?") . "</a></small>",`
			`"passwd",`
			`"",`
web: add "show password" checkbox to login form 2018-02-28 00:56:59 +00:00			`"password",`
			`'id="passwd"',`
			`passwd_visible_checkbox("passwd")`
web: fix PHP errors on empty team search; when delete spam team, delete user too 2015-01-09 18:54:05 +00:00			`);`
web: change form_checkboxes() so you can specify the state of each one 2018-01-06 09:07:27 +00:00			`form_checkboxes(tra("Stay logged in"),`
			`array(array("stay_logged_in", "", true))`
			`);`
web: improve password reset form - call it "Reset password" - move authenticator-based login to a new file, login_auth.php This is intended for admins, not users - Use bootstrap forms 2017-11-21 23:32:42 +00:00			`form_submit("Log in");`
			`form_end();`
web: fix PHP errors on empty team search; when delete spam team, delete user too 2015-01-09 18:54:05 +00:00			`}`

			`?>`