<?php
/**
* SeekQuarry/Yioop --
* Open Source Pure PHP Search Engine, Crawler, and Indexer
*
* Copyright (C) 2009 - 2026 Chris Pollett chris@pollett.org
*
* LICENSE:
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* END LICENSE
*
* @author Chris Pollett chris@pollett.org
* @license https://www.gnu.org/licenses/ GPL3
* @link https://www.seekquarry.com/
* @copyright 2009 - 2026
* @filesource
*/
namespace seekquarry\yioop\views;
use seekquarry\yioop as B;
use seekquarry\yioop\configs as C;
/**
* This View is responsible for drawing the sign-in
* screen for the admin panel of the Seek Quarry app
*
* @author Chris Pollett
*/
class SigninView extends View
{
/** This view is drawn on a web layout
* @var string
*/
public $layout = "web";
/**
* Draws the sign-in web page.
*
* @param array $data contains the anti CSRF token
* the view
*/
public function renderView($data)
{
if (!empty($data['SIGNIN_CODE'])) {
$this->renderSigninCode($data);
return;
}
$logged_in = isset($data['ADMIN']) && $data['ADMIN'];
$logo_field = "LOGO_LARGE";
$logo = C\SHORT_BASE_URL . C\p('LOGO_LARGE');
$user_value = isset($_SESSION["USER_NAME"]) &&
isset($_SESSION['USER_ID']) ? " value='{$_SESSION["USER_NAME"]}' " :
"";
if ($_SERVER["MOBILE"]) {
$logo_field = "LOGO_SMALL";
$logo = C\SHORT_BASE_URL . C\p('LOGO_SMALL');
}
$logo = $this->helper("logo")->render($data,
$logo_field, $logo);?>
<div class="landing non-search">
<h1 class="logo"><a href="<?=C\SHORT_BASE_URL ?><?php if ($logged_in) {
e('?' . C\p('CSRF_TOKEN') . "=" . $data[C\p('CSRF_TOKEN')]);
}?>"><img src="<?=$logo ?>" alt="<?= $this->logo_alt_text
?>" ></a><span> - <?=tl('signin_view_signin') ?></span></h1>
<form method="post">
<div class="login">
<table>
<tr>
<td class="table-label" ><b><label for="username"><?=
tl('signin_view_username') ?></label>:</b></td><td
class="table-input"><input id="username" type="text"
class="narrow-field" maxlength="<?= C\NAME_LEN
?>" name="u" <?=$user_value ?> autocapitalize="none" >
</td><td></td></tr>
<tr>
<td class="table-label" ><b><label for="password"><?=
tl('signin_view_password') ?></label>:</b></td><td
class="table-input"><input id="password" type="password"
class="narrow-field" maxlength="<?= C\LONG_NAME_LEN
?>" name="p" ></td>
<td><input type="hidden" name="<?= C\p('CSRF_TOKEN') ?>"
id="CSRF-TOKEN" value="<?= $data[C\p('CSRF_TOKEN')] ?>" >
<input type="hidden" name="c" value="admin" >
<input type="hidden" name="cookieconsent" value="true" >
</td>
</tr><?php
$border_top = "";
if (isset($_SERVER["COOKIE_CONSENT"]) &&
!$_SERVER["COOKIE_CONSENT"]) {
$border_top = " border-top "; ?>
<tr>
<td> </td>
<td class="table-input <?=$border_top ?> narrow-field" ><?=
tl('signin_view_privacy_i_agree') ?>
<a href="<?php e(C\SHORT_BASE_URL);
?>terms.php"><?= tl('signin_view_terms')
?></a>
<?php e(tl('signin_view_and')); ?>
<a href="<?php e(C\SHORT_BASE_URL);
?>privacy.php"><?= tl('signin_view_privacy')
?></a><?= tl('signin_view_period') ?>
</td>
</tr><?php
} ?>
<tr><td> </td><td class="<?= $border_top; ?>">
<button type="submit" ><?=tl('signin_view_signin') ?></button>
</td><td> </td></tr>
</table>
</div>
</form>
<div class="signin-exit">
<ul>
<?php
if (in_array(C\p('REGISTRATION_TYPE'), ['no_activation',
'email_registration', 'admin_activation'])) {
if (C\p('RECOVERY_MODE') != C\NO_RECOVERY) {
?>
<li><a href="<?=B\controllerUrl('register', true)
?>a=recoverPassword<?php
if ($logged_in) {
e('&'.C\p('CSRF_TOKEN')."=".
$data[C\p('CSRF_TOKEN')]);
} ?>" ><?=tl('signin_view_recover_password') ?></a></li>
<?php
}
?>
<li><a href="<?=B\controllerUrl('register', true)
?>a=signinCode<?php
if ($logged_in) {
e('&'.C\p('CSRF_TOKEN')."=".
$data[C\p('CSRF_TOKEN')]);
} ?>" ><?=tl('signin_view_email_code') ?></a></li>
<li><a href="<?=B\controllerUrl('register', true)
?>a=createAccount<?php
if ($logged_in) {
e('&'.C\p('CSRF_TOKEN')."=".
$data[C\p('CSRF_TOKEN')]);
}?>"><?=tl('signin_view_create_account') ?></a></li>
<li><a href="<?=B\controllerUrl('register', true)
?>a=resendRegistration<?php
if ($logged_in) {
e('&'.C\p('CSRF_TOKEN')."=".
$data[C\p('CSRF_TOKEN')]);
}?>"><?=tl('signin_view_resend_activation')?></a></li>
<?php
}
?>
<li><a href="."><?=tl('signin_view_return') ?></a></li>
</ul>
</div>
</div>
<div class='landing-spacer'></div>
<?php
}
/**
* Draws the "email me a sign-in code" screens shown in place of the
* normal sign-in form. The first screen asks for a username (with the
* proof-of-work check) so a one-time code can be mailed out; the
* second asks the member to type the code they received. The button
* in the email skips the second screen and signs the member in
* directly. Which screen is drawn is decided by the SIGNIN_CODE flag.
*
* @param array $data holds the anti-CSRF token, any username already
* typed, and the SIGNIN_CODE flag saying which screen to draw
*/
public function renderSigninCode($data)
{
$logo_field = "LOGO_LARGE";
$logo = C\SHORT_BASE_URL . C\p('LOGO_LARGE');
if ($_SERVER["MOBILE"]) {
$logo_field = "LOGO_SMALL";
$logo = C\SHORT_BASE_URL . C\p('LOGO_SMALL');
}
$logo = $this->helper("logo")->render($data, $logo_field, $logo);
$verify = isset($data['SIGNIN_CODE']) &&
$data['SIGNIN_CODE'] == "verify";
$title = tl('signin_view_signin');
if ($verify) {
$activity = "signinCodeComplete";
$submit_label = tl('signin_view_signin');
} else {
$activity = "processSigninData";
$submit_label = tl('signin_view_email_code_request_button');
}
$user_value = isset($data['USER']) ? $data['USER'] : "";
?>
<div class="landing non-search">
<h1 class="logo"><a href="<?=C\SHORT_BASE_URL ?>"><img
src="<?=$logo ?>" alt="<?= $this->logo_alt_text ?>" ></a><span>
- <?= $title ?></span></h1>
<form method="post">
<input type="hidden" name="c" value="register" >
<input type="hidden" name="a" value="<?= $activity ?>" >
<input type="hidden" name="cookieconsent" value="true" >
<?php if (!$verify && isset($_SESSION["random_string"])) { ?>
<input type='hidden' name='nonce_for_string'
id='nonce_for_string' >
<input type='hidden' name='random_string' id='random_string'
value='<?= $_SESSION["random_string"] ?>' >
<input type='hidden' name='time' id='time'
value='<?= $_SESSION["request_time"] ?>' >
<input type='hidden' name='level' id='level'
value='<?= $_SESSION["level"] ?>' >
<?php } ?>
<div class="login">
<table>
<?php if ($verify) { ?>
<tr>
<td class="table-label" ><b><label for="code"><?=
tl('signin_view_email_code_label') ?></label>:</b></td>
<td class="table-input"><input id="code" type="text"
class="narrow-field" maxlength="<?= C\SIGNIN_CODE_LENGTH
?>" name="code" autocapitalize="characters"
autocomplete="off" ></td><td></td></tr>
<?php } else { ?>
<tr>
<td class="table-label" ><b><label for="username"><?=
tl('signin_view_username') ?></label>:</b></td>
<td class="table-input"><input id="username" type="text"
class="narrow-field" maxlength="<?= C\NAME_LEN
?>" name="user" autocapitalize="none" autocomplete="off"
value="<?= $user_value ?>" ></td><td></td></tr>
<?php } ?>
<tr><td> </td><td class="table-input">
<input type="hidden" name="<?= C\p('CSRF_TOKEN') ?>"
value="<?= $data[C\p('CSRF_TOKEN')] ?>" >
<button type="submit"><?= $submit_label ?></button>
</td><td></td></tr>
</table>
</div>
</form>
<div class="signin-exit">
<ul>
<li><a href="."><?= tl('signin_view_return') ?></a></li>
</ul>
</div>
</div>
<div class='landing-spacer'></div>
<?php if (!$verify && isset($_SESSION["random_string"])) { ?>
<script>
document.addEventListener('DOMContentLoaded', function() {
var body = tag(body);
body.onload = findNonce('nonce_for_string', 'random_string'
, 'time', 'level');
}, false);
</script>
<?php
}
}
}