"; echo "".__('AuthAnvil Passcode','authanvil')."
"; echo ""; echo "

"; echo '' . "\n"; } /** * loginform info used in the case where no SAS URL or Site ID has been setup. */ function authanvil_loginform_sasinfomissing() { echo "

"; echo __('AuthAnvil authentication has been disabled, the AuthAnvil SAS URL or Site ID hasn\'t been set up.','authanvil'); echo "

"; } /** * Options page for editing AuthAnvil global options (SAS URL and Site ID) */ function authanvil_options_page() { ?>

"; echo " "; echo "".$errormessage.""; echo ""; } else { echo ""; echo " "; echo "".$errormessage.""; echo ""; } } } /** * Attach a AuthAnvil options page to the settings menu */ function authanvil_admin() { add_options_page('AuthAnvil', 'AuthAnvil', 8, 'authanvil', 'authanvil_options_page'); } /** * Login form handling. * Do OTP check if user has been setup to do so. * @param wordpressuser * @return loginstatus */ function authanvil_check_otp($user) { // Get user specific settings $authanvilserver =trim(get_user_option('authanvil_server',$user->ID)); // Get the global SAS URL/Site ID $authanvil_sas_url =trim(get_option('authanvil_sas_url')); $authanvil_site_id =trim(get_option('authanvil_site_id')); if (!empty($authanvilserver) && $authanvilserver!='disabled' && empty($_POST['otp'])) { $error=new WP_Error(); $error->add('empty_authanvilotp', __('ERROR: You must enter an AuthAnvil passcode to log in.','authanvil')); return $error; } $otp=trim($_POST['otp']); if ($authanvilserver=='enabled') { // is OTP valid ? if (!authanvil_verify_otp($user->user_login,$otp,$authanvil_sas_url,$authanvil_site_id)) { $error=new WP_Error(); $error->add('invalid_authanvilotp', __('ERROR: Invalid AuthAnvil Passcode.','authanvil')); return $error; } } return $user; } /** * Extend personal profile page with AuthAnvil settings. */ function authanvil_profile_personal_options() { global $user_id; $authanvilserver=get_user_option('authanvil_server',$user_id); // Only allow the user to edit their own AuthAnvil settings if they have permissions to manage users if (current_user_can( 'edit_users' )) { echo "

".__('AuthAnvil Settings','authanvil')."

"; echo ''; echo ''; PHP4_Check(false); echo ''; echo ''; echo ''; echo ''; echo '

'.__('Require Strong Authentication','authanvil').'	'; echo ' '; echo ' '.__('Yes','authanvil').' '; echo ''; echo ' '.__('No','authanvil').''; echo ' '; echo '

'; } } /** * Extend profile page with ability to enable/disable AuthAnvil authentication requirement. */ function authanvil_edit_user_profile() { global $user_id; $authanvilserver=get_user_option('authanvil_server',$user_id); echo "

".__('AuthAnvil Settings','authanvil')."

"; echo ''; echo ''; PHP4_Check(false); echo ''; echo ''; echo ''; echo ''; echo '

'.__('Require Strong Authentication','authanvil').'	'; echo ' '; echo ' '.__('Yes','authanvil').' '; echo ''; echo ' '.__('No','authanvil').''; echo ' '; echo '

'; } /** * Form handling of AuthAnvil options added to personal profile page (user editing own profile) */ function authanvil_personal_options_update() { global $user_id; // Only allow the user to edit their own AuthAnvil settings if they have permissions to manage users if (current_user_can( 'edit_users' )) { $authanvilserver =trim($_POST['authanvil_server']); update_user_option($user_id,'authanvil_server',$authanvilserver,true); } } /** * Form handling of AuthAnvil options on edit profile page (admin user editing other user) */ function authanvil_edit_user_profile_update() { global $user_id; $authanvilserver =trim($_POST['authanvil_server']); update_user_option($user_id,'authanvil_server',$authanvilserver,true); } /** * Call Authenticate at the AuthAnvil server * * @param String $user Wordpress username entered by user * @param String $otp One-time Password entered by user * @param String $authanvil_sas_url SAS URL of AuthAnvil server * @param String $authanvil_site_id Site ID of AuthAnvil server * @return Boolean Is the password OK ? */ function authanvil_verify_otp($user,$otp,$authanvil_sas_url,$authanvil_site_id){ //First, check for passcode length if (strlen($otp) < 12 || strlen($otp) > 16){ return false; } //Then, try and authenticate the user. If the authentication attempt throws an exception, then bail. try { $client = new SoapClient($authanvil_sas_url . '?wsdl'); $response = $client->Authenticate(array('Username'=> $user, 'Passcode'=> $otp, 'Tokentype'=> 1, 'SiteID'=> $authanvil_site_id)); return $response->AuthenticateResult; } catch (Exception $e){ return false; } } // Initialization and Hooks add_action('personal_options_update','authanvil_personal_options_update'); add_action('profile_personal_options','authanvil_profile_personal_options'); add_action('edit_user_profile','authanvil_edit_user_profile'); add_action('edit_user_profile_update','authanvil_edit_user_profile_update'); add_action('admin_menu','authanvil_admin'); // If the SAS URL & Site ID haven't been setup we don't enable the wp_authenticate_user filter. if (strlen(get_option('authanvil_sas_url')) && intval(trim(get_option('authanvil_site_id')))) { add_action('login_form', 'authanvil_loginform'); add_filter('wp_authenticate_user','authanvil_check_otp'); } else { add_action('login_form', 'authanvil_loginform_sasinfomissing'); } ?>