/ src / views / SigninView.php
<?php
/**
 * SeekQuarry/Yioop --
 * Open Source Pure PHP Search Engine, Crawler, and Indexer
 *
 * Copyright (C) 2009 - 2026  Chris Pollett chris@pollett.org
 *
 * LICENSE:
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 *
 * END LICENSE
 *
 * @author Chris Pollett chris@pollett.org
 * @license https://www.gnu.org/licenses/ GPL3
 * @link https://www.seekquarry.com/
 * @copyright 2009 - 2026
 * @filesource
 */
namespace seekquarry\yioop\views;

use seekquarry\yioop as B;
use seekquarry\yioop\configs as C;

/**
 * This View is responsible for drawing the sign-in
 * screen for the admin panel of the Seek Quarry app
 *
 * @author Chris Pollett
 */
class SigninView extends View
{
    /** This view is drawn on a web layout
     * @var string
     */
    public $layout = "web";
    /**
     * Draws the sign-in web page.
     *
     * @param array $data  contains the anti CSRF token
     * the view
     */
    public function renderView($data)
    {
        if (!empty($data['SIGNIN_CODE'])) {
            $this->renderSigninCode($data);
            return;
        }
        $logged_in = isset($data['ADMIN']) && $data['ADMIN'];
        $logo_field = "LOGO_LARGE";
        $logo = C\SHORT_BASE_URL . C\p('LOGO_LARGE');
        $user_value = isset($_SESSION["USER_NAME"]) &&
            isset($_SESSION['USER_ID']) ? " value='{$_SESSION["USER_NAME"]}' " :
            "";
        if ($_SERVER["MOBILE"]) {
            $logo_field = "LOGO_SMALL";
            $logo = C\SHORT_BASE_URL . C\p('LOGO_SMALL');
        }
        $logo = $this->helper("logo")->render($data,
            $logo_field, $logo);?>
        <div class="landing non-search">
        <h1 class="logo"><a href="<?=C\SHORT_BASE_URL ?><?php if ($logged_in) {
                e('?' . C\p('CSRF_TOKEN') . "=" . $data[C\p('CSRF_TOKEN')]);
            }?>"><img src="<?=$logo ?>" alt="<?= $this->logo_alt_text
            ?>" ></a><span> - <?=tl('signin_view_signin') ?></span></h1>
        <form method="post">
        <div class="login">
            <table>
            <tr>
            <td class="table-label" ><b><label for="username"><?=
                tl('signin_view_username') ?></label>:</b></td><td
                    class="table-input"><input id="username" type="text"
                    class="narrow-field" maxlength="<?= C\NAME_LEN
                    ?>" name="u" <?=$user_value ?> autocapitalize="none" >
            </td><td></td></tr>
            <tr>
            <td class="table-label" ><b><label for="password"><?=
                tl('signin_view_password') ?></label>:</b></td><td
                class="table-input"><input id="password" type="password"
                class="narrow-field" maxlength="<?= C\LONG_NAME_LEN
                ?>" name="p" ></td>
            <td><input type="hidden" name="<?= C\p('CSRF_TOKEN') ?>"
                    id="CSRF-TOKEN" value="<?= $data[C\p('CSRF_TOKEN')] ?>" >
                <input type="hidden" name="c" value="admin" >
                <input type="hidden" name="cookieconsent" value="true" >
            </td>
            </tr><?php
            $border_top = "";
            if (isset($_SERVER["COOKIE_CONSENT"]) &&
                !$_SERVER["COOKIE_CONSENT"]) {
                $border_top = " border-top "; ?>
                <tr>
                    <td>&nbsp;</td>
                    <td class="table-input <?=$border_top ?> narrow-field" ><?=
                        tl('signin_view_privacy_i_agree') ?>
                    <a href="<?php e(C\SHORT_BASE_URL);
                        ?>terms.php"><?= tl('signin_view_terms')
                        ?></a>
                    <?php e(tl('signin_view_and')); ?>
                    <a href="<?php e(C\SHORT_BASE_URL);
                        ?>privacy.php"><?= tl('signin_view_privacy')
                        ?></a><?= tl('signin_view_period') ?>
                    </td>
                </tr><?php
            } ?>
            <tr><td>&nbsp;</td><td class="<?= $border_top; ?>">
            <button  type="submit" ><?=tl('signin_view_signin') ?></button>
            </td><td>&nbsp;</td></tr>
            </table>
        </div>
        </form>
        <div class="signin-exit">
            <ul>
                <?php
                if (in_array(C\p('REGISTRATION_TYPE'), ['no_activation',
                    'email_registration', 'admin_activation'])) {
                    if (C\p('RECOVERY_MODE') != C\NO_RECOVERY) {
                    ?>
                    <li><a href="<?=B\controllerUrl('register', true)
                        ?>a=recoverPassword<?php
                        if ($logged_in) {
                            e('&'.C\p('CSRF_TOKEN')."=".
                                $data[C\p('CSRF_TOKEN')]);
                        } ?>" ><?=tl('signin_view_recover_password') ?></a></li>
                    <?php
                    }
                    ?>
                    <li><a href="<?=B\controllerUrl('register', true)
                        ?>a=signinCode<?php
                        if ($logged_in) {
                            e('&'.C\p('CSRF_TOKEN')."=".
                                $data[C\p('CSRF_TOKEN')]);
                        } ?>" ><?=tl('signin_view_email_code') ?></a></li>
                    <li><a href="<?=B\controllerUrl('register', true)
                        ?>a=createAccount<?php
                        if ($logged_in) {
                            e('&'.C\p('CSRF_TOKEN')."=".
                                $data[C\p('CSRF_TOKEN')]);
                        }?>"><?=tl('signin_view_create_account') ?></a></li>
                    <li><a href="<?=B\controllerUrl('register', true)
                        ?>a=resendRegistration<?php
                        if ($logged_in) {
                            e('&'.C\p('CSRF_TOKEN')."=".
                                $data[C\p('CSRF_TOKEN')]);
                        }?>"><?=tl('signin_view_resend_activation')?></a></li>
                <?php
                }
            ?>
                <li><a href="."><?=tl('signin_view_return') ?></a></li>
            </ul>
        </div>
        </div>
        <div class='landing-spacer'></div>
        <?php
    }
    /**
     * Draws the "email me a sign-in code" screens shown in place of the
     * normal sign-in form. The first screen asks for a username (with the
     * proof-of-work check) so a one-time code can be mailed out; the
     * second asks the member to type the code they received. The button
     * in the email skips the second screen and signs the member in
     * directly. Which screen is drawn is decided by the SIGNIN_CODE flag.
     *
     * @param array $data holds the anti-CSRF token, any username already
     *      typed, and the SIGNIN_CODE flag saying which screen to draw
     */
    public function renderSigninCode($data)
    {
        $logo_field = "LOGO_LARGE";
        $logo = C\SHORT_BASE_URL . C\p('LOGO_LARGE');
        if ($_SERVER["MOBILE"]) {
            $logo_field = "LOGO_SMALL";
            $logo = C\SHORT_BASE_URL . C\p('LOGO_SMALL');
        }
        $logo = $this->helper("logo")->render($data, $logo_field, $logo);
        $verify = isset($data['SIGNIN_CODE']) &&
            $data['SIGNIN_CODE'] == "verify";
        $title = tl('signin_view_signin');
        if ($verify) {
            $activity = "signinCodeComplete";
            $submit_label = tl('signin_view_signin');
        } else {
            $activity = "processSigninData";
            $submit_label = tl('signin_view_email_code_request_button');
        }
        $user_value = isset($data['USER']) ? $data['USER'] : "";
        ?>
        <div class="landing non-search">
        <h1 class="logo"><a href="<?=C\SHORT_BASE_URL ?>"><img
            src="<?=$logo ?>" alt="<?= $this->logo_alt_text ?>" ></a><span>
            - <?= $title ?></span></h1>
        <form method="post">
        <input type="hidden" name="c" value="register" >
        <input type="hidden" name="a" value="<?= $activity ?>" >
        <input type="hidden" name="cookieconsent" value="true" >
        <?php if (!$verify && isset($_SESSION["random_string"])) { ?>
            <input type='hidden' name='nonce_for_string'
                id='nonce_for_string' >
            <input type='hidden' name='random_string' id='random_string'
                value='<?= $_SESSION["random_string"] ?>' >
            <input type='hidden' name='time' id='time'
                value='<?= $_SESSION["request_time"] ?>' >
            <input type='hidden' name='level' id='level'
                value='<?= $_SESSION["level"] ?>' >
        <?php } ?>
        <div class="login">
            <table>
            <?php if ($verify) { ?>
                <tr>
                <td class="table-label" ><b><label for="code"><?=
                    tl('signin_view_email_code_label') ?></label>:</b></td>
                <td class="table-input"><input id="code" type="text"
                    class="narrow-field" maxlength="<?= C\SIGNIN_CODE_LENGTH
                    ?>" name="code" autocapitalize="characters"
                    autocomplete="off" ></td><td></td></tr>
            <?php } else { ?>
                <tr>
                <td class="table-label" ><b><label for="username"><?=
                    tl('signin_view_username') ?></label>:</b></td>
                <td class="table-input"><input id="username" type="text"
                    class="narrow-field" maxlength="<?= C\NAME_LEN
                    ?>" name="user" autocapitalize="none" autocomplete="off"
                    value="<?= $user_value ?>" ></td><td></td></tr>
            <?php } ?>
            <tr><td>&nbsp;</td><td class="table-input">
                <input type="hidden" name="<?= C\p('CSRF_TOKEN') ?>"
                    value="<?= $data[C\p('CSRF_TOKEN')] ?>" >
                <button type="submit"><?= $submit_label ?></button>
            </td><td></td></tr>
            </table>
        </div>
        </form>
        <div class="signin-exit">
            <ul>
            <li><a href="."><?= tl('signin_view_return') ?></a></li>
            </ul>
        </div>
        </div>
        <div class='landing-spacer'></div>
        <?php if (!$verify && isset($_SESSION["random_string"])) { ?>
        <script>
            document.addEventListener('DOMContentLoaded', function() {
            var body = tag(body);
            body.onload = findNonce('nonce_for_string', 'random_string'
                , 'time', 'level');
            }, false);
        </script>
        <?php
        }
    }
}
X