addon-ThreemaGateway.xml

<?xml version="1.0" encoding="utf-8"?>
<addon addon_id="ThreemaGateway" title="Threema Gateway (2FA)" version_string="1.0.0" version_id="1000070" url="https://github.com/rugk/xenforo-threema-gateway" install_callback_class="ThreemaGateway_Installer" install_callback_method="install" uninstall_callback_class="ThreemaGateway_Installer" uninstall_callback_method="uninstall">
  <admin_navigation/>
  <admin_permissions>
    <admin_permission admin_permission_id="threemagw_showcredits" display_order="620"/>
  </admin_permissions>
  <admin_style_properties/>
  <admin_templates>
    <template title="threemagateway_option_list_option_hidden"><![CDATA[<xen:require css="threemagateway_option_list_option_hidden.css" />

<xen:controlunit label="" class="threemagateway_option_hidden">
	<xen:include template="option_list_option_uneditable" />
</xen:controlunit>]]></template>
    <template title="threemagateway_option_list_option_hidden.css"><![CDATA[.threemagateway_option_hidden {
  display: none;
}]]></template>
    <template title="threemagw.css"><![CDATA[.threemagw_intend {
  margin-left: 15px;
}

#threemagw_auto_trigger {
  display: none;
}

#threemagw_auto_trigger_loading {
  display: block;
  height: 19px;
}

#threemagw_auto_trigger_explanation {
  padding-left: 5px;
  margin-top: -4px;
}

.inputThreemaId {
  text-transform: uppercase;
}

.threemagw_centerwrapper {
  margin: 5px;
  text-align: center;
}

.threemagw_qr {
  display: inline-block;
  background: white;
  padding: 15px
}

.threemagw_emphasized_button {
  margin: 10px
}

.threemagw_code > p {
  color: {xen:property dimmedTextColor};
  margin-bottom: 5px;
}

/* this needs to be so "overspecified" to overwrite the auto value from .textCtrl */
.threemagw_code > code.textCtrl.threemagw_given_code {
  display: inline-block;
  font-size: 18pt; /* same as titleBar > h1 title */
  color: {xen:property secondaryMedium};
  padding: 3px 6px;
  margin-bottom: 2px;
  width: auto;
}]]></template>
    <template title="threemagw_auto_trigger"><![CDATA[<xen:comment>
automatically triggers the form submission via JavaScript
</xen:comment>

<xen:if is="{$autoTrigger}">
	<xen:require css="threemagw.css" />
	<xen:require js="js/ThreemaGateway/threematfa.js" />

	<dl id="threemagw_auto_trigger" class="ctrlUnit" data-expectederror="{xen:phrase two_step_verification_value_could_not_be_confirmed}">
		<dt id="threemagw_auto_trigger_loading" class="InProgress"></dt>
		<dd id="threemagw_auto_trigger_explanation">{xen:phrase tfa_threemagw_automatically_continues}</dd>
	</dl>
</xen:if>
]]></template>
    <template title="threemagw_option_list_donate"><![CDATA[<xen:controlunit label="{$preparedOption.title}" hint="{$preparedOption.hint}">
	<xen:explain>{xen:raw $preparedOption.explain}</xen:explain>
	<xen:html>
		<p>{xen:phrase threemagw_donate_like_addon_and_support_dev}</p><br>
		
		<p>{xen:phrase threemagw_donate_consider_donating}</p>
		{xen:phrase threemagw_donate_paypal_me}:
		<a href="https://paypal.me/rugk/1" target="_blank" rel="noopener noreferrer">{xen:phrase threemagw_donate_currency, 'num=1'}</a> |
		<a href="https://paypal.me/rugk/5" target="_blank" rel="noopener noreferrer">{xen:phrase threemagw_donate_currency, 'num=5'}</a> |
		<a href="https://paypal.me/rugk/15" target="_blank" rel="noopener noreferrer">{xen:phrase threemagw_donate_currency, 'num=15'}</a> |
		<a href="https://paypal.me/rugk" target="_blank" rel="noopener noreferrer">{xen:phrase threemagw_donate_other_amount}</a>
		
		<br>
		{xen:phrase threemagw_donate_paypal}: <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=W97D7EVM95V2Q" target="_blank" rel="noopener noreferrer">{xen:phrase threemagw_donate_paypal_button_text}</a>
		
		<br>
		{xen:phrase threemagw_donate_micro_donation}: <a href="https://flattr.com/submit/auto?user_id=rugk&url=https%3A%2F%2Fgithub.com%2Frugk%2Fxenforo-threema-gateway&title=xenforo-threema-gateway%20-%20in-app&language={xen:phrase threemagw_donate_flattr_language_code}&tags=threema,2fa,security&category=software" target="_blank" rel="noopener noreferrer">{xen:phrase threemagw_donate_flattr}</a>
		
		<br>
		{xen:phrase threemagw_donate_weekly}: <a href="https://gratipay.com/XenForo-Threema-Gateway/" target="_blank" rel="noopener noreferrer">{xen:phrase threemagw_donate_gratipay}</a>
		
		<input type="hidden" name="{$listedFieldName}" value="{$preparedOption.option_id}" />
		{xen:raw $editLink}
	</xen:html>
</xen:controlunit>]]></template>
    <template title="threemagw_option_list_receivecallback"><![CDATA[<xen:require css="threemagw_option_list_receivecallback.css" />
<xen:require js="js/ThreemaGateway/options.js" />

<xen:controlunit label="{$preparedOption.title}" hint="{$preparedOption.hint}">
	<xen:explain>{xen:raw $preparedOption.explain}</xen:explain>
	<xen:html>
		<div class="threemagw_receivecallback_container">
			<span class="threemagw_receivecallback_nonedit">
				{xen:raw $formatParams.basetext}<span contentEditable="true" class="threemagw_receivecallback_input">{$preparedOption.option_value}</span><span class="threemagw_receivecallback_fakecharacter">&nbsp;</span>
			</span>
		</div>
		<input id="{$fieldPrefix}{$preparedOption.option_id}" class="threemagw_receivecallback_hiddeninput" type="hidden" name="{$fieldPrefix}[{$preparedOption.option_id}]" value="{$preparedOption.option_value}" />
				
		<xen:include template="option_list_option_editlink" />
		<input type="hidden" name="{$listedFieldName}" value="{$preparedOption.option_id}" />
		{xen:raw $editLink}
	</xen:html>
</xen:controlunit>]]></template>
    <template title="threemagw_option_list_receivecallback.css"><![CDATA[.threemagw_receivecallback_container {
  word-break: break-all;
}

.threemagw_receivecallback_nonedit {
  
}

.threemagw_receivecallback_input{
  margin-left: -1px;
  border: 1px dashed;
  border-color: rgba(255, 255, 255, 0);
}

.threemagw_receivecallback_input:hover,
.threemagw_receivecallback_input:active,
.threemagw_receivecallback_input:focus{
  color: {xen:property primaryDarker};
  background-color: {xen:property textCtrlBackground};
  border-color: {xen:property primaryDarker};
}

.threemagw_receivecallback_input:focus{
  background-color: {xen:property inlineMod};
}


/* This space gets hidden and is a hack to make the string better selectable */
.threemagw_receivecallback_fakecharacter {
  opacity: 0;
}]]></template>
    <template title="threemagw_option_list_static_explain"><![CDATA[<xen:controlunit label="{$preparedOption.title}" hint="{$preparedOption.hint}">
	<xen:explain></xen:explain>
	<xen:html>
		<p class="dimmed">{xen:raw $preparedOption.explain}</p>
		
		<input type="hidden" name="{$listedFieldName}" value="{$preparedOption.option_id}" />
		{xen:raw $editLink}
	</xen:html>
</xen:controlunit>]]></template>
    <template title="threemagw_option_list_status"><![CDATA[<xen:require css="threemagw_option_list_status.css" />

<xen:controlunit label="{$preparedOption.title}" hint="{$preparedOption.hint}">
	<xen:explain>{xen:raw $preparedOption.explain}</xen:explain>
	<xen:html>
		<p>{xen:raw $status.libsodium.text} <span class="explain addnote">{xen:raw $status.libsodium.addition}</span></p>
		<p class="explain {$status.libsodium.descclass}">{xen:raw $status.libsodium.descr}</p>

		<p>{xen:raw $status.libsodiumphp.text} <span class="explain addnote">{xen:raw $status.libsodiumphp.addition}</span></p>
		<p class="explain {$status.libsodiumphp.descclass}">{xen:raw $status.libsodiumphp.descr}</p>

		<p>{xen:raw $status.phpsdk.text} <span class="explain addnote">{xen:raw $status.phpsdk.addition}</span></p>
		<p class="explain {$status.phpsdk.descclass}">{xen:raw $status.phpsdk.descr}</p>

		<p>{xen:raw $status.credits.text} <span class="explain addnote">{xen:raw $status.credits.addition}</span></p>
		<p class="explain {$status.credits.descclass}">{xen:raw $status.credits.descr}</p>

		<xen:if is="{$extraError}">
			<xen:foreach loop="$extraError" value="$error" i="$i">
				<br />
				<p class="<xen:if is="{$error.descclass}">{$error.descclass}<xen:else />error</xen:if>">{xen:raw $error.text}<span class="explain addnote">{xen:raw $error.addition}</span></p>
			</xen:foreach>
		</xen:if>

		<xen:if is="!{$technSuccess}">
			<br />
			<p class="error">{xen:phrase option_threema_gateway_status_error}</p>
		</xen:if>

		<input type="hidden" name="{$listedFieldName}" value="{$preparedOption.option_id}" />
		{xen:raw $editLink}
	</xen:html>
</xen:controlunit>]]></template>
    <template title="threemagw_option_list_status.css"><![CDATA[.warning {
  color: rgb(195, 123, 0) !important;
}

.error {
  color: rgb(195, 0, 0) !important;
}

.addnote {
}]]></template>
    <template title="two_step_threemagw_conventional"><![CDATA[<p>{xen:phrase tfa_threemagw_conventional_message_has_been_send_to_x_with_code_login, 'threemaid={$data.threemaid}'}</p>

<dl class="ctrlUnit">
    <dt><label for="ctrl_threemagw_code">{xen:phrase threemagw_confirmation_code}:</label></dt>
	<dd>
        <input type="text" name="code" id="ctrl_threemagw_code" class="textCtrl" />
	</dd>
</dl>]]></template>
    <template title="two_step_threemagw_fast"><![CDATA[<p>
	{xen:phrase tfa_threemagw_fast_please_confirm_message, 'gatewayid={$gatewayid}', 'threemaid={$data.threemaid}'}
</p>

<xen:comment>
	display of validation time currently disabled as it is really high by default and displaying it would be useless
	<p>{xen:phrase tfa_threemagw_fast_validation_time, 'validationTime={$validationTime}'}</p>
</xen:comment>

<xen:include template="threemagw_auto_trigger">
	<xen:set var="$expectedError">{xen:phrase two_step_verification_value_could_not_be_confirmed}</xen:set>
	<xen:set var="$explanation">{xen:phrase tfa_threemagw_automatically_continues}</xen:set>
</xen:include>]]></template>
    <template title="two_step_threemagw_reversed"><![CDATA[<xen:require css="threemagw.css" />
<xen:require js="js/jquery/jquery.qrcode-0.12.0.min.js" />
<xen:require js="js/ThreemaGateway/threematfa.js" />

<xen:comment>main content begin</xen:comment>
<p>
	{xen:phrase tfa_threemagw_reversed_message_please_enter_code, 'gatewayid={$gatewayid}', 'threemaid={$data.threemaid}'}
</p>

<div class="threemagw_centerwrapper threemagw_code">
	{xen:phrase tfa_threemagw_reversed_show_code, 'secret={$trigger.secret}'}
</div>
<div class="threemagw_centerwrapper threemagw_send_link">
	<a class="button" href="threema://compose?text={xen:if $providerData.useNumberSmilies, $trigger.secret, $trigger.secretWithSmiley}&id={$gatewayid}" title="{xen:phrase tfa_threemagw_reversed_button_tooltip}" accesskey="c">{xen:phrase tfa_threemagw_reversed_button_text}</a>
</div>
<div class="threemagw_centerwrapper threemagw_qrcode_send">
	<span class="threemagw_createqr threemagw_qr" data-qrcode="{xen:if $providerData.useNumberSmilies, $trigger.secret, $trigger.secretWithSmiley}"></span>
</div>

<p>{xen:phrase tfa_threemagw_reversed_validation_time, 'validationTime={$validationTime}'}</p>
<xen:include template="threemagw_auto_trigger">
	<xen:set var="$expectedError">{xen:phrase two_step_verification_value_could_not_be_confirmed}</xen:set>
	<xen:set var="$explanation">{xen:phrase tfa_threemagw_automatically_continues}</xen:set>
</xen:include>]]></template>
  </admin_templates>
  <admin_template_modifications/>
  <code_events>
    <event event_id="threemagw_message_callback_postsave"><![CDATA[<p>Called when the callback receives a message. It is called after the message has benn saved in the database.</p>

<p>Callback signature:</p>
<blockquote><code><em>ThreemaGateway_Handler_Action_Callback</em> $handler, <em>Threema\MsgApi\Helpers\ReceiveMessageResult</em> $receiveResult, <em>Threema\MsgApi\Messages\ThreemaMessage</em> $threemaMsg, <em>array|string</em> &amp;$output, $messageSaved, $debugMode</code></blockquote>

<p>Arguments:</p>
<ol>
	<li><code><em>ThreemaGateway_Handler_Action_Callback</em> $handler</code> - the callback handler triggering this</li>
	<li><code><em>Threema\MsgApi\Helpers\ReceiveMessageResult</em> $receiveResult</code> - Threema PHP-SDK receive result.</li>
	<li><code><em>Threema\MsgApi\Messages\ThreemaMessage</em> $threemaMsg</code> - Threema PHP-SDK message result.</li>
	<li><code><em>array|string</em> &amp;$output</code> - The output, which is later written to log and potentially shown to Threema. Can be modified, but please only append strings. Array format: [$logType, $debugLog, $publicLog].</li>
	<li><code><em>bool</em> $messageSaved</code> - If true the message has been saved to the database.<br>
	<b>Note:</b> Even when disabled, the message ID is always saved in the database (for security reasons).</li>
	<li><code><em>bool</em> $debugMode</code> - Whether the debug mode is activated.</li>
</ol>

<p><b>Event Hint:</b> Message type ID (see <code>ThreemaGateway_Model_Messages</code>) of the message processed. As you cannot use constants here, enter the integer value here.</p>]]></event>
    <event event_id="threemagw_message_callback_presave"><![CDATA[<p>Called when the callback receives a message. It is called before the message is saved and therefore you can even prevent message savings if needed.</p>

<p><b>Note:</b> Before the message is saved in the database it is not guaranteed that replay attacks do not happen. Depending on what you do, you may consider to query the database (<code>$handler->assertNoReplayAttack($messageId)</code>) to ensure that it is not already saved.</p>

<p>Callback signature:</p>
<blockquote><code><em>ThreemaGateway_Handler_Action_Callback</em> $handler, <em>Threema\MsgApi\Helpers\ReceiveMessageResult</em> $receiveResult, <em>Threema\MsgApi\Messages\ThreemaMessage</em> $threemaMsg, <em>array|string</em> &amp;$output, &amp;$saveMessage, $debugMode</code></blockquote>

<p>Arguments:</p>
<ol>
	<li><code><em>ThreemaGateway_Handler_Action_Callback</em> $handler</code> - the callback handler triggering this</li>
	<li><code><em>Threema\MsgApi\Helpers\ReceiveMessageResult</em> $receiveResult</code> - Threema PHP-SDK receive result.</li>
	<li><code><em>Threema\MsgApi\Messages\ThreemaMessage</em> $threemaMsg</code> - Threema PHP-SDK message result.</li>
	<li><code><em>array|string</em> &amp;$output</code> - The output, which is later written to log and potentially shown to Threema. Can be modified, but please only append strings. Array format: [$logType, $debugLog, $publicLog].</li>
	<li><code><em>bool</em> &amp;$saveMessage</code> - If true the message is saved to the database (default). Can be manipulated to not save the message.<br>
	<b>Note:</b> Even when disabled, the message ID is always saved in the database (for security reasons).</li>
	<li><code><em>bool</em> $debugMode</code> - Whether the debug mode is activated.</li>
</ol>

<p><b>Event Hint:</b> Message type ID (see <code>ThreemaGateway_Model_Messages</code>) of the message processed. As you cannot use constants here, enter the integer value here.</p>]]></event>
  </code_events>
  <code_event_listeners>
    <listener event_id="file_health_check" execute_order="10" callback_class="ThreemaGateway_Listener_FileHealthCheck" callback_method="fileHealthCheck" active="1" hint="" description="Integrate add-on into health check"/>
    <listener event_id="init_dependencies" execute_order="10" callback_class="ThreemaGateway_Listener_InitDependencies" callback_method="addHelpers" active="1" hint="" description="Extend init_dependencies for template helpers"/>
    <listener event_id="load_class" execute_order="10" callback_class="ThreemaGateway_Listener_LoadClass" callback_method="extendClass" active="1" hint="XenForo_Session" description="Extend XF class loader for session"/>
    <listener event_id="load_class_controller" execute_order="10" callback_class="ThreemaGateway_Listener_LoadClassController" callback_method="extendAccountController" active="1" hint="" description="Extend XF account controller for 2FA"/>
    <listener event_id="load_class_model" execute_order="10" callback_class="ThreemaGateway_Listener_LoadClassModel" callback_method="extendClass" active="1" hint="XenForo_Model_Tfa" description="Extend XF Tfa Model"/>
    <listener event_id="threemagw_message_callback_presave" execute_order="160" callback_class="ThreemaGateway_Listener_TfaMessageCallback" callback_method="checkForReceiverCode" active="1" hint="1" description="2FA Reversed - message processing callback"/>
    <listener event_id="threemagw_message_callback_presave" execute_order="240" callback_class="ThreemaGateway_Listener_TfaMessageCallback" callback_method="checkForDeliveryReceipt" active="1" hint="128" description="2FA Fast - message processing callback"/>
  </code_event_listeners>
  <cron>
    <entry entry_id="threemagwCleanUpALog" cron_class="ThreemaGateway_CronEntry_CleanUp" cron_method="pruneOldActionLogEntries" active="1"><![CDATA[{"day_type":"dow","dow":["-1"],"hours":["-1"],"minutes":["18"]}]]></entry>
    <entry entry_id="threemagwCleanUpMsgs" cron_class="ThreemaGateway_CronEntry_CleanUp" cron_method="pruneOldDeletedMessages" active="1"><![CDATA[{"day_type":"dow","dow":["-1"],"hours":["3"],"minutes":["17"]}]]></entry>
    <entry entry_id="threemagwCleanUpTfaPend" cron_class="ThreemaGateway_CronEntry_CleanUp" cron_method="pruneExpiredTfaPendingRequests" active="1"><![CDATA[{"day_type":"dow","dow":["-1"],"hours":["-1"],"minutes":["48"]}]]></entry>
  </cron>
  <email_templates/>
  <email_template_modifications/>
  <optiongroups>
    <group group_id="threemagw" display_order="115" debug_only="0"/>
    <group group_id="threemagw_tfa" display_order="116" debug_only="0"/>
    <option option_id="threema_gateway_allow_get_receive" edit_format="callback" data_type="boolean" can_backup="1">
      <default_value>0</default_value>
      <edit_format_params>ThreemaGateway_Option_AllowGet::renderOption</edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw" display_order="770"/>
    </option>
    <option option_id="threema_gateway_donate" edit_format="template" data_type="boolean" can_backup="1">
      <default_value>1</default_value>
      <edit_format_params>threemagw_option_list_donate</edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw" display_order="10"/>
    </option>
    <option option_id="threema_gateway_downloadpath" edit_format="textbox" data_type="string" can_backup="1" validation_class="ThreemaGateway_Option_DownloadPath" validation_method="verifyOption">
      <default_value>internal_data/threemagateway/recfiles</default_value>
      <edit_format_params>placeholder=internal_data/threemagateway/recfiles</edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw" display_order="180"/>
    </option>
    <option option_id="threema_gateway_e2e" edit_format="radio" data_type="string" can_backup="1">
      <default_value></default_value>
      <edit_format_params>basic={xen:phrase option_threema_gateway_mode_basic}
e2e={xen:phrase option_threema_gateway_mode_e2e}</edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw" display_order="120"/>
    </option>
    <option option_id="threema_gateway_harden_reply_attack_protection" edit_format="onoff" data_type="boolean" can_backup="1">
      <default_value>0</default_value>
      <edit_format_params></edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw" display_order="740"/>
    </option>
    <option option_id="threema_gateway_httpshardening" edit_format="select" data_type="integer" can_backup="1">
      <default_value>1</default_value>
      <edit_format_params>0={xen:phrase option_threema_gateway_httpshardening_no}
1={xen:phrase option_threema_gateway_httpshardening_basic}
2={xen:phrase option_threema_gateway_httpshardening_enhanced}</edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw" display_order="190"/>
    </option>
    <option option_id="threema_gateway_keystorefile" edit_format="onofftextbox" data_type="array" can_backup="1" validation_class="ThreemaGateway_Option_PhpKeyStorePath" validation_method="verifyOption">
      <default_value>a:2:{s:7:"enabled";s:1:"0";s:4:"path";s:0:"";}</default_value>
      <edit_format_params>onoff=enabled
value=path
type=textbox
placeholder={xen:phrase threemagw_phpkeystore_example}</edit_format_params>
      <sub_options>enabled
path</sub_options>
      <relation group_id="threemagw" display_order="240"/>
    </option>
    <option option_id="threema_gateway_logreceivedmsgs" edit_format="callback" data_type="array" can_backup="1" validation_class="ThreemaGateway_Option_DebugModeLog" validation_method="verifyOption">
      <default_value>a:2:{s:7:"enabled";s:1:"0";s:4:"path";s:45:"internal_data/threemagateway/receivedmsgs.log";}</default_value>
      <edit_format_params>ThreemaGateway_Option_DebugModeLog::renderOption</edit_format_params>
      <sub_options>enabled
path</sub_options>
      <relation group_id="threemagw" display_order="760"/>
    </option>
    <option option_id="threema_gateway_privatekeyfile" edit_format="textbox" data_type="string" can_backup="1" validation_class="ThreemaGateway_Option_PrivateKeyPath" validation_method="verifyOption">
      <default_value></default_value>
      <edit_format_params>placeholder={xen:phrase threemagw_privatekeyfile_example}</edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw" display_order="130"/>
    </option>
    <option option_id="threema_gateway_receivecallback" edit_format="callback" data_type="string" can_backup="1" validation_class="ThreemaGateway_Option_ReceiveCallback" validation_method="verifyOption">
      <default_value></default_value>
      <edit_format_params>ThreemaGateway_Option_ReceiveCallback::renderOption</edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw" display_order="170"/>
    </option>
    <option option_id="threema_gateway_static_advanced_settings_warning" edit_format="template" data_type="boolean" can_backup="1">
      <default_value>1</default_value>
      <edit_format_params>threemagw_option_list_static_explain</edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw" display_order="701"/>
    </option>
    <option option_id="threema_gateway_status" edit_format="callback" data_type="boolean" can_backup="1">
      <default_value>1</default_value>
      <edit_format_params>ThreemaGateway_Option_Status::renderHtml</edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw" display_order="1"/>
    </option>
    <option option_id="threema_gateway_tfa_autolookupmail" edit_format="onoff" data_type="boolean" can_backup="1">
      <default_value>1</default_value>
      <edit_format_params></edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw_tfa" display_order="40"/>
    </option>
    <option option_id="threema_gateway_tfa_autolookupphone" edit_format="onofftextbox" data_type="array" can_backup="1">
      <default_value>a:2:{s:7:"enabled";s:0:"";s:9:"userfield";s:0:"";}</default_value>
      <edit_format_params>onoff=enabled
value=userfield
type=textbox
placeholder=</edit_format_params>
      <sub_options>enabled
userfield</sub_options>
      <relation group_id="threemagw_tfa" display_order="45"/>
    </option>
    <option option_id="threema_gateway_tfa_blocking_time" edit_format="spinbox" data_type="integer" can_backup="1">
      <default_value>5</default_value>
      <edit_format_params>min=1</edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw_tfa" display_order="361"/>
    </option>
    <option option_id="threema_gateway_tfa_conventional" edit_format="onoff" data_type="boolean" can_backup="1">
      <default_value>0</default_value>
      <edit_format_params></edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw_tfa" display_order="105"/>
    </option>
    <option option_id="threema_gateway_tfa_conventional_validation" edit_format="spinbox" data_type="positive_integer" can_backup="1">
      <default_value>3</default_value>
      <edit_format_params>min=1</edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw_tfa" display_order="110"/>
    </option>
    <option option_id="threema_gateway_tfa_conventional_validation_setup" edit_format="spinbox" data_type="positive_integer" can_backup="1">
      <default_value>10</default_value>
      <edit_format_params>min=1</edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw_tfa" display_order="115"/>
    </option>
    <option option_id="threema_gateway_tfa_fast" edit_format="onoff" data_type="boolean" can_backup="1">
      <default_value>0</default_value>
      <edit_format_params></edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw_tfa" display_order="305"/>
    </option>
    <option option_id="threema_gateway_tfa_fast_auto_trigger" edit_format="onoff" data_type="boolean" can_backup="1">
      <default_value>1</default_value>
      <edit_format_params></edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw_tfa" display_order="340"/>
    </option>
    <option option_id="threema_gateway_tfa_fast_block" edit_format="template" data_type="boolean" can_backup="1">
      <default_value>1</default_value>
      <edit_format_params>threemagw_option_list_static_explain</edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw_tfa" display_order="360"/>
    </option>
    <option option_id="threema_gateway_tfa_fast_show_qr_code" edit_format="onoff" data_type="boolean" can_backup="1">
      <default_value>1</default_value>
      <edit_format_params></edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw_tfa" display_order="330"/>
    </option>
    <option option_id="threema_gateway_tfa_fast_validation" edit_format="spinbox" data_type="positive_integer" can_backup="1">
      <default_value>60</default_value>
      <edit_format_params>min=1</edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw_tfa" display_order="310"/>
    </option>
    <option option_id="threema_gateway_tfa_fast_validation_setup" edit_format="spinbox" data_type="positive_integer" can_backup="1">
      <default_value>60</default_value>
      <edit_format_params>min=1</edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw_tfa" display_order="315"/>
    </option>
    <option option_id="threema_gateway_tfa_reversed" edit_format="onoff" data_type="boolean" can_backup="1">
      <default_value>0</default_value>
      <edit_format_params></edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw_tfa" display_order="205"/>
    </option>
    <option option_id="threema_gateway_tfa_reversed_auto_trigger" edit_format="onoff" data_type="boolean" can_backup="1">
      <default_value>1</default_value>
      <edit_format_params></edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw_tfa" display_order="240"/>
    </option>
    <option option_id="threema_gateway_tfa_reversed_show_qr_code" edit_format="onoff" data_type="boolean" can_backup="1">
      <default_value>1</default_value>
      <edit_format_params></edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw_tfa" display_order="230"/>
    </option>
    <option option_id="threema_gateway_tfa_reversed_validation" edit_format="spinbox" data_type="positive_integer" can_backup="1">
      <default_value>3</default_value>
      <edit_format_params>min=1</edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw_tfa" display_order="210"/>
    </option>
    <option option_id="threema_gateway_tfa_reversed_validation_setup" edit_format="spinbox" data_type="positive_integer" can_backup="1">
      <default_value>10</default_value>
      <edit_format_params>min=1</edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw_tfa" display_order="215"/>
    </option>
    <option option_id="threema_gateway_threema_id" edit_format="textbox" data_type="string" can_backup="1" validation_class="ThreemaGateway_Option_ThreemaGatewayId" validation_method="verifyOption">
      <default_value></default_value>
      <edit_format_params>placeholder = *MYAPIID</edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw" display_order="110"/>
    </option>
    <option option_id="threema_gateway_threema_id_secret" edit_format="callback" data_type="string" can_backup="1" validation_class="ThreemaGateway_Option_ThreemaGatewaySecret" validation_method="verifyOption">
      <default_value></default_value>
      <edit_format_params>ThreemaGateway_Option_ThreemaGatewaySecret::renderOption</edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw" display_order="115"/>
    </option>
    <option option_id="threema_gateway_throttle_1h" edit_format="spinbox" data_type="unsigned_integer" can_backup="1">
      <default_value>0</default_value>
      <edit_format_params></edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw" display_order="330"/>
    </option>
    <option option_id="threema_gateway_throttle_1min" edit_format="spinbox" data_type="unsigned_integer" can_backup="1">
      <default_value>4</default_value>
      <edit_format_params></edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw" display_order="305"/>
    </option>
    <option option_id="threema_gateway_throttle_5min" edit_format="spinbox" data_type="unsigned_integer" can_backup="1">
      <default_value>8</default_value>
      <edit_format_params></edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw" display_order="310"/>
    </option>
    <option option_id="threema_gateway_userfield_verifyexist" edit_format="onoff" data_type="boolean" can_backup="1">
      <default_value>0</default_value>
      <edit_format_params></edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw" display_order="220"/>
    </option>
    <option option_id="threema_gateway_usesource" edit_format="onoff" data_type="boolean" can_backup="1">
      <default_value>0</default_value>
      <edit_format_params></edit_format_params>
      <sub_options></sub_options>
      <relation group_id="threemagw" display_order="230"/>
    </option>
    <option option_id="threema_gateway_verify_receive_time" edit_format="onofftextbox" data_type="array" can_backup="1" validation_class="ThreemaGateway_Option_VerifyReceiveTime" validation_method="verifyOption">
      <default_value>a:2:{s:7:"enabled";s:1:"0";s:4:"time";s:0:"";}</default_value>
      <edit_format_params>onoff=enabled
value=time
type=textbox
placeholder=-14 days</edit_format_params>
      <sub_options>enabled
time</sub_options>
      <relation group_id="threemagw" display_order="730"/>
    </option>
  </optiongroups>
  <permissions>
    <permission_groups>
      <permission_group permission_group_id="threemagw"/>
    </permission_groups>
    <permissions>
      <permission permission_group_id="threemagw" permission_id="blockIp" permission_type="flag" depend_permission_id="tfa" default_value="unset" interface_group_id="threemagw_tfa" display_order="20"/>
      <permission permission_group_id="threemagw" permission_id="blockTfaMode" permission_type="flag" depend_permission_id="tfa" default_value="unset" interface_group_id="threemagw_tfa" display_order="10"/>
      <permission permission_group_id="threemagw" permission_id="blockUser" permission_type="flag" depend_permission_id="tfa" default_value="unset" interface_group_id="threemagw_tfa" display_order="15"/>
      <permission permission_group_id="threemagw" permission_id="blockedNotification" permission_type="flag" depend_permission_id="tfa" default_value="unset" interface_group_id="threemagw_tfa" display_order="5"/>
      <permission permission_group_id="threemagw" permission_id="fetch" permission_type="flag" depend_permission_id="use" default_value="unset" interface_group_id="threemagw" display_order="20"/>
      <permission permission_group_id="threemagw" permission_id="lookup" permission_type="flag" depend_permission_id="use" default_value="unset" interface_group_id="threemagw" display_order="30"/>
      <permission permission_group_id="threemagw" permission_id="receive" permission_type="flag" depend_permission_id="use" default_value="unset" interface_group_id="threemagw" display_order="15"/>
      <permission permission_group_id="threemagw" permission_id="send" permission_type="flag" depend_permission_id="use" default_value="unset" interface_group_id="threemagw" display_order="10"/>
      <permission permission_group_id="threemagw" permission_id="tfa" permission_type="flag" depend_permission_id="use" default_value="unset" interface_group_id="threemagw" display_order="55"/>
      <permission permission_group_id="threemagw" permission_id="use" permission_type="flag" default_value="unset" interface_group_id="threemagw" display_order="5"/>
    </permissions>
    <interface_groups>
      <interface_group interface_group_id="threemagw" display_order="305"/>
      <interface_group interface_group_id="threemagw_tfa" display_order="310"/>
    </interface_groups>
  </permissions>
  <phrases>
    <phrase title="admin_permission_threemagw_showcredits" version_id="1" version_string="0.1.0"><![CDATA[Threema Gateway: Show credits]]></phrase>
    <phrase title="cron_entry_threemagwCleanUpALog" version_id="3" version_string="0.3.0"><![CDATA[Threema Gateway: Clean up old action log entries previously used for rate-limiting]]></phrase>
    <phrase title="cron_entry_threemagwCleanUpMsgs" version_id="2" version_string="0.2.0"><![CDATA[Threema Gateway: Clean up old deleted Threema messages]]></phrase>
    <phrase title="cron_entry_threemagwCleanUpTfaPend" version_id="3" version_string="0.3.0"><![CDATA[Threema 2FA: Räume abgelaufene Pending Requests auf]]></phrase>
    <phrase title="option_group_threemagw" version_id="1" version_string="0.1"><![CDATA[Threema Gateway]]></phrase>
    <phrase title="option_group_threemagw_description" version_id="1" version_string="0.1.0"><![CDATA[Here you can configure the "core" settings of the <a href="https://gateway.threema.ch" target="_blank" rel="noopener noreferrer">Threema Gateway</a>.]]></phrase>
    <phrase title="option_group_threemagw_tfa" version_id="1" version_string="0.1.0"><![CDATA[Threema Gateway - Two-factor-authentication]]></phrase>
    <phrase title="option_group_threemagw_tfa_description" version_id="2" version_string="0.2.0"><![CDATA[Here you can configure the two-factor-authentication modes of the Threema Gateway. Please note that the general Threema Gateway settings must already be configured before.]]></phrase>
    <phrase title="option_threema_gateway_allow_get_receive" version_id="2" version_string="0.2.0"><![CDATA[Allow GET requests for incoming messages (debug mode)]]></phrase>
    <phrase title="option_threema_gateway_allow_get_receive_explain" version_id="2" version_string="0.2.0"><![CDATA[Usually the Gateway server only sends data via POST request. This option also allows GET requests, which may be useful for debugging.<br>
<b>Note:</b> For security reasons this setting is ignored when XenForo is not running in debug mode.]]></phrase>
    <phrase title="option_threema_gateway_donate" version_id="2" version_string="0.2.0"><![CDATA[Donate]]></phrase>
    <phrase title="option_threema_gateway_donate_explain" version_id="2" version_string="0.2.0"><![CDATA[As this is a non-commercial open-source project I rely on your donations. Any amount helps!<br>
Of course, you can also help in other ways such as contributing to the project on GitHub.]]></phrase>
    <phrase title="option_threema_gateway_downloadpath" version_id="1" version_string="0.1.0"><![CDATA[Download path for files]]></phrase>
    <phrase title="option_threema_gateway_downloadpath_explain" version_id="2" version_string="0.2.0"><![CDATA[This is the path where files send to your ID should be saved (in decrypted state!). When no path is given the files are not downloaded (not recommend!). The path must be relative to the XenForo root.]]></phrase>
    <phrase title="option_threema_gateway_e2e" version_id="1" version_string="0.1"><![CDATA[Operation mode]]></phrase>
    <phrase title="option_threema_gateway_e2e_explain" version_id="2" version_string="0.2.0"><![CDATA[Select the mode you chose when setting up your Threema ID. When you do not use the end-to-end encrypted mode many options may not be available.]]></phrase>
    <phrase title="option_threema_gateway_harden_reply_attack_protection" version_id="2" version_string="0.2.0"><![CDATA[Harden replay attack protection]]></phrase>
    <phrase title="option_threema_gateway_harden_reply_attack_protection_explain" version_id="2" version_string="0.2.0"><![CDATA[If you are concerned that the Threema server could maliciously re-deliver you a message, which you have already received, tick this option.
When enabled this may store more data in your database than when it is disabled.<br>
A strong replay-attack protection is always used, so it is not necessary to enable this option. More information can <a href="https://github.com/rugk/xenforo-threema-gateway/wiki/FAQ#what-are-replay-attacks-and-what-does-the-checkbox-harden-replay-attack-protection-do" target="_blank" rel="noopener noreferrer">can be found in the FAQ</a>.]]></phrase>
    <phrase title="option_threema_gateway_httpshardening" version_id="2" version_string="0.2.0"><![CDATA[Harden HTTPS connection (recommend)]]></phrase>
    <phrase title="option_threema_gateway_httpshardening_basic" version_id="1" version_string="0.1.0"><![CDATA[Basic hardening]]></phrase>
    <phrase title="option_threema_gateway_httpshardening_enhanced" version_id="1" version_string="0.1.0"><![CDATA[Enhanced hardening]]></phrase>
    <phrase title="option_threema_gateway_httpshardening_explain" version_id="1" version_string="0.1.0"><![CDATA[When sending messages this prevents fallback attacks on the TLS/HTTPS connection by limiting the TLS version and ciphers to modern ones.
You may try to set this as high as possible. If you experience problems connecting to the Threema server (e.g. when the credits are not fetched correctly) you know your limit.]]></phrase>
    <phrase title="option_threema_gateway_httpshardening_no" version_id="1" version_string="0.1.0"><![CDATA[No hardening]]></phrase>
    <phrase title="option_threema_gateway_keystorefile" version_id="1" version_string="0.1.0"><![CDATA[Use PHP Keystore (not recommend)]]></phrase>
    <phrase title="option_threema_gateway_keystorefile_explain" version_id="2" version_string="0.2.0"><![CDATA[By default the database is used to store the public keys of Threema users. When enabling this option you can specify a php file to use instead. This file <b>must already exist</b>!
Note that the file must be stored in <code>library/ThreemaGateway</code>, but you can use relative paths to change this location.]]></phrase>
    <phrase title="option_threema_gateway_logreceivedmsgs" version_id="2" version_string="0.2.0"><![CDATA[Log incoming messages (debug mode)]]></phrase>
    <phrase title="option_threema_gateway_logreceivedmsgs_explain" version_id="2" version_string="0.2.0"><![CDATA[When activated this logs all received messages to a file you specify. The path must be relative to the XenForo root.<br>
<b>Note:</b> Please only use this for temporarily for debugging purposes as it dumps secret information to your disk.<br>
When the path is publicly accessible everyone can see every incoming message!
For security reasons this setting is ignored when XenForo is not running in debug mode.]]></phrase>
    <phrase title="option_threema_gateway_mode_basic" version_id="1" version_string="0.1.0"><![CDATA[Basic mode]]></phrase>
    <phrase title="option_threema_gateway_mode_e2e" version_id="1" version_string="0.1.0"><![CDATA[End-to-end encrypted mode]]></phrase>
    <phrase title="option_threema_gateway_privatekeyfile" version_id="1" version_string="0.1.0"><![CDATA[Private key file]]></phrase>
    <phrase title="option_threema_gateway_privatekeyfile_explain" version_id="2" version_string="0.2.0"><![CDATA[If you use the end-to-end encrypted mode enter the path to your private key file here. The file must be placed in <code>library/ThreemaGateway</code>. You can however use relative paths to place it somewhere else.<br />
<a href="https://github.com/rugk/threema-msgapi-sdk-php/wiki/How-to-generate-a-new-key-pair-and-send-a-message#4-generate-a-keypair-by-running-the-tool" target="_blank" rel="noopener noreferrer">In the wiki</a> you can find an explanation how to do this. You can begin with step 4 as the msgapi tool is already included in the add-on under <code>library/ThreemaGateway/threema-msgapi-sdk-php/threema-msgapi-tool.php</code>.]]></phrase>
    <phrase title="option_threema_gateway_receivecallback" version_id="1" version_string="0.1.0"><![CDATA[Callback for Threema Gateway server]]></phrase>
    <phrase title="option_threema_gateway_receivecallback_explain" version_id="1" version_string="0.1.0"><![CDATA[Here you can find your callback URL for the Threema Gateway server, which you need for receiving messages. The access token you can change here should be a random string.
It has been randomly generated at the installation of this add-on. You can regenerate it by leaving this field empty.]]></phrase>
    <phrase title="option_threema_gateway_static_advanced_settings_warning" version_id="2" version_string="0.2.0"><![CDATA[Advanced options]]></phrase>
    <phrase title="option_threema_gateway_static_advanced_settings_warning_explain" version_id="2" version_string="0.2.0"><![CDATA[<b>Warning:</b> Below special settings for advanced users are listed! It is generally not recommend nor required to change them. <b>Only change them if you know what you are doing!</b>]]></phrase>
    <phrase title="option_threema_gateway_status" version_id="1" version_string="0.1"><![CDATA[Status]]></phrase>
    <phrase title="option_threema_gateway_status_credits" version_id="1" version_string="0.1"><![CDATA[Remaining credits: <b>{credits}</b>]]></phrase>
    <phrase title="option_threema_gateway_status_credits_error" version_id="1" version_string="0.1.0"><![CDATA[There was an error when fetching credits. You probably have entered an incorrect Threema Gateway ID or secret. There could also have been a connection error.]]></phrase>
    <phrase title="option_threema_gateway_status_credits_low" version_id="1" version_string="0.1"><![CDATA[Your credits are getting low. Please consider recharging them.]]></phrase>
    <phrase title="option_threema_gateway_status_credits_out" version_id="2" version_string="0.2.0"><![CDATA[You have no credits (anymore). Without any credits you cannot send messages anymore.]]></phrase>
    <phrase title="option_threema_gateway_status_credits_permission" version_id="1" version_string="0.1.0"><![CDATA[You are not allowed to view the remaining credits.]]></phrase>
    <phrase title="option_threema_gateway_status_credits_recharge" version_id="1" version_string="0.1.0"><![CDATA[(<a href="https://gateway.threema.ch/en/load" target="_blank" rel="noopener noreferrer">recharge</a>)]]></phrase>
    <phrase title="option_threema_gateway_status_custom_gwserver_error" version_id="1" version_string="0.1.0"><![CDATA[Gateway Server error: ]]></phrase>
    <phrase title="option_threema_gateway_status_custom_phpsdk_error" version_id="1" version_string="0.1.0"><![CDATA[Error in PHP-SDK: ]]></phrase>
    <phrase title="option_threema_gateway_status_debug_mode_active" version_id="2" version_string="0.2.0"><![CDATA[The debug mode is currently enabled, which means some or all messages are logged into a text file or other advanced settings are activated! You should <a href="#_threema_gateway_logreceivedmsgs">disable this below</a> after you finished debugging.]]></phrase>
    <phrase title="option_threema_gateway_status_debug_mode_potentially_active" version_id="2" version_string="0.2.0"><![CDATA[The debug mode of this add-on is currently enabled, which means some or all messages may be logged when you enable XenForo's debug mode or other advanced settings are activated! If this is not intentional, please <a href="#_threema_gateway_logreceivedmsgs">disable this mode below</a>.]]></phrase>
    <phrase title="option_threema_gateway_status_error" version_id="2" version_string="0.2.0"><![CDATA[You have errors in your configuration. Until you resolve them it will not be possible to use this addon.]]></phrase>
    <phrase title="option_threema_gateway_status_explain" version_id="1" version_string="0.1"><![CDATA[]]></phrase>
    <phrase title="option_threema_gateway_status_libsodiumphp_outdated" version_id="1" version_string="0.1.0"><![CDATA[This version is outdated. It is strongly recommend to upgrade to a newer version of libsodium-php (at least v1.0.1).]]></phrase>
    <phrase title="option_threema_gateway_status_libsodiumphp_version" version_id="1" version_string="0.1.0"><![CDATA[<a href="https://github.com/jedisct1/libsodium-php" target="_blank" rel="noopener noreferrer">Sodium-PHP</a> version: <b>{version}</b>]]></phrase>
    <phrase title="option_threema_gateway_status_libsodium_not_installed" version_id="1" version_string="0.1"><![CDATA[Libsodium is not installed.]]></phrase>
    <phrase title="option_threema_gateway_status_libsodium_not_installed_recommend" version_id="1" version_string="0.1.0"><![CDATA[For performance and security reasons it is very much recommend to install <a href="https://download.libsodium.org/doc/" target="_blank" rel="noopener noreferrer">libsodium</a> and the <a href="https://github.com/jedisct1/libsodium-php" target="_blank" rel="noopener noreferrer">php extension</a>. You can follow <a href="https://paragonie.com/book/pecl-libsodium/read/00-intro.md#installing-libsodium" target="_blank" rel="noopener noreferrer">this guide</a> for doing so.<br />
Additionally many 2FA methods will be disabled if you do not install libsodium.]]></phrase>
    <phrase title="option_threema_gateway_status_libsodium_not_installed_required_64bit" version_id="1" version_string="0.1.0"><![CDATA[You can only use the pure PHP implementation with a 64bit version of PHP, so you either have to install PHP x64 or <a href="https://paragonie.com/book/pecl-libsodium/read/00-intro.md#installing-libsodium" target="_blank" rel="noopener noreferrer">install libsodium</a>, which also provides more speed and security advantages.]]></phrase>
    <phrase title="option_threema_gateway_status_libsodium_outdated" version_id="1" version_string="0.1"><![CDATA[This version is outdated. It is strongly recommend to upgrade to a newer version of libsodium.]]></phrase>
    <phrase title="option_threema_gateway_status_libsodium_version" version_id="1" version_string="0.1.0"><![CDATA[<a href="https://download.libsodium.org/doc/" target="_blank" rel="noopener noreferrer">Sodium</a> version: <b>{version}</b>]]></phrase>
    <phrase title="option_threema_gateway_status_missing_private_key" version_id="1" version_string="0.1.0"><![CDATA[Currently it is not possible to use the Threema Gateway, because the private key is malformed or not specified.]]></phrase>
    <phrase title="option_threema_gateway_status_no_https" version_id="2" version_string="0.2.0"><![CDATA[You do not use HTTPS. Without HTTPS not only the data you enter here is unprotected, but also some settings and 2FA methods may not be available. Especially you will not be able to receive messages as Threema requires HTTPS for their callback.]]></phrase>
    <phrase title="option_threema_gateway_status_phpsdk_featurelevel" version_id="1" version_string="0.1.0"><![CDATA[(feature level: <b>{level}</b>)]]></phrase>
    <phrase title="option_threema_gateway_status_phpsdk_not_ready" version_id="1" version_string="0.1.0"><![CDATA[The PHP-SDK is not ready and cannot be used. You may need to check your setup.]]></phrase>
    <phrase title="option_threema_gateway_status_phpsdk_not_ready_yet" version_id="2" version_string="0.2.0"><![CDATA[The PHP-SDK is not ready yet and cannot be used. You may need to set it up it first.]]></phrase>
    <phrase title="option_threema_gateway_status_phpsdk_version" version_id="1" version_string="0.1.0"><![CDATA[Version of <a href="https://github.com/rugk/threema-msgapi-sdk-php" target="_blank" rel="noopener noreferrer">Threema PHP SDK</a>: <b>{version}</b>]]></phrase>
    <phrase title="option_threema_gateway_tfa_autolookupmail" version_id="1" version_string="0.1.0"><![CDATA[Automatically lookup mail addresses]]></phrase>
    <phrase title="option_threema_gateway_tfa_autolookupmail_explain" version_id="1" version_string="0.1.0"><![CDATA[When the user activates a 2FA mode this option automatically tries to get the Threema ID associated with the mail address of the user. The mail address is hashed before it is send to the Threema server.]]></phrase>
    <phrase title="option_threema_gateway_tfa_autolookupphone" version_id="1" version_string="0.1.0"><![CDATA[Automatically lookup phone numbers]]></phrase>
    <phrase title="option_threema_gateway_tfa_autolookupphone_explain" version_id="2" version_string="0.2.0"><![CDATA[When the user activates a 2FA mode this option automatically tries to get the Threema ID associated with the mobile phone number of the user. The phone number is hashed before it is send to the Threema server.<br />
Enter the ID of the custom user field in the input box, where it should be looked for phone numbers.<br />
<b>Important:</b> When the phone number in this custom user field is not verified when it is saved this allows forum members to lookup arbitrary phone numbers of any Threema user.]]></phrase>
    <phrase title="option_threema_gateway_tfa_blocking_time" version_id="2" version_string="0.2.0"><![CDATA[Time to block (minutes)]]></phrase>
    <phrase title="option_threema_gateway_tfa_blocking_time_explain" version_id="2" version_string="0.2.0"><![CDATA[How many minutes the login via the 2FA method should be blocked when a user chooses to do so. This value cannot be configured by a user. It is always the same for each user.]]></phrase>
    <phrase title="option_threema_gateway_tfa_conventional" version_id="2" version_string="0.2.0"><![CDATA[Activate conventional mode]]></phrase>
    <phrase title="option_threema_gateway_tfa_conventional_explain" version_id="1" version_string="0.1.0"><![CDATA[Allow users to use the "Conventional" 2FA method.]]></phrase>
    <phrase title="option_threema_gateway_tfa_conventional_validation" version_id="2" version_string="0.2.0"><![CDATA[Validation time]]></phrase>
    <phrase title="option_threema_gateway_tfa_conventional_validation_explain" version_id="2" version_string="0.2.0"><![CDATA[How long the one time code should be valid. (in minutes)]]></phrase>
    <phrase title="option_threema_gateway_tfa_conventional_validation_setup" version_id="2" version_string="0.2.0"><![CDATA[Validation time when setting up]]></phrase>
    <phrase title="option_threema_gateway_tfa_conventional_validation_setup_explain" version_id="2" version_string="0.2.0"><![CDATA[How long the one time code should be valid when setting up the 2FA method. (in minutes)<br>
It is useful that this value is a bit higher than the previous one, to give the user more time to read through the explanations or similar things. The first setup is assumed to take a bit longer.]]></phrase>
    <phrase title="option_threema_gateway_tfa_fast" version_id="2" version_string="0.2.0"><![CDATA[Activate fast login mode]]></phrase>
    <phrase title="option_threema_gateway_tfa_fast_auto_trigger" version_id="2" version_string="0.2.0"><![CDATA[Automatically trigger validation]]></phrase>
    <phrase title="option_threema_gateway_tfa_fast_auto_trigger_explain" version_id="2" version_string="0.2.0"><![CDATA[If enabled the submit button is hidden and it is automatically verified whether the validation criteria is satisfied.<br>
If the option is disabled the user has to click the submit button manually.]]></phrase>
    <phrase title="option_threema_gateway_tfa_fast_block" version_id="2" version_string="0.2.0"><![CDATA[Blocking options]]></phrase>
    <phrase title="option_threema_gateway_tfa_fast_block_explain" version_id="2" version_string="0.2.0"><![CDATA[In the Fast mode users can decline messages. In the setup of the Fast mode users can configure what should happen when they do so.<br>

You can configure what users are allowed to do in this case in the permission options for all user groups (at "Threema - Two-step-authentication"). By defaults users can only do some notifications and login blocking and admins and moderators can do everything.]]></phrase>
    <phrase title="option_threema_gateway_tfa_fast_explain" version_id="2" version_string="0.2.0"><![CDATA[Allows users to use the "Fast login" method]]></phrase>
    <phrase title="option_threema_gateway_tfa_fast_show_qr_code" version_id="2" version_string="0.2.0"><![CDATA[Show QR code of Gateway ID]]></phrase>
    <phrase title="option_threema_gateway_tfa_fast_show_qr_code_explain" version_id="2" version_string="0.2.0"><![CDATA[When enabled this suggests the user to scan the QR code of the Gateway ID. As you usually cannot meet a Gateway ID in person anyway, it is reasonable to offer this.<br>
<b>Note:</b> For security reasons this option is always ignored when HTTPS is not used.]]></phrase>
    <phrase title="option_threema_gateway_tfa_fast_validation" version_id="2" version_string="0.2.0"><![CDATA[Validation time]]></phrase>
    <phrase title="option_threema_gateway_tfa_fast_validation_explain" version_id="2" version_string="0.2.0"><![CDATA[How long the user should be able to confirm or decline the message. (in minutes)<br>
The default time limit is so high (compared with the other 2FA modes) as here a long expiration limit does not decrease the security (as the message ID as a stronger secret is used in this mode) and as the expiration limit here also limits the time a user can at maximum decline the message to block a potential (malicious) intruder. Thus it is actually useful to specify a high limit here.]]></phrase>
    <phrase title="option_threema_gateway_tfa_fast_validation_setup" version_id="2" version_string="0.2.0"><![CDATA[Validation time when setting up]]></phrase>
    <phrase title="option_threema_gateway_tfa_fast_validation_setup_explain" version_id="2" version_string="0.2.0"><![CDATA[How long the user should be able to confirm or decline the message when setting up the 2FA method. (in minutes)]]></phrase>
    <phrase title="option_threema_gateway_tfa_reversed" version_id="2" version_string="0.2.0"><![CDATA[Activate reversed mode]]></phrase>
    <phrase title="option_threema_gateway_tfa_reversed_auto_trigger" version_id="2" version_string="0.2.0"><![CDATA[Automatically trigger validation]]></phrase>
    <phrase title="option_threema_gateway_tfa_reversed_auto_trigger_explain" version_id="2" version_string="0.2.0"><![CDATA[If enabled the submit button is hidden and it is automatically verified whether the validation criteria is satisfied.<br>
If the option is disabled the user has to click the submit button manually.]]></phrase>
    <phrase title="option_threema_gateway_tfa_reversed_explain" version_id="2" version_string="0.2.0"><![CDATA[Allow users to use the "Reversed" 2FA method.]]></phrase>
    <phrase title="option_threema_gateway_tfa_reversed_show_qr_code" version_id="2" version_string="0.2.0"><![CDATA[Show QR code of Gateway ID]]></phrase>
    <phrase title="option_threema_gateway_tfa_reversed_show_qr_code_explain" version_id="2" version_string="0.2.0"><![CDATA[When enabled this suggests the user to scan the QR code of the Gateway ID. As you usually cannot meet a Gateway ID in person anyway, it is reasonable to offer this.<br>
<b>Note:</b> For security reasons this option is always ignored when HTTPS is not used.]]></phrase>
    <phrase title="option_threema_gateway_tfa_reversed_validation" version_id="2" version_string="0.2.0"><![CDATA[Validation time]]></phrase>
    <phrase title="option_threema_gateway_tfa_reversed_validation_explain" version_id="2" version_string="0.2.0"><![CDATA[How long the one time code should be valid. (in minutes)]]></phrase>
    <phrase title="option_threema_gateway_tfa_reversed_validation_setup" version_id="2" version_string="0.2.0"><![CDATA[Validation time when setting up]]></phrase>
    <phrase title="option_threema_gateway_tfa_reversed_validation_setup_explain" version_id="2" version_string="0.2.0"><![CDATA[How long the one time code should be valid when setting up the 2FA method. (in minutes)<br>
It is useful that this value is a bit higher than the previous one, to give the user more time to read through the explanations or similar things. The first setup is assumed to take a bit longer.]]></phrase>
    <phrase title="option_threema_gateway_threema_id" version_id="1" version_string="0.1.0"><![CDATA[Threema Gateway ID]]></phrase>
    <phrase title="option_threema_gateway_threema_id_explain" version_id="1" version_string="0.1"><![CDATA[Enter the Threema ID of your Gateway account here. (e.g. <code>*MYAPIID</code>)]]></phrase>
    <phrase title="option_threema_gateway_threema_id_secret" version_id="1" version_string="0.1"><![CDATA[Threema ID secret]]></phrase>
    <phrase title="option_threema_gateway_threema_id_secret_explain" version_id="1" version_string="0.1.0"><![CDATA[Enter your secret for accessing the Threema Gateway here.{note}]]></phrase>
    <phrase title="option_threema_gateway_threema_id_secret_explain_note" version_id="1" version_string="0.1.0"><![CDATA[<br >
<b>Note:</b> For security reasons your secret is mostly hidden and will only be changed when you replace the value here.]]></phrase>
    <phrase title="option_threema_gateway_throttle_1h" version_id="3" version_string="0.3.0"><![CDATA[Send rate limit per hour]]></phrase>
    <phrase title="option_threema_gateway_throttle_1h_explain" version_id="3" version_string="0.3.0"><![CDATA[Sets the maximum number of messages a user is allowed to sent in one hour.
Setting this to 0 will disable this limitation.]]></phrase>
    <phrase title="option_threema_gateway_throttle_1min" version_id="3" version_string="0.3.0"><![CDATA[Sent rate limit per minute]]></phrase>
    <phrase title="option_threema_gateway_throttle_1min_explain" version_id="3" version_string="0.3.0"><![CDATA[Sets the maximum number of messages a user is allowed to sent in one minute.
Setting this to 0 will disable this limitation.]]></phrase>
    <phrase title="option_threema_gateway_throttle_5min" version_id="3" version_string="0.3.0"><![CDATA[Send rate limit in 5min]]></phrase>
    <phrase title="option_threema_gateway_throttle_5min_explain" version_id="3" version_string="0.3.0"><![CDATA[Sets the maximum number of messages a user is allowed to sent in one 5 minutes.
Setting this to 0 will disable this limitation.]]></phrase>
    <phrase title="option_threema_gateway_userfield_verifyexist" version_id="1" version_string="0.1.0"><![CDATA[Verify existence of Threema IDs entered in custom user fields]]></phrase>
    <phrase title="option_threema_gateway_userfield_verifyexist_explain" version_id="2" version_string="0.2.0"><![CDATA[When this option is deactivated only the format of the Threema ID is verified. If it is activated the Threema server is also queried to check whether the ID really exists.<br>
Note that it is not verified whether the Threema ID <strong>belongs</strong> to the user.]]></phrase>
    <phrase title="option_threema_gateway_usesource" version_id="1" version_string="0.1.0"><![CDATA[Use source code of PHP SDK]]></phrase>
    <phrase title="option_threema_gateway_usesource_explain" version_id="1" version_string="0.1.0"><![CDATA[Instead of using the .phar file this forces the add-on to use the source code of the PHP SDK. This is in most cases only useful for debugging.]]></phrase>
    <phrase title="option_threema_gateway_verify_receive_time" version_id="2" version_string="0.2.0"><![CDATA[Reject old incoming messages]]></phrase>
    <phrase title="option_threema_gateway_verify_receive_time_explain" version_id="2" version_string="0.2.0"><![CDATA[When activated, this verifies the time, when messages are received, so old messages are rejected. The format of the date must be a valid one, which can be processed by <a href="https://secure.php.net/manual/function.strtotime.php" target="_blank" rel="noopener noreferrer"><code>strtotime</code></a>. The date must be a <a href="https://secure.php.net/manual/datetime.formats.relative.php" target="_blank" rel="noopener noreferrer">relative one</a> and must be in the past (prepend a <code>-</code>).
The recommend minimum value is 20 minutes (<code>-20 min</code>) as the Gateway server retries sending regularely a message for a maximum of 15 minutes. 5 minutes should be a minimum tolerance for server delays.
<br>
When disabled a hardcoded fallback to 14 days (<code>-14 days</code>) is used, as messages can never be older than 14 days as they are afterwards deleted from the Gateway server.]]></phrase>
    <phrase title="permission_group_threemagw" version_id="1" version_string="0.1.0"><![CDATA[Threema Gateway]]></phrase>
    <phrase title="permission_interface_threemagw" version_id="1" version_string="0.1.0"><![CDATA[Threema Gateway]]></phrase>
    <phrase title="permission_interface_threemagw_tfa" version_id="2" version_string="0.2.0"><![CDATA[Threema - Two-step-authentication]]></phrase>
    <phrase title="permission_threemagw_blockedNotification" version_id="2" version_string="0.2.0"><![CDATA[Fast mode (decline) - Allow notification]]></phrase>
    <phrase title="permission_threemagw_blockIp" version_id="2" version_string="0.2.0"><![CDATA[Fast mode (decline) - Allow IP block]]></phrase>
    <phrase title="permission_threemagw_blockTfaMode" version_id="2" version_string="0.2.0"><![CDATA[Fast mode (decline) - Allow temporary 2FA method block]]></phrase>
    <phrase title="permission_threemagw_blockUser" version_id="2" version_string="0.2.0"><![CDATA[Fast mode (decline) - Allow user block (for one day)]]></phrase>
    <phrase title="permission_threemagw_fetch" version_id="1" version_string="0.1.0"><![CDATA[Fetch public key (based on ID)]]></phrase>
    <phrase title="permission_threemagw_lookup" version_id="1" version_string="0.1.0"><![CDATA[Lookup ID/public key based on any criteria]]></phrase>
    <phrase title="permission_threemagw_receive" version_id="1" version_string="0.1.0"><![CDATA[Receive messages]]></phrase>
    <phrase title="permission_threemagw_send" version_id="1" version_string="0.1.0"><![CDATA[Send messages]]></phrase>
    <phrase title="permission_threemagw_tfa" version_id="1" version_string="0.1.0"><![CDATA[Use Threema 2FA]]></phrase>
    <phrase title="permission_threemagw_use" version_id="1" version_string="0.1.0"><![CDATA[Use Threema Gateway]]></phrase>
    <phrase title="sendto_threema" version_id="1" version_string="0.1"><![CDATA[Send to Threema]]></phrase>
    <phrase title="tfa_threemagw_add_threema_id_button" version_id="2" version_string="0.2.0"><![CDATA[Add Threema ID]]></phrase>
    <phrase title="tfa_threemagw_add_threema_id_button_tooltip" version_id="2" version_string="0.2.0"><![CDATA[Adds {threemaid} to your contact list]]></phrase>
    <phrase title="tfa_threemagw_automatically_continues" version_id="2" version_string="0.2.0"><![CDATA[Waiting for confirmation…]]></phrase>
    <phrase title="tfa_threemagw_block_ip" version_id="2" version_string="0.2.0"><![CDATA[block the IP of the user trying to login]]></phrase>
    <phrase title="tfa_threemagw_block_ip_explain" version_id="2" version_string="0.2.0"><![CDATA[This <b>permanently</b> blocks the IP of the user, who tried to login. Use this option with care!]]></phrase>
    <phrase title="tfa_threemagw_block_tfa_mode" version_id="2" version_string="0.2.0"><![CDATA[block the 2FA login method]]></phrase>
    <phrase title="tfa_threemagw_block_tfa_mode_explain" version_id="2" version_string="0.2.0"><![CDATA[This prevents the user from using the 2FA method for <b>{time}</b>, but does not show any notification to the user trying to login to not attract the attackers attention.<br>
Note that this option is reversible, so after declining a message, you can still acknowledge it, to lift this block.]]></phrase>
    <phrase title="tfa_threemagw_block_user" version_id="2" version_string="0.2.0"><![CDATA[block the user account for one day.]]></phrase>
    <phrase title="tfa_threemagw_block_user_explain" version_id="2" version_string="0.2.0"><![CDATA[This bans the user account for {time}. The account can only be unbanned by admins.]]></phrase>
    <phrase title="tfa_threemagw_contact_qrcode_text" version_id="2" version_string="0.2.0"><![CDATA[3mid:{threemaid},{publickey}]]></phrase>
    <phrase title="tfa_threemagw_conventional" version_id="1" version_string="0.1.0"><![CDATA[Threema - Conventional]]></phrase>
    <phrase title="tfa_threemagw_conventional_desc" version_id="1" version_string="0.1.0"><![CDATA[This will send you a 6 digit code through Threema to verify your login.{e2e}]]></phrase>
    <phrase title="tfa_threemagw_conventional_message" version_id="2" version_string="0.2.0"><![CDATA[\ud83d\udd11 Two-factor authentication

Hi {user},
to complete the second step of the two-factor authentication, you must enter the following code:

{secret}

The code is valid for {validationTime}.

The login was requested via the *IP* *{ip}*. If you did not initiate this request, you should change your password urgently.

Thanks,
{board}
{board_url}]]></phrase>
    <phrase title="tfa_threemagw_conventional_message_has_been_send_to_x_with_code_continue" version_id="2" version_string="0.2.0"><![CDATA[A Threema message has been sent to <b>{threemaid}</b> with a single-use code. Please enter that code to continue.]]></phrase>
    <phrase title="tfa_threemagw_conventional_message_has_been_send_to_x_with_code_login" version_id="2" version_string="0.2.0"><![CDATA[A Threema message has been sent to <b>{threemaid}</b> with a single-use code. Please enter that code to complete login.]]></phrase>
    <phrase title="tfa_threemagw_conventional_message_short" version_id="2" version_string="0.2.0"><![CDATA[\ud83d\udd11
Code: {secret}
IP: {ip}
Validity: {validationTime}

{board}
{board_url}]]></phrase>
    <phrase title="tfa_threemagw_conventional_setup_descr" version_id="1" version_string="0.1"><![CDATA[This mode sends you a 6 digit code to your Threema ID, which you have to enter when logging in.]]></phrase>
    <phrase title="tfa_threemagw_enter_own_threema_id_below" version_id="2" version_string="0.2.0"><![CDATA[Please enter your own Threema ID below.]]></phrase>
    <phrase title="tfa_threemagw_fast" version_id="2" version_string="0.2.0"><![CDATA[Threema - Fast login]]></phrase>
    <phrase title="tfa_threemagw_fast_desc" version_id="2" version_string="0.2.0"><![CDATA[This will send you a message with some details about who requests the login and you can confirm or decline the request.]]></phrase>
    <phrase title="tfa_threemagw_fast_message" version_id="2" version_string="0.2.0"><![CDATA[\ud83d\udd10 Two-factor authentication

Hi {user},
a user with the *IP* *{ip}* requested a login confirmation for your account.

To allow the login you have to acknowledge this message.

If you did not initiate this request, you should decline this message instead and change your password urgently.

Thanks,
{board}
{board_url}]]></phrase>
    <phrase title="tfa_threemagw_fast_message_blocked" version_id="2" version_string="0.2.0"><![CDATA[\u26D4 Login access blocked!

\u26A0 *Important* *message!*

Hi {user},
a user with the *IP* *{ip}* tried to login (again) with the Threema Fast 2FA mode.

This was blocked as the user has previously been blocked due to a denied login request by yourself.
In case you did this accidentally you have to wait until the block is lifted.

Thanks,
{board}
{board_url}]]></phrase>
    <phrase title="tfa_threemagw_fast_message_short" version_id="2" version_string="0.2.0"><![CDATA[\ud83d\udd10
*IP* *{ip}* tried to login as _{user}_.

Acknowledge this message to allow the login.

{board}
{board_url}]]></phrase>
    <phrase title="tfa_threemagw_fast_please_confirm_message" version_id="2" version_string="0.2.0"><![CDATA[Please <a href="https://threema.ch/en/faq/agree_disagree_feature" target="_blank" rel="noopener noreferrer">confirm the message</a>, which has just been sent to <b>{threemaid}</b> from <b>{gatewayid}</b>.<br>
In case you accidentally tapped on "Disagree" you can usually still confirm the message afterwards to login anyway.]]></phrase>
    <phrase title="tfa_threemagw_fast_setup_descr" version_id="2" version_string="0.2.0"><![CDATA[This mode sends you a message, which you have to confirm to allow the login request. If you decline it, the login is prevented.]]></phrase>
    <phrase title="tfa_threemagw_fast_setup_message" version_id="2" version_string="0.2.0"><![CDATA[\ud83d\udd10 Two-factor authentication

Hi {user},
a user with the *IP* *{ip}* requested a 2FA activation confirmation for your account.

To allow the request you have to acknowledge this message.

If you did not initiate this request, you should decline this message instead and change your password urgently.

Thanks,
{board}
{board_url}]]></phrase>
    <phrase title="tfa_threemagw_fast_setup_message_blocked" version_id="2" version_string="0.2.0"><![CDATA[\u26D4 2FA activation access blocked!

\u26A0 *Important* *message!*

Hi {user},
a user with the *IP* *{ip}* tried to activate the Threema Fast 2FA mode.

This was blocked as the user has previously been blocked as you denied a login request.
In case you did this accidentally you have to wait until the block is lifted. You can afterwards confirm this message to activate the 2FA mode.

Thanks,
{board}
{board_url}]]></phrase>
    <phrase title="tfa_threemagw_fast_setup_message_short" version_id="2" version_string="0.2.0"><![CDATA[\ud83d\udd10
*IP* *{ip}* tried to activate the 2FA mode as _{user}_.

Acknowledge this message to allow the request.

{board}
{board_url}]]></phrase>
    <phrase title="tfa_threemagw_fast_user_banned" version_id="2" version_string="0.2.0"><![CDATA[2FA login violation]]></phrase>
    <phrase title="tfa_threemagw_fast_validation_time" version_id="2" version_string="0.2.0"><![CDATA[You have {validationTime} to do so.]]></phrase>
    <phrase title="tfa_threemagw_fast_when_decline" version_id="2" version_string="0.2.0"><![CDATA[When you decline a login message…]]></phrase>
    <phrase title="tfa_threemagw_i_like_smilies" version_id="2" version_string="0.2.0"><![CDATA[I like Emojis!]]></phrase>
    <phrase title="tfa_threemagw_i_like_smilies_explain" version_id="2" version_string="0.2.0"><![CDATA[Check this only if you like emoticons/smileys.]]></phrase>
    <phrase title="tfa_threemagw_message_blocked_canreverse" version_id="2" version_string="0.2.0"><![CDATA[\uD83D\uDC49 In case you did this accidentally you can still *change* the status of the (previous!) *login* *request* *message* to
    \uD83D\uDC4D Agree
to allow the login.]]></phrase>
    <phrase title="tfa_threemagw_message_blocked_general" version_id="2" version_string="0.2.0"><![CDATA[\u26D4 Login access blocked!

Hi {user},
as you declined the login message, the user with the *IP* *{ip}* has been prevented from accessing your account.
{blockActions}

Thanks,
{board}
{board_url}]]></phrase>
    <phrase title="tfa_threemagw_message_blocked_ip" version_id="2" version_string="0.2.0"><![CDATA[The IP has been banned permanently.]]></phrase>
    <phrase title="tfa_threemagw_message_blocked_login" version_id="2" version_string="0.2.0"><![CDATA[This 2FA login method has been blocked for {blockTime}.]]></phrase>
    <phrase title="tfa_threemagw_message_blocked_nothing" version_id="2" version_string="0.2.0"><![CDATA[Nothing more has been done to prevent the user from accessing your account as you have not configured any other options.]]></phrase>
    <phrase title="tfa_threemagw_message_blocked_user" version_id="2" version_string="0.2.0"><![CDATA[The user account has been banned for {blockTime}.]]></phrase>
    <phrase title="tfa_threemagw_notify_of_block" version_id="2" version_string="0.2.0"><![CDATA[notify me of the the actions via Threema]]></phrase>
    <phrase title="tfa_threemagw_notify_of_block_explain" version_id="2" version_string="0.2.0"><![CDATA[This notifies the user via Threema of the actions taken when blocking and possible subsequent login attempts via this 2FA method. This option is recommend.]]></phrase>
    <phrase title="tfa_threemagw_reversed" version_id="2" version_string="0.2.0"><![CDATA[Threema - Reversed]]></phrase>
    <phrase title="tfa_threemagw_reversed_button_text" version_id="2" version_string="0.2.0"><![CDATA[Send message]]></phrase>
    <phrase title="tfa_threemagw_reversed_button_tooltip" version_id="2" version_string="0.2.0"><![CDATA[Send code via your mobile device]]></phrase>
    <phrase title="tfa_threemagw_reversed_desc" version_id="2" version_string="0.2.0"><![CDATA[This will give you a 6 digit code, which you have to send to {board} via Threema to verify your login.]]></phrase>
    <phrase title="tfa_threemagw_reversed_message_please_enter_code" version_id="2" version_string="0.2.0"><![CDATA[Please send a message to <b>{gatewayid}</b> with the following code.<br>
When you are browsing this website from a device where Threema is installed, you can just hit the button to send the message.
In case you are on your desktop, you can scan the QR code.]]></phrase>
    <phrase title="tfa_threemagw_reversed_setup_descr" version_id="2" version_string="0.2.0"><![CDATA[This mode shows you a 6 digit code, which you have to send via Threema to this forum to login. Thus it is the "reversed" version of the conventional mode.]]></phrase>
    <phrase title="tfa_threemagw_reversed_show_code" version_id="2" version_string="0.2.0"><![CDATA[<p>Code:</p>
<code class="textCtrl threemagw_given_code">{secret}</code>]]></phrase>
    <phrase title="tfa_threemagw_reversed_validation_time" version_id="2" version_string="0.2.0"><![CDATA[The code is valid for {validationTime}.]]></phrase>
    <phrase title="tfa_threemagw_setup_generaldescr" version_id="1" version_string="0.1"><![CDATA[This two factor authentication mode uses the <a href="https://threema.ch" target="_blank" rel="noopener noreferrer">Threema</a> app. Before you can proceed you have to download it. It is available <a href="https://threema.ch/get-threema" target="_blank" rel="noopener noreferrer">for many platforms</a>. <br />
Setup your Threema ID and enter it below.]]></phrase>
    <phrase title="tfa_threemagw_setup_please_add_threema_id" version_id="2" version_string="0.2.0"><![CDATA[Please add the Threema ID <b>{gatewayid}</b> to your contact list before proceeding.]]></phrase>
    <phrase title="tfa_threemagw_setup_please_scan_qr_code" version_id="2" version_string="0.2.0"><![CDATA[Please scan the following QR code with Threema before proceeding. The Threema ID <b>{gatewayid}</b> should be added!]]></phrase>
    <phrase title="tfa_threemagw_setup_public_key" version_id="1" version_string="0.1"><![CDATA[Public Key]]></phrase>
    <phrase title="tfa_threemagw_setup_public_key_descr" version_id="2" version_string="0.2.0"><![CDATA[Before proceeding, please confirm that the following fingerprint of your Threema ID is correct. Often you can find it on the same page where you can also see your Threema ID and QR code.<br>
<b>Key fingerprint:</b> {pubKeyShort}<br /><br />
Please check each character of the code and confirm it is the same as displayed on your device. Should you notice any discrepancy when doing so, please <i>do not continue</i> and contact the forum admin.<br />
The displayed fingerprint is derived from the public key, which is linked to your Threema ID. More information <a href="https://threema.ch/en/faq/threema_id" target="_blank" rel="noopener noreferrer">in the Threema FAQ</a>.]]></phrase>
    <phrase title="tfa_threemagw_setup_use_button_below_to_add_threema_id" version_id="2" version_string="0.2.0"><![CDATA[In case you are currently using a device where Threema is installed you can just use the button below to add the ID:]]></phrase>
    <phrase title="tfa_threemagw_use_number_smilies" version_id="1" version_string="0.1"><![CDATA[Use smilies as digits]]></phrase>
    <phrase title="tfa_threemagw_use_number_smilies_explain" version_id="1" version_string="0.1"><![CDATA[Replaces the numbers in the code with smilies.]]></phrase>
    <phrase title="tfa_threemagw_use_short_message" version_id="1" version_string="0.1"><![CDATA[Use short messages]]></phrase>
    <phrase title="tfa_threemagw_use_short_message_explain" version_id="2" version_string="0.2.0"><![CDATA[Uses short messages instead of long ones to allow you to see your verification code directly in the notification, so you do not have to open Threema to see it.]]></phrase>
    <phrase title="threemagw_account_locked_due_to_high_number_of_sent_messages" version_id="3" version_string="0.3.0"><![CDATA[Your account was temporarily locked due to a high number of sent Threema messages.]]></phrase>
    <phrase title="threemagw_confirmation_code" version_id="1" version_string="0.1"><![CDATA[Threema Confirmation Code]]></phrase>
    <phrase title="threemagw_days" version_id="2" version_string="0.2.0"><![CDATA[days]]></phrase>
    <phrase title="threemagw_donate_consider_donating" version_id="2" version_string="0.2.0"><![CDATA[<b>Consider donating!</b> ❤️]]></phrase>
    <phrase title="threemagw_donate_currency" version_id="2" version_string="0.2.0"><![CDATA[{num}€]]></phrase>
    <phrase title="threemagw_donate_flattr" version_id="2" version_string="0.2.0"><![CDATA[Flattr]]></phrase>
    <phrase title="threemagw_donate_flattr_language_code" version_id="2" version_string="0.2.0"><![CDATA[en_GB]]></phrase>
    <phrase title="threemagw_donate_gratipay" version_id="1000070" version_string="1.0.0"><![CDATA[Gratipay]]></phrase>
    <phrase title="threemagw_donate_like_addon_and_support_dev" version_id="2" version_string="0.2.0"><![CDATA[You like this add-on and want to <b>support</b> the development?]]></phrase>
    <phrase title="threemagw_donate_micro_donation" version_id="2" version_string="0.2.0"><![CDATA[Micro-donation]]></phrase>
    <phrase title="threemagw_donate_other_amount" version_id="2" version_string="0.2.0"><![CDATA[other amount]]></phrase>
    <phrase title="threemagw_donate_paypal" version_id="2" version_string="0.2.0"><![CDATA[PayPal]]></phrase>
    <phrase title="threemagw_donate_paypal_button_text" version_id="2" version_string="0.2.0"><![CDATA[Donate]]></phrase>
    <phrase title="threemagw_donate_paypal_me" version_id="2" version_string="0.2.0"><![CDATA[PayPal.me]]></phrase>
    <phrase title="threemagw_donate_weekly" version_id="1000070" version_string="1.0.0"><![CDATA[Weekly]]></phrase>
    <phrase title="threemagw_fetching_publickey_failed" version_id="1" version_string="0.1.0"><![CDATA[Fetching public key failed.]]></phrase>
    <phrase title="threemagw_getting_credits_failed" version_id="1" version_string="0.1.0"><![CDATA[Getting credits failed.]]></phrase>
    <phrase title="threemagw_hours" version_id="2" version_string="0.2.0"><![CDATA[hours]]></phrase>
    <phrase title="threemagw_integrity_of_addon_could_not_checked" version_id="2" version_string="0.2.0"><![CDATA[ThreemaGateway: The integrity of the Threema Gateway add-on could not be checked.]]></phrase>
    <phrase title="threemagw_invalid_debuglogpath" version_id="2" version_string="0.2.0"><![CDATA[The path of the message debug log file is invalid. Please check the permissions.]]></phrase>
    <phrase title="threemagw_invalid_discard_old_date" version_id="2" version_string="0.2.0"><![CDATA[The date given for discarding old messages is invalid.]]></phrase>
    <phrase title="threemagw_invalid_downloadpath" version_id="1" version_string="0.1.0"><![CDATA[The directory cannot be used. Please check the directory and it's permissions.]]></phrase>
    <phrase title="threemagw_invalid_httpshardening_option" version_id="1" version_string="0.1.0"><![CDATA[The HTTPS hardening option is invalid.]]></phrase>
    <phrase title="threemagw_invalid_keystorepath" version_id="1" version_string="0.1.0"><![CDATA[The path to the PHP keystore file is invalid.]]></phrase>
    <phrase title="threemagw_invalid_privatekey" version_id="1" version_string="0.1.0"><![CDATA[The private key is invalid or could not be found.]]></phrase>
    <phrase title="threemagw_invalid_privkeypath" version_id="1" version_string="0.1.0"><![CDATA[The path to the private key file is invalid.]]></phrase>
    <phrase title="threemagw_invalid_threema_id" version_id="1" version_string="0.1"><![CDATA[The Threema ID is invalid.]]></phrase>
    <phrase title="threemagw_invalid_threema_secret" version_id="1" version_string="0.1.0"><![CDATA[The Threema ID Secret is invalid.]]></phrase>
    <phrase title="threemagw_libsodium_error" version_id="1" version_string="0.1.0"><![CDATA[Error when trying to use libsodium.]]></phrase>
    <phrase title="threemagw_message_is_sent_e2e" version_id="2" version_string="0.2.0"><![CDATA[ The message is sent end-to-end encrypted.]]></phrase>
    <phrase title="threemagw_minutes" version_id="1" version_string="0.1"><![CDATA[minutes]]></phrase>
    <phrase title="threemagw_missing_database_data" version_id="2" version_string="0.2.0"><![CDATA[Some data in the database is missing.]]></phrase>
    <phrase title="threemagw_missing_e2e_helper" version_id="1" version_string="0.1.0"><![CDATA[The E2E helper is missing. Probably it was tried to use it although the Gateway is not used in E2E mode.]]></phrase>
    <phrase title="threemagw_missing_sdk" version_id="1" version_string="0.1.0"><![CDATA[The PHP SDK for Threema Gateway is missing.]]></phrase>
    <phrase title="threemagw_not_writable_keystorefile" version_id="1" version_string="0.1.0"><![CDATA[The PHP keystore file is not writable.]]></phrase>
    <phrase title="threemagw_one_day" version_id="2" version_string="0.2.0"><![CDATA[one day]]></phrase>
    <phrase title="threemagw_one_hour" version_id="2" version_string="0.2.0"><![CDATA[one hour]]></phrase>
    <phrase title="threemagw_one_minute" version_id="2" version_string="0.2.0"><![CDATA[minute]]></phrase>
    <phrase title="threemagw_permission_error" version_id="1" version_string="0.1.0"><![CDATA[There was a permission error.]]></phrase>
    <phrase title="threemagw_phpkeystore_example" version_id="1" version_string="0.1.0"><![CDATA[keystore.php]]></phrase>
    <phrase title="threemagw_privatekeyfile_example" version_id="1" version_string="0.1.0"><![CDATA[privateKey.txt]]></phrase>
    <phrase title="threemagw_sending_failed" version_id="1" version_string="0.1.0"><![CDATA[Sending message failed.]]></phrase>
    <phrase title="threemagw_tfa_confirmation" version_id="2" version_string="0.2.0"><![CDATA[2FA confirmation]]></phrase>
    <phrase title="threemagw_tfa_user_banned" version_id="2" version_string="0.2.0"><![CDATA[2FA login failure]]></phrase>
    <phrase title="threemagw_this_tfa_mode_is_not_setup" version_id="2" version_string="0.2.0"><![CDATA[This 2FA mode has not been setup correctly.]]></phrase>
    <phrase title="threemagw_threemaid" version_id="1" version_string="0.1.0"><![CDATA[Threema ID]]></phrase>
    <phrase title="threemagw_threema_id_does_not_exist" version_id="1" version_string="0.1"><![CDATA[Threema ID does not exist.]]></phrase>
    <phrase title="threemagw_unknown_message_type" version_id="2" version_string="0.2.0"><![CDATA[Unknown message type]]></phrase>
    <phrase title="threema_this_action_required_e2e" version_id="2" version_string="0.2.0"><![CDATA[This action requires the end-to-end encrypted Threema mode.]]></phrase>
    <phrase title="user_field_threemaid" global_cache="1" version_id="1" version_string="0.1.0"><![CDATA[Threema ID]]></phrase>
    <phrase title="user_field_threemaid_desc" version_id="1" version_string="0.1.0"><![CDATA[]]></phrase>
  </phrases>
  <route_prefixes/>
  <style_properties/>
  <templates>
    <template title="account_two_step_threemagw_conventional_manage" version_id="2" version_string="0.2.0"><![CDATA[<xen:title>{xen:phrase two_step_verification_setup}: {$provider.title}</xen:title>

<form method="post" class="xenForm {xen:if $newProviderHtml, AutoValidator}"
<xen:comment>Use /enable link when setting provider up and use /manage link when changing setting later.</xen:comment>
action=<xen:if is="{$context} == 'firstsetup' or {$context} == 'setupvalidation'">
		"{xen:link 'account/two-step/enable'}"
	<xen:else />
		"{xen:link 'account/two-step/manage'}"
	</xen:if> data-redirect="yes">
	
	<xen:comment>information block</xen:comment>
	<xen:if is="{$context} == 'firstsetup'">
		<xen:comment>First site of setup page shows general information.</xen:comment>
		<dl class="ctrlUnit">
		<dt></dt>
			<dd>
				<p>{xen:phrase tfa_threemagw_setup_generaldescr}</p>
				<p>{xen:phrase tfa_threemagw_conventional_setup_descr}</p>
			</dd>
		</dl>
	<xen:elseif is="{$context} == 'manage'" />
		<xen:comment>Later manages only show some basic information...</xen:comment>
		<dl class="ctrlUnit">
		<dt></dt>
			<dd>
				<p>{xen:phrase tfa_threemagw_conventional_setup_descr}</p>
			</dd>
		</dl>
	</xen:if>

	<xen:if is="{$newProviderHtml}">
		<xen:comment>Shows validation input field if Threema ID was changed.</xen:comment>
		{xen:raw $newProviderHtml}

		<dl class="ctrlUnit submitUnit">
			<dt></dt>
			<dd><input type="submit" name="save" value="{xen:phrase confirm}" accesskey="s" class="button primary" /></dd>
		</dl>

		<input type="hidden" name="confirm" value="1" />
	<xen:else />
		<dl class="ctrlUnit">
			<xen:comment>Show Threema ID input and all other settings as this is not the validation page.</xen:comment>
			<xen:include template="threemagw_threemaid_input_field">
				<xen:set var="$id">ctrl_threemagw_fast_threemaid</xen:set>
			</xen:include>
		</dl>

		<dl class="ctrlUnit">
			<dt><label>{xen:phrase more_options}:</label></dt>
			<dd><ul>
				<li>
					<label><input type="checkbox" name="useNumberSmilies" value="1" {xen:if $providerData.useNumberSmilies, 'checked=""'} /> {xen:phrase tfa_threemagw_use_number_smilies}</label>
                    <p class="explain">{xen:phrase tfa_threemagw_use_number_smilies_explain}</p>
				</li>
			</ul></dd>

			<dt></dt>
			<dd><ul>
				<li>
					<label><input type="checkbox" name="useShortMessage" value="1" {xen:if $providerData.useShortMessage, 'checked=""'} /> {xen:phrase tfa_threemagw_use_short_message}</label>
					<p class="explain">{xen:phrase tfa_threemagw_use_short_message_explain}</p>
				</li>
			</ul></dd>
		</dl>

		<dl class="ctrlUnit submitUnit">
			<dt></dt>
			<xen:if is="{$context} == 'firstsetup'">
				<dd><input type="submit" name="save" value="{xen:phrase confirm}" accesskey="s" class="button primary" /></dd>
			<xen:elseif is="{$context} == 'setup'" />
				<dd><input type="submit" name="save" value="{xen:phrase save}" accesskey="s" class="button primary" /></dd>
			<xen:else />
				<dd><input type="submit" name="save" value="{xen:phrase sendto_threema}" accesskey="s" class="button primary" /></dd>
			</xen:if>
		</dl>
	</xen:if>

	<input type="hidden" name="provider" value="{$providerId}" />
	<xen:if is="{$context} == 'firstsetup' or {$context} == 'setupvalidation'">
		<xen:comment>Add special parameters if this is in setup.</xen:comment>
		<xen:if is="{$newProviderHtml}">
			<input type="hidden" name="step" value="confirm" />
		<xen:else />
			<input type="hidden" name="step" value="setup" />
		</xen:if>
	<xen:elseif is="!{$newProviderHtml}" />
		<input type="hidden" name="manage" value="1" />
	</xen:if>
	<input type="hidden" name="_xfConfirm" value="1" />
	<input type="hidden" name="_xfToken" value="{$visitor.csrf_token_page}" />
</form>]]></template>
    <template title="account_two_step_threemagw_fast_manage" version_id="2" version_string="0.2.0"><![CDATA[<xen:title>{xen:phrase two_step_verification_setup}: {$provider.title}</xen:title>
<!-- used for intendation css -->
<xen:require css="threemagw.css" />

<form method="post" class="xenForm {xen:if $newProviderHtml, AutoValidator}"
<xen:comment>Use /enable link when setting provider up and use /manage link when changing setting later.</xen:comment>
action=<xen:if is="{$context} == 'firstsetup' or {$context} == 'setupvalidation'">
		"{xen:link 'account/two-step/enable'}"
	<xen:else />
		"{xen:link 'account/two-step/manage'}"
	</xen:if> data-redirect="yes">
	
	<xen:comment>information block</xen:comment>
	<xen:if is="{$context} == 'firstsetup'">
		<xen:comment>First site of setup page shows general information.</xen:comment>
		<dl class="ctrlUnit">
		<dt></dt>
			<dd>
				<p>{xen:phrase tfa_threemagw_setup_generaldescr}</p>
				<p>{xen:phrase tfa_threemagw_fast_setup_descr}</p>
			</dd>
		</dl>
	<xen:elseif is="{$context} == 'manage'" />
		<xen:comment>Later manages only show some basic information...</xen:comment>
		<dl class="ctrlUnit">
		<dt></dt>
			<dd>
				<p>{xen:phrase tfa_threemagw_fast_setup_descr}</p>
			</dd>
		</dl><p>
	</xen:if>

	<xen:if is="{$newProviderHtml}">
		<xen:comment>Shows validation input field if Threema ID was changed.</xen:comment>
		{xen:raw $newProviderHtml}

		<dl class="ctrlUnit submitUnit">
			<dt></dt>
			<dd><input type="submit" name="save" value="{xen:phrase confirm}" accesskey="s" class="button primary" /></dd>
		</dl>

		<input type="hidden" name="confirm" value="1" />
	<xen:else />
		<xen:if is="{$context} == 'manage' or {$context} == 'firstsetup'">
			<xen:include template="threemagw_add_gateway_id" />
		</xen:if>

		<xen:comment>Show Threema ID input.</xen:comment>
		<dl class="ctrlUnit">
			<xen:if is="{$context} == 'manage' or {$context} == 'firstsetup'">
				<dt></dt>
				<dd>
					<p>{xen:phrase tfa_threemagw_enter_own_threema_id_below}</p>
				</dd>
			</xen:else />
				
			</xen:if>

			<xen:include template="threemagw_threemaid_input_field">
				<xen:set var="$id">ctrl_threemagw_fast_threemaid</xen:set>
			</xen:include>
		</dl>

		<xen:comment>Other options</xen:comment>
		<dl class="ctrlUnit">
			<dt><label>{xen:phrase more_options}:</label></dt>
			<dd><ul>
				<li>
					<label><input type="checkbox" name="useShortMessage" value="1" {xen:if $providerData.useShortMessage, 'checked=""'} /> {xen:phrase tfa_threemagw_use_short_message}</label>
					<p class="explain">{xen:phrase tfa_threemagw_use_short_message_explain}</p>
				</li>

				<xen:if is="{$declinePermissionsSet}">
					<li>
						<p>{xen:phrase tfa_threemagw_fast_when_decline}</p>
					</li>
					<div class="threemagw_intend">
						<xen:if is="{$declinePermissions.blockedNotification}">
							<li>
								<label><input type="checkbox" name="blockedNotification" value="1" {xen:if $providerData.blockedNotification, 'checked=""'} /> {xen:phrase tfa_threemagw_notify_of_block}</label>
								<p class="explain">{xen:phrase tfa_threemagw_notify_of_block_explain}</p>
							</li>
						</xen:if>

						<xen:if is="{$declinePermissions.blockTfaMode}">
							<li>
								<label><input type="checkbox" name="blockTfaMode" value="1" {xen:if $providerData.blockTfaMode, 'checked=""'} /> {xen:phrase tfa_threemagw_block_tfa_mode}</label>
								<p class="explain">{xen:phrase tfa_threemagw_block_tfa_mode_explain, 'time={$blockTime}'}</p>
							</li>
						</xen:if>

						<xen:if is="{$declinePermissions.blockUser}">
							<li>
								<label><input type="checkbox" name="blockUser" value="1" {xen:if $providerData.blockUser, 'checked=""'} /> {xen:phrase tfa_threemagw_block_user}</label>
								<p class="explain">{xen:phrase tfa_threemagw_block_user_explain, 'time={$blockTimeDayRounded}'}</p>
							</li>
						</xen:if>

						<xen:if is="{$declinePermissions.blockIp}">
							<li>
								<label><input type="checkbox" name="blockIp" value="1" {xen:if $providerData.blockIp, 'checked=""'} /> {xen:phrase tfa_threemagw_block_ip}</label>
								<p class="explain">{xen:phrase tfa_threemagw_block_ip_explain}</p>
							</li>
						</xen:if>
					</div>
				</xen:if>
			</ul></dd>
		</dl>

		<dl class="ctrlUnit submitUnit">
			<dt></dt>
			<xen:if is="{$context} == 'setup'">
				<dd><input type="submit" name="save" value="{xen:phrase save}" accesskey="s" class="button primary" /></dd>
			<xen:else />
				<dd><input type="submit" name="save" value="{xen:phrase continue}" accesskey="s" class="button primary" /></dd>
			</xen:if>
		</dl>
	</xen:if>

	<input type="hidden" name="provider" value="{$providerId}" />
	<xen:if is="{$context} == 'firstsetup' or {$context} == 'setupvalidation'">
		<xen:comment>Add special parameters if this is in setup.</xen:comment>
		<xen:if is="{$newProviderHtml}">
			<input type="hidden" name="step" value="confirm" />
		<xen:else />
			<input type="hidden" name="step" value="setup" />
		</xen:if>
	<xen:elseif is="!{$newProviderHtml}" />
		<input type="hidden" name="manage" value="1" />
	</xen:if>
	<input type="hidden" name="_xfConfirm" value="1" />
	<input type="hidden" name="_xfToken" value="{$visitor.csrf_token_page}" />
</form>]]></template>
    <template title="account_two_step_threemagw_reversed_manage" version_id="2" version_string="0.2.0"><![CDATA[<xen:title>{xen:phrase two_step_verification_setup}: {$provider.title}</xen:title>

<form method="post" class="xenForm {xen:if $newProviderHtml, AutoValidator}"
<xen:comment>Use /enable link when setting provider up and use /manage link when changing setting later.</xen:comment>
action=<xen:if is="{$context} == 'firstsetup' or {$context} == 'setupvalidation'">
		"{xen:link 'account/two-step/enable'}"
	<xen:else />
		"{xen:link 'account/two-step/manage'}"
	</xen:if> data-redirect="yes">
	
	<xen:comment>information block</xen:comment>
	<xen:if is="{$context} == 'firstsetup'">
		<xen:comment>First site of setup page shows general information.</xen:comment>
		<dl class="ctrlUnit">
		<dt></dt>
			<dd>
				<p>{xen:phrase tfa_threemagw_setup_generaldescr}</p>
				<p>{xen:phrase tfa_threemagw_reversed_setup_descr}</p>
			</dd>
		</dl>
	<xen:elseif is="{$context} == 'manage'" />
		<xen:comment>Later manages only show some basic information...</xen:comment>
		<dl class="ctrlUnit">
		<dt></dt>
			<dd>
				<p>{xen:phrase tfa_threemagw_reversed_setup_descr}</p>
			</dd>
		</dl><p>
	</xen:if>

	<xen:if is="{$newProviderHtml}">
		<xen:comment>Shows validation input field if Threema ID was changed.</xen:comment>
		{xen:raw $newProviderHtml}

		<dl class="ctrlUnit submitUnit">
			<dt></dt>
			<dd><input type="submit" name="save" value="{xen:phrase confirm}" accesskey="s" class="button primary" /></dd>
		</dl>

		<input type="hidden" name="confirm" value="1" />
	<xen:else />
		<xen:if is="{$context} == 'manage' or {$context} == 'firstsetup'">
			<xen:include template="threemagw_add_gateway_id" />
		</xen:if>

		<xen:comment>Show Threema ID input.</xen:comment>
		<dl class="ctrlUnit">
			<xen:if is="{$context} == 'manage' or {$context} == 'firstsetup'">
				<dt></dt>
				<dd>
					<p>{xen:phrase tfa_threemagw_enter_own_threema_id_below}</p>
				</dd>
			</xen:else />
				<xen:comment>no need for an explanation as this is nearly the only input field on the page</xen:comment>
			</xen:if>

			<xen:include template="threemagw_threemaid_input_field">
				<xen:set var="$id">ctrl_threemagw_reversed_threemaid</xen:set>
			</xen:include>
		</dl>

		<xen:comment>Other options</xen:comment>
		<dl class="ctrlUnit">
			<dt><label>{xen:phrase more_options}:</label></dt>
			<dd><ul>
				<li>
					<label><input type="checkbox" name="useNumberSmilies" value="1" {xen:if $providerData.useNumberSmilies, 'checked=""'} /> {xen:phrase tfa_threemagw_i_like_smilies}</label>
		            <p class="explain">{xen:phrase tfa_threemagw_i_like_smilies_explain}</p>
				</li>
			</ul></dd>
		</dl>

		<dl class="ctrlUnit submitUnit">
			<dt></dt>
			<xen:if is="{$context} == 'setup'">
				<dd><input type="submit" name="save" value="{xen:phrase save}" accesskey="s" class="button primary" /></dd>
			<xen:else />
				<dd><input type="submit" name="save" value="{xen:phrase continue}" accesskey="s" class="button primary" /></dd>
			</xen:if>
		</dl>
	</xen:if>

	<input type="hidden" name="provider" value="{$providerId}" />
	<xen:if is="{$context} == 'firstsetup' or {$context} == 'setupvalidation'">
		<xen:comment>Add special parameters if this is in setup.</xen:comment>
		<xen:if is="{$newProviderHtml}">
			<input type="hidden" name="step" value="confirm" />
		<xen:else />
			<input type="hidden" name="step" value="setup" />
		</xen:if>
	<xen:elseif is="!{$newProviderHtml}" />
		<input type="hidden" name="manage" value="1" />
	</xen:if>
	<input type="hidden" name="_xfConfirm" value="1" />
	<input type="hidden" name="_xfToken" value="{$visitor.csrf_token_page}" />
</form>]]></template>
    <template title="threemagw.css" version_id="2" version_string="0.2.0"><![CDATA[.threemagw_intend {
  margin-left: 15px;
}

#threemagw_auto_trigger {
  display: none;
}

#threemagw_auto_trigger_loading {
  display: block;
  height: 19px;
}

#threemagw_auto_trigger_explanation {
  padding-left: 5px;
  margin-top: -4px;
}

.inputThreemaId {
  text-transform: uppercase;
}

.threemagw_centerwrapper {
  margin: 5px;
  text-align: center;
}

.threemagw_qr {
  display: inline-block;
  background: white;
  padding: 15px
}

.threemagw_emphasized_button {
  margin: 10px
}

.threemagw_code > p {
  color: {xen:property dimmedTextColor};
  margin-bottom: 5px;
}

/* this needs to be so "overspecified" to overwrite the auto value from .textCtrl */
.threemagw_code > code.textCtrl.threemagw_given_code {
  display: inline-block;
  font-size: 18pt; /* same as titleBar > h1 title */
  color: {xen:property secondaryMedium};
  padding: 3px 6px;
  margin-bottom: 2px;
  width: auto;
}]]></template>
    <template title="threemagw_add_gateway_id" version_id="2" version_string="0.2.0"><![CDATA[<xen:comment>
Show Threema Gateway QR code or button to allow users to add the ID to their contact list.
</xen:comment>

<xen:require css="threemagw.css" />

<dl class="ctrlUnit">
	<xen:comment>Show QR code or Threema Gateway ID</xen:comment>
	<dt><label>{xen:phrase setup}:</label></dt>

	<xen:comment>For security reasons the QR code is only shown when a HTTPS connection is used.</xen:comment>
	<xen:if is="{$https} AND {$showqrcode}">
		<dt></dt>
		<dd>
			<p>{xen:phrase tfa_threemagw_setup_please_scan_qr_code, 'gatewayid={$gatewayid}'}</p>
		</dd>

		<dt></dt>
		<dd>
			<div class="threemagw_centerwrapper"><span class="threemagw_createqr threemagw_qr" data-qrcode="{xen:phrase tfa_threemagw_contact_qrcode_text, 'threemaid={$gatewayid}', 'publickey={xen:helper threemaidpubkey, {$gatewayid}}'}"></span></div>
		</dd>

		<xen:comment>JS block responsible for parsing qr code.</xen:comment>
		<xen:require js="js/jquery/jquery.qrcode-0.12.0.min.js" />
		<xen:require js="js/ThreemaGateway/threematfa.js" />

	<xen:else />
		<dt></dt>
		<dd>
			<p>{xen:phrase tfa_threemagw_setup_please_add_threema_id, 'gatewayid={$gatewayid}'}</p>
		</dd>
	</xen:if>

	<dt></dt>
	<dd>
		<p>{xen:phrase tfa_threemagw_setup_use_button_below_to_add_threema_id}</p>
	</dd>

	<dt></dt>
	<dd>
		<a class="button threemagw_emphasized_button" href="threema://add?id={$gatewayid}" title="{xen:phrase tfa_threemagw_add_threema_id_button_tooltip, 'threemaid={$gatewayid}'}" accesskey="c">{xen:phrase tfa_threemagw_add_threema_id_button, 'threemaid={$gatewayid}'}</a>
	</dd>
</dl>]]></template>
    <template title="threemagw_auto_trigger" version_id="2" version_string="0.2.0"><![CDATA[<xen:comment>
automatically triggers the form submission via JavaScript
</xen:comment>

<xen:if is="{$autoTrigger}">
	<xen:require css="threemagw.css" />
	<xen:require js="js/ThreemaGateway/threematfa.js" />

	<dl id="threemagw_auto_trigger" class="ctrlUnit" data-expectederror="{$expectedError}">
		<dt id="threemagw_auto_trigger_loading" class="InProgress"></dt>
		<dd id="threemagw_auto_trigger_explanation">{$explanation}</dd>
	</dl>
</xen:if>
]]></template>
    <template title="threemagw_pubkey_userverify" version_id="2" version_string="0.2.0"><![CDATA[<xen:if is="{$context} == 'setup'">
	<xen:comment>Show public key of Threema ID</xen:comment>
	<xen:comment>This allows the user to verify the public key received by the server, so potential man-in-the-middle attacks can be mitigated.</xen:comment>
	<dl class="ctrlUnit">
		<dt><label>{xen:phrase tfa_threemagw_setup_public_key}:</label></dt>
		<dd>
			<p>{xen:phrase tfa_threemagw_setup_public_key_descr, 'threemaid={$data.threemaid}', 'pubKeyShort={xen:helper threemaidpubkeyshort, {$data.threemaid}}'}</p>
		</dd>
	</dl>
</xen:if>]]></template>
    <template title="threemagw_threemaid_input_field" version_id="2" version_string="0.2.0"><![CDATA[<xen:comment>
Show Threema ID input and all other settings as this is not the validation page.
</xen:comment>

<xen:require css="threemagw.css" />
<dt>
	<label for="{$id}">{xen:phrase threemagw_threemaid}:</label>
</dt>
<dd>
	<input class="textCtrl inputThreemaId" type="text" name="threemaid" id="{$id}" placeholder="ECHOECHO" required="" maxlength="8" class="textCtrl" pattern="{xen:helper threemaregex, 'personal'}" value="{$threemaId}" />
</dd>]]></template>
    <template title="two_step_threemagw_conventional" version_id="2" version_string="0.2.0"><![CDATA[<xen:if is="{$context} == 'setup'">
	<dl class="ctrlUnit">
		<dt></dt>
		<dd>
            <p>{xen:phrase tfa_threemagw_conventional_message_has_been_send_to_x_with_code_continue, 'threemaid={$data.threemaid}'}</p>
		</dd>
	</dl>
<xen:else />
    <p>{xen:phrase tfa_threemagw_conventional_message_has_been_send_to_x_with_code_login, 'threemaid={$data.threemaid}'}</p>
</xen:if>

<dl class="ctrlUnit">
    <dt><label for="ctrl_threemagw_code">{xen:phrase threemagw_confirmation_code}:</label></dt>
	<dd>
        <input type="text" name="code" id="ctrl_threemagw_code" class="textCtrl" autocomplete="off" maxlength="6" />
	</dd>
</dl>

<xen:include template="threemagw_pubkey_userverify">
	<xen:set var="$threemaid">{$data.threemaid}</xen:set>
</xen:include>]]></template>
    <template title="two_step_threemagw_fast" version_id="2" version_string="0.2.0"><![CDATA[<xen:include template="threemagw_pubkey_userverify">
	<xen:set var="$threemaid">{$data.threemaid}</xen:set>
</xen:include>

<xen:if is="{$context} == 'setup'">
	<dl class="ctrlUnit">
		<dt>{xen:phrase threemagw_tfa_confirmation}</dt>
			<dd>
</xen:if>

<xen:comment>main content begin</xen:comment>

<p>
	{xen:phrase tfa_threemagw_fast_please_confirm_message, 'gatewayid={$gatewayid}', 'threemaid={$data.threemaid}'}
</p>

<xen:comment>
	display of validation time currently disabled as it is really high by default and displaying it would be useless
	<p>{xen:phrase tfa_threemagw_fast_validation_time, 'validationTime={$validationTime}'}</p>
</xen:comment>

<xen:include template="threemagw_auto_trigger">
	<xen:set var="$expectedError">{xen:phrase two_step_verification_value_could_not_be_confirmed}</xen:set>
	<xen:set var="$explanation">{xen:phrase tfa_threemagw_automatically_continues}</xen:set>
</xen:include>

<xen:comment>main content end</xen:comment>

<xen:if is="{$context} == 'setup'">
		</dd>
	</dl>
</xen:if>]]></template>
    <template title="two_step_threemagw_reversed" version_id="2" version_string="0.2.0"><![CDATA[<xen:require css="threemagw.css" />
<xen:if is="{$context} == 'setup'">
	<dl class="ctrlUnit">
		<dt></dt>
			<dd>
</xen:if>

<xen:require css="threemagw.css" />
<xen:require js="js/jquery/jquery.qrcode-0.12.0.min.js" />
<xen:require js="js/ThreemaGateway/threematfa.js" />

<xen:comment>main content begin</xen:comment>
<p>
	{xen:phrase tfa_threemagw_reversed_message_please_enter_code, 'gatewayid={$gatewayid}', 'threemaid={$data.threemaid}'}
</p>

<div class="threemagw_centerwrapper threemagw_code">
	{xen:phrase tfa_threemagw_reversed_show_code, 'secret={$trigger.secret}'}
</div>
<div class="threemagw_centerwrapper threemagw_send_link">
	<a class="button" href="threema://compose?text={xen:if $providerData.useNumberSmilies, $trigger.secret, $trigger.secretWithSmiley}&id={$gatewayid}" title="{xen:phrase tfa_threemagw_reversed_button_tooltip}" accesskey="c">{xen:phrase tfa_threemagw_reversed_button_text}</a>
</div>
<div class="threemagw_centerwrapper threemagw_qrcode_send">
	<span class="threemagw_createqr threemagw_qr" data-qrcode="{xen:if $providerData.useNumberSmilies, $trigger.secret, $trigger.secretWithSmiley}"></span>
</div>

<p>{xen:phrase tfa_threemagw_reversed_validation_time, 'validationTime={$validationTime}'}</p>


<xen:include template="threemagw_auto_trigger">
	<xen:set var="$expectedError">{xen:phrase two_step_verification_value_could_not_be_confirmed}</xen:set>
	<xen:set var="$explanation">{xen:phrase tfa_threemagw_automatically_continues}</xen:set>
</xen:include>

<xen:comment>main content end</xen:comment>

<xen:if is="{$context} == 'setup'">
		</dd>
	</dl>
</xen:if>]]></template>
  </templates>
  <public_template_modifications/>
  <bb_code_media_sites/>
  <bb_codes/>
</addon>