* under any OSI approved OSS license (http://www.opensource.org/licenses/).
* }}
*
* @package maintenance
*
* {@internal Below is a list of authors who have contributed to design/coding of this file: }}
* @author fplanque: Francois Planque.
*
* @version $Id: _upgrade_svn.form.php 2193 2012-10-19 11:01:47Z yura $
*/
if (!defined('EVO_MAIN_INIT')) {
die('Please, do not access this page directly.');
}
/**
* @var action
*/
global $action;
switch ($action) {
case 'start':
global $updates, $UserSettings;
$Form = new Form(NULL, 'upgrade_form', 'post', 'compact');
$Form->hiddens_by_key(get_memorized('action'));
$Form->begin_form('fform', T_('Upgrade from SVN') . get_manual_link('upgrade-from-svn'));
$Form->text_input('svn_url', $UserSettings->get('svn_upgrade_url'), 80, T_('URL of repository'), T_('e.g. https://server.com/svn/repository/'), array('maxlength' => 300, 'required' => true));
$Form->text_input('svn_folder', $UserSettings->get('svn_upgrade_folder'), 80, T_('SVN folder'), T_('e.g. trunk/blogs/'), array('maxlength' => 300));
$Form->text_input('svn_user', $UserSettings->get('svn_upgrade_user'), 32, T_('Login'), '', array('maxlength' => 300));
$Form->password_input('svn_password', get_param('svn_password'), 32, T_('Password'), '', array('maxlength' => 300));
$Form->text_input('svn_revision', $UserSettings->get('svn_upgrade_revision'), 7, T_('Revision'), T_('Leave blank to get the latest revision'));
$Form->end_form(array(array('submit', 'actionArray[upgrade_svn]', T_('Export revision from SVN...'), 'SaveButton')));
break;
}
/**
* Display login form
*
* @param array params
*/
function display_login_form($params)
{
global $Settings, $Plugins, $Session, $Blog, $blog, $dummy_fields;
global $secure_htsrv_url, $admin_url, $baseurl, $ReqHost;
$params = array_merge(array('form_action' => '', 'form_name' => 'login_form', 'form_layout' => '', 'form_class' => 'bComment', 'source' => 'inskin login form', 'inskin' => true, 'login_required' => true, 'validate_required' => NULL, 'redirect_to' => '', 'login' => '', 'action' => '', 'reqID' => '', 'sessID' => '', 'transmit_hashed_password' => false), $params);
$inskin = $params['inskin'];
$login = $params['login'];
$redirect_to = $params['redirect_to'];
$links = array();
if (empty($params['login_required']) && $params['action'] != 'req_validatemail' && strpos($redirect_to, $admin_url) !== 0 && strpos($ReqHost . $redirect_to, $admin_url) !== 0) {
// No login required, allow to pass through
// TODO: dh> validate redirect_to param?!
// check if redirect_to url requires logged in user
if (require_login($redirect_to, true)) {
// logged in user require for redirect_to url
if (!empty($blog)) {
// blog is set
if (empty($Blog)) {
$BlogCache =& get_BlogCache();
$Blog = $BlogCache->get_by_ID($blog, false);
}
// set abort url to Blog url
$abort_url = $Blog->gen_blogurl();
} else {
// set abort login url to base url
$abort_url = $baseurl;
}
} else {
// logged in user isn't required for redirect_to url, set abort url to redirect_to
$abort_url = $redirect_to;
}
$links[] = '<a href="' . htmlspecialchars(url_rel_to_same_host($abort_url, $ReqHost)) . '">' . T_('Abort login!') . '</a>';
}
if (!$inskin && is_logged_in()) {
// if we arrive here, but are logged in, provide an option to logout (e.g. during the email validation procedure)
$links[] = get_user_logout_link();
}
if (count($links)) {
echo '<div style="float:right; margin: 0 1em">' . implode($links, ' · ') . '</div>
<div class="clear"></div>';
}
$Form = new Form($params['form_action'], $params['form_name'], 'post', $params['form_layout']);
$Form->begin_form($params['form_class']);
$Form->add_crumb('loginform');
$source = param('source', 'string', $params['source'] . ' login form');
$Form->hidden('source', $source);
$Form->hidden('redirect_to', $redirect_to);
if ($inskin) {
// inskin login form
$Form->hidden('inskin', true);
$separator = '<br />';
} else {
// standard login form
$Form->hidden('validate_required', $params['validate_required']);
if (isset($params['action'], $params['reqID'], $params['sessID']) && $params['action'] == 'validatemail') {
// the user clicked the link from the "validate your account" email, but has not been logged in; pass on the relevant data:
$Form->hidden('action', 'validatemail');
$Form->hidden('reqID', $params['reqID']);
$Form->hidden('sessID', $params['sessID']);
}
$separator = '';
}
// check if should transmit hashed password
if ($params['transmit_hashed_password']) {
// used by JS-password encryption/hashing:
$pwd_salt = $Session->get('core.pwd_salt');
if (empty($pwd_salt)) {
// Do not regenerate if already set because we want to reuse the previous salt on login screen reloads
// fp> Question: the comment implies that the salt is reset even on failed login attemps. Why that? I would only have reset it on successful login. Do experts recommend it this way?
// but if you kill the session you get a new salt anyway, so it's no big deal.
// At that point, why not reset the salt at every reload? (it may be good to keep it, but I think the reason should be documented here)
$pwd_salt = generate_random_key(64);
$Session->set('core.pwd_salt', $pwd_salt, 86400);
$Session->dbsave();
// save now, in case there's an error later, and not saving it would prevent the user from logging in.
}
$Form->hidden('pwd_salt', $pwd_salt);
$Form->hidden('pwd_hashed', '');
// gets filled by JS
}
$Form->begin_field();
$Form->text_input($dummy_fields['login'], $params['login'], 18, T_('Login'), $separator . T_('Enter your username (or email address).'), array('maxlength' => 255, 'class' => 'input_text', 'required' => true));
$Form->end_field();
if ($inskin) {
$lost_password_url = regenerate_url('disp', 'disp=lostpassword');
} else {
$lost_password_url = $secure_htsrv_url . 'login.php?action=lostpassword&redirect_to=' . rawurlencode(url_rel_to_same_host($redirect_to, $secure_htsrv_url));
}
if (!empty($login)) {
$lost_password_url .= '&' . $dummy_fields['login'] . '=' . rawurlencode($login);
}
$pwd_note = $pwd_note = '<a href="' . $lost_password_url . '">' . T_('Lost password ?') . '</a>';
$Form->begin_field();
$Form->password_input($dummy_fields['pwd'], '', 18, T_('Password'), array('note' => $pwd_note, 'maxlength' => 70, 'class' => 'input_text', 'required' => true));
$Form->end_field();
// Allow a plugin to add fields/payload
$Plugins->trigger_event('DisplayLoginFormFieldset', array('Form' => &$Form));
// Submit button(s):
$submit_buttons = array(array('name' => 'login_action[login]', 'value' => T_('Log in!'), 'class' => 'search', 'style' => 'font-size: 120%'));
if (!$inskin && strpos($redirect_to, $admin_url) !== 0 && strpos($ReqHost . $redirect_to, $admin_url) !== 0 && !is_admin_page()) {
// provide button to log straight into backoffice, if we would not go there anyway
$submit_buttons[] = array('name' => 'login_action[redirect_to_backoffice]', 'value' => T_('Log into backoffice!'), 'class' => 'search');
}
$Form->buttons_input($submit_buttons);
if ($inskin) {
$before_register_link = '<strong>';
$after_register_link = '</strong>';
$register_link_style = 'text-align:right; margin: 1em 0 1ex';
} else {
echo '<div class="center notes" style="margin: 1em 0">' . T_('You will have to accept cookies in order to log in.') . '</div>';
// Passthrough REQUEST data (when login is required after having POSTed something)
// (Exclusion of 'login_action', 'login', and 'action' has been removed. This should get handled via detection in Form (included_input_field_names),
// and "action" is protected via crumbs)
$Form->hiddens_by_key(remove_magic_quotes($_REQUEST));
$before_register_link = '';
$after_register_link = '';
$register_link_style = 'text-align:right';
}
echo '<div class="login_actions" style="' . $register_link_style . '">';
echo get_user_register_link($before_register_link, $after_register_link, T_('No account yet? Register here') . ' »', '#', true, $redirect_to, $source);
echo '</div>';
$Form->end_form();
echo '<script type="text/javascript">';
// Autoselect login text input or pwd input, if there\'s a login already:
echo 'var login = document.getElementById("' . $dummy_fields['login'] . '");
if( login.value.length > 0 )
{ // Focus on the password field:
document.getElementById("' . $dummy_fields['pwd'] . '").focus();
}
else
{ // Focus on the login field:
login.focus();
}';
if ($params['transmit_hashed_password']) {
// Hash the password onsubmit and clear the original pwd field
// TODO: dh> it would be nice to disable the clicked/used submit button. That's how it has been when the submit was attached to the submit button(s)
echo 'addEvent( document.getElementById("login_form"), "submit", function(){' . 'var form = document.getElementById("login_form");' . 'if( form.pwd_hashed && form.' . $dummy_fields['pwd'] . ' && form.pwd_salt && typeof hex_sha1 != "undefined" && typeof hex_md5 != "undefined" )
{' . 'form.pwd_hashed.value = hex_sha1( hex_md5(form.' . $dummy_fields['pwd'] . '.value) + form.pwd_salt.value );
form.' . $dummy_fields['pwd'] . '.value = "padding_padding_padding_padding_padding_padding_hashed_' . $Session->ID . '";' . '}
return true;
}, false );';
}
echo '</script>';
}
// Display an input field to enter invitation code manually or to change incorrect code
$invitation_field_params = array('maxlength' => 32, 'class' => 'input_text', 'style' => 'width:138px');
if ($Settings->get('newusers_canregister') == 'invite') {
// Invitation code must be required when users can register ONLY with this code
$invitation_field_params['required'] = 'required';
}
$Form->text_input('invitation', get_param('invitation'), 22, T_('Your invitation code'), '', $invitation_field_params);
} elseif ($display_invitation == 'info') {
// Display info field (when invitation code is correct)
$Form->info(T_('Your invitation code'), get_param('invitation'));
$Form->hidden('invitation', get_param('invitation'));
}
// Login
$Form->text_input($dummy_fields['login'], $login, 22, T_('Login'), $params['register_use_placeholders'] ? '' : T_('Choose an username') . '.', array('placeholder' => $params['register_use_placeholders'] ? T_('Choose an username') : '', 'maxlength' => 20, 'class' => 'input_text', 'required' => true, 'input_suffix' => ' <span id="login_status"></span>', 'style' => 'width:' . ($params['register_field_width'] - 2) . 'px'));
// Passwords
$Form->password_input($dummy_fields['pass1'], '', 18, T_('Password'), array('note' => $params['register_use_placeholders'] ? '' : T_('Choose a password') . '.', 'placeholder' => $params['register_use_placeholders'] ? T_('Choose a password') : '', 'maxlength' => 70, 'class' => 'input_text', 'required' => true, 'style' => 'width:' . $params['register_field_width'] . 'px', 'autocomplete' => 'off'));
$Form->password_input($dummy_fields['pass2'], '', 18, '', array('note' => ($params['register_use_placeholders'] ? '' : T_('Please type your password again') . '.') . '<div id="pass2_status" class="red"></div>', 'placeholder' => $params['register_use_placeholders'] ? T_('Please type your password again') : '', 'maxlength' => 70, 'class' => 'input_text', 'required' => true, 'style' => 'width:' . $params['register_field_width'] . 'px', 'autocomplete' => 'off'));
// Email
$Form->text_input($dummy_fields['email'], $email, 50, T_('Email'), '<br />' . T_('We respect your privacy. Your email will remain strictly confidential.'), array('placeholder' => $params['register_use_placeholders'] ? T_('Email address') : '', 'maxlength' => 255, 'class' => 'input_text wide_input', 'required' => true));
$registration_require_country = (bool) $Settings->get('registration_require_country');
if ($registration_require_country) {
// country required
$CountryCache =& get_CountryCache();
$Form->select_country('country', param('country', 'integer', 0), $CountryCache, T_('Country'), array('allow_none' => true, 'required' => true));
}
$registration_require_firstname = (bool) $Settings->get('registration_require_firstname');
if ($registration_require_firstname) {
// firstname required
$Form->text_input('firstname', $firstname, 18, T_('First name'), T_('Your real first name.'), array('maxlength' => 50, 'class' => 'input_text', 'required' => true));
}
$registration_require_gender = $Settings->get('registration_require_gender');
$imap_extenssion_status = '<b class="red">' . T_('(NOT INSTALLED)') . '</b>';
}
$Form->checkbox_input('eblog_enabled', $Settings->get('eblog_enabled'), T_('Enable Post by email'), array('note' => sprintf(T_('Note: This feature needs the php_imap extension %s.'), $imap_extenssion_status)));
$eblog_test_mode_value = isset($eblog_saved_test_mode_value) ? $eblog_saved_test_mode_value : $Settings->get('eblog_test_mode');
$Form->checkbox_input('eblog_test_mode', $eblog_test_mode_value, T_('Test Mode'), array('note' => T_('Check to run Post by Email in test mode. Nothing will be posted to the database nor will your inbox be altered.')));
$Form->text_input('eblog_server_host', $Settings->get('eblog_server_host'), 25, T_('Mail Server'), T_('Hostname or IP address of your incoming mail server.'), array('maxlength' => 255));
$Form->radio('eblog_method', $Settings->get('eblog_method'), array(array('pop3', T_('POP3')), array('imap', T_('IMAP'))), T_('Retrieval method'));
$Form->radio('eblog_encrypt', $Settings->get('eblog_encrypt'), array(array('none', T_('None')), array('ssl', T_('SSL')), array('tls', T_('TLS'))), T_('Encryption method'));
$eblog_novalidatecert_params = array('lines' => true);
if ($Settings->get('eblog_encrypt') == 'none') {
$eblog_novalidatecert_params['disabled'] = 'disabled';
}
$Form->radio_input('eblog_novalidatecert', $Settings->get('eblog_novalidatecert'), array(array('value' => 0, 'label' => T_('Do not validate the certificate from the TLS/SSL server. Check this if you are using a self-signed certificate.')), array('value' => 1, 'label' => T_('Validate that the certificate from the TLS/SSL server can be trusted. Use this if you have a correctly signed certificate.'))), T_('Certificate validation'), $eblog_novalidatecert_params);
$Form->text_input('eblog_server_port', $Settings->get('eblog_server_port'), 5, T_('Port Number'), T_('Port number of your incoming mail server (Defaults: POP3: 110, IMAP: 143, SSL/TLS: 993).'), array('maxlength' => 6));
$Form->text_input('eblog_username', $Settings->get('eblog_username'), 25, T_('Account Name'), T_('User name for authenticating on your mail server. Usually it\'s your email address or a part before the @ sign.'), array('maxlength' => 255));
$Form->password_input('eblog_password', $Settings->get('eblog_password'), 25, T_('Password'), array('maxlength' => 255, 'note' => T_('Password for authenticating on your mail server.')));
$Form->checkbox('eblog_delete_emails', $Settings->get('eblog_delete_emails'), T_('Delete processed emails'), T_('Check this if you want processed messages to be deleted form server after successful processing.'));
$Form->end_fieldset();
$Form->begin_fieldset(T_('Posting settings') . get_manual_link('post-by-email-posting-settings'));
// TODO: provide a list of categories to choose from
$Form->text_input('eblog_default_category', $Settings->get('eblog_default_category'), 5, T_('Default Category ID'), sprintf(T_('This is a default category for your posts.') . '<br />' . T_('You can use the following code in message body to define categories: %s. In this example 2 will be main category and 5, 47 extra categories.'), '<b><category>2, 5, 47</category></b>'), array('maxlength' => 6));
$Form->text_input('eblog_default_title', $Settings->get('eblog_default_title'), 50, T_('Default title'), sprintf(T_('This is a default title for your posts.') . '<br />' . T_('You can use the following code in message body to define post title: %s.'), '<b><title>Post title here</title></b>'), array('maxlength' => 255));
$Form->checkbox('eblog_add_imgtag', $Settings->get('eblog_add_imgtag'), T_('Add <img> tags'), T_('Display image attachments using <img> tags (instead of linking them through file manager).'));
$Form->text_input('eblog_subject_prefix', $Settings->get('eblog_subject_prefix'), 15, T_('Subject Prefix'), T_('Email subject must start with this prefix to be imported, messages that don\'t have this tag will be skipped.'), array('maxlength' => 255));
$Form->text_input('eblog_body_terminator', $Settings->get('eblog_body_terminator'), 15, T_('Body Terminator'), T_('Starting from this string, everything will be ignored, including this string.') . '<br />' . T_('You can use this to remove signature from message body.'), array('maxlength' => 255));
/* Automatically select a blog from where get plugins collection settings ( current_User should be able to create post on the selected blog )*/
$autoselect_blog = autoselect_blog('blog_post_statuses', 'edit');
$BlogCache =& get_BlogCache();
$setting_Blog =& $BlogCache->get_by_ID($autoselect_blog);
$Form->info(T_('Text Renderers'), $Plugins->get_renderer_checkboxes($Settings->get('eblog_renderers'), array('name_prefix' => 'eblog_', 'Blog' => &$setting_Blog)));
$Form->end_fieldset();
$Form->checkbox_input('repath_enabled', $Settings->get('repath_enabled'), T_('Enabled'), array('note' => sprintf(T_('Note: This feature needs the php_imap extension %s.'), $imap_extenssion_status)));
$Form->text_input('repath_server_host', $Settings->get('repath_server_host'), 25, T_('Mail Server'), T_('Hostname or IP address of your incoming mail server.'), array('maxlength' => 255));
$Form->radio('repath_method', $Settings->get('repath_method'), array(array('pop3', T_('POP3')), array('imap', T_('IMAP'))), T_('Retrieval method'));
$Form->radio('repath_encrypt', $Settings->get('repath_encrypt'), array(array('none', T_('None')), array('ssl', T_('SSL')), array('tls', T_('TLS'))), T_('Encryption method'));
$repath_novalidatecert_params = array('lines' => true);
if ($Settings->get('repath_encrypt') == 'none') {
$repath_novalidatecert_params['disabled'] = 'disabled';
}
$Form->radio_input('repath_novalidatecert', $Settings->get('repath_novalidatecert'), array(array('value' => 0, 'label' => T_('Do not validate the certificate from the TLS/SSL server. Check this if you are using a self-signed certificate.')), array('value' => 1, 'label' => T_('Validate that the certificate from the TLS/SSL server can be trusted. Use this if you have a correctly signed certificate.'))), T_('Certificate validation'), $repath_novalidatecert_params);
$Form->text_input('repath_server_port', $Settings->get('repath_server_port'), 5, T_('Port Number'), T_('Port number of your incoming mail server (Defaults: IMAP4/SSL: 993, IMAP4 with or without TLS: 143, POP3/SSL: 995, POP3 with or without TLS: 110).'), array('maxlength' => 6));
$Form->text_input('repath_username', $Settings->get('repath_username'), 25, T_('Account Name'), T_('User name for authenticating on your mail server. Usually it\'s your email address or a part before the @ sign.'), array('maxlength' => 255, 'autocomplete' => 'off'));
if ($current_User->check_perm('emails', 'edit')) {
// Disply this fake hidden password field before real because Chrome ignores attribute autocomplete="off"
echo '<input type="password" name="password" value="" style="display:none" />';
// Real password field:
$Form->password_input('repath_password', $Settings->get('repath_password'), 25, T_('Password'), array('maxlength' => 255, 'note' => T_('Password for authenticating on your mail server.'), 'autocomplete' => 'off'));
}
$Form->checkbox('repath_ignore_read', $Settings->get('repath_ignore_read'), T_('Ignore emails that have already been read'), T_('Check this in order not to re-process emails that already have the "seen" flag on the server.'));
$Form->checkbox('repath_delete_emails', $Settings->get('repath_delete_emails'), T_('Delete processed emails'), T_('Check this if you want processed messages to be deleted from server after successful processing.'));
$Form->textarea('repath_subject', $Settings->get('repath_subject'), 5, T_('Strings to match in titles to identify return path emails'), T_('Any email that has any of these strings in the title will be detected by b2evolution as the returned emails'), 50);
$Form->textarea('repath_body_terminator', $Settings->get('repath_body_terminator'), 5, T_('Body Terminator'), T_('Starting from any of these strings, everything will be ignored, including these strings.'), 50);
$Form->textarea('repath_errtype', $Settings->get('repath_errtype'), 15, T_('Error message decoding configuration'), T_('The first letter means one of the following:<br />S: Spam suspicion<br />P: Permament error<br />T: Temporary error<br />C: Configuration error<br />U: Unknown error (default)<br />The string after the space is a case-insensitive error text.'), 50);
$Form->end_fieldset();
if ($current_User->check_perm('emails', 'edit')) {
$Form->end_form(array(array('submit', '', T_('Save Changes!'), 'SaveButton')));
}
?>
<script type="text/javascript">
jQuery( document ).ready( function()
{
jQuery( 'input[name="repath_method"], input[name="repath_encrypt"]' ).click( function()
/**
* Display login form
*
* @param array params
*/
function display_login_form($params)
{
global $Settings, $Plugins, $Session, $Blog, $blog, $dummy_fields;
global $secure_htsrv_url, $admin_url, $baseurl, $ReqHost, $redirect_to;
$params = array_merge(array('form_before' => '', 'form_after' => '', 'form_action' => '', 'form_name' => 'login_form', 'form_title' => '', 'form_layout' => '', 'form_class' => 'bComment', 'source' => 'inskin login form', 'inskin' => true, 'inskin_urls' => true, 'login_required' => true, 'validate_required' => NULL, 'redirect_to' => '', 'return_to' => '', 'login' => '', 'action' => '', 'reqID' => '', 'sessID' => '', 'transmit_hashed_password' => false, 'display_abort_link' => true, 'abort_link_position' => 'above_form', 'abort_link_text' => T_('Abort login!'), 'display_reg_link' => false), $params);
$inskin = $params['inskin'];
$login = $params['login'];
$redirect_to = $params['redirect_to'];
$return_to = $params['return_to'];
$links = array();
$form_links = array();
if ($params['display_abort_link'] && empty($params['login_required']) && $params['action'] != 'req_validatemail' && strpos($return_to, $admin_url) !== 0 && strpos($ReqHost . $return_to, $admin_url) !== 0) {
// No login required, allow to pass through
// TODO: dh> validate return_to param?!
// check if return_to url requires logged in user
if (empty($return_to) || require_login($return_to, true)) {
// logged in user require for return_to url
if (!empty($blog)) {
// blog is set
if (empty($Blog)) {
$BlogCache =& get_BlogCache();
$Blog = $BlogCache->get_by_ID($blog, false);
}
// set abort url to Blog url
$abort_url = $Blog->gen_blogurl();
} else {
// set abort login url to base url
$abort_url = $baseurl;
}
} else {
// logged in user isn't required for return_to url, set abort url to return_to
$abort_url = $return_to;
}
// Gets displayed as link to the location on the login form if no login is required
$abort_link = '<a href="' . htmlspecialchars(url_rel_to_same_host($abort_url, $ReqHost)) . '">' . $params['abort_link_text'] . '</a>';
if ($params['abort_link_position'] == 'above_form') {
// Display an abort link under login form
$links[] = $abort_link;
} elseif ($params['abort_link_position'] == 'form_title') {
// Display an abort link in form title block
$form_links[] = $abort_link;
}
}
if (!$inskin && is_logged_in()) {
// if we arrive here, but are logged in, provide an option to logout (e.g. during the email validation procedure)
$links[] = get_user_logout_link();
}
if (count($links)) {
echo '<div class="evo_form__login_links">' . '<div class="floatright">' . implode($links, ' · ') . '</div>' . '<div class="clear"></div>' . '</div>';
}
$form_links = count($form_links) ? '<span class="pull-right">' . implode(' ', $form_links) . '</span>' : '';
echo str_replace('$form_links$', $form_links, $params['form_before']);
$Form = new Form($params['form_action'], $params['form_name'], 'post', $params['form_layout']);
$Form->begin_form($params['form_class']);
$Form->add_crumb('loginform');
$source = param('source', 'string', $params['source'] . ' login form');
$Form->hidden('source', $source);
$Form->hidden('redirect_to', $redirect_to);
$Form->hidden('return_to', $return_to);
if ($inskin || $params['inskin_urls']) {
// inskin login form
$Form->hidden('inskin', true);
$separator = '<br />';
} else {
// standard login form
if (!empty($params['form_title'])) {
echo '<h4>' . $params['form_title'] . '</h4>';
}
$Form->hidden('validate_required', $params['validate_required']);
if (isset($params['action'], $params['reqID'], $params['sessID']) && $params['action'] == 'validatemail') {
// the user clicked the link from the "validate your account" email, but has not been logged in; pass on the relevant data:
$Form->hidden('action', 'validatemail');
$Form->hidden('reqID', $params['reqID']);
$Form->hidden('sessID', $params['sessID']);
}
$separator = '';
}
// check if should transmit hashed password
if ($params['transmit_hashed_password']) {
// used by JS-password encryption/hashing:
$pwd_salt = $Session->get('core.pwd_salt');
if (empty($pwd_salt)) {
// Do not regenerate if already set because we want to reuse the previous salt on login screen reloads
// fp> Question: the comment implies that the salt is reset even on failed login attemps. Why that? I would only have reset it on successful login. Do experts recommend it this way?
// but if you kill the session you get a new salt anyway, so it's no big deal.
// At that point, why not reset the salt at every reload? (it may be good to keep it, but I think the reason should be documented here)
$pwd_salt = generate_random_key(64);
$Session->set('core.pwd_salt', $pwd_salt, 86400);
$Session->dbsave();
// save now, in case there's an error later, and not saving it would prevent the user from logging in.
}
$Form->hidden('pwd_salt', $pwd_salt);
// Add container for the hashed password hidden inputs
echo '<div id="pwd_hashed_container"></div>';
// gets filled by JS
}
if ($inskin) {
$Form->begin_field();
$Form->text_input($dummy_fields['login'], $params['login'], 18, T_('Login'), $separator . T_('Enter your username (or email address).'), array('maxlength' => 255, 'class' => 'input_text', 'required' => true));
$Form->end_field();
} else {
$Form->text_input($dummy_fields['login'], $params['login'], 18, '', '', array('maxlength' => 255, 'class' => 'input_text', 'input_required' => 'required', 'placeholder' => T_('Username (or email address)')));
}
$lost_password_url = get_lostpassword_url($redirect_to, '&', $return_to);
if (!empty($login)) {
$lost_password_url = url_add_param($lost_password_url, $dummy_fields['login'] . '=' . rawurlencode($login));
}
$pwd_note = '<a href="' . $lost_password_url . '">' . T_('Lost your password?') . '</a>';
if ($inskin) {
$Form->begin_field();
$Form->password_input($dummy_fields['pwd'], '', 18, T_('Password'), array('note' => $pwd_note, 'maxlength' => 70, 'class' => 'input_text', 'required' => true));
$Form->end_field();
} else {
$Form->password_input($dummy_fields['pwd'], '', 18, '', array('placeholder' => T_('Password'), 'note' => $pwd_note, 'maxlength' => 70, 'class' => 'input_text', 'input_required' => 'required'));
}
// Allow a plugin to add fields/payload
$Plugins->trigger_event('DisplayLoginFormFieldset', array('Form' => &$Form));
// Display registration link after login button
$register_link = $params['display_reg_link'] ? get_user_register_link('', '', T_('Register') . ' »', '#', true, $redirect_to, $source, 'btn btn-primary btn-lg pull-right') : '';
// Submit button(s):
$submit_buttons = array(array('name' => 'login_action[login]', 'value' => T_('Log in!'), 'class' => 'btn-success btn-lg', 'input_suffix' => $register_link));
$Form->buttons_input($submit_buttons);
if ($inskin) {
$before_register_link = '<div class="login_actions" style="text-align:right; margin: 1em 0 1ex"><strong>';
$after_register_link = '</strong></div>';
user_register_link($before_register_link, $after_register_link, T_('No account yet? Register here') . ' »', '#', true, $redirect_to, $source);
} else {
// Passthrough REQUEST data (when login is required after having POSTed something)
// (Exclusion of 'login_action', 'login', and 'action' has been removed. This should get handled via detection in Form (included_input_field_names),
// and "action" is protected via crumbs)
$Form->hiddens_by_key(remove_magic_quotes($_REQUEST), array('pwd_hashed'));
}
$Form->end_form();
echo $params['form_after'];
display_login_js_handler($params);
}
$Widget = !empty($this) ? $this : false;
$ajax_form_enabled = !empty($Blog) && $Blog->get_ajax_form_enabled();
$Form = new Form(get_login_url($source, $redirect_to), 'login_form', 'post');
$Form->begin_form(NULL, '', array('style' => 'display:none'));
if ($ajax_form_enabled) {
// ajax form is enabled, add hidden action param, because we will catch the form submit button action
$Form->hidden('login_action', array('login' => 'login'));
}
$Form->hidden('crumb_loginform', '');
$Form->hidden('pwd_salt', '');
$Form->hidden('pwd_hashed', '');
$Form->hidden('source', $source);
$Form->hidden('inskin', true);
$Form->hidden('redirect_to', $redirect_to);
$Form->text_input($dummy_fields['login'], '', 18, T_('Login'), '', array('maxlength' => 255, 'class' => 'input_text', 'required' => true));
$Form->password_input($dummy_fields['pwd'], '', 18, T_('Password'), array('maxlength' => 70, 'class' => 'input_text', 'required' => true));
// Submit button and lost password link:
$submit_button = array('id' => 'submit_login_form', 'name' => 'login_action[login]', 'value' => T_('Log in!'), 'class' => 'submit');
$Form->begin_fieldset('', array('class' => 'fieldset field_login_btn'));
$Form->button_input($submit_button);
if ($Widget && $Widget->get_param('password_link_show')) {
// Display a link to recovery password
$lost_password_url = url_add_param(empty($Blog) ? $baseurl : $Blog->gen_blogurl(), 'disp=lostpassword');
echo '<a href="' . $lost_password_url . '">' . $Widget->get_param('password_link') . '</a>';
}
$Form->end_fieldset();
$Form->end_form();
// Display only button to login if JS scripts or AJAX forms are disabled
echo $ajax_form_enabled ? '<noscript>' : '';
echo get_user_login_link('<br /><strong>', '</strong><br /><br />', T_('Login now...'), '#', $source, $redirect_to);
echo $ajax_form_enabled ? '</noscript>' : '';
$Form->hidden('ctrl', 'email');
$Form->hidden('tab', 'settings');
$Form->hidden('tab3', get_param('tab3'));
$Form->hidden('action', 'settings');
if ($current_User->check_perm('emails', 'edit')) {
$Form->begin_fieldset(T_('Test saved settings') . get_manual_link('smtp-gateway-settings'));
$url = '?ctrl=email&tab=settings&tab3=smtp&' . url_crumb('emailsettings') . '&action=';
$Form->info_field(T_('Perform tests'), '<a href="' . $url . 'test_smtp">[' . T_('server connection') . ']</a> ');
if (!empty($smtp_test_output)) {
echo '<div style="margin-top:25px"></div>';
// Display scrollable div
echo '<div style="padding: 6px; margin:5px; border: 1px solid #CCC; overflow:scroll; height: 350px">' . $smtp_test_output . '</div>';
}
$Form->end_fieldset();
}
$Form->begin_fieldset(T_('SMTP Server connection settings') . get_manual_link('smtp-gateway-settings'));
$Form->checkbox_input('smtp_enabled', $Settings->get('smtp_enabled'), T_('Enabled'), array('note' => sprintf(T_('Note: This feature needs PHP version 5.2 or higher ( Currently installed: %s )'), phpversion())));
$Form->text_input('smtp_server_host', $Settings->get('smtp_server_host'), 25, T_('SMTP Host'), T_('Hostname or IP address of your SMTP server.'), array('maxlength' => 255));
$Form->text_input('smtp_server_port', $Settings->get('smtp_server_port'), 5, T_('Port Number'), T_('Port number of your SMTP server (Defaults: SSL: 443, TLS: 587).'), array('maxlength' => 6));
$Form->radio('smtp_server_security', $Settings->get('smtp_server_security'), array(array('none', T_('None')), array('ssl', T_('SSL')), array('tls', T_('TLS'))), T_('Encryption Method'));
$Form->text_input('smtp_server_username', $Settings->get('smtp_server_username'), 25, T_('SMTP Username'), T_('User name for authenticating on your SMTP server.'), array('maxlength' => 255, 'autocomplete' => 'off'));
if ($current_User->check_perm('emails', 'edit')) {
// Disply this fake hidden password field before real because Chrome ignores attribute autocomplete="off"
echo '<input type="password" name="password" value="" style="display:none" />';
// Real password field:
$Form->password_input('smtp_server_password', $Settings->get('smtp_server_password'), 25, T_('SMTP Password'), array('maxlength' => 255, 'note' => T_('Password for authenticating on your SMTP server.'), 'autocomplete' => 'off'));
}
$Form->end_fieldset();
if ($current_User->check_perm('emails', 'edit')) {
$Form->end_form(array(array('submit', '', T_('Save Changes!'), 'SaveButton')));
}
$secure_htsrv_url = get_secure_htsrv_url();
$Form = new Form($secure_htsrv_url . 'register.php', 'register_form', 'post');
$Form->add_crumb('regform');
$Form->hidden('inskin', true);
$Form->hidden('blog', $Blog->ID);
// disp register form
$Form->begin_form('bComment');
$Plugins->trigger_event('DisplayRegisterFormBefore', array('Form' => &$Form, 'inskin' => true));
$Form->hidden('action', 'register');
$Form->hidden('source', $source);
$Form->hidden('redirect_to', $redirect_to);
$Form->begin_field();
$Form->text_input($dummy_fields['login'], $login, 22, T_('Login'), T_('Choose an username.'), array('maxlength' => 20, 'class' => 'input_text', 'required' => true, 'input_suffix' => ' <span id="login_status"></span>'));
$Form->end_field();
$Form->begin_field();
$Form->password_input($dummy_fields['pass1'], '', 18, T_('Password'), array('note' => T_('Choose a password.'), 'maxlength' => 70, 'class' => 'input_text', 'required' => true));
$Form->password_input($dummy_fields['pass2'], '', 18, '', array('note' => T_('Please type your password again.'), 'maxlength' => 70, 'class' => 'input_text', 'required' => true));
$Form->end_field();
$Form->begin_field();
$Form->text_input($dummy_fields['email'], $email, 50, T_('Email'), '<br />' . T_('We respect your privacy. Your email will remain strictly confidential.'), array('maxlength' => 255, 'class' => 'input_text wide_input', 'required' => true));
$registration_require_country = (bool) $Settings->get('registration_require_country');
if ($registration_require_country) {
// country required
$CountryCache =& get_CountryCache();
$Form->select_country('country', param('country', 'integer', 0), $CountryCache, T_('Country'), array('allow_none' => true, 'required' => true));
}
$registration_require_firstname = (bool) $Settings->get('registration_require_firstname');
if ($registration_require_firstname) {
// firstname required
$Form->begin_field();
$Form->text_input('firstname', $firstname, 18, T_('First name'), T_('Your real first name.'), array('maxlength' => 50, 'class' => 'input_text', 'required' => true));
