/** * Cron handler * * @param array $page Pages * * @return bool * @throws CronException * @access private */ function _elgg_cron_page_handler($page) { if (!isset($page[0])) { forward(); } if (PHP_SAPI !== 'cli' && elgg_get_config('security_protect_cron')) { elgg_signed_request_gatekeeper(); } $period = strtolower($page[0]); $allowed_periods = elgg_get_config('elgg_cron_periods'); if ($period != 'run' && !in_array($period, $allowed_periods)) { throw new \CronException("{$period} is not a recognized cron period."); } if ($period == 'run') { _elgg_cron_run(); } else { // Get a list of parameters $params = array(); $params['time'] = time(); // Data to return to $old_stdout = ""; ob_start(); $msg_key = "cron_latest:{$period}:msg"; $msg = elgg_echo('admin:cron:started', [$period, date('r', time())]); elgg_get_site_entity()->setPrivateSetting($msg_key, $msg); $old_stdout = elgg_trigger_plugin_hook('cron', $period, $params, $old_stdout); $std_out = ob_get_clean(); $msg = $std_out . $old_stdout; echo $msg; elgg_get_site_entity()->setPrivateSetting($msg_key, $msg); } return true; }
<?php /** * Page for resetting a forgotten password * * @package Elgg.Core * @subpackage Registration */ if (elgg_is_logged_in()) { forward(); } elgg_signed_request_gatekeeper(); $user_guid = get_input('u'); $code = get_input('c'); $user = get_user($user_guid); // don't check code here to avoid automated attacks if (!$user instanceof ElggUser) { register_error(elgg_echo('user:resetpassword:unknown_user')); forward(); } $title = elgg_echo('changepassword'); $params = array('guid' => $user_guid, 'code' => $code); $content = elgg_view_form('user/changepassword', array('class' => 'elgg-form-account'), $params); $shell = elgg_get_config('walled_garden') ? 'walled_garden' : 'default'; $body = elgg_view_layout('default', ['content' => $content, 'title' => $title, 'sidebar' => false]); echo elgg_view_page($title, $body, $shell);
/** * Validate a user * * @param int $user_guid * @param string $code * @return bool * @deprecated 2.3 */ function uservalidationbyemail_validate_email($user_guid, $code = null) { elgg_deprecated_notice(__FUNCTION__ . ' has been deprecated. Validation now relies on signed URL API', '2.3'); elgg_signed_request_gatekeeper(); return elgg_set_user_validation_status($user_guid, true, 'email'); }
/** * Elgg upgrade script. * * This script triggers any necessary upgrades. If the site has been upgraded * to the most recent version of the code, no upgrades are run but the caches * are flushed. * * Upgrades use a table {db_prefix}upgrade_lock as a mutex to prevent concurrent upgrades. * * The URL to forward to after upgrades are complete can be specified by setting $_GET['forward'] * to a relative URL. * * @return void */ public static function upgrade() { // we want to know if an error occurs ini_set('display_errors', 1); define('UPGRADING', 'upgrading'); self::start(); // check security settings if (elgg_get_config('security_protect_upgrade') && !elgg_is_admin_logged_in()) { // only admin's or users with a valid token can run upgrade.php elgg_signed_request_gatekeeper(); } $site_url = elgg_get_config('url'); $site_host = parse_url($site_url, PHP_URL_HOST) . '/'; // turn any full in-site URLs into absolute paths $forward_url = get_input('forward', '/admin', false); $forward_url = str_replace(array($site_url, $site_host), '/', $forward_url); if (strpos($forward_url, '/') !== 0) { $forward_url = '/' . $forward_url; } if (get_input('upgrade') == 'upgrade') { $upgrader = _elgg_services()->upgrades; $result = $upgrader->run(); if ($result['failure'] == true) { register_error($result['reason']); forward($forward_url); } // Find unprocessed batch uprade classes and save them as ElggUpgrade objects $has_pending_upgrades = _elgg_services()->upgradeLocator->run(); if ($has_pending_upgrades) { // Forward to the list of pending upgrades $forward_url = '/admin/upgrades'; } } else { $rewriteTester = new \ElggRewriteTester(); $url = elgg_get_site_url() . "__testing_rewrite?__testing_rewrite=1"; if (!$rewriteTester->runRewriteTest($url)) { // see if there is a problem accessing the site at all // due to ip restrictions for example if (!$rewriteTester->runLocalhostAccessTest()) { // note: translation may not be available until after upgrade $msg = elgg_echo("installation:htaccess:localhost:connectionfailed"); if ($msg === "installation:htaccess:localhost:connectionfailed") { $msg = "Elgg cannot connect to itself to test rewrite rules properly. Check " . "that curl is working and there are no IP restrictions preventing " . "localhost connections."; } echo $msg; exit; } // note: translation may not be available until after upgrade $msg = elgg_echo("installation:htaccess:needs_upgrade"); if ($msg === "installation:htaccess:needs_upgrade") { $msg = "You must update your .htaccess file so that the path is injected " . "into the GET parameter __elgg_uri (you can use install/config/htaccess.dist as a guide)."; } echo $msg; exit; } $vars = array('forward' => $forward_url); // reset cache to have latest translations available during upgrade elgg_reset_system_cache(); echo elgg_view_page(elgg_echo('upgrading'), '', 'upgrade', $vars); exit; } forward($forward_url); }