/**
  * Test {@link url_rel_to_same_host()}
  */
 function test_url_rel_to_same_host()
 {
     $this->assertEqual(url_rel_to_same_host('http://example.com/foobar', 'http://example.com/barfoo'), '/foobar');
     $this->assertEqual(url_rel_to_same_host('http://example.com/foobar', 'https://example.com/barfoo'), 'http://example.com/foobar');
     $this->assertEqual(url_rel_to_same_host('http://example.com/foobar', '/barfoo'), '/foobar');
     $this->assertEqual(url_rel_to_same_host('foobar', 'http://example.com/barfoo'), 'foobar');
     $this->assertEqual(url_rel_to_same_host('http://example.com/barfoo?f=b', 'https://example.com/barfoo'), 'http://example.com/barfoo?f=b');
     $this->assertEqual(url_rel_to_same_host('https://example.com/barfoo?f=b#a', 'https://*****:*****@example.com/barfoo'), 'https://example.com/barfoo?f=b#a');
     $this->assertEqual(url_rel_to_same_host('foobar', 'http://example.com/barfoo'), 'foobar');
     // Tests for URLs without protocol
     // URL has protocol info, keep it.
     $this->assertEqual(url_rel_to_same_host('http://host/bar', '//host/baz'), 'http://host/bar');
     // Target URL has protocol info, URL is protocol ambivalent.
     $this->assertEqual(url_rel_to_same_host('//host/bar', 'https://host/baz'), '/bar');
     $this->assertEqual(url_rel_to_same_host('//host/bar', '//host/baz'), '/bar');
     $this->assertEqual(url_rel_to_same_host('//hostA/bar', '//hostB/baz'), '//hostA/bar');
     $this->assertEqual(url_rel_to_same_host('http://host/?query#fragment', 'http://host/'), '/?query#fragment');
     $this->assertEqual(url_rel_to_same_host('http://host/0?0#0', 'http://host/'), '/0?0#0');
 }
Example #2
0
 /**
  * Template helper function: Get a link to a message form for this user.
  *
  * @param string url of the message form
  * @param string to display before link
  * @param string to display after link
  * @param string link text
  * @param string link title
  * @param string class name
  */
 function get_msgform_link($form_url = NULL, $before = ' ', $after = ' ', $text = '#', $title = '#', $class = '')
 {
     if (empty($this->email)) {
         // We have no email for this User :(
         return false;
     }
     if (empty($this->allow_msgform)) {
         return false;
     }
     if (is_null($form_url)) {
         global $Blog;
         $form_url = isset($Blog) ? $Blog->get('msgformurl') : '';
     }
     $form_url = url_add_param($form_url, 'recipient_id=' . $this->ID . '&redirect_to=' . rawurlencode(url_rel_to_same_host(regenerate_url('', '', '', '&'), $form_url)));
     if ($title == '#') {
         $title = T_('Send email to user');
     }
     if ($text == '#') {
         $text = get_icon('email', 'imgtag', array('class' => 'middle', 'title' => $title));
     }
     $r = '';
     $r .= $before;
     $r .= '<a href="' . $form_url . '" title="' . $title . '"';
     if (!empty($class)) {
         $r .= ' class="' . $class . '"';
     }
     $r .= '>' . $text . '</a>';
     $r .= $after;
     return $r;
 }
Example #3
0
    case 'mobile':
        $block_item_Widget->title = T_('Choose a Mobile Phone skin');
        $display_same_as_normal = true;
        break;
    case 'tablet':
        $block_item_Widget->title = T_('Choose a Tablet skin');
        $display_same_as_normal = true;
        break;
    default:
        debug_die('Invalid skin type!');
}
// Get what is the current skin ID from this kind of skin type
$current_skin_ID = $edited_Blog->get_setting($skin_type . '_skin_ID', true);
if ($current_User->check_perm('options', 'edit', false)) {
    // We have permission to modify:
    $block_item_Widget->global_icon(T_('Install new skin...'), 'new', $dispatcher . '?ctrl=skins&amp;action=new&amp;redirect_to=' . rawurlencode(url_rel_to_same_host(regenerate_url('', 'skinpage=selection', '', '&'), $admin_url)), T_('Install new'), 3, 4);
    $block_item_Widget->global_icon(T_('Keep current skin!'), 'close', regenerate_url('skinpage'), ' ' . T_('Don\'t change'), 3, 4);
}
$block_item_Widget->disp_template_replaced('block_start');
$SkinCache =& get_SkinCache();
$SkinCache->load_all();
if ($display_same_as_normal) {
    $skinshot_title = T_('Same as normal skin');
    $select_url = '?ctrl=coll_settings&tab=skin&blog=' . $edited_Blog->ID . '&amp;action=update&amp;skinpage=selection&amp;' . $skin_type . '_skin_ID=0&amp;' . url_crumb('collection');
    $disp_params = array('function' => 'select', 'selected' => $current_skin_ID == '0', 'select_url' => $select_url);
    Skin::disp_skinshot($skinshot_title, $skinshot_title, $disp_params);
}
$SkinCache->rewind();
while (($iterator_Skin =& $SkinCache->get_next()) != NULL) {
    if ($iterator_Skin->type != $skin_type) {
        // This skin cannot be used here...
Example #4
0
 /**
  * Provide link to message form for this comment's author
  *
  * @param string url of the message form
  * @param string to display before link
  * @param string to display after link
  * @param string link text
  * @param string link title
  * @param string class name
  */
 function msgform_link($form_url, $before = ' ', $after = ' ', $text = '#', $title = '#', $class = '')
 {
     if ($this->get_author_User()) {
         // This comment is from a registered user:
         $msg_type = $this->author_User->get_msgform_possibility();
         if (empty($msg_type)) {
             // message form is not allowed
             return false;
         }
         $form_url = url_add_param($form_url, 'recipient_id=' . $this->author_User->ID);
     } else {
         // This comment is from a visitor:
         if (empty($this->author_email)) {
             // We have no email for this comment :(
             return false;
         } elseif (empty($this->allow_msgform)) {
             // Anonymous commentator does not allow message form (for this comment)
             return false;
         }
         $msg_type = 'email';
     }
     $form_url = url_add_param($form_url, 'recipient_id=0&amp;comment_id=' . $this->ID . '&amp;post_id=' . $this->item_ID . '&amp;redirect_to=' . rawurlencode(url_rel_to_same_host(regenerate_url('', '', '', '&'), $form_url)));
     if ($title == '#') {
         if ($msg_type == 'email') {
             $title = T_('Send email to comment author');
         } else {
             $title = T_('Send message to comment author');
         }
     }
     if ($text == '#') {
         $text = get_icon('email', 'imgtag', array('class' => 'middle', 'title' => $title));
     }
     echo $before;
     echo '<a href="' . $form_url . '" title="' . $title . '"';
     if (!empty($class)) {
         echo ' class="' . $class . '"';
     }
     // TODO: have an SEO setting for nofollow here, default to nofollow
     echo ' rel="nofollow"';
     echo '>' . $text . '</a>';
     echo $after;
     return true;
 }
Example #5
0
echo '<ol>';
echo '<li>' . T_('Please confirm your email address below.') . '</li>';
echo '<li>' . T_('An email will be sent to this address immediately.') . '</li>';
echo '<li>' . T_('As soon as you receive the email, click on the link therein to activate your account.') . '</li>';
echo '</ol>';
$Form->text_input('email', $email, 16, T_('Email'), '', array('maxlength' => 255, 'class' => 'input_text', 'required' => true));
$Plugins->trigger_event('DisplayValidateAccountFormFieldset', array('Form' => &$Form));
// TODO: the form submit value is too wide (in Konqueror and most probably in IE!)
$Form->end_form(array(array('name' => 'form_validatemail_submit', 'value' => T_('Send me an email now!'), 'class' => 'ActionButton')));
// display hidden fields etc
if ($current_User->group_ID == 1) {
    // allow admin users to validate themselves by a single click:
    $Form =& new Form($htsrv_url_sensitive . 'login.php', 'form_validatemail', 'post', 'fieldset');
    $Form->begin_form('fform');
    $Form->hidden('action', 'validatemail');
    $Form->hidden('redirect_to', url_rel_to_same_host($redirect_to, $htsrv_url_sensitive));
    $Form->hidden('reqID', 1);
    $Form->hidden('sessID', $Session->ID);
    $Form->begin_fieldset();
    echo '<p>' . sprintf(T_('Since you are an admin user, you can validate your email address (%s) by a single click.'), $current_User->email) . '</p>';
    // TODO: the form submit value is too wide (in Konqueror and most probably in IE!)
    $Form->end_form(array(array('name' => 'form_validatemail_admin_submit', 'value' => T_('Activate my account!'), 'class' => 'ActionButton')));
    // display hidden fields etc
}
?>

<div style="text-align:right">
	<?php 
user_logout_link();
?>
</div>
Example #6
0
    $subject = $unsaved_message_params['subject'];
    $message = $unsaved_message_params['message'];
    $email_author = $unsaved_message_params['sender_name'];
    $email_author_address = $unsaved_message_params['sender_address'];
}
$Form = new Form($submit_url);
$Form->switch_template_parts($params['skin_form_params']);
$Form->begin_form('bComment');
$Form->add_crumb('newmessage');
if (isset($Blog)) {
    $Form->hidden('blog', $Blog->ID);
}
$Form->hidden('recipient_id', $recipient_id);
$Form->hidden('post_id', $post_id);
$Form->hidden('comment_id', $comment_id);
$Form->hidden('redirect_to', url_rel_to_same_host($redirect_to, $samedomain_htsrv_url));
$Form->info(T_('To'), $recipient_link);
// Note: we use funky field names in order to defeat the most basic guestbook spam bots:
// email form
$Form->text_input($dummy_fields['name'], $email_author, 40, T_('From'), T_('Your name.'), array('maxlength' => 50, 'class' => 'wide_input', 'required' => true));
$Form->text_input($dummy_fields['email'], $email_author_address, 40, T_('Email'), T_('Your email address. (Will <strong>not</strong> be displayed on this site.)'), array('maxlength' => 150, 'class' => 'wide_input', 'required' => true));
$Form->text_input($dummy_fields['subject'], $subject, 40, T_('Subject'), T_('Subject of your message.'), array('maxlength' => 255, 'class' => 'wide_input', 'required' => true));
$Form->textarea($dummy_fields['content'], $message, 15, T_('Message'), T_('Plain text only.'), 35, 'wide_textarea', true);
$Plugins->trigger_event('DisplayMessageFormFieldset', array('Form' => &$Form, 'recipient_ID' => &$recipient_id, 'item_ID' => $post_id, 'comment_ID' => $comment_id));
$Form->begin_fieldset();
?>
		<div class="input">
			<?php 
$Form->button_input(array('name' => 'submit_message_' . $recipient_id, 'class' => 'submit', 'value' => T_('Send message')));
$Plugins->trigger_event('DisplayMessageFormButton', array('Form' => &$Form, 'recipient_ID' => &$recipient_id, 'item_ID' => $post_id, 'comment_ID' => $comment_id));
?>
 function get_author_msgform_link($Comment)
 {
     global $Blog;
     $form_url = $Blog->get('msgformurl');
     if ($Comment->get_author_User()) {
         // This comment is from a registered user:
         if (empty($Comment->author_User->email)) {
             // We have no email for this Author :(
             return false;
         } elseif (empty($Comment->author_User->allow_msgform)) {
             // User does not allow message form
             return false;
         }
         $form_url = url_add_param($form_url, 'recipient_id=' . $Comment->author_User->ID);
     } else {
         // This comment is from a visitor:
         if (empty($Comment->author_email)) {
             // We have no email for this comment :(
             return false;
         } elseif (empty($Comment->allow_msgform)) {
             // Anonymous commentator does not allow message form (for this comment)
             return false;
         }
     }
     $form_url = url_add_param($form_url, 'comment_id=' . $Comment->ID . '&amp;post_id=' . $Comment->item_ID . '&amp;redirect_to=' . rawurlencode(url_rel_to_same_host(regenerate_url('', '', '', '&'), $form_url)));
     return $form_url;
 }
Example #8
0
 /**
  * Template function: Provide link to message form for this Item's author.
  *
  * @param string url of the message form
  * @param string to display before link
  * @param string to display after link
  * @param string link text
  * @param string link title
  * @param string class name
  * @return boolean true, if a link was displayed; false if there's no email address for the Item's author.
  */
 function msgform_link($params = array())
 {
     // Make sure we are not missing any param:
     $params = array_merge(array('before' => ' ', 'after' => ' ', 'text' => '#', 'title' => '#', 'class' => '', 'format' => 'htmlbody', 'form_url' => '#current_blog#'), $params);
     $this->get_creator_User();
     if (empty($this->creator_User->email)) {
         // We have no email for this Author :(
         return false;
     }
     if (empty($this->creator_User->allow_msgform)) {
         return false;
     }
     if ($params['form_url'] == '#current_blog#') {
         // Get
         global $Blog;
         $params['form_url'] = $Blog->get('msgformurl');
     }
     $params['form_url'] = url_add_param($params['form_url'], 'recipient_id=' . $this->creator_User->ID . '&amp;post_id=' . $this->ID . '&amp;redirect_to=' . rawurlencode(url_rel_to_same_host(regenerate_url('', '', '', '&'), $params['form_url'])));
     if ($params['title'] == '#') {
         $params['title'] = T_('Send email to post author');
     }
     if ($params['text'] == '#') {
         $params['text'] = get_icon('email', 'imgtag', array('class' => 'middle', 'title' => $params['title']));
     }
     echo $params['before'];
     echo '<a href="' . $params['form_url'] . '" title="' . $params['title'] . '"';
     if (!empty($params['class'])) {
         echo ' class="' . $params['class'] . '"';
     }
     echo '>' . $params['text'] . '</a>';
     echo $params['after'];
     return true;
 }
Example #9
0
 /**
  * Get the absolute URL to the plugin's directory (where the plugins classfile is).
  * Trailing slash included.
  *
  * @param string Get absolute URL? (or make it relative to $ReqHost)
  * @return string
  */
 function get_plugin_url($abs = false)
 {
     global $plugins_url, $plugins_path;
     // Get sub-path below $plugins_path, if any:
     $sub_path = preg_replace(':^' . preg_quote($plugins_path, ':') . ':', '', dirname($this->classfile_path) . '/');
     $r = $plugins_url . $sub_path;
     // Use the same protocol as with current host (so includes from within https do not fail when on http):
     $r = url_same_protocol($r);
     // Make it relative to current host, if absolute is not required:
     if (!$abs) {
         global $ReqHost;
         $r = url_rel_to_same_host($r, $ReqHost);
     }
     return $r;
 }
Example #10
0
/**
 * Display user activate info form content
 *
 * @param Object activateinfo Form
 */
function display_activateinfo($params)
{
    global $current_User, $Settings, $UserSettings, $Plugins;
    global $secure_htsrv_url, $rsc_path, $rsc_url, $dummy_fields;
    if (!is_logged_in()) {
        // if this happens, it means the code is not correct somewhere before this
        debug_die("You must log in to see this page.");
    }
    $params = array_merge(array('use_form_wrapper' => true, 'form_before' => '', 'form_after' => '', 'form_action' => $secure_htsrv_url . 'login.php', 'form_name' => 'form_validatemail', 'form_class' => 'fform', 'form_layout' => 'fieldset', 'form_template' => NULL, 'form_title' => '', 'inskin' => false), $params);
    // init force request new email address param
    $force_request = param('force_request', 'boolean', false);
    // get last activation email timestamp from User Settings
    $last_activation_email_date = $UserSettings->get('last_activation_email', $current_User->ID);
    if ($force_request || empty($last_activation_email_date)) {
        // notification email was not sent yet, or user needs another one ( forced request )
        echo $params['use_form_wrapper'] ? $params['form_before'] : '';
        $Form = new Form($params['form_action'], $params['form_name'], 'post', $params['form_layout']);
        if (!empty($params['form_template'])) {
            // Switch layout to template from array
            $Form->switch_template_parts($params['form_template']);
        }
        $Form->begin_form($params['form_class']);
        $Form->add_crumb('validateform');
        $Form->hidden('action', 'req_validatemail');
        $Form->hidden('redirect_to', $params['redirect_to']);
        if ($params['inskin']) {
            $Form->hidden('inskin', $params['inskin']);
            $Form->hidden('blog', $params['blog']);
        } else {
            // Form title in standard form
            echo '<h4>' . $params['form_title'] . '</h4>';
        }
        $Form->hidden('req_validatemail_submit', 1);
        // to know if the form has been submitted
        $Form->begin_fieldset();
        echo '<ol>';
        echo '<li>' . T_('Please confirm your email address below:') . '</li>';
        echo '</ol>';
        // set email text input content only if this is not a forced request. This way the user may have bigger chance to write a correct email address.
        $user_email = $force_request ? '' : $current_User->email;
        // fp> note: 45 is the max length for evopress skin.
        $Form->text_input($dummy_fields['email'], $user_email, 42, T_('Your email'), '', array('maxlength' => 255, 'class' => 'input_text', 'required' => true, 'input_required' => 'required'));
        $Form->end_fieldset();
        // Submit button:
        $submit_button = array(array('name' => 'submit', 'value' => T_('Send me a new activation email now!'), 'class' => 'btn-primary btn-lg'));
        $Form->buttons_input($submit_button);
        if (!$params['inskin']) {
            $Plugins->trigger_event('DisplayValidateAccountFormFieldset', array('Form' => &$Form));
        }
        $Form->end_form();
        echo $params['use_form_wrapper'] ? $params['form_after'] : '';
        return;
    }
    // get notification email from general Settings
    $notification_email = $Settings->get('notification_sender_email');
    // convert date to timestamp
    $last_activation_email_ts = mysql2timestamp($last_activation_email_date);
    // get difference between local time and server time
    $time_difference = $Settings->get('time_difference');
    // get last activation email local date and time
    $last_email_date = date(locale_datefmt(), $last_activation_email_ts + $time_difference);
    $last_email_time = date(locale_shorttimefmt(), $last_activation_email_ts + $time_difference);
    $user_email = $current_User->email;
    echo $params['form_before'];
    if (!$params['inskin']) {
        echo '<div class="' . $params['form_class'] . '">';
    }
    echo '<ol start="1" class="expanded">';
    $instruction = sprintf(T_('Open your email account for %s and find a message we sent you on %s at %s with the following title:'), $user_email, $last_email_date, $last_email_time);
    echo '<li>' . $instruction . '<br /><b>' . sprintf(T_('Activate your account: %s'), $current_User->login) . '</b>';
    $request_validation_url = 'href="' . regenerate_url('', 'force_request=1&validate_required=true&redirect_to=' . $params['redirect_to']) . '"';
    echo '<p>' . sprintf(T_('NOTE: If you don\'t find it, check your "Junk", "Spam" or "Unsolicited email" folders. If you really can\'t find it, <a %s>request a new activation email</a>.'), $request_validation_url) . '</p></li>';
    echo '<li>' . sprintf(T_('Add us (%s) to your contacts to make sure you receive future email notifications, especially when someone sends you a private message.'), '<b><span class="nowrap">' . $notification_email . '</span></b>') . '</li>';
    echo '<li><b class="red">' . T_('Click on the activation link in the email.') . '</b>';
    echo '<p>' . T_('If this does not work, please copy/paste that link into the address bar of your browser.') . '</p>';
    echo '<p>' . sprintf(T_('If you need assistance, please send an email to %s'), '<b><a href="mailto:"' . $notification_email . '"><span class="nowrap">' . $notification_email . '</span></a></b>') . '</p></li>';
    echo '</ol>';
    if ((strpos($user_email, '@hotmail.') || strpos($user_email, '@live.') || strpos($user_email, '@msn.')) && file_exists($rsc_path . 'img/login_help/hotmail-validation.png')) {
        // The user is on hotmail and we have a help screen to show him: (needs to be localized and include correct site name)
        echo '<div class="center" style="margin: 2em auto"><img src="' . $rsc_url . 'img/login_help/hotmail-validation.png" /></div>';
    } elseif ((strpos($user_email, '@gmail.com') || strpos($user_email, '@googlemail.com')) && file_exists($rsc_path . 'img/login_help/gmail-validation.png')) {
        // The user is on hotmail and we have a help screen to show him: (needs to be localized and include correct site name)
        echo '<div class="center" style="margin: 2em auto"><img src="' . $rsc_url . 'img/login_help/gmail-validation.png" /></div>';
    }
    if (!$params['inskin']) {
        echo '</div>';
    }
    echo $params['form_after'];
    if ($current_User->grp_ID == 1) {
        // allow admin users to validate themselves by a single click:
        global $Session, $redirect_to;
        if (empty($redirect_to)) {
            // Set where to redirect
            $redirect_to = regenerate_url();
        }
        echo $params['use_form_wrapper'] ? $params['form_before'] : '';
        $Form = new Form($secure_htsrv_url . 'login.php', 'form_validatemail', 'post', 'fieldset');
        if (!empty($params['form_template'])) {
            // Switch layout to template from array
            $Form->switch_template_parts($params['form_template']);
        }
        $Form->begin_form('evo_form__login');
        $Form->add_crumb('validateform');
        $Form->hidden('action', 'validatemail');
        $Form->hidden('redirect_to', url_rel_to_same_host($redirect_to, $secure_htsrv_url));
        $Form->hidden('reqID', 1);
        $Form->hidden('sessID', $Session->ID);
        echo '<p>' . sprintf(T_('Since you are an admin user, you can activate your account (%s) by a single click.'), $current_User->email) . '</p>';
        // TODO: the form submit value is too wide (in Konqueror and most probably in IE!)
        $Form->end_form(array(array('name' => 'form_validatemail_admin_submit', 'value' => T_('Activate my account!'), 'class' => 'ActionButton btn btn-primary')));
        // display hidden fields etc
        echo $params['use_form_wrapper'] ? $params['form_after'] : '';
    }
    echo '<div class="evo_form__login_links floatright">';
    user_logout_link();
    echo '</div>';
}
Example #11
0
				return true;
			}, false );
		<?php 
}
?>
</script>


<div class="login_actions" style="text-align:right">
	<?php 
$links = array();
if ($link = get_user_register_link('', '', '', '#', true, $redirect_to)) {
    $links[] = $link;
}
if (empty($login_required) && $action != 'req_validatemail' && strpos($redirect_to, $admin_url) !== 0 && strpos($ReqHost . $redirect_to, $admin_url) !== 0) {
    // No login required, allow to pass through
    // TODO: dh> validate redirect_to param?!
    $links[] = '<a href="' . htmlspecialchars(url_rel_to_same_host($redirect_to, $ReqHost)) . '">' . T_('Abort login!') . '</a>';
}
if (is_logged_in()) {
    // if we arrive here, but are logged in, provide an option to logout (e.g. during the email
    // validation procedure)
    $links[] = get_user_logout_link();
}
echo implode(' &middot; ', $links);
?>
</div>


<?php 
require dirname(__FILE__) . '/_html_footer.inc.php';
Example #12
0
		</ul>
</div>
<!-- ============ END FEEDS AND EXTRAS ============= -->
	<?php 
if (empty($generating_static) && !$Plugins->trigger_event_first_true('CacheIsCollectingContent')) {
    // We're not generating static pages nor is a caching plugin collecting the content, so we can display this block
    ?>
	<?php 
}
?>
</div>
</div>
<div class="pagefoot">
	<p class="center">
		<a href="<?php 
echo $Blog->get('msgformurl') . '&amp;recipient_id=1&amp;redirect_to=' . rawurlencode(url_rel_to_same_host(regenerate_url('', '', '', '&'), $Blog->get('msgformurl')));
?>
" title="Contact the Admin">Contact the admin</a>&nbsp; / &nbsp;
		<a href="http://blog.thedarksighed.com/projectblog" title="Custom b2evo skin designs at The Dark Sighed">Original B2Evo skin design by Andrew Hreschak</a><br />
		<?php 
// Display additional credits (see /conf/_advanced.php):
display_list($credit_links, T_('Credits') . ': ', ' ', '|', ' ', ' ');
?>
	</p>
</div>
</div>
<div class="footer">
	<?php 
$Hit->log();
// log the hit on this page
debug_info();
Example #13
0
		<input type="password" name="pass1" id="pass1" size="16" maxlength="50" value="" class="input_text field_required" />
		<input type="password" name="pass2" id="pass2" size="16" maxlength="50" value="" class="input_text field_required" />
		<span class="notes"><?php 
printf(T_('Minimum %d characters, please.'), $Settings->get('user_minpwdlen'));
?>
</span>
		</div>
	</fieldset>

	<?php 
$Form->text_input('email', $email, 16, T_('Email'), '', array('maxlength' => 255, 'class' => 'input_text', 'required' => true));
$Form->select('locale', $locale, 'locale_options_return', T_('Locale'), T_('Preferred language'));
$Plugins->trigger_event('DisplayRegisterFormFieldset', array('Form' => &$Form));
$Form->buttons_input(array(array('name' => 'submit', 'value' => T_('Register!'), 'class' => 'ActionInput')));
$Form->end_fieldset();
$Form->end_form();
// display hidden fields etc
?>

<div style="text-align:right">
	<a href="<?php 
echo $htsrv_url_sensitive . 'login.php?redirect_to=' . rawurlencode(url_rel_to_same_host($redirect_to, $htsrv_url_sensitive));
?>
"><?php 
echo T_('Log into existing account...');
?>
</a>
</div>

<?php 
require dirname(__FILE__) . '/_html_footer.inc.php';
Example #14
0
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<title><?php 
echo T_('Access denied');
?>
</title>
	</head>
<body>
	<div style="background-color:#fee; border: 1px solid red; text-align:center;">
		<h1><?php 
echo T_('Access denied');
?>
</h1>
		<p><?php 
echo T_('Sorry, you have no permission to access this section.');
?>
</p>
	</div>
	<p style="text-align:center;"><?php 
echo '<a href="' . $htsrv_url_sensitive . 'login.php?action=logout&amp;redirect_to=' . rawurlencode(url_rel_to_same_host($ReqHost . $ReqURI, $htsrv_url_sensitive)) . '">' . T_('Logout') . '</a>
					&bull;
					<a href="' . $baseurl . '">' . T_('Exit to blogs') . '</a>';
?>
</p>
	<?php 
debug_info();
?>
</body>
</html>
<?php 
exit;
?>
:</h4>

<?php 
if (($Comment = get_comment_from_session()) == NULL) {
    $comment_author = param_cookie($cookie_name, 'string', '');
    $comment_author_email = utf8_strtolower(param_cookie($cookie_email, 'string', ''));
    $comment_author_url = param_cookie($cookie_url, 'string', '');
    $comment_text = '';
} else {
    $comment_author = $Comment->author;
    $comment_author_email = $Comment->author_email;
    $comment_author_url = $Comment->author_url;
    $comment_text = $Comment->content;
}
$redirect = htmlspecialchars(url_rel_to_same_host(regenerate_url('', '', '', '&'), get_htsrv_url()));
?>

<!-- form to add a comment -->
<form action="<?php 
echo get_htsrv_url();
?>
comment_post.php" method="post" id="bComment_form_id_<?php 
echo $Item->ID;
?>
">

	<input type="hidden" name="comment_item_ID" value="<?php 
echo $Item->ID();
?>
" />
Example #16
0
/**
 * Get the URL for the logout button
 *
 * @return string
 */
function get_user_logout_url()
{
    global $admin_url, $baseurl, $is_admin_page, $Blog, $secure_htsrv_url;
    if (!is_logged_in()) {
        return false;
    }
    $redirect_to = url_rel_to_same_host(regenerate_url('disp,action', '', '', '&'), $secure_htsrv_url);
    if (require_login($redirect_to, true)) {
        // if redirect_to page is a login page, or also require login ( e.g. admin.php )
        if (!empty($Blog)) {
            // Blog is set
            // set redirect_to to Blog url
            $redirect_to = $Blog->gen_blogurl();
        } else {
            // Blog is empty, set abort url to baseurl
            $redirect_to = url_rel_to_same_host($baseurl, $secure_htsrv_url);
        }
    }
    return $secure_htsrv_url . 'login.php?action=logout&amp;redirect_to=' . rawurlencode($redirect_to);
}
Example #17
0
$SkinCache->load_all();
if ($display_same_as_normal) {
    $skinshot_title = T_('Same as normal skin');
    $select_url = '?ctrl=coll_settings&tab=skin&blog=' . $edited_Blog->ID . '&amp;action=update&amp;skinpage=selection&amp;' . $skin_type . '_skin_ID=0&amp;' . url_crumb('collection');
    $disp_params = array('function' => 'select', 'selected' => $current_skin_ID == '0', 'select_url' => $select_url);
    Skin::disp_skinshot($skinshot_title, $skinshot_title, $disp_params);
}
$fadeout_array = $Session->get('fadeout_array');
$SkinCache->rewind();
while (($iterator_Skin =& $SkinCache->get_next()) != NULL) {
    if ($iterator_Skin->type != $skin_type) {
        // This skin cannot be used here...
        continue;
    }
    $selected = $current_skin_ID == $iterator_Skin->ID;
    $blog_skin_param = $skin_type . '_skin_ID=';
    $select_url = '?ctrl=coll_settings&tab=skin&blog=' . $edited_Blog->ID . '&amp;action=update&amp;skinpage=selection&amp;' . $blog_skin_param . $iterator_Skin->ID . '&amp;' . url_crumb('collection');
    $preview_url = url_add_param($edited_Blog->gen_blogurl(), 'tempskin=' . rawurlencode($iterator_Skin->folder));
    $disp_params = array('function' => 'select', 'selected' => $selected, 'select_url' => $select_url, 'function_url' => $preview_url, 'highlighted' => is_array($fadeout_array) && isset($fadeout_array['skin_ID']) && in_array($iterator_Skin->ID, $fadeout_array['skin_ID']));
    // Display skinshot:
    Skin::disp_skinshot($iterator_Skin->folder, $iterator_Skin->name, $disp_params);
}
// Flush fadeout
$Session->delete('fadeout_array');
if ($current_User->check_perm('options', 'edit', false)) {
    // A link to install new skin:
    echo '<a href="' . $admin_url . '?ctrl=skins&amp;action=new&amp;redirect_to=' . rawurlencode(url_rel_to_same_host(regenerate_url('', 'skinpage=selection', '', '&'), $admin_url)) . '" class="skinshot skinshot_new">' . get_icon('new') . T_('Install New') . ' &raquo;' . '</a>';
}
echo '<div class="clear"></div>';
echo '</div>';
$block_item_Widget->disp_template_replaced('block_end');
/**
 * This file implements the user activate info form
 *
 * This file is not meant to be called directly.
 *
 * @license GNU GPL v2 - {@link http://b2evolution.net/about/gnu-gpl-license}
 *
 * @copyright (c)2003-2015 by Francois Planque - {@link http://fplanque.com/}.
 *
 * @package evocore
 */
if (!defined('EVO_MAIN_INIT')) {
    die('Please, do not access this page directly.');
}
global $blog;
$redirect_to = param('redirect_to', 'url', '');
if (empty($redirect_to)) {
    $redirect_to = regenerate_url('disp');
}
// Default params:
$params = array_merge(array('skin_form_before' => '', 'skin_form_after' => '', 'activate_form_title' => '', 'activate_page_before' => '', 'activate_page_after' => '', 'activate_form_params' => NULL, 'use_form_wrapper' => true, 'display_form_messages' => false), $params);
$display_params = array('use_form_wrapper' => $params['use_form_wrapper'], 'form_before' => str_replace('$form_title$', $params['activate_form_title'], $params['skin_form_before']), 'form_after' => $params['skin_form_after'], 'form_action' => $secure_htsrv_url . 'login.php', 'form_name' => 'activateinfo_form', 'form_class' => 'evo_form__activateinfo', 'form_layout' => NULL, 'redirect_to' => url_rel_to_same_host($redirect_to, $secure_htsrv_url), 'inskin' => true, 'blog' => isset($blog) ? $blog : NULL, 'form_template' => $params['activate_form_params']);
echo $params['activate_page_before'];
if ($params['display_form_messages']) {
    // Display the form messages before form inside wrapper
    messages(array('block_start' => '<div class="action_messages">', 'block_end' => '</div>'));
}
// display account activate info
display_activateinfo($display_params);
echo $params['activate_page_after'];
Example #19
0
 /**
  * Template helper function: Get a link to a message form for this user.
  *
  * @param string url of the message form
  * @param string to display before link
  * @param string to display after link
  * @param string link text
  * @param string link title
  * @param string class name
  */
 function get_msgform_link($form_url = NULL, $before = ' ', $after = ' ', $text = '#', $title = '#', $class = '')
 {
     if (empty($this->email)) {
         // We have no email for this User :(
         return false;
     }
     $available_msgform = $this->get_msgform_possibility();
     if (!$available_msgform) {
         // There is no way this user accepts receiving messages.
         return false;
     }
     if (is_null($form_url)) {
         global $Blog;
         $form_url = isset($Blog) ? $Blog->get('msgformurl') : '';
     }
     $form_url = url_add_param($form_url, 'recipient_id=' . $this->ID . '&amp;redirect_to=' . rawurlencode(url_rel_to_same_host(regenerate_url('', '', '', '&'), $form_url)));
     if ($title == '#') {
         switch ($available_msgform) {
             case 'email':
                 $title = T_('Send email to user');
                 break;
             case 'PM':
             case 'login':
             default:
                 $title = T_('Send message to user');
                 break;
         }
     }
     if ($text == '#') {
         $text = get_icon('email', 'imgtag', array('class' => 'middle', 'title' => $title));
     }
     $r = '';
     $r .= $before;
     $r .= '<a href="' . $form_url . '" title="' . $title . '"';
     if (!empty($class)) {
         $r .= ' class="' . $class . '"';
     }
     $r .= '>' . $text . '</a>';
     $r .= $after;
     return $r;
 }
Example #20
0
 */
if (!defined('EVO_MAIN_INIT')) {
    die('Please, do not access this page directly.');
}
/**
 * Include page header:
 */
$page_title = T_('Registration complete');
$page_icon = 'icon_register.gif';
require dirname(__FILE__) . '/_html_header.inc.php';
// dh> TODO: this form is not really required and only used for the info fields below.
$Form =& new Form($htsrv_url_sensitive . 'login.php', 'login', 'post', 'fieldset');
$Form->begin_form('fform');
$Form->hidden('login', $login);
$Form->hidden('redirect_to', url_rel_to_same_host($redirect_to, $htsrv_url_sensitive));
$Form->begin_fieldset();
$Form->info(T_('Login'), $login);
$Form->info(T_('Email'), $email);
$Form->end_fieldset();
// Now the user has been logged in automatically at the end of the registration progress.
// Allow him to proceed or go to the blogs, though he will see the "validate account" screen then,
// if he has not clicked the validation link yet and validation is required.
if (empty($redirect_to)) {
    $redirect_to = $baseurl;
    // dh> this was the old behaviour, I think there could be a better default
}
echo '<p class="center"><a href="' . htmlspecialchars(url_rel_to_same_host($redirect_to, $htsrv_url_sensitive)) . '">' . T_('Continue') . ' &raquo;</a> ';
// dh> TODO: this does not seem to be sensible for dir=rtl.
echo '</p>';
$Form->end_form();
require dirname(__FILE__) . '/_html_footer.inc.php';
Example #21
0
     if (empty($comment_author_url)) {
         // Even if we have a blank cookie, let's reset this to remind the bozos what it's for
         $comment_author_url = 'http://';
     }
     $comment_content = $params['default_text'];
 }
 echo $params['form_title_start'];
 echo T_('Leave a comment');
 echo $params['form_title_end'];
 $Form =& new Form($htsrv_url . 'comment_post.php', 'bComment_form_id_' . $Item->ID, 'post');
 $Form->begin_form('bComment', '', array('target' => '_self'));
 // TODO: dh> a plugin hook would be useful here to add something to the top of the Form.
 //           Actually, the best would be, if the $Form object could be changed by a plugin
 //           before display!
 $Form->hidden('comment_post_ID', $Item->ID);
 $Form->hidden('redirect_to', url_rel_to_same_host(regenerate_url('', '', $Blog->get('blogurl'), '&'), $htsrv_url));
 if (is_logged_in()) {
     // User is logged in:
     $Form->info_field(T_('User'), '<strong>' . $current_User->get_preferred_name() . '</strong>' . ' ' . get_user_profile_link(' [', ']', T_('Edit profile')));
 } else {
     // User is not logged in:
     // Note: we use funky field names to defeat the most basic guestbook spam bots
     $Form->text('u', $comment_author, 40, T_('Name'), '', 100, 'bComment');
     $Form->text('i', $comment_author_email, 40, T_('Email'), '<br />' . T_('Your email address will <strong>not</strong> be revealed on this site.'), 100, 'bComment');
     $Form->text('o', $comment_author_url, 40, T_('Website'), '<br />' . T_('Your URL will be displayed.'), 100, 'bComment');
 }
 if ($Item->can_rate()) {
     // Comment rating:
     echo $Form->begin_field(NULL, T_('Your vote'), true);
     $Comment->rating_input();
     echo $Form->end_field();
Example #22
0
/**
 * Template tag: Provide a link to subscription screen
 */
function user_subs_link($before = '', $after = '', $link_text = '', $link_title = '#')
{
    global $current_User, $Blog, $is_admin_page;
    if (!is_logged_in() || $is_admin_page) {
        return false;
    }
    if (empty($Blog) || !$Blog->get_setting('allow_subscriptions')) {
        return false;
    }
    if ($link_text == '') {
        $link_text = T_('Subscribe');
    }
    if ($link_title == '#') {
        $link_title = T_('Subscribe to email notifications');
    }
    echo $before;
    echo '<a href="' . url_add_param($Blog->gen_blogurl(), 'disp=subs&amp;redirect_to=' . rawurlencode(url_rel_to_same_host(regenerate_url('', '', '', '&'), $Blog->gen_blogurl()))) . '" title="', $link_title, '">';
    printf($link_text, $current_User->login);
    echo '</a>';
    echo $after;
}
Example #23
0
/**
 * Display login form
 *
 * @param array params
 */
function display_login_form($params)
{
    global $Settings, $Plugins, $Session, $Blog, $blog, $dummy_fields;
    global $secure_htsrv_url, $admin_url, $baseurl, $ReqHost;
    $params = array_merge(array('form_action' => '', 'form_name' => 'login_form', 'form_layout' => '', 'form_class' => 'bComment', 'source' => 'inskin login form', 'inskin' => true, 'login_required' => true, 'validate_required' => NULL, 'redirect_to' => '', 'login' => '', 'action' => '', 'reqID' => '', 'sessID' => '', 'transmit_hashed_password' => false), $params);
    $inskin = $params['inskin'];
    $login = $params['login'];
    $redirect_to = $params['redirect_to'];
    $links = array();
    if (empty($params['login_required']) && $params['action'] != 'req_validatemail' && strpos($redirect_to, $admin_url) !== 0 && strpos($ReqHost . $redirect_to, $admin_url) !== 0) {
        // No login required, allow to pass through
        // TODO: dh> validate redirect_to param?!
        // check if redirect_to url requires logged in user
        if (require_login($redirect_to, true)) {
            // logged in user require for redirect_to url
            if (!empty($blog)) {
                // blog is set
                if (empty($Blog)) {
                    $BlogCache =& get_BlogCache();
                    $Blog = $BlogCache->get_by_ID($blog, false);
                }
                // set abort url to Blog url
                $abort_url = $Blog->gen_blogurl();
            } else {
                // set abort login url to base url
                $abort_url = $baseurl;
            }
        } else {
            // logged in user isn't required for redirect_to url, set abort url to redirect_to
            $abort_url = $redirect_to;
        }
        $links[] = '<a href="' . htmlspecialchars(url_rel_to_same_host($abort_url, $ReqHost)) . '">' . T_('Abort login!') . '</a>';
    }
    if (!$inskin && is_logged_in()) {
        // if we arrive here, but are logged in, provide an option to logout (e.g. during the email validation procedure)
        $links[] = get_user_logout_link();
    }
    if (count($links)) {
        echo '<div style="float:right; margin: 0 1em">' . implode($links, ' &middot; ') . '</div>
		<div class="clear"></div>';
    }
    $Form = new Form($params['form_action'], $params['form_name'], 'post', $params['form_layout']);
    $Form->begin_form($params['form_class']);
    $Form->add_crumb('loginform');
    $source = param('source', 'string', $params['source'] . ' login form');
    $Form->hidden('source', $source);
    $Form->hidden('redirect_to', $redirect_to);
    if ($inskin) {
        // inskin login form
        $Form->hidden('inskin', true);
        $separator = '<br />';
    } else {
        // standard login form
        $Form->hidden('validate_required', $params['validate_required']);
        if (isset($params['action'], $params['reqID'], $params['sessID']) && $params['action'] == 'validatemail') {
            // the user clicked the link from the "validate your account" email, but has not been logged in; pass on the relevant data:
            $Form->hidden('action', 'validatemail');
            $Form->hidden('reqID', $params['reqID']);
            $Form->hidden('sessID', $params['sessID']);
        }
        $separator = '';
    }
    // check if should transmit hashed password
    if ($params['transmit_hashed_password']) {
        // used by JS-password encryption/hashing:
        $pwd_salt = $Session->get('core.pwd_salt');
        if (empty($pwd_salt)) {
            // Do not regenerate if already set because we want to reuse the previous salt on login screen reloads
            // fp> Question: the comment implies that the salt is reset even on failed login attemps. Why that? I would only have reset it on successful login. Do experts recommend it this way?
            // but if you kill the session you get a new salt anyway, so it's no big deal.
            // At that point, why not reset the salt at every reload? (it may be good to keep it, but I think the reason should be documented here)
            $pwd_salt = generate_random_key(64);
            $Session->set('core.pwd_salt', $pwd_salt, 86400);
            $Session->dbsave();
            // save now, in case there's an error later, and not saving it would prevent the user from logging in.
        }
        $Form->hidden('pwd_salt', $pwd_salt);
        $Form->hidden('pwd_hashed', '');
        // gets filled by JS
    }
    $Form->begin_field();
    $Form->text_input($dummy_fields['login'], $params['login'], 18, T_('Login'), $separator . T_('Enter your username (or email address).'), array('maxlength' => 255, 'class' => 'input_text', 'required' => true));
    $Form->end_field();
    if ($inskin) {
        $lost_password_url = regenerate_url('disp', 'disp=lostpassword');
    } else {
        $lost_password_url = $secure_htsrv_url . 'login.php?action=lostpassword&amp;redirect_to=' . rawurlencode(url_rel_to_same_host($redirect_to, $secure_htsrv_url));
    }
    if (!empty($login)) {
        $lost_password_url .= '&amp;' . $dummy_fields['login'] . '=' . rawurlencode($login);
    }
    $pwd_note = $pwd_note = '<a href="' . $lost_password_url . '">' . T_('Lost password ?') . '</a>';
    $Form->begin_field();
    $Form->password_input($dummy_fields['pwd'], '', 18, T_('Password'), array('note' => $pwd_note, 'maxlength' => 70, 'class' => 'input_text', 'required' => true));
    $Form->end_field();
    // Allow a plugin to add fields/payload
    $Plugins->trigger_event('DisplayLoginFormFieldset', array('Form' => &$Form));
    // Submit button(s):
    $submit_buttons = array(array('name' => 'login_action[login]', 'value' => T_('Log in!'), 'class' => 'search', 'style' => 'font-size: 120%'));
    if (!$inskin && strpos($redirect_to, $admin_url) !== 0 && strpos($ReqHost . $redirect_to, $admin_url) !== 0 && !is_admin_page()) {
        // provide button to log straight into backoffice, if we would not go there anyway
        $submit_buttons[] = array('name' => 'login_action[redirect_to_backoffice]', 'value' => T_('Log into backoffice!'), 'class' => 'search');
    }
    $Form->buttons_input($submit_buttons);
    if ($inskin) {
        $before_register_link = '<strong>';
        $after_register_link = '</strong>';
        $register_link_style = 'text-align:right; margin: 1em 0 1ex';
    } else {
        echo '<div class="center notes" style="margin: 1em 0">' . T_('You will have to accept cookies in order to log in.') . '</div>';
        // Passthrough REQUEST data (when login is required after having POSTed something)
        // (Exclusion of 'login_action', 'login', and 'action' has been removed. This should get handled via detection in Form (included_input_field_names),
        //  and "action" is protected via crumbs)
        $Form->hiddens_by_key(remove_magic_quotes($_REQUEST));
        $before_register_link = '';
        $after_register_link = '';
        $register_link_style = 'text-align:right';
    }
    echo '<div class="login_actions" style="' . $register_link_style . '">';
    echo get_user_register_link($before_register_link, $after_register_link, T_('No account yet? Register here') . ' &raquo;', '#', true, $redirect_to, $source);
    echo '</div>';
    $Form->end_form();
    echo '<script type="text/javascript">';
    // Autoselect login text input or pwd input, if there\'s a login already:
    echo 'var login = document.getElementById("' . $dummy_fields['login'] . '");
		if( login.value.length > 0 )
		{	// Focus on the password field:
			document.getElementById("' . $dummy_fields['pwd'] . '").focus();
		}
		else
		{	// Focus on the login field:
			login.focus();
		}';
    if ($params['transmit_hashed_password']) {
        // Hash the password onsubmit and clear the original pwd field
        // TODO: dh> it would be nice to disable the clicked/used submit button. That's how it has been when the submit was attached to the submit button(s)
        echo 'addEvent( document.getElementById("login_form"), "submit", function(){' . 'var form = document.getElementById("login_form");' . 'if( form.pwd_hashed && form.' . $dummy_fields['pwd'] . ' && form.pwd_salt && typeof hex_sha1 != "undefined" && typeof hex_md5 != "undefined" )
				{' . 'form.pwd_hashed.value = hex_sha1( hex_md5(form.' . $dummy_fields['pwd'] . '.value) + form.pwd_salt.value );
					form.' . $dummy_fields['pwd'] . '.value = "padding_padding_padding_padding_padding_padding_hashed_' . $Session->ID . '";' . '}
				return true;
			}, false );';
    }
    echo '</script>';
}
Example #24
0
File: login.php Project: LFSF/oras
}
if (!defined('EVO_MAIN_INIT')) {
    // Do not check this if the form was included inside of _main.inc
    // echo $htsrv_url_sensitive.'login.php';
    // echo '<br>'.$ReqHost.$ReqPath;
    if ($ReqHost . $ReqPath != $htsrv_url_sensitive . 'login.php') {
        $Messages->add(sprintf(T_('WARNING: you are trying to log in on <strong>%s</strong> but we expect you to log in on <strong>%s</strong>. If this is due to an automatic redirect, this will prevent you from successfully loging in. You must either fix your webserver configuration, or your %s configuration in order for these two URLs to match.'), $ReqHost . $ReqPath, $htsrv_url_sensitive . 'login.php', $app_name), 'error');
    }
}
// Note: the following regexp would fail when loging on to the same domain, because cookie_domain starts with a dot '.'
// However, same domain logins will happen with a relative redirect_to, so it is covered with '^/'
// (forms should use e.g. "url_rel_to_same_host($redirect_to, $htsrv_url_sensitive)" for this)
if (strlen($redirect_to)) {
    // Make it relative to the form's target, in case it has been set absolute (and can be made relative).
    // Just in case it gets sent absolute. This should not trigger this warning then..!
    $redirect_to = url_rel_to_same_host($redirect_to, $htsrv_url_sensitive);
    if (!preg_match('#^/|(https?://[a-z\\-.]*' . str_replace('.', '\\.', $cookie_domain) . ')#i', $redirect_to)) {
        $Messages->add(sprintf(T_('WARNING: you are trying to log in to <strong>%s</strong> but your cookie domain is <strong>%s</strong>. You will not be able to successfully log in to the requested domain until you fix your cookie domain in your %s configuration.'), $redirect_to, $cookie_domain, $app_name), 'error');
    }
}
if (preg_match('#/login.php([&?].*)?$#', $redirect_to)) {
    // avoid "endless loops"
    $redirect_to = $admin_url;
}
// Remove login and pwd parameters from URL, so that they do not trigger the login screen again:
$redirect_to = preg_replace('~(?<=\\?|&) (login|pwd) = [^&]+ ~x', '', $redirect_to);
$Debuglog->add('redirect_to: ' . $redirect_to);
/**
 * Display:
 */
switch ($action) {
		<!-- form to add a comment -->

		<form action="<?php 
            echo $htsrv_url;
            ?>
comment_post.php" method="post" id="commentform">



			<input type="hidden" name="comment_post_ID" value="<?php 
            $Item->ID();
            ?>
" />

			<input type="hidden" name="redirect_to" value="<?php 
            echo htmlspecialchars(url_rel_to_same_host(regenerate_url('', '', '', '&'), $htsrv_url));
            ?>
" />



			<fieldset style="border: none">



			<?php 
            if (is_logged_in()) {
                // User is logged in:
                ?>

				<p>
Example #26
0
    $message = $unsaved_message_params['message'];
    $email_author = $unsaved_message_params['sender_name'];
    $email_author_address = $unsaved_message_params['sender_address'];
}
echo str_replace('$form_title$', $params['msgform_form_title'], $params['skin_form_before']);
$Form = new Form($submit_url);
$Form->switch_template_parts($params['skin_form_params']);
$Form->begin_form('bComment');
$Form->add_crumb('newmessage');
if (isset($Blog)) {
    $Form->hidden('blog', $Blog->ID);
}
$Form->hidden('recipient_id', $recipient_id);
$Form->hidden('post_id', $post_id);
$Form->hidden('comment_id', $comment_id);
$Form->hidden('redirect_to', url_rel_to_same_host($redirect_to, get_secure_htsrv_url()));
$Form->info(T_('To'), $recipient_link);
// Note: we use funky field names in order to defeat the most basic guestbook spam bots:
// email form
$Form->text_input($dummy_fields['name'], $email_author, 40, T_('From'), T_('Your name.'), array('maxlength' => 50, 'class' => 'wide_input', 'required' => true));
$Form->text_input($dummy_fields['email'], $email_author_address, 40, T_('Email'), T_('Your email address. (Will <strong>not</strong> be displayed on this site.)'), array('maxlength' => 150, 'class' => 'wide_input', 'required' => true));
$Form->text_input($dummy_fields['subject'], $subject, 40, T_('Subject'), T_('Subject of your message.'), array('maxlength' => 255, 'class' => 'wide_input', 'required' => true));
$Form->textarea($dummy_fields['content'], $message, 15, T_('Message'), T_('Plain text only.'), 35, 'wide_textarea', true);
$Plugins->trigger_event('DisplayMessageFormFieldset', array('Form' => &$Form, 'recipient_ID' => &$recipient_id, 'item_ID' => $post_id, 'comment_ID' => $comment_id));
// Form buttons:
echo $Form->begin_field(NULL, '');
// Standard button to send a message
$Form->button_input(array('name' => 'submit_message_' . $recipient_id, 'class' => 'submit', 'value' => T_('Send message')));
// Additional buttons from plugins
$Plugins->trigger_event('DisplayMessageFormButton', array('Form' => &$Form, 'recipient_ID' => &$recipient_id, 'item_ID' => $post_id, 'comment_ID' => $comment_id));
echo $Form->end_field();
Example #27
0
            $redirect = $Blog->get('loginurl', array('glue' => '&'));
        }
        $redirect = url_add_param($redirect, 'redirect_to=' . $redirect_to, '&');
        header_redirect($redirect);
        // already exited here
        exit(0);
    }
}
/**
 * Display standard login screen:
 */
switch ($action) {
    case 'lostpassword':
        // Lost password:
        $page_title = T_('Lost your password?');
        $hidden_params = array('redirect_to' => url_rel_to_same_host($redirect_to, $secure_htsrv_url));
        $wrap_width = '480px';
        // Use the links in the form title
        $use_form_links = true;
        // Include page header:
        require $adminskins_path . 'login/_html_header.inc.php';
        // Lost password form
        $params = array('form_title_lostpass' => $page_title, 'login_form_inskin' => false, 'login_page_class' => 'evo_panel__login', 'login_page_before' => '<div class="evo_panel__lostpass">', 'login_page_after' => '</div>', 'form_class_login' => 'evo_form__login evo_form__lostpass', 'lostpass_form_params' => $login_form_params, 'lostpass_form_footer' => false, 'abort_link_text' => '<button type="button" class="close" aria-label="Close"><span aria-hidden="true">&times;</span></button>');
        require skin_fallback_path('_lostpassword.disp.php', 6);
        // Include page footer:
        require $adminskins_path . 'login/_html_footer.inc.php';
        break;
    case 'req_validatemail':
        // Send activation link by email (initial form and action)
        // Display validation form:
        require $adminskins_path . 'login/_validate_form.main.php';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<title><?php 
echo T_('Access denied');
?>
</title>
	</head>
<body>
	<div style="background-color:#fee; border: 1px solid red; text-align:center;">
		<h1><?php 
echo T_('Access denied');
?>
</h1>
		<p><?php 
echo T_('Sorry, you have no permission to access this section.');
?>
</p>
	</div>
	<p style="text-align:center;"><?php 
$secure_httsrv_url = get_secure_htsrv_url();
echo '<a href="' . $secure_httsrv_url . 'login.php?action=logout&amp;redirect_to=' . rawurlencode(url_rel_to_same_host($ReqURL, $secure_httsrv_url)) . '">' . T_('Logout') . '</a>
					&bull;
					<a href="' . $baseurl . '">' . T_('Exit to blogs') . '</a>';
?>
</p>
</body>
</html>
<?php 
exit(0);
Example #29
0
    /**
     * GLOBAL HEADER - APP TITLE, LOGOUT, ETC.
     *
     * @return string
     */
    function get_page_head()
    {
        global $app_shortname, $app_version, $current_User, $htsrv_url_sensitive, $admin_url, $baseurl, $rsc_url;
        $r = '
		<div id="header">
			<div id="headinfo">
				<span id="headfunctions">' . '<a href="' . $htsrv_url_sensitive . 'login.php?action=logout&amp;redirect_to=' . rawurlencode(url_rel_to_same_host($admin_url, $htsrv_url_sensitive)) . '">' . T_('Logout') . '</a>
					<img src="' . $rsc_url . 'icons/close.gif" width="14" height="14" border="0" class="top" alt="" title="' . T_('Logout') . '" /></a>
				</span>

				' . $app_shortname . ' v <strong>' . $app_version . '</strong>
			</div>

			<h1>' . $this->get_title_for_titlearea() . '</h1>
		</div>
		';
        return $r;
    }
Example #30
0
<?php

/**
 * This file implements the user activate info form
 *
 * This file is not meant to be called directly.
 *
 * @copyright (c)2003-2013 by Francois Planque - {@link http://fplanque.com/}.
 *
 * @package evocore
 *
 * {@internal Below is a list of authors who have contributed to design/coding of this file: }}
 * @author asimo: Evo Factory / Attila Simo
 *
 * @version $Id: $
 */
if (!defined('EVO_MAIN_INIT')) {
    die('Please, do not access this page directly.');
}
global $blog;
$redirect_to = param('redirect_to', 'url', '');
if (empty($redirect_to)) {
    $redirect_to = regenerate_url('disp');
}
$display_params = array('form_action' => $secure_htsrv_url . 'login.php', 'form_name' => 'activateinfo_form', 'form_class' => 'bComment', 'form_layout' => NULL, 'redirect_to' => url_rel_to_same_host($redirect_to, $secure_htsrv_url), 'inskin' => true, 'blog' => isset($blog) ? $blog : NULL);
// display account activate info
display_activateinfo($display_params);