/** * Test {@link url_rel_to_same_host()} */ function test_url_rel_to_same_host() { $this->assertEqual(url_rel_to_same_host('http://example.com/foobar', 'http://example.com/barfoo'), '/foobar'); $this->assertEqual(url_rel_to_same_host('http://example.com/foobar', 'https://example.com/barfoo'), 'http://example.com/foobar'); $this->assertEqual(url_rel_to_same_host('http://example.com/foobar', '/barfoo'), '/foobar'); $this->assertEqual(url_rel_to_same_host('foobar', 'http://example.com/barfoo'), 'foobar'); $this->assertEqual(url_rel_to_same_host('http://example.com/barfoo?f=b', 'https://example.com/barfoo'), 'http://example.com/barfoo?f=b'); $this->assertEqual(url_rel_to_same_host('https://example.com/barfoo?f=b#a', 'https://*****:*****@example.com/barfoo'), 'https://example.com/barfoo?f=b#a'); $this->assertEqual(url_rel_to_same_host('foobar', 'http://example.com/barfoo'), 'foobar'); // Tests for URLs without protocol // URL has protocol info, keep it. $this->assertEqual(url_rel_to_same_host('http://host/bar', '//host/baz'), 'http://host/bar'); // Target URL has protocol info, URL is protocol ambivalent. $this->assertEqual(url_rel_to_same_host('//host/bar', 'https://host/baz'), '/bar'); $this->assertEqual(url_rel_to_same_host('//host/bar', '//host/baz'), '/bar'); $this->assertEqual(url_rel_to_same_host('//hostA/bar', '//hostB/baz'), '//hostA/bar'); $this->assertEqual(url_rel_to_same_host('http://host/?query#fragment', 'http://host/'), '/?query#fragment'); $this->assertEqual(url_rel_to_same_host('http://host/0?0#0', 'http://host/'), '/0?0#0'); }
/** * Template helper function: Get a link to a message form for this user. * * @param string url of the message form * @param string to display before link * @param string to display after link * @param string link text * @param string link title * @param string class name */ function get_msgform_link($form_url = NULL, $before = ' ', $after = ' ', $text = '#', $title = '#', $class = '') { if (empty($this->email)) { // We have no email for this User :( return false; } if (empty($this->allow_msgform)) { return false; } if (is_null($form_url)) { global $Blog; $form_url = isset($Blog) ? $Blog->get('msgformurl') : ''; } $form_url = url_add_param($form_url, 'recipient_id=' . $this->ID . '&redirect_to=' . rawurlencode(url_rel_to_same_host(regenerate_url('', '', '', '&'), $form_url))); if ($title == '#') { $title = T_('Send email to user'); } if ($text == '#') { $text = get_icon('email', 'imgtag', array('class' => 'middle', 'title' => $title)); } $r = ''; $r .= $before; $r .= '<a href="' . $form_url . '" title="' . $title . '"'; if (!empty($class)) { $r .= ' class="' . $class . '"'; } $r .= '>' . $text . '</a>'; $r .= $after; return $r; }
case 'mobile': $block_item_Widget->title = T_('Choose a Mobile Phone skin'); $display_same_as_normal = true; break; case 'tablet': $block_item_Widget->title = T_('Choose a Tablet skin'); $display_same_as_normal = true; break; default: debug_die('Invalid skin type!'); } // Get what is the current skin ID from this kind of skin type $current_skin_ID = $edited_Blog->get_setting($skin_type . '_skin_ID', true); if ($current_User->check_perm('options', 'edit', false)) { // We have permission to modify: $block_item_Widget->global_icon(T_('Install new skin...'), 'new', $dispatcher . '?ctrl=skins&action=new&redirect_to=' . rawurlencode(url_rel_to_same_host(regenerate_url('', 'skinpage=selection', '', '&'), $admin_url)), T_('Install new'), 3, 4); $block_item_Widget->global_icon(T_('Keep current skin!'), 'close', regenerate_url('skinpage'), ' ' . T_('Don\'t change'), 3, 4); } $block_item_Widget->disp_template_replaced('block_start'); $SkinCache =& get_SkinCache(); $SkinCache->load_all(); if ($display_same_as_normal) { $skinshot_title = T_('Same as normal skin'); $select_url = '?ctrl=coll_settings&tab=skin&blog=' . $edited_Blog->ID . '&action=update&skinpage=selection&' . $skin_type . '_skin_ID=0&' . url_crumb('collection'); $disp_params = array('function' => 'select', 'selected' => $current_skin_ID == '0', 'select_url' => $select_url); Skin::disp_skinshot($skinshot_title, $skinshot_title, $disp_params); } $SkinCache->rewind(); while (($iterator_Skin =& $SkinCache->get_next()) != NULL) { if ($iterator_Skin->type != $skin_type) { // This skin cannot be used here...
/** * Provide link to message form for this comment's author * * @param string url of the message form * @param string to display before link * @param string to display after link * @param string link text * @param string link title * @param string class name */ function msgform_link($form_url, $before = ' ', $after = ' ', $text = '#', $title = '#', $class = '') { if ($this->get_author_User()) { // This comment is from a registered user: $msg_type = $this->author_User->get_msgform_possibility(); if (empty($msg_type)) { // message form is not allowed return false; } $form_url = url_add_param($form_url, 'recipient_id=' . $this->author_User->ID); } else { // This comment is from a visitor: if (empty($this->author_email)) { // We have no email for this comment :( return false; } elseif (empty($this->allow_msgform)) { // Anonymous commentator does not allow message form (for this comment) return false; } $msg_type = 'email'; } $form_url = url_add_param($form_url, 'recipient_id=0&comment_id=' . $this->ID . '&post_id=' . $this->item_ID . '&redirect_to=' . rawurlencode(url_rel_to_same_host(regenerate_url('', '', '', '&'), $form_url))); if ($title == '#') { if ($msg_type == 'email') { $title = T_('Send email to comment author'); } else { $title = T_('Send message to comment author'); } } if ($text == '#') { $text = get_icon('email', 'imgtag', array('class' => 'middle', 'title' => $title)); } echo $before; echo '<a href="' . $form_url . '" title="' . $title . '"'; if (!empty($class)) { echo ' class="' . $class . '"'; } // TODO: have an SEO setting for nofollow here, default to nofollow echo ' rel="nofollow"'; echo '>' . $text . '</a>'; echo $after; return true; }
echo '<ol>'; echo '<li>' . T_('Please confirm your email address below.') . '</li>'; echo '<li>' . T_('An email will be sent to this address immediately.') . '</li>'; echo '<li>' . T_('As soon as you receive the email, click on the link therein to activate your account.') . '</li>'; echo '</ol>'; $Form->text_input('email', $email, 16, T_('Email'), '', array('maxlength' => 255, 'class' => 'input_text', 'required' => true)); $Plugins->trigger_event('DisplayValidateAccountFormFieldset', array('Form' => &$Form)); // TODO: the form submit value is too wide (in Konqueror and most probably in IE!) $Form->end_form(array(array('name' => 'form_validatemail_submit', 'value' => T_('Send me an email now!'), 'class' => 'ActionButton'))); // display hidden fields etc if ($current_User->group_ID == 1) { // allow admin users to validate themselves by a single click: $Form =& new Form($htsrv_url_sensitive . 'login.php', 'form_validatemail', 'post', 'fieldset'); $Form->begin_form('fform'); $Form->hidden('action', 'validatemail'); $Form->hidden('redirect_to', url_rel_to_same_host($redirect_to, $htsrv_url_sensitive)); $Form->hidden('reqID', 1); $Form->hidden('sessID', $Session->ID); $Form->begin_fieldset(); echo '<p>' . sprintf(T_('Since you are an admin user, you can validate your email address (%s) by a single click.'), $current_User->email) . '</p>'; // TODO: the form submit value is too wide (in Konqueror and most probably in IE!) $Form->end_form(array(array('name' => 'form_validatemail_admin_submit', 'value' => T_('Activate my account!'), 'class' => 'ActionButton'))); // display hidden fields etc } ?> <div style="text-align:right"> <?php user_logout_link(); ?> </div>
$subject = $unsaved_message_params['subject']; $message = $unsaved_message_params['message']; $email_author = $unsaved_message_params['sender_name']; $email_author_address = $unsaved_message_params['sender_address']; } $Form = new Form($submit_url); $Form->switch_template_parts($params['skin_form_params']); $Form->begin_form('bComment'); $Form->add_crumb('newmessage'); if (isset($Blog)) { $Form->hidden('blog', $Blog->ID); } $Form->hidden('recipient_id', $recipient_id); $Form->hidden('post_id', $post_id); $Form->hidden('comment_id', $comment_id); $Form->hidden('redirect_to', url_rel_to_same_host($redirect_to, $samedomain_htsrv_url)); $Form->info(T_('To'), $recipient_link); // Note: we use funky field names in order to defeat the most basic guestbook spam bots: // email form $Form->text_input($dummy_fields['name'], $email_author, 40, T_('From'), T_('Your name.'), array('maxlength' => 50, 'class' => 'wide_input', 'required' => true)); $Form->text_input($dummy_fields['email'], $email_author_address, 40, T_('Email'), T_('Your email address. (Will <strong>not</strong> be displayed on this site.)'), array('maxlength' => 150, 'class' => 'wide_input', 'required' => true)); $Form->text_input($dummy_fields['subject'], $subject, 40, T_('Subject'), T_('Subject of your message.'), array('maxlength' => 255, 'class' => 'wide_input', 'required' => true)); $Form->textarea($dummy_fields['content'], $message, 15, T_('Message'), T_('Plain text only.'), 35, 'wide_textarea', true); $Plugins->trigger_event('DisplayMessageFormFieldset', array('Form' => &$Form, 'recipient_ID' => &$recipient_id, 'item_ID' => $post_id, 'comment_ID' => $comment_id)); $Form->begin_fieldset(); ?> <div class="input"> <?php $Form->button_input(array('name' => 'submit_message_' . $recipient_id, 'class' => 'submit', 'value' => T_('Send message'))); $Plugins->trigger_event('DisplayMessageFormButton', array('Form' => &$Form, 'recipient_ID' => &$recipient_id, 'item_ID' => $post_id, 'comment_ID' => $comment_id)); ?>
function get_author_msgform_link($Comment) { global $Blog; $form_url = $Blog->get('msgformurl'); if ($Comment->get_author_User()) { // This comment is from a registered user: if (empty($Comment->author_User->email)) { // We have no email for this Author :( return false; } elseif (empty($Comment->author_User->allow_msgform)) { // User does not allow message form return false; } $form_url = url_add_param($form_url, 'recipient_id=' . $Comment->author_User->ID); } else { // This comment is from a visitor: if (empty($Comment->author_email)) { // We have no email for this comment :( return false; } elseif (empty($Comment->allow_msgform)) { // Anonymous commentator does not allow message form (for this comment) return false; } } $form_url = url_add_param($form_url, 'comment_id=' . $Comment->ID . '&post_id=' . $Comment->item_ID . '&redirect_to=' . rawurlencode(url_rel_to_same_host(regenerate_url('', '', '', '&'), $form_url))); return $form_url; }
/** * Template function: Provide link to message form for this Item's author. * * @param string url of the message form * @param string to display before link * @param string to display after link * @param string link text * @param string link title * @param string class name * @return boolean true, if a link was displayed; false if there's no email address for the Item's author. */ function msgform_link($params = array()) { // Make sure we are not missing any param: $params = array_merge(array('before' => ' ', 'after' => ' ', 'text' => '#', 'title' => '#', 'class' => '', 'format' => 'htmlbody', 'form_url' => '#current_blog#'), $params); $this->get_creator_User(); if (empty($this->creator_User->email)) { // We have no email for this Author :( return false; } if (empty($this->creator_User->allow_msgform)) { return false; } if ($params['form_url'] == '#current_blog#') { // Get global $Blog; $params['form_url'] = $Blog->get('msgformurl'); } $params['form_url'] = url_add_param($params['form_url'], 'recipient_id=' . $this->creator_User->ID . '&post_id=' . $this->ID . '&redirect_to=' . rawurlencode(url_rel_to_same_host(regenerate_url('', '', '', '&'), $params['form_url']))); if ($params['title'] == '#') { $params['title'] = T_('Send email to post author'); } if ($params['text'] == '#') { $params['text'] = get_icon('email', 'imgtag', array('class' => 'middle', 'title' => $params['title'])); } echo $params['before']; echo '<a href="' . $params['form_url'] . '" title="' . $params['title'] . '"'; if (!empty($params['class'])) { echo ' class="' . $params['class'] . '"'; } echo '>' . $params['text'] . '</a>'; echo $params['after']; return true; }
/** * Get the absolute URL to the plugin's directory (where the plugins classfile is). * Trailing slash included. * * @param string Get absolute URL? (or make it relative to $ReqHost) * @return string */ function get_plugin_url($abs = false) { global $plugins_url, $plugins_path; // Get sub-path below $plugins_path, if any: $sub_path = preg_replace(':^' . preg_quote($plugins_path, ':') . ':', '', dirname($this->classfile_path) . '/'); $r = $plugins_url . $sub_path; // Use the same protocol as with current host (so includes from within https do not fail when on http): $r = url_same_protocol($r); // Make it relative to current host, if absolute is not required: if (!$abs) { global $ReqHost; $r = url_rel_to_same_host($r, $ReqHost); } return $r; }
/** * Display user activate info form content * * @param Object activateinfo Form */ function display_activateinfo($params) { global $current_User, $Settings, $UserSettings, $Plugins; global $secure_htsrv_url, $rsc_path, $rsc_url, $dummy_fields; if (!is_logged_in()) { // if this happens, it means the code is not correct somewhere before this debug_die("You must log in to see this page."); } $params = array_merge(array('use_form_wrapper' => true, 'form_before' => '', 'form_after' => '', 'form_action' => $secure_htsrv_url . 'login.php', 'form_name' => 'form_validatemail', 'form_class' => 'fform', 'form_layout' => 'fieldset', 'form_template' => NULL, 'form_title' => '', 'inskin' => false), $params); // init force request new email address param $force_request = param('force_request', 'boolean', false); // get last activation email timestamp from User Settings $last_activation_email_date = $UserSettings->get('last_activation_email', $current_User->ID); if ($force_request || empty($last_activation_email_date)) { // notification email was not sent yet, or user needs another one ( forced request ) echo $params['use_form_wrapper'] ? $params['form_before'] : ''; $Form = new Form($params['form_action'], $params['form_name'], 'post', $params['form_layout']); if (!empty($params['form_template'])) { // Switch layout to template from array $Form->switch_template_parts($params['form_template']); } $Form->begin_form($params['form_class']); $Form->add_crumb('validateform'); $Form->hidden('action', 'req_validatemail'); $Form->hidden('redirect_to', $params['redirect_to']); if ($params['inskin']) { $Form->hidden('inskin', $params['inskin']); $Form->hidden('blog', $params['blog']); } else { // Form title in standard form echo '<h4>' . $params['form_title'] . '</h4>'; } $Form->hidden('req_validatemail_submit', 1); // to know if the form has been submitted $Form->begin_fieldset(); echo '<ol>'; echo '<li>' . T_('Please confirm your email address below:') . '</li>'; echo '</ol>'; // set email text input content only if this is not a forced request. This way the user may have bigger chance to write a correct email address. $user_email = $force_request ? '' : $current_User->email; // fp> note: 45 is the max length for evopress skin. $Form->text_input($dummy_fields['email'], $user_email, 42, T_('Your email'), '', array('maxlength' => 255, 'class' => 'input_text', 'required' => true, 'input_required' => 'required')); $Form->end_fieldset(); // Submit button: $submit_button = array(array('name' => 'submit', 'value' => T_('Send me a new activation email now!'), 'class' => 'btn-primary btn-lg')); $Form->buttons_input($submit_button); if (!$params['inskin']) { $Plugins->trigger_event('DisplayValidateAccountFormFieldset', array('Form' => &$Form)); } $Form->end_form(); echo $params['use_form_wrapper'] ? $params['form_after'] : ''; return; } // get notification email from general Settings $notification_email = $Settings->get('notification_sender_email'); // convert date to timestamp $last_activation_email_ts = mysql2timestamp($last_activation_email_date); // get difference between local time and server time $time_difference = $Settings->get('time_difference'); // get last activation email local date and time $last_email_date = date(locale_datefmt(), $last_activation_email_ts + $time_difference); $last_email_time = date(locale_shorttimefmt(), $last_activation_email_ts + $time_difference); $user_email = $current_User->email; echo $params['form_before']; if (!$params['inskin']) { echo '<div class="' . $params['form_class'] . '">'; } echo '<ol start="1" class="expanded">'; $instruction = sprintf(T_('Open your email account for %s and find a message we sent you on %s at %s with the following title:'), $user_email, $last_email_date, $last_email_time); echo '<li>' . $instruction . '<br /><b>' . sprintf(T_('Activate your account: %s'), $current_User->login) . '</b>'; $request_validation_url = 'href="' . regenerate_url('', 'force_request=1&validate_required=true&redirect_to=' . $params['redirect_to']) . '"'; echo '<p>' . sprintf(T_('NOTE: If you don\'t find it, check your "Junk", "Spam" or "Unsolicited email" folders. If you really can\'t find it, <a %s>request a new activation email</a>.'), $request_validation_url) . '</p></li>'; echo '<li>' . sprintf(T_('Add us (%s) to your contacts to make sure you receive future email notifications, especially when someone sends you a private message.'), '<b><span class="nowrap">' . $notification_email . '</span></b>') . '</li>'; echo '<li><b class="red">' . T_('Click on the activation link in the email.') . '</b>'; echo '<p>' . T_('If this does not work, please copy/paste that link into the address bar of your browser.') . '</p>'; echo '<p>' . sprintf(T_('If you need assistance, please send an email to %s'), '<b><a href="mailto:"' . $notification_email . '"><span class="nowrap">' . $notification_email . '</span></a></b>') . '</p></li>'; echo '</ol>'; if ((strpos($user_email, '@hotmail.') || strpos($user_email, '@live.') || strpos($user_email, '@msn.')) && file_exists($rsc_path . 'img/login_help/hotmail-validation.png')) { // The user is on hotmail and we have a help screen to show him: (needs to be localized and include correct site name) echo '<div class="center" style="margin: 2em auto"><img src="' . $rsc_url . 'img/login_help/hotmail-validation.png" /></div>'; } elseif ((strpos($user_email, '@gmail.com') || strpos($user_email, '@googlemail.com')) && file_exists($rsc_path . 'img/login_help/gmail-validation.png')) { // The user is on hotmail and we have a help screen to show him: (needs to be localized and include correct site name) echo '<div class="center" style="margin: 2em auto"><img src="' . $rsc_url . 'img/login_help/gmail-validation.png" /></div>'; } if (!$params['inskin']) { echo '</div>'; } echo $params['form_after']; if ($current_User->grp_ID == 1) { // allow admin users to validate themselves by a single click: global $Session, $redirect_to; if (empty($redirect_to)) { // Set where to redirect $redirect_to = regenerate_url(); } echo $params['use_form_wrapper'] ? $params['form_before'] : ''; $Form = new Form($secure_htsrv_url . 'login.php', 'form_validatemail', 'post', 'fieldset'); if (!empty($params['form_template'])) { // Switch layout to template from array $Form->switch_template_parts($params['form_template']); } $Form->begin_form('evo_form__login'); $Form->add_crumb('validateform'); $Form->hidden('action', 'validatemail'); $Form->hidden('redirect_to', url_rel_to_same_host($redirect_to, $secure_htsrv_url)); $Form->hidden('reqID', 1); $Form->hidden('sessID', $Session->ID); echo '<p>' . sprintf(T_('Since you are an admin user, you can activate your account (%s) by a single click.'), $current_User->email) . '</p>'; // TODO: the form submit value is too wide (in Konqueror and most probably in IE!) $Form->end_form(array(array('name' => 'form_validatemail_admin_submit', 'value' => T_('Activate my account!'), 'class' => 'ActionButton btn btn-primary'))); // display hidden fields etc echo $params['use_form_wrapper'] ? $params['form_after'] : ''; } echo '<div class="evo_form__login_links floatright">'; user_logout_link(); echo '</div>'; }
return true; }, false ); <?php } ?> </script> <div class="login_actions" style="text-align:right"> <?php $links = array(); if ($link = get_user_register_link('', '', '', '#', true, $redirect_to)) { $links[] = $link; } if (empty($login_required) && $action != 'req_validatemail' && strpos($redirect_to, $admin_url) !== 0 && strpos($ReqHost . $redirect_to, $admin_url) !== 0) { // No login required, allow to pass through // TODO: dh> validate redirect_to param?! $links[] = '<a href="' . htmlspecialchars(url_rel_to_same_host($redirect_to, $ReqHost)) . '">' . T_('Abort login!') . '</a>'; } if (is_logged_in()) { // if we arrive here, but are logged in, provide an option to logout (e.g. during the email // validation procedure) $links[] = get_user_logout_link(); } echo implode(' · ', $links); ?> </div> <?php require dirname(__FILE__) . '/_html_footer.inc.php';
</ul> </div> <!-- ============ END FEEDS AND EXTRAS ============= --> <?php if (empty($generating_static) && !$Plugins->trigger_event_first_true('CacheIsCollectingContent')) { // We're not generating static pages nor is a caching plugin collecting the content, so we can display this block ?> <?php } ?> </div> </div> <div class="pagefoot"> <p class="center"> <a href="<?php echo $Blog->get('msgformurl') . '&recipient_id=1&redirect_to=' . rawurlencode(url_rel_to_same_host(regenerate_url('', '', '', '&'), $Blog->get('msgformurl'))); ?> " title="Contact the Admin">Contact the admin</a> / <a href="http://blog.thedarksighed.com/projectblog" title="Custom b2evo skin designs at The Dark Sighed">Original B2Evo skin design by Andrew Hreschak</a><br /> <?php // Display additional credits (see /conf/_advanced.php): display_list($credit_links, T_('Credits') . ': ', ' ', '|', ' ', ' '); ?> </p> </div> </div> <div class="footer"> <?php $Hit->log(); // log the hit on this page debug_info();
<input type="password" name="pass1" id="pass1" size="16" maxlength="50" value="" class="input_text field_required" /> <input type="password" name="pass2" id="pass2" size="16" maxlength="50" value="" class="input_text field_required" /> <span class="notes"><?php printf(T_('Minimum %d characters, please.'), $Settings->get('user_minpwdlen')); ?> </span> </div> </fieldset> <?php $Form->text_input('email', $email, 16, T_('Email'), '', array('maxlength' => 255, 'class' => 'input_text', 'required' => true)); $Form->select('locale', $locale, 'locale_options_return', T_('Locale'), T_('Preferred language')); $Plugins->trigger_event('DisplayRegisterFormFieldset', array('Form' => &$Form)); $Form->buttons_input(array(array('name' => 'submit', 'value' => T_('Register!'), 'class' => 'ActionInput'))); $Form->end_fieldset(); $Form->end_form(); // display hidden fields etc ?> <div style="text-align:right"> <a href="<?php echo $htsrv_url_sensitive . 'login.php?redirect_to=' . rawurlencode(url_rel_to_same_host($redirect_to, $htsrv_url_sensitive)); ?> "><?php echo T_('Log into existing account...'); ?> </a> </div> <?php require dirname(__FILE__) . '/_html_footer.inc.php';
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><?php echo T_('Access denied'); ?> </title> </head> <body> <div style="background-color:#fee; border: 1px solid red; text-align:center;"> <h1><?php echo T_('Access denied'); ?> </h1> <p><?php echo T_('Sorry, you have no permission to access this section.'); ?> </p> </div> <p style="text-align:center;"><?php echo '<a href="' . $htsrv_url_sensitive . 'login.php?action=logout&redirect_to=' . rawurlencode(url_rel_to_same_host($ReqHost . $ReqURI, $htsrv_url_sensitive)) . '">' . T_('Logout') . '</a> • <a href="' . $baseurl . '">' . T_('Exit to blogs') . '</a>'; ?> </p> <?php debug_info(); ?> </body> </html> <?php exit;
?> :</h4> <?php if (($Comment = get_comment_from_session()) == NULL) { $comment_author = param_cookie($cookie_name, 'string', ''); $comment_author_email = utf8_strtolower(param_cookie($cookie_email, 'string', '')); $comment_author_url = param_cookie($cookie_url, 'string', ''); $comment_text = ''; } else { $comment_author = $Comment->author; $comment_author_email = $Comment->author_email; $comment_author_url = $Comment->author_url; $comment_text = $Comment->content; } $redirect = htmlspecialchars(url_rel_to_same_host(regenerate_url('', '', '', '&'), get_htsrv_url())); ?> <!-- form to add a comment --> <form action="<?php echo get_htsrv_url(); ?> comment_post.php" method="post" id="bComment_form_id_<?php echo $Item->ID; ?> "> <input type="hidden" name="comment_item_ID" value="<?php echo $Item->ID(); ?> " />
/** * Get the URL for the logout button * * @return string */ function get_user_logout_url() { global $admin_url, $baseurl, $is_admin_page, $Blog, $secure_htsrv_url; if (!is_logged_in()) { return false; } $redirect_to = url_rel_to_same_host(regenerate_url('disp,action', '', '', '&'), $secure_htsrv_url); if (require_login($redirect_to, true)) { // if redirect_to page is a login page, or also require login ( e.g. admin.php ) if (!empty($Blog)) { // Blog is set // set redirect_to to Blog url $redirect_to = $Blog->gen_blogurl(); } else { // Blog is empty, set abort url to baseurl $redirect_to = url_rel_to_same_host($baseurl, $secure_htsrv_url); } } return $secure_htsrv_url . 'login.php?action=logout&redirect_to=' . rawurlencode($redirect_to); }
$SkinCache->load_all(); if ($display_same_as_normal) { $skinshot_title = T_('Same as normal skin'); $select_url = '?ctrl=coll_settings&tab=skin&blog=' . $edited_Blog->ID . '&action=update&skinpage=selection&' . $skin_type . '_skin_ID=0&' . url_crumb('collection'); $disp_params = array('function' => 'select', 'selected' => $current_skin_ID == '0', 'select_url' => $select_url); Skin::disp_skinshot($skinshot_title, $skinshot_title, $disp_params); } $fadeout_array = $Session->get('fadeout_array'); $SkinCache->rewind(); while (($iterator_Skin =& $SkinCache->get_next()) != NULL) { if ($iterator_Skin->type != $skin_type) { // This skin cannot be used here... continue; } $selected = $current_skin_ID == $iterator_Skin->ID; $blog_skin_param = $skin_type . '_skin_ID='; $select_url = '?ctrl=coll_settings&tab=skin&blog=' . $edited_Blog->ID . '&action=update&skinpage=selection&' . $blog_skin_param . $iterator_Skin->ID . '&' . url_crumb('collection'); $preview_url = url_add_param($edited_Blog->gen_blogurl(), 'tempskin=' . rawurlencode($iterator_Skin->folder)); $disp_params = array('function' => 'select', 'selected' => $selected, 'select_url' => $select_url, 'function_url' => $preview_url, 'highlighted' => is_array($fadeout_array) && isset($fadeout_array['skin_ID']) && in_array($iterator_Skin->ID, $fadeout_array['skin_ID'])); // Display skinshot: Skin::disp_skinshot($iterator_Skin->folder, $iterator_Skin->name, $disp_params); } // Flush fadeout $Session->delete('fadeout_array'); if ($current_User->check_perm('options', 'edit', false)) { // A link to install new skin: echo '<a href="' . $admin_url . '?ctrl=skins&action=new&redirect_to=' . rawurlencode(url_rel_to_same_host(regenerate_url('', 'skinpage=selection', '', '&'), $admin_url)) . '" class="skinshot skinshot_new">' . get_icon('new') . T_('Install New') . ' »' . '</a>'; } echo '<div class="clear"></div>'; echo '</div>'; $block_item_Widget->disp_template_replaced('block_end');
/** * This file implements the user activate info form * * This file is not meant to be called directly. * * @license GNU GPL v2 - {@link http://b2evolution.net/about/gnu-gpl-license} * * @copyright (c)2003-2015 by Francois Planque - {@link http://fplanque.com/}. * * @package evocore */ if (!defined('EVO_MAIN_INIT')) { die('Please, do not access this page directly.'); } global $blog; $redirect_to = param('redirect_to', 'url', ''); if (empty($redirect_to)) { $redirect_to = regenerate_url('disp'); } // Default params: $params = array_merge(array('skin_form_before' => '', 'skin_form_after' => '', 'activate_form_title' => '', 'activate_page_before' => '', 'activate_page_after' => '', 'activate_form_params' => NULL, 'use_form_wrapper' => true, 'display_form_messages' => false), $params); $display_params = array('use_form_wrapper' => $params['use_form_wrapper'], 'form_before' => str_replace('$form_title$', $params['activate_form_title'], $params['skin_form_before']), 'form_after' => $params['skin_form_after'], 'form_action' => $secure_htsrv_url . 'login.php', 'form_name' => 'activateinfo_form', 'form_class' => 'evo_form__activateinfo', 'form_layout' => NULL, 'redirect_to' => url_rel_to_same_host($redirect_to, $secure_htsrv_url), 'inskin' => true, 'blog' => isset($blog) ? $blog : NULL, 'form_template' => $params['activate_form_params']); echo $params['activate_page_before']; if ($params['display_form_messages']) { // Display the form messages before form inside wrapper messages(array('block_start' => '<div class="action_messages">', 'block_end' => '</div>')); } // display account activate info display_activateinfo($display_params); echo $params['activate_page_after'];
/** * Template helper function: Get a link to a message form for this user. * * @param string url of the message form * @param string to display before link * @param string to display after link * @param string link text * @param string link title * @param string class name */ function get_msgform_link($form_url = NULL, $before = ' ', $after = ' ', $text = '#', $title = '#', $class = '') { if (empty($this->email)) { // We have no email for this User :( return false; } $available_msgform = $this->get_msgform_possibility(); if (!$available_msgform) { // There is no way this user accepts receiving messages. return false; } if (is_null($form_url)) { global $Blog; $form_url = isset($Blog) ? $Blog->get('msgformurl') : ''; } $form_url = url_add_param($form_url, 'recipient_id=' . $this->ID . '&redirect_to=' . rawurlencode(url_rel_to_same_host(regenerate_url('', '', '', '&'), $form_url))); if ($title == '#') { switch ($available_msgform) { case 'email': $title = T_('Send email to user'); break; case 'PM': case 'login': default: $title = T_('Send message to user'); break; } } if ($text == '#') { $text = get_icon('email', 'imgtag', array('class' => 'middle', 'title' => $title)); } $r = ''; $r .= $before; $r .= '<a href="' . $form_url . '" title="' . $title . '"'; if (!empty($class)) { $r .= ' class="' . $class . '"'; } $r .= '>' . $text . '</a>'; $r .= $after; return $r; }
*/ if (!defined('EVO_MAIN_INIT')) { die('Please, do not access this page directly.'); } /** * Include page header: */ $page_title = T_('Registration complete'); $page_icon = 'icon_register.gif'; require dirname(__FILE__) . '/_html_header.inc.php'; // dh> TODO: this form is not really required and only used for the info fields below. $Form =& new Form($htsrv_url_sensitive . 'login.php', 'login', 'post', 'fieldset'); $Form->begin_form('fform'); $Form->hidden('login', $login); $Form->hidden('redirect_to', url_rel_to_same_host($redirect_to, $htsrv_url_sensitive)); $Form->begin_fieldset(); $Form->info(T_('Login'), $login); $Form->info(T_('Email'), $email); $Form->end_fieldset(); // Now the user has been logged in automatically at the end of the registration progress. // Allow him to proceed or go to the blogs, though he will see the "validate account" screen then, // if he has not clicked the validation link yet and validation is required. if (empty($redirect_to)) { $redirect_to = $baseurl; // dh> this was the old behaviour, I think there could be a better default } echo '<p class="center"><a href="' . htmlspecialchars(url_rel_to_same_host($redirect_to, $htsrv_url_sensitive)) . '">' . T_('Continue') . ' »</a> '; // dh> TODO: this does not seem to be sensible for dir=rtl. echo '</p>'; $Form->end_form(); require dirname(__FILE__) . '/_html_footer.inc.php';
if (empty($comment_author_url)) { // Even if we have a blank cookie, let's reset this to remind the bozos what it's for $comment_author_url = 'http://'; } $comment_content = $params['default_text']; } echo $params['form_title_start']; echo T_('Leave a comment'); echo $params['form_title_end']; $Form =& new Form($htsrv_url . 'comment_post.php', 'bComment_form_id_' . $Item->ID, 'post'); $Form->begin_form('bComment', '', array('target' => '_self')); // TODO: dh> a plugin hook would be useful here to add something to the top of the Form. // Actually, the best would be, if the $Form object could be changed by a plugin // before display! $Form->hidden('comment_post_ID', $Item->ID); $Form->hidden('redirect_to', url_rel_to_same_host(regenerate_url('', '', $Blog->get('blogurl'), '&'), $htsrv_url)); if (is_logged_in()) { // User is logged in: $Form->info_field(T_('User'), '<strong>' . $current_User->get_preferred_name() . '</strong>' . ' ' . get_user_profile_link(' [', ']', T_('Edit profile'))); } else { // User is not logged in: // Note: we use funky field names to defeat the most basic guestbook spam bots $Form->text('u', $comment_author, 40, T_('Name'), '', 100, 'bComment'); $Form->text('i', $comment_author_email, 40, T_('Email'), '<br />' . T_('Your email address will <strong>not</strong> be revealed on this site.'), 100, 'bComment'); $Form->text('o', $comment_author_url, 40, T_('Website'), '<br />' . T_('Your URL will be displayed.'), 100, 'bComment'); } if ($Item->can_rate()) { // Comment rating: echo $Form->begin_field(NULL, T_('Your vote'), true); $Comment->rating_input(); echo $Form->end_field();
/** * Template tag: Provide a link to subscription screen */ function user_subs_link($before = '', $after = '', $link_text = '', $link_title = '#') { global $current_User, $Blog, $is_admin_page; if (!is_logged_in() || $is_admin_page) { return false; } if (empty($Blog) || !$Blog->get_setting('allow_subscriptions')) { return false; } if ($link_text == '') { $link_text = T_('Subscribe'); } if ($link_title == '#') { $link_title = T_('Subscribe to email notifications'); } echo $before; echo '<a href="' . url_add_param($Blog->gen_blogurl(), 'disp=subs&redirect_to=' . rawurlencode(url_rel_to_same_host(regenerate_url('', '', '', '&'), $Blog->gen_blogurl()))) . '" title="', $link_title, '">'; printf($link_text, $current_User->login); echo '</a>'; echo $after; }
/** * Display login form * * @param array params */ function display_login_form($params) { global $Settings, $Plugins, $Session, $Blog, $blog, $dummy_fields; global $secure_htsrv_url, $admin_url, $baseurl, $ReqHost; $params = array_merge(array('form_action' => '', 'form_name' => 'login_form', 'form_layout' => '', 'form_class' => 'bComment', 'source' => 'inskin login form', 'inskin' => true, 'login_required' => true, 'validate_required' => NULL, 'redirect_to' => '', 'login' => '', 'action' => '', 'reqID' => '', 'sessID' => '', 'transmit_hashed_password' => false), $params); $inskin = $params['inskin']; $login = $params['login']; $redirect_to = $params['redirect_to']; $links = array(); if (empty($params['login_required']) && $params['action'] != 'req_validatemail' && strpos($redirect_to, $admin_url) !== 0 && strpos($ReqHost . $redirect_to, $admin_url) !== 0) { // No login required, allow to pass through // TODO: dh> validate redirect_to param?! // check if redirect_to url requires logged in user if (require_login($redirect_to, true)) { // logged in user require for redirect_to url if (!empty($blog)) { // blog is set if (empty($Blog)) { $BlogCache =& get_BlogCache(); $Blog = $BlogCache->get_by_ID($blog, false); } // set abort url to Blog url $abort_url = $Blog->gen_blogurl(); } else { // set abort login url to base url $abort_url = $baseurl; } } else { // logged in user isn't required for redirect_to url, set abort url to redirect_to $abort_url = $redirect_to; } $links[] = '<a href="' . htmlspecialchars(url_rel_to_same_host($abort_url, $ReqHost)) . '">' . T_('Abort login!') . '</a>'; } if (!$inskin && is_logged_in()) { // if we arrive here, but are logged in, provide an option to logout (e.g. during the email validation procedure) $links[] = get_user_logout_link(); } if (count($links)) { echo '<div style="float:right; margin: 0 1em">' . implode($links, ' · ') . '</div> <div class="clear"></div>'; } $Form = new Form($params['form_action'], $params['form_name'], 'post', $params['form_layout']); $Form->begin_form($params['form_class']); $Form->add_crumb('loginform'); $source = param('source', 'string', $params['source'] . ' login form'); $Form->hidden('source', $source); $Form->hidden('redirect_to', $redirect_to); if ($inskin) { // inskin login form $Form->hidden('inskin', true); $separator = '<br />'; } else { // standard login form $Form->hidden('validate_required', $params['validate_required']); if (isset($params['action'], $params['reqID'], $params['sessID']) && $params['action'] == 'validatemail') { // the user clicked the link from the "validate your account" email, but has not been logged in; pass on the relevant data: $Form->hidden('action', 'validatemail'); $Form->hidden('reqID', $params['reqID']); $Form->hidden('sessID', $params['sessID']); } $separator = ''; } // check if should transmit hashed password if ($params['transmit_hashed_password']) { // used by JS-password encryption/hashing: $pwd_salt = $Session->get('core.pwd_salt'); if (empty($pwd_salt)) { // Do not regenerate if already set because we want to reuse the previous salt on login screen reloads // fp> Question: the comment implies that the salt is reset even on failed login attemps. Why that? I would only have reset it on successful login. Do experts recommend it this way? // but if you kill the session you get a new salt anyway, so it's no big deal. // At that point, why not reset the salt at every reload? (it may be good to keep it, but I think the reason should be documented here) $pwd_salt = generate_random_key(64); $Session->set('core.pwd_salt', $pwd_salt, 86400); $Session->dbsave(); // save now, in case there's an error later, and not saving it would prevent the user from logging in. } $Form->hidden('pwd_salt', $pwd_salt); $Form->hidden('pwd_hashed', ''); // gets filled by JS } $Form->begin_field(); $Form->text_input($dummy_fields['login'], $params['login'], 18, T_('Login'), $separator . T_('Enter your username (or email address).'), array('maxlength' => 255, 'class' => 'input_text', 'required' => true)); $Form->end_field(); if ($inskin) { $lost_password_url = regenerate_url('disp', 'disp=lostpassword'); } else { $lost_password_url = $secure_htsrv_url . 'login.php?action=lostpassword&redirect_to=' . rawurlencode(url_rel_to_same_host($redirect_to, $secure_htsrv_url)); } if (!empty($login)) { $lost_password_url .= '&' . $dummy_fields['login'] . '=' . rawurlencode($login); } $pwd_note = $pwd_note = '<a href="' . $lost_password_url . '">' . T_('Lost password ?') . '</a>'; $Form->begin_field(); $Form->password_input($dummy_fields['pwd'], '', 18, T_('Password'), array('note' => $pwd_note, 'maxlength' => 70, 'class' => 'input_text', 'required' => true)); $Form->end_field(); // Allow a plugin to add fields/payload $Plugins->trigger_event('DisplayLoginFormFieldset', array('Form' => &$Form)); // Submit button(s): $submit_buttons = array(array('name' => 'login_action[login]', 'value' => T_('Log in!'), 'class' => 'search', 'style' => 'font-size: 120%')); if (!$inskin && strpos($redirect_to, $admin_url) !== 0 && strpos($ReqHost . $redirect_to, $admin_url) !== 0 && !is_admin_page()) { // provide button to log straight into backoffice, if we would not go there anyway $submit_buttons[] = array('name' => 'login_action[redirect_to_backoffice]', 'value' => T_('Log into backoffice!'), 'class' => 'search'); } $Form->buttons_input($submit_buttons); if ($inskin) { $before_register_link = '<strong>'; $after_register_link = '</strong>'; $register_link_style = 'text-align:right; margin: 1em 0 1ex'; } else { echo '<div class="center notes" style="margin: 1em 0">' . T_('You will have to accept cookies in order to log in.') . '</div>'; // Passthrough REQUEST data (when login is required after having POSTed something) // (Exclusion of 'login_action', 'login', and 'action' has been removed. This should get handled via detection in Form (included_input_field_names), // and "action" is protected via crumbs) $Form->hiddens_by_key(remove_magic_quotes($_REQUEST)); $before_register_link = ''; $after_register_link = ''; $register_link_style = 'text-align:right'; } echo '<div class="login_actions" style="' . $register_link_style . '">'; echo get_user_register_link($before_register_link, $after_register_link, T_('No account yet? Register here') . ' »', '#', true, $redirect_to, $source); echo '</div>'; $Form->end_form(); echo '<script type="text/javascript">'; // Autoselect login text input or pwd input, if there\'s a login already: echo 'var login = document.getElementById("' . $dummy_fields['login'] . '"); if( login.value.length > 0 ) { // Focus on the password field: document.getElementById("' . $dummy_fields['pwd'] . '").focus(); } else { // Focus on the login field: login.focus(); }'; if ($params['transmit_hashed_password']) { // Hash the password onsubmit and clear the original pwd field // TODO: dh> it would be nice to disable the clicked/used submit button. That's how it has been when the submit was attached to the submit button(s) echo 'addEvent( document.getElementById("login_form"), "submit", function(){' . 'var form = document.getElementById("login_form");' . 'if( form.pwd_hashed && form.' . $dummy_fields['pwd'] . ' && form.pwd_salt && typeof hex_sha1 != "undefined" && typeof hex_md5 != "undefined" ) {' . 'form.pwd_hashed.value = hex_sha1( hex_md5(form.' . $dummy_fields['pwd'] . '.value) + form.pwd_salt.value ); form.' . $dummy_fields['pwd'] . '.value = "padding_padding_padding_padding_padding_padding_hashed_' . $Session->ID . '";' . '} return true; }, false );'; } echo '</script>'; }
} if (!defined('EVO_MAIN_INIT')) { // Do not check this if the form was included inside of _main.inc // echo $htsrv_url_sensitive.'login.php'; // echo '<br>'.$ReqHost.$ReqPath; if ($ReqHost . $ReqPath != $htsrv_url_sensitive . 'login.php') { $Messages->add(sprintf(T_('WARNING: you are trying to log in on <strong>%s</strong> but we expect you to log in on <strong>%s</strong>. If this is due to an automatic redirect, this will prevent you from successfully loging in. You must either fix your webserver configuration, or your %s configuration in order for these two URLs to match.'), $ReqHost . $ReqPath, $htsrv_url_sensitive . 'login.php', $app_name), 'error'); } } // Note: the following regexp would fail when loging on to the same domain, because cookie_domain starts with a dot '.' // However, same domain logins will happen with a relative redirect_to, so it is covered with '^/' // (forms should use e.g. "url_rel_to_same_host($redirect_to, $htsrv_url_sensitive)" for this) if (strlen($redirect_to)) { // Make it relative to the form's target, in case it has been set absolute (and can be made relative). // Just in case it gets sent absolute. This should not trigger this warning then..! $redirect_to = url_rel_to_same_host($redirect_to, $htsrv_url_sensitive); if (!preg_match('#^/|(https?://[a-z\\-.]*' . str_replace('.', '\\.', $cookie_domain) . ')#i', $redirect_to)) { $Messages->add(sprintf(T_('WARNING: you are trying to log in to <strong>%s</strong> but your cookie domain is <strong>%s</strong>. You will not be able to successfully log in to the requested domain until you fix your cookie domain in your %s configuration.'), $redirect_to, $cookie_domain, $app_name), 'error'); } } if (preg_match('#/login.php([&?].*)?$#', $redirect_to)) { // avoid "endless loops" $redirect_to = $admin_url; } // Remove login and pwd parameters from URL, so that they do not trigger the login screen again: $redirect_to = preg_replace('~(?<=\\?|&) (login|pwd) = [^&]+ ~x', '', $redirect_to); $Debuglog->add('redirect_to: ' . $redirect_to); /** * Display: */ switch ($action) {
<!-- form to add a comment --> <form action="<?php echo $htsrv_url; ?> comment_post.php" method="post" id="commentform"> <input type="hidden" name="comment_post_ID" value="<?php $Item->ID(); ?> " /> <input type="hidden" name="redirect_to" value="<?php echo htmlspecialchars(url_rel_to_same_host(regenerate_url('', '', '', '&'), $htsrv_url)); ?> " /> <fieldset style="border: none"> <?php if (is_logged_in()) { // User is logged in: ?> <p>
$message = $unsaved_message_params['message']; $email_author = $unsaved_message_params['sender_name']; $email_author_address = $unsaved_message_params['sender_address']; } echo str_replace('$form_title$', $params['msgform_form_title'], $params['skin_form_before']); $Form = new Form($submit_url); $Form->switch_template_parts($params['skin_form_params']); $Form->begin_form('bComment'); $Form->add_crumb('newmessage'); if (isset($Blog)) { $Form->hidden('blog', $Blog->ID); } $Form->hidden('recipient_id', $recipient_id); $Form->hidden('post_id', $post_id); $Form->hidden('comment_id', $comment_id); $Form->hidden('redirect_to', url_rel_to_same_host($redirect_to, get_secure_htsrv_url())); $Form->info(T_('To'), $recipient_link); // Note: we use funky field names in order to defeat the most basic guestbook spam bots: // email form $Form->text_input($dummy_fields['name'], $email_author, 40, T_('From'), T_('Your name.'), array('maxlength' => 50, 'class' => 'wide_input', 'required' => true)); $Form->text_input($dummy_fields['email'], $email_author_address, 40, T_('Email'), T_('Your email address. (Will <strong>not</strong> be displayed on this site.)'), array('maxlength' => 150, 'class' => 'wide_input', 'required' => true)); $Form->text_input($dummy_fields['subject'], $subject, 40, T_('Subject'), T_('Subject of your message.'), array('maxlength' => 255, 'class' => 'wide_input', 'required' => true)); $Form->textarea($dummy_fields['content'], $message, 15, T_('Message'), T_('Plain text only.'), 35, 'wide_textarea', true); $Plugins->trigger_event('DisplayMessageFormFieldset', array('Form' => &$Form, 'recipient_ID' => &$recipient_id, 'item_ID' => $post_id, 'comment_ID' => $comment_id)); // Form buttons: echo $Form->begin_field(NULL, ''); // Standard button to send a message $Form->button_input(array('name' => 'submit_message_' . $recipient_id, 'class' => 'submit', 'value' => T_('Send message'))); // Additional buttons from plugins $Plugins->trigger_event('DisplayMessageFormButton', array('Form' => &$Form, 'recipient_ID' => &$recipient_id, 'item_ID' => $post_id, 'comment_ID' => $comment_id)); echo $Form->end_field();
$redirect = $Blog->get('loginurl', array('glue' => '&')); } $redirect = url_add_param($redirect, 'redirect_to=' . $redirect_to, '&'); header_redirect($redirect); // already exited here exit(0); } } /** * Display standard login screen: */ switch ($action) { case 'lostpassword': // Lost password: $page_title = T_('Lost your password?'); $hidden_params = array('redirect_to' => url_rel_to_same_host($redirect_to, $secure_htsrv_url)); $wrap_width = '480px'; // Use the links in the form title $use_form_links = true; // Include page header: require $adminskins_path . 'login/_html_header.inc.php'; // Lost password form $params = array('form_title_lostpass' => $page_title, 'login_form_inskin' => false, 'login_page_class' => 'evo_panel__login', 'login_page_before' => '<div class="evo_panel__lostpass">', 'login_page_after' => '</div>', 'form_class_login' => 'evo_form__login evo_form__lostpass', 'lostpass_form_params' => $login_form_params, 'lostpass_form_footer' => false, 'abort_link_text' => '<button type="button" class="close" aria-label="Close"><span aria-hidden="true">×</span></button>'); require skin_fallback_path('_lostpassword.disp.php', 6); // Include page footer: require $adminskins_path . 'login/_html_footer.inc.php'; break; case 'req_validatemail': // Send activation link by email (initial form and action) // Display validation form: require $adminskins_path . 'login/_validate_form.main.php';
?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><?php echo T_('Access denied'); ?> </title> </head> <body> <div style="background-color:#fee; border: 1px solid red; text-align:center;"> <h1><?php echo T_('Access denied'); ?> </h1> <p><?php echo T_('Sorry, you have no permission to access this section.'); ?> </p> </div> <p style="text-align:center;"><?php $secure_httsrv_url = get_secure_htsrv_url(); echo '<a href="' . $secure_httsrv_url . 'login.php?action=logout&redirect_to=' . rawurlencode(url_rel_to_same_host($ReqURL, $secure_httsrv_url)) . '">' . T_('Logout') . '</a> • <a href="' . $baseurl . '">' . T_('Exit to blogs') . '</a>'; ?> </p> </body> </html> <?php exit(0);
/** * GLOBAL HEADER - APP TITLE, LOGOUT, ETC. * * @return string */ function get_page_head() { global $app_shortname, $app_version, $current_User, $htsrv_url_sensitive, $admin_url, $baseurl, $rsc_url; $r = ' <div id="header"> <div id="headinfo"> <span id="headfunctions">' . '<a href="' . $htsrv_url_sensitive . 'login.php?action=logout&redirect_to=' . rawurlencode(url_rel_to_same_host($admin_url, $htsrv_url_sensitive)) . '">' . T_('Logout') . '</a> <img src="' . $rsc_url . 'icons/close.gif" width="14" height="14" border="0" class="top" alt="" title="' . T_('Logout') . '" /></a> </span> ' . $app_shortname . ' v <strong>' . $app_version . '</strong> </div> <h1>' . $this->get_title_for_titlearea() . '</h1> </div> '; return $r; }
<?php /** * This file implements the user activate info form * * This file is not meant to be called directly. * * @copyright (c)2003-2013 by Francois Planque - {@link http://fplanque.com/}. * * @package evocore * * {@internal Below is a list of authors who have contributed to design/coding of this file: }} * @author asimo: Evo Factory / Attila Simo * * @version $Id: $ */ if (!defined('EVO_MAIN_INIT')) { die('Please, do not access this page directly.'); } global $blog; $redirect_to = param('redirect_to', 'url', ''); if (empty($redirect_to)) { $redirect_to = regenerate_url('disp'); } $display_params = array('form_action' => $secure_htsrv_url . 'login.php', 'form_name' => 'activateinfo_form', 'form_class' => 'bComment', 'form_layout' => NULL, 'redirect_to' => url_rel_to_same_host($redirect_to, $secure_htsrv_url), 'inskin' => true, 'blog' => isset($blog) ? $blog : NULL); // display account activate info display_activateinfo($display_params);