* @copyright (c)2009-2015 by Francois Planque - {@link http://fplanque.com/}
* Parts of this file are copyright (c)2009 by The Evo Factory - {@link http://www.evofactory.com/}.
*
* @package evocore
*/
if (!defined('EVO_MAIN_INIT')) {
die('Please, do not access this page directly.');
}
load_class('users/model/_userfieldgroup.class.php', 'UserfieldGroup');
/**
* @var Userfield
*/
global $edited_UserfieldGroup;
// Determine if we are creating or updating...
global $action;
$creating = is_create_action($action);
$Form = new Form(NULL, 'userfieldgroup_checkchanges', 'post', 'compact');
$Form->global_icon(T_('Delete this user field group!'), 'delete', regenerate_url('action', 'action=delete&' . url_crumb('userfieldgroup')));
$Form->global_icon(T_('Cancel editing!'), 'close', '?ctrl=userfields');
$Form->begin_form('fform', $creating ? T_('New user field group') : T_('User field group'));
$Form->add_crumb('userfieldgroup');
$Form->hiddens_by_key(get_memorized('action' . ($creating ? ',ufgp_ID' : '')));
// (this allows to come back to the right list order & page)
$Form->hidden('ufgp_ID', $edited_UserfieldGroup->ID);
$Form->text_input('ufgp_name', $edited_UserfieldGroup->name, 50, T_('Name'), '', array('maxlength' => 255, 'required' => true));
$Form->text_input('ufgp_order', $edited_UserfieldGroup->order, 50, T_('Order number'), '', array('maxlength' => 11, 'required' => true));
if ($creating) {
$Form->end_form(array(array('submit', 'actionArray[create]', T_('Record'), 'SaveButton'), array('submit', 'actionArray[create_new]', T_('Record, then Create New'), 'SaveButton'), array('submit', 'actionArray[create_copy]', T_('Record, then Create Similar'), 'SaveButton')));
} else {
$Form->end_form(array(array('submit', 'actionArray[update]', T_('Save Changes!'), 'SaveButton')));
}
* @copyright (c)2003-2015 by Francois Planque - {@link http://fplanque.com/}
*
* @package admin
*/
if (!defined('EVO_MAIN_INIT')) {
die('Please, do not access this page directly.');
}
global $localtimenow, $edited_Cronjob;
// Determine if we are creating or updating...
global $action;
$creating = is_create_action($action);
$Form = new Form(NULL, 'cronjob');
$Form->global_icon(T_('Cancel!'), 'close', regenerate_url('action'));
$Form->begin_form('fform', $creating ? T_('New scheduled job') : T_('Edit scheduled job'));
$Form->add_crumb('crontask');
$Form->hiddens_by_key(get_memorized('action'));
$Form->hidden('action', $creating ? 'create' : 'update');
$Form->begin_fieldset(T_('Job details') . get_manual_link('scheduled-job-form'));
if ($creating && $action != 'copy') {
// New cronjob
$cron_jobs_names = get_cron_jobs_config('name');
// Exclude these cron jobs from manual creating
unset($cron_jobs_names['send-post-notifications']);
unset($cron_jobs_names['send-comment-notifications']);
$Form->select_input_array('cjob_type', get_param('cjob_type'), $cron_jobs_names, T_('Job type'));
} else {
// Edit cronjob
if ($action == 'edit') {
$Form->info(T_('Job #'), $edited_Cronjob->ID);
}
$Form->info(T_('Default job name'), cron_job_name($edited_Cronjob->key, '', $edited_Cronjob->params));
/**
* Display login form
*
* @param array params
*/
function display_login_form($params)
{
global $Settings, $Plugins, $Session, $Blog, $blog, $dummy_fields;
global $secure_htsrv_url, $admin_url, $baseurl, $ReqHost;
$params = array_merge(array('form_action' => '', 'form_name' => 'login_form', 'form_layout' => '', 'form_class' => 'bComment', 'source' => 'inskin login form', 'inskin' => true, 'login_required' => true, 'validate_required' => NULL, 'redirect_to' => '', 'login' => '', 'action' => '', 'reqID' => '', 'sessID' => '', 'transmit_hashed_password' => false), $params);
$inskin = $params['inskin'];
$login = $params['login'];
$redirect_to = $params['redirect_to'];
$links = array();
if (empty($params['login_required']) && $params['action'] != 'req_validatemail' && strpos($redirect_to, $admin_url) !== 0 && strpos($ReqHost . $redirect_to, $admin_url) !== 0) {
// No login required, allow to pass through
// TODO: dh> validate redirect_to param?!
// check if redirect_to url requires logged in user
if (require_login($redirect_to, true)) {
// logged in user require for redirect_to url
if (!empty($blog)) {
// blog is set
if (empty($Blog)) {
$BlogCache =& get_BlogCache();
$Blog = $BlogCache->get_by_ID($blog, false);
}
// set abort url to Blog url
$abort_url = $Blog->gen_blogurl();
} else {
// set abort login url to base url
$abort_url = $baseurl;
}
} else {
// logged in user isn't required for redirect_to url, set abort url to redirect_to
$abort_url = $redirect_to;
}
$links[] = '<a href="' . htmlspecialchars(url_rel_to_same_host($abort_url, $ReqHost)) . '">' . T_('Abort login!') . '</a>';
}
if (!$inskin && is_logged_in()) {
// if we arrive here, but are logged in, provide an option to logout (e.g. during the email validation procedure)
$links[] = get_user_logout_link();
}
if (count($links)) {
echo '<div style="float:right; margin: 0 1em">' . implode($links, ' · ') . '</div>
<div class="clear"></div>';
}
$Form = new Form($params['form_action'], $params['form_name'], 'post', $params['form_layout']);
$Form->begin_form($params['form_class']);
$Form->add_crumb('loginform');
$source = param('source', 'string', $params['source'] . ' login form');
$Form->hidden('source', $source);
$Form->hidden('redirect_to', $redirect_to);
if ($inskin) {
// inskin login form
$Form->hidden('inskin', true);
$separator = '<br />';
} else {
// standard login form
$Form->hidden('validate_required', $params['validate_required']);
if (isset($params['action'], $params['reqID'], $params['sessID']) && $params['action'] == 'validatemail') {
// the user clicked the link from the "validate your account" email, but has not been logged in; pass on the relevant data:
$Form->hidden('action', 'validatemail');
$Form->hidden('reqID', $params['reqID']);
$Form->hidden('sessID', $params['sessID']);
}
$separator = '';
}
// check if should transmit hashed password
if ($params['transmit_hashed_password']) {
// used by JS-password encryption/hashing:
$pwd_salt = $Session->get('core.pwd_salt');
if (empty($pwd_salt)) {
// Do not regenerate if already set because we want to reuse the previous salt on login screen reloads
// fp> Question: the comment implies that the salt is reset even on failed login attemps. Why that? I would only have reset it on successful login. Do experts recommend it this way?
// but if you kill the session you get a new salt anyway, so it's no big deal.
// At that point, why not reset the salt at every reload? (it may be good to keep it, but I think the reason should be documented here)
$pwd_salt = generate_random_key(64);
$Session->set('core.pwd_salt', $pwd_salt, 86400);
$Session->dbsave();
// save now, in case there's an error later, and not saving it would prevent the user from logging in.
}
$Form->hidden('pwd_salt', $pwd_salt);
$Form->hidden('pwd_hashed', '');
// gets filled by JS
}
$Form->begin_field();
$Form->text_input($dummy_fields['login'], $params['login'], 18, T_('Login'), $separator . T_('Enter your username (or email address).'), array('maxlength' => 255, 'class' => 'input_text', 'required' => true));
$Form->end_field();
if ($inskin) {
$lost_password_url = regenerate_url('disp', 'disp=lostpassword');
} else {
$lost_password_url = $secure_htsrv_url . 'login.php?action=lostpassword&redirect_to=' . rawurlencode(url_rel_to_same_host($redirect_to, $secure_htsrv_url));
}
if (!empty($login)) {
$lost_password_url .= '&' . $dummy_fields['login'] . '=' . rawurlencode($login);
}
$pwd_note = $pwd_note = '<a href="' . $lost_password_url . '">' . T_('Lost password ?') . '</a>';
$Form->begin_field();
$Form->password_input($dummy_fields['pwd'], '', 18, T_('Password'), array('note' => $pwd_note, 'maxlength' => 70, 'class' => 'input_text', 'required' => true));
$Form->end_field();
// Allow a plugin to add fields/payload
$Plugins->trigger_event('DisplayLoginFormFieldset', array('Form' => &$Form));
// Submit button(s):
$submit_buttons = array(array('name' => 'login_action[login]', 'value' => T_('Log in!'), 'class' => 'search', 'style' => 'font-size: 120%'));
if (!$inskin && strpos($redirect_to, $admin_url) !== 0 && strpos($ReqHost . $redirect_to, $admin_url) !== 0 && !is_admin_page()) {
// provide button to log straight into backoffice, if we would not go there anyway
$submit_buttons[] = array('name' => 'login_action[redirect_to_backoffice]', 'value' => T_('Log into backoffice!'), 'class' => 'search');
}
$Form->buttons_input($submit_buttons);
if ($inskin) {
$before_register_link = '<strong>';
$after_register_link = '</strong>';
$register_link_style = 'text-align:right; margin: 1em 0 1ex';
} else {
echo '<div class="center notes" style="margin: 1em 0">' . T_('You will have to accept cookies in order to log in.') . '</div>';
// Passthrough REQUEST data (when login is required after having POSTed something)
// (Exclusion of 'login_action', 'login', and 'action' has been removed. This should get handled via detection in Form (included_input_field_names),
// and "action" is protected via crumbs)
$Form->hiddens_by_key(remove_magic_quotes($_REQUEST));
$before_register_link = '';
$after_register_link = '';
$register_link_style = 'text-align:right';
}
echo '<div class="login_actions" style="' . $register_link_style . '">';
echo get_user_register_link($before_register_link, $after_register_link, T_('No account yet? Register here') . ' »', '#', true, $redirect_to, $source);
echo '</div>';
$Form->end_form();
echo '<script type="text/javascript">';
// Autoselect login text input or pwd input, if there\'s a login already:
echo 'var login = document.getElementById("' . $dummy_fields['login'] . '");
if( login.value.length > 0 )
{ // Focus on the password field:
document.getElementById("' . $dummy_fields['pwd'] . '").focus();
}
else
{ // Focus on the login field:
login.focus();
}';
if ($params['transmit_hashed_password']) {
// Hash the password onsubmit and clear the original pwd field
// TODO: dh> it would be nice to disable the clicked/used submit button. That's how it has been when the submit was attached to the submit button(s)
echo 'addEvent( document.getElementById("login_form"), "submit", function(){' . 'var form = document.getElementById("login_form");' . 'if( form.pwd_hashed && form.' . $dummy_fields['pwd'] . ' && form.pwd_salt && typeof hex_sha1 != "undefined" && typeof hex_md5 != "undefined" )
{' . 'form.pwd_hashed.value = hex_sha1( hex_md5(form.' . $dummy_fields['pwd'] . '.value) + form.pwd_salt.value );
form.' . $dummy_fields['pwd'] . '.value = "padding_padding_padding_padding_padding_padding_hashed_' . $Session->ID . '";' . '}
return true;
}, false );';
}
echo '</script>';
}
}
/**
* @global File
*/
global $edited_File, $selected_Filelist;
global $blog, $filename_max_length;
$edit_allowed_perm = $current_User->check_perm('files', 'edit_allowed', false, $selected_Filelist->get_FileRoot());
$Form = new Form(NULL, 'fm_properties_checkchanges');
if (get_param('mode') != 'modal') {
$Form->global_icon(T_('Close properties!'), 'close', regenerate_url());
}
$Form->begin_form('fform', get_param('mode') == 'modal' ? '' : T_('File properties'));
$Form->add_crumb('file');
$Form->hidden_ctrl();
$Form->hidden('action', 'update_properties');
$Form->hiddens_by_key(get_memorized());
$Form->begin_fieldset(T_('Properties'));
if ($edit_allowed_perm) {
// User can edit:
$Form->text('name', $edited_File->dget('name'), 32, T_('Filename'), T_('This is the name of the file on the server hard drive.'), $filename_max_length);
} else {
// User can view only:
$Form->info(T_('Filename'), $edited_File->dget('name'), T_('This is the name of the file on the server hard drive.'));
}
$Form->info(T_('Type'), $edited_File->get_icon() . ' ' . $edited_File->get_type());
$Form->end_fieldset();
$Form->begin_fieldset(T_('Meta data'));
if ($edit_allowed_perm) {
// User can edit:
$Form->text('title', $edited_File->title, 50, T_('Long title'), T_('This is a longer descriptive title'), 255);
$Form->text('alt', $edited_File->alt, 50, T_('Alternative text'), T_('This is useful for images'), 255);
/**
* Event handler: Gets invoked when our tab is selected and should get displayed.
*
* @see Plugin::AdminTabPayload()
*/
function AdminTabPayload()
{
echo 'Hello, this is the AdminTabPayload for the TEST plugin.';
echo $this->text_from_AdminTabAction;
// TODO: this is tedious.. should either be a global function (get_admin_Form()) or a plugin helper..
$Form = new Form();
$Form->begin_form();
$Form->add_crumb('plugin_test');
$Form->hidden_ctrl();
// needed to pass the "ctrl=tools" param
$Form->hiddens_by_key(get_memorized());
// needed to pass all other memorized params, especially "tab"
$Form->text_input($this->get_class_id() . '_text', $this->param_text, '20', 'Text');
$Form->button_input();
// default "submit" button
$Form->end_form();
}
<?php
break;
case 'uninstall':
// We come here either if the plugin requested a call to BeforeUninstallPayload() or if there are tables to be dropped {{{
?>
<div class="panelinfo">
<?php
$Form = new Form('', 'uninstall_plugin', 'post', 'compact');
$Form->global_icon(T_('Cancel uninstall!'), 'close', regenerate_url());
$Form->begin_form('fform', sprintf(T_('Uninstall plugin #%d (%s)'), $edit_Plugin->ID, $edit_Plugin->name));
$Form->add_crumb('plugin');
// We may need to use memorized params in the next page
$Form->hiddens_by_key(get_memorized('action,plugin_ID'));
$Form->hidden('action', 'uninstall');
$Form->hidden('plugin_ID', $edit_Plugin->ID);
$Form->hidden('uninstall_confirmed_drop', 1);
if ($uninstall_tables_to_drop) {
echo '<p>' . T_('Uninstalling this plugin will also delete its database tables:') . '</p>' . '<ul>' . '<li>' . implode('</li><li>', $uninstall_tables_to_drop) . '</li>' . '</ul>';
}
if ($uninstall_ok === NULL) {
// Plugin requested this:
$admin_Plugins->call_method($edit_Plugin->ID, 'BeforeUninstallPayload', $params = array('Form' => &$Form));
}
echo '<p>' . T_('THIS CANNOT BE UNDONE!') . '</p>';
$Form->submit(array('', T_('I am sure!'), 'DeleteButton btn-danger'));
$Form->end_form();
?>
*/
global $LinkOwner;
global $edited_User;
global $Blog, $blog;
global $fm_mode, $fm_hide_dirtree, $create_name, $ads_list_path, $mode;
// Abstract data we want to pass through:
global $linkctrl, $linkdata;
// Name of the iframe we want some actions to come back to:
global $iframe_name;
$Form = new Form(NULL, 'FilesForm', 'post', 'none');
$Form->begin_form();
$Form->hidden_ctrl();
$Form->hidden('confirmed', '0');
$Form->hidden('md5_filelist', $fm_Filelist->md5_checksum());
$Form->hidden('md5_cwd', md5($fm_Filelist->get_ads_list_path()));
$Form->hiddens_by_key(get_memorized('fm_selected'));
// 'fm_selected' gets provided by the form itself
?>
<table class="filelist table table-striped table-bordered table-hover table-condensed">
<thead>
<?php
/***************** Col headers ****************/
echo '<tr>';
// "Go to parent" icon
echo '<th class="firstcol">';
if (empty($fm_Filelist->_rds_list_path)) {
// cannot go higher
echo ' ';
// for IE
} else {
echo action_icon(T_('Go to parent folder'), 'folder_parent', regenerate_url('path', 'path=' . $fm_Filelist->_rds_list_path . '..'));
<?php
/**
* This file is part of b2evolution - {@link http://b2evolution.net/}
* See also {@link https://github.com/b2evolution/b2evolution}.
*
* @license GNU GPL v2 - {@link http://b2evolution.net/about/gnu-gpl-license}
*
* @copyright (c)2009-2015 by Francois Planque - {@link http://fplanque.com/}
* Parts of this file are copyright (c)2009 by The Evo Factory - {@link http://www.evofactory.com/}.
*
* Released under GNU GPL License - {@link http://b2evolution.net/about/gnu-gpl-license}
*
* @package maintenance
*/
if (!defined('EVO_MAIN_INIT')) {
die('Please, do not access this page directly.');
}
global $updates, $UserSettings;
$Form = new Form(NULL, 'upgrade_form', 'post', 'compact');
$Form->add_crumb('upgrade_export');
$Form->hiddens_by_key(get_memorized('action'), array('svn_url', 'svn_folder', 'svn_user', 'svn_password', 'svn_revision'));
$Form->begin_form('fform', T_('Upgrade from SVN') . get_manual_link('upgrade-from-svn'));
$Form->text_input('svn_url', $UserSettings->get('svn_upgrade_url'), 80, T_('URL of repository'), T_('e.g. https://server.com/svn/repository/'), array('maxlength' => 300, 'required' => true));
$Form->text_input('svn_folder', $UserSettings->get('svn_upgrade_folder'), 80, T_('SVN folder'), T_('e.g. trunk/blogs/'), array('maxlength' => 300));
$Form->text_input('svn_user', $UserSettings->get('svn_upgrade_user'), 32, T_('Login'), '', array('maxlength' => 300));
$Form->password_input('svn_password', get_param('svn_password'), 32, T_('Password'), '', array('maxlength' => 300));
$Form->text_input('svn_revision', $UserSettings->get('svn_upgrade_revision'), 7, T_('Revision'), T_('Leave blank to get the latest revision'));
$Form->end_form(array(array('submit', 'actionArray[export_svn]', T_('Export revision from SVN...'), 'SaveButton')));
/**
* Display login form
*
* @param array params
*/
function display_login_form($params)
{
global $Settings, $Plugins, $Session, $Blog, $blog, $dummy_fields;
global $secure_htsrv_url, $admin_url, $baseurl, $ReqHost, $redirect_to;
$params = array_merge(array('form_before' => '', 'form_after' => '', 'form_action' => '', 'form_name' => 'login_form', 'form_title' => '', 'form_layout' => '', 'form_class' => 'bComment', 'source' => 'inskin login form', 'inskin' => true, 'inskin_urls' => true, 'login_required' => true, 'validate_required' => NULL, 'redirect_to' => '', 'return_to' => '', 'login' => '', 'action' => '', 'reqID' => '', 'sessID' => '', 'transmit_hashed_password' => false, 'display_abort_link' => true, 'abort_link_position' => 'above_form', 'abort_link_text' => T_('Abort login!'), 'display_reg_link' => false), $params);
$inskin = $params['inskin'];
$login = $params['login'];
$redirect_to = $params['redirect_to'];
$return_to = $params['return_to'];
$links = array();
$form_links = array();
if ($params['display_abort_link'] && empty($params['login_required']) && $params['action'] != 'req_validatemail' && strpos($return_to, $admin_url) !== 0 && strpos($ReqHost . $return_to, $admin_url) !== 0) {
// No login required, allow to pass through
// TODO: dh> validate return_to param?!
// check if return_to url requires logged in user
if (empty($return_to) || require_login($return_to, true)) {
// logged in user require for return_to url
if (!empty($blog)) {
// blog is set
if (empty($Blog)) {
$BlogCache =& get_BlogCache();
$Blog = $BlogCache->get_by_ID($blog, false);
}
// set abort url to Blog url
$abort_url = $Blog->gen_blogurl();
} else {
// set abort login url to base url
$abort_url = $baseurl;
}
} else {
// logged in user isn't required for return_to url, set abort url to return_to
$abort_url = $return_to;
}
// Gets displayed as link to the location on the login form if no login is required
$abort_link = '<a href="' . htmlspecialchars(url_rel_to_same_host($abort_url, $ReqHost)) . '">' . $params['abort_link_text'] . '</a>';
if ($params['abort_link_position'] == 'above_form') {
// Display an abort link under login form
$links[] = $abort_link;
} elseif ($params['abort_link_position'] == 'form_title') {
// Display an abort link in form title block
$form_links[] = $abort_link;
}
}
if (!$inskin && is_logged_in()) {
// if we arrive here, but are logged in, provide an option to logout (e.g. during the email validation procedure)
$links[] = get_user_logout_link();
}
if (count($links)) {
echo '<div class="evo_form__login_links">' . '<div class="floatright">' . implode($links, ' · ') . '</div>' . '<div class="clear"></div>' . '</div>';
}
$form_links = count($form_links) ? '<span class="pull-right">' . implode(' ', $form_links) . '</span>' : '';
echo str_replace('$form_links$', $form_links, $params['form_before']);
$Form = new Form($params['form_action'], $params['form_name'], 'post', $params['form_layout']);
$Form->begin_form($params['form_class']);
$Form->add_crumb('loginform');
$source = param('source', 'string', $params['source'] . ' login form');
$Form->hidden('source', $source);
$Form->hidden('redirect_to', $redirect_to);
$Form->hidden('return_to', $return_to);
if ($inskin || $params['inskin_urls']) {
// inskin login form
$Form->hidden('inskin', true);
$separator = '<br />';
} else {
// standard login form
if (!empty($params['form_title'])) {
echo '<h4>' . $params['form_title'] . '</h4>';
}
$Form->hidden('validate_required', $params['validate_required']);
if (isset($params['action'], $params['reqID'], $params['sessID']) && $params['action'] == 'validatemail') {
// the user clicked the link from the "validate your account" email, but has not been logged in; pass on the relevant data:
$Form->hidden('action', 'validatemail');
$Form->hidden('reqID', $params['reqID']);
$Form->hidden('sessID', $params['sessID']);
}
$separator = '';
}
// check if should transmit hashed password
if ($params['transmit_hashed_password']) {
// used by JS-password encryption/hashing:
$pwd_salt = $Session->get('core.pwd_salt');
if (empty($pwd_salt)) {
// Do not regenerate if already set because we want to reuse the previous salt on login screen reloads
// fp> Question: the comment implies that the salt is reset even on failed login attemps. Why that? I would only have reset it on successful login. Do experts recommend it this way?
// but if you kill the session you get a new salt anyway, so it's no big deal.
// At that point, why not reset the salt at every reload? (it may be good to keep it, but I think the reason should be documented here)
$pwd_salt = generate_random_key(64);
$Session->set('core.pwd_salt', $pwd_salt, 86400);
$Session->dbsave();
// save now, in case there's an error later, and not saving it would prevent the user from logging in.
}
$Form->hidden('pwd_salt', $pwd_salt);
// Add container for the hashed password hidden inputs
echo '<div id="pwd_hashed_container"></div>';
// gets filled by JS
}
if ($inskin) {
$Form->begin_field();
$Form->text_input($dummy_fields['login'], $params['login'], 18, T_('Login'), $separator . T_('Enter your username (or email address).'), array('maxlength' => 255, 'class' => 'input_text', 'required' => true));
$Form->end_field();
} else {
$Form->text_input($dummy_fields['login'], $params['login'], 18, '', '', array('maxlength' => 255, 'class' => 'input_text', 'input_required' => 'required', 'placeholder' => T_('Username (or email address)')));
}
$lost_password_url = get_lostpassword_url($redirect_to, '&', $return_to);
if (!empty($login)) {
$lost_password_url = url_add_param($lost_password_url, $dummy_fields['login'] . '=' . rawurlencode($login));
}
$pwd_note = '<a href="' . $lost_password_url . '">' . T_('Lost your password?') . '</a>';
if ($inskin) {
$Form->begin_field();
$Form->password_input($dummy_fields['pwd'], '', 18, T_('Password'), array('note' => $pwd_note, 'maxlength' => 70, 'class' => 'input_text', 'required' => true));
$Form->end_field();
} else {
$Form->password_input($dummy_fields['pwd'], '', 18, '', array('placeholder' => T_('Password'), 'note' => $pwd_note, 'maxlength' => 70, 'class' => 'input_text', 'input_required' => 'required'));
}
// Allow a plugin to add fields/payload
$Plugins->trigger_event('DisplayLoginFormFieldset', array('Form' => &$Form));
// Display registration link after login button
$register_link = $params['display_reg_link'] ? get_user_register_link('', '', T_('Register') . ' »', '#', true, $redirect_to, $source, 'btn btn-primary btn-lg pull-right') : '';
// Submit button(s):
$submit_buttons = array(array('name' => 'login_action[login]', 'value' => T_('Log in!'), 'class' => 'btn-success btn-lg', 'input_suffix' => $register_link));
$Form->buttons_input($submit_buttons);
if ($inskin) {
$before_register_link = '<div class="login_actions" style="text-align:right; margin: 1em 0 1ex"><strong>';
$after_register_link = '</strong></div>';
user_register_link($before_register_link, $after_register_link, T_('No account yet? Register here') . ' »', '#', true, $redirect_to, $source);
} else {
// Passthrough REQUEST data (when login is required after having POSTed something)
// (Exclusion of 'login_action', 'login', and 'action' has been removed. This should get handled via detection in Form (included_input_field_names),
// and "action" is protected via crumbs)
$Form->hiddens_by_key(remove_magic_quotes($_REQUEST), array('pwd_hashed'));
}
$Form->end_form();
echo $params['form_after'];
display_login_js_handler($params);
}
}
/*
* UPLOAD:
*/
if ($Settings->get('upload_enabled') && $current_User->check_perm('files', 'add', false, $fm_FileRoot)) {
// Upload is enabled and we have permission to use it...
echo "<!-- QUICK UPLOAD: -->\n";
echo '<div class="toolbaritem">';
$Form = new Form(NULL, '', 'post', 'none', 'multipart/form-data');
$Form->begin_form();
$Form->add_crumb('file');
$Form->hidden('ctrl', 'upload');
$Form->hidden('upload_quickmode', 1);
// The following is mainly a hint to the browser.
$Form->hidden('MAX_FILE_SIZE', $Settings->get('upload_maxkb') * 1024);
$Form->hiddens_by_key(get_memorized('ctrl'));
echo '<div>';
echo '<span class="btn btn-default btn-file">';
echo T_('Choose File') . '<input name="uploadfile[]" type="file" size="10" />';
echo '</span> ';
echo '<span>' . T_('No file selected') . '</span> ';
echo '<input class="ActionButton btn btn-default" type="submit" value="> ' . T_('Quick upload!') . '" />';
echo '</div>';
$Form->end_form();
echo '</div>';
}
echo '<div class="clear"></div>';
echo '</div>';
echo '</td>';
?>
</tr>
/**
* Displays form to confirm deletion of this object
*
* @param string Title for confirmation
* @param string crumb name
* @param string "action" param value to use (hidden field)
* @param array Hidden keys (apart from "action")
* @param array Additional messages for restriction messages, array( '0' - message text, '1' - message type )
*/
function confirm_delete($confirm_title, $crumb_name, $delete_action, $hiddens, $additional_messages = array())
{
global $Messages;
$block_item_Widget = new Widget('block_item');
$block_item_Widget->title = $confirm_title;
$block_item_Widget->disp_template_replaced('block_start');
$restriction_Messages = $this->check_relations('delete_cascades');
if (!empty($additional_messages)) {
// Initialaize additional messages
foreach ($additional_messages as $additional_message) {
$restriction_Messages->add($additional_message[0], $additional_message[1]);
}
}
if ($restriction_Messages->count()) {
// The will be cascading deletes, issue WARNING:
echo '<h3>' . T_('WARNING: Deleting this object will also delete:') . '</h3>';
$restriction_Messages->display('', '');
}
echo '<p class="warning">' . $confirm_title . '</p>';
echo '<p class="warning">' . T_('THIS CANNOT BE UNDONE!') . '</p>';
$redirect_to = param('redirect_to', 'url', '');
$Form = new Form('', 'form_confirm', 'get', '');
$Form->begin_form('inline');
$Form->add_crumb($crumb_name);
$Form->hiddens_by_key($hiddens);
$Form->hidden('action', $delete_action);
$Form->hidden('confirm', 1);
$Form->hidden('redirect_to', $redirect_to);
$Form->button(array('submit', '', T_('I am sure!'), 'DeleteButton'));
$Form->end_form();
$Form = new Form($redirect_to, 'form_cancel', 'get', '');
$Form->begin_form('inline');
if (empty($redirect_to)) {
// If redirect url is not defined we should go to current url after cancel action
$Form->hiddens_by_key($hiddens);
}
$Form->button(array('submit', '', T_('CANCEL'), 'CancelButton'));
$Form->end_form();
$block_item_Widget->disp_template_replaced('block_end');
return true;
}
/**
* Assert that we received a valid crumb for the object we want to act on.
*
* This will DIE if we have not received a valid crumb.
*
* The received crumb must match a crumb we previously saved less than 2 hours ago.
*
* @param string crumb name
* @param boolean true if the script should die on error
*/
function assert_received_crumb($crumb_name, $die = true)
{
global $servertimenow, $crumb_expires, $debug;
if (!($crumb_received = param('crumb_' . $crumb_name, 'string', NULL))) {
// We did not receive a crumb!
if ($die) {
bad_request_die('Missing crumb [' . $crumb_name . '] -- It looks like this request is not legit.');
}
return false;
}
// Retrieve latest saved crumb:
$crumb_recalled = $this->get('crumb_latest_' . $crumb_name, '-0');
list($crumb_value, $crumb_time) = explode('-', $crumb_recalled);
if ($crumb_received == $crumb_value && $servertimenow - $crumb_time <= $crumb_expires) {
// Crumb is valid
// echo '<p>-<p>-<p>A';
return true;
}
$crumb_valid_latest = $crumb_value;
// Retrieve previous saved crumb:
$crumb_recalled = $this->get('crumb_prev_' . $crumb_name, '-0');
list($crumb_value, $crumb_time) = explode('-', $crumb_recalled);
if ($crumb_received == $crumb_value && $servertimenow - $crumb_time <= $crumb_expires) {
// Crumb is valid
// echo '<p>-<p>-<p>B';
return true;
}
if (!$die) {
return false;
}
// ERROR MESSAGE, with form/button to bypass and enough warning hopefully.
// TODO: dh> please review carefully!
echo '<div style="background-color: #fdd; padding: 1ex; margin-bottom: 1ex;">';
echo '<h3 style="color:#f00;">' . T_('Incorrect crumb received!') . ' [' . $crumb_name . ']</h3>';
echo '<p>' . T_('Your request was stopped for security reasons.') . '</p>';
echo '<p>' . sprintf(T_('Have you waited more than %d minutes before submitting your request?'), floor($crumb_expires / 60)) . '</p>';
echo '<p>' . T_('Please go back to the previous page and refresh it before submitting the form again.') . '</p>';
echo '</div>';
if ($debug > 0) {
echo '<div>';
echo '<p>Received crumb:' . $crumb_received . '</p>';
echo '<p>Latest saved crumb:' . $crumb_valid_latest . '</p>';
echo '<p>Previous saved crumb:' . $crumb_value . '</p>';
echo '</div>';
}
echo '<div>';
echo '<p class="warning">' . T_('Alternatively, you can try to resubmit your request with a refreshed crumb:') . '</p>';
$Form = new Form('', 'evo_session_crumb_resend', $_SERVER['REQUEST_METHOD']);
$Form->begin_form('inline');
$Form->add_crumb($crumb_name);
$Form->hiddens_by_key(remove_magic_quotes($_REQUEST));
$Form->button(array('submit', '', T_('Resubmit now!'), 'ActionButton'));
$Form->end_form();
echo '</div>';
die;
}
/**
* TODO
*
*/
function disp_form()
{
global $ctrl, $action, $edited_name_maxlen, $form_below_list;
// Determine if we are creating or updating...
$creating = is_create_action($action);
$Form = new Form(NULL, 'form');
if (!$form_below_list) {
// We need to display a link to cancel editing:
$Form->global_icon(T_('Cancel editing!'), 'close', regenerate_url('action'));
}
$Form->begin_form('fform', $creating ? T_('New element') : T_('Element'));
$Form->add_crumb('element');
$Form->hidden('action', $creating ? 'create' : 'update');
$Form->hidden('ctrl', $ctrl);
$Form->hiddens_by_key(get_memorized('action, ctrl'));
$Form->text_input($this->dbprefix . 'name', $this->name, $edited_name_maxlen, T_('name'), '', array('required' => true));
if (!$creating) {
$Form->hidden($this->dbIDname, $this->ID);
}
if ($creating) {
$Form->end_form(array(array('submit', 'submit', T_('Record'), 'SaveButton'), array('reset', '', T_('Reset'), 'ResetButton')));
} else {
$Form->end_form(array(array('submit', 'submit', T_('Update'), 'SaveButton'), array('reset', '', T_('Reset'), 'ResetButton')));
}
}
/**
* Event handler: Called when displaying the block in the "Tools" menu.
*
* @see Plugin::AdminToolPayload()
*/
function AdminToolPayload($params)
{
$Form = new Form();
$Form->begin_form('fform');
$Form->add_crumb('tools');
$Form->hidden_ctrl();
// needed to pass the "ctrl=tools" param
$Form->hiddens_by_key(get_memorized());
// needed to pass all other memorized params, especially "tab"
$Form->hidden('action', 'geoip_find_country');
echo '<p>' . T_('This tool finds all users that do not have a registration country yet and then assigns them a registration country based on their registration IP.') . '</p>';
$Form->button(array('value' => T_('Find Registration Country for all Users NOW!')));
if (!empty($this->text_from_AdminTabAction)) {
// Display a report of executed action
echo '<p><b>' . T_('Report') . ':</b></p>';
echo $this->text_from_AdminTabAction;
}
$Form->end_form();
}
/**
* Event handler: Called when displaying the block in the "Tools" menu.
*
* @see Plugin::AdminToolPayload()
*/
function AdminToolPayload($params)
{
$action = param_action();
echo '<a name="geoip" style="position:relative;top:-60px"></a>';
switch ($action) {
case 'geoip_download':
// Display a process of downloading of GeoIP.dat
global $admin_url;
$this->print_tool_log(sprintf(T_('Downloading GeoIP.dat file from the url: %s ...'), '<a href="' . $this->geoip_download_url . '" target="_blank">' . $this->geoip_download_url . '</a>'));
// DOWNLOAD:
$gzip_contents = fetch_remote_page($this->geoip_download_url, $info, 1800);
if ($gzip_contents === false || $info['status'] != 200) {
// Downloading is Failed
if (empty($info['error'])) {
// Some unknown error
$this->print_tool_log(T_('The URL is not available. It may correspond to an old version of the GeoIP.dat file.'), 'error');
} else {
// Display an error of request
$this->print_tool_log(T_($info['error']), 'error');
}
break;
}
$this->print_tool_log(' OK.<br />');
$plugin_dir = dirname(__FILE__);
if (!is_writable($plugin_dir)) {
// Check the write rights
$this->print_tool_log(sprintf(T_('Plugin folder %s must be writable to receive GeoIP.dat. Please fix the write permissions and try again.'), '<b>' . $plugin_dir . '</b>'), 'error');
break;
}
$gzip_file_name = explode('/', $this->geoip_download_url);
$gzip_file_name = $gzip_file_name[count($gzip_file_name) - 1];
$gzip_file_path = $plugin_dir . '/' . $gzip_file_name;
if (!save_to_file($gzip_contents, $gzip_file_path, 'w')) {
// Impossible to save file...
$this->print_tool_log(sprintf(T_('Unable to create file: %s'), '<b>' . $gzip_file_path . '</b>'), 'error');
if (file_exists($gzip_file_path)) {
// Remove file from disk
if (!@unlink($gzip_file_path)) {
// File exists without the write rights
$this->print_tool_log(sprintf(T_('Unable to remove file: %s'), '<b>' . $gzip_file_path . '</b>'), 'error');
}
}
break;
}
// UNPACK:
$this->print_tool_log(sprintf(T_('Extracting of the file %s...'), '<b>' . $gzip_file_path . '</b>'));
if (!function_exists('gzopen')) {
// No extension
$this->print_tool_log(T_('There is no \'zip\' or \'zlib\' extension installed!'), 'error');
break;
}
if (!($gzip_handle = @gzopen($gzip_file_path, 'rb'))) {
// Try to open gzip file
$this->print_tool_log(T_('Could not open the source file!'), 'error');
break;
}
if (!($out_handle = @fopen($plugin_dir . '/' . str_replace('.gz', '', $gzip_file_name), 'w'))) {
$this->print_tool_log(sprintf(T_('The file %s cannot be written to disk. Please check the filesystem permissions.'), '<b>' . $plugin_dir . '/' . str_replace('.gz', '', $gzip_file_name) . '</b>'), 'error');
break;
}
$i = 0;
while (!gzeof($gzip_handle)) {
// Extract file by 4Kb
fwrite($out_handle, gzread($gzip_handle, 4096));
if ($i == 100) {
// Display the process dots after each 400Kb
$this->print_tool_log(' .');
$i = 0;
}
$i++;
}
$this->print_tool_log(' OK.<br />');
fclose($out_handle);
gzclose($gzip_handle);
$this->print_tool_log(sprintf(T_('Remove gzip file %s...'), '<b>' . $gzip_file_path . '</b>'));
if (@unlink($gzip_file_path)) {
$this->print_tool_log(' OK.<br />');
} else {
// Failed on removing
$this->print_tool_log(sprintf(T_('Impossible to remove the file %s. You can do it manually.'), $gzip_file_path), 'warning');
}
// Success message
$this->print_tool_log('<br /><span class="text-success">' . sprintf(T_('%s file was downloaded successfully.'), 'GeoIP.dat') . '</span>');
// Try to enable plugin automatically:
global $Plugins;
$enable_return = $this->BeforeEnable();
if ($enable_return === true) {
// Success enabling
$this->print_tool_log('<br /><span class="text-success">' . T_('The plugin has been enabled.') . '</span>');
if ($this->status != 'enabled') {
// Enable this plugin automatically:
$Plugins->set_Plugin_status($this, 'enabled');
}
} else {
// Some restriction for enabling
$this->print_tool_log('<br /><span class="text-warning">' . T_('The plugin could not be automatically enabled.') . '</span>');
if ($this->status != 'needs_config') {
// Make this plugin incomplete because it cannot be enabled:
$Plugins->set_Plugin_status($this, 'needs_config');
}
}
break;
default:
// Display a form to find countries for users
if ($this->status != 'enabled') {
// Don't allow use this tool when GeoIP plugin is not enabled
echo '<p class="error">' . T_('You must enable the GeoIP plugin before to use this tool.') . '</p>';
break;
}
$Form = new Form();
$Form->begin_form('fform');
$Form->add_crumb('tools');
$Form->hidden_ctrl();
// needed to pass the "ctrl=tools" param
$Form->hiddens_by_key(get_memorized());
// needed to pass all other memorized params, especially "tab"
$Form->hidden('action', 'geoip_find_country');
echo '<p>' . T_('This tool finds all users that do not have a registration country yet and then assigns them a registration country based on their registration IP.') . get_manual_link('geoip-plugin') . '</p>';
$Form->button(array('value' => T_('Find Registration Country for all Users NOW!')));
if (!empty($this->text_from_AdminTabAction)) {
// Display a report of executed action
echo '<p><b>' . T_('Report') . ':</b></p>';
echo $this->text_from_AdminTabAction;
}
$Form->end_form();
break;
}
}
