static function emailUser($option, $rowFrom, $rowTo, $allowPublic = 0, $name = '', $email = '', $subject = '', $message = '')
{
global $_CB_framework, $_PLUGINS, $ueConfig;
$beforeResults = $_PLUGINS->trigger('onBeforeEmailUserForm', array(&$rowFrom, &$rowTo, 1, &$allowPublic, &$name, &$email, &$subject, &$message));
if ($_PLUGINS->is_errors()) {
echo "<script type=\"text/javascript\">alert(\"" . $_PLUGINS->getErrorMSG() . "\"); window.history.go(-1); </script>\n";
exit;
}
if ($allowPublic && !$rowFrom->id) {
$warning = CBTxt::T('IMPORTANT:<ol><li>Please be aware that emails may not be received by the intended users due to their email settings and spam filter.</li></ol>');
} else {
$warning = CBTxt::Th('UE_EMAILFORMWARNING', 'IMPORTANT:<ol><li>Your email address on your profile is: <strong>%s</strong>.</li><li>Make sure that it is accurate and check your spam filter before sending, because the receiver will use it for his reply.</li><li>Please be aware that emails may not be received by the intended users due to their email settings and spam filter.</li></ol>');
}
$pageTitle = CBTxt::T('SEND_MESSAGE_TO_NAME', 'Send message to [name]', array('[name]' => getNameFormat($rowTo->name, $rowTo->username, $ueConfig['name_format'])));
if ($pageTitle) {
$_CB_framework->setPageTitle($pageTitle);
$_CB_framework->appendPathWay($pageTitle);
}
$afterResults = $_PLUGINS->trigger('onAfterEmailUserForm', array(&$rowFrom, &$rowTo, &$warning, 1, &$allowPublic, &$name, &$email, &$subject, &$message));
outputCbTemplate(1);
cbValidator::loadValidation();
$pageClass = $_CB_framework->getMenuPageClass();
$return = '<div class="cbEmailUser cb_template cb_template_' . selectTemplate('dir') . ($pageClass ? ' ' . htmlspecialchars($pageClass) : null) . '">';
if ($rowFrom->id == $rowTo->id) {
$return .= '<div class="page-header"><h3>' . CBTxt::Th('UE_NOSELFEMAIL', 'You are not allowed to send an email to yourself!') . '</h3></div>';
} else {
$salt = cbMakeRandomString(16);
$key = 'cbmv1_' . md5($salt . $rowTo->id . $rowTo->password . $rowTo->lastvisitDate . $rowFrom->password . $rowFrom->lastvisitDate) . '_' . $salt;
$toUser = CBuser::getInstance((int) $rowTo->id);
$return .= (CBTxt::Th('UE_EMAILFORMTITLE', 'Send a message via email to %s') ? '<div class="page-header"><h3>' . sprintf(CBTxt::Th('UE_EMAILFORMTITLE', 'Send a message via email to %s'), $toUser->getField('formatname', null, 'html', 'none', 'list', 0, true)) . '</h3></div>' : null) . '<form action="' . $_CB_framework->viewUrl('senduseremail') . '" method="post" id="adminForm" name="adminForm" class="cb_form form-auto cbValidation">';
if (is_array($beforeResults)) {
$return .= implode('', $beforeResults);
}
if ($allowPublic && !$rowFrom->id) {
$return .= '<div class="form-group cb_form_line clearfix">' . '<label for="emailName" class="col-sm-3 control-label">' . CBTxt::T('Name') . '</label>' . '<div class="cb_field col-sm-9">' . '<input type="text" name="emailName" id="emailName" class="form-control required" size="50" maxlength="255" value="' . htmlspecialchars($name) . '" />' . getFieldIcons(1, 1, null) . '</div>' . '</div>' . '<div class="form-group cb_form_line clearfix">' . '<label for="emailAddress" class="col-sm-3 control-label">' . CBTxt::T('Email Address') . '</label>' . '<div class="cb_field col-sm-9">' . '<input type="text" name="emailAddress" id="emailAddress" class="form-control required" size="50" maxlength="255" value="' . htmlspecialchars($email) . '" />' . getFieldIcons(1, 1, null) . '</div>' . '</div>';
}
$return .= '<div class="form-group cb_form_line clearfix">' . '<label for="emailSubject" class="col-sm-3 control-label">' . CBTxt::T('Subject') . '</label>' . '<div class="cb_field col-sm-9">' . '<input type="text" name="emailSubject" id="emailSubject" class="form-control required" size="50" maxlength="255" value="' . htmlspecialchars($subject) . '" />' . getFieldIcons(1, 1, null) . '</div>' . '</div>' . '<div class="form-group cb_form_line clearfix">' . '<label for="checkemail" class="col-sm-3 control-label">' . CBTxt::T('Message') . '</label>' . '<div class="cb_field col-sm-9">' . '<textarea name="emailBody" id="emailBody" class="form-control required" cols="50" rows="15">' . htmlspecialchars($message) . '</textarea>' . getFieldIcons(1, 1, null) . '</div>' . '</div>';
if (is_array($afterResults)) {
$return .= '<div class="form-group cb_form_line clearfix">' . '<div class="col-sm-offset-3 col-sm-9">' . implode('', $afterResults) . '</div>' . '</div>';
}
$return .= '<div class="form-group cb_form_line clearfix">' . '<div class="col-sm-offset-3 col-sm-9">' . sprintf($warning, $rowFrom->email) . '</div>' . '</div>' . '<div class="form-group cb_form_line clearfix">' . '<div class="col-sm-offset-3 col-sm-9">' . '<input type="submit" class="btn btn-primary cbEmailUserSubmit" value="' . htmlspecialchars(CBTxt::T('UE_SENDEMAIL', 'Send Email')) . '"' . cbValidator::getSubmitBtnHtmlAttributes() . ' />' . ' <input type="button" class="btn btn-default cbEmailUserCancel" value="' . htmlspecialchars(CBTxt::T('UE_CANCEL', 'Cancel')) . '" onclick="window.location=\'' . $_CB_framework->userProfileUrl((int) $rowTo->id) . '\'; return false;" />' . '</div>' . '</div>' . '<input type="hidden" name="fromID" value="' . (int) $rowFrom->id . '" />' . '<input type="hidden" name="toID" value="' . (int) $rowTo->id . '" />' . '<input type="hidden" name="protect" value="' . $key . '" />' . cbGetSpoofInputTag('emailuser') . cbGetAntiSpamInputTag(null, null, $allowPublic) . '</form>' . '</div>';
}
echo $return;
$_CB_framework->setMenuMeta();
}
/**
* CB messaging spam protections:
*
* @param null $salt0
* @param null $salt1
* @param bool $allowPublic
* @return array
*/
function cbGetAntiSpams($salt0 = null, $salt1 = null, $allowPublic = false)
{
global $_CB_framework;
if ($salt0 === null || $salt1 === null) {
$salt0 = cbMakeRandomString(32);
$salt1 = $salt0;
}
$myId = (int) $_CB_framework->myId();
if (!$myId && $allowPublic) {
$messageNumberSent = (int) $_CB_framework->getUserState('cb_message_number_sent', 0);
$messageLastSent = $_CB_framework->getUserState('cb_message_last_sent', '0000-00-00 00:00:00');
$canSendMessage = true;
} else {
$user = CBuser::getMyUserDataInstance();
if ($user) {
$messageNumberSent = (int) $user->message_number_sent;
$messageLastSent = $user->message_last_sent;
$canSendMessage = true;
} else {
$messageNumberSent = 0;
$messageLastSent = '0000-00-00 00:00:00';
$canSendMessage = false;
}
}
if (strlen($salt0) == 32 && strlen($salt1) == 32 && $canSendMessage) {
$validate = array();
$validate[0] = 'cbsv1_' . md5($salt0 . $_CB_framework->getCfg('secret') . $_CB_framework->getCfg('db') . $messageNumberSent . $messageLastSent . $_CB_framework->myId()) . '_' . $salt0;
$validate[1] = 'cbsv1_' . md5($salt1 . $_CB_framework->getCfg('secret') . $_CB_framework->getCfg('db') . $messageNumberSent . $messageLastSent . $_CB_framework->myUsername()) . '_' . $salt1;
return $validate;
} else {
_cbExpiredSessionJSterminate();
exit;
}
}
function sendNewPass( $option ) {
global $_CB_framework, $_CB_database, $ueConfig, $Itemid, $_PLUGINS, $_POST;
// simple spoof check security
cbSpoofCheck( 'lostPassForm' );
cbRegAntiSpamCheck();
$usernameExists = ( ( isset( $ueConfig['login_type'] ) ) && ( $ueConfig['login_type'] < 2 ) );
// ensure no malicous sql gets past
$checkusername = trim( cbGetParam( $_POST, 'checkusername', '' ) );
$confirmEmail = trim( cbGetParam( $_POST, 'checkemail', '' ) );
$_PLUGINS->loadPluginGroup('user');
$_PLUGINS->trigger( 'onStartNewPassword', array( &$checkusername, &$confirmEmail ));
if ($_PLUGINS->is_errors()) {
cbRedirect( cbSef("index.php?option=$option&task=lostPassword".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $_PLUGINS->getErrorMSG(), 'error' );
return;
}
$checkusername = stripslashes( $checkusername );
$confirmEmail = stripslashes( $confirmEmail );
// these two are used by _NEWPASS_SUB message below:
$_live_site = $_CB_framework->getCfg( 'live_site' );
$_sitename = ""; // NEEDED BY _NEWPASS_SUB for sitename already added in subject by cbNotification class. was = $_CB_framework->getCfg( 'sitename' );
if ( $usernameExists && ( $confirmEmail != '' ) && ! $checkusername ) {
$_CB_database->setQuery( "SELECT id, username FROM #__users"
. "\n WHERE email = " . $_CB_database->Quote( $confirmEmail )
);
$userIdUsername = null;
$result = $_CB_database->loadObjectList( $userIdUsername );
if ( $_CB_database->getErrorNum() || ( count( $result ) == 0 ) ) {
cbRedirect( cbSef( 'index.php?option=' . $option . '&task=lostPassword' . ( $Itemid ? '&Itemid=' . (int) $Itemid : '' ), false ), sprintf( _UE_EMAIL_DOES_NOT_EXISTS_ON_SITE, htmlspecialchars( $confirmEmail ) ), 'error' );
}
foreach ( $result as $userIdUsername ) {
$message = str_replace( '\n', "\n", sprintf( _UE_USERNAMEREMINDER_MSG, $_CB_framework->getCfg( 'sitename' ), $userIdUsername->username, $_live_site ) );
$subject = sprintf( _UE_USERNAMEREMINDER_SUB, $userIdUsername->username );
$_PLUGINS->trigger( 'onBeforeUsernameReminder', array( $userIdUsername->id, &$subject, &$message ));
if ($_PLUGINS->is_errors()) {
cbRedirect( cbSef("index.php?option=$option&task=lostPassword".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $_PLUGINS->getErrorMSG(), 'error' );
return;
}
$cbNotification = new cbNotification();
$res = $cbNotification->sendFromSystem( $userIdUsername->id, $subject, $message );
if ( ! $res ) {
break;
}
}
$_PLUGINS->trigger( 'onAfterUsernameReminder', array( &$result, &$res ) );
if ( $res ) {
cbRedirect( cbSef("index.php?option=$option&task=done".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), sprintf( _UE_USERNAME_REMINDER_SENT, htmlspecialchars( $confirmEmail ) ) );
} else {
cbRedirect( cbSef("index.php?option=$option&task=done".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ),_UE_EMAIL_SENDING_ERROR );
}
} elseif ( $confirmEmail != '' ) {
if ( $usernameExists ) {
$_CB_database->setQuery( "SELECT id FROM #__users"
. "\n WHERE username = "******" AND email = " . $_CB_database->Quote( $confirmEmail )
);
} else {
$_CB_database->setQuery( "SELECT id FROM #__users"
. "\n WHERE email = " . $_CB_database->Quote( $confirmEmail )
);
}
$user_id = $_CB_database->loadResult();
if ( ! $user_id ) {
cbRedirect( cbSef( 'index.php?option=' . $option . '&task=lostPassword' . ( $Itemid ? '&Itemid=' . (int) $Itemid : '' ), false ), _ERROR_PASS );
}
$newpass = cbMakeRandomString( 8, true ); // should be $user->setRandomPassword() but as this whole function needs to be redone to require clicking link for new password change, let's leave it for now.
$message = str_replace( '\n', "\n", sprintf( _UE_NEWPASS_MSG, $checkusername, $_live_site, $newpass ) );
$subject = sprintf( _UE_NEWPASS_SUB, $checkusername );
$_PLUGINS->trigger( 'onBeforeNewPassword', array( $user_id, &$newpass, &$subject, &$message ));
if ($_PLUGINS->is_errors()) {
cbRedirect( cbSef("index.php?option=$option&task=lostPassword".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $_PLUGINS->getErrorMSG(), 'error' );
return;
}
$cbNotification = new cbNotification();
$res = $cbNotification->sendFromSystem($user_id,$subject,$message);
if ($res) {
$_PLUGINS->trigger( 'onNewPassword', array($user_id,$newpass));
$cbUser = CBuser::getInstance( (int) $user_id );
$user = $cbUser->getUserData();
$newpass = $user->hashAndSaltPassword( $newpass );
$sql = "UPDATE #__users SET password = "******" WHERE id = " . (int) $user_id;
$_CB_database->setQuery( $sql );
if (!$_CB_database->query()) {
die("SQL error" . $_CB_database->stderr(true));
}
cbRedirect( cbSef("index.php?option=$option&task=done".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), sprintf( _UE_NEWPASS_SENT, htmlspecialchars( $confirmEmail ) ) );
} else {
cbRedirect( cbSef("index.php?option=$option&task=done".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ),_UE_NEWPASS_FAILED );
}
} else {
cbRedirect( cbSef("index.php?option=$option&task=done".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), _UE_NEWPASS_FAILED );
}
}
/**
* CB email to user spam protections:
*/
function cbGetAntiSpams($salt0 = null, $salt1 = null)
{
global $_CB_framework, $_CB_database;
if ($salt0 === null || $salt1 === null) {
$salt0 = cbMakeRandomString(32);
$salt1 = $salt0;
}
$query = "SELECT message_number_sent, message_last_sent FROM #__comprofiler WHERE id = " . (int) $_CB_framework->myId();
$_CB_database->setQuery($query);
$users = $_CB_database->loadObjectList();
if (!$_CB_database->getErrorNum() && strlen($salt0) == 32 && strlen($salt1) == 32 && count($users) == 1) {
$message_number_sent = $users[0]->message_number_sent;
$message_last_sent = $users[0]->message_last_sent;
$validate = array();
$validate[0] = 'cbsv1_' . md5($salt0 . $_CB_framework->getCfg('secret') . $_CB_framework->getCfg('db') . $message_number_sent . $message_last_sent . $_CB_framework->myId()) . '_' . $salt0;
$validate[1] = 'cbsv1_' . md5($salt1 . $_CB_framework->getCfg('secret') . $_CB_framework->getCfg('db') . $message_number_sent . $message_last_sent . $_CB_framework->myUsername()) . '_' . $salt1;
return $validate;
} else {
_cbExpiredSessionJSterminate();
exit;
}
}
static function emailUser($option, $rowFrom, $rowTo, $subject = '', $message = '')
{
global $ueConfig, $_PLUGINS;
if ($rowFrom->id == $rowTo->id) {
echo "<div class=\"contentheading\" >" . _UE_NOSELFEMAIL . "</div>";
return;
}
HTML_comprofiler::outputMosFormVal('#adminForm');
$_PLUGINS->loadPluginGroup('user');
$results = $_PLUGINS->trigger('onBeforeEmailUserForm', array(&$rowFrom, &$rowTo, 1));
//$ui=1
if ($_PLUGINS->is_errors()) {
echo "<script type=\"text/javascript\">alert(\"" . $_PLUGINS->getErrorMSG() . "\"); window.history.go(-1); </script>\n";
exit;
}
?>
<div style="text-align:left;">
<div class="componentheading" ><?php
echo sprintf(_UE_EMAILFORMTITLE, "<a href=\"" . cbSef("index.php?option=com_comprofiler&task=userProfile&user="******"\">" . getNameFormat($rowTo->name, $rowTo->username, $ueConfig['name_format']) . "</a>");
?>
</div>
<form action="<?php
echo cbSef("index.php?option={$option}" . getCBprofileItemid(true));
?>
" method="post" id="adminForm" name="adminForm">
<br /><?php
echo _UE_EMAILFORMSUBJECT;
?>
<br />
<?php
if (is_array($results)) {
echo implode("<br />", $results);
}
?>
<input mosReq="1" mosLabel="<?php
echo htmlspecialchars(_UE_EMAILFORMSUBJECT);
?>
" type="text" class="inputbox" name="emailSubject" size="50" value="<?php
echo htmlspecialchars($subject);
?>
" /><?php
echo getFieldIcons(1, 1, null);
?>
<br />
<br /><?php
echo _UE_EMAILFORMMESSAGE;
?>
<br />
<textarea mosReq="1" mosLabel='<?php
echo htmlspecialchars(_UE_EMAILFORMMESSAGE);
?>
' class="inputbox" name="emailBody" cols="50" rows="15" ><?php
echo htmlspecialchars($message);
?>
</textarea><?php
echo getFieldIcons(1, 1, null);
echo '<br />';
$warning = _UE_EMAILFORMWARNING;
$results = $_PLUGINS->trigger('onAfterEmailUserForm', array(&$rowFrom, &$rowTo, &$warning, 1));
//$ui=1
if (is_array($results)) {
echo implode("<br />", $results);
}
?>
<div><?php
echo sprintf($warning, $rowFrom->email);
?>
</div>
<input type="hidden" name="fromID" value="<?php
echo $rowFrom->id;
?>
" />
<input type="hidden" name="toID" value="<?php
echo $rowTo->id;
?>
" />
<input type="hidden" name="protect" value="<?php
$salt = cbMakeRandomString(16);
echo 'cbmv1_' . md5($salt . $rowTo->id . $rowTo->password . $rowTo->lastvisitDate . $rowFrom->password . $rowFrom->lastvisitDate) . '_' . $salt;
?>
" />
<?php
echo cbGetSpoofInputTag('emailUser');
echo "\t\t" . cbGetAntiSpamInputTag();
?>
<input type="hidden" name="option" value="<?php
echo $option;
?>
" />
<input type="hidden" name="task" value="sendUserEmail" />
<input type="submit" class="button" value="<?php
echo _UE_SENDEMAIL;
?>
" />
</form>
</div>
<div style="align:center;">
<?php
echo getFieldIcons(1, 1, null, '', '', 2);
?>
</div>
<?php
}
function _setActivationCode()
{
global $_CB_framework;
$randomHash = md5(cbMakeRandomString());
$scrambleSeed = (int) hexdec(substr(md5($_CB_framework->getCfg('secret') . $_CB_framework->getCfg('db')), 0, 7));
$scrambledId = $scrambleSeed ^ (int) $this->id;
$this->cbactivation = 'reg' . $randomHash . sprintf('%08x', $scrambledId);
// for CMS compatibility (and JFusion compatibility):
$this->activation = $randomHash;
}
/**
* Generates the HTML to display the user profile tab
* @param moscomprofilerTab $tab the tab database entry
* @param moscomprofilerUser $user the user being displayed
* @param int $ui 1 for front-end, 2 for back-end
* @return mixed either string HTML for tab content, or false if ErrorMSG generated
*/
function getDisplayTab($tab,$user,$ui) {
global $_CB_framework, $_POST, $_CB_OneTwoRowsStyleToggle;
if ( ! $_CB_framework->myId() ) {
return null;
}
$return = "";
$params = $this->params;
$pmsType = $params->get('pmsType', '1');
$showTitle = $params->get('showTitle', "1");
$showSubject = $params->get('showSubject', "1");
$width = $params->get('width', "30");
$height = $params->get('height', "5");
$capabilities = $this->getPMScapabilites();
if (!$this->_checkPMSinstalled($pmsType) || ($capabilities === false)) {
return false;
}
if ($_CB_framework->myId() == $user->id) {
return null;
}
$newsub = null;
$newmsg = null;
// send PMS from this tab form input:
if ( cbGetParam( $_POST, $this->_getPagingParamName("sndnewmsg") ) == _UE_PM_SENDMESSAGE ) {
$sender = $this->_getReqParam("sender", null);
$recip = $this->_getReqParam("recip", null);
if ( $sender && $recip && ( $sender == $_CB_framework->myId() ) && ( $recip == $user->id ) ) {
cbSpoofCheck( 'pms' );
$newsub = htmlspecialchars($this->_getReqParam("newsub", null)); //urldecode done in _getReqParam
if($pmsType=='3' || $pmsType=='4') {
$newmsg = $this->_getReqParam("newmsg", null);
} else {
$newmsg = htmlspecialchars($this->_getReqParam("newmsg", null)); //don't allow html input on user profile!
}
if ( ( $newsub || $newmsg ) && isset( $_POST[$this->_getPagingParamName( "protect" )] ) ) {
$parts = explode( '_', $this->_getReqParam('protect', '' ) );
if ( ( count( $parts ) == 3 ) && ( $parts[0] == 'cbpms1' ) && ( strlen( $parts[2] ) == 32 ) && ( $parts[1] == md5($parts[2].$user->id.$user->lastvisitDate) ) )
{
if (!$newsub && $capabilities["subject"]) $newsub = _UE_PM_PROFILEMSG;
if ($this->sendUserPMS($recip, $sender, $newsub, $newmsg, $systemGenerated=false, $escaped=true)) {
$return .= "\n<script type='text/javascript'>alert('"._UE_PM_SENTSUCCESS."')</script>";
$newsub = null;
$newmsg = null;
} else {
$return .= "\n<script type='text/javascript'>alert('".$this->getErrorMSG()."')</script>";
}
} else {
$return .= "\n<script type='text/javascript'>alert('"._UE_SESSIONTIMEOUT." "._UE_PM_NOTSENT." "._UE_TRYAGAIN."')</script>";
}
} else {
$return .= "\n<script type='text/javascript'>alert('"._UE_PM_EMPTYMESSAGE." "._UE_PM_NOTSENT."')</script>";
}
}
}
// display Quick Message tab:
$return .= "\n\t<div class=\"sectiontableentry".$_CB_OneTwoRowsStyleToggle."\" style=\"padding-bottom:5px;\">\n";
$_CB_OneTwoRowsStyleToggle = ($_CB_OneTwoRowsStyleToggle == 1 ? 2 : 1);
if($showTitle) $return .= "\t\t<div class=\"titleCell\" style=\"align: left; text-align:left; margin-left: 0px;\">"
.cbUnHtmlspecialchars(getLangDefinition($tab->title)).(($showSubject && $capabilities["subject"])?"" : ":")."</div>\n";
$return .= $this->_writeTabDescription( $tab, $user );
$base_url = $this->_getAbsURLwithParam(array());
$return .= '<form method="post" action="'.$base_url.'">';
$return .= '<table cellspacing="0" cellpadding="5" class="contentpane" style="border:0px;align:left;width:90%;">';
if ($showSubject && $capabilities["subject"]) {
$return .= '<tr><td><b>'._UE_EMAILFORMSUBJECT.'</b></td>';
$return .= '<td><input type="text" class="inputbox" name="'.$this->_getPagingParamName("newsub")
.'" size="'.($width-8).'" value="'.stripslashes($newsub).'" /></td></tr>';
$return .= '<tr class="sectiontableentry1"><td colspan="2"><b>'._UE_EMAILFORMMESSAGE.'</b></td></tr>';
}
$return .= '<tr><td colspan="2"><textarea name="'.$this->_getPagingParamName("newmsg")
.'" class="inputbox" rows="'.$height.'" cols="'.$width.'">'.stripslashes($newmsg).'</textarea></td></tr>';
$return .= '<tr><td colspan="2"><input type="submit" class="button" name="'.$this->_getPagingParamName("sndnewmsg").'" value="'._UE_PM_SENDMESSAGE.'" /></td></tr>';
$return .= '</table>';
$return .= "<input type=\"hidden\" name=\"".$this->_getPagingParamName("sender")."\" value=\"" . $_CB_framework->myId() . "\" />";
$return .= "<input type=\"hidden\" name=\"".$this->_getPagingParamName("recip")."\" value=\"$user->id\" />";
$salt = cbMakeRandomString( 32 );
$return .= "<input type=\"hidden\" name=\"".$this->_getPagingParamName("protect")."\" value=\""
. 'cbpms1_' . md5($salt.$user->id.$user->lastvisitDate) . '_' . $salt . "\" />";
$return .= cbGetSpoofInputTag( 'pms' );
$return .= '</form>';
$return .= "</div>";
return $return;
}
