function output_form_start($f, $show_id, $show_token, $errors, $method, $fileupload, $params, $style) { $form_id_input = ''; $form_id_input .= $show_id ? '<input type="hidden" name="form_id" value="' . $f . '"/>' : ''; $form_id_input .= $show_token ? '<input type="hidden" name="_t" value="' . form_token() . '"/>' : ''; include "tpl_form_start_{$style}.php"; }
/** * 做一个login */ public function login() { if (IS_AJAX && 'submit' == I('post.submit')) { //login 操作 $username = I('post.username'); $userpass = I('post.userpass'); //表单令牌 if (token_check() == false) { printJson(array('tk' => form_token()), 1, '请求超时,请重试'); } $mod = Factory::getModel('bt_user'); $where = sprintf("username='******' AND deleted=0", $username); $row = $mod->field('id,userpass,salt')->where($where)->find(); if (empty($row)) { printJson(array('tk' => form_token()), 1, '账号不存在'); } if ($row['userpass'] != md5($userpass . $row['salt'])) { printJson(array('tk' => form_token()), 1, '账号或者密码不正确'); } $row['username'] = $username; session_regenerate_id(); $user_cls = load_class('UserModel'); $user_cls->setSessionUser($row); printJson(1); } $turl = urldecode(I('get.url', url('DiskTop', 'index'))); $this->assign('turl', $turl); $this->display(); }
function form_validate() { global $mybb; $t = form_token(); if ($t != $_POST['_t']) { error_page('Sorry, the form you submitted was invalid. Please try again.'); } }
/** * Hooks to article saving process and updates short URLs */ public static function update() { global $prefs; if (empty($prefs['rah_bitly_login']) || empty($prefs['rah_bitly_apikey']) || empty($prefs['rah_bitly_field'])) { return; } static $old = array(); static $updated = false; $id = !empty($GLOBALS['ID']) ? $GLOBALS['ID'] : ps('ID'); if (!$id || ps('_txp_token') != form_token() || intval(ps('Status')) < 4) { $old = array('permlink' => NULL, 'status' => NULL); return; } include_once txpath . '/publish/taghandlers.php'; /* Get the old article permlink before anything is saved */ if (!$old) { $old = array('permlink' => permlinkurl_id($id), 'status' => fetch('Status', 'textpattern', 'ID', $id)); return; } /* Clear the permlink cache */ unset($GLOBALS['permlinks'][$id]); /* Generate a new if permlink has changed or if article is published */ if (callback_event('rah_bitly.update') !== '') { return; } if ($updated == false && ($permlink = permlinkurl_id($id)) && ($old['permlink'] != $permlink || !ps('custom_' . $prefs['rah_bitly_field']) || $old['status'] != ps('Status'))) { $uri = self::fetch($permlink); if ($uri) { $fields = getCustomFields(); if (!isset($fields[$prefs['rah_bitly_field']])) { return; } safe_update('textpattern', 'custom_' . intval($prefs['rah_bitly_field']) . "='" . doSlash($uri) . "'", "ID='" . doSlash($id) . "'"); $_POST['custom_' . $prefs['rah_bitly_field']] = $uri; } $updated = true; } if (!empty($uri)) { echo script_js('$(\'input[name="custom_' . $prefs['rah_bitly_field'] . '"]\').val("' . escape_js($uri) . '");'); } }
/** * Form Open * * Create the form open tag as well as any hidden inputs. Also implements CSRF. * * @param string The action attribute * @param string A string of extra attributes * @param array An array of hidden elements * @param bool If CSRF should be enabled * @return string The form element and any hidden inputs */ function form_open($action = '', $attributes = '', $hidden = array(), $csrf_enabled = TRUE) { $_ci =& get_instance(); $_ci->load->library('form_validation'); if ($attributes == '') { $attributes = 'method="post"'; } $action = strpos($action, '://') === FALSE ? $_ci->config->site_url($action) : $action; $form = '<form action="' . $action . '"'; $form .= _attributes_to_string($attributes, TRUE); $form .= '>'; if (is_array($hidden) && count($hidden) > 0) { $form .= form_hidden($hidden); } if ($csrf_enabled) { $form .= form_token(); } return $form; }
/** * Render a link invoking an admin-side "add" action while taking up to two additional URL parameters. * * @param string $event Event * @param string $step Step * @param string $thing URL parameter key #1 * @param string $value URL parameter value #1 * @param string $thing2 URL parameter key #2 * @param string $value2 URL parameter value #2 * @return string HTML */ function aLink($event, $step, $thing, $value, $thing2, $value2) { $o = '<a href="?event=' . $event . a . 'step=' . $step . a . '_txp_token=' . form_token() . a . $thing . '=' . urlencode($value) . a . $thing2 . '=' . urlencode($value2) . '"'; $o .= ' class="alink">+</a>'; return $o; }
" lang="<?php echo LANG; ?> " dir="<?php echo txpspecialchars(gTxt('lang_dir')); ?> "> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title><?php echo gTxt('build'); ?> | Textpattern CMS</title> <script type="text/javascript" src="jquery.js"></script> <?php echo script_js('var textpattern = {event: "' . txpspecialchars($event) . '", step: "' . txpspecialchars($step) . '", _txp_token: "' . txpspecialchars(form_token()) . '"};'); ?> <?php echo $theme->html_head(); ?> </head> <body id="tag-event"> <?php $tag_name = gps('tag_name'); $functname = 'tag_' . $tag_name; if (function_exists($functname)) { $endform = n . tr(td() . td(fInput('submit', '', gTxt('build')))) . n . endTable() . n . eInput('tag') . n . sInput('build') . n . hInput('tag_name', $tag_name); echo $functname($tag_name); } ?>
/** * Renders a widget to select various amounts to page lists by. * * The rendered options can be changed via a '{$event}_ui > pageby_values' * callback event. * * @param string $event Event * @param int $val Current setting * @param string|null $step Step * @return string HTML */ function pageby_form($event, $val, $step = null) { $vals = array(15, 25, 50, 100); callback_event_ref($event . '_ui', 'pageby_values', 0, $vals); if ($step === null) { $step = $event . '_change_pageby'; } $out = array(); foreach ($vals as $qty) { if ($qty == $val) { $class = 'navlink-active'; $aria_pressed = 'true'; } else { $class = 'navlink'; $aria_pressed = 'false'; } $out[] = href($qty, array('event' => $event, 'step' => $step, 'qty' => $qty, '_txp_token' => form_token()), array('class' => $class, 'title' => gTxt('view_per_page', array('{page}' => $qty)), 'aria-pressed' => $aria_pressed, 'role' => 'button')); } return graf(join('', $out), array('class' => 'nav-tertiary pageby')); }
?> <!DOCTYPE html> <html lang="<?php echo LANG; ?> " dir="<?php echo txpspecialchars(gTxt('lang_dir')); ?> "> <head> <meta charset="utf-8"> <title><?php echo gTxt('build'); ?> | Textpattern CMS</title><?php echo script_js('vendors/jquery/jquery/jquery.js', TEXTPATTERN_SCRIPT_URL) . script_js('vendors/jquery/ui/js/jquery-ui.js', TEXTPATTERN_SCRIPT_URL) . script_js('//code.jquery.com/jquery-migrate-1.2.1.js', TEXTPATTERN_SCRIPT_URL) . script_js('var textpattern = ' . json_encode(array('event' => $event, 'step' => $step, '_txp_token' => form_token(), 'textarray' => (object) null)) . ';') . script_js('textpattern.js', TEXTPATTERN_SCRIPT_URL) . n; // Mandatory un-themable Textpattern core styles echo $theme->html_head(); ?> </head> <body id="tag-event"> <?php echo Txp::get('Textpattern_Tag_BuilderTags')->renderTagHelp(gps('tag_name')); ?> </body> </html> <?php /** * Collection of tag builder functions. * * @package Admin\Tag
function smd_ebook_buttons($curr = 'mgr') { global $smd_ebook_event; $ret = array('btnMgr' => sLink($smd_ebook_event, '', gTxt('smd_ebook_lbl_mgr'), 'navlink' . ($curr === 'mgr' ? ' smd_active' : '')), 'btnPrf' => sLink($smd_ebook_event, 'smd_ebook_prefs', gTxt('smd_ebook_lbl_prf'), 'navlink' . ($curr === 'prf' ? ' smd_active' : '')), 'btnCln' => sLink($smd_ebook_event, 'smd_ebook_tidy', gTxt('smd_ebook_lbl_cln'), 'navlink' . ($curr === 'cln' ? ' smd_active' : '')), 'btnTst' => href(gTxt('smd_ebook_lbl_tst'), 'index.php?event=' . $smd_ebook_event . a . 'step=smd_ebook_test' . a . '_txp_token=' . form_token(), ' class="navlink"')); return $ret; }
/** * Validates a token. * * @return bool */ protected function valid_token() { $args = func_get_args(); return ps('token') === md5(join('', $args) . ps('origin') . form_token() . get_pref('blog_uid')); }
function bouncer($step, $steps) { global $event; if (empty($step)) { return true; } // Validate step if (!array_key_exists($step, $steps)) { return false; } // Does this step require a token? if (!$steps[$step]) { return true; } // Validate token if (gps('_txp_token') == form_token()) { return true; } // This place ain't no good for you, son. die(gTxt('get_off_my_lawn', array('{event}' => $event, '{step}' => $step))); }
/** * Renders the list of preferences. * * Plugins may add their own prefs, for example by using plugin lifecycle events * or raising a (pre) callback on event=admin / step=prefs_list so they are * installed or updated when accessing the Preferences panel. Access to the * prefs can be controlled by using add_privs() on 'prefs.your-prefs-event-name'. * * @param string $message The feedback / error string to display */ function prefs_list($message = '') { global $prefs, $txp_user; extract($prefs); pagetop(gTxt('tab_preferences'), $message); $locale = setlocale(LC_ALL, $locale); echo n . '<form class="prefs-form" id="prefs_form" method="post" action="index.php">'; // TODO: remove 'custom' when custom fields are refactored. $core_events = array('site', 'admin', 'publish', 'feeds', 'comments', 'custom'); $joined_core = join(',', quote_list($core_events)); $sql = array(); $sql[] = 'prefs_id = 1 and event != "" and type in(' . PREF_CORE . ', ' . PREF_PLUGIN . ')'; $sql[] = "(user_name = '' OR (user_name = '" . doSlash($txp_user) . "' AND name NOT IN (\n SELECT name FROM " . safe_pfx('txp_prefs') . " WHERE user_name = ''\n )))"; if (!get_pref('use_comments', 1, 1)) { $sql[] = "event != 'comments'"; } $rs = safe_rows_start("*, FIELD(event, {$joined_core}) AS sort_value", 'txp_prefs', join(" AND ", $sql) . " ORDER BY sort_value = 0, sort_value, event, position"); $last_event = null; $out = array(); $build = array(); $groupOut = array(); if (numRows($rs)) { while ($a = nextRow($rs)) { if (!has_privs('prefs.' . $a['event'])) { continue; } if ($a['event'] !== $last_event) { if ($last_event !== null) { $build[] = tag(hed(gTxt($last_event), 2, array('id' => 'prefs_group_' . $last_event . '-label')) . join(n, $out), 'section', array('class' => 'txp-prefs-group', 'id' => 'prefs_group_' . $last_event, 'aria-labelledby' => 'prefs_group_' . $last_event . '-label')); $groupOut[] = n . tag(href(gTxt($last_event), '#prefs_group_' . $last_event, array('data-txp-pane' => $last_event, 'data-txp-token' => form_token())), 'li'); } $last_event = $a['event']; $out = array(); } $label = ''; if (!in_array($a['html'], array('yesnoradio', 'is_dst'))) { $label = $a['name']; } // TODO: remove exception when custom fields move to meta store. $help = ''; if (strpos($a['name'], 'custom_') === false) { $help = $a['name']; } if ($a['html'] == 'text_input') { $size = INPUT_REGULAR; } else { $size = ''; } $out[] = inputLabel($a['name'], pref_func($a['html'], $a['name'], $a['val'], $size), $label, $help, array('class' => 'txp-form-field', 'id' => 'prefs-' . $a['name'])); } } if ($last_event === null) { echo graf(gTxt('no_preferences')); } else { $build[] = tag(hed(gTxt($last_event), 2, array('id' => 'prefs_group_' . $last_event . '-label')) . join(n, $out), 'section', array('class' => 'txp-prefs-group', 'id' => 'prefs_group_' . $last_event, 'aria-labelledby' => 'prefs_group_' . $last_event . '-label')); $groupOut[] = n . tag(href(gTxt($last_event), '#prefs_group_' . $last_event, array('data-txp-pane' => $last_event, 'data-txp-token' => form_token())), 'li') . n; echo hed(gTxt('tab_preferences'), 1, array('class' => 'txp-heading')) . n . '<div class="txp-layout-4col-cell-1alt">' . wrapGroup('all_preferences', n . tag(join($groupOut), 'ul', array('class' => 'switcher-list')), 'all_preferences'); if ($last_event !== null) { echo graf(fInput('submit', 'Submit', gTxt('save'), 'publish'), array('class' => 'txp-save')); } echo n . '</div>' . n . '<div class="txp-layout-4col-cell-2-3-4">' . join(n, $build) . n . '</div>' . sInput('prefs_save') . eInput('prefs') . hInput('prefs_id', '1') . tInput(); } echo n . '</form>'; }
function status_link($status, $name, $linktext) { $out = '<a href="index.php?'; $out .= 'event=plugin&step=switch_status&status=' . $status . '&name=' . urlencode($name) . '&_txp_token=' . form_token() . '"'; $out .= '>' . $linktext . '</a>'; return $out; }
/** * Option to sync. * * @return bool */ function rah_blobin_sync() { global $event, $step; if (has_privs('rah_blobin_sync')) { return href(gTxt('rah_blobin_sync_now'), array('event' => $event, 'step' => $step, 'rah_blobin_sync' => 1, '_txp_token' => form_token()), array('class' => 'navlink')); } else { return span(gTxt('rah_blobin_sync_now'), array('class' => 'navlink-disabled')); } }
function pagetop($pagetitle, $message = "") { global $siteurl, $sitename, $txp_user, $event, $step, $app_mode, $theme; if ($app_mode == 'async') { return; } $area = gps('area'); $event = !$event ? 'article' : $event; $bm = gps('bm'); $privs = safe_field("privs", "txp_users", "name = '" . doSlash($txp_user) . "'"); $GLOBALS['privs'] = $privs; $areas = areas(); $area = false; foreach ($areas as $k => $v) { if (in_array($event, $v)) { $area = $k; break; } } if (gps('logout')) { $body_id = 'page-logout'; } elseif (!$txp_user) { $body_id = 'page-login'; } else { $body_id = 'page-' . htmlspecialchars($event); } header(pluggable_ui('admin_side', 'x_frame_options', 'X-Frame-Options: SAMEORIGIN')); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo LANG; ?> " lang="<?php echo LANG; ?> " dir="<?php echo gTxt('lang_dir'); ?> "> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="robots" content="noindex, nofollow" /> <title>Txp › <?php echo htmlspecialchars($sitename); ?> › <?php echo escape_title($pagetitle); ?> </title> <script src="jquery.js" type="text/javascript"></script> <?php echo script_js('var textpattern = {event: "' . htmlspecialchars($event) . '", step: "' . htmlspecialchars($step) . '", _txp_token: "' . htmlspecialchars(form_token()) . '"};'); ?> <script type="text/javascript" src="textpattern.js"></script> <script type="text/javascript"> <!-- var cookieEnabled = checkCookies(); if (!cookieEnabled) { confirm('<?php echo trim(gTxt('cookies_must_be_enabled')); ?> '); } <?php $edit = array(); if ($event == 'list') { $rs = safe_column('name', 'txp_section', "name != 'default'"); $edit['section'] = $rs ? selectInput('Section', $rs, '', true) : ''; $rs = getTree('root', 'article'); $edit['category1'] = $rs ? treeSelectInput('Category1', $rs, '') : ''; $edit['category2'] = $rs ? treeSelectInput('Category2', $rs, '') : ''; $edit['comments'] = onoffRadio('Annotate', safe_field('val', 'txp_prefs', "name = 'comments_on_default'")); $edit['status'] = selectInput('Status', array(1 => gTxt('draft'), 2 => gTxt('hidden'), 3 => gTxt('pending'), 4 => gTxt('live'), 5 => gTxt('sticky')), '', true); $rs = safe_column('name', 'txp_users', "privs not in(0,6) order by name asc"); $edit['author'] = $rs ? selectInput('AuthorID', $rs, '', true) : ''; } if (in_array($event, array('image', 'file', 'link'))) { $rs = getTree('root', $event); $edit['category'] = $rs ? treeSelectInput('category', $rs, '') : ''; $rs = safe_column('name', 'txp_users', "privs not in(0,6) order by name asc"); $edit['author'] = $rs ? selectInput('author', $rs, '', true) : ''; } if ($event == 'plugin') { $edit['order'] = selectInput('order', array(1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, 6 => 6, 7 => 7, 8 => 8, 9 => 9), 5, false); } if ($event == 'admin') { $edit['privilege'] = privs(); $rs = safe_column('name', 'txp_users', '1=1'); $edit_assign_assets = $rs ? selectInput('assign_assets', $rs, '', true) : ''; } // output JavaScript ?> function poweredit(elm) { var something = elm.options[elm.selectedIndex].value; // Add another chunk of HTML var pjs = document.getElementById('js'); if (pjs == null) { var br = document.createElement('br'); elm.parentNode.appendChild(br); pjs = document.createElement('P'); pjs.setAttribute('id','js'); elm.parentNode.appendChild(pjs); } if (pjs.style.display == 'none' || pjs.style.display == '') { pjs.style.display = 'block'; } if (something != '') { switch (something) { <?php foreach ($edit as $key => $val) { echo "case 'change" . $key . "':" . n . t . "pjs.innerHTML = '<span>" . str_replace(array("\n", '-'), array('', '-'), str_replace('</', '<\\/', addslashes($val))) . "<\\/span>';" . n . t . 'break;' . n . n; } if (isset($edit_assign_assets)) { echo "case 'delete':" . n . t . "pjs.innerHTML = '<label for=\"assign_assets\">" . addslashes(gTxt('assign_assets_to')) . "</label><span>" . str_replace(array("\n", '-'), array('', '-'), str_replace('</', '<\\/', addslashes($edit_assign_assets))) . "<\\/span>';" . n . t . 'break;' . n . n; } ?> default: pjs.style.display = 'none'; break; } } return false; } addEvent(window, 'load', cleanSelects); --> </script> <?php echo $theme->html_head(); callback_event('admin_side', 'head_end'); ?> </head> <body id="<?php echo $body_id; ?> " class="<?php echo $area; ?> "> <?php callback_event('admin_side', 'pagetop'); $theme->set_state($area, $event, $bm, $message); echo pluggable_ui('admin_side', 'header', $theme->header()); callback_event('admin_side', 'pagetop_end'); }
function ipban_list($message = '') { global $event; pageTop(gTxt('list_banned_ips'), $message); echo hed(gTxt('banned_ips'), 1, array('class' => 'txp-heading')); echo n . '<div id="' . $event . '_banned_control" class="txp-control-panel">' . graf(sLink('discuss', 'discuss_list', gTxt('list_discussions')), ' class="txp-buttons"') . n . '</div>'; $rs = safe_rows_start('*, unix_timestamp(date_banned) as uBanned', 'txp_discuss_ipban', "1 = 1 order by date_banned desc"); if ($rs and numRows($rs) > 0) { echo n . tag_start('div', array('id' => $event . '_ban_container', 'class' => 'txp-container')) . n . tag_start('div', array('class' => 'txp-listtables')) . n . tag_start('table', array('class' => 'txp-list')) . n . tag_start('thead') . tr(hCell(gTxt('date_banned'), '', ' scope="col" class="txp-list-col-banned date"') . hCell(gTxt('IP'), '', ' scope="col" class="txp-list-col-ip"') . hCell(gTxt('name_used'), '', ' scope="col" class="txp-list-col-name"') . hCell(gTxt('banned_for'), '', ' scope="col" class="txp-list-col-id"')) . n . tag_end('thead') . n . tag_start('tbody'); while ($a = nextRow($rs)) { extract($a); echo tr(hCell(gTime($uBanned), '', ' scope="row" class="txp-list-col-banned date"') . td(txpspecialchars($ip) . sp . span('[', array('aria-hidden' => 'true')) . href(gTxt('unban'), array('event' => 'discuss', 'step' => 'ipban_unban', 'ip' => $ip, '_txp_token' => form_token()), array('class' => 'action-ban')) . span(']', array('aria-hidden' => 'true')), '', 'txp-list-col-ip') . td(txpspecialchars($name_used), '', 'txp-list-col-name') . td(href($banned_on_message, '?event=discuss' . a . 'step=discuss_edit' . a . 'discussid=' . $banned_on_message), '', 'txp-list-col-id')); } echo n . tag_end('tbody') . n . tag_end('table') . n . tag_end('div') . n . tag_end('div'); } else { echo graf(gTxt('no_ips_banned'), ' class="indicator"'); } }
function ipban_list($message = '') { global $event; pageTop(gTxt('list_banned_ips'), $message); $rs = safe_rows_start('*, unix_timestamp(date_banned) as uBanned', 'txp_discuss_ipban', "1 = 1 order by date_banned desc"); if ($rs and numRows($rs) > 0) { echo '<div id="' . $event . '_ban_container" class="txp-container txp-list">' . startTable('list', '', 'list') . n . '<thead>' . tr(hCell(gTxt('date_banned'), '', ' class="date banned"') . hCell(gTxt('IP'), '', ' class="ip"') . hCell(gTxt('name_used'), '', ' class="name"') . hCell(gTxt('banned_for'), '', ' class="id"') . hCell('', '', ' class="actions"')) . n . '</thead>'; echo '<tbody>'; $ctr = 1; while ($a = nextRow($rs)) { extract($a); echo tr(td(safe_strftime('%d %b %Y %I:%M %p', $uBanned), 100, 'date banned') . td($ip, 100, 'ip') . td($name_used, 100, 'name') . td('<a href="?event=discuss' . a . 'step=discuss_edit' . a . 'discussid=' . $banned_on_message . '">' . $banned_on_message . '</a>', 100, 'id') . td('<a class="action-ban" href="?event=discuss' . a . 'step=ipban_unban' . a . 'ip=' . $ip . a . '_txp_token=' . form_token() . '">' . gTxt('unban') . '</a>', '', 'actions'), ' class="' . ($ctr % 2 == 0 ? 'even' : 'odd') . '"'); $ctr++; } echo '</tbody>' . endTable() . '</div>'; } else { echo graf(gTxt('no_ips_banned'), ' class="indicator"'); } }
function tInput() { return hInput('_txp_token', form_token()); }
function pagetop($pagetitle, $message = "") { global $siteurl, $sitename, $txp_user, $event, $step, $app_mode, $theme; if ($app_mode == 'async') { return; } $area = gps('area'); $event = !$event ? 'article' : $event; $bm = gps('bm'); $privs = safe_field("privs", "txp_users", "name = '" . doSlash($txp_user) . "'"); $GLOBALS['privs'] = $privs; $areas = areas(); $area = false; foreach ($areas as $k => $v) { if (in_array($event, $v)) { $area = $k; break; } } if (gps('logout')) { $body_id = 'page-logout'; } elseif (!$txp_user) { $body_id = 'page-login'; } else { $body_id = 'page-' . txpspecialchars($event); } header('X-Frame-Options: ' . X_FRAME_OPTIONS); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo LANG; ?> " lang="<?php echo LANG; ?> " dir="<?php echo txpspecialchars(gTxt('lang_dir')); ?> "> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="robots" content="noindex, nofollow" /> <title><?php echo escape_title($pagetitle); ?> - <?php echo txpspecialchars($sitename); ?> | Textpattern CMS</title> <script type="text/javascript" src="jquery.js"></script> <?php echo script_js('var textpattern = { event: "' . txpspecialchars($event) . '", step: "' . txpspecialchars($step) . '", _txp_token: "' . txpspecialchars(form_token()) . '", ajax_timeout: ' . txpspecialchars(AJAX_TIMEOUT) . ', ajaxally_challenged: ' . (AJAXALLY_CHALLENGED ? 'true' : 'false') . ', textarray: {}, do_spellcheck: "' . txpspecialchars(get_pref('do_spellcheck', '#page-article #body, #page-article #title,' . '#page-image #alt-text, #page-image #caption,' . '#page-file #description,' . '#page-link #link-title, #page-link #link-description')) . '"};'); gTxtScript(array('form_submission_error', 'are_you_sure')); ?> <script type="text/javascript" src="textpattern.js"></script> <script type="text/javascript"> <!-- var cookieEnabled = checkCookies(); if (!cookieEnabled) { confirm('<?php echo trim(gTxt('cookies_must_be_enabled')); ?> '); } function poweredit(elm) { var something = elm.options[elm.selectedIndex].value; // Add another chunk of HTML var pjs = document.getElementById('js'); if (pjs == null) { var br = document.createElement('br'); elm.parentNode.appendChild(br); pjs = document.createElement('P'); pjs.setAttribute('id','js'); elm.parentNode.appendChild(pjs); } if (pjs.style.display == 'none' || pjs.style.display == '') { pjs.style.display = 'block'; } if (something != '') { switch (something) { default: pjs.style.display = 'none'; break; } } return false; } addEvent(window, 'load', cleanSelects); --> </script> <?php // Mandatory un-themable Textpattern core styles ?> <style type="text/css"> .not-ready .doc-ready, .not-ready form.async input[type="submit"], .not-ready a.async { visibility: hidden; } </style> <?php echo $theme->html_head(); callback_event('admin_side', 'head_end'); ?> </head> <body id="<?php echo $body_id; ?> " class="not-ready <?php echo $area; ?> "> <div class="txp-header"> <?php callback_event('admin_side', 'pagetop'); $theme->set_state($area, $event, $bm, $message); echo pluggable_ui('admin_side', 'header', $theme->header()); callback_event('admin_side', 'pagetop_end'); echo '</div><!-- /txp-header --><div class="txp-body">'; }
/** * Render a link element to hook up txpAsyncHref() with request parameters * * @param string $item Link text * @param array $parms Request parameters; array keys are 'event', 'step', 'thing', 'property' * @param string $atts HTML attributes * @return string HTML * @since 4.5.0 * @see textpattern.js: txpAsyncHref */ function asyncHref($item, $parms, $atts = '') { extract(doSpecial(lAtts(array('event' => $GLOBALS['event'], 'step' => $GLOBALS['step'], 'thing' => '', 'property' => ''), $parms))); $class = "{$step} async"; $href = "?event={$event}&step={$step}&thing={$thing}&property={$property}"; if (AJAXALLY_CHALLENGED) { $href .= '&value=' . txpspecialchars($item) . '&_txp_token=' . form_token(); } return href($item, $href, $atts . " class=\"{$class}\""); }
function ipban_list($message = '') { global $event; pageTop(gTxt('list_banned_ips'), $message); echo '<h1 class="txp-heading">' . gTxt('banned_ips') . '</h1>'; echo '<div id="' . $event . '_banned_control" class="txp-control-panel">'; echo graf(sLink('discuss', 'discuss_list', gTxt('list_discussions')), ' class="txp-buttons"'); echo '</div>'; $rs = safe_rows_start('*, unix_timestamp(date_banned) as uBanned', 'txp_discuss_ipban', "1 = 1 order by date_banned desc"); if ($rs and numRows($rs) > 0) { echo '<div id="' . $event . '_ban_container" class="txp-container">' . startTable('', '', 'txp-list') . n . '<thead>' . tr(hCell(gTxt('date_banned'), '', ' class="date banned"') . hCell(gTxt('IP'), '', ' class="ip"') . hCell(gTxt('name_used'), '', ' class="name"') . hCell(gTxt('banned_for'), '', ' class="id"')) . n . '</thead>'; echo '<tbody>'; while ($a = nextRow($rs)) { extract($a); echo tr(td(gTime($uBanned), '', 'date banned') . td(txpspecialchars($ip) . n . '[<a class="action-ban" href="?event=discuss' . a . 'step=ipban_unban' . a . 'ip=' . txpspecialchars($ip) . a . '_txp_token=' . form_token() . '">' . gTxt('unban') . '</a>]', '', 'ip') . td(txpspecialchars($name_used), '', 'name') . td('<a href="?event=discuss' . a . 'step=discuss_edit' . a . 'discussid=' . $banned_on_message . '">' . $banned_on_message . '</a>', '', 'id')); } echo '</tbody>' . endTable() . '</div>'; } else { echo graf(gTxt('no_ips_banned'), ' class="indicator"'); } }
<div class="inner_br"> <div class="cls100_p"> <div class="clsInnerCommon"> <h2><?php echo 'Provider Signup'; ?> </h2> <h3><span class="clsNewBuyer"><?php echo $this->lang->line('singup_2'); ?> </span></h3> <div class="clsMainInfo"> <form method="post" action="" enctype="multipart/form-data"> <?php echo form_token(); ?> <p><span> <?php echo $this->lang->line('conform_email'); ?> </span> <?php if (isset($confirmed_mail)) { echo $confirmed_mail; } ?> </p> <p><span><?php echo $this->lang->line('pick_username'); ?>
/** * Creates and outputs an admin-side header. * * The output contains HTML <head> section and the main * navigation. The results are echoed as opposed to returned. * * This function offers a way to invoke modal activity messages * and set the page title. * * Output will automatically become silent on asynchronous * script responses that do not want HTML headers. * * @param string $pagetitle The page title * @param string|array $message A message show to the user * @example * pagetop('Title', array('My error message', E_ERROR)); * echo 'My page contents.'; */ function pagetop($pagetitle, $message = '') { global $siteurl, $sitename, $txp_user, $event, $step, $app_mode, $theme, $privs; if ($app_mode == 'async') { return; } $area = gps('area'); $event = !$event ? 'article' : $event; $bm = gps('bm'); $privs = safe_field("privs", "txp_users", "name = '" . doSlash($txp_user) . "'"); $areas = areas(); $area = false; foreach ($areas as $k => $v) { if (in_array($event, $v)) { $area = $k; break; } } if (gps('logout')) { $body_id = 'page-logout'; } elseif (!$txp_user) { $body_id = 'page-login'; } else { $body_id = 'page-' . txpspecialchars($event); } header('X-Frame-Options: ' . X_FRAME_OPTIONS); header('X-UA-Compatible: ' . X_UA_COMPATIBLE); $lang_direction = gTxt('lang_dir'); if (!in_array($lang_direction, array('ltr', 'rtl'))) { // Apply biased default for missing translations $lang_direction = 'ltr'; } ?> <!DOCTYPE html> <html lang="<?php echo LANG; ?> " dir="<?php echo $lang_direction; ?> "> <head> <meta charset="utf-8"> <meta name="robots" content="noindex, nofollow"> <title><?php echo admin_title($pagetitle); ?> </title><?php echo script_js('vendors/jquery/jquery/jquery.js', TEXTPATTERN_SCRIPT_URL) . script_js('vendors/jquery/ui/js/jquery-ui.js', TEXTPATTERN_SCRIPT_URL) . script_js('//code.jquery.com/jquery-migrate-1.2.1.js', TEXTPATTERN_SCRIPT_URL) . script_js('var textpattern = ' . json_encode(array('event' => $event, 'step' => $step, '_txp_token' => form_token(), 'ajax_timeout' => (int) AJAX_TIMEOUT, 'textarray' => (object) null, 'do_spellcheck' => get_pref('do_spellcheck', '#page-article #body, #page-article #title,' . '#page-image #alt-text, #page-image #caption,' . '#page-file #description,' . '#page-link #link-title, #page-link #link-description'), 'production_status' => get_pref('production_status'))) . ';') . script_js('textpattern.js', TEXTPATTERN_SCRIPT_URL) . n; gTxtScript(array('form_submission_error', 'are_you_sure', 'cookies_must_be_enabled', 'ok', 'save', 'publish')); // Mandatory un-themable Textpattern core styles ?> <style> .not-ready .doc-ready, .not-ready form.async input[type="submit"], .not-ready a.async { visibility: hidden; } </style> <?php echo $theme->html_head(); callback_event('admin_side', 'head_end'); ?> </head> <body id="<?php echo $body_id; ?> " class="not-ready <?php echo $area; ?> "> <header role="banner" class="txp-header"> <?php callback_event('admin_side', 'pagetop'); $theme->set_state($area, $event, $bm, $message); echo pluggable_ui('admin_side', 'header', $theme->header()); callback_event('admin_side', 'pagetop_end'); echo n . '</header><!-- /txp-header -->' . n . '<main role="main" class="txp-body" aria-label="' . gTxt('main_content') . '">'; callback_event('admin_side', 'main_content'); }
</label> <div><textarea id="txtBody" name="txtBody" cols="130" rows="15" class="<?php echo $lang; ?> "><?php echo $post->postBody; ?> </textarea></div> </div> <div class="row"> <button type="submit" class="submit button green" id="btnSave" name="btnSave"><?php echo _t('Save'); ?> </button> <a href="<?php echo _url('admin/post/list'); ?> "> <button type="button" class="button" id="btnCancel" name="btnCancel"><?php echo _t('Cancel'); ?> </button> </a> </div> <?php form_token(); ?> </form> </div> <?php include _i('inc/tpl/footer.php');
function forumEditCat($f_cat, $f_des, $f_id2) { global $mysqli, $db_table_prefix, $load_page_dir, $session_token_num, $websiteUrl, $site_forum_main; // Form button to edit forum cat echo "<form enctype=\"multipart/form-data\" action=\"\" method=\"POST\" onsubmit=\"submitmystat.disabled = true; return true;\" class='sweetform' >"; // Setup token in form // create multi sessions if (isset($session_token_num)) { $session_token_num = $session_token_num + 1; } else { $session_token_num = "1"; } form_token(); echo "<input type=\"hidden\" name=\"forum_cat\" value=\"{$f_cat}\" />"; echo "<input type=\"hidden\" name=\"forum_id_edit\" value=\"{$f_id2}\" />"; echo "<input type=\"hidden\" name=\"EditCat\" value=\"TRUE\" />"; echo "<input type=\"submit\" value=\"Edit\" name=\"Edit\" class=\"sweet\" onClick=\"this.value = 'Please Wait....'\" />"; echo "</form>"; // Only Admins Can Delete Forum Cats if (userCheckForumAdmin()) { // Form button to delete forum cat echo "<form enctype=\"multipart/form-data\" action=\"{$websiteUrl}{$site_forum_main}forum_delete_stuff/\" method=\"POST\" onsubmit=\"submitmystat.disabled = true; return true;\" class='sweetform' >"; // Setup token in form // create multi sessions if (isset($session_token_num)) { $session_token_num = $session_token_num + 1; } else { $session_token_num = "1"; } form_token(); echo "<input type=\"hidden\" name=\"forum_cat\" value=\"{$f_cat}\" />"; echo "<input type=\"hidden\" name=\"forum_id_edit\" value=\"{$f_id2}\" />"; echo "<input type=\"hidden\" name=\"DeleteCat\" value=\"TRUE\" />"; echo "<input type=\"submit\" value=\"Delete\" name=\"Delete\" class=\"sweet\" onClick=\"this.value = 'Please Wait....'\" />"; echo "</form>"; } }