/** * Request user validation email. * Send email out to the address and request a confirmation. * * @param int $user_guid The user's GUID * @return mixed */ function uservalidationbyemail_request_validation($user_guid) { $site = elgg_get_site_entity(); $user_guid = (int) $user_guid; $user = get_entity($user_guid); if ($user && $user instanceof ElggUser) { // Work out validate link $link = "{$site->url}uservalidationbyemail/confirm?u={$user_guid}"; $link = elgg_http_get_signed_url($link); // Get email to show in the next page elgg_get_session()->set('emailsent', $user->email); $subject = elgg_echo('email:validate:subject', array($user->name, $site->name), $user->language); $body = elgg_echo('email:validate:body', array($user->name, $site->name, $link, $site->name, $site->url), $user->language); $params = ['action' => 'uservalidationbyemail', 'object' => $user, 'link' => $link]; // Send validation email $result = notify_user($user->guid, $site->guid, $subject, $body, $params, 'email'); return $result; } return FALSE; }
// protect /cron $protect_cron = (bool) get_config('security_protect_cron'); $hardening .= elgg_view_field(['#type' => 'checkbox', 'label' => elgg_echo('admin:administer_security:settings:protect_cron'), '#help' => elgg_echo('admin:administer_security:settings:protect_cron:help'), 'name' => 'security_protect_cron', 'default' => 0, 'value' => 1, 'checked' => $protect_cron]); if ($protect_cron) { $periods = elgg_get_config('elgg_cron_periods'); $rows = []; // header for table $cells = []; $cells[] = elgg_format_element('th', [], elgg_echo('admin:cron:period')); $cells[] = elgg_format_element('th', [], 'URL'); $rows[] = elgg_format_element('tr', [], implode('', $cells)); // add inverval urls foreach ($periods as $period) { $cells = []; $cells[] = elgg_format_element('td', [], elgg_echo("interval:{$period}")); $cells[] = elgg_format_element('td', [], elgg_http_get_signed_url("cron/{$period}")); $rows[] = elgg_format_element('tr', [], implode('', $cells)); } // cron url table $table = elgg_format_element('table', ['id' => 'security-cron-urls', 'class' => 'elgg-table mvm hidden'], implode('', $rows)); $content = elgg_echo('admin:administer_security:settings:protect_cron:token'); $content .= ' ' . elgg_view('output/url', ['text' => elgg_echo('admin:administer_security:settings:protect_cron:toggle'), 'href' => '#security-cron-urls', 'rel' => 'toggle']); $content .= $table; $hardening .= elgg_format_element('div', ['class' => 'elgg-divide-left plm mbm'], $content); } // disable autocomplete on password forms $hardening .= elgg_view_field(['#type' => 'checkbox', 'label' => elgg_echo('admin:administer_security:settings:disable_password_autocomplete'), '#help' => elgg_echo('admin:administer_security:settings:disable_password_autocomplete:help'), 'name' => 'security_disable_password_autocomplete', 'default' => 0, 'value' => 1, 'checked' => (bool) get_config('security_disable_password_autocomplete')]); // require password the changing email address $hardening .= elgg_view_field(['#type' => 'checkbox', 'label' => elgg_echo('admin:administer_security:settings:email_require_password'), '#help' => elgg_echo('admin:administer_security:settings:email_require_password:help'), 'name' => 'security_email_require_password', 'default' => 0, 'value' => 1, 'checked' => (bool) get_config('security_email_require_password')]); // allow others to extend this section $hardening .= elgg_view('admin/security/settings/extend/hardening');
<?php /** * Page shell for upgrade script * * Displays an ajax loader until upgrade is complete * * @uses $vars['head'] Parameters for the <head> element * @uses $vars['body'] The main content of the page * @uses $vars['sysmessages'] A 2d array of various message registers, passed from system_messages() * @uses $var['forward'] A relative path to forward to after upgrade. Defaults to /admin */ $refresh_url = elgg_http_add_url_query_elements(elgg_get_site_url() . 'upgrade.php', array('upgrade' => 'upgrade', 'forward' => elgg_extract('forward', $vars, '/admin'))); if (elgg_get_config('security_protect_upgrade')) { // sign the url in order to get past the protection $refresh_url = elgg_http_get_signed_url($refresh_url); } $refresh_url = htmlspecialchars($refresh_url); // render content before head so that JavaScript and CSS can be loaded. See #4032 $body = "<div style='margin-top:200px'>" . elgg_view('graphics/ajax_loader', array('hidden' => false)) . "</div>"; $head = elgg_view('page/elements/head', $vars['head']); $head .= "<meta http-equiv='refresh' content='1;url={$refresh_url}' />"; echo elgg_view("page/elements/html", array("head" => $head, "body" => $body));