function gpc_strip_slashes($p_var)
{
if (0 == get_magic_quotes_gpc()) {
return $p_var;
} else {
if (!is_array($p_var)) {
return stripslashes($p_var);
} else {
foreach ($p_var as $key => $value) {
$p_var[$key] = gpc_strip_slashes($value);
}
return $p_var;
}
}
}
function gpc_get($p_var_name, $p_default = null)
{
global $_POST, $_GET;
if (isset($_POST[$p_var_name])) {
$t_result = gpc_strip_slashes($_POST[$p_var_name]);
} else {
if (isset($_GET[$p_var_name])) {
$t_result = gpc_strip_slashes($_GET[$p_var_name]);
} else {
if (func_num_args() > 1) {
#check for a default passed in (allowing null)
$t_result = $p_default;
} else {
error_parameters($p_var_name);
trigger_error(ERROR_GPC_VAR_NOT_FOUND, ERROR);
$t_result = null;
}
}
}
return $t_result;
}
function helper_ensure_confirmed($p_message, $p_button_label)
{
if (true == gpc_get_bool('_confirmed')) {
return true;
}
html_page_top1();
html_page_top2();
# @@@ we need to improve this formatting. I'd like the text to only
# be about 50% the width of the screen so that it doesn't become to hard
# to read.
print "<br />\n<div align=\"center\">\n";
print_hr();
print "\n{$p_message}\n";
print '<form method="post" action="' . $_SERVER['PHP_SELF'] . "\">\n";
print_hidden_inputs(gpc_strip_slashes($_POST));
print_hidden_inputs(gpc_strip_slashes($_GET));
print "<input type=\"hidden\" name=\"_confirmed\" value=\"1\" />\n";
print '<br /><br /><input type="submit" class="button" value="' . $p_button_label . '" />';
print "\n</form>\n";
print_hr();
print "</div>\n";
html_page_bottom1();
exit;
}
/**
* Check whether the user has confirmed this action.
*
* If the user has not confirmed the action, generate a page which asks
* the user to confirm and then submits a form back to the current page
* with all the GET and POST data and an additional field called _confirmed
* to indicate that confirmation has been done.
* @param string $p_message
* @param string $p_button_label
* @return bool
* @todo improve this formatting - to only be about 50% of the screen width so that it doesn't become hard to read.
*/
function helper_ensure_confirmed($p_message, $p_button_label)
{
if (true == gpc_get_bool('_confirmed')) {
return true;
}
html_page_top();
echo "<br />\n<div class=\"center\">\n<hr />";
echo "\n{$p_message}\n";
echo '<form method="post" action="">' . "\n";
# CSRF protection not required here - user needs to confirm action
# before the form is accepted.
print_hidden_inputs(gpc_strip_slashes($_POST));
print_hidden_inputs(gpc_strip_slashes($_GET));
echo "<input type=\"hidden\" name=\"_confirmed\" value=\"1\" />\n";
echo '<br /><br /><input type="submit" class="button" value="' . $p_button_label . '" />';
echo "\n</form>\n";
echo "<hr /></div>\n";
html_page_bottom();
exit;
}
/**
* Generate the intermediate authentication page.
* @param integer User ID
* @param string Username
* @return bool
* @access public
*/
function auth_reauthenticate_page($p_user_id, $p_username)
{
$t_error = false;
if (true == gpc_get_bool('_authenticate')) {
$f_password = gpc_get_string('password', '');
if (auth_attempt_login($p_username, $f_password)) {
auth_set_tokens($p_user_id);
return true;
} else {
$t_error = true;
}
}
html_page_top();
?>
<div align="center">
<p>
<?php
echo lang_get('reauthenticate_message');
if ($t_error != false) {
echo '<br/><font color="red">', lang_get('login_error'), '</font>';
}
?>
</p>
<form name="reauth_form" method="post" action="<?php
echo form_action_self();
?>
">
<?php
# CSRF protection not required here - user needs to enter password
# (confirmation step) before the form is accepted.
print_hidden_inputs(gpc_strip_slashes($_POST));
print_hidden_inputs(gpc_strip_slashes($_GET));
?>
<input type="hidden" name="_authenticate" value="1" />
<table class="width50 center">
<tr>
<td class="form-title" colspan="2"><?php
echo lang_get('reauthenticate_title');
?>
</td>
</tr>
<tr class="row-1">
<th class="category"><?php
echo lang_get('username');
?>
</th>
<td><input type="text" disabled="disabled" size="32" maxlength="<?php
echo USERLEN;
?>
" value="<?php
echo string_attribute($p_username);
?>
" /></td>
</tr>
<tr class="row-2">
<th class="category"><?php
echo lang_get('password');
?>
</th>
<td><input type="password" name="password" size="16" maxlength="<?php
echo PASSLEN;
?>
" class="autofocus" /></td>
</tr>
<tr>
<td class="center" colspan="2"><input type="submit" class="button" value="<?php
echo lang_get('login_button');
?>
" /></td>
</tr>
</table>
</form>
</div>
<?php
html_page_bottom();
exit;
}
function gpc_get_cookie($p_var_name, $p_default = null)
{
# simulate auto-globals from PHP v4.1.0 (see also code in php_api.php)
if (!php_version_at_least('4.1.0')) {
global $_COOKIE;
}
if (isset($_COOKIE[$p_var_name])) {
$t_result = gpc_strip_slashes($_COOKIE[$p_var_name]);
} else {
if (func_num_args() > 1) {
#check for a default passed in (allowing null)
$t_result = $p_default;
} else {
#trigger_error(ERROR_GPC_VAR_NOT_FOUND, ERROR);
echo "Variable '{$p_var_name}' not found";
$t_result = null;
}
}
return $t_result;
}
/**
* Generate the intermediate authentication page.
* @param integer User ID
* @param string Username
*/
function auth_reauthenticate_page($p_user_id, $p_username)
{
$t_error = false;
if (true == gpc_get_bool('_authenticate')) {
$f_password = gpc_get_string('password', '');
if (auth_attempt_login($p_username, $f_password)) {
auth_set_tokens($p_user_id);
return true;
} else {
$t_error = true;
}
}
html_page_top1();
html_page_top2();
?>
<div align="center">
<p>
<?php
echo lang_get('reauthenticate_message');
if ($t_error != false) {
echo '<br/><font color="red">', lang_get('login_error'), '</font>';
}
?>
</p>
<form method="post" action="<?php
echo $_SERVER['PHP_SELF'];
?>
">
<?php
print_hidden_inputs(gpc_strip_slashes($_POST));
print_hidden_inputs(gpc_strip_slashes($_GET));
?>
<input type="hidden" name="_authenticate" value="1" />
<table class="width50 center">
<tr>
<td class="form-title"><?php
echo lang_get('reauthenticate_title');
?>
</td>
</tr>
<tr class="row-1">
<td class="category"><?php
echo lang_get('username');
?>
</td>
<td><input type="text" disabled="disabled" size="32" maxlength="32" value="<?php
echo $p_username;
?>
" /></td>
</tr>
<tr class="row-2">
<td class="category"><?php
echo lang_get('password');
?>
</td>
<td><input type="password" name="password" size="16" maxlength="32" /></td>
</tr>
<tr>
<td class="center" colspan="2"><input type="submit" class="button" value="<?php
echo lang_get('login_button');
?>
" /></td>
</tr>
</table>
</form>
</div>
<?php
html_page_bottom1();
exit;
}
/**
* Generate the intermediate authentication page.
* @param integer User ID
* @param string Username
* @return bool
* @access public
*/
function auth_reauthenticate_page($p_user_id, $p_username)
{
$t_error = false;
if (true == gpc_get_bool('_authenticate')) {
$f_password = gpc_get_string('password', '');
if (auth_attempt_login($p_username, $f_password)) {
auth_set_tokens($p_user_id);
return true;
} else {
$t_error = true;
}
}
html_page_top();
?>
<div class="important-msg">
<?php
echo lang_get('reauthenticate_message');
if ($t_error != false) {
echo '<br /><span class="error-msg">', lang_get('login_error'), '</span>';
}
?>
</div>
<div id="reauth-div" class="form-container">
<form id="reauth-form" method="post" action="">
<fieldset>
<legend><span><?php
echo lang_get('reauthenticate_title');
?>
</span></legend>
<?php
# CSRF protection not required here - user needs to enter password
# (confirmation step) before the form is accepted.
print_hidden_inputs(gpc_strip_slashes($_POST));
print_hidden_inputs(gpc_strip_slashes($_GET));
?>
<input type="hidden" name="_authenticate" value="1" />
<div class="field-container <?php
echo helper_alternate_class_no_attribute();
?>
">
<label for="username"><span><?php
echo lang_get('username');
?>
</span></label>
<span class="input"><input id="username" type="text" disabled="disabled" size="32" maxlength="<?php
echo DB_FIELD_SIZE_USERNAME;
?>
" value="<?php
echo string_attribute($p_username);
?>
" /></span>
<span class="label-style"></span>
</div>
<div class="field-container <?php
echo helper_alternate_class_no_attribute();
?>
">
<label for="password"><span><?php
echo lang_get('password');
?>
</span></label>
<span class="input"><input id="password" type="password" name="password" size="32" maxlength="<?php
echo auth_get_password_max_size();
?>
" class="autofocus" /></span>
<span class="label-style"></span>
</div>
<span class="submit-button"><input type="submit" class="button" value="<?php
echo lang_get('login_button');
?>
" /></span>
</fieldset>
</form>
</div>
<?php
html_page_bottom();
exit;
}