/** * Generate an email activation code. * * @param int $user_guid The guid of the user * @param string $email_address Email address * @return string * @deprecated 2.3 */ function uservalidationbyemail_generate_code($user_guid, $email_address) { elgg_deprecated_notice(__FUNCTION__ . ' has been deprecated. Validation now relies on signed URL API', '2.3'); // Note: binding to site URL for multisite. $site_url = elgg_get_site_url(); return elgg_build_hmac([(int) $user_guid, $email_address, $site_url])->getToken(); }
/** * Handle a request for a file * * @param array $path URL path * @return void */ public function handleRequest($path) { if (!preg_match('~e(\\d+)/l(\\d+)/d([ia])/c([01])/([a-zA-Z0-9\\-_]+)/(.*)$~', $path, $m)) { header("HTTP/1.1 400 Bad Request"); exit; } list(, $expires, $last_updated, $disposition, $use_cookie, $mac, $path_from_dataroot) = $m; if ($expires && $expires < time()) { $this->send403('URL has expired'); } $etag = '"' . $last_updated . '"'; $this->handle304($etag); $hmac_data = array('expires' => (int) $expires, 'last_updated' => (int) $last_updated, 'disposition' => $disposition, 'path' => $path_from_dataroot, 'use_cookie' => (int) $use_cookie); if ((bool) $use_cookie) { $hmac_data['cookie'] = _elgg_services()->session->getId(); } ksort($hmac_data); $hmac = elgg_build_hmac($hmac_data); if (!$hmac->matchesToken($mac)) { $this->send403(); } $dataroot = _elgg_services()->config->get('dataroot'); if (empty($dataroot)) { $this->send404(); } $filenameonfilestore = "{$dataroot}{$path_from_dataroot}"; if (!is_readable($filenameonfilestore)) { $this->send404(); } $actual_last_updated = filemtime($filenameonfilestore); if ($actual_last_updated != $last_updated) { $this->send403('URL has expired'); } $mime = $this->getContentType($filenameonfilestore); header("Content-type: {$mime}", true); $filesize = filesize($filenameonfilestore); header("Content-Length: {$filesize}", true); if ($disposition == 'i') { header("Content-disposition: inline"); } else { $basename = basename($filenameonfilestore); header("Content-disposition: attachment; filename='{$basename}'"); } if ($expires) { $expires_str = gmdate('D, d M Y H:i:s \\G\\M\\T', $expires); } else { $expires_str = gmdate('D, d M Y H:i:s \\G\\M\\T', strtotime("+3 years")); } header('Expires: ' . $expires_str, true); $cache_control = $use_cookie ? 'no-cache' : 'public'; header("Pragma: {$cache_control}", true); header("Cache-Control: {$cache_control}", true); header("ETag: {$etag}"); readfile($filenameonfilestore); exit; }
/** * Validate a user * * @param int $user_guid * @param string $code * @return bool */ function uservalidationbyemail_validate_email($user_guid, $code) { $user = get_entity($user_guid); $site_url = elgg_get_site_url(); $matches = elgg_build_hmac([(int) $user_guid, $user->email, $site_url])->matchesToken($code); if (!$matches) { return false; } return elgg_set_user_validation_status($user_guid, true, 'email'); }
/** * Get the hmac token generator for account removal * * @param string $type what kind of token * @param int $user_guid the user_guid to generate for * * @access private * * @return false|\Elgg\Security\Hmac */ function account_removal_get_hmac($type, $user_guid) { $user = get_user($user_guid); if (empty($user)) { return false; } if (!in_array($type, ['remove', 'disable'])) { return false; } return elgg_build_hmac([$user->getGUID(), $type, $user->salt]); }
/** * Handle a request for a file * * @param Request $request HTTP request * @return Response */ public function getResponse($request) { $response = new Response(); $response->prepare($request); $path = implode('/', $request->getUrlSegments()); if (!preg_match('~serve-file/e(\\d+)/l(\\d+)/d([ia])/c([01])/([a-zA-Z0-9\\-_]+)/(.*)$~', $path, $m)) { return $response->setStatusCode(400)->setContent('Malformatted request URL'); } list(, $expires, $last_updated, $disposition, $use_cookie, $mac, $path_from_dataroot) = $m; if ($expires && $expires < time()) { return $response->setStatusCode(403)->setContent('URL has expired'); } $etag = '"' . $last_updated . '"'; $response->setPublic()->setEtag($etag); if ($response->isNotModified($request)) { return $response; } // @todo: change to minimal boot without plugins $this->application->bootCore(); $hmac_data = array('expires' => (int) $expires, 'last_updated' => (int) $last_updated, 'disposition' => $disposition, 'path' => $path_from_dataroot, 'use_cookie' => (int) $use_cookie); if ((bool) $use_cookie) { $hmac_data['cookie'] = _elgg_services()->session->getId(); } ksort($hmac_data); $hmac = elgg_build_hmac($hmac_data); if (!$hmac->matchesToken($mac)) { return $response->setStatusCode(403)->setContent('HMAC mistmatch'); } $dataroot = _elgg_services()->config->getDataPath(); $filenameonfilestore = "{$dataroot}{$path_from_dataroot}"; if (!is_readable($filenameonfilestore)) { return $response->setStatusCode(404)->setContent('File not found'); } $actual_last_updated = filemtime($filenameonfilestore); if ($actual_last_updated != $last_updated) { return $response->setStatusCode(403)->setContent('URL has expired'); } $public = $use_cookie ? false : true; $content_disposition = $disposition == 'i' ? 'inline' : 'attachment'; $response = new BinaryFileResponse($filenameonfilestore, 200, array(), $public, $content_disposition); $response->prepare($request); if (empty($expires)) { $expires = strtotime('+1 year'); } $expires_dt = (new DateTime())->setTimestamp($expires); $response->setExpires($expires_dt); $response->setEtag($etag); return $response; }
/** * Handles scraper pages * * @param array $segments URL segments * @return bool */ public static function serveScraperPages($segments) { $url = get_input('url'); if (!elgg_is_logged_in()) { $m = get_input('m'); if (!$m || !elgg_build_hmac($url)->matchesToken($m)) { return false; } } $viewtype = array_shift($segments); if (!$viewtype || !elgg_is_registered_viewtype($viewtype)) { $viewtype = 'default'; } elgg_set_viewtype($viewtype); echo elgg_view_resource('scraper/card', ['href' => $url, 'iframe' => get_input('iframe', false)]); return true; }
/** * Validates HMAC signature * * @param string $url URL to vlaidate * @return bool */ public function isValid($url) { $parts = parse_url($url); if (isset($parts['query'])) { $query = elgg_parse_str($parts['query']); } else { $query = []; } if (!isset($query[self::KEY_MAC])) { // No signature found return false; } $token = $query[self::KEY_MAC]; unset($query[self::KEY_MAC]); if (isset($query[self::KEY_EXPIRES]) && $query[self::KEY_EXPIRES] < time()) { // Signature has expired return false; } ksort($query); $parts['query'] = http_build_query($query); $url = elgg_http_build_url($parts, false); return elgg_build_hmac($url)->matchesToken($token); }
$module = elgg_extract('module', $vars, 'scraper-card'); $classes = array(elgg_extract('class', $vars)); $classes[] = 'scraper-card-block'; $classes[] = 'clearfix'; if ($meta->provider_name) { $classes[] = 'scraper-card-' . preg_replace('/[^a-z0-9\\-]/i', '-', strtolower($meta->provider_name)); } if (($meta->type == 'image' || $meta->type == 'photo') && $icon_url) { $vars['src'] = $icon_url; $vars['class'] = 'sraper-card-photo'; $img = elgg_view('output/img', $vars); $body = elgg_view('output/url', array('href' => $href, 'text' => $img)); } else { $body .= '<h3>' . $meta->title . '</h3>'; $body .= elgg_view('output/url', array('text' => parse_url($meta->url, PHP_URL_HOST), 'href' => $meta->url, 'class' => 'scraper-card-link')); $body .= elgg_view('output/longtext', array('value' => elgg_get_excerpt($meta->description), 'class' => 'scraper-card-description')); if ($icon_url) { $classes[] = 'scraper-card-has-icon'; $icon = elgg_view('output/url', array('class' => 'scraper-card-icon-bg', 'text' => '<span></span>', 'style' => 'background-image:url(' . $icon_url . ')', 'href' => $meta->url)); } if ($meta->html && ($meta->type == 'rich' || $meta->type == 'video')) { $icon .= elgg_format_element('div', ['class' => 'scraper-play-button', 'data-href' => elgg_http_add_url_query_elements(elgg_normalize_url('scraper/json'), array('url' => $href, 'm' => elgg_build_hmac($href)->getToken()))], elgg_view_icon('youtube-play')); } } $body = elgg_view_image_block($icon, $body, array('class' => implode(' ', array_filter($classes)))); if ($module) { $class = $meta->type ? " scraper-card-{$meta->type}" : ''; echo elgg_view_module($module, false, $body, array('class' => $class)); } else { echo $body; }
/** * Notifies an user of the RSVP * * @param string $type type of the RSVP * @param string $to guid of the user * * @return void */ protected function notifyOnRsvp($type, $to = null) { if ($type == EVENT_MANAGER_RELATION_ATTENDING_PENDING) { return; } $ia = elgg_set_ignore_access(true); if ($to === null) { $to = elgg_get_logged_in_user_guid(); } $to_entity = get_entity($to); if (empty($to_entity)) { elgg_set_ignore_access($ia); return; } // can we make nice links in the emails $html_email_handler_enabled = elgg_is_active_plugin("html_email_handler"); // do we have a registration link $registrationLink = ""; $unsubscribeLink = ""; if ($type == EVENT_MANAGER_RELATION_ATTENDING) { if ($this->registration_needed) { $link = elgg_get_site_url() . 'events/registration/view/' . $this->getGUID() . '?u_g=' . $to . '&k=' . elgg_build_hmac([$this->time_created, $to])->getToken(); $registrationLink = PHP_EOL . PHP_EOL; $registrationLink .= elgg_echo('event_manager:event:registration:notification:program:linktext'); $registrationLink .= PHP_EOL . PHP_EOL; if ($html_email_handler_enabled) { $registrationLink .= elgg_view("output/url", array("text" => $link, "href" => $link)); } else { $registrationLink .= $link; } } if ($this->register_nologin) { $link = elgg_get_site_url() . "events/unsubscribe/" . $this->getGUID() . "/" . elgg_get_friendly_title($this->title) . "?e=" . $to_entity->email; $unsubscribeLink = PHP_EOL . PHP_EOL; $unsubscribeLink .= elgg_echo('event_manager:event:registration:notification:unsubscribe:linktext'); $unsubscribeLink .= PHP_EOL . PHP_EOL; if ($html_email_handler_enabled) { $unsubscribeLink .= elgg_view("output/url", array("text" => $link, "href" => $link)); } else { $unsubscribeLink .= $link; } } if ($html_email_handler_enabled) { // add addthisevent banners in footer $registrationLink .= elgg_view('event_manager/email/addevent', ['entity' => $this]); } } // make the event title for in the e-mail if ($html_email_handler_enabled) { $event_title_link = elgg_view("output/url", array("text" => $this->title, "href" => $this->getURL())); } else { $event_title_link = $this->title; } // notify the owner of the event $this->notifyOwnerOnRSVP($type, $to_entity, $event_title_link, $registrationLink); // notify the attending user $user_subject = elgg_echo('event_manager:event:registration:notification:user:subject'); $user_message = elgg_echo('event_manager:event:registration:notification:user:text:' . $type, [$to_entity->name, $event_title_link]); $completed_text = elgg_strip_tags($this->registration_completed, '<a>'); if (!empty($completed_text)) { $completed_text = str_ireplace('[NAME]', $to_entity->name, $completed_text); $completed_text = str_ireplace('[EVENT]', $this->title, $completed_text); $user_message .= PHP_EOL . $completed_text; } $user_message .= $registrationLink . $unsubscribeLink; if ($to_entity instanceof ElggUser) { // use notification system for real users $summary = elgg_echo('event_manager:event:registration:notification:user:summary:' . $type, [$this->title]); // set params for site notifications $params = ['summary' => $summary, 'object' => $this, 'action' => 'rsvp']; notify_user($to, $this->getOwnerGUID(), $user_subject, $user_message, $params); } else { // send e-mail for non users $to_email = $to_entity->name . "<" . $to_entity->email . ">"; $site = elgg_get_site_entity($this->site_guid); $site_from = $this->getSiteEmailAddress($site); elgg_send_email($site_from, $to_email, $user_subject, $user_message); } elgg_set_ignore_access($ia); }
<?php $menus_present = (array) elgg_get_config("lazy_hover:menus"); $user = elgg_extract("entity", $vars); if (!elgg_instanceof($user, "user")) { return; } $guid = (int) $user->getGUID(); $page_owner_guid = (int) elgg_get_page_owner_guid(); $contexts = elgg_get_context_stack(); $input = (array) elgg_get_config("input"); // generate MAC so we don't have to trust the client's choice of contexts $data = serialize([$guid, $page_owner_guid, $contexts, $input]); $mac = elgg_build_hmac($data)->getToken(); $attrs = ["rel" => $mac, "class" => "elgg-menu elgg-menu-hover elgg-ajax-loader"]; if (empty($menus_present[$mac])) { $attrs["data-elgg-menu-data"] = json_encode(["g" => $guid, "pog" => $page_owner_guid, "c" => $contexts, "m" => $mac, "i" => $input]); $menus_present[$mac] = true; elgg_set_config("lazy_hover:menus", $menus_present); } echo elgg_format_element('ul', $attrs);
/** * Returns publically accessible URL * @return string|false */ public function getURL() { if (!$this->file instanceof \ElggFile || !$this->file->exists()) { elgg_log("Unable to resolve resource URL for a file that does not exist on filestore"); return false; } $relative_path = ''; $root_prefix = _elgg_services()->config->get('dataroot'); $path = $this->file->getFilenameOnFilestore(); if (substr($path, 0, strlen($root_prefix)) == $root_prefix) { $relative_path = substr($path, strlen($root_prefix)); } if (!$relative_path) { elgg_log("Unable to resolve relative path of the file on the filestore"); return false; } $data = array('expires' => isset($this->expires) ? $this->expires : 0, 'last_updated' => filemtime($this->file->getFilenameOnFilestore()), 'disposition' => $this->disposition == self::DISPOSITION_INLINE ? 'i' : 'a', 'path' => $relative_path); if ($this->use_cookie) { $data['cookie'] = _elgg_services()->session->getId(); if (empty($data['cookie'])) { return false; } $data['use_cookie'] = 1; } else { $data['use_cookie'] = 0; } ksort($data); $mac = elgg_build_hmac($data)->getToken(); return elgg_normalize_url("mod/proxy/e{$data['expires']}/l{$data['last_updated']}/d{$data['disposition']}/c{$data['use_cookie']}/{$mac}/{$relative_path}"); }
/** * Generate a unsubscribe code to be used in validation * * @param ElggEntity $container Which newsletter container (ElggSite or ElggGroup) * @param string|int $recipient The user_guid or email address of the recipient * * @return bool|string The unsubscribe code or false on failure */ function newsletter_generate_unsubscribe_code(ElggEntity $container, $recipient) { if (!elgg_instanceof($container, 'site') && !elgg_instanceof($container, 'group')) { return false; } if (empty($recipient)) { return false; } // make sure we have a user_guid or email address if (!is_numeric($recipient) && !newsletter_is_email_address($recipient)) { return false; } if (is_numeric($recipient)) { $recipient = (int) $recipient; } $plugin = elgg_get_plugin_from_id('newsletter'); $hmac = elgg_build_hmac([$container->getGUID(), $recipient, $plugin->time_created]); return $hmac->getToken(); }
<?php // capture global state necessary for menus $state = ['contexts' => elgg_get_context_stack(), 'input' => elgg_get_config("input"), 'page_owner_guid' => elgg_get_page_owner_guid()]; // g = guid, pog = page_owner_guid, c = contexts, m = mac $guid = (int) get_input("g", 0, false); $page_owner_guid = (int) get_input("pog", 0, false); $contexts = (array) get_input("c", [], false); $mac = get_input("m", "", false); $input = (array) get_input("i", [], false); // verify MAC $data = serialize([$guid, $page_owner_guid, $contexts, $input]); if (!elgg_build_hmac($data)->matchesToken($mac)) { return; } $user = get_user($guid); if (!$user) { return; } // render view using state as it was in the placeholder view elgg_set_context_stack($contexts); elgg_set_config("input", $input); elgg_set_page_owner_guid($page_owner_guid); $params = ["entity" => $user, "username" => $user->username, "name" => $user->name]; echo elgg_view_menu("user_hover", $params); // revert global state elgg_set_context_stack($state['contexts']); elgg_set_config("input", $state['input']); elgg_set_page_owner_guid($state['page_owner_guid']);
/** * Returns publicly accessible URL * @return string|false */ public function getURL() { if (!$this->file instanceof \ElggFile || !$this->file->exists()) { elgg_log("Unable to resolve resource URL for a file that does not exist on filestore"); return false; } $relative_path = ''; $root_prefix = _elgg_services()->config->get('dataroot'); $path = $this->file->getFilenameOnFilestore(); if (substr($path, 0, strlen($root_prefix)) == $root_prefix) { $relative_path = substr($path, strlen($root_prefix)); } if (!$relative_path) { // File object has a custom filestore if ($this->file->guid) { $url_segments = array('download-file', "g{$this->file->guid}"); return elgg_normalize_url(implode('/', $url_segments)); } elgg_log("Unable to resolve relative path of the file on the filestore"); return false; } $data = array('expires' => isset($this->expires) ? $this->expires : 0, 'last_updated' => filemtime($this->file->getFilenameOnFilestore()), 'disposition' => $this->disposition == self::INLINE ? 'i' : 'a', 'path' => $relative_path); if ($this->use_cookie) { $data['cookie'] = _elgg_services()->session->getId(); if (empty($data['cookie'])) { return false; } $data['use_cookie'] = 1; } else { $data['use_cookie'] = 0; } ksort($data); $mac = elgg_build_hmac($data)->getToken(); $url_segments = array('serve-file', "e{$data['expires']}", "l{$data['last_updated']}", "d{$data['disposition']}", "c{$data['use_cookie']}", $mac, $relative_path); return elgg_normalize_url(implode('/', $url_segments)); }
$entity = get_entity($user_guid); if (empty($entity)) { forward('events'); } if (!elgg_build_hmac([$event->time_created, $user_guid])->matchesToken($key)) { forward('events'); } $old_ia = elgg_set_ignore_access(true); $output .= elgg_view('event_manager/event/pdf', ['entity' => $event]); $output .= elgg_view('event_manager/registration/user_data', ['event' => $event, 'entity' => $entity]); if ($event->with_program) { $output .= $event->getProgramData($user_guid); } elgg_set_ignore_access($old_ia); } else { gatekeeper(); if (!$event->canEdit() && $user_guid !== elgg_get_logged_in_user_guid()) { forward($event->getURL()); } $output .= elgg_view('event_manager/event/pdf', ['entity' => $event]); $output .= elgg_view('event_manager/registration/user_data', ['event' => $event, 'entity' => elgg_get_logged_in_user_entity()]); if ($event->with_program) { $output .= $event->getProgramData($user_guid); } if ($user_guid == elgg_get_logged_in_user_guid()) { elgg_register_menu_item('title', \ElggMenuItem::factory(['name' => 'edityourregistration', 'text' => elgg_echo('event_manager:registration:edityourregistration'), 'link_class' => 'elgg-button elgg-button-action', 'href' => 'events/event/register/' . $event->getGUID() . '/event_attending'])); } } elgg_register_menu_item('title', \ElggMenuItem::factory(['name' => 'save_to_pdf', 'text' => elgg_echo('event_manager:registration:view:savetopdf'), 'link_class' => 'elgg-button elgg-button-action', 'href' => 'action/event_manager/registration/pdf?k=' . elgg_build_hmac([$event->time_created, $user_guid])->getToken() . '&guid=' . $guid . '&u_g=' . $user_guid, 'is_action' => true])); $body = elgg_view_layout('content', ['filter' => '', 'content' => $output, 'title' => $title_text]); echo elgg_view_page($title_text, $body);
<?php elgg_load_library('dompdf'); $key = get_input('k'); $guid = (int) get_input('guid'); $user_guid = (int) get_input('u_g', elgg_get_logged_in_user_guid()); $event = null; if ($guid && ($entity = get_entity($guid))) { if ($entity instanceof Event) { $event = $entity; } } if (!$event || empty($key)) { forward('events'); } $tempKey = elgg_build_hmac([$event->time_created, $user_guid])->getToken(); $entity = get_entity($user_guid); if (empty($entity) || $tempKey !== $key) { forward('events'); } $html = elgg_view_title(elgg_echo('event_manager:registration:yourregistration')); $html .= elgg_view('event_manager/event/pdf', ['entity' => $event]); $old_ia = elgg_set_ignore_access(true); $html .= elgg_view('event_manager/registration/user_data', ['event' => $event, 'entity' => $entity, 'show_title' => true]); if ($event->with_program) { elgg_push_context('programmailview'); $html .= elgg_view_module('main', '', elgg_view('event_manager/program/pdf', ['entity' => $event, 'user_guid' => $user_guid])); elgg_pop_context(); } elgg_set_ignore_access($old_ia); $dompdf = new DOMPDF();
<?php $a = get_input('a'); $u = (int) get_input('u'); $f = (int) get_input('f'); $hmac = elgg_build_hmac(array('a' => $a, 'u' => $u, 'f' => $f)); if (!$hmac->matchesToken(get_input('m'))) { register_error(elgg_echo('user:friends:confirm_error')); forward('', '403'); } $ia = elgg_set_ignore_access(true); $page_owner = elgg_extract('entity', $vars, elgg_get_page_owner_entity()); $friend = get_entity($u); // user who requested friendship $user = get_entity($f); // user who was requested if (!$user || !$friend) { register_error(elgg_echo('user:friends:confirm_error')); forward('', '403'); } switch ($a) { case 'decline': if (user_friends_decline_friend_request($user, $friend)) { system_message(elgg_echo('friend_request:decline:success')); } else { register_error(elgg_echo('friend_request:decline:fail')); } break; case 'approve': if (user_friends_approve_friend_request($user, $friend)) { system_message(elgg_echo('friend_request:approve:successful', [$friend->getDisplayName()]));
/** * Routes group invitation confirmation page * * @param string $hook "route" * @param string $type "groups" * @param array $return Identifier and segments * @param array $params Hook params * @return array */ function groups_invite_router($hook, $type, $return, $params) { $identifier = $return['identifier']; $segments = $return['segments']; if ($identifier == 'groups' && $segments[0] == 'invitations' && $segments[1] == 'confirm') { $i = (int) get_input('i'); $g = (int) get_input('g'); $hmac = elgg_build_hmac(array('i' => $i, 'g' => $g)); if (!$hmac->matchesToken(get_input('m'))) { register_error(elgg_echo('groups:invite:confirm:error')); forward('', '403'); } $ia = elgg_set_ignore_access(true); $user = get_entity($i); $group = get_entity($g); if (groups_join_group($group, $user)) { system_message(elgg_echo('groups:joined')); } else { register_error(elgg_echo('groups:invite:confirm:error')); } forward(''); } }
/** * Returns registration validation code * * @param string $event_guid guid of event * @param string $user_guid guid of user * * @return false|string */ function event_manager_generate_registration_validation_code($event_guid, $user_guid) { if (empty($event_guid) || empty($user_guid)) { return false; } $event = get_entity($event_guid); $user = get_entity($user_guid); $result = false; if (!empty($event) && elgg_instanceof($event, 'object', Event::SUBTYPE) && !empty($user) && (elgg_instanceof($user, 'user') || elgg_instanceof($user, 'object', EventRegistration::SUBTYPE))) { $result = elgg_build_hmac([$event_guid, $user_guid, $event->time_created])->getToken(); } return $result; }
/** * Friend request notification * * @param string $event "create" * @param stirng $type "relationship * @param ElggRelationship $relationship Relationship object * @return void */ function user_friends_friend_request_notification($event, $type, $relationship) { if (!$relationship instanceof ElggRelationship) { return; } if ($relationship->relationship !== 'friendrequest') { return; } $user = get_entity($relationship->guid_one); $friend = get_entity($relationship->guid_two); if (!$user || !$friend) { return; } $hmac = elgg_build_hmac(array('a' => 'approve', 'u' => $user->guid, 'f' => $friend->guid)); $approve_url = elgg_http_add_url_query_elements(elgg_normalize_url("friends/{$friend->username}/confirm"), array('a' => 'approve', 'u' => $user->guid, 'f' => $friend->guid, 'm' => $hmac->getToken())); $hmac = elgg_build_hmac(array('a' => 'decline', 'u' => $user->guid, 'f' => $friend->guid)); $decline_url = elgg_http_add_url_query_elements(elgg_normalize_url("friends/{$friend->username}/confirm"), array('a' => 'decline', 'u' => $user->guid, 'f' => $friend->guid, 'm' => $hmac->getToken())); $list_url = elgg_normalize_url("friends/{$friend->username}/requests"); // Notify target user $subject = elgg_echo('friend_request:newfriend:subject', [$user->name]); $message = elgg_echo('friend_request:newfriend:body', [$user->name, $list_url]); notify_user($friend->guid, $user->guid, $subject, $message, ['template' => 'friend_request_new', 'action' => 'friend_request', 'object' => $friend, 'approve_url' => $approve_url, 'decline_url' => $decline_url, 'list_url' => $list_url]); }
if ($add) { if ($group->canEdit() && groups_join_group($group, $invitee)) { $added++; } else { $error++; } continue; } if (check_entity_relationship($group->guid, 'invited', $invitee->guid)) { if (!$resend) { $skipped++; continue; } } add_entity_relationship($group->guid, 'invited', $invitee->guid); $hmac = elgg_build_hmac(array('i' => (int) $invitee->guid, 'g' => (int) $group->guid)); $url = elgg_http_add_url_query_elements(elgg_normalize_url("groups/invitations/confirm"), array('i' => $invitee->guid, 'g' => $group->guid, 'm' => $hmac->getToken())); $invitee_link = elgg_view('output/url', array('text' => $inviter->getDisplayName(), 'href' => $inviter->getURL())); $group_link = elgg_view('output/url', array('text' => $group->getDisplayName(), 'href' => $group->getURL())); $summary = elgg_echo('groups:invite:user:subject', array($invitee_link, $group_link), $invitee->language); $subject = strip_tags($summary); $body = elgg_echo('groups:invite:user:body', array($invitee->name, $inviter->name, $group->name, $url), $invitee->language); $params = ['action' => 'invite', 'object' => $group, 'summary' => $summary, 'template' => 'groups_invite_user', 'confirm_link' => $url]; $result = notify_user($invitee->getGUID(), $inviter->guid, $subject, $body, $params); if ($result) { $invited++; } else { $error++; } } $total = $error + $invited + $skipped + $added;