Пример #1
0
/**
 * Request user validation email.
 * Send email out to the address and request a confirmation.
 *
 * @param int  $user_guid The user's GUID
 * @return mixed
 */
function uservalidationbyemail_request_validation($user_guid)
{
    $site = elgg_get_site_entity();
    $user_guid = (int) $user_guid;
    $user = get_entity($user_guid);
    if ($user && $user instanceof ElggUser) {
        // Work out validate link
        $link = "{$site->url}uservalidationbyemail/confirm?u={$user_guid}";
        $link = elgg_http_get_signed_url($link);
        // Get email to show in the next page
        elgg_get_session()->set('emailsent', $user->email);
        $subject = elgg_echo('email:validate:subject', array($user->name, $site->name), $user->language);
        $body = elgg_echo('email:validate:body', array($user->name, $site->name, $link, $site->name, $site->url), $user->language);
        $params = ['action' => 'uservalidationbyemail', 'object' => $user, 'link' => $link];
        // Send validation email
        $result = notify_user($user->guid, $site->guid, $subject, $body, $params, 'email');
        return $result;
    }
    return FALSE;
}
Пример #2
0
// protect /cron
$protect_cron = (bool) get_config('security_protect_cron');
$hardening .= elgg_view_field(['#type' => 'checkbox', 'label' => elgg_echo('admin:administer_security:settings:protect_cron'), '#help' => elgg_echo('admin:administer_security:settings:protect_cron:help'), 'name' => 'security_protect_cron', 'default' => 0, 'value' => 1, 'checked' => $protect_cron]);
if ($protect_cron) {
    $periods = elgg_get_config('elgg_cron_periods');
    $rows = [];
    // header for table
    $cells = [];
    $cells[] = elgg_format_element('th', [], elgg_echo('admin:cron:period'));
    $cells[] = elgg_format_element('th', [], 'URL');
    $rows[] = elgg_format_element('tr', [], implode('', $cells));
    // add inverval urls
    foreach ($periods as $period) {
        $cells = [];
        $cells[] = elgg_format_element('td', [], elgg_echo("interval:{$period}"));
        $cells[] = elgg_format_element('td', [], elgg_http_get_signed_url("cron/{$period}"));
        $rows[] = elgg_format_element('tr', [], implode('', $cells));
    }
    // cron url table
    $table = elgg_format_element('table', ['id' => 'security-cron-urls', 'class' => 'elgg-table mvm hidden'], implode('', $rows));
    $content = elgg_echo('admin:administer_security:settings:protect_cron:token');
    $content .= ' ' . elgg_view('output/url', ['text' => elgg_echo('admin:administer_security:settings:protect_cron:toggle'), 'href' => '#security-cron-urls', 'rel' => 'toggle']);
    $content .= $table;
    $hardening .= elgg_format_element('div', ['class' => 'elgg-divide-left plm mbm'], $content);
}
// disable autocomplete on password forms
$hardening .= elgg_view_field(['#type' => 'checkbox', 'label' => elgg_echo('admin:administer_security:settings:disable_password_autocomplete'), '#help' => elgg_echo('admin:administer_security:settings:disable_password_autocomplete:help'), 'name' => 'security_disable_password_autocomplete', 'default' => 0, 'value' => 1, 'checked' => (bool) get_config('security_disable_password_autocomplete')]);
// require password the changing email address
$hardening .= elgg_view_field(['#type' => 'checkbox', 'label' => elgg_echo('admin:administer_security:settings:email_require_password'), '#help' => elgg_echo('admin:administer_security:settings:email_require_password:help'), 'name' => 'security_email_require_password', 'default' => 0, 'value' => 1, 'checked' => (bool) get_config('security_email_require_password')]);
// allow others to extend this section
$hardening .= elgg_view('admin/security/settings/extend/hardening');
Пример #3
0
<?php

/**
 * Page shell for upgrade script
 *
 * Displays an ajax loader until upgrade is complete
 *
 * @uses $vars['head']        Parameters for the <head> element
 * @uses $vars['body']        The main content of the page
 * @uses $vars['sysmessages'] A 2d array of various message registers, passed from system_messages()
 * @uses $var['forward']      A relative path to forward to after upgrade. Defaults to /admin
 */
$refresh_url = elgg_http_add_url_query_elements(elgg_get_site_url() . 'upgrade.php', array('upgrade' => 'upgrade', 'forward' => elgg_extract('forward', $vars, '/admin')));
if (elgg_get_config('security_protect_upgrade')) {
    // sign the url in order to get past the protection
    $refresh_url = elgg_http_get_signed_url($refresh_url);
}
$refresh_url = htmlspecialchars($refresh_url);
// render content before head so that JavaScript and CSS can be loaded. See #4032
$body = "<div style='margin-top:200px'>" . elgg_view('graphics/ajax_loader', array('hidden' => false)) . "</div>";
$head = elgg_view('page/elements/head', $vars['head']);
$head .= "<meta http-equiv='refresh' content='1;url={$refresh_url}' />";
echo elgg_view("page/elements/html", array("head" => $head, "body" => $body));