/**
* Request user validation email.
* Send email out to the address and request a confirmation.
*
* @param int $user_guid The user's GUID
* @return mixed
*/
function uservalidationbyemail_request_validation($user_guid)
{
$site = elgg_get_site_entity();
$user_guid = (int) $user_guid;
$user = get_entity($user_guid);
if ($user && $user instanceof ElggUser) {
// Work out validate link
$link = "{$site->url}uservalidationbyemail/confirm?u={$user_guid}";
$link = elgg_http_get_signed_url($link);
// Get email to show in the next page
elgg_get_session()->set('emailsent', $user->email);
$subject = elgg_echo('email:validate:subject', array($user->name, $site->name), $user->language);
$body = elgg_echo('email:validate:body', array($user->name, $site->name, $link, $site->name, $site->url), $user->language);
$params = ['action' => 'uservalidationbyemail', 'object' => $user, 'link' => $link];
// Send validation email
$result = notify_user($user->guid, $site->guid, $subject, $body, $params, 'email');
return $result;
}
return FALSE;
}
// protect /cron
$protect_cron = (bool) get_config('security_protect_cron');
$hardening .= elgg_view_field(['#type' => 'checkbox', 'label' => elgg_echo('admin:administer_security:settings:protect_cron'), '#help' => elgg_echo('admin:administer_security:settings:protect_cron:help'), 'name' => 'security_protect_cron', 'default' => 0, 'value' => 1, 'checked' => $protect_cron]);
if ($protect_cron) {
$periods = elgg_get_config('elgg_cron_periods');
$rows = [];
// header for table
$cells = [];
$cells[] = elgg_format_element('th', [], elgg_echo('admin:cron:period'));
$cells[] = elgg_format_element('th', [], 'URL');
$rows[] = elgg_format_element('tr', [], implode('', $cells));
// add inverval urls
foreach ($periods as $period) {
$cells = [];
$cells[] = elgg_format_element('td', [], elgg_echo("interval:{$period}"));
$cells[] = elgg_format_element('td', [], elgg_http_get_signed_url("cron/{$period}"));
$rows[] = elgg_format_element('tr', [], implode('', $cells));
}
// cron url table
$table = elgg_format_element('table', ['id' => 'security-cron-urls', 'class' => 'elgg-table mvm hidden'], implode('', $rows));
$content = elgg_echo('admin:administer_security:settings:protect_cron:token');
$content .= ' ' . elgg_view('output/url', ['text' => elgg_echo('admin:administer_security:settings:protect_cron:toggle'), 'href' => '#security-cron-urls', 'rel' => 'toggle']);
$content .= $table;
$hardening .= elgg_format_element('div', ['class' => 'elgg-divide-left plm mbm'], $content);
}
// disable autocomplete on password forms
$hardening .= elgg_view_field(['#type' => 'checkbox', 'label' => elgg_echo('admin:administer_security:settings:disable_password_autocomplete'), '#help' => elgg_echo('admin:administer_security:settings:disable_password_autocomplete:help'), 'name' => 'security_disable_password_autocomplete', 'default' => 0, 'value' => 1, 'checked' => (bool) get_config('security_disable_password_autocomplete')]);
// require password the changing email address
$hardening .= elgg_view_field(['#type' => 'checkbox', 'label' => elgg_echo('admin:administer_security:settings:email_require_password'), '#help' => elgg_echo('admin:administer_security:settings:email_require_password:help'), 'name' => 'security_email_require_password', 'default' => 0, 'value' => 1, 'checked' => (bool) get_config('security_email_require_password')]);
// allow others to extend this section
$hardening .= elgg_view('admin/security/settings/extend/hardening');
<?php
/**
* Page shell for upgrade script
*
* Displays an ajax loader until upgrade is complete
*
* @uses $vars['head'] Parameters for the <head> element
* @uses $vars['body'] The main content of the page
* @uses $vars['sysmessages'] A 2d array of various message registers, passed from system_messages()
* @uses $var['forward'] A relative path to forward to after upgrade. Defaults to /admin
*/
$refresh_url = elgg_http_add_url_query_elements(elgg_get_site_url() . 'upgrade.php', array('upgrade' => 'upgrade', 'forward' => elgg_extract('forward', $vars, '/admin')));
if (elgg_get_config('security_protect_upgrade')) {
// sign the url in order to get past the protection
$refresh_url = elgg_http_get_signed_url($refresh_url);
}
$refresh_url = htmlspecialchars($refresh_url);
// render content before head so that JavaScript and CSS can be loaded. See #4032
$body = "<div style='margin-top:200px'>" . elgg_view('graphics/ajax_loader', array('hidden' => false)) . "</div>";
$head = elgg_view('page/elements/head', $vars['head']);
$head .= "<meta http-equiv='refresh' content='1;url={$refresh_url}' />";
echo elgg_view("page/elements/html", array("head" => $head, "body" => $body));