function helper_ensure_confirmed($p_message, $p_button_label) { if (true == gpc_get_bool('_confirmed')) { return true; } html_page_top1(); html_page_top2(); # @@@ we need to improve this formatting. I'd like the text to only # be about 50% the width of the screen so that it doesn't become to hard # to read. print "<br />\n<div align=\"center\">\n"; print_hr(); print "\n{$p_message}\n"; print '<form method="post" action="' . $_SERVER['PHP_SELF'] . "\">\n"; print_hidden_inputs(gpc_strip_slashes($_POST)); print_hidden_inputs(gpc_strip_slashes($_GET)); print "<input type=\"hidden\" name=\"_confirmed\" value=\"1\" />\n"; print '<br /><br /><input type="submit" class="button" value="' . $p_button_label . '" />'; print "\n</form>\n"; print_hr(); print "</div>\n"; html_page_bottom1(); exit; }
/** * Check whether the user has confirmed this action. * * If the user has not confirmed the action, generate a page which asks * the user to confirm and then submits a form back to the current page * with all the GET and POST data and an additional field called _confirmed * to indicate that confirmation has been done. * @param string $p_message * @param string $p_button_label * @return bool * @todo improve this formatting - to only be about 50% of the screen width so that it doesn't become hard to read. */ function helper_ensure_confirmed($p_message, $p_button_label) { if (true == gpc_get_bool('_confirmed')) { return true; } html_page_top(); echo "<br />\n<div class=\"center\">\n<hr />"; echo "\n{$p_message}\n"; echo '<form method="post" action="">' . "\n"; # CSRF protection not required here - user needs to confirm action # before the form is accepted. print_hidden_inputs(gpc_strip_slashes($_POST)); print_hidden_inputs(gpc_strip_slashes($_GET)); echo "<input type=\"hidden\" name=\"_confirmed\" value=\"1\" />\n"; echo '<br /><br /><input type="submit" class="button" value="' . $p_button_label . '" />'; echo "\n</form>\n"; echo "<hr /></div>\n"; html_page_bottom(); exit; }
/** * Generate the intermediate authentication page. * @param integer $p_user_id User ID. * @param string $p_username Username. * @return boolean * @access public */ function auth_reauthenticate_page($p_user_id, $p_username) { $t_error = false; if (true == gpc_get_bool('_authenticate')) { $f_password = gpc_get_string('password', ''); if (auth_attempt_login($p_username, $f_password)) { auth_set_tokens($p_user_id); return true; } else { $t_error = true; } } html_page_top(); ?> <div class="important-msg"> <?php echo lang_get('reauthenticate_message'); if ($t_error != false) { echo '<br /><span class="error-msg">', lang_get('login_error'), '</span>'; } ?> </div> <div id="reauth-div" class="form-container"> <form id="reauth-form" method="post" action=""> <fieldset> <legend><span><?php echo lang_get('reauthenticate_title'); ?> </span></legend> <?php # CSRF protection not required here - user needs to enter password # (confirmation step) before the form is accepted. print_hidden_inputs($_POST); print_hidden_inputs($_GET); ?> <input type="hidden" name="_authenticate" value="1" /> <div class="field-container"> <label for="username"><span><?php echo lang_get('username'); ?> </span></label> <span class="input"><input id="username" type="text" disabled="disabled" size="32" maxlength="<?php echo DB_FIELD_SIZE_USERNAME; ?> " value="<?php echo string_attribute($p_username); ?> " /></span> <span class="label-style"></span> </div> <div class="field-container"> <label for="password"><span><?php echo lang_get('password'); ?> </span></label> <span class="input"><input id="password" type="password" name="password" size="32" maxlength="<?php echo auth_get_password_max_size(); ?> " class="autofocus" /></span> <span class="label-style"></span> </div> <span class="submit-button"><input type="submit" class="button" value="<?php echo lang_get('login_button'); ?> " /></span> </fieldset> </form> </div> <?php html_page_bottom(); exit; }
/** * Generate the intermediate authentication page. * @param integer User ID * @param string Username * @return bool * @access public */ function auth_reauthenticate_page($p_user_id, $p_username) { $t_error = false; if (true == gpc_get_bool('_authenticate')) { $f_password = gpc_get_string('password', ''); if (auth_attempt_login($p_username, $f_password)) { auth_set_tokens($p_user_id); return true; } else { $t_error = true; } } html_page_top(); ?> <div align="center"> <p> <?php echo lang_get('reauthenticate_message'); if ($t_error != false) { echo '<br/><font color="red">', lang_get('login_error'), '</font>'; } ?> </p> <form name="reauth_form" method="post" action="<?php echo form_action_self(); ?> "> <?php # CSRF protection not required here - user needs to enter password # (confirmation step) before the form is accepted. print_hidden_inputs(gpc_strip_slashes($_POST)); print_hidden_inputs(gpc_strip_slashes($_GET)); ?> <input type="hidden" name="_authenticate" value="1" /> <table class="width50 center"> <tr> <td class="form-title" colspan="2"><?php echo lang_get('reauthenticate_title'); ?> </td> </tr> <tr class="row-1"> <th class="category"><?php echo lang_get('username'); ?> </th> <td><input type="text" disabled="disabled" size="32" maxlength="<?php echo USERLEN; ?> " value="<?php echo string_attribute($p_username); ?> " /></td> </tr> <tr class="row-2"> <th class="category"><?php echo lang_get('password'); ?> </th> <td><input type="password" name="password" size="16" maxlength="<?php echo PASSLEN; ?> " class="autofocus" /></td> </tr> <tr> <td class="center" colspan="2"><input type="submit" class="button" value="<?php echo lang_get('login_button'); ?> " /></td> </tr> </table> </form> </div> <?php html_page_bottom(); exit; }
/** * Generate the intermediate authentication page. * @param integer User ID * @param string Username */ function auth_reauthenticate_page($p_user_id, $p_username) { $t_error = false; if (true == gpc_get_bool('_authenticate')) { $f_password = gpc_get_string('password', ''); if (auth_attempt_login($p_username, $f_password)) { auth_set_tokens($p_user_id); return true; } else { $t_error = true; } } html_page_top1(); html_page_top2(); ?> <div align="center"> <p> <?php echo lang_get('reauthenticate_message'); if ($t_error != false) { echo '<br/><font color="red">', lang_get('login_error'), '</font>'; } ?> </p> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?> "> <?php print_hidden_inputs(gpc_strip_slashes($_POST)); print_hidden_inputs(gpc_strip_slashes($_GET)); ?> <input type="hidden" name="_authenticate" value="1" /> <table class="width50 center"> <tr> <td class="form-title"><?php echo lang_get('reauthenticate_title'); ?> </td> </tr> <tr class="row-1"> <td class="category"><?php echo lang_get('username'); ?> </td> <td><input type="text" disabled="disabled" size="32" maxlength="32" value="<?php echo $p_username; ?> " /></td> </tr> <tr class="row-2"> <td class="category"><?php echo lang_get('password'); ?> </td> <td><input type="password" name="password" size="16" maxlength="32" /></td> </tr> <tr> <td class="center" colspan="2"><input type="submit" class="button" value="<?php echo lang_get('login_button'); ?> " /></td> </tr> </table> </form> </div> <?php html_page_bottom1(); exit; }