Elgg  Version 3.0
settings.php
Go to the documentation of this file.
1 <?php
2 
3 // hardening
4 $hardening = '';
5 // protect upgrade.php
6 $protect_upgrade = (bool) elgg_get_config('security_protect_upgrade');
7 $hardening .= elgg_view_field([
8  '#type' => 'checkbox',
9  'label' => elgg_echo('admin:security:settings:protect_upgrade'),
10  '#help' => elgg_echo('admin:security:settings:protect_upgrade:help'),
11  'name' => 'security_protect_upgrade',
12  'default' => 0,
13  'value' => 1,
14  'switch' => true,
15  'checked' => $protect_upgrade,
16 ]);
17 if ($protect_upgrade) {
18  $url = elgg_http_get_signed_url('upgrade.php');
19  $url = elgg_format_element('pre', [], $url);
20 
21  $hardening .= elgg_format_element('div', [
22  'class' => 'elgg-divide-left plm',
23  ], elgg_echo('admin:security:settings:protect_upgrade:token') . $url);
24 }
25 
26 // protect /cron
27 $protect_cron = (bool) elgg_get_config('security_protect_cron');
28 $hardening .= elgg_view_field([
29  '#type' => 'checkbox',
30  'label' => elgg_echo('admin:security:settings:protect_cron'),
31  '#help' => elgg_echo('admin:security:settings:protect_cron:help'),
32  'name' => 'security_protect_cron',
33  'default' => 0,
34  'value' => 1,
35  'switch' => true,
36  'checked' => $protect_cron,
37 ]);
38 if ($protect_cron) {
39  $periods = elgg_get_config('elgg_cron_periods');
40  $rows = [];
41 
42  // header for table
43  $cells = [];
44  $cells[] = elgg_format_element('th', [], elgg_echo('admin:cron:period'));
45  $cells[] = elgg_format_element('th', [], 'URL');
46 
47  $rows[] = elgg_format_element('tr', [], implode('', $cells));
48 
49  // add inverval urls
50  foreach ($periods as $period) {
51  $cells = [];
52 
53  $cells[] = elgg_format_element('td', [], elgg_echo("interval:{$period}"));
54  $cells[] = elgg_format_element('td', [], elgg_http_get_signed_url("cron/{$period}"));
55 
56  $rows[] = elgg_format_element('tr', [], implode('', $cells));
57  }
58 
59  // cron url table
60  $table = elgg_format_element('table', [
61  'id' => 'security-cron-urls',
62  'class' => 'elgg-table mvm hidden',
63  ], implode('', $rows));
64 
65  $content = elgg_echo('admin:security:settings:protect_cron:token');
66  $content .= ' ' . elgg_view('output/url', [
67  'text' => elgg_echo('admin:security:settings:protect_cron:toggle'),
68  'href' => '#security-cron-urls',
69  'rel' => 'toggle',
70  ]);
71  $content .= $table;
72 
73  $hardening .= elgg_format_element('div', [
74  'class' => 'elgg-divide-left plm mbm',
75  ], $content);
76 }
77 
78 // disable autocomplete on password forms
79 $hardening .= elgg_view_field([
80  '#type' => 'checkbox',
81  'label' => elgg_echo('admin:security:settings:disable_password_autocomplete'),
82  '#help' => elgg_echo('admin:security:settings:disable_password_autocomplete:help'),
83  'name' => 'security_disable_password_autocomplete',
84  'default' => 0,
85  'value' => 1,
86  'switch' => true,
87  'checked' => (bool) elgg_get_config('security_disable_password_autocomplete'),
88 ]);
89 
90 // require password the changing email address
91 $hardening .= elgg_view_field([
92  '#type' => 'checkbox',
93  'label' => elgg_echo('admin:security:settings:email_require_password'),
94  '#help' => elgg_echo('admin:security:settings:email_require_password:help'),
95  'name' => 'security_email_require_password',
96  'default' => 0,
97  'value' => 1,
98  'switch' => true,
99  'checked' => (bool) elgg_get_config('security_email_require_password'),
100 ]);
101 
102 // session bound entity icons
103 $hardening .= elgg_view_field([
104  '#type' => 'checkbox',
105  'label' => elgg_echo('admin:security:settings:session_bound_entity_icons'),
106  '#help' => elgg_echo('admin:security:settings:session_bound_entity_icons:help'),
107  'name' => 'session_bound_entity_icons',
108  'default' => 0,
109  'value' => 1,
110  'switch' => true,
111  'checked' => (bool) elgg_get_config('session_bound_entity_icons'),
112 ]);
113 
114 // allow others to extend this section
115 $hardening .= elgg_view('admin/security/settings/extend/hardening');
116 
117 echo elgg_view_module('info', elgg_echo('admin:security:settings:label:hardening'), $hardening);
118 
119 // notifications
120 $notifications = '';
121 // notify admins about add/remove of another admin
122 $notifications .= elgg_view_field([
123  '#type' => 'checkbox',
124  'label' => elgg_echo('admin:security:settings:notify_admins'),
125  '#help' => elgg_echo('admin:security:settings:notify_admins:help'),
126  'name' => 'security_notify_admins',
127  'default' => 0,
128  'value' => 1,
129  'switch' => true,
130  'checked' => (bool) elgg_get_config('security_notify_admins'),
131 ]);
132 
133 // notify user about add/remove admin of his/her account
134 $notifications .= elgg_view_field([
135  '#type' => 'checkbox',
136  'label' => elgg_echo('admin:security:settings:notify_user_admin'),
137  '#help' => elgg_echo('admin:security:settings:notify_user_admin:help'),
138  'name' => 'security_notify_user_admin',
139  'default' => 0,
140  'value' => 1,
141  'switch' => true,
142  'checked' => (bool) elgg_get_config('security_notify_user_admin'),
143 ]);
144 
145 // notify user about (un)ban of his/her account
146 $notifications .= elgg_view_field([
147  '#type' => 'checkbox',
148  'label' => elgg_echo('admin:security:settings:notify_user_ban'),
149  '#help' => elgg_echo('admin:security:settings:notify_user_ban:help'),
150  'name' => 'security_notify_user_ban',
151  'default' => 0,
152  'value' => 1,
153  'switch' => true,
154  'checked' => (bool) elgg_get_config('security_notify_user_ban'),
155 ]);
156 
157 // allow others to extend this section
158 $notifications .= elgg_view('admin/security/settings/extend/notification');
159 
160 echo elgg_view_module('info', elgg_echo('admin:security:settings:label:notifications'), $notifications);
161 
162 // site secret
163 $strength = _elgg_get_site_secret_strength();
164 $current_strength = elgg_echo('site_secret:current_strength');
165 $strength_text = elgg_echo("site_secret:strength:$strength");
166 $strength_msg = elgg_echo("site_secret:strength_msg:$strength");
167 
168 $site_secret = elgg_view('output/longtext', [
169  'value' => elgg_echo('admin:security:settings:site_secret:intro'),
170 ]);
171 $message_type = ($strength != 'strong') ? 'error' : 'success';
172 $site_secret .= elgg_view_message($message_type, $strength_msg, [
173  'title' => "$current_strength: $strength_text",
174 ]);
175 
176 $site_secret_link = elgg_view('output/url', [
177  'text' => elgg_echo('admin:security:settings:site_secret:regenerate'),
178  'href' => 'action/admin/security/regenerate_site_secret',
179  'confirm' => true,
180  'class' => 'elgg-button elgg-button-action',
181 ]);
182 
183 $site_secret_link .= elgg_view('output/longtext', [
184  'value' => elgg_echo('admin:security:settings:site_secret:regenerate:help'),
185  'class' => 'elgg-subtext',
186 ]);
187 
188 $site_secret .= elgg_format_element('div', ['class' => 'mtm'], $site_secret_link);
189 
190 echo elgg_view_module('info', elgg_echo('admin:security:settings:label:site_secret'), $site_secret);
191 
192 // footer
193 $footer = elgg_view_field([
194  '#type' => 'submit',
195  'value' => elgg_echo('save'),
196 ]);
197 
198 elgg_set_form_footer($footer);
$protect_upgrade
$protect_upgrade
Definition: settings.php:6
elgg_view_field
elgg_view_field(array $params=[])
Renders a form field, usually with a wrapper element, a label, help text, etc.
Definition: views.php:1395
$message_type
$message_type
Definition: settings.php:171
$rows
$rows
Definition: redis.php:20
_elgg_get_site_secret_strength
_elgg_get_site_secret_strength()
Get the strength of the site secret.
Definition: actions.php:105
$strength
$strength
Definition: settings.php:163
$strength_msg
$strength_msg
Definition: settings.php:166
elgg_echo
elgg_echo($message_key, array $args=[], $language="")
Given a message key, returns an appropriately translated full-text string.
Definition: languages.php:21
elgg_set_form_footer
elgg_set_form_footer($footer= '')
Sets form footer and defers its rendering until the form view and extensions have been rendered...
Definition: views.php:1331
$notifications
$notifications
Definition: settings.php:120
$url
$url
Definition: settings.php:7
elgg_view_message
elgg_view_message($type, $body, array $vars=[])
Wrapper function for the message display pattern.
Definition: views.php:1219
$current_strength
$current_strength
Definition: settings.php:164
elgg_format_element
elgg_format_element($tag_name, array $attributes=[], $text= '', array $options=[])
Format an HTML element.
Definition: output.php:168
elgg_view_module
elgg_view_module($type, $title, $body, array $vars=[])
Wrapper function for the module display pattern.
Definition: views.php:1198
echo
elgg echo
Translates a string.
Definition: languages.js:43
$site_secret_link
$site_secret_link
Definition: settings.php:176
$hardening
$hardening
Definition: settings.php:4
$periods
$periods
Cron statistics.
Definition: cron.php:6
$content
$content
Set robots.txt action.
Definition: set_robots.php:6
$site_secret
$site_secret
Definition: settings.php:168
$table
$table
Definition: cron.php:57
$protect_cron
if($protect_upgrade) $protect_cron
Definition: settings.php:27
elgg_http_get_signed_url
elgg_http_get_signed_url($url, $expires=false)
Signs provided URL with a SHA256 HMAC key.
Definition: elgglib.php:1084
elgg_view
elgg_view($view, $vars=[], $viewtype= '')
Return a parsed view.
Definition: views.php:246
$footer
$footer
Definition: settings.php:193
elgg_get_config
elgg_get_config($name, $default=null)
Get an Elgg configuration value.
Definition: configuration.php:105
$strength_text
$strength_text
Definition: settings.php:165
Generated on Wed Dec 2 2020 00:00:16 for Elgg by   doxygen 1.8.11