HomeAdmin ManualHelpSpot 5 Installation and UpgradeHelpSpot 5 Portal Changes

1.12. HelpSpot 5 Portal Changes

Form CSRF Fields

A number of portal templates need a csrf token added after the form tag  <?php echo csrf_field(); ?> for added security. These updates will need to be made to any portal files that have been customized. The addition needed in each file is highlighted and the surrounding code is provided for context.

kb.page.tpl.php

<form action="index.php?pg=vote.helpful" name="votehelpful" method="POST">
<input type="hidden" name="xPage" value="<?php echo $this->page['xPage'] ?>">
<?php echo csrf_field(); ?>
</form>
<form action="index.php?pg=vote.nothelpful" name="votenothelpful" method="POST">
<input type="hidden" name="xPage" value="<?php echo $this->page['xPage'] ?>">
<?php echo csrf_field(); ?>
</form>

login.forgot.tpl.php

<form action="<?php echo route('portal.password.email') ?>" method="post">
    <?php echo csrf_field(); ?>
    <?php if( session('status') ): ?>

login.reset.tpl.php

<form action="<?php echo cHOST.'/index.php?pg=login.reset' ?>" method="post">
    <?php echo csrf_field(); ?>
    <?php if( session('status') ): ?>

loginbar.tpl.php

<form onsubmit="return false;">
    <?php echo csrf_field(); ?>
    <table id="change_password_box" style="display:none;border:1px solid #ccc;padding:10px;margin-bottom:10px;">

request.check.tpl.php

<?php if (!empty($this->get_id)) : ?>
    <form action="index.php?pg=request.check" method="post" enctype="multipart/form-data">
        <?php echo csrf_field(); ?>
        <input type="hidden" name="accesskey" value="<?php echo $this->get_id ?>" />
...

<form action="index.php?pg=login" method="post">
      <?php echo csrf_field(); ?>
      <p><b><?php echo lg_portal_req_login ?>:</b></p>

request.tpl.php

<form action="index.php?pg=request" method="post" enctype="multipart/form-data">
    <?php echo csrf_field(); ?>

    <?php /* Any field names listed in the 'required' hidden field will be checked by HelpSpot to make sure they're not empty */ ?>
    <input type="hidden" name="required" value="sEmail,fullname" />

Request Check Page

The request check page has a new login / password reset flow. If you have customized this page you will need to make these additional edits.

request.check.tpl.php

Find this area:

    <form action="index.php?pg=login" method="post">
        <p><b><?php echo lg_portal_req_login ?>:</b></p>
        
        <p><label for="login_email" class="datalabel"><?php echo ($this->hd_requestCheckAuthType == "internal" ? lg_portal_req_loginemail : lg_portal_req_loginusername) ?></label><br />
            <?php echo $this->helper->showError('login_email','<br />') ?>
            <input type="text" name="login_email" id="login_email" size="40" maxlength="100" tabindex="102" value="<?php echo $this->get_login_email ?>" autocomplete="off" /><br />
            <?php if($this->hd_requestCheckAuthType == "internal"): ?>
            <?php //only show this password retrieval link if we're using internal authentication on the portal ?>
                <span id="retrievePortalPasswordLink">(<a href="#" onclick="RetrievePortalLoginPassword();return false;"><?php echo lg_portal_req_emailpassword ?></a>)</span>
            <?php endif; ?>
        </p>        

        <p><label for="login_password" class="datalabel"><?php echo lg_portal_req_loginpassword ?></label><br />
            <input type="password" name="login_password" id="login_password" size="40" maxlength="100" tabindex="103" value="" autocomplete="off" />
        </p>
        
        <p>
            <input type="submit" name="submit" value="<?php echo lg_portal_req_loginbutton ?>" tabindex="104" />
        </p>
    </form>

Replace it with this

    <form action="index.php?pg=login" method="post">
        <?php echo csrf_field(); ?>
        <p><b><?php echo lg('lg_portal_req_login') ?>:</b></p>

        <p><label for="login_email" class="datalabel"><?php echo $this->hd_requestCheckAuthType == 'internal' ? lg('lg_portal_req_loginemail') : lg('lg_portal_req_loginusername') ?></label><br />
            <?php echo $this->helper->showError('login_email', '<br />') ?>
            <input type="text" name="login_email" id="login_email" size="40" maxlength="100" value="<?php echo $this->get_login_email ?>" autocomplete="off" /><br />
        </p>

        <p><label for="login_password" class="datalabel"><?php echo lg('lg_portal_req_loginpassword') ?></label><br />
            <input type="password" name="login_password" id="login_password" size="40" maxlength="100" value="" autocomplete="off" />
        </p>

        <p>
            <input type="submit" name="submit" value="<?php echo lg('lg_portal_req_loginbutton') ?>" />
            <?php if ($this->hd_requestCheckAuthType == 'internal') : ?>
                <span style="padding: 14px 0px; display: inline-block;"><a href="index.php?pg=login.forgot"><?php echo lg('lg_portal_req_emailpassword') ?>?</a></span>
            <?php endif; ?>
        </p>
    </form>
    <div style="text-align: center;">
        <hr width="80%">
        <div style="margin: 0 auto; padding: 10px;">
            <?php if ($this->hd_requestCheckAuthType == 'internal') : ?>
                <?php //only show this password retrieval link if we're using internal authentication on the portal
                        ?>
                <a href="index.php?pg=login.create"><?php echo lg('lg_portal_req_logincreate') ?></a>
            <?php endif; ?>
        </div>
    </div>

CSS Changes

Changes to the attachments and added the following to all portal template css files:

.file-extension {
    display: inline-block;
    margin: 5px 0;
}
.file-name {
    display: inline-block;
    padding: 0 10px;
    margin-bottom: 5px;
}

JS Changes

If you have made JS customizations to js.tpl.php you will need to change this line:

document.write('<script type="text/javascript" src="<?php echo $this->cf_primaryurl.elixir('js/helpspot.portal.js') ?>"></script>');

to this:

document.write('<script type="text/javascript" src="<?php echo $this->cf_primaryurl.mix('static/js/helpspot.portal.js') ?>"></script>');

This page was: Helpful | Not Helpful