Move HTML error (#3553)

web/inc/main.php

@@ -245,12 +245,6 @@ function show_alert_message($data) {
 	}
 }
 
-function show_error_message($error) {
-	if (isset($error)) {
-		echo $error;
-	}
-}
-
 function top_panel($user, $TAB) {
 	$command = HESTIA_CMD . "v-list-user " . $user . " 'json'";
 	exec($command, $output, $return_var);

web/login/index.php

@@ -135,11 +135,11 @@ function authenticate_user($user, $password, $twofa = "") {
 		if ($return_var > 0) {
 			sleep(2);
 			if ($return_var == 5) {
-				$error = '<p class="error">' . _("Account has been suspended") . "</p>";
+				$error = _("Account has been suspended");
 			} elseif ($return_var == 1) {
-				$error = '<p class="error">' . _("Unsupported hash method") . "</p>";
+				$error = _("Unsupported hash method");
 			} else {
-				$error = '<p class="error">' . _("Invalid username or password") . "</p>";
+				$error = _("Invalid username or password");
 			}
 			return $error;
 		} else {
@@ -196,7 +196,7 @@ function authenticate_user($user, $password, $twofa = "") {
 			// Check API answer
 			if ($return_var > 0) {
 				sleep(2);
-				$error = '<p class="error">' . _("Invalid username or password") . "</p>";
+				$error = _("Invalid username or password");
 				$v_session_id = quoteshellarg($_POST["token"]);
 				exec(
 					HESTIA_CMD .
@@ -219,7 +219,7 @@ function authenticate_user($user, $password, $twofa = "") {
 				unset($output);
 				if ($data[$user]["LOGIN_DISABLED"] === "yes") {
 					sleep(2);
-					$error = '<p class="error">' . _("Invalid username or password") . "</p>";
+					$error = _("Invalid username or password");
 					$v_session_id = quoteshellarg($_POST["token"]);
 					exec(
 						HESTIA_CMD .
@@ -243,7 +243,7 @@ function authenticate_user($user, $password, $twofa = "") {
 					$v_login_user_allowed_ips = array_map("trim", $v_login_user_allowed_ips);
 					if (!in_array($ip, $v_login_user_allowed_ips, true)) {
 						sleep(2);
-						$error = '<p class="error">' . _("Invalid username or password") . "</p>";
+						$error = _("Invalid username or password");
 						$v_session_id = quoteshellarg($_POST["token"]);
 						exec(
 							HESTIA_CMD .
@@ -269,7 +269,7 @@ function authenticate_user($user, $password, $twofa = "") {
 						$output,
 						$return_var,
 					);
-					$error = "<p class=\"error\">" . _("Invalid or missing 2FA token") . "</p>";
+					$error = "<p class=\"error\">" . _("Invalid or missing 2FA token");
 					if (empty($twofa)) {
 						$_SESSION["login"]["username"] = $user;
 						$_SESSION["login"]["password"] = $password;
@@ -284,8 +284,7 @@ function authenticate_user($user, $password, $twofa = "") {
 						unset($output);
 						if ($return_var > 0) {
 							sleep(2);
-							$error =
-								'<p class="error">' . _("Invalid or missing 2FA token") . "</p>";
+							$error = _("Invalid or missing 2FA token");
 							$_SESSION["login"]["username"] = $user;
 							$_SESSION["login"]["password"] = $password;
 							$v_session_id = quoteshellarg($_POST["token"]);

web/reset/index.php

@@ -132,42 +132,27 @@ if (!empty($_POST["user"]) && empty($_POST["code"])) {
 
 					send_email($to, $subject, $mailtext, $from, $from_name, $data[$user]["NAME"]);
 					putenv("LANGUAGE=" . detect_user_language());
-					$error =
-						"<p class=\"error\">" .
-						_(
-							"Password reset instructions have been sent to the email address associated with this account.",
-						) .
-						"</p>";
-				}
-				$ERROR =
-					"<p class=\"error\">" .
-					_(
+					$error = _(
 						"Password reset instructions have been sent to the email address associated with this account.",
-					) .
-					"</p>";
+					);
+				}
+				$error = _(
+					"Password reset instructions have been sent to the email address associated with this account.",
+				);
 			} else {
 				# Prevent user enumeration and let hackers guess username and working email
-				$error =
-					"<p class=\"error\">" .
-					_(
-						"Password reset instructions have been sent to the email address associated with this account.",
-					) .
-					"</p>";
+				$error = _(
+					"Password reset instructions have been sent to the email address associated with this account.",
+				);
 			}
 		} else {
-			$error =
-				"<p class=\"error\">" .
-				_("Please wait 15 minutes before sending a new request.") .
-				"</p>";
+			$error = _("Please wait 15 minutes before sending a new request.");
 		}
 	} else {
 		# Prevent user enumeration and let hackers guess username and working email
-		$error =
-			"<p class=\"error\">" .
-			_(
-				"Password reset instructions have been sent to the email address associated with this account.",
-			) .
-			"</p>";
+		$error = _(
+			"Password reset instructions have been sent to the email address associated with this account.",
+		);
 	}
 	unset($output);
 }
@@ -198,7 +183,7 @@ if (!empty($_POST["user"]) && !empty($_POST["code"]) && !empty($_POST["password"
 					unlink($v_password);
 					if ($return_var > 0) {
 						sleep(5);
-						$ERROR = "<p class=\"error\">" . _("An internal error occurred") . "</p>";
+						$error = _("An internal error occurred");
 					} else {
 						$_SESSION["user"] = $_POST["user"];
 						header("Location: /");
@@ -206,7 +191,7 @@ if (!empty($_POST["user"]) && !empty($_POST["code"]) && !empty($_POST["password"
 					}
 				} else {
 					sleep(5);
-					$ERROR = "<p class=\"error\">" . _("Code has been expired") . "</p>";
+					$error = _("Code has been expired");
 					exec(
 						HESTIA_CMD .
 							"v-log-user-login " .
@@ -224,7 +209,7 @@ if (!empty($_POST["user"]) && !empty($_POST["code"]) && !empty($_POST["password"
 				}
 			} else {
 				sleep(5);
-				$ERROR = "<p class=\"error\">" . _("Invalid username or code") . "</p>";
+				$error = _("Invalid username or code");
 				exec(
 					HESTIA_CMD .
 						"v-log-user-login " .
@@ -242,10 +227,10 @@ if (!empty($_POST["user"]) && !empty($_POST["code"]) && !empty($_POST["password"
 			}
 		} else {
 			sleep(5);
-			$error = "<p class=\"error\">" . _("Invalid username or code") . "</p>";
+			$error = _("Invalid username or code");
 		}
 	} else {
-		$error = "<p class=\"error\">" . _("Passwords not match") . "</p>";
+		$error = _("Passwords do not match");
 	}
 }
 

web/templates/pages/login/login.php

@@ -7,7 +7,11 @@
 		<h1 class="login-title">
 			<?= sprintf(_("Welcome to %s"),htmlentities($_SESSION['APP_NAME'])) ?>
 		</h1>
-		<?php if(!empty($error)){ show_error_message($error); } ?>
+		<?php if(!empty($error)){
+		?>
+			<p class="error"><?=$error;?></p>
+		<?php
+		 } ?>
 		<div class="u-mb20">
 			<label for="user" class="form-label"><?= _("Username") ?></label>
 			<input type="text" class="form-control" name="user" id="user" required autofocus>

web/templates/pages/login/login_2.php

@@ -7,7 +7,11 @@
 		<h1 class="login-title">
 			<?= _("Two-factor Authentication") ?>
 		</h1>
-		<?php if(!empty($error){ show_error_message($error); } ?>
+		<?php if(!empty($error)){
+		?>
+			<p class="error"><?=$error;?></p>
+		<?php
+		 } ?>
 		<div class="u-mb20">
 			<label for="twofa" class="form-label u-side-by-side">
 				<?= _("2FA Token") ?>

web/templates/pages/login/login_a.php

@@ -7,7 +7,11 @@
 		<h1 class="login-title">
 			<?= sprintf(_("Welcome to %s"),htmlentities($_SESSION['APP_NAME'])) ?>
 		</h1>
-		<?php if(!empty($error)){ show_error_message($error); } ?>
+		<?php if(!empty($error)){
+		?>
+			<p class="error"><?=$error;?></p>
+		<?php
+		 } ?>
 		<div class="u-mb10">
 			<label for="user" class="form-label"><?= _("Username") ?></label>
 			<input type="text" class="form-control" name="user" id="user" required autofocus>

web/templates/pages/login/reset2fa.php

@@ -20,7 +20,11 @@
 			<h1 class="login-title">
 				<?= _("Unlock Account") ?>
 			</h1>
-			<?php if(!empty($error){ show_error_message($error);} ?>
+			<?php if(!empty($error)){
+			?>
+				<p class="error"><?=$error;?></p>
+			<?php
+			 } ?>
 			<div class="u-mb10">
 				<label for="user" class="form-label"><?= _("Username") ?></label>
 				<input type="text" class="form-control" name="user" id="user" required>

web/templates/pages/login/reset_1.php

@@ -7,7 +7,11 @@
 		<h1 class="login-title">
 			<?= _("Forgot Password") ?>
 		</h1>
-		<?php if(!empty($error)){ show_error_message($error); } ?>
+		<?php if(!empty($error)){
+		?>
+			<p class="error"><?=$error;?></p>
+		<?php
+		 } ?>
 		<div class="u-mb10">
 			<label for="user" class="form-label"><?= _("Username") ?></label>
 			<input type="text" class="form-control" name="user" id="user" required>

web/templates/pages/login/reset_3.php

@@ -6,7 +6,11 @@
 		<h1 class="login-title">
 			<?= _("Forgot Password") ?>
 		</h1>
-		<?php if(!empty($error){ show_error_message($error); } ?>
+		<?php if(!empty($error)){
+		?>
+			<p class="error"><?=$error;?></p>
+		<?php
+		 } ?>
 		<div class="u-mb10">
 			<input type="hidden" name="action" value="confirm">
 			<input type="hidden" name="token" value="<?= htmlentities($_SESSION["token"]) ?>">