Beispiel #1
0
 public function actionSetPushToken()
 {
     $token = $this->_input->filterSingle('token', XenForo_Input::STRING);
     $visitor = XenForo_Visitor::getInstance();
     if (!$visitor->getUserId()) {
         fr_no_permission();
     }
     fr_update_push_user('', 1, $token);
     return array('success' => true);
 }
Beispiel #2
0
function do_get_new_updates()
{
    global $vbulletin;
    require_once DIR . '/includes/functions_login.php';
    $vbulletin->input->clean_array_gpc('r', array('username' => TYPE_STR, 'password' => TYPE_STR, 'md5_password' => TYPE_STR, 'fr_username' => TYPE_STR, 'fr_b' => TYPE_BOOL));
    if (!$vbulletin->GPC['username'] || !$vbulletin->GPC['password'] && !$vbulletin->GPC['md5_password']) {
        json_error(ERR_NO_PERMISSION);
    }
    $vbulletin->GPC['username'] = prepare_remote_utf8_string($vbulletin->GPC['username']);
    $vbulletin->GPC['password'] = prepare_remote_utf8_string($vbulletin->GPC['password']);
    if (!verify_authentication($vbulletin->GPC['username'], $vbulletin->GPC['password'], $vbulletin->GPC['md5_password'], $vbulletin->GPC['md5_password'], $vbulletin->GPC['cookieuser'], true)) {
        json_error(ERR_NO_PERMISSION);
    }
    // Don't save the session, we just want pm & marked thread info
    process_new_login('', false, '');
    // Since we are not saving the session, fetch our userinfo
    $vbulletin->userinfo =& fetch_userinfo($vbulletin->userinfo['userid']);
    cache_permissions($vbulletin->userinfo, true);
    $sub_notices = get_sub_thread_updates();
    fr_update_push_user($vbulletin->GPC['fr_username'], $vbulletin->GPC['fr_b']);
    return array('pm_notices' => $vbulletin->userinfo['pmunread'], 'sub_notices' => $sub_notices);
}
Beispiel #3
0
function do_login()
{
    global $fr_version, $fr_platform;
    $options = vB::get_datastore()->get_value('options');
    $cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('username' => vB_Cleaner::TYPE_STR, 'password' => vB_Cleaner::TYPE_STR, 'md5_password' => vB_Cleaner::TYPE_STR, 'fr_username' => vB_Cleaner::TYPE_STR, 'fr_b' => vB_Cleaner::TYPE_BOOL, 'token' => vB_Cleaner::TYPE_STR));
    $navbg = null;
    if (strlen($options['forumrunner_branding_navbar_bg'])) {
        $navbg = $options['forumrunner_branding_navbar_bg'];
        if (is_iphone() && strlen($navbg) == 7) {
            $r = hexdec(substr($navbg, 1, 2));
            $g = hexdec(substr($navbg, 3, 2));
            $b = hexdec(substr($navbg, 5, 2));
            $navbg = "{$r},{$g},{$b}";
        }
    }
    $out = array('v' => $fr_version, 'p' => $fr_platform);
    if ($navbg) {
        $out['navbg'] = $navbg;
    }
    if (is_iphone() && $options['forumrunner_admob_publisherid_iphone']) {
        $out['admob'] = $options['forumrunner_admob_publisherid_iphone'];
    } else {
        if (is_android() && $options['forumrunner_admob_publisherid_android']) {
            $out['admob'] = $options['forumrunner_admob_publisherid_android'];
        }
    }
    if ($options['forumrunner_google_analytics_id']) {
        $out['gan'] = $options['forumrunner_google_analytics_id'];
    }
    if ($options['forumrunner_enable_registration']) {
        $out['reg'] = true;
    }
    if (!$cleaned['username'] || !$cleaned['password'] && !$cleaned['md5_password']) {
        // This could be an attempt to see if forums require login.  Check.
        $out += array('authenticated' => false, 'requires_authentication' => requires_authentication());
    } else {
        $login = vB_Api::instance('user')->login($cleaned['username'], $cleaned['password'], '', '', 'cplogin');
        if (isset($login['errors']) and !empty($login['errors'])) {
            $login = vB_Api::instance('user')->login($cleaned['username'], $cleaned['password'], '', '', '');
            if (isset($login['errors']) and !empty($login['errors'])) {
                return json_error('Incorrect login.', RV_BAD_PASSWORD);
            }
        }
        if (!$options['bbactive'] && !vB::getUserContext()->hasAdminPermission('cancontrolpanel')) {
            vB_Api::instance('user')->processLogout();
            return json_error(strip_tags($options['bbclosedreason']), RV_BAD_PASSWORD);
        }
        if (isset($login['cpsession'])) {
            vB5_Cookie::set('cpsession', $login['cpsession'], 30);
        }
        vB5_Cookie::set('sessionhash', $login['sessionhash'], 30);
        vB5_Cookie::set('password', $login['password'], 30);
        vB5_Cookie::set('userid', $login['userid'], 30);
        if (isset($cleaned['fr_username'])) {
            fr_update_push_user($cleaned['fr_username'], $cleaned['fr_b']);
        }
        $userinfo = vB_Api::instance('user')->fetchUserInfo();
        $out += array('authenticated' => true, 'username' => $userinfo['username'], 'cookiepath' => $options['cookiepath']);
    }
    return $out;
}
Beispiel #4
0
 public function actionLogin()
 {
     global $fr_version, $fr_platform;
     $vals = $this->_input->filter(array('username' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'md5_password' => XenForo_Input::STRING, 'fr_username' => XenForo_Input::STRING, 'fr_b' => XenForo_Input::UINT, 'token' => XenForo_Input::STRING));
     $login_model = $this->_getLoginModel();
     $user_model = $this->_getUserModel();
     $options = XenForo_Application::get('options');
     $navbg = '';
     $style = $options->forumrunnerColor;
     if ($style) {
         // Convert to right style.  iPhone needs r,g,b.  Android needs #rrggbb.
         $color = convert_color($style);
         if (is_iphone() && strlen($color) == 7) {
             $r = hexdec(substr($color, 1, 2));
             $g = hexdec(substr($color, 3, 2));
             $b = hexdec(substr($color, 5, 2));
             $color = "{$r},{$g},{$b}";
         }
         $navbg = $color;
     }
     $authenticated = false;
     $requires_authentication = false;
     $out = array();
     if (!$vals['username'] || !$vals['password'] && !$vals['md5_password']) {
         if (!XenForo_Visitor::getInstance()->hasPermission('general', 'view')) {
             $requires_authentication = true;
         }
         $options = XenForo_Application::get('options');
         if (!$options->boardActive && !XenForo_Visitor::getInstance()->get('is_admin')) {
             $requires_authentication = true;
         }
     } else {
         $user_id = $user_model->validateAuthentication($vals['username'], $vals['password'], $error);
         if (!$user_id) {
             $login_model->logLoginAttempt($vals['username']);
             json_error($error->render(), RV_BAD_PASSWORD);
         }
         $login_model->clearLoginAttempts($vals['username']);
         $user_model->setUserRememberCookie($user_id);
         XenForo_Model_Ip::log($user_id, 'user', $user_id, 'login');
         XenForo_Application::get('session')->changeUserId($user_id);
         XenForo_Visitor::setup($user_id);
         $out['username'] = prepare_utf8_string(XenForo_Visitor::getInstance()->get('username'));
         $authenticated = true;
     }
     $out += array('authenticated' => $authenticated, 'v' => $fr_version, 'p' => $fr_platform, 'requires_authentication' => $requires_authentication);
     if ($navbg != '') {
         $out['navbg'] = $navbg;
     }
     if (is_iphone() && $options->forumrunnerAdsAdMobPublisherIDiPhone) {
         $out['admob'] = $options->forumrunnerAdsAdMobPublisherIDiPhone;
     } else {
         if (is_android() && $options->forumrunnerAdsAdMobPublisherIDAndroid) {
             $out['admob'] = $options->forumrunnerAdsAdMobPublisherIDAndroid;
         }
     }
     if ($options->forumrunnerGoogleAnalyticsID && $options->forumrunnerGoogleAnalyticsID != '') {
         $out['gan'] = $options->forumrunnerGoogleAnalyticsID;
     }
     if ($options->forumrunnerFacebookApplicationID && $options->forumrunnerFacebookApplicationID != '') {
         $out['fb'] = $options->forumrunnerFacebookApplicationID;
     }
     if ($options->forumrunnerRegistration) {
         $out['reg'] = true;
     }
     fr_update_push_user($vals['fr_username'], $vals['fr_b'], $vals['token']);
     return $out;
 }
Beispiel #5
0
function do_login()
{
    global $vbulletin, $fr_version, $fr_platform;
    $vbulletin->input->clean_array_gpc('r', array('username' => TYPE_STR, 'password' => TYPE_STR, 'md5_password' => TYPE_STR, 'fr_username' => TYPE_STR, 'fr_b' => TYPE_BOOL));
    $navbg = null;
    if (strlen($vbulletin->options['forumrunner_branding_navbar_bg'])) {
        $navbg = $vbulletin->options['forumrunner_branding_navbar_bg'];
        if (is_iphone() && strlen($navbg) == 7) {
            $r = hexdec(substr($navbg, 1, 2));
            $g = hexdec(substr($navbg, 3, 2));
            $b = hexdec(substr($navbg, 5, 2));
            $navbg = "{$r},{$g},{$b}";
        }
    }
    $vbulletin->GPC['username'] = prepare_remote_utf8_string($vbulletin->GPC['username']);
    $vbulletin->GPC['password'] = prepare_remote_utf8_string($vbulletin->GPC['password']);
    $out = array('v' => $fr_version, 'p' => $fr_platform);
    if ($navbg) {
        $out['navbg'] = $navbg;
    }
    if (is_iphone() && $vbulletin->options['forumrunner_admob_publisherid_iphone']) {
        $out['admob'] = $vbulletin->options['forumrunner_admob_publisherid_iphone'];
    } else {
        if (is_android() && $vbulletin->options['forumrunner_admob_publisherid_android']) {
            $out['admob'] = $vbulletin->options['forumrunner_admob_publisherid_android'];
        }
    }
    if ($vbulletin->options['forumrunner_google_analytics_id']) {
        $out['gan'] = $vbulletin->options['forumrunner_google_analytics_id'];
    }
    if ($vbulletin->options['forumrunner_facebook_application_id']) {
        $out['fb'] = $vbulletin->options['forumrunner_facebook_application_id'];
    }
    if ($vbulletin->options['forumrunner_cms_onoff']) {
        $out['cms'] = true;
        $out['cms_section'] = $vbulletin->options['forumrunner_cms_section'];
    }
    if ($vbulletin->options['forumrunner_enable_registration']) {
        $out['reg'] = true;
    }
    if ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_albums']) {
        $out['albums'] = true;
    }
    if (!$vbulletin->GPC['username'] || !$vbulletin->GPC['password'] && !$vbulletin->GPC['md5_password']) {
        // This could be an attempt to see if forums require login.  Check.
        $requires_authentication = false;
        if (!($vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview'])) {
            $requires_authentication = true;
        }
        // If the forum is closed, require login!
        if (!$vbulletin->options['bbactive']) {
            $requires_authentication = true;
        }
        $out += array('authenticated' => false, 'requires_authentication' => $requires_authentication);
    } else {
        // can the user login?
        $strikes = verify_strike_status($vbulletin->GPC['username'], true);
        // make sure our user info stays as whoever we were (for example, we might be logged in via cookies already)
        $original_userinfo = $vbulletin->userinfo;
        if (!verify_authentication($vbulletin->GPC['username'], $vbulletin->GPC['password'], $vbulletin->GPC['md5_password'], $vbulletin->GPC['md5_password'], true, true)) {
            exec_strike_user($vbulletin->GPC['username']);
            if ($vbulletin->options['usestrikesystem']) {
                if ($strikes === false) {
                    $message = 'Incorrect login.  You have used up your login allowance.  Please wait 15 minutes before trying again.';
                } else {
                    $message = 'Incorrect login (' . ($strikes + 1) . ' of 5 tries allowed)';
                }
            } else {
                $message = 'Incorrect login.';
            }
            json_error($message, RV_BAD_PASSWORD);
        }
        exec_unstrike_user($vbulletin->GPC['username']);
        // create new session
        process_new_login('', true, '');
        cache_permissions($vbulletin->userinfo, true);
        $vbulletin->session->save();
        // If the forum is closed, boot em
        if (!$vbulletin->options['bbactive'] && !($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])) {
            process_logout();
            json_error(strip_tags($vbulletin->options['bbclosedreason']), RV_BAD_PASSWORD);
        }
        fr_update_push_user($vbulletin->GPC['fr_username'], $vbulletin->GPC['fr_b']);
        $out += array('authenticated' => true, 'username' => prepare_utf8_string($vbulletin->userinfo['username']), 'cookiepath' => $vbulletin->options['cookiepath']);
    }
    return $out;
}
Beispiel #6
0
function do_set_push_token()
{
    $userinfo = vB_Api::instance('user')->fetchUserInfo();
    if ($userinfo['userid'] < 1) {
        return json_error(ERR_INVALID_LOGGEDIN);
    }
    $cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('token' => vB_Cleaner::TYPE_STR));
    fr_update_push_user('', 1, $cleaned['token']);
    return true;
}