public function actionPostPasswordTest()
{
$input = $this->_input->filter(array('password' => XenForo_Input::STRING, 'password_algo' => XenForo_Input::STRING, 'decrypt' => XenForo_Input::UINT));
if (!XenForo_Application::debugMode()) {
return $this->responseNoPermission();
}
if (empty($input['decrypt'])) {
$result = bdApi_Crypt::encrypt($input['password'], $input['password_algo']);
} else {
$result = bdApi_Crypt::decrypt($input['password'], $input['password_algo']);
}
$data = array('result' => $result);
return $this->responseData('bdApi_ViewApi_Tool_PasswordTest', $data);
}
public function actionPostToken()
{
/* @var $oauth2Model bdApi_Model_OAuth2 */
$oauth2Model = $this->getModelFromCache('bdApi_Model_OAuth2');
// decrypt password for password grant type
// we also need to recover the client secret for verification purpose
$input = $this->_input->filter(array('client_id' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'password_algo' => XenForo_Input::STRING));
if (!empty($input['client_id']) and !empty($input['password']) and !empty($input['password_algo'])) {
$client = $oauth2Model->getClientModel()->getClientById($input['client_id']);
if (!empty($client)) {
$password = bdApi_Crypt::decrypt($input['password'], $input['password_algo'], $client['client_secret']);
$_POST['password'] = $password;
$_POST['password_algo'] = '';
$_POST['client_secret'] = $client['client_secret'];
}
}
return $oauth2Model->getServer()->actionOauthToken($this);
}
public function actionPutIndex()
{
$input = $this->_input->filter(array('password' => XenForo_Input::STRING, 'password_old' => XenForo_Input::STRING, 'password_algo' => XenForo_Input::STRING, 'user_email' => XenForo_Input::STRING, 'username' => XenForo_Input::STRING, 'primary_group_id' => XenForo_Input::UINT, 'secondary_group_ids' => array(XenForo_Input::UINT, 'array' => true), 'user_dob_day' => XenForo_Input::UINT, 'user_dob_month' => XenForo_Input::UINT, 'user_dob_year' => XenForo_Input::UINT, 'user_fields' => XenForo_Input::ARRAY_SIMPLE));
$user = $this->_getUserOrError();
$visitor = XenForo_Visitor::getInstance();
$session = bdApi_Data_Helper_Core::safeGetSession();
$isAdmin = $session->checkScope(bdApi_Model_OAuth2::SCOPE_MANAGE_SYSTEM) && $visitor->hasAdminPermission('user');
$requiredAuth = 0;
if (!empty($input['password'])) {
$requiredAuth++;
}
if (!empty($input['user_email'])) {
$requiredAuth++;
}
if ($requiredAuth > 0) {
$isAuth = false;
if ($isAdmin && $visitor['user_id'] != $user['user_id']) {
$isAuth = true;
} elseif (!empty($input['password_old'])) {
$auth = $this->_getUserModel()->getUserAuthenticationObjectByUserId($user['user_id']);
if (!empty($auth)) {
$passwordOld = bdApi_Crypt::decrypt($input['password_old'], $input['password_algo']);
if ($auth->hasPassword() && $auth->authenticate($user['user_id'], $passwordOld)) {
$isAuth = true;
}
}
}
if (!$isAuth) {
return $this->responseError(new XenForo_Phrase('bdapi_slash_users_requires_password_old'), 403);
}
}
/* @var $writer XenForo_DataWriter_User */
$writer = XenForo_DataWriter::create('XenForo_DataWriter_User');
$writer->setExistingData($user, true);
if ($isAdmin) {
$writer->setOption(XenForo_DataWriter_User::OPTION_ADMIN_EDIT, true);
}
if (!empty($input['password'])) {
$password = bdApi_Crypt::decrypt($input['password'], $input['password_algo']);
$writer->setPassword($password, $password);
}
if (!empty($input['user_email'])) {
$writer->set('email', $input['user_email']);
if ($writer->isChanged('email') && XenForo_Application::getOptions()->get('registrationSetup', 'emailConfirmation') && !$isAdmin) {
switch ($writer->get('user_state')) {
case 'moderated':
case 'email_confirm':
$writer->set('user_state', 'email_confirm');
break;
default:
$writer->set('user_state', 'email_confirm_edit');
}
}
}
if (!empty($input['username'])) {
$writer->set('username', $input['username']);
if ($writer->isChanged('username') && !$isAdmin) {
return $this->responseError(new XenForo_Phrase('bdapi_slash_users_denied_username'), 403);
}
}
if ($input['primary_group_id'] > 0) {
$userGroups = $this->_getUserGroupModel()->getAllUserGroups();
if (!isset($userGroups[$input['primary_group_id']])) {
return $this->responseError(new XenForo_Phrase('requested_user_group_not_found'));
}
if (!empty($input['secondary_group_ids'])) {
foreach ($input['secondary_group_ids'] as $secondaryGroupId) {
if (!isset($userGroups[$secondaryGroupId])) {
return $this->responseError(new XenForo_Phrase('requested_user_group_not_found'));
}
}
}
$writer->set('user_group_id', $input['primary_group_id']);
$writer->setSecondaryGroups($input['secondary_group_ids']);
}
if (!empty($input['user_dob_day']) && !empty($input['user_dob_month']) && !empty($input['user_dob_year'])) {
$writer->set('dob_day', $input['user_dob_day']);
$writer->set('dob_month', $input['user_dob_month']);
$writer->set('dob_year', $input['user_dob_year']);
$hasExistingDob = false;
$hasExistingDob = $hasExistingDob || !!$writer->getExisting('dob_day');
$hasExistingDob = $hasExistingDob || !!$writer->getExisting('dob_month');
$hasExistingDob = $hasExistingDob || !!$writer->getExisting('dob_year');
if ($hasExistingDob && ($writer->isChanged('dob_day') || $writer->isChanged('dob_month') || $writer->isChanged('dob_year')) && !$isAdmin) {
// setting new dob is fine but changing dob requires admin permission
return $this->responseError(new XenForo_Phrase('bdapi_slash_users_denied_dob'), 403);
}
}
if (!empty($input['user_fields'])) {
$profileFieldsInput = new XenForo_Input($input['user_fields']);
$profileFields = $profileFieldsInput->filter(array('about' => XenForo_Input::STRING, 'homepage' => XenForo_Input::STRING, 'location' => XenForo_Input::STRING, 'occupation' => XenForo_Input::STRING));
$writer->bulkSet($profileFields);
$writer->setCustomFields($input['user_fields']);
}
$writer->preSave();
if (!$isAdmin) {
if ($writer->isChanged('user_group_id') || $writer->isChanged('secondary_group_ids')) {
// this has to be checked here because `secondary_group_ids` only get set within preSave()
return $this->responseError(new XenForo_Phrase('bdapi_slash_users_denied_user_group'), 403);
}
}
$writer->save();
$user = $writer->getMergedData();
if ($writer->isChanged('email') && in_array($user['user_state'], array('email_confirm', 'email_confirm_edit'))) {
/* @var $userConfirmationModel XenForo_Model_UserConfirmation */
$userConfirmationModel = $this->getModelFromCache('XenForo_Model_UserConfirmation');
$userConfirmationModel->sendEmailConfirmation($user);
}
return $this->responseMessage(new XenForo_Phrase('changes_saved'));
}
public function actionPutIndex()
{
$user = $this->_getUserOrError();
$visitor = XenForo_Visitor::getInstance();
$input = $this->_input->filter(array('password_old' => XenForo_Input::STRING, 'password_algo' => XenForo_Input::STRING, 'user_email' => XenForo_Input::STRING, 'username' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'user_dob_day' => XenForo_Input::UINT, 'user_dob_month' => XenForo_Input::UINT, 'user_dob_year' => XenForo_Input::UINT));
$session = bdApi_Data_Helper_Core::safeGetSession();
$isAdmin = $session->checkScope(bdApi_Model_OAuth2::SCOPE_MANAGE_SYSTEM) && $visitor->hasAdminPermission('user');
$isAuth = false;
if ($isAdmin && $visitor['user_id'] != $user['user_id']) {
$isAuth = true;
} elseif (!empty($input['password_old'])) {
$auth = $this->_getUserModel()->getUserAuthenticationObjectByUserId($user['user_id']);
if (!empty($auth)) {
$passwordOld = bdApi_Crypt::decrypt($input['password_old'], $input['password_algo']);
if ($auth->hasPassword() && $auth->authenticate($user['user_id'], $passwordOld)) {
$isAuth = true;
}
}
}
if (!$isAuth) {
return $this->responseNoPermission();
}
/* @var $writer XenForo_DataWriter_User */
$writer = XenForo_DataWriter::create('XenForo_DataWriter_User');
$writer->setExistingData($user, true);
if (!empty($input['user_email'])) {
$writer->set('email', $input['user_email']);
if ($writer->isChanged('email') && XenForo_Application::getOptions()->get('registrationSetup', 'emailConfirmation') && !$isAdmin) {
switch ($writer->get('user_state')) {
case 'moderated':
case 'email_confirm':
$writer->set('user_state', 'email_confirm');
break;
default:
$writer->set('user_state', 'email_confirm_edit');
}
}
}
if (!empty($input['username'])) {
if (!$isAdmin) {
return $this->responseNoPermission();
}
$writer->set('username', $input['username']);
}
if (!empty($input['password'])) {
$password = bdApi_Crypt::decrypt($input['password'], $input['password_algo']);
$writer->setPassword($password, $password);
}
if (!empty($input['user_dob_day']) && !empty($input['user_dob_month']) && !empty($input['user_dob_year'])) {
$hasExistingDob = false;
$hasExistingDob = $hasExistingDob || !!$writer->getExisting('dob_day');
$hasExistingDob = $hasExistingDob || !!$writer->getExisting('dob_month');
$hasExistingDob = $hasExistingDob || !!$writer->getExisting('dob_year');
if ($hasExistingDob) {
if (!$isAdmin) {
// changing dob requires admin permission
return $this->responseNoPermission();
}
} else {
// new dob just needs auth
}
$writer->set('dob_day', $input['user_dob_day']);
$writer->set('dob_month', $input['user_dob_month']);
$writer->set('dob_year', $input['user_dob_year']);
}
if (!$writer->hasChanges()) {
return $this->responseError(new XenForo_Phrase('error_occurred_or_request_stopped'), 400);
}
$writer->save();
$user = $writer->getMergedData();
if ($writer->isChanged('email') && in_array($user['user_state'], array('email_confirm', 'email_confirm_edit'))) {
/* @var $userConfirmationModel XenForo_Model_UserConfirmation */
$userConfirmationModel = $this->getModelFromCache('XenForo_Model_UserConfirmation');
$userConfirmationModel->sendEmailConfirmation($user);
}
return $this->responseMessage(new XenForo_Phrase('changes_saved'));
}
