/**
	 * Validates the access-token and performs the login.
	 */
	protected function checkAccessToken() {
		if (isset($_REQUEST['at'])) {
			list($userID, $token) = explode('-', StringUtil::trim($_REQUEST['at']));
			
			if (WCF::getUser()->userID) {
				if ($userID == WCF::getUser()->userID && PasswordUtil::secureCompare(WCF::getUser()->accessToken, $token)) {
					// everything is fine, but we are already logged in
					return;
				}
				else {
					// token is invalid
					throw new IllegalLinkException();
				}
			}
			else {
				$user = new User($userID);
				if (PasswordUtil::secureCompare($user->accessToken, $token)) {
					// token is valid -> change user
					SessionHandler::getInstance()->changeUser($user, true);
				}
				else {
					// token is invalid
					throw new IllegalLinkException();
				}
			}
		}
	}
Beispiel #2
0
	/**
	 * Updates session's last activity time to prevent it from expiring.
	 */
	public function keepAlive() {
		// ignore sessions created by this request
		if (WCF::getSession()->lastActivityTime == TIME_NOW) {
			return;
		}
		
		SessionHandler::getInstance()->keepAlive();
	}
 /**
  * Updates session's last activity time to prevent it from expiring. In addition this method
  * will return updated counters for notifications and 3rd party components.
  * 
  * @return	array<mixed>
  */
 public function keepAlive()
 {
     // ignore sessions created by this request
     if (WCF::getSession()->lastActivityTime == TIME_NOW) {
         return;
     }
     // update last activity time
     SessionHandler::getInstance()->keepAlive();
     // update notification counts
     $this->keepAliveData = array('userNotificationCount' => UserNotificationHandler::getInstance()->getNotificationCount(true));
     // notify 3rd party components
     EventHandler::getInstance()->fireAction($this, 'keepAlive');
     return $this->keepAliveData;
 }
 /**
  * @see	wcf\system\worker\IWorker::execute()
  */
 public function execute()
 {
     // load fakers autoloader
     require_once WCF_DIR . 'lib/system/api/faker/src/autoload.php';
     $className = $this->parameters['faker'];
     $faker = new $className(\Faker\Factory::create($this->parameters['fakerLocale']), $this->parameters);
     $user = WCF::getUser();
     WCF::getDB()->beginTransaction();
     for ($i = $this->limit * $this->loopCount, $j = 0; $i < $this->count && $j < $this->limit; $i++, $j++) {
         $faker->fake();
     }
     WCF::getDB()->commitTransaction();
     \wcf\system\session\SessionHandler::getInstance()->changeUser($user, true);
 }
 /**
  * @see	\wcf\system\faker\IFaker::fake()
  */
 public function fake()
 {
     $sql = "SELECT\t\tuserID\n\t\t\tFROM\t\twcf" . WCF_N . "_user\n\t\t\tORDER BY\tuserID ASC";
     $statement = WCF::getDB()->prepareStatement($sql, 1, $this->generator->numberBetween(0, $this->userCount - 1));
     $statement->execute();
     $target = $statement->fetchObject('\\wcf\\data\\user\\User');
     $sql = "SELECT\t\tuserID\n\t\t\tFROM\t\twcf" . WCF_N . "_user\n\t\t\tWHERE\t\tuserID <> ?\n\t\t\tORDER BY\tuserID ASC";
     $statement = WCF::getDB()->prepareStatement($sql, 1, $this->userCount - 2 ? $this->generator->numberBetween(0, $this->userCount - 2) : 0);
     $statement->execute(array($target->userID));
     $issuer = $statement->fetchObject('\\wcf\\data\\user\\User');
     \wcf\system\session\SessionHandler::getInstance()->changeUser($issuer, true);
     $objectAction = new \wcf\data\user\ignore\UserIgnoreAction(array(), 'ignore', array('data' => array('ignoreUserID' => $target->userID)));
     $objectAction->executeAction();
 }
 /**
  * @see	\wcf\system\session\ACPSessionFactory::init()
  */
 protected function init()
 {
     $usesCookies = true;
     if (isset($_COOKIE[COOKIE_PREFIX . 'cookieHash'])) {
         if ($_COOKIE[COOKIE_PREFIX . 'cookieHash'] != SessionHandler::getInstance()->sessionID) {
             $usesCookies = false;
         }
     } else {
         $usesCookies = false;
     }
     if (!$usesCookies) {
         // cookie support will be enabled upon next request
         HeaderUtil::setCookie('cookieHash', SessionHandler::getInstance()->sessionID);
     } else {
         // enable cookie support
         SessionHandler::getInstance()->enableCookies();
     }
     parent::init();
 }
 /**
  * @see	wcf\system\SingletonFactory::init()
  */
 protected final function init()
 {
     $this->sessionHandler = SessionHandler::getInstance();
     // initialize session
     $this->initSession();
 }
Beispiel #8
0
 /**
  * do need action for done login
  * 
  * @param wcf\data\user\User $oUser
  */
 public function doneLogin($oUser)
 {
     if (!$oUser || !$oUser->userID) {
         return false;
     }
     WCF::getSession()->changeUser($oUser);
     HeaderUtil::setCookie('cookieHash', SessionHandler::getInstance()->sessionID);
     MbqMain::$oMbqAppEnv->oCurrentUser = $oUser;
     $this->initOCurMbqEtUser($oUser->userID);
     return true;
 }
Beispiel #9
0
/**
 * @author	Marcel Werk
 * @copyright	2001-2011 WoltLab GmbH
 * @license	GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
 * @package	com.woltlab.wcf
 * @category	Community Framework
 */
// change the priority of the PIP's to "1"
$sql = "UPDATE	wcf".WCF_N."_package_installation_plugin
	SET	priority = ?";
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute(array(1));

// reset sessions
SessionHandler::resetSessions();

// update acp templates
$sql = "UPDATE	wcf".WCF_N."_acp_template
	SET	packageID = ?";
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute(array(1));

// update language
$sql = "UPDATE	wcf".WCF_N."_language_item
	SET	packageID = ?";
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute(array(1));

// update installation logs
$sql = "UPDATE	wcf".WCF_N."_package_installation_file_log
Beispiel #10
0
 /**
  * Starts the session system.
  */
 protected function initSession()
 {
     $factory = new SessionFactory();
     $factory->load();
     self::$sessionObj = SessionHandler::getInstance();
 }
Beispiel #11
0
	/**
	 * Initializes the session system.
	 */
	protected function init() {
		SessionHandler::getInstance()->initSession();
	}
Beispiel #12
0
	/**
	 * @see	wcf\data\IEditableCachedObject::resetCache()
	 */
	public static function resetCache() {
		// clear cache
		UserGroupCacheBuilder::getInstance()->reset();
		UserGroupPermissionCacheBuilder::getInstance()->reset();
		
		// clear sessions
		SessionHandler::resetSessions();
	}
Beispiel #13
0
 /**
  * @see	\wcf\data\IEditableCachedObject::resetCache()
  */
 public static function resetCache()
 {
     SessionHandler::resetSessions();
 }
Beispiel #14
0
 /**
  * @see	\wcf\form\IForm::save()
  */
 public function save()
 {
     foreach ($this->userIDs as $userID) {
         if ($userID != $this->destinationUserID) {
             $this->mergedUserIDs[] = $userID;
         }
     }
     parent::save();
     // poll_option_vote
     $conditions = new PreparedStatementConditionBuilder();
     $conditions->add("userID IN (?)", array($this->mergedUserIDs));
     $sql = "UPDATE IGNORE\twcf" . WCF_N . "_poll_option_vote\n\t\t\tSET\t\tuserID = ?\n\t\t\t" . $conditions;
     $statement = WCF::getDB()->prepareStatement($sql);
     $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters()));
     // comment
     $conditions = new PreparedStatementConditionBuilder();
     $conditions->add("userID IN (?)", array($this->mergedUserIDs));
     $sql = "UPDATE\twcf" . WCF_N . "_comment\n\t\t\tSET\tuserID = ?\n\t\t\t" . $conditions;
     $statement = WCF::getDB()->prepareStatement($sql);
     $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters()));
     // comment_response
     $conditions = new PreparedStatementConditionBuilder();
     $conditions->add("userID IN (?)", array($this->mergedUserIDs));
     $sql = "UPDATE\twcf" . WCF_N . "_comment_response\n\t\t\tSET\tuserID = ?\n\t\t\t" . $conditions;
     $statement = WCF::getDB()->prepareStatement($sql);
     $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters()));
     // profile comments
     $objectType = ObjectTypeCache::getInstance()->getObjectTypeByName('com.woltlab.wcf.comment.commentableContent', 'com.woltlab.wcf.user.profileComment');
     $conditions = new PreparedStatementConditionBuilder();
     $conditions->add("objectTypeID = ?", array($objectType->objectTypeID));
     $conditions->add("objectID IN (?)", array($this->mergedUserIDs));
     $sql = "UPDATE\twcf" . WCF_N . "_comment\n\t\t\tSET\tobjectID = ?\n\t\t\t" . $conditions;
     $statement = WCF::getDB()->prepareStatement($sql);
     $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters()));
     // like (userID)
     $conditions = new PreparedStatementConditionBuilder();
     $conditions->add("userID IN (?)", array($this->mergedUserIDs));
     $sql = "UPDATE IGNORE\twcf" . WCF_N . "_like\n\t\t\tSET\t\tuserID = ?\n\t\t\t" . $conditions;
     $statement = WCF::getDB()->prepareStatement($sql);
     $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters()));
     // like (objectUserID)
     $conditions = new PreparedStatementConditionBuilder();
     $conditions->add("objectUserID IN (?)", array($this->mergedUserIDs));
     $sql = "UPDATE\twcf" . WCF_N . "_like\n\t\t\tSET\tobjectUserID = ?\n\t\t\t" . $conditions;
     $statement = WCF::getDB()->prepareStatement($sql);
     $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters()));
     // like_object
     $conditions = new PreparedStatementConditionBuilder();
     $conditions->add("objectUserID IN (?)", array($this->mergedUserIDs));
     $sql = "UPDATE\twcf" . WCF_N . "_like_object\n\t\t\tSET\tobjectUserID = ?\n\t\t\t" . $conditions;
     $statement = WCF::getDB()->prepareStatement($sql);
     $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters()));
     // user_follow (userID)
     $conditions = new PreparedStatementConditionBuilder();
     $conditions->add("userID IN (?)", array($this->mergedUserIDs));
     $conditions->add("followUserID <> ?", array($this->destinationUserID));
     $sql = "UPDATE IGNORE\twcf" . WCF_N . "_user_follow\n\t\t\tSET\t\tuserID = ?\n\t\t\t" . $conditions;
     $statement = WCF::getDB()->prepareStatement($sql);
     $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters()));
     // user_follow (followUserID)
     $conditions = new PreparedStatementConditionBuilder();
     $conditions->add("followUserID IN (?)", array($this->mergedUserIDs));
     $conditions->add("userID <> ?", array($this->destinationUserID));
     $sql = "UPDATE IGNORE\twcf" . WCF_N . "_user_follow\n\t\t\tSET\t\tfollowUserID = ?\n\t\t\t" . $conditions;
     $statement = WCF::getDB()->prepareStatement($sql);
     $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters()));
     // user_ignore (userID)
     $conditions = new PreparedStatementConditionBuilder();
     $conditions->add("userID IN (?)", array($this->mergedUserIDs));
     $conditions->add("ignoreUserID <> ?", array($this->destinationUserID));
     $sql = "UPDATE IGNORE\twcf" . WCF_N . "_user_ignore\n\t\t\tSET\t\tuserID = ?\n\t\t\t" . $conditions;
     $statement = WCF::getDB()->prepareStatement($sql);
     $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters()));
     // user_ignore (ignoreUserID)
     $conditions = new PreparedStatementConditionBuilder();
     $conditions->add("ignoreUserID IN (?)", array($this->mergedUserIDs));
     $conditions->add("userID <> ?", array($this->destinationUserID));
     $sql = "UPDATE IGNORE\twcf" . WCF_N . "_user_ignore\n\t\t\tSET\t\tignoreUserID = ?\n\t\t\t" . $conditions;
     $statement = WCF::getDB()->prepareStatement($sql);
     $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters()));
     // user_object_watch
     $conditions = new PreparedStatementConditionBuilder();
     $conditions->add("userID IN (?)", array($this->mergedUserIDs));
     $sql = "UPDATE IGNORE\twcf" . WCF_N . "_user_object_watch\n\t\t\tSET\t\tuserID = ?\n\t\t\t" . $conditions;
     $statement = WCF::getDB()->prepareStatement($sql);
     $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters()));
     // user_activity_event
     $conditions = new PreparedStatementConditionBuilder();
     $conditions->add("userID IN (?)", array($this->mergedUserIDs));
     $sql = "UPDATE\twcf" . WCF_N . "_user_activity_event\n\t\t\tSET\tuserID = ?\n\t\t\t" . $conditions;
     $statement = WCF::getDB()->prepareStatement($sql);
     $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters()));
     // attachments
     $conditions = new PreparedStatementConditionBuilder();
     $conditions->add("userID IN (?)", array($this->mergedUserIDs));
     $sql = "UPDATE\twcf" . WCF_N . "_attachment\n\t\t\tSET\tuserID = ?\n\t\t\t" . $conditions;
     $statement = WCF::getDB()->prepareStatement($sql);
     $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters()));
     // modification_log
     $conditions = new PreparedStatementConditionBuilder();
     $conditions->add("userID IN (?)", array($this->mergedUserIDs));
     $sql = "UPDATE\twcf" . WCF_N . "_modification_log\n\t\t\tSET\tuserID = ?\n\t\t\t" . $conditions;
     $statement = WCF::getDB()->prepareStatement($sql);
     $statement->execute(array_merge(array($this->destinationUserID), $conditions->getParameters()));
     // delete merged users
     $action = new UserAction($this->mergedUserIDs, 'delete');
     $action->executeAction();
     // reset clipboard
     ClipboardHandler::getInstance()->removeItems($this->objectTypeID);
     SessionHandler::resetSessions($this->userIDs);
     $this->saved();
     // show success message
     WCF::getTPL()->assign('message', 'wcf.global.success');
     WCF::getTPL()->display('success');
     exit;
 }
 /**
  * @see wcf\data\IEditableCachedObject::resetCache()
  */
 public static function resetCache()
 {
     // clear cache
     CacheHandler::getInstance()->clear(WCF_DIR . 'cache', 'cache.groups*.php');
     // clear sessions
     SessionHandler::resetSessions();
 }
Beispiel #16
0
 /**
  * Registers with wcf setup delivered packages in the package installation queue.
  */
 protected function installPackages()
 {
     // init database connection
     $this->initDB();
     // get admin account
     $admin = new User(1);
     // get delivered packages
     $wcfPackageFile = '';
     $otherPackages = array();
     $tar = new Tar(SETUP_FILE);
     foreach ($tar->getContentList() as $file) {
         if ($file['type'] != 'folder' && mb_strpos($file['filename'], 'install/packages/') === 0) {
             $packageFile = basename($file['filename']);
             // ignore any files which aren't an archive
             if (preg_match('~\\.(tar\\.gz|tgz|tar)$~', $packageFile)) {
                 $packageName = preg_replace('!\\.(tar\\.gz|tgz|tar)$!', '', $packageFile);
                 if ($packageName == 'com.woltlab.wcf') {
                     $wcfPackageFile = $packageFile;
                 } else {
                     $isStrato = !empty($_SERVER['DOCUMENT_ROOT']) && strpos($_SERVER['DOCUMENT_ROOT'], 'strato') !== false;
                     if (!$isStrato && preg_match('!\\.(tar\\.gz|tgz)$!', $packageFile)) {
                         // try to unzip zipped package files
                         if (FileUtil::uncompressFile(TMP_DIR . 'install/packages/' . $packageFile, TMP_DIR . 'install/packages/' . $packageName . '.tar')) {
                             @unlink(TMP_DIR . 'install/packages/' . $packageFile);
                             $packageFile = $packageName . '.tar';
                         }
                     }
                     $otherPackages[$packageName] = $packageFile;
                 }
             }
         }
     }
     $tar->close();
     // register packages in queue
     // get new process id
     $sql = "SELECT\tMAX(processNo) AS processNo\n\t\t\tFROM\twcf" . WCF_N . "_package_installation_queue";
     $statement = self::getDB()->prepareStatement($sql);
     $statement->execute();
     $result = $statement->fetchArray();
     $processNo = intval($result['processNo']) + 1;
     // search existing wcf package
     $sql = "SELECT\tCOUNT(*) AS count\n\t\t\tFROM\twcf" . WCF_N . "_package\n\t\t\tWHERE\tpackage = 'com.woltlab.wcf'";
     $statement = self::getDB()->prepareStatement($sql);
     $statement->execute();
     $row = $statement->fetchArray();
     if (!$row['count']) {
         if (empty($wcfPackageFile)) {
             throw new SystemException('the essential package com.woltlab.wcf is missing.');
         }
         // register essential wcf package
         $queue = PackageInstallationQueueEditor::create(array('processNo' => $processNo, 'userID' => $admin->userID, 'package' => 'com.woltlab.wcf', 'packageName' => 'WoltLab Community Framework', 'archive' => TMP_DIR . 'install/packages/' . $wcfPackageFile, 'isApplication' => 1));
     }
     // register all other delivered packages
     asort($otherPackages);
     foreach ($otherPackages as $packageName => $packageFile) {
         // extract packageName from archive's package.xml
         $archive = new PackageArchive(TMP_DIR . 'install/packages/' . $packageFile);
         try {
             $archive->openArchive();
         } catch (\Exception $e) {
             // we've encountered a broken archive, revert everything and then fail
             $sql = "SELECT\tqueueID, parentQueueID\n\t\t\t\t\tFROM\twcf" . WCF_N . "_package_installation_queue";
             $statement = WCF::getDB()->prepareStatement($sql);
             $statement->execute();
             $queues = array();
             while ($row = $statement->fetchArray()) {
                 $queues[$row['queueID']] = $row['parentQueueID'];
             }
             $queueIDs = array();
             $queueID = $queue->queueID;
             while ($queueID) {
                 $queueIDs[] = $queueID;
                 $queueID = isset($queues[$queueID]) ? $queues[$queueID] : 0;
             }
             // remove previously created queues
             if (!empty($queueIDs)) {
                 $sql = "DELETE FROM\twcf" . WCF_N . "_package_installation_queue\n\t\t\t\t\t\tWHERE\t\tqueueID = ?";
                 $statement = WCF::getDB()->prepareStatement($sql);
                 WCF::getDB()->beginTransaction();
                 foreach ($queueIDs as $queueID) {
                     $statement->execute(array($queueID));
                 }
                 WCF::getDB()->commitTransaction();
             }
             // remove package files
             @unlink(TMP_DIR . 'install/packages/' . $wcfPackageFile);
             foreach ($otherPackages as $packageFile) {
                 @unlink(TMP_DIR . 'install/packages/' . $packageFile);
             }
             // throw exception again
             throw new SystemException('', 0, '', $e);
         }
         $queue = PackageInstallationQueueEditor::create(array('parentQueueID' => $queue->queueID, 'processNo' => $processNo, 'userID' => $admin->userID, 'package' => $packageName, 'packageName' => $archive->getLocalizedPackageInfo('packageName'), 'archive' => TMP_DIR . 'install/packages/' . $packageFile, 'isApplication' => 1));
     }
     // login as admin
     $factory = new ACPSessionFactory();
     $factory->load();
     SessionHandler::getInstance()->changeUser($admin);
     SessionHandler::getInstance()->register('masterPassword', 1);
     SessionHandler::getInstance()->register('__wcfSetup_developerMode', self::$developerMode);
     SessionHandler::getInstance()->update();
     $installPhpDeleted = @unlink('./install.php');
     @unlink('./test.php');
     $wcfSetupTarDeleted = @unlink('./WCFSetup.tar.gz');
     // print page
     WCF::getTPL()->assign(array('installPhpDeleted' => $installPhpDeleted, 'wcfSetupTarDeleted' => $wcfSetupTarDeleted));
     WCF::getTPL()->display('stepInstallPackages');
     // delete tmp files
     $directory = TMP_DIR . '/';
     DirectoryUtil::getInstance($directory)->removePattern(new Regex('\\.tar(\\.gz)?$'), true);
 }
 /**
  * @see wcf\form\IForm::save()
  */
 public function save()
 {
     parent::save();
     $conditions = new PreparedStatementConditionBuilder();
     $conditions->add("userID IN (?)", array($this->userIDs));
     $sql = "SELECT\tuserID, groupID\n\t\t\tFROM\twcf" . WCF_N . "_user_to_group\n\t\t\t" . $conditions;
     $statement = WCF::getDB()->prepareStatement($sql);
     $statement->execute($conditions->getParameters());
     $groups = array();
     while ($row = $statement->fetchArray()) {
         $groups[$row['userID']][] = $row['groupID'];
     }
     foreach ($this->users as $user) {
         if (!UserGroup::isAccessibleGroup($groups[$user->userID])) {
             throw new PermissionDeniedException();
         }
         $groupsIDs = array_merge($groups[$user->userID], $this->groupIDs);
         $groupsIDs = array_unique($groupsIDs);
         $userEditor = new UserEditor($user);
         $userEditor->addToGroups($groupsIDs, true, false);
     }
     ClipboardHandler::getInstance()->removeItems($this->typeID);
     SessionHandler::resetSessions($this->userIDs);
     $this->saved();
     WCF::getTPL()->assign('message', 'wcf.acp.user.assignToGroup.success');
     WCF::getTPL()->display('success');
     exit;
 }