public function createSession($userid = 1)
{
//$this->session = vB_Session_Web::getSession(1);
$this->session = new vB_Session_Cli(vB::getDbAssertor(), vB::getDatastore(), vB::getConfig(), $userid);
vB::setCurrentSession($this->session);
$this->timeNow = time();
}
/**
* Processes logins into CP
* Adapted from functions_login.php::process_new_login
* THIS METHOD DOES NOT SET ANY COOKIES, SO IT CANNOT REPLACE DIRECTLY THE LEGACY FUNCTION
*
* @static
* @param array $auth The userinfo returned by vB_User::verifyAuthentication()
* @param string $logintype Currently 'cplogin' only or empty
* @param string $cssprefs AdminCP css preferences array
* @return array The userinfo returned by vB_User::verifyAuthentication() together with sessionhash and cpsessionhash
*/
public static function processNewLogin($auth, $logintype = '', $cssprefs = '')
{
$assertor = vB::getDbAssertor();
$result = array();
if ($session = vB::getCurrentSession() and $session->isCreated() and $session->get('userid') == 0) {
// if we just created a session on this page, there's no reason not to use it
$newsession = $session;
$newsession->set('userid', $auth['userid']);
} else {
$sessionClass = vB::getRequest()->getSessionClass();
$newsession = call_user_func(array($sessionClass, 'getSession'), $auth['userid']);
}
$newsession->set('loggedin', 1);
if ($logintype == 'cplogin') {
$newsession->set('bypass', 1);
} else {
$newsession->set('bypass', 0);
}
$newsession->fetch_userinfo();
vB::setCurrentSession($newsession);
$result['sessionhash'] = $newsession->get('dbsessionhash');
$usercontext = vB::getUserContext();
if ($usercontext->isAdministrator() or $usercontext->getCanModerate()) {
// If the user is admin or moderator, we create the cpsession
$cpsession = $newsession->fetchCpsessionHash();
$result['cpsession'] = $cpsession;
}
// admin control panel or upgrade script login
if ($logintype === 'cplogin') {
if ($usercontext->hasAdminPermission('cancontrolpanel')) {
if ($cssprefs != '') {
$admininfo = $assertor->getRow('vBForum:administrator', array('userid' => $auth['userid']));
if ($admininfo) {
$admindm = new vB_DataManager_Admin(null, vB_DataManager_Constants::ERRTYPE_SILENT);
$admindm->set_existing($admininfo);
$admindm->set('cssprefs', $cssprefs);
$admindm->save();
}
}
}
}
if (defined('VB_API') and VB_API === true) {
$apiclient = $newsession->getApiClient();
if ($apiclient['apiclientid'] and $auth['userid']) {
$assertor->update('apiclient', array('userid' => intval($auth['userid'])), array('apiclientid' => intval($apiclient['apiclientid'])));
}
}
$result = array_merge($result, $auth);
return $result;
}
/**
* Creates a session for a specific user
*
* Used to create session for a particular user based on the current
* request information. Useful for creating a session after the user logs in.
* This will overwrite the current Session in this request class and the
* vB current session.
*
* @param $userid integer The user to create the session for.
* @return $session vB_Session The session created. Not that this will be a subclass
* of the abstract vB_Session Class
*/
public function createSessionForUser($userid)
{
//refactored from vB_User login code
//if we currently have a session, get rid of it.
$currentSession = vB::getCurrentSession();
if ($currentSession) {
$currentSession->delete();
}
$sessionClass = $this->getSessionClass();
//these are references so we need to set to locals.
$db =& vB::getDbAssertor();
$store =& vB::getDatastore();
$config =& vB::getConfig();
$this->session = call_user_func(array($sessionClass, 'getSession'), $userid, '', $db, $store, $config);
vB::setCurrentSession($this->session);
return $this->session;
}
$vbulletin->GPC[COOKIE_PREFIX . 'skipmobilestyle'] = 1;
} elseif (isset($vbulletin->options['mobilestyleid_advanced']) and $styleid == $vbulletin->options['mobilestyleid_advanced'] or isset($vbulletin->options['mobilestyleid_basic']) and $styleid == $vbulletin->options['mobilestyleid_basic']) {
vbsetcookie('skipmobilestyle', 0);
$vbulletin->GPC[COOKIE_PREFIX . 'skipmobilestyle'] = 0;
}
} elseif ($mobile_browser_advanced && $vbulletin->options['mobilestyleid_advanced'] && !$vbulletin->GPC[COOKIE_PREFIX . 'skipmobilestyle']) {
$styleid = $vbulletin->options['mobilestyleid_advanced'];
} elseif ($mobile_browser && $vbulletin->options['mobilestyleid_basic'] && !$vbulletin->GPC[COOKIE_PREFIX . 'skipmobilestyle']) {
$styleid = $vbulletin->options['mobilestyleid_basic'];
} elseif ($vbulletin->GPC[COOKIE_PREFIX . 'userstyleid']) {
$styleid = $vbulletin->GPC[COOKIE_PREFIX . 'userstyleid'];
} else {
$styleid = 0;
}
$session = vB_Session::getNewSession(vB::getDbAssertor(), vB::getDatastore(), vB::getConfig(), $sessionhash, $vbulletin->GPC[COOKIE_PREFIX . 'userid'], $vbulletin->GPC[COOKIE_PREFIX . 'password'], $styleid, $languageid);
vB::setCurrentSession($session);
//needs to go after the session
// fetch url of referring page after we have access to vboptions['forumhome']
$vbulletin->url = $vbulletin->input->fetch_url();
define('REFERRER_PASSTHRU', $vbulletin->url);
// conditional used in templates to hide things from search engines.
$show['search_engine'] = preg_match("#(google|msnbot|yahoo! slurp)#si", $_SERVER['HTTP_USER_AGENT']);
$vbulletin->session->doLastVisitUpdate($vbulletin->GPC[COOKIE_PREFIX . 'lastvisit'], $vbulletin->GPC[COOKIE_PREFIX . 'lastactivity']);
// Because of Signature Verification, VB API won't need to verify securitytoken
// CSRF Protection for POST requests
if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST' and !VB_API) {
if (empty($_POST) and isset($_SERVER['CONTENT_LENGTH']) and $_SERVER['CONTENT_LENGTH'] > 0) {
die('The file(s) uploaded were too large to process.');
}
if ($vbulletin->userinfo['userid'] > 0 and defined('CSRF_PROTECTION') and CSRF_PROTECTION === true) {
$vbulletin->input->clean_array_gpc('p', array('securitytoken' => vB_Cleaner::TYPE_STR));
/**
* starts a new lightweight (no shutdown) guest session and returns the session object.
*
* @return vB_Session session data.
*/
public function getGuestSession()
{
$session = vB_Session_Web::getSession(0, '');
$languageid = vB::getDatastore()->getOption('languageid');
$session->set('languageid', $languageid);
vB::skipShutdown(true);
vB::setCurrentSession($session);
return $session;
}
