Ejemplo n.º 1
0
 /**
  * 	Logs a user in via a vb login and connects them to a facebook account
  *
  *	Expects post fields for login (only one of the three password fields is strictly required --
  *	Typically either the password (plain text) or the md5 pair are passed but not both):
  *	* password
  *	* vb_login_md5password
  *	* vb_login_md5password_utf
  *	* username
  *	* auth -- Facebook auth token for FB user to connect to (provide by FB JS SDK)
  *
  *	If the connection fails then login tokens will not be set and the user will not be logged in even
  *	if the login portion succeeds.
  *
  *	Will output a JSON object with either a standard error message or {'redirect' : $homepageurl}
  *	@return boolean
  */
 public function actionLoginAndAssociate()
 {
     $result = array();
     $api = Api_InterfaceAbstract::instance();
     //we might not get all of these
     $password = isset($_POST['password']) ? $_POST['password'] : '';
     $vb_login_md5password = isset($_POST['vb_login_md5password']) ? $_POST['vb_login_md5password'] : '';
     $vb_login_md5password_utf = isset($_POST['vb_login_md5password_utf']) ? $_POST['vb_login_md5password_utf'] : '';
     //login
     $loginInfo = $api->callApi('user', 'login', array($_POST['username'], $password, $vb_login_md5password, $vb_login_md5password_utf, ''));
     if ($this->handleErrorsForAjax($result, $response)) {
         $this->sendAsJson($result);
         return false;
     }
     $api = Api_InterfaceAbstract::instance();
     $response = $api->callApi('facebook', 'connectCurrentUser', array('token' => $_POST['auth']));
     if ($this->handleErrorsForAjax($result, $response)) {
         $this->sendAsJson($result);
         return false;
     }
     //don't set the auth cookies until after we have connected the user
     vB5_Auth::setLoginCookies($loginInfo, '', !empty($_POST['rememberme']));
     $homeurl = $api->callApi('route', 'getUrl', array('home', array(), array()));
     $this->sendAsJson(array('redirect' => $homeurl));
     return true;
 }
Ejemplo n.º 2
0
 public function init()
 {
     if ($this->initialized) {
         return true;
     }
     //initialize core
     $core_path = vB5_Config::instance()->core_path;
     require_once $core_path . '/vb/vb.php';
     vB::init();
     $request = new vB_Request_WebApi();
     vB::setRequest($request);
     // When we reach here, there's no user information loaded. What we can do is trying to load language from cookies.
     // Shouldn't use vB5_User::getLanguageId() as it will try to load userinfo from session
     $languageid = vB5_Cookie::get('languageid', vB5_Cookie::TYPE_UINT);
     if ($languageid) {
         $request->setLanguageid($languageid);
     }
     $sessionhash = vB5_Cookie::get('sessionhash', vB5_Cookie::TYPE_STRING);
     $restoreSessionInfo['userid'] = vB5_Cookie::get('userid', vB5_Cookie::TYPE_STRING);
     $restoreSessionInfo['remembermetoken'] = vB5_Cookie::get('password', vB5_Cookie::TYPE_STRING);
     $remembermetokenOrig = $restoreSessionInfo['remembermetoken'];
     $retry = false;
     if ($restoreSessionInfo['remembermetoken'] == 'facebook-retry') {
         $restoreSessionInfo['remembermetoken'] = 'facebook';
         $retry = true;
     }
     //We normally don't allow the use of the backend classes in the front end, but the
     //rules are relaxed inside the api class and especially in the bootstrap dance of getting
     //things set up.  Right now getting at the options in the front end is nasty, but I don't
     //want the backend dealing with cookies if I can help it (among other things it makes
     //it nasty to handle callers of the backend that don't have cookies).  But we need
     //so information to determine what the cookie name is.  This is the least bad way
     //of handling things.
     $options = vB::getDatastore()->getValue('options');
     if ($options['facebookactive'] and $options['facebookappid']) {
         //this is not a vB cookie so it doesn't use our prefix -- which the cookie class adds automatically
         $cookie_name = 'fbsr_' . $options['facebookappid'];
         $restoreSessionInfo['fb_signed_request'] = isset($_COOKIE[$cookie_name]) ? strval($_COOKIE[$cookie_name]) : '';
     }
     $session = $request->createSessionNew($sessionhash, $restoreSessionInfo);
     if ($session['sessionhash'] !== $sessionhash) {
         vB5_Cookie::set('sessionhash', $session['sessionhash'], 0, true);
     }
     //redirect to handle a stale FB cookie when doing a FB "remember me".
     //only do it once to prevent redirect loops -- don't try this with
     //posts since we'd lose the post data in that case
     //
     //Some notes on the JS code (don't want them in the JS inself to avoid
     //increasing what gets sent to the browser).
     //1) This code is deliberately designed to avoid using subsystems that
     //	would increase the processing time for something that doesn't need it
     //	(we even avoid initializing JQUERY here).  This is the reason it is
     //	inline and not in a template.
     //2) The code inits the FB system which will create update the cookie
     //	if it is able to validate the user.  The cookie is what we are after.
     //	We use getLoginStatus instead of setting status to true because
     //	the latter introduces a race condition were we can do the redirect
     //	before the we've fully initialized and updated the cookie.  The
     //	explicit call to getLoginStatus allows us to redirect when the
     //	status is obtained.
     //3) If we fail to update the cookie we catch that when we try to
     //	create the vb session (which is why we only allow one retry)
     //4) The JS here should *never* prompt the user, assuming the FB
     //	docs are correct.
     //5) If the FB version is changed it needs to changed in the
     //	FB library class and the facebook.js file
     if (strtolower($_SERVER['REQUEST_METHOD']) == 'get' and vB::getCurrentSession()->get('userid') == 0 and $options['facebookactive'] and $options['facebookappid'] and $restoreSessionInfo['remembermetoken'] == 'facebook') {
         if (!$retry) {
             //if this isn't a retry, then do a redirect
             vB5_Auth::setRememberMeCookies('facebook-retry', $restoreSessionInfo['userid']);
             $fbredirect = "\n\t\t\t\t\t<!DOCTYPE html>\n\t\t\t\t\t<html>\n\t\t\t\t\t<head>\n\t\t\t\t\t\t<script type='text/javascript' src='//connect.facebook.net/en_US/sdk.js'></script>\n\t\t\t\t\t\t<script type='text/javascript'>\n\t\t\t\t\t\t\tFB.init({\n\t\t\t\t\t\t\t\tappId   : '{$options['facebookappid']}',\n\t\t\t\t\t\t\t\tversion : 'v2.2',\n\t\t\t\t\t\t\t\tstatus  : false,\n\t\t\t\t\t\t\t\tcookie  : true,\n\t\t\t\t\t\t\t\txfbml   : false\n\t\t\t\t\t\t\t});\n\n\t\t\t\t\t\t\tFB.getLoginStatus(function(response)\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\twindow.top.location.reload(true);\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t</script>\n\t\t\t\t\t</head>\n\t\t\t\t\t<body></body>\n\t\t\t\t\t</html>\n\t\t\t\t";
             echo $fbredirect;
             exit;
         } else {
             //we tried and failed to log in via FB.  That probably means that the user
             //is logged out of facebook.  Let's kill the autolog in so that we stop
             //trying to connect via FB
             vB5_Auth::setRememberMeCookies('', '');
         }
     }
     //if we have an existing token and if we got a token back from the session that is different then we
     //need to update the token in the browser.  We shouldn't get a token back if we didn't pass one in but
     //we shouldn't depend on that behavior.
     if ($session['remembermetoken'] and $session['remembermetoken'] != $remembermetokenOrig) {
         vB5_Auth::setRememberMeCookies($session['remembermetoken'], $restoreSessionInfo['userid']);
     }
     // Try to set cpsession hash to session object if exists
     vB::getCurrentSession()->setCpsessionHash(vB5_Cookie::get('cpsession', vB5_Cookie::TYPE_STRING));
     // Update lastvisit/lastactivity
     $info = vB::getCurrentSession()->doLastVisitUpdate(vB5_Cookie::get('lastvisit', vB5_Cookie::TYPE_UINT), vB5_Cookie::get('lastactivity', vB5_Cookie::TYPE_UINT));
     if (!empty($info)) {
         // for guests we need to set some cookies
         if (isset($info['lastvisit'])) {
             vB5_Cookie::set('lastvisit', $info['lastvisit']);
         }
         if (isset($info['lastactivity'])) {
             vB5_Cookie::set('lastactivity', $info['lastactivity']);
         }
     }
     $this->initialized = true;
 }