/**
* Handles setting adding a newly created session to the request object
*
* Adds the session to the request
* Sets the session language to the request langauge if we have one
* Registers the session with the vB class
*
* @param vB_Session $session
*/
protected function setSession($session)
{
$this->session = $session;
if ($this->languageid) {
$this->session->set('languageid', $this->languageid);
}
vB::setCurrentSession($this->session);
}
/**
* Constructor - Checks for necessity of registry object
*
* Note that this method will accept only the $errtype parameter (via some magic checking of the parameters)
* and this is the preferred way of calling the datamanager functions. The registry object is deprecated
* and will be created internally for those managers that still need it.
*
* @param vB_Registry $registry -- Instance of the vBulletin data registry object - expected to have the
* database object as one of its $this->db member.
* @param integer $errtype --One of the ERRTYPE_x constants
*/
public function __construct($registry = NULL, $errtype = NULL)
{
if (is_object($registry)) {
$this->registry =& $registry;
} else {
if ($this->needRegistry) {
$this->registry = vB::get_registry();
}
}
if (is_int($registry) and $errtype === NULL) {
//This allows us to function as either vb3/4 style with $vbulletin,
// or vb5-style with no global variables
$errtype = $registry;
} else {
if ($errtype === NULL) {
$errtype = vB_DataManager_Constants::ERRTYPE_STANDARD;
}
}
$this->assertor = vB::getDbAssertor();
$this->session = vB::getCurrentSession();
$this->userinfo = $this->session->fetch_userinfo();
$this->datastore = vB::getDatastore();
$this->options = $this->datastore->get_value('options');
$this->setErrorHandler($errtype);
if (is_array($this->bitfields)) {
foreach ($this->bitfields as $key => $val) {
//set this to bitfields array directly and unset if bad. if we try to set this to a interim
//variable we end up getting the references crossed so that every element of the array is
//the same as the last value loaded (this is a bit of a problem). We could not use references
//but I'd like to avoid copying static arrays more than I need to.
$this->bitfields["{$key}"] = $this->datastore->get_value($val);
if (!$this->bitfields["{$key}"]) {
unset($this->bitfields["{$key}"]);
trigger_error("Please check the <em>\$bitfields</em> array in the <strong>" . get_class($this) . "</strong> class definition - <em>\$vbulletin->{$val}</em> is not a valid bitfield.<br />", E_USER_ERROR);
}
}
}
/* Legacy Hook $this->hook_start Removed */
}
public function __construct(&$dBAssertor, &$datastore, &$config, $styleid = 0, $languageid = 0)
{
parent::__construct($dBAssertor, $datastore, $config, '', array(), $styleid, $languageid);
}
function process_logout()
{
global $vbulletin;
// clear all cookies beginning with COOKIE_PREFIX
$prefix_length = strlen(COOKIE_PREFIX);
foreach ($_COOKIE AS $key => $val)
{
$index = strpos($key, COOKIE_PREFIX);
if ($index == 0 AND $index !== false)
{
$key = substr($key, $prefix_length);
if (trim($key) == '')
{
continue;
}
// vbsetcookie will add the cookie prefix
vbsetcookie($key, '', 1);
}
}
if ($vbulletin->userinfo['userid'] AND $vbulletin->userinfo['userid'] != -1)
{
// init user data manager
$userdata =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$userdata->set_existing($vbulletin->userinfo);
$userdata->set('lastactivity', TIMENOW - $vbulletin->options['cookietimeout']);
$userdata->set('lastvisit', TIMENOW);
$userdata->save();
// make sure any other of this user's sessions are deleted (in case they ended up with more than one)
$vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "session WHERE userid = " . $vbulletin->userinfo['userid']);
}
$vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "session WHERE sessionhash = '" . $vbulletin->db->escape_string($vbulletin->session->vars['dbsessionhash']) . "'");
if ($vbulletin->session->created == true)
{
// if we just created a session on this page, there's no reason not to use it
$newsession = $vbulletin->session;
}
else
{
$newsession = new vB_Session($vbulletin, '', 0, '', $vbulletin->session->vars['styleid']);
}
$newsession->set('userid', 0);
$newsession->set('loggedin', 0);
$newsession->set_session_visibility(($vbulletin->superglobal_size['_COOKIE'] > 0));
$vbulletin->session =& $newsession;
($hook = vBulletinHook::fetch_hook('logout_process')) ? eval($hook) : false;
}
public function saveForTesting()
{
parent::save();
}
public static function processLogout()
{
global $vbulletin;
$assertor = vB::getDbAssertor();
$userinfo = vB::getCurrentSession()->fetch_userinfo();
$timeNow = vB::getRequest()->getTimeNow();
$options = vB::getDatastore()->get_value('options');
$session = vB::getCurrentSession();
if ($userinfo['userid'] and $userinfo['userid'] != -1) {
// init user data manager
$userdata = new vB_Datamanager_User(vB_DataManager_Constants::ERRTYPE_SILENT);
$userdata->set_existing($userinfo);
$userdata->set('lastactivity', $timeNow - $options['cookietimeout']);
$userdata->set('lastvisit', $timeNow);
$userdata->save();
if (!defined('VB_API')) {
$assertor->delete('session', array('userid' => $userinfo['userid'], 'apiaccesstoken' => null));
$assertor->delete('cpsession', array('userid' => $userinfo['userid']));
}
}
$assertor->delete('session', array('sessionhash' => $session->get('dbsessionhash')));
// Remove accesstoken from apiclient table so that a new one will be generated
if (defined('VB_API') and VB_API === true and $vbulletin->apiclient['apiclientid']) {
$assertor->update('apiclient', array('apiaccesstoken' => '', 'userid' => 0), array('apiclientid' => intval($vbulletin->apiclient['apiclientid'])));
$vbulletin->apiclient['apiaccesstoken'] = '';
}
if ($vbulletin->session->created == true and (!defined('VB_API') or !VB_API)) {
// if we just created a session on this page, there's no reason not to use it
$newsession = $vbulletin->session;
} else {
// API should always create a new session here to generate a new accesstoken
$newsession = vB_Session::getNewSession(vB::getDbAssertor(), vB::getDatastore(), vB::getConfig(), '', 0, '', vB::getCurrentSession()->get('styleid'));
}
$newsession->set('userid', 0);
$newsession->set('loggedin', 0);
$vbulletin->session =& $newsession;
$result = array();
$result['sessionhash'] = $newsession->get('dbsessionhash');
$result['apiaccesstoken'] = $newsession->get('apiaccesstoken');
if (defined('VB_API') and VB_API === true) {
if ($_REQUEST['api_c']) {
$assertor->update('apiclient', array('apiaccesstoken' => $result['apiaccesstoken'], 'userid' => 0), array('apiclientid' => intval($_REQUEST['api_c'])));
}
}
return $result;
}
/**
*
* @param vB_Session $session
*/
public static function setCurrentSession(vB_Session $session)
{
if (self::$currentSession !== null) {
//if we are changing to a new user, let's reload the permissions. It may be slower, but it should
//be safer and shouldn't be that common.
unset(self::$usercontexts[$session->get('userid')]);
}
self::$currentSession =& $session;
// this should be the ONLY way of setting $vbulletin->session and $vbulletin->userinfo attributes
// old code may set attributes inside session and userinfo, but as we have references the session object should be updated as well
$vbulletin =& self::get_registry();
$vbulletin->session =& $session;
$vbulletin->userinfo =& $session->fetch_userinfo();
}
function process_logout()
{
global $vbulletin;
// clear all cookies beginning with COOKIE_PREFIX
$prefix_length = strlen(COOKIE_PREFIX);
foreach ($_COOKIE as $key => $val) {
$index = strpos($key, COOKIE_PREFIX);
if ($index == 0 and $index !== false) {
$key = substr($key, $prefix_length);
if (trim($key) == '') {
continue;
}
// vbsetcookie will add the cookie prefix
vbsetcookie($key, '', 1);
}
}
if ($vbulletin->userinfo['userid'] and $vbulletin->userinfo['userid'] != -1) {
// init user data manager
$userdata =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$userdata->set_existing($vbulletin->userinfo);
$userdata->set('lastactivity', TIMENOW - $vbulletin->options['cookietimeout']);
$userdata->set('lastvisit', TIMENOW);
$userdata->save();
// make sure any other of this user's sessions are deleted (in case they ended up with more than one)
$vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "session WHERE userid = " . $vbulletin->userinfo['userid']);
}
$vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "session WHERE sessionhash = '" . $vbulletin->db->escape_string($vbulletin->session->vars['dbsessionhash']) . "'");
// Remove accesstoken from apiclient table so that a new one will be generated
if (defined('VB_API') and VB_API === true and $vbulletin->apiclient['apiclientid']) {
$vbulletin->db->query_write("UPDATE " . TABLE_PREFIX . "apiclient SET apiaccesstoken = '', userid = 0\n\t\t\tWHERE apiclientid = " . intval($vbulletin->apiclient['apiclientid']));
$vbulletin->apiclient['apiaccesstoken'] = '';
}
if ($vbulletin->session->created == true and !VB_API) {
// if we just created a session on this page, there's no reason not to use it
$newsession = $vbulletin->session;
} else {
// API should always create a new session here to generate a new accesstoken
$newsession = new vB_Session($vbulletin, '', 0, '', $vbulletin->session->vars['styleid']);
}
$newsession->set('userid', 0);
$newsession->set('loggedin', 0);
$newsession->set_session_visibility($vbulletin->superglobal_size['_COOKIE'] > 0);
$vbulletin->session =& $newsession;
($hook = vBulletinHook::fetch_hook('logout_process')) ? eval($hook) : false;
}
vbsetcookie('skipmobilestyle', 1);
$vbulletin->GPC[COOKIE_PREFIX . 'skipmobilestyle'] = 1;
} elseif (isset($vbulletin->options['mobilestyleid_advanced']) and $styleid == $vbulletin->options['mobilestyleid_advanced'] or isset($vbulletin->options['mobilestyleid_basic']) and $styleid == $vbulletin->options['mobilestyleid_basic']) {
vbsetcookie('skipmobilestyle', 0);
$vbulletin->GPC[COOKIE_PREFIX . 'skipmobilestyle'] = 0;
}
} elseif ($mobile_browser_advanced && $vbulletin->options['mobilestyleid_advanced'] && !$vbulletin->GPC[COOKIE_PREFIX . 'skipmobilestyle']) {
$styleid = $vbulletin->options['mobilestyleid_advanced'];
} elseif ($mobile_browser && $vbulletin->options['mobilestyleid_basic'] && !$vbulletin->GPC[COOKIE_PREFIX . 'skipmobilestyle']) {
$styleid = $vbulletin->options['mobilestyleid_basic'];
} elseif ($vbulletin->GPC[COOKIE_PREFIX . 'userstyleid']) {
$styleid = $vbulletin->GPC[COOKIE_PREFIX . 'userstyleid'];
} else {
$styleid = 0;
}
$session = vB_Session::getNewSession(vB::getDbAssertor(), vB::getDatastore(), vB::getConfig(), $sessionhash, $vbulletin->GPC[COOKIE_PREFIX . 'userid'], $vbulletin->GPC[COOKIE_PREFIX . 'password'], $styleid, $languageid);
vB::setCurrentSession($session);
//needs to go after the session
// fetch url of referring page after we have access to vboptions['forumhome']
$vbulletin->url = $vbulletin->input->fetch_url();
define('REFERRER_PASSTHRU', $vbulletin->url);
// conditional used in templates to hide things from search engines.
$show['search_engine'] = preg_match("#(google|msnbot|yahoo! slurp)#si", $_SERVER['HTTP_USER_AGENT']);
$vbulletin->session->doLastVisitUpdate($vbulletin->GPC[COOKIE_PREFIX . 'lastvisit'], $vbulletin->GPC[COOKIE_PREFIX . 'lastactivity']);
// Because of Signature Verification, VB API won't need to verify securitytoken
// CSRF Protection for POST requests
if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST' and !VB_API) {
if (empty($_POST) and isset($_SERVER['CONTENT_LENGTH']) and $_SERVER['CONTENT_LENGTH'] > 0) {
die('The file(s) uploaded were too large to process.');
}
if ($vbulletin->userinfo['userid'] > 0 and defined('CSRF_PROTECTION') and CSRF_PROTECTION === true) {
protected function __construct(&$dBAssertor, &$datastore, &$config, $sessionhash = '', $restoreSessionInfo = array(), $styleid = 0, $languageid = 0)
{
parent::__construct($dBAssertor, $datastore, $config, $sessionhash, $restoreSessionInfo, $styleid, $languageid);
}
protected function fetch_session($userid = 0)
{
$session = parent::fetch_session($userid);
if ($this->apiclient['apiaccesstoken']) {
// Access Token is valid here because it's validated in init.php
$accesstoken = $this->apiclient['apiaccesstoken'];
} else {
// Generate an accesstoken
$accesstoken = fetch_random_string();
$this->apiclient['apiaccesstoken'] = $accesstoken;
}
$session['apiaccesstoken'] = $accesstoken;
if ($this->apiclient['apiclientid']) {
$session['apiclientid'] = intval($this->apiclient['apiclientid']);
// Save accesstoken to apiclient table
$this->dBAssertor->update('apiclient', array('apiaccesstoken' => $accesstoken, 'lastactivity' => TIMENOW), array('apiclientid' => $session['apiclientid']));
}
return $session;
}
