public function output()
{
global $vbulletin, $db, $show, $VB_API_REQUESTS;
if (!$VB_API_REQUESTS['api_c']) {
// The client doesn't have an ID yet. So we need to generate a new one.
$vbulletin->input->clean_array_gpc('r', array('clientname' => TYPE_STR, 'clientversion' => TYPE_STR, 'platformname' => TYPE_STR, 'platformversion' => TYPE_STR, 'uniqueid' => TYPE_STR));
// All params are required.
// uniqueid is the best to be a permanent unique id such as hardware ID (CPU ID,
// Harddisk ID or Mobile IMIE). Some client can not get a such a uniqueid,
// so it needs to generate an unique ID and save it in its local storage. If it
// requires the client ID and Secret again, pass the same unique ID.
if (!$vbulletin->GPC['clientname'] or !$vbulletin->GPC['clientversion'] or !$vbulletin->GPC['platformname'] or !$vbulletin->GPC['platformversion'] or !$vbulletin->GPC['uniqueid']) {
return $this->error('apiclientinfomissing', 'Miss required client information');
}
// Gererate clienthash.
$clienthash = md5($vbulletin->GPC['clientname'] . $vbulletin->GPC['platformname'] . $vbulletin->GPC['uniqueid']);
// Generate a new secret
$secret = fetch_random_password(32);
// If the same clienthash exists, return secret back to the client.
$client = $db->query_first_slave("SELECT *\n\t\t\t\tFROM " . TABLE_PREFIX . "apiclient\n\t\t\t\tWHERE clienthash = '" . $db->escape_string($clienthash) . "'\n\t\t\t\tLIMIT 1\n\t\t\t");
$apiclientid = $client['apiclientid'];
if ($apiclientid) {
// Update secret
// Also remove userid so it will logout previous loggedin and remembered user. (VBM-553)
$db->query_write("UPDATE " . TABLE_PREFIX . "apiclient SET\n\t\t\t\t\tsecret = '" . $db->escape_string($secret) . "',\n\t\t\t\t\tapiaccesstoken = '" . $db->escape_string($vbulletin->session->vars['apiaccesstoken']) . "',\n\t\t\t\t\tlastactivity = " . TIMENOW . ",\n\t\t\t\t\tclientversion = '" . $db->escape_string($vbulletin->GPC['clientversion']) . "',\n\t\t\t\t\tplatformversion = '" . $db->escape_string($vbulletin->GPC['platformversion']) . "',\n\t\t\t\t\tuserid = 0\n\t\t\t\t\tWHERE apiclientid = {$apiclientid}");
} else {
// Create a new client
$db->query_write("\n\t\t\t\t\tINSERT INTO " . TABLE_PREFIX . "apiclient (\n\t\t\t\t\t\tsecret, clienthash, clientname, clientversion, platformname,\n\t\t\t\t\t\tplatformversion, uniqueid, initialipaddress, apiaccesstoken,\n\t\t\t\t\t\tdateline, lastactivity\n\t\t\t\t\t)\n\t\t\t\t\tVALUES (\n\t\t\t\t\t\t'" . $db->escape_string($secret) . "', " . "'" . $db->escape_string($clienthash) . "', " . "'" . $db->escape_string($vbulletin->GPC['clientname']) . "', " . "'" . $db->escape_string($vbulletin->GPC['clientversion']) . "', " . "'" . $db->escape_string($vbulletin->GPC['platformname']) . "', " . "'" . $db->escape_string($vbulletin->GPC['platformversion']) . "', " . "'" . $db->escape_string($vbulletin->GPC['uniqueid']) . "', " . "'" . $db->escape_string($vbulletin->alt_ip) . "', " . "'" . $db->escape_string($vbulletin->session->vars['apiaccesstoken']) . "', " . TIMENOW . ", " . TIMENOW . "\n\t\t\t\t\t)\n\t\t\t\t");
$apiclientid = $db->insert_id();
}
// Set session client ID
$vbulletin->session->set('apiclientid', $apiclientid);
} else {
// api_c and api_sig are verified in init.php so we don't need to verify here again.
$apiclientid = intval($VB_API_REQUESTS['api_c']);
// Update lastactivity
$db->query_write("UPDATE " . TABLE_PREFIX . "apiclient SET\n\t\t\t\tlastactivity = " . TIMENOW . "\n\t\t\t\tWHERE apiclientid = {$apiclientid}");
}
$contenttypescache = vB_Types::instance()->getContentTypes();
foreach ($contenttypescache as $contenttype) {
$contenttypes[$contenttype['class']] = $contenttype['id'];
}
// Check the status of CMS and Blog
$blogenabled = $vbulletin->products['vbblog'] == '1';
$cmsenabled = $vbulletin->products['vbcms'] == '1';
$data = array('apiversion' => VB_API_VERSION, 'apiaccesstoken' => $vbulletin->session->vars['apiaccesstoken'], 'bbtitle' => $vbulletin->options['bbtitle'], 'bburl' => $vbulletin->options['bburl'], 'bbactive' => $vbulletin->options['bbactive'], 'forumhome' => $vbulletin->options['forumhome'], 'vbulletinversion' => $vbulletin->options['templateversion'], 'contenttypes' => $contenttypes, 'features' => array('blogenabled' => $blogenabled, 'cmsenabled' => $cmsenabled, 'pmsenabled' => (bool) $vbulletin->options['enablepms'], 'searchesenabled' => (bool) $vbulletin->options['enablesearches'], 'groupsenabled' => (bool) ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_groups']), 'albumsenabled' => (bool) ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_albums']), 'friendsenabled' => (bool) ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_friends']), 'visitor_trackingenabled' => (bool) ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_visitor_tracking']), 'visitor_messagingenabled' => (bool) ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_visitor_messaging']), 'multitypesearch' => true, 'taggingenabled' => (bool) $vbulletin->options['threadtagging'], 'paidsubs' => $this->paidSubs()), 'permissions' => $vbulletin->userinfo['permissions'], 'show' => $show);
if (!$vbulletin->options['bbactive']) {
$data['bbclosedreason'] = $vbulletin->options['bbclosedreason'];
}
$data['apiclientid'] = $apiclientid;
if (!$VB_API_REQUESTS['api_c']) {
$data['secret'] = $secret;
}
return $data;
}
$user = $db->query_first("\n\t\tSELECT activationid, dateline\n\t\tFROM " . TABLE_PREFIX . "useractivation\n\t\tWHERE type = 1\n\t\t\tAND userid = {$userinfo['userid']}\n\t");
if (!$user) {
// no activation record, probably got back here after a successful request, back to home
exec_header_redirect($vbulletin->options['forumhome'] . '.php');
}
if ($user['dateline'] < TIMENOW - 24 * 60 * 60) {
// is it older than 24 hours?
eval(standard_error(fetch_error('resetexpired', $vbulletin->session->vars['sessionurl'])));
}
if ($user['activationid'] != $vbulletin->GPC['activationid']) {
//wrong act id
eval(standard_error(fetch_error('resetbadid', $vbulletin->session->vars['sessionurl'])));
}
// delete old activation id
$db->query_write("DELETE FROM " . TABLE_PREFIX . "useractivation WHERE userid = {$userinfo['userid']} AND type = 1");
$newpassword = fetch_random_password(8);
// init user data manager
$userdata =& datamanager_init('User', $vbulletin, ERRTYPE_STANDARD);
$userdata->set_existing($userinfo);
$userdata->set('password', $newpassword);
$userdata->save();
($hook = vBulletinHook::fetch_hook('reset_password')) ? eval($hook) : false;
eval(fetch_email_phrases('resetpw', $userinfo['languageid']));
vbmail($userinfo['email'], $subject, $message, true);
eval(standard_error(fetch_error('resetpw', $vbulletin->session->vars['sessionurl'])));
}
/*======================================================================*\
|| ####################################################################
|| # Downloaded: 12:39, Wed May 30th 2012
|| # CVS: $RCSfile$ - $Revision: 39862 $
|| ####################################################################
if (!$vbulletin->options['apikey']) {
print_form_header('api', 'newkey');
print_table_header($vbphrase['api_key']);
print_description_row($vbphrase['api_key_empty']);
print_submit_row($vbphrase['go'], '');
} else {
print_table_start();
print_table_header($vbphrase['api_key']);
print_label_row($vbphrase['api_key'], "<div id=\"ctrl_apikey\"><input type=\"text\" class=\"bginput\" name=\"apikey\" id=\"apikey\" value=\"" . $vbulletin->options['apikey'] . "\" size=\"35\" dir=\"\" tabindex=\"1\" readonly=\"readonly\" /></div>", '', 'top', 'apikey');
print_description_row($vbphrase['api_key_description']);
print_table_footer(2, '', '', false);
}
}
// ###################### Start Generate API Key #######################
if ($_REQUEST['do'] == 'newkey') {
if ($vbulletin->options['apikey']) {
print_stop_message('already_has_api_key');
}
$newapikey = fetch_random_password();
$db->query_write("\n\t\tUPDATE " . TABLE_PREFIX . "setting\n\t\tSET value = '" . $newapikey . "'\n\t\tWHERE varname = 'apikey'\n\t");
build_options();
define('CP_REDIRECT', 'api.php');
print_stop_message('api_key_generated_successfully');
}
print_cp_footer();
/*======================================================================*\
|| ####################################################################
|| # Downloaded: 03:13, Sat Sep 7th 2013
|| # CVS: $RCSfile$ - $Revision: 37624 $
|| ####################################################################
\*======================================================================*/
/**
* Initializes an API client
*
* @param int $api_c API Client ID
* @param array $apiclientdata 'clientname', 'clientversion', 'platformname', 'platformversion', 'uniqueid'
*
* @throws vB_Exception_Api Throws 'apiclientinfomissing' if any of clientname, clientversion, platformname, platformversion, or uniqueid are missing.
*
* @return array Api information, format:
* array(
* apiversion => string
* apiaccesstoken => string
* bbtitle => string
* bburl => string
* bbactive => int
* bbclosedreason => string (only set if bbactive = 0)
* forumhome => string
* vbulletinversion => string
* contenttypes => array(
* content type class => content type id
* [...]
* )
* features => array(
* blogenabled => 1
* cmsenabled => 0
* pmsenabled => int
* searchesenabled => tin
* groupsenabled => 1
* albumsenabled => 0
* multitypesearch => 1
* visitor_messagingenabled => 1
* taggingenabled => int
* visitor_trackingenabled => 0
* paidsubs => int
* friendsenabled => 0
* activitystream => 1
* )
* permissions => empty array
* show => array(
* registerbutton => 1
* )
* apiclientid => int
* secret => string (only if API Client ID was specified in the call)
* )
*/
public function init($clientname, $clientversion, $platformname, $platformversion, $uniqueid, $api_c = 0)
{
$clientname = strip_tags($clientname);
$clientversion = strip_tags($clientversion);
$platformname = strip_tags($platformname);
$platformversion = strip_tags($platformversion);
$uniqueid = strip_tags($uniqueid);
$api_c = intval($api_c);
$oldclientid = $api_c;
if (!$api_c) {
// The client doesn't have an ID yet. So we need to generate a new one.
// All params are required.
// uniqueid is the best to be a permanent unique id such as hardware ID (CPU ID,
// Harddisk ID or Mobile IMIE). Some client can not get a such a uniqueid,
// so it needs to generate an unique ID and save it in its local storage. If it
// requires the client ID and Secret again, pass the same unique ID.
if (!$clientname or !$clientversion or !$platformname or !$platformversion or !$uniqueid) {
throw new vB_Exception_Api('apiclientinfomissing');
}
// Gererate clienthash.
$clienthash = md5($clientname . $platformname . $uniqueid);
// Generate a new secret
$secret = fetch_random_password(32);
// If the same clienthash exists, return secret back to the client.
$client = $this->dbassertor->getRow('apiclient', array('clienthash' => $clienthash));
$api_c = $client['apiclientid'];
if ($api_c) {
// Update secret
// Also remove userid so it will logout previous loggedin and remembered user. (VBM-553)
$this->dbassertor->update('apiclient', array('secret' => $secret, 'apiaccesstoken' => vB::getCurrentSession()->get('apiaccesstoken'), 'lastactivity' => vB::getRequest()->getTimeNow(), 'clientversion' => $clientversion, 'platformversion' => $platformversion, 'userid' => 0), array('apiclientid' => $api_c));
} else {
$api_c = $this->dbassertor->insert('apiclient', array('secret' => $secret, 'clienthash' => $clienthash, 'clientname' => $clientname, 'clientversion' => $clientversion, 'platformname' => $platformname, 'platformversion' => $platformversion, 'initialipaddress' => vB::getRequest()->getAltIp(), 'apiaccesstoken' => vB::getCurrentSession()->get('apiaccesstoken'), 'dateline' => vB::getRequest()->getTimeNow(), 'lastactivity' => vB::getRequest()->getTimeNow()));
if (is_array($api_c)) {
$api_c = array_pop($api_c);
}
$api_c = (int) $api_c;
}
// Set session client ID
vB::getCurrentSession()->set('apiclientid', $api_c);
} else {
// api_c and api_sig are verified in init.php so we don't need to verify here again.
$api_c = intval($api_c);
// Update lastactivity
$this->dbassertor->update('apiclient', array('lastactivity' => vB::getRequest()->getTimeNow()), array('apiclientid' => $api_c));
}
$contenttypescache = vB_Types::instance()->getContentTypes();
$contenttypes = array();
foreach ($contenttypescache as $contenttype) {
$contenttypes[$contenttype['class']] = $contenttype['id'];
}
$products = vB::getDatastore()->getValue('products');
$vboptions = vB::getDatastore()->getValue('options');
$userinfo = vB::getCurrentSession()->fetch_userinfo();
// Check the status of CMS and Blog
$blogenabled = true;
$cmsenabled = false;
try {
vB_Api::instanceInternal('paidsubscription')->checkStatus();
$paidsubs = 1;
} catch (Exception $e) {
$paidsubs = 0;
}
$forumHome = vB_Library::instance('content_channel')->getForumHomeChannel();
$forumhomeUrl = vB5_Route::buildUrl($forumHome['routeid'] . '|fullurl');
$data = array('apiversion' => VB_API_VERSION, 'apiaccesstoken' => vB::getCurrentSession()->get('apiaccesstoken'), 'bbtitle' => $vboptions['bbtitle'], 'bburl' => $vboptions['bburl'], 'bbactive' => $vboptions['bbactive'], 'forumhome' => $forumhomeUrl, 'vbulletinversion' => $vboptions['templateversion'], 'contenttypes' => $contenttypes, 'features' => array('blogenabled' => 1, 'cmsenabled' => 0, 'pmsenabled' => $vboptions['enablepms'] ? 1 : 0, 'searchesenabled' => $vboptions['enablesearches'] ? 1 : 0, 'groupsenabled' => 1, 'albumsenabled' => 0, 'multitypesearch' => 1, 'visitor_messagingenabled' => 1, 'taggingenabled' => $vboptions['threadtagging'] ? 1 : 0, 'visitor_trackingenabled' => 0, 'paidsubs' => $paidsubs, 'friendsenabled' => 0, 'activitystream' => 1), 'permissions' => array(), 'show' => array('registerbutton' => 1));
if (!$vboptions['bbactive']) {
$data['bbclosedreason'] = $vboptions['bbclosedreason'];
}
$data['apiclientid'] = $api_c;
if (!$oldclientid) {
$data['secret'] = $secret;
}
return $data;
}
function getNewPosthash()
{
return fetch_random_password(32);
}
