if (SLASH_METHOD) {
$archive_info = $_SERVER['REQUEST_URI'] ? $_SERVER['REQUEST_URI'] : $_SERVER['PHP_SELF'];
} else {
$archive_info = $_SERVER['QUERY_STRING'];
}
if ($vbulletin->session->visible) {
if (SLASH_METHOD) {
define('ARCHIVE_SESSION_URL', '?s=' . $vbulletin->session->vars['sessionhash']);
} else {
define('ARCHIVE_SESSION_URL', '&s=' . $vbulletin->session->vars['sessionhash']);
}
} else {
define('ARCHIVE_SESSION_URL', '');
}
// check to see if server is too busy. this is checked at the end of session.php
if (server_overloaded() and $vbulletin->userinfo['usergroupid'] != 6 or $vbulletin->options['archiveenabled'] == 0) {
exec_header_redirect(fetch_seo_url('forumhome|bburl', array()));
}
// #############################################################################
// ### CACHE PERMISSIONS AND GRAB $permissions
// get the combined permissions for the current user
// this also creates the $fpermscache containing the user's forum permissions
$permissions = cache_permissions($vbulletin->userinfo);
$vbulletin->userinfo['permissions'] =& $permissions;
// #############################################################################
// check that board is active - if not admin, then display error
if (!$vbulletin->options['bbactive'] and !($permissions['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) or !($permissions['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview'])) {
exec_header_redirect(fetch_seo_url('forumhome|bburl', array()));
}
// if password is expired, deny access
if ($vbulletin->userinfo['userid'] and $permissions['passwordexpires']) {
/**
* Checks the state of the request to make sure that it's valid and that
* we have the necessary permissions to continue. Checks things like
* CSRF and banning.
*/
public function check_state()
{
global $vbulletin, $show, $VB_API_REQUESTS;
if (defined('CSRF_ERROR')) {
define('VB_ERROR_LITE', true);
$ajaxerror = $vbulletin->GPC['ajax'] ? '_ajax' : '';
switch (CSRF_ERROR) {
case 'missing':
standard_error(fetch_error('security_token_missing', $vbulletin->options['contactuslink']));
break;
case 'guest':
standard_error(fetch_error('security_token_guest' . $ajaxerror));
break;
case 'timeout':
standard_error(fetch_error('security_token_timeout' . $ajaxerror, $vbulletin->options['contactuslink']));
break;
case 'invalid':
default:
standard_error(fetch_error('security_token_invalid', $vbulletin->options['contactuslink']));
}
exit;
} else {
if (defined('VB_ERROR_LITE') and VB_ERROR_LITE === true) {
standard_error(VB_ERROR_LITE_ERROR);
}
}
// #############################################################################
// check to see if server is too busy. this is checked at the end of session.php
if (server_overloaded() and !($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) and THIS_SCRIPT != 'login') {
$vbulletin->options['useforumjump'] = 0;
standard_error(fetch_error('toobusy'));
}
// #############################################################################
// phpinfo display for support purposes
if (!empty($_REQUEST['do']) and $_REQUEST['do'] == 'phpinfo') {
if ($vbulletin->options['allowphpinfo'] and !is_demo_mode()) {
phpinfo();
exit;
} else {
standard_error(fetch_error('admin_disabled_php_info'));
}
}
// #############################################################################
// check that board is active - if not admin, then display error
if (!defined('BYPASS_FORUM_DISABLED') and !$vbulletin->options['bbactive'] and !in_array(THIS_SCRIPT, array('login', 'css', 'mobile')) and !($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])) {
if (defined('DIE_QUIETLY')) {
exit;
}
if (defined('VB_API') and VB_API === true) {
standard_error(fetch_error('bbclosed', $vbulletin->options['bbclosedreason']));
} else {
// If this is a post submission from an admin whose session timed out, give them a chance to log back in and save what they were working on. See bug #34258
if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST' and !empty($_POST) and !$vbulletin->userinfo['userid'] and !empty($_COOKIE[COOKIE_PREFIX . 'cpsession'])) {
define('VB_ERROR_PERMISSION', true);
}
unset($vbulletin->db->shutdownqueries['lastvisit']);
require_once DIR . '/includes/functions_misc.php';
// If CMS, just flag as closed for now.
if (defined('CMS_SCRIPT') and CMS_SCRIPT == true) {
define('BB_CLOSED', true);
} else {
eval('standard_error("' . make_string_interpolation_safe(str_replace("\\'", "'", addslashes($vbulletin->options['bbclosedreason']))) . '");');
}
}
}
// #############################################################################
// password expiry system
if ($vbulletin->userinfo['userid'] and $vbulletin->userinfo['permissions']['passwordexpires']) {
$passworddaysold = floor((TIMENOW - $vbulletin->userinfo['passworddate']) / 86400);
if ($passworddaysold >= $vbulletin->userinfo['permissions']['passwordexpires']) {
if (THIS_SCRIPT != 'login' and THIS_SCRIPT != 'profile' and THIS_SCRIPT != 'ajax' or THIS_SCRIPT == 'profile' and $_REQUEST['do'] != 'editpassword' and $_POST['do'] != 'updatepassword' or THIS_SCRIPT == 'ajax' and $_REQUEST['do'] != 'imagereg' and $_REQUEST['do'] != 'securitytoken' and $_REQUEST['do'] != 'dismissnotice') {
standard_error(fetch_error('passwordexpired', $passworddaysold, $vbulletin->session->vars['sessionurl']));
} else {
$show['passwordexpired'] = true;
}
}
} else {
$show['passwordexpired'] = false;
}
// #############################################################################
// password same as username?
if (!defined('ALLOW_SAME_USERNAME_PASSWORD') and $vbulletin->userinfo['userid']) {
// save the resource on md5'ing if the option is not enabled or guest
if ($vbulletin->userinfo['password'] == md5(md5($vbulletin->userinfo['username']) . $vbulletin->userinfo['salt'])) {
if (THIS_SCRIPT != 'login' and THIS_SCRIPT != 'profile' or THIS_SCRIPT == 'profile' and $_REQUEST['do'] != 'editpassword' and $_POST['do'] != 'updatepassword') {
standard_error(fetch_error('username_same_as_password', $vbulletin->session->vars['sessionurl']));
}
}
}
// #############################################################################
// check required profile fields
if ($vbulletin->session->vars['profileupdate'] and THIS_SCRIPT != 'login' and THIS_SCRIPT != 'profile' and !VB_API) {
$vbulletin->options['useforumjump'] = 0;
standard_error(fetch_error('updateprofilefields', $vbulletin->session->vars['sessionurl']));
}
// #############################################################################
// check permission to view forum
if (!$this->has_global_view_permission()) {
if (defined('DIE_QUIETLY')) {
exit;
} else {
print_no_permission();
}
}
// #############################################################################
// check for IP ban on user
verify_ip_ban();
($hook = vBulletinHook::fetch_hook('global_state_check')) ? eval($hook) : false;
}
