/** * Clean up tasks that should be done hourly. This task cannot be relied on * to run every hour, consistently. */ public static function runHourlyCleanUp() { // delete unassociated attachments $unassociatedAttachCutOff = XenForo_Application::$time - 86400; $attachmentModel = XenForo_Model::create('XenForo_Model_Attachment'); $attachmentModel->deleteUnassociatedAttachments($unassociatedAttachCutOff); $attachmentModel->deleteUnusedAttachmentData(); // delete expired sessions $session = new XenForo_Session(); $session->deleteExpiredSessions(); // delete expired admin sessions $session = new XenForo_Session(array('admin' => true)); $session->deleteExpiredSessions(); // delete expired session activities $sessionModel = XenForo_Model::create('XenForo_Model_Session'); $sessionCleanUpCutOff = XenForo_Application::$time - 3600; $sessionModel->updateUserLastActivityFromSessions(); $sessionModel->deleteSessionActivityOlderThanCutOff($sessionCleanUpCutOff); // delete expired thread redirects $threadRedirectModel = XenForo_Model::create('XenForo_Model_ThreadRedirect'); $redirects = $threadRedirectModel->getExpiredThreadRedirects(XenForo_Application::$time); $threadRedirectModel->deleteThreadRedirects(array_keys($redirects)); XenForo_Model::create('XenForo_Model_Alert')->deleteOldReadAlerts(); XenForo_Model::create('XenForo_Model_Alert')->deleteOldUnreadAlerts(); XenForo_Model::create('XenForo_Model_NewsFeed')->deleteOldNewsFeedItems(); XenForo_Model::create('XenForo_Model_Login')->cleanUpLoginAttempts(); XenForo_Model::create('XenForo_Model_CaptchaQuestion')->deleteOldCaptchas(); }
public function actionLogin() { $this->_assertPostOnly(); $data = $this->_input->filter(array('login' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'redirect' => XenForo_Input::STRING, 'cookie_check' => XenForo_Input::UINT)); $redirect = $data['redirect'] ? $data['redirect'] : XenForo_Link::buildAdminLink('index'); $loginModel = $this->_getLoginModel(); if ($data['cookie_check'] && count($_COOKIE) == 0) { // login came from a page, so we should at least have a session cookie. // if we don't, assume that cookies are disabled return $this->responseError(new XenForo_Phrase('cookies_required_to_log_in_to_site')); } $needCaptcha = $loginModel->requireLoginCaptcha($data['login']); if ($needCaptcha) { // just block logins here instead of using the captcha return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts')); } $userModel = $this->_getUserModel(); $userId = $userModel->validateAuthentication($data['login'], $data['password'], $error); if (!$userId) { $loginModel->logLoginAttempt($data['login']); if ($loginModel->requireLoginCaptcha($data['login'])) { return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts')); } if ($this->_input->filterSingle('upgrade', XenForo_Input::UINT)) { return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect); } else { // note - JSON view will return responseError($text) return $this->responseView('XenForo_ViewAdmin_Login_Error', 'login_form', array('text' => $error, 'defaultLogin' => $data['login'], 'redirect' => $redirect), array('containerTemplate' => 'LOGIN_PAGE')); } } $loginModel->clearLoginAttempts($data['login']); XenForo_Model_Ip::log($userId, 'user', $userId, 'login_admin'); XenForo_Application::get('session')->changeUserId($userId); XenForo_Visitor::setup($userId); // if guest on front-end, login there too $publicSession = new XenForo_Session(); $publicSession->start(); if (!$publicSession->get('user_id')) { $publicSession->changeUserId($userId); $publicSession->save(); } $visitor = XenForo_Visitor::getInstance(); // now check that the user will be able to get into the ACP (is_admin) if (!$visitor->is_admin) { return $this->responseError(new XenForo_Phrase('your_account_does_not_have_admin_privileges')); } if ($this->_input->filterSingle('repost', XenForo_Input::UINT)) { return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect, '', array('repost' => 1, 'postVars' => $this->_input->filterSingle('postVars', XenForo_Input::JSON_ARRAY))); } else { return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect); } }
/** * Setup the session. * * @param string $action */ protected function _setupSession($action) { if (XenForo_Application::isRegistered('session')) { return; } XenForo_Session::startAdminSession($this->_request); }
public function actionLogout() { $fr_username = $this->_input->filterSingle('fr_username', XenForo_Input::STRING); if (XenForo_Visitor::getInstance()->get('is_admin')) { $admin = new XenForo_Session(array('admin' => true)); $admin->start(); if ($admin->get('user_id') == XenForo_Visitor::getUserId()) { $admin->delete(); } } fr_remove_push_user(); $this->getModelFromCache('XenForo_Model_Session')->processLastActivityUpdateForLogOut(XenForo_Visitor::getUserId()); XenForo_Application::get('session')->delete(); XenForo_Helper_Cookie::deleteAllCookies(array('session'), array('user' => array('httpOnly' => false))); XenForo_Visitor::setup(0); $requires_authentication = false; if (!XenForo_Visitor::getInstance()->hasPermission('general', 'view')) { $requires_authentication = true; } $options = XenForo_Application::get('options'); if (!$options->boardActive) { $requires_authentication = true; } return array('success' => true, 'requires_authentication' => $requires_authentication); }
public static function tpr_callback($templateName, &$content, array &$containerData, XenForo_Template_Abstract $template) { if ($templateName == 'xenforo.css') { XenForo_Session::startPublicSession(); $nid = 0; #default $visitor = XenForo_Visitor::getInstance(); if ($visitor['user_id']) { if ($visitor->hasPermission('backgroundchanginggroup', 'canchangebkg')) { $uid = $visitor['user_id']; $r = customBackgroundChooser_sharedStatic::getFromDB($nid, $uid); $f = null; if (customBackgroundChooser_sharedStatic::startsWith($r, 'url')) { $u = substr($r, 3); $i = 'rgb(0, 0, 0) url(\'' . $u . '\') no-repeat fixed 50% 0 / cover'; $f = $i; } else { if (customBackgroundChooser_sharedStatic::startsWith($r, 'sug')) { $u = substr($r, 3); $i = 'rgb(0, 0, 0) url(\'styles/kiror/customBackgroundChooser/defaultImages/' . $u . '.jpg\') no-repeat fixed 50% 0 / cover'; $f = $i; } else { if (customBackgroundChooser_sharedStatic::startsWith($r, 'clr')) { $u = substr($r, 3); $f = $u; } } } if ($f) { $content .= "\nbody\n{\n\tbackground: " . $f . ";\n}\n"; } } } } }
public function actionForm() { $publicSession = XenForo_Session::getPublicSession($this->_request); if ($publicSession->get('user_id')) { $publicVisitor = $this->getModelFromCache('XenForo_Model_User')->getUserById($publicSession->get('user_id')); if ($publicVisitor) { XenForo_Visitor::getInstance()->setVisitorLanguage($publicVisitor['language_id']); } } else { $publicVisitor = false; } if ($this->_request->isPost()) { $repost = true; $postVars = $_POST; if (!isset($postVars['redirect'])) { $postVars['redirect'] = $this->getDynamicRedirect(); } } else { $repost = false; $postVars = false; } $viewParams = array('publicVisitor' => $publicVisitor, 'repost' => $repost, 'postVars' => $postVars); $containerParams = array('containerTemplate' => 'LOGIN_PAGE'); return $this->responseView('XenForo_ViewAdmin_Login_Form', 'login_form', $viewParams, $containerParams); }
/** * Single-stage logout procedure */ public function actionIndex() { $this->_checkCsrfFromToken($this->_input->filterSingle('_xfToken', XenForo_Input::STRING)); // remove an admin session if we're logged in as the same person if (XenForo_Visitor::getInstance()->get('is_admin')) { $adminSession = new XenForo_Session(array('admin' => true)); $adminSession->start(); if ($adminSession->get('user_id') == XenForo_Visitor::getUserId()) { $adminSession->delete(); } } $this->getModelFromCache('XenForo_Model_Session')->processLastActivityUpdateForLogOut(XenForo_Visitor::getUserId()); XenForo_Application::get('session')->delete(); XenForo_Helper_Cookie::deleteAllCookies(array('session'), array('user' => array('httpOnly' => false))); XenForo_Visitor::setup(0); $redirect = $this->_input->filterSingle('redirect', XenForo_Input::STRING); return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect ? $redirect : XenForo_Link::buildPublicLink('index')); }
public static function logout() { self::start(); if (!self::userLoad()) { return; } if (XenForo_Visitor::getInstance()->get('is_admin')) { $adminSession = new XenForo_Session(array('admin' => true)); $adminSession->start(); if ($adminSession->get('user_id') == XenForo_Visitor::getUserId()) { $adminSession->delete(); } } XenForo_Model::create('XenForo_Model_Session')->processLastActivityUpdateForLogOut(XenForo_Visitor::getUserId()); XenForo_Application::get('session')->delete(); XenForo_Helper_Cookie::deleteAllCookies(array('session'), array('user' => array('httpOnly' => false))); XenForo_Visitor::setup(0); }
protected function _setupSession($action) { if (!XenForo_Application::isRegistered('session')) { if ($this->_noRedirect() && $this->_routeMatch->getResponseType() === 'json' && $this->_input->filterSingle('_layoutEditor', XenForo_Input::BOOLEAN)) { // use public session if the page is being requested within layout editor // this poses a slight security risk but UX benefit is tremendous // TODO: keep an eye on it XenForo_Session::startPublicSession($this->_request); } } parent::_setupSession($action); }
public function actionTest() { $this->assertAdminPermission('user'); $publicSession = new XenForo_Session(); $publicSession->start(); if ($publicSession->get('user_id') != XenForo_Visitor::getUserId()) { return $this->responseError(new XenForo_Phrase('please_login_via_public_login_page_before_testing_permissions')); } if ($this->_request->isPost()) { $username = $this->_input->filterSingle('username', XenForo_Input::STRING); /* @var $userModel XenForo_Model_User */ $userModel = $this->getModelFromCache('XenForo_Model_User'); $user = $userModel->getUserByName($username); if (!$user) { return $this->responseError(new XenForo_Phrase('requested_user_not_found'), 404); } $publicSession->set('permissionTest', array('user_id' => $user['user_id'], 'username' => $user['username'])); $publicSession->save(); return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildPublicLink('index')); } else { return $this->responseView('XenForo_ViewAdmin_Permission_Test', 'permission_test'); } }
public function __construct() { $startTime = microtime(true); $xf_path = Yii::getPathOfAlias('webroot') . '/forum'; Yii::registerAutoloader(array('XenforeLoader', 'autoload'), true); XenForo_Autoloader::getInstance()->setupAutoloader($xf_path . '/library'); XenForo_Application::initialize($xf_path . '/library', $xf_path); XenForo_Application::set('page_start_time', $startTime); XenForo_Application::disablePhpErrorHandler(); error_reporting(E_ALL ^ E_NOTICE ^ E_USER_NOTICE ^ E_WARNING); $dependencies = new XenForo_Dependencies_Public(); $dependencies->preLoadData(); XenForo_Session::startPublicSession(); $this->visitor = XenForo_Visitor::getInstance(); /*$fc = new XenForo_FrontController(new XenForo_Dependencies_Public()); ob_start(); $fc->run(); $content = ob_get_clean();*/ }
/** * Uses the XenForo_Autoloader to initialize and startPublicSession to get * and instance of the Visitor, if there is one. * * @return int */ function authenticateSession() { /** * Get the xenForo Autoloader */ if (is_dir($this->fileDir)) { require $this->fileDir . '/library/XenForo/Autoloader.php'; XenForo_Autoloader::getInstance()->setupAutoloader($this->fileDir . '/library'); /** * initialize */ XenForo_Application::initialize($this->fileDir . '/library', $this->fileDir); XenForo_Session::startPublicSession(); $this->xfUser = XenForo_Visitor::getInstance(); return $this->xfUser->getUserId(); } die('no path'); // TODO: CI error log return false; }
public function adminLogout() { $session = new XenForo_Session(array('admin' => true)); $session->start(); if ($session->get('user_id') == $this->getVisitor()->getUserId()) { return $session->delete(); } return true; }
public function login($user_id, $username, $ip_address) { $session = XenForo_Session::startPublicSession(); $session->set('user_id', $user_id); $session->set('username', $username); $session->set('ip', XenForo_Helper_Ip::convertIpStringToBinary($ip_address)); //$session->set('userAgent', $user_agent); $session->saveSessionToSource($session->getSessionId(), false); return $session; }
public function isParentLoggedIn($viewingUser = null) { $this->standardizeViewingUserReference($viewingUser); $sessionId = XenForo_Session::getPublicSession(new Zend_Controller_Request_Http())->getSessionId(); if (!isset($viewingUser['parent_session']) || !$viewingUser['parent_session'] || $viewingUser['parent_session'] != $sessionId) { return false; } return true; }
public function start($sessionId = null, $ipAddress = null) { parent::start($sessionId, $ipAddress); /* @var $oauth2Model bdApi_Model_OAuth2 */ $oauth2Model = XenForo_Model::create('bdApi_Model_OAuth2'); $helper = bdApi_Template_Helper_Core::getInstance(); $this->_oauthToken = $oauth2Model->getServer()->getEffectiveToken(); if (empty($this->_oauthToken) and isset($_REQUEST['oauth_token'])) { // added support for one time oauth token $parts = explode(',', $_REQUEST['oauth_token']); $userId = 0; $timestamp = 0; $once = ''; $client = null; if (count($parts) == 4) { $userId = intval($parts[0]); $timestamp = intval($parts[1]); $once = $parts[2]; if ($timestamp >= XenForo_Application::$time) { $client = $oauth2Model->getClientModel()->getClientById($parts[3]); } } if (!empty($client)) { if ($userId == 0) { // guest if ($once == md5($userId . $timestamp . $client['client_secret'])) { // make up fake token with full scopes for guest $this->_oauthToken = array('token_id' => 0, 'client_id' => $client['client_id'], 'token_text' => '', 'expire_date' => XenForo_Application::$time, 'issue_date' => XenForo_Application::$time, 'user_id' => $userId, 'scope' => $helper->scopeJoin($oauth2Model->getSystemSupportedScopes())); } } else { // user $userTokens = $oauth2Model->getTokenModel()->getTokens(array('user_id' => $userId)); foreach ($userTokens as $userToken) { if ($userToken['expire_date'] >= XenForo_Application::$time) { if ($once == md5($userId . $timestamp . $userToken['token_text'] . $client['client_secret'])) { $this->_oauthToken = $userToken; } } } } if (!empty($this->_oauthToken)) { // oauth token is set using one time token // update the token text to avoid exposing real access token $this->_oauthToken['token_text'] = $_REQUEST['oauth_token']; } } } if (!empty($this->_oauthToken)) { if (!empty($this->_oauthToken['user_id'])) { $this->changeUserId($this->_oauthToken['user_id']); } $scopes = $helper->scopeSplit($this->_oauthToken['scope']); $this->set('scopes', $scopes); } else { $guestScopes = array(); if (!bdApi_Option::get('restrictAccess')) { $guestScopes[] = bdApi_Model_OAuth2::SCOPE_READ; } $this->set('scopes', $guestScopes); } }
/** * Confirms a lost password reset request and resets the password. * * @return XenForo_ControllerResponse_Abstract */ public function actionParentalControlLostPasswordConfirm() { $confirmationModel = $this->_getUserConfirmationModel(); $visitor = XenForo_Visitor::getInstance(); $sessionId = XenForo_Session::getPublicSession(new Zend_Controller_Request_Http())->getSessionId(); if (isset($visitor['parent_session']) && $visitor['parent_session'] && $visitor['parent_session'] == $sessionId) { return $this->responseRedirect(XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL, XenForo_Link::buildPublicLink('account/parental-control')); } $userId = XenForo_Visitor::getUserId(); $confirmation = $confirmationModel->getUserConfirmationRecord($userId, 'parent_password'); if (!$confirmation) { if (XenForo_Visitor::getUserId()) { return $this->responseError(new XenForo_Phrase('your_password_could_not_be_reset')); } } $confirmationKey = $this->_input->filterSingle('c', XenForo_Input::STRING); if ($confirmationKey) { $accountConfirmed = $confirmationModel->validateUserConfirmationRecord($confirmationKey, $confirmation); } else { $accountConfirmed = false; } if ($accountConfirmed) { $confirmationModel->resetParentPassword($userId); $confirmationModel->deleteUserConfirmationRecord($userId, 'password'); return $this->responseMessage(new XenForo_Phrase('your_password_has_been_reset')); } else { return $this->responseError(new XenForo_Phrase('your_password_could_not_be_reset')); } }
public function actionComplete() { $session = XenForo_Session::startPublicSession(); $worldId = $session->get('gw2_world'); $session->set('gw2_world', ''); if (!$worldId) { return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildPublicLink(''), ''); } $viewParams = array('world' => $worldId); return $this->responseView('Moturdrn_TS3GW2Auth_ViewPublic_Complete', 'Moturdrn_TS3GW2Auth_Complete', $viewParams); }
public function actionReveal() { $publicSession = new XenForo_Session(); $publicSession->start(); if ($publicSession->get('user_id') != XenForo_Visitor::getUserId()) { return $this->responseError(new XenForo_Phrase('please_login_via_public_login_page_before_testing_permissions')); } $publicSession->set('_WidgetFramework_reveal', true); $publicSession->save(); return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildPublicLink('index')); }
/** * Starts the admin session and sets up the visitor. * * @param Zend_Controller_Request_Http|null $request * * @return XenForo_Session */ public static function startAdminSession(Zend_Controller_Request_Http $request = null) { $session = new XenForo_Session(array('admin' => true)); $session->start(); XenForo_Application::set('session', $session); XenForo_Visitor::setup($session->get('user_id')); return $session; }
$nav = array(); require HR_INC . 'logging.php'; require HR_INC . 'std.php'; // Load up the XenForo system Log::add('Begin initialising XenForo...'); $startTime = microtime(true); //$fileDir = realpath('./../forums/'); $fileDir = '/home2/bukkit/public_html/forums/'; require $fileDir . '/library/XenForo/Autoloader.php'; XenForo_Autoloader::getInstance()->setupAutoloader($fileDir . '/library'); XenForo_Application::initialize($fileDir . '/library', $fileDir); XenForo_Application::set('page_start_time', $startTime); // Not required if you are not using any of the preloaded data $dependencies = new XenForo_Dependencies_Public(); $dependencies->preLoadData(); XenForo_Session::startPublicSession(); Log::add('XF initialisation complete!'); // End XenForo inc('db.php'); inc('content.php'); inc('sidebar.php'); inc('user.php'); inc('template.php'); inc('message.php'); inc('plugin.php'); // Mandatory include-everywhere libraries inclib('phpmailer/class.phpmailer.php'); // because then we can set defaults here $mailer = new PHPMailer(); $mailer->SetFrom('*****@*****.**', 'hRepo System'); $mailer->IsSendmail();
/** * Intercept a request for a link redirect * * @param string|bool $error If non-false, an error that occurred when validating the request */ protected function _outputLinkRedirect($error) { if ($error === 'invalid_url') { header('Content-Type: text/html; utf-8', true, 500); die('Invalid URL'); } if (empty(XenForo_Application::getOptions()->imageLinkProxy['links'])) { $error = 'disabled'; } if (!$error) { /* @var $proxyModel XenForo_Model_LinkProxy */ $proxyModel = XenForo_Model::create('XenForo_Model_LinkProxy'); $proxyModel->logVisit($this->_url); header('Location: ' . $this->_url, true, 302); exit; } $request = new Zend_Controller_Request_Http(); XenForo_Session::startPublicSession($request); $this->_dependencies->preRenderView(); if (!preg_match('#^https?://#i', $this->_url)) { throw new Exception('Unsafe proxy URL: ' . $this->_url); } $printable = urldecode($this->_url); if (!preg_match('/./u', $printable)) { $printable = $this->_url; } $renderer = new XenForo_ViewRenderer_HtmlPublic($this->_dependencies, $this->_response, $request); $contents = $renderer->createTemplateObject('link_redirect', array('url' => $this->_url, 'printable' => $printable, 'parts' => parse_url($this->_url))); $containerParams = $this->_dependencies->getEffectiveContainerParams(array(), $request); $output = $renderer->renderContainer($contents, $containerParams); $extraHeaders = XenForo_Application::gzipContentIfSupported($output); foreach ($extraHeaders as $extraHeader) { $this->_response->setHeader($extraHeader[0], $extraHeader[1], $extraHeader[2]); } $this->_response->setHeader('X-Proxy-Error', $error); $this->_response->sendHeaders(); echo $output; }