/**
* Show a simple and clear message page which contains no widget
*
* @param string $title Page title. HTML will be escaped.
* @param string $msg Message to display. HTML is allowed and the caller must make sure it's valid.
* @deprecated
*/
public function showMsgPage($title, $msg)
{
// This function basically duplicates the more common function in vB5_ApplicationAbstract. The latter
// doesn't handle early flush, but frankly that's overkill for a simple message page. Better to get
// everything running the same code.
vB5_ApplicationAbstract::showMsgPage($title, $msg);
}
public static function init($configFile)
{
parent::init($configFile);
self::$instance = new vB5_Frontend_Application();
self::$instance->router = new vB5_Frontend_Routing();
self::$instance->router->setRoutes();
$styleid = vB5_Template_Stylevar::instance()->getPreferredStyleId();
if ($styleid) {
vB::getCurrentSession()->set('styleid', $styleid);
}
self::ajaxCharsetConvert();
self::setHeaders();
return self::$instance;
}
/**
* Gets the styles to be used ordered by preference
*/
protected function getStylePreference()
{
$this->stylePreference = array();
try {
$router = vB5_ApplicationAbstract::instance()->getRouter();
if (!empty($router)) {
$arguments = $router->getArguments();
// #1 check for a forced style in current route
if (!empty($arguments) and !empty($arguments['forceStyleId']) and intval($arguments['forceStyleId'])) {
$this->stylePreference[] = $arguments['forceStyleId'];
}
}
} catch (vB5_Exception $e) {
// the application instance might not be initialized yet, so just ignore this first check
}
// #2 check for a style cookie (style chooser in footer)
// If style is set in querystring, the routing component will set this cookie (VBV-3322)
$cookieStyleId = vB5_Cookie::get('userstyleid', vB5_Cookie::TYPE_UINT);
if (!empty($cookieStyleId)) {
$this->stylePreference[] = $cookieStyleId;
}
// #3 check for user defined style
$userStyleId = vB5_User::get('styleid');
if (!empty($userStyleId)) {
$this->stylePreference[] = $userStyleId;
}
// #4 check for a route style which is not forced
if (!empty($arguments) and isset($arguments['routeStyleId']) and is_int($arguments['routeStyleId'])) {
$this->stylePreference[] = $arguments['routeStyleId'];
}
// #5 check for the overall site default style
$defaultStyleId = vB5_Template_Options::instance()->get('options.styleid');
if ($defaultStyleId) {
$this->stylePreference[] = $defaultStyleId;
}
// Moved from Api_Interface_Collapsed::init, it was calling getPreferredStyleId when the forced
// style set by the route wasn't ready yet. (see VBV-3324)
if (!empty($this->stylePreference[0])) {
// If style is -1 then fetch site default styleid
if ($this->stylePreference[0] == '-1') {
$this->stylePreference[0] = $defaultStyleId;
}
vB::getCurrentSession()->set('styleid', $this->stylePreference[0]);
}
}
/**
* This handles all saves of social group data.
*/
public function actionSocialgroup()
{
$fields = array('title', 'description', 'nodeid', 'filedataid', 'invite_usernames', 'parentid', 'invite_userids', 'group_type', 'viewperms', 'commentperms', 'moderate_topics', 'autoparselinks', 'disablesmilies', 'allow_post', 'approve_subscription', 'group_type');
// forum options map
$channelOpts = array('allowsmilies' => 'disablesmilies', 'allowposting' => 'allow_post');
$input = array();
foreach ($fields as $field) {
if (isset($_POST[$field])) {
$input[$field] = $_POST[$field];
}
}
//If this is the "permission" step, we must pass the four checkboxes
if (isset($_POST['next']) and $_POST['next'] == 'contributors') {
foreach (array('moderate_comments', 'autoparselinks', 'disablesmilies', 'allow_post', 'approve_subscription', 'moderate_topics') as $field) {
// channeloptions
if ($idx = array_search($field, $channelOpts)) {
// some options means totally the oppositve than the bf when enable, tweak then
if (isset($_POST[$field])) {
$input['options'][$idx] = in_array($field, array('disablesmilies')) ? 0 : 1;
} else {
$input['options'][$idx] = in_array($field, array('disablesmilies')) ? 1 : 0;
}
}
if (!isset($_POST[$field])) {
$input[$field] = 0;
}
}
}
// default input values
$input['displayorder'] = 1;
$api = Api_InterfaceAbstract::instance();
if (count($input) > 1) {
if (!isset($input['nodeid']) or intval($input['nodeid']) == 0) {
$nodeid = $api->callApi('socialgroup', 'createSocialGroup', array($input));
$url = vB5_Template_Options::instance()->get('options.frontendurl') . '/sgadmin/create/settings';
if (is_array($nodeid) and array_key_exists('errors', $nodeid)) {
$message = $api->callApi('phrase', 'fetch', array('phrases' => $nodeid['errors'][0][0]));
if (empty($message)) {
$message = $api->callApi('phrase', 'fetch', array('phrases' => 'pm_ajax_error_desc'));
}
vB5_ApplicationAbstract::handleFormError(array_pop($message), $url);
}
if (!is_numeric($nodeid) and !empty($nodeid['errors'])) {
$urlparams = array('sgaction' => 'create', 'action2' => 'settings');
$url = $api->callApi('route', 'getUrl', array('sgadmin', $urlparams, array()));
header('Location: ' . vB5_Template_Options::instance()->get('options.frontendurl') . $url);
vB5_Cookie::set('sgadmin_error', $nodeid['errors'][0][0]);
if (isset($input['title'])) {
vB5_Cookie::set('sg_title', $input['title']);
}
if (isset($input['description'])) {
vB5_Cookie::set('sg_description', $input['description']);
}
die;
}
if ($nodeid and !empty($nodeid['errors'])) {
$urlparams = array('sgaction' => 'create', 'action2' => 'settings');
$url = $api->callApi('route', 'getUrl', array('sgadmin', $urlparams, array()));
header('Location: ' . vB5_Template_Options::instance()->get('options.frontendurl') . $url);
vB5_Cookie::set('sgadmin_error', $nodeid['errors'][0][0]);
if (isset($input['title'])) {
vB5_Cookie::set('sg_title', $input['title']);
}
if (isset($input['description'])) {
vB5_Cookie::set('sg_description', $input['description']);
}
die;
}
} else {
if (isset($input['invite_usernames']) and $input['nodeid']) {
$inviteUnames = explode(',', $input['invite_usernames']);
$inviteIds = isset($input['invite_userids']) ? $input['invite_userids'] : array();
$nodeid = $input['nodeid'];
$api->callApi('user', 'inviteMembers', array($inviteIds, $inviteUnames, $nodeid, 'sg_member_to'));
} else {
$nodeid = $input['nodeid'];
unset($input['nodeid']);
$update = $api->callApi('content_channel', 'update', array($nodeid, $input));
// set group type nodeoptions
if (empty($update['errors']) and isset($input['group_type'])) {
$bitfields = array();
switch ($input['group_type']) {
case 2:
$bitfields['invite_only'] = 1;
$bitfields['approve_membership'] = 0;
break;
case 1:
$bitfields['invite_only'] = 0;
$bitfields['approve_membership'] = 0;
break;
default:
$bitfields['invite_only'] = 0;
$bitfields['approve_membership'] = 1;
break;
}
$api->callApi('node', 'setNodeOptions', array($nodeid, $bitfields));
}
//if this is for the permission page we handle differently
}
}
// set_exception_handler(array('vB5_ApplicationAbstract','handleException'));
//
// if (!is_numeric($nodeid) AND !empty($nodeid['errors']))
// {
// throw new exception($nodeid['errors'][0][0]);
// }
} else {
if (isset($_POST['nodeid'])) {
$nodeid = $_POST['nodeid'];
if (isset($_POST['next']) and $_POST['next'] == 'contributors') {
$updates = array();
foreach (array('allow_post', 'moderate_comments', 'autoparselinks', 'disablesmilies', 'approve_subscription') as $bitfield) {
if (empty($_POST[$bitfield])) {
$updates[$bitfield] = 0;
} else {
$updates[$bitfield] = 1;
}
}
$api->callApi('node', 'setNodeOptions', array($nodeid, $updates));
$updates = array();
if (isset($_POST['viewperms'])) {
$updates['viewperms'] = $_POST['viewperms'];
}
if (isset($_POST['commentperms'])) {
$updates['commentperms'] = $_POST['commentperms'];
}
if (!empty($updates)) {
$results = $api->callApi('node', 'setNodePerms', array($nodeid, $updates));
}
}
} else {
$nodeid = 0;
}
}
//If the user clicked Next we go to the permissions page. Otherwise we go to the node.
if (isset($_POST['btnSubmit'])) {
if (isset($_POST['next'])) {
$action2 = $_POST['next'];
} else {
$action2 = 'permissions';
}
if (isset($_POST['sgaction'])) {
$sgaction = $_POST['sgaction'];
} else {
$sgaction = 'admin';
}
$urlparams = array('nodeid' => $nodeid, 'sgaction' => $sgaction, 'action2' => $action2);
$url = $api->callApi('route', 'getUrl', array('sgadmin', $urlparams, array()));
} else {
$node = $api->callApi('node', 'getNode', array('nodeid' => $nodeid));
$url = $api->callApi('route', 'getUrl', array($node['routeid'], array('nodeid' => $nodeid, 'title' => $node['title'], 'urlident' => $node['urlident']), array()));
}
header('Location: ' . vB5_Template_Options::instance()->get('options.frontendurl') . $url);
}
public function actionKillActivation()
{
$data = array('u' => !empty($_GET['u']) ? intval($_GET['u']) : 0, 'i' => !empty($_GET['i']) ? trim($_GET['i']) : '');
$api = Api_InterfaceAbstract::instance();
$result = $api->callApi('user', 'killActivation', array('userid' => $data['u'], 'activateid' => $data['i']));
$phraseController = vB5_Template_Phrase::instance();
$phraseController->register('registration');
if (!empty($result['errors']) and is_array($result['errors'])) {
$phraseArgs = is_array($result['errors'][0]) ? $result['errors'][0] : array($result['errors'][0]);
} else {
$phraseArgs = is_array($result) ? $result : array($result);
}
$messagevar = call_user_func_array(array($phraseController, 'getPhrase'), $phraseArgs);
vB5_ApplicationAbstract::showMsgPage($phraseController->getPhrase('registration'), $messagevar);
}
/**
* Forgot password form action
* Reset url = /auth/lostpw/?action=pwreset&userid=<n>&activationid=<xxxxx>
*/
public function actionLostpw()
{
$input = array('email' => isset($_POST['email']) ? trim(strval($_POST['email'])) : '', 'hvinput' => isset($_POST['humanverify']) ? (array) $_POST['humanverify'] : array(), 'action' => isset($_REQUEST['action']) ? trim($_REQUEST['action']) : '', 'userid' => isset($_REQUEST['userid']) ? trim(strval($_REQUEST['userid'])) : '', 'activationid' => isset($_REQUEST['activationid']) ? trim($_REQUEST['activationid']) : '');
if (isset($_POST['recaptcha_challenge_field']) and $_POST['recaptcha_challenge_field']) {
$input['hvinput']['recaptcha_challenge_field'] = $_POST['recaptcha_challenge_field'];
}
if (isset($_POST['recaptcha_response_field']) and $_POST['recaptcha_response_field']) {
$input['hvinput']['recaptcha_response_field'] = $_POST['recaptcha_response_field'];
}
$api = Api_InterfaceAbstract::instance();
if ($input['action'] == 'pwreset') {
$response = $api->callApi('user', 'resetPassword', array('userid' => $input['userid'], 'activationid' => $input['activationid']));
if (isset($response['errors'])) {
$phraseController = vB5_Template_Phrase::instance();
$phraseController->register('error');
//call message first so that we pull both phrases at the same time
$message = call_user_func_array(array($phraseController, 'getPhrase'), $response['errors'][0]);
$title = $phraseController->getPhrase('error');
} else {
$title = $response['password_reset'];
$message = $response['resetpw_message'];
}
vB5_ApplicationAbstract::showMsgPage($title, $message);
} else {
$response = $api->callApi('user', 'emailPassword', array('userid' => 0, 'email' => $input['email'], 'hvinput' => $input['hvinput']));
$this->sendAsJson(array('response' => $response));
}
}
/**
* Returns the sitebuilder template markup required for using sitebuilder
*
* @param int The page id
*/
public function actionActivateSitebuilder()
{
$sb = array();
$pageId = isset($_REQUEST['pageid']) ? intval($_REQUEST['pageid']) : 0;
if ($pageId > 0) {
$api = Api_InterfaceAbstract::instance();
//should change this to take the route data regardless of what it is to
//avoid further breakage for other information we may store with a route.
$arguments = array('pageid' => $pageId, 'nodeid' => isset($_REQUEST['nodeid']) ? intval($_REQUEST['nodeid']) : 0, 'userid' => isset($_REQUEST['userid']) ? intval($_REQUEST['userid']) : '');
$page = $api->callApi('page', 'fetchPageById', array($pageId, $arguments));
$loadMenu = !empty($_REQUEST['loadMenu']);
if ($page) {
$router = vB5_ApplicationAbstract::instance()->getRouter();
$page['routeInfo'] = array('routeId' => $router->getRouteId(), 'arguments' => $arguments);
$queryParameters = $router->getQueryParameters();
$arguments = array_merge($queryParameters, $arguments);
foreach ($arguments as $key => $value) {
$page[$key] = $value;
}
$templates = array('css' => '', 'menu' => '', 'main' => '', 'extra' => '');
if ($loadMenu) {
$templates['css'] = vB5_Template::staticRenderAjax('stylesheet_block', array('cssFiles' => array('sitebuilder-after.css')));
$templates['menu'] = vB5_Template::staticRenderAjax('admin_sitebuilder_menu');
}
$templates['main'] = vB5_Template::staticRenderAjax('admin_sitebuilder', array('page' => $page));
// output
$sb['templates'] = array();
$sb['css_links'] = array();
foreach ($templates as $key => $value) {
if (!empty($value)) {
$sb['templates'][$key] = $value['template'];
$sb['css_links'] = array_merge($sb['css_links'], $value['css_links']);
}
}
}
}
return $sb;
}
protected static function getRouteInfo()
{
$router = vB5_ApplicationAbstract::instance()->getRouter();
if (!empty($router)) {
$arguments = $router->getArguments();
return array('routeId' => $router->getRouteId(), 'arguments' => $arguments, 'queryParameters' => $router->getQueryParameters());
}
return array();
}
public function index($pageid)
{
//the api init can redirect. We need to make sure that happens before we echo anything
$api = Api_InterfaceAbstract::instance();
$top = '';
// We should not cache register page for guest. See VBV-7695.
if (vB5_Request::get('cachePageForGuestTime') > 0 and !vB5_User::get('userid') and (empty($_REQUEST['routestring']) or $_REQUEST['routestring'] != 'register' and $_REQUEST['routestring'] != 'lostpw')) {
// languageid should be in the pagekey to fix VBV-8095
$fullPageKey = 'vBPage_' . md5(serialize($_REQUEST)) . '_' . vB::getCurrentSession()->get('languageid');
$styleid = vB5_Cookie::get('userstyleid', vB5_Cookie::TYPE_UINT);
if (!empty($styleid)) {
$fullPageKey .= '_' . $styleid;
}
$fullPage = vB_Cache::instance(vB_Cache::CACHE_LARGE)->read($fullPageKey);
if (!empty($fullPage)) {
echo $fullPage;
exit;
}
}
$preheader = vB5_ApplicationAbstract::getPreheader();
$top .= $preheader;
if (vB5_Request::get('useEarlyFlush')) {
echo $preheader;
flush();
}
$router = vB5_ApplicationAbstract::instance()->getRouter();
$arguments = $router->getArguments();
$userAction = $router->getUserAction();
$pageKey = $router->getPageKey();
$api->callApi('page', 'preload', array($pageKey));
if (!empty($userAction)) {
$api->callApi('wol', 'register', array($userAction['action'], $userAction['params'], $pageKey, vB::getRequest()->getScriptPath(), !empty($arguments['nodeid']) ? $arguments['nodeid'] : 0));
}
if (isset($arguments['pagenum'])) {
$arguments['pagenum'] = intval($arguments['pagenum']) > 0 ? intval($arguments['pagenum']) : 1;
}
$pageid = (int) (isset($arguments['pageid']) ? $arguments['pageid'] : (isset($arguments['contentid']) ? $arguments['contentid'] : 0));
if ($pageid < 1) {
// @todo This needs to output a user-friendly "page not found" page
throw new Exception('Could not find page.');
}
$page = $api->callApi('page', 'fetchPageById', array($pageid, $arguments));
if (!$page) {
// @todo This needs to output a user-friendly "page not found" page
throw new Exception('Could not find page.');
}
// Go to the first new / unread post for this user in this topic
if (!empty($_REQUEST['goto']) and $_REQUEST['goto'] == 'newpost' and !empty($arguments['nodeid']) and !empty($arguments['channelid'])) {
if ($this->vboptions['threadmarking'] and vB5_User::get('userid')) {
// Database read marking
$channelRead = $api->callApi('node', 'getNodeReadTime', array($arguments['channelid']));
$topicRead = $api->callApi('node', 'getNodeReadTime', array($arguments['nodeid']));
$topicView = max($topicRead, $channelRead, time() - $this->vboptions['markinglimit'] * 86400);
} else {
// Cookie read marking
$topicView = intval(vB5_Cookie::fetchBbarrayCookie('discussion_view', $arguments['nodeid']));
if (!$topicView) {
$topicView = vB5_User::get('lastvisit');
}
}
$topicView = intval($topicView);
// Get the first unread reply
$goToNodeId = $api->callApi('node', 'getFirstChildAfterTime', array($arguments['nodeid'], $topicView));
if (empty($goToNodeId)) {
$thread = $api->callApi('node', 'getNodes', array(array($arguments['nodeid'])));
if (!empty($thread) and isset($thread[$arguments['nodeid']])) {
$goToNodeId = $thread[$arguments['nodeid']]['lastcontentid'];
}
}
if ($goToNodeId) {
// Redirect to the new post
$urlCache = vB5_Template_Url::instance();
$urlKey = $urlCache->register($router->getRouteId(), array('nodeid' => $arguments['nodeid']), array('p' => $goToNodeId));
$replacements = $urlCache->finalBuildUrls(array($urlKey));
$url = $replacements[$urlKey];
if ($url) {
$url .= '#post' . $goToNodeId;
if (headers_sent()) {
echo '<script type="text/javascript">window.location = "' . $url . '";</script>';
} else {
header('Location: ' . $url);
}
exit;
}
}
}
$page['routeInfo'] = array('routeId' => $router->getRouteId(), 'arguments' => $arguments, 'queryParameters' => $router->getQueryParameters());
$page['crumbs'] = $router->getBreadcrumbs();
$page['headlinks'] = $router->getHeadLinks();
$page['pageKey'] = $pageKey;
// default value for pageSchema
$page['pageSchema'] = 'http://schema.org/WebPage';
$queryParameters = $router->getQueryParameters();
/*
* VBV-12506
* this is where we would add other things to clean up dangerous query params.
* For VBV-12486, I'll just unset anything here that can't use vb:var in the templates,
* but really we should just make a whitelist of expected page object parameters that
* come from the query string and unset EVERYTHING else. For the expected ones, we
* should also force the value into the expected (and hopefully safer) range
*/
/*
* VBV-12506
* $doNotReplaceWithQueryParams is a list of parameters that the page object usually
* gets naturally/internally, and we NEVER want to replace with a user provided query
* parameter. (In fact, *when* exactly DO we want to do this???)
* If we don't do this, it's a potential XSS vulnerability for the items that we
* cannot send through vb:var for whatever reason (title for ex)
* and even if they *are* sent through vb:var, the replacements can sometimes just
* break the page even when it's sent through vb:var (for example, ?pagetemplateid=%0D,
* the new line this inserts in var pageData = {...} in the header template tends to
* break things (tested on Chrome).
* Furthermore, any script that uses the pageData var would get the user injected data
* that might cause more problems down the line.
* Parameter Notes:
* 'titleprefix'
* As these two should already be html escaped, we don't want to double escape
* them. So we can't us vb:var in the templates. As such, we must prevent a
* malicious querystring from being injected into the page object here.
* 'title'
* Similar to above, but channels are allowed to have HTML in the title, so
* they are intentinoally not escaped in the DB, and the templates can't use
* vb:var.
* 'pageid', 'channelid', 'nodeid'
* These are usually set in the arguments, so the array_merge below usually
* takes care of not passing a pageid query string through to the page object,
* but I'm leaving them in just in case.
*/
$doNotReplaceWithQueryParams = array('titleprefix', 'title', 'pageid', 'channelid', 'nodeid', 'pagetemplateid', 'url', 'pagenum', 'tagCloudTitle');
foreach ($doNotReplaceWithQueryParams as $key) {
unset($queryParameters[$key]);
}
$arguments = array_merge($queryParameters, $arguments);
foreach ($arguments as $key => $value) {
$page[$key] = $value;
}
$options = vB5_Template_Options::instance();
$page['phrasedate'] = $options->get('miscoptions.phrasedate');
$page['optionsdate'] = $options->get('miscoptions.optionsdate');
// if no meta description, use node data or global one instead, prefer node data
if (empty($page['metadescription']) and !empty($page['nodedescription'])) {
$page['metadescription'] = $page['nodedescription'];
}
if (empty($page['metadescription'])) {
$page['metadescription'] = $options->get('options.description');
}
$config = vB5_Config::instance();
// Non-persistent notices @todo - change this to use vB_Cookie
$page['ignore_np_notices'] = vB5_ApplicationAbstract::getIgnoreNPNotices();
$templateCache = vB5_Template_Cache::instance();
$templater = new vB5_Template($page['screenlayouttemplate']);
//IMPORTANT: If you add any variable to the page object here,
// please make sure you add them to other controllers which create page objects.
// That includes at a minimum the search controller (in two places currently)
// and vB5_ApplicationAbstract::showErrorPage
$templater->registerGlobal('page', $page);
$page = $this->outputPage($templater->render(), false);
$fullPage = $top . $page;
if (!empty($fullPageKey) and is_string($fullPageKey)) {
vB_Cache::instance(vB_Cache::CACHE_LARGE)->write($fullPageKey, $fullPage, vB5_Request::get('cachePageForGuestTime'), 'vbCachedFullPage');
}
// these are the templates rendered for this page
$loadedTemplates = vB5_Template::getRenderedTemplates();
$api->callApi('page', 'savePreCacheInfo', array($pageKey));
if (!vB5_Request::get('useEarlyFlush')) {
echo $fullPage;
} else {
echo $page;
}
}
public function actionSavePrivacySettings()
{
$userId = intval($_REQUEST['userid']);
if ($userId > 0) {
// privacy settings
$options = array();
$userInfo = array('privacy_options' => $_POST['privacyOptions']);
$tempOptions = array();
$options['moderatefollowers'] = isset($_POST['follower_request']) ? false : true;
$api = Api_InterfaceAbstract::instance();
$response = $api->callApi('user', 'save', array('userid' => $userId, 'password' => '', 'user' => $userInfo, 'options' => $options, 'adminoptions' => array(), 'userfield' => array()));
$url = vB5_Template_Options::instance()->get('options.frontendurl') . '/settings/privacy';
if (is_array($response) and array_key_exists('errors', $response)) {
$message = $api->callApi('phrase', 'fetch', array('phrases' => $response['errors'][0][0]));
vB5_ApplicationAbstract::handleFormError(array_pop($message), $url);
} else {
// and get back to settings
header('Location: ' . $url);
}
}
}
public function setRoutes()
{
$this->processQueryString();
//TODO: this is a very basic and straight forward way of parsing the URI, we need to improve it
//$path = isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : '';
if (isset($_GET['routestring'])) {
$path = $_GET['routestring'];
// remove it from $_GET
unset($_GET['routestring']);
// remove it from $_SERVER
parse_str($_SERVER['QUERY_STRING'], $queryStringParameters);
unset($queryStringParameters['routestring']);
$_SERVER['QUERY_STRING'] = http_build_query($queryStringParameters, '', '&');
// Additional parameters of http_build_query() is required. See VBV-6272.
} else {
if (isset($_SERVER['PATH_INFO'])) {
$path = $_SERVER['PATH_INFO'];
} else {
$path = '';
}
}
if (strlen($path) and $path[0] == '/') {
$path = substr($path, 1);
}
//If there is an invalid image, js, or css request we wind up here. We can't process any of them
if (strlen($path) > 2) {
$ext = strtolower(substr($path, -4));
if ($ext == '.gif' or $ext == '.png' or $ext == '.jpg' or $ext == '.css' or strtolower(substr($path, -3)) == '.js') {
header("HTTP/1.0 404 Not Found");
die('');
}
}
try {
$message = '';
// Start with no error.
$route = Api_InterfaceAbstract::instance()->callApi('route', 'getRoute', array('pathInfo' => $path, 'queryString' => $_SERVER['QUERY_STRING']));
} catch (Exception $e) {
$message = $e->getMessage();
if ($message != 'no_vb5_database') {
/* Some other exception happened */
vB5_ApplicationAbstract::handleException($e, true);
}
}
if (isset($route['errors'])) {
$message = $route['errors'][0][1];
if ($message != 'no_vb5_database') {
/* Some other exception happened */
throw new vB5_Exception($message);
}
}
if ($message == 'no_vb5_database') {
/* Seem we dont have a valid vB5 database */
// TODO: as we removed baseurl from config.php, we need to find a way redirecting user to installer correctly.
header('Location: core/install/index.php');
exit;
}
if (!empty($route)) {
if (isset($route['redirect'])) {
header('Location: ' . vB5_Template_Options::instance()->get('options.frontendurl') . $route['redirect'], true, 301);
exit;
} else {
if (isset($route['internal_error'])) {
vB5_ApplicationAbstract::handleException($route['internal_error']);
} else {
if (isset($route['banned_info'])) {
vB5_ApplicationAbstract::handleBannedUsers($route['banned_info']);
} else {
if (isset($route['no_permission'])) {
vB5_ApplicationAbstract::handleNoPermission();
} else {
if (isset($route['forum_closed'])) {
vB5_ApplicationAbstract::showMsgPage('', $route['forum_closed'], 'bbclosedreason');
// Use 'bbclosedreason' as state param here to match the one specified in vB_Api_State::checkBeforeView()
die;
} else {
$this->routeId = $route['routeid'];
$this->routeGuid = $route['routeguid'];
$this->controller = $route['controller'];
$this->action = $route['action'];
$this->template = $route['template'];
$this->arguments = $route['arguments'];
$this->queryParameters = $route['queryParameters'];
$this->pageKey = $route['pageKey'];
if (!empty($route['userAction']) and is_array($route['userAction'])) {
$this->userAction['action'] = array_shift($route['userAction']);
$this->userAction['params'] = $route['userAction'];
} else {
$this->userAction = false;
}
$this->breadcrumbs = $route['breadcrumbs'];
$this->headlinks = $route['headlinks'];
if (!in_array($this->action, $this->whitelist)) {
vB5_ApplicationAbstract::checkState($route);
}
return;
}
}
}
}
}
} else {
// if no route was matched, try to parse route as /controller/method
$stripped_path = preg_replace('/[^a-z0-9\\/-]+/i', '', trim(strval($path), '/'));
if (strpos($stripped_path, '/')) {
list($controller, $method) = explode('/', strtolower($stripped_path), 2);
} else {
$controller = $stripped_path;
$method = 'index';
}
$controller = preg_replace_callback('#(?:^|-)(.)#', function ($matches) {
return strtoupper($matches[1]);
}, strtolower($controller));
$method = preg_replace_callback('#(?:^|-)(.)#', function ($matches) {
return strtoupper($matches[1]);
}, strtolower($method));
$controllerClass = 'vB5_Frontend_Controller_' . $controller;
$controllerMethod = 'action' . $method;
if (class_exists($controllerClass) and method_exists($controllerClass, $controllerMethod)) {
$this->controller = strtolower($controller);
$this->action = $controllerMethod;
$this->template = '';
$this->arguments = array();
$this->queryParameters = array();
if (!in_array($this->action, $this->whitelist)) {
vB5_ApplicationAbstract::checkState(array('controller' => $this->controller, 'action' => $this->action));
}
return;
}
}
//this could be a legacy file that we need to proxy. The relay controller will handle
//cases where this is not a valid file. Only handle files in the "root directory". We'll
//handle deeper paths via more standard routes.
if (strpos($path, '/') === false) {
$this->controller = 'relay';
$this->action = 'legacy';
$this->template = '';
$this->arguments = array($path);
$this->queryParameters = array();
return;
}
vB5_ApplicationAbstract::checkState();
throw new vB5_Exception_404("invalid_page_url");
}
function actionResult()
{
//the api init can redirect. We need to make sure that happens before we echo anything
$api = Api_InterfaceAbstract::instance();
$top = '';
if (vB5_Request::get('cachePageForGuestTime') > 0 and !vB5_User::get('userid')) {
$fullPageKey = md5(serialize($_REQUEST));
$fullPage = vB_Cache::instance()->read($fullPageKey);
if (!empty($fullPage)) {
echo $fullPage;
exit;
}
}
$preheader = vB5_ApplicationAbstract::getPreheader();
$top .= $preheader;
if (vB5_Request::get('useEarlyFlush')) {
echo $preheader;
flush();
}
$serverData = array_merge($_GET, $_POST);
$router = vB5_ApplicationAbstract::instance()->getRouter();
$arguments = $router->getArguments();
$userAction = $router->getUserAction();
if (!empty($userAction)) {
$api->callApi('wol', 'register', array($userAction['action'], $userAction['params']));
}
// if Human verification is required, and we don't have 'q' set in serverData (means the user is using
// the quick search box), we redirect user to advanced search page with HV
$requirehv = $api->callApi('hv', 'fetchRequireHvcheck', array('search'));
if (!empty($serverData['AdvSearch']) or $requirehv and isset($serverData['q'])) {
$adv_search = $api->callApi('route', 'getRoute', array('pathInfo' => 'advanced_search', 'queryString' => ''), true);
$arguments = $adv_search['arguments'];
} elseif ($requirehv) {
// Advanced search form submitted
if (empty($serverData['humanverify'])) {
$serverData['humanverify'] = array();
}
$return = $api->callApi('hv', 'verifyToken', array($serverData['humanverify'], 'search'));
if ($return !== true) {
$adv_search = $api->callApi('route', 'getRoute', array('pathInfo' => 'advanced_search', 'queryString' => ''), true);
$arguments = $adv_search['arguments'];
$error = $return['errors'][0][0];
}
}
$pageid = (int) (isset($arguments['pageid']) ? $arguments['pageid'] : $arguments['contentid']);
$page = $api->callApi('page', 'fetchPageById', array($pageid, $arguments));
if (!$page) {
echo 'Could not find page.';
exit;
}
$phrases = $api->callApi('phrase', 'fetch', array(array('advanced_search', 'search_results')));
$page['crumbs'] = array(0 => array('title' => $phrases['advanced_search'], 'url' => vB5_Template_Runtime::buildUrl('advanced_search', array(), array(), array('noBaseUrl' => true))), 1 => array('title' => $phrases['search_results'], 'url' => ''));
// avoid search page itself being indexed
$page['noindex'] = 1;
if (!empty($serverData['cookie'])) {
$serverData['searchJSON'] = '{"specific":[' . $_COOKIE[$serverData['cookie']] . ']}';
}
if (!empty($serverData['searchJSON'])) {
if (is_string($serverData['searchJSON'])) {
if (preg_match('/[^\\x00-\\x7F]/', $serverData['searchJSON'])) {
$serverData['searchJSON'] = vB5_String::toUtf8($serverData['searchJSON'], vB5_String::getTempCharset());
}
$serverData['searchJSON'] = json_decode($serverData['searchJSON'], true);
}
if (!empty($serverData['searchJSON'])) {
if (!empty($serverData['searchJSON']['keywords'])) {
$serverData['searchJSON']['keywords'] = str_replace(array('"', '\\'), '', $serverData['searchJSON']['keywords']);
$serverData['searchJSON']['keywords'] = filter_var($serverData['searchJSON']['keywords'], FILTER_SANITIZE_STRING);
}
$serverData['searchJSON'] = json_encode($serverData['searchJSON']);
} else {
$serverData['searchJSON'] = '';
}
$page['searchJSON'] = $serverData['searchJSON'];
$extra = array('searchJSON' => !empty($serverData['searchJSON']) ? $serverData['searchJSON'] : '{}');
if (!empty($serverData['AdvSearch'])) {
$extra['AdvSearch'] = 1;
}
$page['url'] = str_replace('&', '&', vB5_Route::buildUrl('search', array(), $extra));
//$page['searchJSONStructure'] = json_decode($page['searchJSON'],true);
$page['crumbs'][0]['url'] = vB5_Template_Runtime::buildUrl('advanced_search', array(), array('searchJSON' => $page['searchJSON']), array('noBaseUrl' => true));
} elseif (!empty($serverData['q'])) {
$serverData['q'] = str_replace(array('"', '\\'), '', $serverData['q']);
$serverData['q'] = filter_var($serverData['q'], FILTER_SANITIZE_STRING);
$searchType = '';
if (!empty($serverData['type'])) {
$serverData['type'] = str_replace(array('"', '\\'), '', $serverData['type']);
$serverData['type'] = filter_var($serverData['type'], FILTER_SANITIZE_STRING);
$searchType = ',"type":"' . $serverData['type'] . '"';
}
$page['searchJSON'] = '{"keywords":"' . $serverData['q'] . '","sort":"title"' . $searchType . '}';
$extra = array('q' => $serverData['q']);
if (!empty($serverData['AdvSearch'])) {
$extra['AdvSearch'] = 1;
}
$page['url'] = str_replace('&', '&', vB5_Route::buildUrl('search', array(), $extra));
$page['searchStr'] = $serverData['q'];
$page['crumbs'][0]['url'] = vB5_Template_Runtime::buildUrl('advanced_search', array(''), array('searchJSON' => $page['searchJSON']), array('noBaseUrl' => true));
} elseif (!empty($serverData['r'])) {
unset($page['crumbs'][0]);
$page['url'] = str_replace('&', '&', vB5_Route::buildUrl('search', array(), array('r' => $serverData['r'])));
$page['resultId'] = $serverData['r'];
if (!empty($serverData['p']) && is_numeric($serverData['p'])) {
$page['currentPage'] = intval($serverData['p']);
}
$page['crumbs'][0]['url'] = vB5_Template_Runtime::buildUrl('advanced_search', array(), array('r' => $serverData['r']), array('noBaseUrl' => true));
} else {
return $this->actionIndex();
}
$page['ignore_np_notices'] = vB5_ApplicationAbstract::getIgnoreNPNotices();
if (!empty($error)) {
$page['error'] = $error;
}
$templater = new vB5_Template($page['screenlayouttemplate']);
$templater->registerGlobal('page', $page);
$page = $this->outputPage($templater->render(), false);
$fullPage = $top . $page;
if (vB5_Request::get('cachePageForGuestTime') > 0 and !vB5_User::get('userid')) {
vB_Cache::instance()->write($fullPageKey, $fullPage, vB5_Request::get('cachePageForGuestTime'));
}
if (!vB5_Request::get('useEarlyFlush')) {
echo $fullPage;
} else {
echo $page;
}
}
