/**
* Checks the state of the request to make sure that it's valid and that
* we have the necessary permissions to continue. Checks things like
* CSRF and banning.
*/
public function check_state()
{
global $vbulletin, $show;
if (defined('CSRF_ERROR'))
{
define('VB_ERROR_LITE', true);
$ajaxerror = $vbulletin->GPC['ajax'] ? '_ajax' : '';
switch (CSRF_ERROR)
{
case 'missing':
standard_error(fetch_error('security_token_missing', $vbulletin->options['contactuslink']));
break;
case 'guest':
standard_error(fetch_error('security_token_guest' . $ajaxerror));
break;
case 'timeout':
standard_error(fetch_error('security_token_timeout' . $ajaxerror, $vbulletin->options['contactuslink']));
break;
case 'invalid':
default:
standard_error(fetch_error('security_token_invalid', $vbulletin->options['contactuslink']));
}
exit;
}
// #############################################################################
// check to see if server is too busy. this is checked at the end of session.php
if ($this->server_overloaded() AND !($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) AND THIS_SCRIPT != 'login')
{
$vbulletin->options['useforumjump'] = 0;
standard_error(fetch_error('toobusy'));
}
// #############################################################################
// phpinfo display for support purposes
if (!empty($_REQUEST['do']) AND $_REQUEST['do'] == 'phpinfo')
{
if ($vbulletin->options['allowphpinfo'] AND !is_demo_mode())
{
phpinfo();
exit;
}
else
{
standard_error(fetch_error('admin_disabled_php_info'));
}
}
// #############################################################################
// check that board is active - if not admin, then display error
if (
!defined('BYPASS_FORUM_DISABLED')
AND
!$vbulletin->options['bbactive']
AND
!in_array(THIS_SCRIPT, array('login', 'css'))
AND
!($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])
)
{
if (defined('DIE_QUIETLY'))
{
exit;
}
// If this is a post submission from an admin whose session timed out, give them a chance to log back in and save what they were working on. See bug #34258
if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST' AND !empty($_POST) AND !$vbulletin->userinfo['userid'] AND !empty($_COOKIE[COOKIE_PREFIX . 'cpsession']))
{
define('VB_ERROR_PERMISSION', true);
}
$show['enableforumjump'] = true;
unset($vbulletin->db->shutdownqueries['lastvisit']);
require_once(DIR . '/includes/functions_misc.php');
eval('standard_error("' . make_string_interpolation_safe(str_replace("\\'", "'", addslashes($vbulletin->options['bbclosedreason']))) . '");');
}
// #############################################################################
// password expiry system
if ($vbulletin->userinfo['userid'] AND $vbulletin->userinfo['permissions']['passwordexpires'])
{
$passworddaysold = floor((TIMENOW - $vbulletin->userinfo['passworddate']) / 86400);
if ($passworddaysold >= $vbulletin->userinfo['permissions']['passwordexpires'])
{
if ((THIS_SCRIPT != 'login' AND THIS_SCRIPT != 'profile' AND THIS_SCRIPT != 'ajax')
OR (THIS_SCRIPT == 'profile' AND $_REQUEST['do'] != 'editpassword' AND $_POST['do'] != 'updatepassword')
OR (THIS_SCRIPT == 'ajax' AND $_REQUEST['do'] != 'imagereg' AND $_REQUEST['do'] != 'securitytoken' AND $_REQUEST['do'] != 'dismissnotice')
)
{
standard_error(fetch_error('passwordexpired',
$passworddaysold,
$vbulletin->session->vars['sessionurl']
));
}
else
{
$show['passwordexpired'] = true;
}
}
}
else
{
$show['passwordexpired'] = false;
}
// #############################################################################
// password same as username?
if (!defined('ALLOW_SAME_USERNAME_PASSWORD') AND $vbulletin->userinfo['userid'])
{
// save the resource on md5'ing if the option is not enabled or guest
if ($vbulletin->userinfo['password'] == md5(md5($vbulletin->userinfo['username']) . $vbulletin->userinfo['salt']))
{
if ((THIS_SCRIPT != 'login' AND THIS_SCRIPT != 'profile') OR (THIS_SCRIPT == 'profile' AND $_REQUEST['do'] != 'editpassword' AND $_POST['do'] != 'updatepassword'))
{
standard_error(fetch_error('username_same_as_password',
$vbulletin->session->vars['sessionurl']
));
}
}
}
// #############################################################################
// check required profile fields
if ($vbulletin->session->vars['profileupdate'] AND THIS_SCRIPT != 'login' AND THIS_SCRIPT != 'profile')
{
$vbulletin->options['useforumjump'] = 0;
standard_error(fetch_error('updateprofilefields', $vbulletin->session->vars['sessionurl']));
}
// #############################################################################
// check permission to view forum
if (!$this->has_global_view_permission())
{
if (defined('DIE_QUIETLY'))
{
exit;
}
else
{
print_no_permission();
}
}
// #############################################################################
// check for IP ban on user
verify_ip_ban();
($hook = vBulletinHook::fetch_hook('global_state_check')) ? eval($hook) : false;
}
/**
* Checks the state of the request to make sure that it's valid and that
* we have the necessary permissions to continue. Checks things like
* CSRF and banning.
*/
public function check_state()
{
global $vbulletin, $show, $VB_API_REQUESTS;
if (defined('CSRF_ERROR')) {
define('VB_ERROR_LITE', true);
$ajaxerror = $vbulletin->GPC['ajax'] ? '_ajax' : '';
switch (CSRF_ERROR) {
case 'missing':
standard_error(fetch_error('security_token_missing'));
break;
case 'guest':
standard_error(fetch_error('security_token_guest' . $ajaxerror));
break;
case 'timeout':
standard_error(fetch_error('security_token_timeout' . $ajaxerror));
break;
case 'invalid':
default:
standard_error(fetch_error('security_token_invalid'));
}
exit;
}
// #############################################################################
// check to see if server is too busy. this is checked at the end of session.php
if ($this->server_overloaded() and !($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) and THIS_SCRIPT != 'login') {
standard_error(fetch_error('toobusy'));
}
// #############################################################################
// check that board is active - if not admin, then display error
if (!defined('BYPASS_FORUM_DISABLED') and !$vbulletin->options['bbactive'] and !in_array(THIS_SCRIPT, array('login', 'css')) and !($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])) {
if (defined('DIE_QUIETLY')) {
exit;
}
if (defined('VB_API') and VB_API === true) {
standard_error(fetch_error('bbclosed', $vbulletin->options['bbclosedreason']));
} else {
// If this is a post submission from an admin whose session timed out, give them a chance to log back in and save what they were working on. See bug #34258
if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST' and !empty($_POST) and !$vbulletin->userinfo['userid'] and !empty($_COOKIE[COOKIE_PREFIX . 'cpsession'])) {
define('VB_ERROR_PERMISSION', true);
}
$show['enableforumjump'] = true;
unset($vbulletin->db->shutdownqueries['lastvisit']);
// unregister in the assertor
vB::getDbAssertor()->unregisterShutdownQuery('lastvisit');
require_once DIR . '/includes/functions_misc.php';
eval('standard_error("' . make_string_interpolation_safe(str_replace("\\'", "'", addslashes($vbulletin->options['bbclosedreason']))) . '");');
}
}
// #############################################################################
// password expiry system
if ($vbulletin->userinfo['userid'] and $vbulletin->userinfo['permissions']['passwordexpires']) {
$passworddaysold = floor((TIMENOW - $vbulletin->userinfo['passworddate']) / 86400);
if ($passworddaysold >= $vbulletin->userinfo['permissions']['passwordexpires']) {
if (THIS_SCRIPT != 'login' and THIS_SCRIPT != 'profile' and THIS_SCRIPT != 'ajax' or THIS_SCRIPT == 'profile' and $_REQUEST['do'] != 'editpassword' and $_POST['do'] != 'updatepassword' or THIS_SCRIPT == 'ajax' and $_REQUEST['do'] != 'imagereg' and $_REQUEST['do'] != 'securitytoken' and $_REQUEST['do'] != 'dismissnotice') {
standard_error(fetch_error('passwordexpired', $passworddaysold, vB::getCurrentSession()->get('sessionurl')));
} else {
$show['passwordexpired'] = true;
}
}
} else {
$show['passwordexpired'] = false;
}
// #############################################################################
// check required profile fields
if (vB::getCurrentSession()->get('profileupdate') and THIS_SCRIPT != 'login' and THIS_SCRIPT != 'profile' and !VB_API and !vB::getUserContext()->isAdministrator()) {
standard_error(fetch_error('updateprofilefields', vB::getCurrentSession()->get('sessionurl')));
}
// #############################################################################
// check permission to view forum
if (!$this->has_global_view_permission()) {
if (defined('DIE_QUIETLY')) {
exit;
} else {
print_no_permission();
}
}
// #############################################################################
// check for IP ban on user
verify_ip_ban();
// Legacy Hook 'global_state_check' Removed //
}
/**
* Main entry point for the controller.
* Performs all necessary controller related tasks to evaluate, render and
* return the page output.
*
* The controller's getResponse is responsible for catching and handling any non
* critical exceptions; and handling page caching where applicable.
*
* By default an action is resolved and called, however this system can be
* completely overridden by child implementations.
*
* @return string - The final page output
*/
public function getResponse()
{
global $bootstrap;
$method = 'action' . $this->action;
if (!$this->action) {
throw new vB_Exception_Critical('No action requested');
}
if (!in_array($this->action, $this->actions)) {
throw new vB_Exception_404('Action not found: \'' . htmlspecialchars_uni($this->action) . '\'');
}
if (!method_exists($this, $method)) {
throw new vB_Exception_Critical('Action defined for controller but no matching method found: \'' . $method . '\'');
}
$this->authorizeAction();
// Set Wolpath
$this->resolveWolPath();
// Site is closed.
if (defined('BB_CLOSED')) {
eval('standard_error("' . make_string_interpolation_safe(str_replace("\\'", "'", addslashes(vB::$vbulletin->options['bbclosedreason']))) . '");');
}
// CMS Template Caching
if ($this->package == 'vBCms') {
if ($this->class == 'List') {
switch ($this->segments['type']) {
case 'category':
$bootstrap->group_templates[] = 'vbcms.content';
break;
default:
$bootstrap->group_templates[] = 'vbcms.custom';
break;
}
}
if ($this->class == 'Content') {
switch ($this->content->getClass()) {
case 'Section':
$bootstrap->group_templates[] = 'vbcms.section';
break;
case 'Article':
$bootstrap->group_templates[] = 'vbcms.article';
break;
case 'PhpEval':
$bootstrap->group_templates[] = 'vbcms.phpeval';
break;
case 'StaticPage':
$bootstrap->group_templates[] = 'vbcms.staticpage';
break;
default:
$bootstrap->group_templates[] = 'vbcms.custom';
break;
}
switch ($this->action) {
case 'View':
$bootstrap->group_templates[] = 'vbcms.content';
break;
case 'AddNode':
case 'EditPage':
case 'EditContent':
$bootstrap->group_templates[] = 'vbcms.edit';
break;
default:
$bootstrap->group_templates[] = 'vbcms.custom';
break;
}
if ($this->node->getPublished() or $this->node->getNew() and $this->node->getComments_Enabled()) {
$bootstrap->group_templates[] = 'vbcms.edit';
$bootstrap->group_templates[] = 'vbcms.comments';
}
}
}
return call_user_func_array(array($this, $method), $this->parameters);
}