Exemple #1
0
 public static function get($key)
 {
     if (self::$_options === null) {
         self::$_options = XenForo_Application::get('options');
     }
     switch ($key) {
         case 'applicationVersionId':
             return XenForo_Application::$versionId;
         case 'cacheCutoffDays':
             return 7;
         case 'indexTabId':
             return 'WidgetFramework_home';
         case 'layoutEditorEnabled':
             if (self::$_layoutEditorEnabled === null) {
                 if (!XenForo_Application::isRegistered('session')) {
                     // no session yet...
                     return false;
                 }
                 $session = XenForo_Application::getSession();
                 self::$_layoutEditorEnabled = $session->get('_WidgetFramework_layoutEditor') === true;
                 if (!self::$_layoutEditorEnabled and !empty($_REQUEST['_layoutEditor'])) {
                     $visitor = XenForo_Visitor::getInstance();
                     if ($visitor->hasAdminPermission('style')) {
                         self::$_layoutEditorEnabled = true;
                     }
                 }
             }
             // use the cached value
             return self::$_layoutEditorEnabled;
     }
     return self::$_options->get('wf_' . $key);
 }
Exemple #2
0
 /**
  * List of currently online users.
  *
  * @return XenForo_ControllerResponse_Abstract
  */
 public function actionIndex()
 {
     if (!$this->_getUserModel()->canViewMemberList()) {
         return $this->responseNoPermission();
     }
     $sessionModel = $this->_getSessionModel();
     $page = $this->_input->filterSingle('page', XenForo_Input::UINT);
     $userPerPage = XenForo_Application::get('options')->membersPerPage;
     $bypassUserPrivacy = $this->_getUserModel()->canBypassUserPrivacy();
     $userLimit = $this->_input->filterSingle('type', XenForo_Input::STRING);
     $conditions = array('userLimit' => $userLimit, 'cutOff' => array('>', $sessionModel->getOnlineStatusTimeout()), 'getInvisible' => $bypassUserPrivacy, 'getUnconfirmed' => $bypassUserPrivacy, 'forceInclude' => $bypassUserPrivacy ? false : XenForo_Visitor::getUserId());
     $onlineUsers = $sessionModel->getSessionActivityRecords($conditions, array('perPage' => $userPerPage, 'page' => $page, 'join' => XenForo_Model_Session::FETCH_USER_FULL, 'order' => 'view_date'));
     $session = XenForo_Application::getSession();
     foreach ($onlineUsers as &$online) {
         if ($online['robot_key']) {
             $online['robotInfo'] = $session->getRobotInfo($online['robot_key']);
         }
         $online['ipHex'] = bin2hex($online['ip']);
         $online['canViewCurrentActivity'] = $this->_getUserModel()->canViewUserCurrentActivity($online);
     }
     $visitor = XenForo_Visitor::getInstance();
     //TODO: this is taken directly from the forum list, could be faster if just counts
     $onlineTotals = $sessionModel->getSessionActivityQuickList($visitor->toArray(), array('cutOff' => array('>', $sessionModel->getOnlineStatusTimeout())), $visitor['user_id'] ? $visitor->toArray() : null);
     $viewParams = array('onlineUsers' => $sessionModel->addSessionActivityDetailsToList($onlineUsers), 'totalOnlineUsers' => $sessionModel->countSessionActivityRecords($conditions), 'userLimit' => $userLimit, 'page' => $page, 'usersPerPage' => $userPerPage, 'canViewIps' => $this->_getUserModel()->canViewIps(), 'onlineTotals' => $onlineTotals);
     return $this->responseView('XenForo_ViewPublic_Online_List', 'online_list', $viewParams);
 }
Exemple #3
0
 public static function prepareDiscoveryParams(array &$params, Zend_Controller_Response_Http $response, $topicType, $topicId, $selfLink, $subscriptionOption)
 {
     if (!bdApi_Option::getSubscription($topicType)) {
         // subscription for this topic type has been disabled
         return false;
     }
     // subscription discovery
     $hubLink = bdApi_Data_Helper_Core::safeBuildApiLink('subscriptions', null, array('hub.topic' => bdApi_Model_Subscription::getTopic($topicType, $topicId), 'oauth_token' => ''));
     $response->setHeader('Link', sprintf('<%s>; rel=hub', $hubLink));
     $response->setHeader('Link', sprintf('<%s>; rel=self', $selfLink));
     // subscription info
     if (!empty($subscriptionOption)) {
         $subscriptionOption = @unserialize($subscriptionOption);
         if (!empty($subscriptionOption['subscriptions'])) {
             /* @var $session bdApi_Session */
             $session = XenForo_Application::getSession();
             $clientId = $session->getOAuthClientId();
             foreach ($subscriptionOption['subscriptions'] as $subscription) {
                 if ($subscription['client_id'] == $clientId) {
                     $params['subscription_callback'] = $subscription['callback'];
                 }
             }
         }
     }
     return true;
 }
Exemple #4
0
 public function getAttachmentTempHash(array $contentData = array())
 {
     $prefix = '';
     $inputHash = $this->_controller->getInput()->filterSingle('attachment_hash', XenForo_Input::STRING);
     if (!empty($inputHash)) {
         $prefix = sprintf('hash%s', $inputHash);
     } elseif (!empty($contentData['post_id'])) {
         $prefix = sprintf('post%d', $contentData['post_id']);
     } elseif (!empty($contentData['thread_id'])) {
         $prefix = sprintf('thread%d', $contentData['thread_id']);
     } elseif (!empty($contentData['forum_id'])) {
         $prefix = sprintf('node%d', $contentData['forum_id']);
     } elseif (!empty($contentData['node_id'])) {
         $prefix = sprintf('node%d', $contentData['node_id']);
     } elseif (!empty($contentData['message_id'])) {
         $prefix = sprintf('message%d', $contentData['message_id']);
     } elseif (!empty($contentData['conversation_id'])) {
         $prefix = sprintf('conversation%d', $contentData['conversation_id']);
     }
     /* @var $session bdApi_Session */
     $session = XenForo_Application::getSession();
     $clientId = $session->getOAuthClientId();
     $visitorUserId = XenForo_Visitor::getUserId();
     return md5(sprintf('prefix%s_client%s_visitor%d_salt%s', $prefix, $clientId, $visitorUserId, XenForo_Application::getConfig()->get('globalSalt')));
 }
Exemple #5
0
 public function actionExternal()
 {
     $this->_assertPostOnly();
     $providerCode = $this->_input->filterSingle('provider', XenForo_Input::STRING);
     $provider = bdApiConsumer_Option::getProviderByCode($providerCode);
     if (empty($provider)) {
         return $this->responseNoPermission();
     }
     $externalUserId = $this->_input->filterSingle('external_user_id', XenForo_Input::UINT);
     if (empty($externalUserId)) {
         return $this->responseNoPermission();
     }
     if (!bdApiConsumer_Helper_Api::verifyJsSdkSignature($provider, $_REQUEST)) {
         return $this->responseNoPermission();
     }
     $userModel = $this->_getUserModel();
     /** @var bdApiConsumer_XenForo_Model_UserExternal $userExternalModel */
     $userExternalModel = $this->getModelFromCache('XenForo_Model_UserExternal');
     $existingAssoc = $userExternalModel->getExternalAuthAssociation($userExternalModel->bdApiConsumer_getProviderCode($provider), $externalUserId);
     if (!empty($existingAssoc)) {
         $accessToken = $userExternalModel->bdApiConsumer_getAccessTokenFromAuth($provider, $existingAssoc);
         if (empty($accessToken)) {
             // no access token in the auth, consider no auth at all
             $existingAssoc = null;
         }
     }
     if (empty($existingAssoc)) {
         $autoRegister = bdApiConsumer_Option::get('autoRegister');
         if ($autoRegister === 'on' or $autoRegister === 'id_sync') {
             // we have to do a refresh here
             return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildPublicLink('canonical:register/external', null, array('provider' => $providerCode, 'reg' => 1, 'redirect' => $this->getDynamicRedirect())), new XenForo_Phrase('bdapi_consumer_being_auto_login_auto_register_x', array('provider' => $provider['name'])));
         }
     }
     if (!$existingAssoc) {
         return $this->responseError(new XenForo_Phrase('bdapi_consumer_auto_login_with_x_failed', array('provider' => $provider['name'])));
     }
     $user = $userModel->getFullUserById($existingAssoc['user_id']);
     if (empty($user)) {
         return $this->responseError(new XenForo_Phrase('requested_user_not_found'));
     }
     if (XenForo_Application::$versionId > 1050000) {
         /** @var XenForo_ControllerHelper_Login $loginHelper */
         $loginHelper = $this->getHelper('Login');
         if ($loginHelper->userTfaConfirmationRequired($user)) {
             $loginHelper->setTfaSessionCheck($user['user_id']);
             return $this->responseMessage(new XenForo_Phrase('bdapi_consumer_auto_login_user_x_requires_tfa', array('username' => $user['username'], 'twoStepLink' => XenForo_Link::buildPublicLink('login/two-step', null, array('redirect' => $this->getDynamicRedirect(), 'remember' => 1)))));
         }
     }
     $userModel->setUserRememberCookie($user['user_id']);
     XenForo_Model_Ip::log($user['user_id'], 'user', $user['user_id'], 'login_api_consumer');
     $userModel->deleteSessionActivity(0, $this->_request->getClientIp(false));
     if (XenForo_Application::$versionId < 1050000) {
         XenForo_Application::getSession()->changeUserId($user['user_id']);
         XenForo_Visitor::setup($user['user_id']);
     } else {
         $visitor = XenForo_Visitor::setup($user['user_id']);
         XenForo_Application::getSession()->userLogin($user['user_id'], $visitor['password_date']);
     }
     return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $this->getDynamicRedirect(), new XenForo_Phrase('bdapi_consumer_auto_login_with_x_succeeded_y', array('provider' => $provider['name'], 'username' => $user['username'])));
 }
Exemple #6
0
 public function actionGetIndex()
 {
     /* @var $session bdApi_Session */
     $session = XenForo_Application::getSession();
     $visitor = XenForo_Visitor::getInstance();
     $systemInfo = array();
     if ($session->getOAuthClientId() === '') {
         $systemInfo += array('oauth/authorize' => bdApi_Data_Helper_Core::safeBuildApiLink('oauth/authorize', array(), array('oauth_token' => '')), 'oauth/token' => bdApi_Data_Helper_Core::safeBuildApiLink('oauth/token', array(), array('oauth_token' => '')));
     }
     if ($session->checkScope(bdApi_Model_OAuth2::SCOPE_POST)) {
         $systemInfo = array('api_revision' => 2015121801, 'api_modules' => $this->_getModules());
     }
     $data = array();
     $data['links'] = array('search' => bdApi_Data_Helper_Core::safeBuildApiLink('search'), 'navigation' => bdApi_Data_Helper_Core::safeBuildApiLink('navigation', array(), array('parent' => 0)), 'threads/recent' => bdApi_Data_Helper_Core::safeBuildApiLink('threads/recent'), 'users' => bdApi_Data_Helper_Core::safeBuildApiLink('users'));
     if ($visitor['user_id'] > 0) {
         $data['links']['conversations'] = bdApi_Data_Helper_Core::safeBuildApiLink('conversations');
         $data['links']['forums/followed'] = bdApi_Data_Helper_Core::safeBuildApiLink('forums/followed');
         $data['links']['notifications'] = bdApi_Data_Helper_Core::safeBuildApiLink('notifications');
         $data['links']['threads/followed'] = bdApi_Data_Helper_Core::safeBuildApiLink('threads/followed');
         $data['links']['threads/new'] = bdApi_Data_Helper_Core::safeBuildApiLink('threads/new');
         $data['links']['users/ignored'] = bdApi_Data_Helper_Core::safeBuildApiLink('users/ignored');
         $data['links']['users/me'] = bdApi_Data_Helper_Core::safeBuildApiLink('users', array('user_id' => XenForo_Visitor::getInstance()->toArray()), array('oauth_token' => ''));
         if ($visitor->canUpdateStatus()) {
             $data['post']['status'] = bdApi_Data_Helper_Core::safeBuildApiLink('users/me/timeline');
         }
     }
     $data['system_info'] = $systemInfo;
     return $this->responseData('bdApi_ViewApi_Index', $data);
 }
Exemple #7
0
 public function logRequest($requestMethod, $requestUri, array $requestData, $responseCode, array $responseOutput, array $bulkSet = array())
 {
     $days = bdApi_Option::get('logRetentionDays');
     if ($days == 0) {
         return false;
     }
     $dw = XenForo_DataWriter::create('bdApi_DataWriter_Log');
     $dw->bulkSet($bulkSet);
     if (!isset($bulkSet['client_id'])) {
         /* @var $session bdApi_Session */
         $session = XenForo_Application::getSession();
         $dw->set('client_id', $session->getOAuthClientId());
     }
     if (!isset($bulkSet['user_id'])) {
         $visitor = XenForo_Visitor::getInstance();
         $dw->set('user_id', $visitor->get('user_id'));
     }
     if (!isset($bulkSet['ip_address'])) {
         $dw->set('ip_address', isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '');
     }
     $dw->set('request_date', XenForo_Application::$time);
     $dw->set('request_method', $requestMethod);
     $dw->set('request_uri', $requestUri);
     $dw->set('request_data', $this->_filterData($requestData));
     $dw->set('response_code', $responseCode);
     $dw->set('response_output', $this->_filterData($responseOutput));
     return $dw->save();
 }
Exemple #8
0
 /**
  * Fetches all notices applicable to the visiting user
  *
  * @param array $params
  * @param array $containerData
  *
  * @return array
  */
 protected function _getSocialNoticesContainerParams(XenForo_ControllerResponse_View $controllerResponse, array $notices = array())
 {
     $socialForum = ThemeHouse_SocialGroups_SocialForum::getInstance();
     /* @var $noticeModel XenForo_Model_Notice */
     $noticeModel = XenForo_Model::create('XenForo_Model_Notice');
     if (XenForo_Application::get('options')->enableNotices) {
         $user = XenForo_Visitor::getInstance()->toArray();
         if (XenForo_Application::isRegistered('session')) {
             $dismissedNotices = XenForo_Application::getSession()->get('dismissedNotices');
         }
         if (!isset($dismissedNotices) || !is_array($dismissedNotices)) {
             $dismissedNotices = array();
         }
         // handle style overrides
         $user['style_id'] = XenForo_Application::get('options')->defaultStyleId;
         $noticeTokens = array('{name}' => $user['username'] !== '' ? $user['username'] : new XenForo_Phrase('guest'), '{user_id}' => $user['user_id']);
         $allNotices = $noticeModel->getNoticesForSocialForum($socialForum['social_forum_id']);
         foreach ($allNotices as $noticeId => $notice) {
             if (!in_array($noticeId, $dismissedNotices) && XenForo_Helper_Criteria::userMatchesCriteria($notice['user_criteria'], true, $user) && XenForo_Helper_Criteria::pageMatchesCriteria($notice['page_criteria'], true, $controllerResponse->params, $controllerResponse->containerParams)) {
                 $notices[$noticeId] = array('title' => $notice['title'], 'message' => str_replace(array_keys($noticeTokens), $noticeTokens, $notice['message']), 'wrap' => $notice['wrap'], 'dismissible' => $notice['dismissible'] && XenForo_Visitor::getUserId());
             }
         }
     }
     return $notices;
 }
Exemple #9
0
 public function actionIndex()
 {
     $defaultOrder = 'media_date';
     $order = $this->_input->filterSingle('order', XenForo_Input::STRING, array('default' => $defaultOrder));
     $type = $this->_input->filterSingle('type', XenForo_Input::STRING);
     $categoryId = $this->_input->filterSingle('category_id', XenForo_Input::UINT);
     if (!$categoryId) {
         return $this->responseRedirect(XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL_PERMANENT, XenForo_Link::buildPublicLink('xengallery'));
     }
     $mediaHelper = $this->_getMediaHelper();
     $categoryModel = $this->_getCategoryModel();
     $category = $mediaHelper->assertCategoryValidAndViewable($categoryId);
     $categoryBreadcrumbs = $categoryModel->getCategoryBreadcrumb($category, false);
     $containerCategory = false;
     $uploadUserGroups = unserialize($category['upload_user_groups']);
     if (!$uploadUserGroups) {
         $canAddMedia = false;
         $containerCategory = true;
     } else {
         $canAddMedia = $this->_getMediaModel()->canAddMediaToCategory($uploadUserGroups);
     }
     $page = $this->_input->filterSingle('page', XenForo_Input::UINT);
     $perPage = XenForo_Application::getOptions()->xengalleryMediaMaxPerPage;
     $childIds = array();
     $showCategory = false;
     if ($containerCategory) {
         $childCategories = $categoryModel->getCategoryStructure(null, $categoryId);
         foreach ($childCategories as $child) {
             $childIds[] = $child['category_id'];
         }
         if (!$childCategories) {
             $containerCategory = false;
         }
         $showCategory = true;
     }
     $conditions = array('category_id' => $containerCategory ? $childIds : $categoryId, 'deleted' => XenForo_Permission::hasPermission(XenForo_Visitor::getInstance()->permissions, 'xengallery', 'viewDeleted'), 'type' => $type);
     $fetchOptions = $this->_getMediaFetchOptions() + array('order' => $order ? $order : $defaultOrder, 'page' => $page, 'perPage' => $perPage);
     $mediaModel = $this->_getMediaModel();
     $media = $mediaModel->getMedia($conditions, $fetchOptions);
     $media = $mediaModel->prepareMediaItems($media);
     $inlineModOptions = $mediaModel->prepareInlineModOptions($media, false);
     $ignoredNames = array();
     foreach ($media as $item) {
         if (!empty($item['isIgnored'])) {
             $ignoredNames[] = $item['username'];
         }
     }
     $mediaCount = $mediaModel->countMedia($conditions);
     $this->canonicalizePageNumber($page, $perPage, $mediaCount, 'xengallery/categories', $category);
     $this->canonicalizeRequestUrl(XenForo_Link::buildPublicLink('xengallery/categories', $category, array('page' => $page)));
     $pageNavParams = array('order' => $order != $defaultOrder ? $order : false, 'type' => $type ? $type : false);
     $session = XenForo_Application::getSession();
     $requiresTranscode = $session->get('xfmgVideoRequiresTranscode');
     if ($requiresTranscode) {
         $session->remove('xfmgVideoRequiresTranscode');
     }
     $viewParams = array('category' => $category, 'canWatchCategory' => $categoryModel->canWatchCategory(), 'containerCategory' => $containerCategory, 'showCategory' => $showCategory, 'media' => $media, 'order' => $order, 'defaultOrder' => $defaultOrder, 'type' => $type, 'typeFilter' => $type, 'ignoredNames' => array_unique($ignoredNames), 'mediaCount' => $mediaCount, 'page' => $page <= 1 ? '' : $page, 'perPage' => $perPage, 'canAddMedia' => $canAddMedia, 'canViewRatings' => $mediaModel->canViewRatings(), 'canViewComments' => $this->_getCommentModel()->canViewComments(), 'categoryBreadcrumbs' => $categoryBreadcrumbs, 'inlineModOptions' => $inlineModOptions, 'pageNavParams' => $pageNavParams, 'requiresTranscode' => $requiresTranscode);
     return $this->_getSiteMediaWrapper($categoryId, $this->responseView('XenGallery_ViewPublic_Category_View', 'xengallery_category_view', $viewParams));
 }
Exemple #10
0
 public static function isBot()
 {
     if (!XenForo_Application::isRegistered('session')) {
         return false;
     }
     $session = XenForo_Application::getSession();
     return $session->get('robotId');
 }
Exemple #11
0
 public function getAccountsRequestUrl($redirectUri, $state = null)
 {
     if (is_null($state)) {
         $state = md5(uniqid('xf', true));
     }
     $session = XenForo_Application::getSession();
     $session->set('accountsCsrfState', $state);
     return $this->schema . '://' . $this->api . '/oauth/?client_id=' . $this->clientId . '&redirect_uri=' . urlencode($redirectUri) . '&state=' . $state . '&roles=profile,email' . '&access_type=offline' . '&response_type=code';
 }
Exemple #12
0
 public function actionLogin()
 {
     if (!$this->_request->isPost()) {
         return $this->responseRedirect(XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL, XenForo_Link::buildAdminLink('index'));
     }
     $data = $this->_input->filter(array('login' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'redirect' => XenForo_Input::STRING, 'cookie_check' => XenForo_Input::UINT));
     $redirect = $data['redirect'] ? $data['redirect'] : XenForo_Link::buildAdminLink('index');
     $loginModel = $this->_getLoginModel();
     if ($data['cookie_check'] && count($_COOKIE) == 0) {
         // login came from a page, so we should at least have a session cookie.
         // if we don't, assume that cookies are disabled
         return $this->responseError(new XenForo_Phrase('cookies_required_to_log_in_to_site'));
     }
     $needCaptcha = $loginModel->requireLoginCaptcha($data['login']);
     if ($needCaptcha) {
         // just block logins here instead of using the captcha
         return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts'));
     }
     $userModel = $this->_getUserModel();
     $userId = $userModel->validateAuthentication($data['login'], $data['password'], $error);
     if (!$userId) {
         $loginModel->logLoginAttempt($data['login']);
         if ($loginModel->requireLoginCaptcha($data['login'])) {
             return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts'));
         }
         if ($this->_input->filterSingle('upgrade', XenForo_Input::UINT)) {
             return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
         } else {
             // note - JSON view will return responseError($text)
             return $this->responseView('XenForo_ViewAdmin_Login_Error', 'login_form', array('text' => $error, 'defaultLogin' => $data['login'], 'redirect' => $redirect), array('containerTemplate' => 'LOGIN_PAGE'));
         }
     }
     $loginModel->clearLoginAttempts($data['login']);
     XenForo_Model_Ip::log($userId, 'user', $userId, 'login_admin');
     $visitor = XenForo_Visitor::setup($userId);
     XenForo_Application::getSession()->userLogin($userId, $visitor['password_date']);
     // if guest on front-end, login there too
     $class = XenForo_Application::resolveDynamicClass('XenForo_Session');
     $publicSession = new $class();
     $publicSession->start();
     if (!$publicSession->get('user_id')) {
         $publicSession->userLogin($userId, $visitor['password_date']);
         $publicSession->save();
     }
     // now check that the user will be able to get into the ACP (is_admin)
     if (!$visitor->is_admin) {
         return $this->responseError(new XenForo_Phrase('your_account_does_not_have_admin_privileges'));
     }
     if ($this->_input->filterSingle('repost', XenForo_Input::UINT)) {
         $postVars = $this->_input->filterSingle('postVars', XenForo_Input::JSON_ARRAY);
         $postVars['_xfToken'] = $visitor['csrf_token_page'];
         return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect, '', array('repost' => 1, 'postVars' => $postVars));
     } else {
         return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
     }
 }
Exemple #13
0
 protected static function _getKey()
 {
     /* @var $session bdApi_Session */
     $session = XenForo_Application::getSession();
     $clientSecret = $session->getOAuthClientSecret();
     if (empty($clientSecret)) {
         throw new XenForo_Exception(new XenForo_Phrase('bdapi_request_must_authorize_to_encrypt'), true);
     }
     return $clientSecret;
 }
Exemple #14
0
 protected function _getRegisterFormResponse(array $fields, array $errors = array())
 {
     XenForo_Application::getSession()->set('ct_submit_register_time', time());
     $field_name = CleanTalk_Base_CleanTalk::getCheckjsName();
     $ct_check_def = CleanTalk_Base_CleanTalk::getCheckjsDefaultValue();
     //if (!isset($_COOKIE[$field_name])) {
     setcookie($field_name, $ct_check_def, 0, '/');
     //}
     return parent::_getRegisterFormResponse($fields, $errors);
 }
Exemple #15
0
 public function actionGetIndex()
 {
     /* @var $session bdApi_Session */
     $session = XenForo_Application::getSession();
     $systemInfo = array();
     if ($session->checkScope(bdApi_Model_OAuth2::SCOPE_POST)) {
         $systemInfo = array('api_revision' => 2014030701, 'api_modules' => $this->_getModules());
     }
     $data = array('links' => array('conversations' => XenForo_Link::buildApiLink('conversations'), 'conversation-messages' => XenForo_Link::buildApiLink('conversation-messages'), 'notifications' => XenForo_Link::buildApiLink('notifications'), 'search' => XenForo_Link::buildApiLink('search'), 'navigation' => XenForo_Link::buildApiLink('navigation', array(), array('parent' => 0)), 'threads' => XenForo_Link::buildApiLink('threads'), 'threads/recent' => XenForo_Link::buildApiLink('threads/recent'), 'threads/new' => XenForo_Link::buildApiLink('threads/new'), 'posts' => XenForo_Link::buildApiLink('posts'), 'users' => XenForo_Link::buildApiLink('users'), 'batch' => XenForo_Link::buildApiLink('batch'), 'subscriptions' => XenForo_Link::buildApiLink('subscriptions'), 'oauth_authorize' => XenForo_Link::buildApiLink('oauth/authorize', array(), array('oauth_token' => '')), 'oauth_token' => XenForo_Link::buildApiLink('oauth/token', array(), array('oauth_token' => ''))), 'system_info' => $systemInfo);
     return $this->responseData('bdApi_ViewApi_Index', $data);
 }
Exemple #16
0
 public static function getRequestUrl(array $provider, $redirectUri, array $extraParams = array())
 {
     $url = call_user_func_array('sprintf', array('%s/index.php?oauth/authorize/&client_id=%s&redirect_uri=%s&response_type=code&scope=%s', rtrim($provider['root'], '/'), rawurlencode($provider['client_id']), rawurlencode($redirectUri), rawurlencode(self::SCOPE)));
     if (XenForo_Application::getConfig()->get(bdApiConsumer_Option::CONFIG_TRACK_AUTHORIZE_URL_STATE) && !isset($extraParams['state'])) {
         $extraParams['state'] = base64_encode(json_encode(array('time' => XenForo_Application::$time, 'ip' => XenForo_Helper_Ip::convertIpBinaryToString(XenForo_Application::getSession()->get('ip')))));
     }
     foreach ($extraParams as $key => $value) {
         $url .= sprintf('&%s=%s', $key, rawurlencode($value));
     }
     return $url;
 }
Exemple #17
0
 protected function _body()
 {
     $visitor = XenForo_Visitor::getInstance();
     $sessionId = XenForo_Application::getSession()->getSessionId();
     if (isset($visitor['parent_session']) && $visitor['parent_session'] && $visitor['parent_session'] == $sessionId) {
         $pattern = '#<fieldset id="moderatorBar">\\s*<div class="pageWidth">\\s*<div class="pageContent">#Us';
         if (!preg_match($pattern, $this->_contents)) {
             $this->_prependTemplate('moderator_bar');
         }
         $this->_appendTemplateAtPattern($pattern, 'th_moderator_bar_logged_in_parentalcontrol');
     }
 }
Exemple #18
0
 public function actionWfLayoutEditor()
 {
     if (!XenForo_Application::isRegistered('session')) {
         return $this->responseNoPermission();
     }
     $session = XenForo_Application::getSession();
     $visitor = XenForo_Visitor::getInstance();
     if (!$visitor->hasAdminPermission('style')) {
         return $this->responseNoPermission();
     }
     $session->set('_WidgetFramework_layoutEditor', !WidgetFramework_Option::get('layoutEditorEnabled'));
     return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $this->getDynamicRedirect());
 }
Exemple #19
0
 public static function getUnreadCount()
 {
     if ($userId = XenForo_Visitor::getUserId()) {
         if (XenForo_Application::isRegistered('session')) {
             $session = XenForo_Application::getSession();
             $unreadPostCount = $session->get('unreadPostCount');
             if (is_array($unreadPostCount)) {
                 return intval($unreadPostCount['count']);
             }
         }
     }
     return 0;
 }
Exemple #20
0
 public function actionLogin()
 {
     $data = $this->_input->filter(array('login' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'remember' => XenForo_Input::UINT, 'register' => XenForo_Input::UINT, 'redirect' => XenForo_Input::STRING, 'cookie_check' => XenForo_Input::UINT, 'postData' => XenForo_Input::JSON_ARRAY));
     if ($data['register'] || $data['password'] === '') {
         return $this->responseReroute('XenForo_ControllerPublic_Register', 'index');
     }
     $redirect = $data['redirect'] ? $data['redirect'] : $this->getDynamicRedirectIfNot(XenForo_Link::buildPublicLink('login'));
     if (XenForo_Visitor::getUserId()) {
         return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
     }
     $this->_assertPostOnly();
     $loginModel = $this->_getLoginModel();
     if ($data['cookie_check'] && count($_COOKIE) == 0) {
         // login came from a page, so we should at least have a session cookie.
         // if we don't, assume that cookies are disabled
         return $this->_loginErrorResponse(new XenForo_Phrase('cookies_required_to_log_in_to_site'), $data['login'], true, $redirect);
     }
     $needCaptcha = $loginModel->requireLoginCaptcha($data['login']);
     if ($needCaptcha) {
         switch (XenForo_Application::getOptions()->loginLimit) {
             case 'captcha':
                 if (!XenForo_Captcha_Abstract::validateDefault($this->_input, true)) {
                     return $this->_loginErrorResponse(new XenForo_Phrase('did_not_complete_the_captcha_verification_properly'), $data['login'], true, $redirect, $data['postData']);
                 }
                 break;
             case 'block':
                 return $this->_loginErrorResponse(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts'), $data['login'], true, $redirect, $data['postData']);
                 break;
         }
     }
     $userModel = $this->_getUserModel();
     $userId = $userModel->validateAuthentication($data['login'], $data['password'], $error);
     if (!$userId) {
         $loginModel->logLoginAttempt($data['login']);
         return $this->_loginErrorResponse($error, $data['login'], $needCaptcha || $loginModel->requireLoginCaptcha($data['login']), $redirect, $data['postData']);
     }
     $loginModel->clearLoginAttempts($data['login']);
     if ($data['remember']) {
         $userModel->setUserRememberCookie($userId);
     }
     XenForo_Model_Ip::log($userId, 'user', $userId, 'login');
     $userModel->deleteSessionActivity(0, $this->_request->getClientIp(false));
     $visitor = XenForo_Visitor::setup($userId);
     XenForo_Application::getSession()->userLogin($userId, $visitor['password_date']);
     if ($data['postData']) {
         return $this->responseView('XenForo_ViewPublic_Login_PostRedirect', 'login_post_redirect', array('postData' => $data['postData'], 'redirect' => $redirect));
     } else {
         return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
     }
 }
Exemple #21
0
 public static function loadControllerListener($controller, $action)
 {
     if (!self::$_triggered) {
         self::$_triggered = true;
         if (XenForo_Visitor::getUserId() > 0) {
             // logged in user
             if (XenForo_Application::isRegistered('session')) {
                 $session = XenForo_Application::getSession();
                 if (!$session->get('analyticsClientSet')) {
                     $request = $controller->getRequest();
                     if (!($clientId = $request->getCookie('_ga'))) {
                         $clientId = 'DP.' . uniqid('', true);
                     }
                     $session->set('analyticsClientSet', $clientId);
                     if ($clientId) {
                         $writer = XenForo_DataWriter::create('XenForo_DataWriter_User');
                         $writer->setExistingData(XenForo_Visitor::getUserId());
                         $writer->setOption(XenForo_DataWriter_User::OPTION_ADMIN_EDIT, true);
                         if (XenForo_Application::$versionId >= 1030000) {
                             $writer->setOption(XenForo_DataWriter_User::OPTION_LOG_CHANGES, false);
                         }
                         $writer->setCustomFields(array('analytics_cid' => $clientId));
                         $writer->save();
                     }
                 } elseif (XenForo_Application::getOptions()->dpAnalyticsTrackBlocked != 'never') {
                     // logged in user without an Analytics cookie
                     $clientId = $session->get('analyticsClientSet');
                     if (substr($clientId, 0, 3) == 'DP.') {
                         self::$backendLogging = $clientId;
                     }
                 }
             }
         } elseif (XenForo_Application::isRegistered('session')) {
             $session = XenForo_Application::getSession();
             if (!($clientId = $session->get('analyticsClientSet'))) {
                 $request = $controller->getRequest();
                 if (!($clientId = $request->getCookie('_ga'))) {
                     $clientId = 'DP.' . uniqid('', true);
                 }
                 $session->set('analyticsClientSet', $clientId);
             }
             // no Analytics cookie
             if (substr($clientId, 0, 3) == 'DP.') {
                 if (XenForo_Application::getOptions()->dpAnalyticsTrackBlocked == 'guests' && !$session->get('robotId') || XenForo_Application::getOptions()->dpAnalyticsTrackBlocked == 'everyone') {
                     self::$backendLogging = $clientId;
                 }
             }
         }
     }
 }
Exemple #22
0
 public function getUserForTfaCheck()
 {
     $session = XenForo_Application::getSession();
     $loginUserId = $session->get('tfaLoginUserId');
     if (XenForo_Visitor::getUserId() || !$loginUserId) {
         return null;
     }
     $tfaLoginDate = $session->get('tfaLoginDate');
     if (!$tfaLoginDate || time() - $tfaLoginDate > 900) {
         return null;
     }
     $user = $this->_getUserModel()->getFullUserById($loginUserId);
     if (!$user) {
         return null;
     }
     return $user;
 }
Exemple #23
0
 protected function _postSaveAfterTransaction()
 {
     parent::_postSaveAfterTransaction();
     if (SV_UserPromoOnUpdate_Globals::$RunPromotion) {
         // ensure we don't attempt to run the promotion twice in the same request
         SV_UserPromoOnUpdate_Globals::$RunPromotion = false;
         $user = $this->getMergedData();
         /** @var $promotionModel XenForo_Model_UserGroupPromotion */
         $promotionModel = $this->getModelFromCache('XenForo_Model_UserGroupPromotion');
         if ($promotionModel->updatePromotionsForUser($user)) {
             $visitor = XenForo_Visitor::getInstance();
             // awarded promotions, reload session
             if (XenForo_Application::isRegistered('session') && $visitor['user_id'] && $visitor['user_id'] == $user['user_id']) {
                 XenForo_Application::getSession()->set('promotionChecked', true);
                 XenForo_Visitor::setup($user['user_id'], XenForo_Visitor::getVisitorSetupOptions());
             }
         }
     }
 }
Exemple #24
0
 public function actionMarkRead()
 {
     $parent = parent::actionMarkRead();
     if ($parent instanceof XenForo_ControllerResponse_Redirect && $this->isConfirmedPost()) {
         $session = XenForo_Application::getSession();
         /** @var $unreadPostCountModel UnreadPostCount_Model_Unread */
         $unreadPostCountModel = $this->getModelFromCache('UnreadPostCount_Model_Unread');
         $viewableNodes = XenForo_Model::create('XenForo_Model_Node')->getViewableNodeList();
         $nodeIds = array();
         foreach ($viewableNodes as $key => $node) {
             if ($node['node_type_id'] == 'Forum') {
                 $nodeIds[$key] = $key;
             }
         }
         $unreadPosts = $unreadPostCountModel->getUnreadPostCount(XenForo_Visitor::getUserId(), $nodeIds);
         $unreadPostCount = array('post_ids' => $unreadPosts['unread'], 'count' => $unreadPosts['count'], 'last_update' => XenForo_Application::$time);
         $session->set('unreadPostCount', $unreadPostCount);
     }
     return $parent;
 }
Exemple #25
0
 public function markThreadRead(array $thread, array $forum, $readDate, array $viewingUser = null)
 {
     $parent = parent::markThreadRead($thread, $forum, $readDate, $viewingUser);
     if (XenForo_Application::isRegistered('session') && XenForo_Visitor::getUserId()) {
         $session = XenForo_Application::getSession();
         $unreadPostCount = $session->get('unreadPostCount');
         if (isset($unreadPostCount['post_ids']) && $thread['discussion_state'] == 'visible') {
             unset($unreadPostCount['post_ids'][$thread['thread_id']]);
             $postIds = array();
             foreach ($unreadPostCount['post_ids'] as $threadId) {
                 foreach ($threadId as $postId) {
                     $postIds[] = $postId;
                 }
             }
             $unreadPostCount['count'] = count($postIds);
             $session->set('unreadPostCount', $unreadPostCount);
         }
     }
     return $parent;
 }
Exemple #26
0
 public static function controllerPreDispatch(XenForo_Controller $controller, $action)
 {
     if (XenForo_Application::isRegistered('session') && XenForo_Visitor::getUserId() && $controller instanceof XenForo_ControllerPublic_Abstract && self::$_hasFired === false) {
         self::$_hasFired = true;
         $session = XenForo_Application::getSession();
         /** @var $unreadPostCountModel UnreadPostCount_Model_Unread */
         $unreadPostCountModel = XenForo_Model::create('UnreadPostCount_Model_Unread');
         $unreadPostCount = $session->get('unreadPostCount');
         if ($unreadPostCountModel->needsRecache($unreadPostCount)) {
             $viewableNodes = XenForo_Model::create('XenForo_Model_Node')->getViewableNodeList();
             $nodeIds = array();
             foreach ($viewableNodes as $key => $node) {
                 if ($node['node_type_id'] == 'Forum') {
                     $nodeIds[$key] = $key;
                 }
             }
             $unreadPosts = $unreadPostCountModel->getUnreadPostCount(XenForo_Visitor::getUserId(), $nodeIds);
             $unreadPostCount = array('post_ids' => $unreadPosts['unread'], 'count' => $unreadPosts['count'], 'last_update' => XenForo_Application::$time);
             $session->set('unreadPostCount', $unreadPostCount);
         }
     }
 }
Exemple #27
0
 public function actionGetLogout()
 {
     $redirectUri = $this->_input->filterSingle('redirect_uri', XenForo_Input::STRING);
     if (empty($redirectUri)) {
         return $this->responseError(new XenForo_Phrase('bdapi_slash_tools_login_requires_redirect_uri'), 400);
     }
     /* @var $session bdApi_Session */
     $session = XenForo_Application::getSession();
     $clientId = $session->getOAuthClientId();
     if (empty($clientId)) {
         $this->_response->setHeader('X-Api-Logout-Error', 'client_id');
         return $this->responseNoPermission();
     }
     if (!$session->isValidRedirectUri($redirectUri)) {
         $this->_response->setHeader('X-Api-Logout-Error', 'redirect_uri');
         return $this->responseNoPermission();
     }
     $logoutLinkData = array('redirect' => $redirectUri, '_xfToken' => XenForo_Visitor::getInstance()->get('csrf_token_page'), 'timestamp' => XenForo_Application::$time + 10);
     $logoutLinkData['md5'] = bdApi_Crypt::encryptTypeOne(md5($logoutLinkData['redirect']), $logoutLinkData['timestamp']);
     $logoutLink = XenForo_Link::buildPublicLink('logout', '', $logoutLinkData);
     return $this->responseRedirect(XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL_PERMANENT, $logoutLink);
 }
Exemple #28
0
 public function handleManage(XenForo_Controller $controller, array $user, array $providerData)
 {
     $input = $controller->getInput();
     $request = $controller->getRequest();
     $session = XenForo_Application::getSession();
     $newProviderData = null;
     $newTriggerData = null;
     $showSetup = false;
     if ($controller->isConfirmedPost()) {
         $sessionKey = 'tfaData_totp';
         if ($input->filterSingle('regen', XenForo_Input::BOOLEAN)) {
             $newProviderData = $this->generateInitialData($user, array());
             $newTriggerData = $this->triggerVerification('setup', $user, $request->getClientIp(false), $newProviderData);
             $session->set($sessionKey, $newProviderData);
             $showSetup = true;
         } else {
             if ($input->filterSingle('confirm', XenForo_Input::BOOLEAN)) {
                 $newProviderData = $session->get($sessionKey);
                 if (!is_array($newProviderData)) {
                     return null;
                 }
                 if (!$this->verifyFromInput('setup', $input, $user, $newProviderData)) {
                     return $controller->responseError(new XenForo_Phrase('two_step_verification_value_could_not_be_confirmed'));
                 }
                 /** @var XenForo_Model_Tfa $tfaModel */
                 $tfaModel = XenForo_Model::create('XenForo_Model_Tfa');
                 $tfaModel->enableUserTfaProvider($user['user_id'], $this->_providerId, $newProviderData);
                 $session->remove($sessionKey);
                 return null;
             } else {
                 return null;
             }
         }
     }
     $viewParams = array('provider' => $this, 'providerId' => $this->_providerId, 'user' => $user, 'providerData' => $providerData, 'newProviderData' => $newProviderData, 'newTriggerData' => $newTriggerData, 'showSetup' => $showSetup);
     return $controller->responseView('XenForo_ViewPublic_Account_Tfa_TotpManage', 'account_two_step_totp_manage', $viewParams);
 }
Exemple #29
0
 /**
  * Registers a new account (or associates with an existing one) using Google.
  *
  * @return XenForo_ControllerResponse_Abstract
  */
 public function actionGoogleRegister()
 {
     $this->_assertPostOnly();
     $session = XenForo_Application::getSession();
     $credentials = $session->get('googleCredentials');
     if (!$credentials) {
         return $this->responseError(new XenForo_Phrase('you_did_not_grant_permission_to_access_external_account'));
     }
     $userExternalModel = $this->_getUserExternalModel();
     $doAssoc = $this->_input->filterSingle('associate', XenForo_Input::STRING) || $this->_input->filterSingle('force_assoc', XenForo_Input::UINT);
     $redirect = XenForo_Application::getSession()->get('loginRedirect');
     if (!$redirect) {
         $redirect = $this->getDynamicRedirect(false, false);
     }
     if ($doAssoc) {
         $userId = $this->_associateExternalAccount();
         $userExternalModel->updateExternalAuthAssociation('google', $credentials['basic']['sub'], $userId, $credentials['extra']);
         return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
     }
     $googleUser = $credentials['user'];
     $data = $this->_input->filter(array('username' => XenForo_Input::STRING, 'timezone' => XenForo_Input::STRING, 'location' => XenForo_Input::STRING, 'dob_day' => XenForo_Input::UINT, 'dob_month' => XenForo_Input::UINT, 'dob_year' => XenForo_Input::UINT));
     $data['email'] = $credentials['basic']['email'];
     if (!empty($googleUser['currentLocation'])) {
         $data['location'] = $googleUser['currentLocation'];
     } else {
         if (!empty($googleUser['placesLived']) && is_array($googleUser['placesLived'])) {
             foreach ($googleUser['placesLived'] as $place) {
                 if (!empty($place['primary'])) {
                     $data['location'] = $place['value'];
                     break;
                 }
             }
         }
     }
     if (isset($googleUser['gender'])) {
         switch ($googleUser['gender']) {
             case 'male':
             case 'female':
                 $data['gender'] = $googleUser['gender'];
                 break;
         }
     }
     if (!empty($googleUser['birthday'])) {
         $birthday = $this->_validateBirthdayString($googleUser['birthday'], 'y-m-d');
         if ($birthday) {
             $data['dob_year'] = $birthday[0];
             $data['dob_month'] = $birthday[1];
             $data['dob_day'] = $birthday[2];
         }
     }
     $writer = $this->_setupExternalUser($data);
     if (!$this->_validateBirthdayInput($writer, $birthdayError)) {
         $writer->error($birthdayError);
     }
     $spamModel = $this->_runSpamCheck($writer);
     $writer->advanceRegistrationUserState(false);
     $writer->save();
     $user = $writer->getMergedData();
     $spamModel->logSpamTrigger('user', $user['user_id']);
     if (!empty($googleUser['image']['url']) && $this->_canApplyAvatar()) {
         try {
             // get the original size
             $url = preg_replace('/(\\?|&)sz=\\d+/', '', $googleUser['image']['url']);
             $request = XenForo_Helper_Http::getClient($url)->request();
             $avatarData = $request->getBody();
         } catch (Exception $e) {
             $avatarData = '';
         }
         $this->_applyAvatar($user, $avatarData);
     }
     $userExternalModel->updateExternalAuthAssociation('google', $credentials['basic']['sub'], $user['user_id'], $credentials['extra']);
     return $this->_completeRegistration($user);
 }
Exemple #30
0
 public function actionAccountsfreedomRegister()
 {
     $this->_assertPostOnly();
     $session = XenForo_Application::getSession();
     $accountsToken = $session->get('accountsToken');
     $accountsUser = $session->get('accountsUser');
     if (empty($accountsUser['user_id'])) {
         return $this->responseError(new XenForo_Phrase('accountsfreedom_error_occurred_while_connecting_with_accountsfreedom4'));
     }
     $userExternalModel = $this->_getUserExternalModel();
     $redirect = XenForo_Application::getSession()->get('loginRedirect');
     if (!$redirect) {
         $redirect = $this->getDynamicRedirect(false, false);
     }
     $doAssoc = $this->_input->filterSingle('associate', XenForo_Input::STRING) || $this->_input->filterSingle('force_assoc', XenForo_Input::UINT);
     if ($doAssoc) {
         $userId = $this->_associateExternalAccount();
         $userExternalModel->updateExternalAuthAssociation('accountsfreedom', $accountsUser['user_id'], $userId, array('token' => $accountsToken));
         $session->remove('loginRedirect');
         $session->remove('accountsToken');
         return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
     }
     $data = $this->_input->filter(array('username' => XenForo_Input::STRING, 'timezone' => XenForo_Input::STRING, 'location' => XenForo_Input::STRING, 'email' => XenForo_Input::STRING));
     if (isset($accountsUser['gender'])) {
         switch ($accountsUser['gender']) {
             case 'man':
             case 'male':
                 $data['gender'] = 'male';
                 break;
             case 'woman':
             case 'female':
                 $data['gender'] = 'female';
                 break;
         }
     }
     if (!empty($accountsUser['birthday'])) {
         $birthday = $this->_validateBirthdayString($accountsUser['birthday'], 'm/d/y');
         if ($birthday) {
             $data['dob_year'] = $birthday[0];
             $data['dob_month'] = $birthday[1];
             $data['dob_day'] = $birthday[2];
         }
     }
     if (!empty($accountsUser['website'])) {
         list($website) = preg_split('/\\r?\\n/', $accountsUser['website']);
         if ($website && Zend_Uri::check($website)) {
             $data['homepage'] = $website;
         }
     }
     if (!empty($accountsUser['location']['name'])) {
         $data['location'] = $accountsUser['location']['name'];
     }
     $writer = $this->_setupExternalUser($data);
     /*if (!$this->_validateBirthdayInput($writer, $birthdayError))
     		{
     			$writer->error($birthdayError);
     		}*/
     $spamModel = $this->_runSpamCheck($writer);
     $writer->advanceRegistrationUserState(false);
     $writer->save();
     $user = $writer->getMergedData();
     $spamModel->logSpamTrigger('user', $user['user_id']);
     try {
         $avatarData = file_get_contents($accountsUser['profile_picture']);
     } catch (Exception $e) {
         $avatarData = '';
     }
     if ($avatarData) {
         $this->_applyAvatar($user, $avatarData);
     }
     $userExternalModel->updateExternalAuthAssociation('accountsfreedom', $accountsUser['user_id'], $user['user_id'], array('token' => $accountsToken));
     $session->remove('loginRedirect');
     $session->remove('accountsToken');
     $session->remove('accountsUser');
     return $this->_completeRegistration($user, array('redirect' => $redirect));
 }