public function doDelete($hash, $attachmentId)
{
$attachment = $this->_getAttachmentOrError($attachmentId);
if (!$this->_getAttachmentModel()->canDeleteAttachment($attachment, $hash)) {
return $this->_controller->responseNoPermission();
}
$dw = XenForo_DataWriter::create('XenForo_DataWriter_Attachment');
$dw->setExistingData($attachment, true);
$dw->delete();
return $this->_controller->responseMessage(new XenForo_Phrase('changes_saved'));
}
public function bdApi_actionPostVotes(array $poll, bdApi_ControllerApi_Abstract $controller)
{
if (!$this->canVoteOnPoll($poll, $errorPhraseKey)) {
throw $controller->getErrorOrNoPermissionResponseException($errorPhraseKey);
}
$responseIds = $controller->getInput()->filterSingle('response_ids', XenForo_Input::UINT, array('array' => true));
$responseId = $controller->getInput()->filterSingle('response_id', XenForo_Input::UINT);
if ($responseId > 0) {
$responseIds[] = $responseId;
$responseIds = array_unique($responseIds);
}
if (empty($responseIds)) {
if (!$responseIds) {
return $controller->responseError(new XenForo_Phrase('bdapi_slash_poll_vote_requires_response_id'));
}
}
if ($poll['max_votes'] > 0 && count($responseIds) > $poll['max_votes']) {
return $controller->responseError(new XenForo_Phrase('you_may_select_up_to_x_choices', array('max' => $poll['max_votes'])));
}
if ($this->voteOnPoll($poll['poll_id'], $responseIds)) {
return $controller->responseMessage(new XenForo_Phrase('changes_saved'));
} else {
return $controller->responseError(new XenForo_Phrase('unexpected_error_occurred'));
}
}
protected function _checkUserCredentials_runTfaValidation($userId)
{
if ($userId < 1 || XenForo_Application::$versionId < 1050000) {
return true;
}
if ($this->_controller === null) {
// since XenForo 1.5+, $_controller must be set to check for two factor authentication
// otherwise, deny access immediately
return false;
}
/** @var XenForo_ControllerHelper_Login $loginHelper */
$loginHelper = $this->_controller->getHelper('Login');
$user = $this->_model->getUserModel()->getFullUserById($userId);
if (!$loginHelper->userTfaConfirmationRequired($user)) {
return true;
}
/** @var XenForo_Model_Tfa $tfaModel */
$tfaModel = $this->_model->getModelFromCache('XenForo_Model_Tfa');
$providers = $tfaModel->getTfaConfigurationForUser($user['user_id'], $userData);
if (empty($providers)) {
return true;
}
$this->_server->actionOauthToken_setTfaProviders($providers);
$tfaProvider = $this->_controller->getInput()->filterSingle('tfa_provider', XenForo_Input::STRING);
if (strlen($tfaProvider) === 0) {
return false;
}
$tfaTrigger = $this->_controller->getInput()->filterSingle('tfa_trigger', XenForo_Input::BOOLEAN);
if ($tfaTrigger) {
$loginHelper->triggerTfaCheck($user, $tfaProvider, $providers, $userData);
throw $this->_controller->responseException($this->_controller->responseMessage(new XenForo_Phrase('changes_saved')));
}
$loginHelper->assertNotTfaAttemptLimited($user['user_id']);
if ($loginHelper->runTfaValidation($user, $tfaProvider, $providers, $userData) === true) {
return true;
}
throw $this->_controller->responseException($this->_controller->responseError(new XenForo_Phrase('two_step_verification_value_could_not_be_confirmed')));
}