Exemple #1
0
 public function doDelete($hash, $attachmentId)
 {
     $attachment = $this->_getAttachmentOrError($attachmentId);
     if (!$this->_getAttachmentModel()->canDeleteAttachment($attachment, $hash)) {
         return $this->_controller->responseNoPermission();
     }
     $dw = XenForo_DataWriter::create('XenForo_DataWriter_Attachment');
     $dw->setExistingData($attachment, true);
     $dw->delete();
     return $this->_controller->responseMessage(new XenForo_Phrase('changes_saved'));
 }
Exemple #2
0
 public function bdApi_actionPostVotes(array $poll, bdApi_ControllerApi_Abstract $controller)
 {
     if (!$this->canVoteOnPoll($poll, $errorPhraseKey)) {
         throw $controller->getErrorOrNoPermissionResponseException($errorPhraseKey);
     }
     $responseIds = $controller->getInput()->filterSingle('response_ids', XenForo_Input::UINT, array('array' => true));
     $responseId = $controller->getInput()->filterSingle('response_id', XenForo_Input::UINT);
     if ($responseId > 0) {
         $responseIds[] = $responseId;
         $responseIds = array_unique($responseIds);
     }
     if (empty($responseIds)) {
         if (!$responseIds) {
             return $controller->responseError(new XenForo_Phrase('bdapi_slash_poll_vote_requires_response_id'));
         }
     }
     if ($poll['max_votes'] > 0 && count($responseIds) > $poll['max_votes']) {
         return $controller->responseError(new XenForo_Phrase('you_may_select_up_to_x_choices', array('max' => $poll['max_votes'])));
     }
     if ($this->voteOnPoll($poll['poll_id'], $responseIds)) {
         return $controller->responseMessage(new XenForo_Phrase('changes_saved'));
     } else {
         return $controller->responseError(new XenForo_Phrase('unexpected_error_occurred'));
     }
 }
Exemple #3
0
 protected function _checkUserCredentials_runTfaValidation($userId)
 {
     if ($userId < 1 || XenForo_Application::$versionId < 1050000) {
         return true;
     }
     if ($this->_controller === null) {
         // since XenForo 1.5+, $_controller must be set to check for two factor authentication
         // otherwise, deny access immediately
         return false;
     }
     /** @var XenForo_ControllerHelper_Login $loginHelper */
     $loginHelper = $this->_controller->getHelper('Login');
     $user = $this->_model->getUserModel()->getFullUserById($userId);
     if (!$loginHelper->userTfaConfirmationRequired($user)) {
         return true;
     }
     /** @var XenForo_Model_Tfa $tfaModel */
     $tfaModel = $this->_model->getModelFromCache('XenForo_Model_Tfa');
     $providers = $tfaModel->getTfaConfigurationForUser($user['user_id'], $userData);
     if (empty($providers)) {
         return true;
     }
     $this->_server->actionOauthToken_setTfaProviders($providers);
     $tfaProvider = $this->_controller->getInput()->filterSingle('tfa_provider', XenForo_Input::STRING);
     if (strlen($tfaProvider) === 0) {
         return false;
     }
     $tfaTrigger = $this->_controller->getInput()->filterSingle('tfa_trigger', XenForo_Input::BOOLEAN);
     if ($tfaTrigger) {
         $loginHelper->triggerTfaCheck($user, $tfaProvider, $providers, $userData);
         throw $this->_controller->responseException($this->_controller->responseMessage(new XenForo_Phrase('changes_saved')));
     }
     $loginHelper->assertNotTfaAttemptLimited($user['user_id']);
     if ($loginHelper->runTfaValidation($user, $tfaProvider, $providers, $userData) === true) {
         return true;
     }
     throw $this->_controller->responseException($this->_controller->responseError(new XenForo_Phrase('two_step_verification_value_could_not_be_confirmed')));
 }