vbsetcookie('skipmobilestyle', 1); $vbulletin->GPC[COOKIE_PREFIX . 'skipmobilestyle'] = 1; } elseif (isset($vbulletin->options['mobilestyleid_advanced']) and $styleid == $vbulletin->options['mobilestyleid_advanced'] or isset($vbulletin->options['mobilestyleid_basic']) and $styleid == $vbulletin->options['mobilestyleid_basic']) { vbsetcookie('skipmobilestyle', 0); $vbulletin->GPC[COOKIE_PREFIX . 'skipmobilestyle'] = 0; } } elseif ($mobile_browser_advanced && $vbulletin->options['mobilestyleid_advanced'] && !$vbulletin->GPC[COOKIE_PREFIX . 'skipmobilestyle']) { $styleid = $vbulletin->options['mobilestyleid_advanced']; } elseif ($mobile_browser && $vbulletin->options['mobilestyleid_basic'] && !$vbulletin->GPC[COOKIE_PREFIX . 'skipmobilestyle']) { $styleid = $vbulletin->options['mobilestyleid_basic']; } elseif ($vbulletin->GPC[COOKIE_PREFIX . 'userstyleid']) { $styleid = $vbulletin->GPC[COOKIE_PREFIX . 'userstyleid']; } else { $styleid = 0; } $session = vB_Session::getNewSession(vB::getDbAssertor(), vB::getDatastore(), vB::getConfig(), $sessionhash, $vbulletin->GPC[COOKIE_PREFIX . 'userid'], $vbulletin->GPC[COOKIE_PREFIX . 'password'], $styleid, $languageid); vB::setCurrentSession($session); //needs to go after the session // fetch url of referring page after we have access to vboptions['forumhome'] $vbulletin->url = $vbulletin->input->fetch_url(); define('REFERRER_PASSTHRU', $vbulletin->url); // conditional used in templates to hide things from search engines. $show['search_engine'] = preg_match("#(google|msnbot|yahoo! slurp)#si", $_SERVER['HTTP_USER_AGENT']); $vbulletin->session->doLastVisitUpdate($vbulletin->GPC[COOKIE_PREFIX . 'lastvisit'], $vbulletin->GPC[COOKIE_PREFIX . 'lastactivity']); // Because of Signature Verification, VB API won't need to verify securitytoken // CSRF Protection for POST requests if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST' and !VB_API) { if (empty($_POST) and isset($_SERVER['CONTENT_LENGTH']) and $_SERVER['CONTENT_LENGTH'] > 0) { die('The file(s) uploaded were too large to process.'); } if ($vbulletin->userinfo['userid'] > 0 and defined('CSRF_PROTECTION') and CSRF_PROTECTION === true) {
public static function processLogout() { global $vbulletin; $assertor = vB::getDbAssertor(); $userinfo = vB::getCurrentSession()->fetch_userinfo(); $timeNow = vB::getRequest()->getTimeNow(); $options = vB::getDatastore()->get_value('options'); $session = vB::getCurrentSession(); if ($userinfo['userid'] and $userinfo['userid'] != -1) { // init user data manager $userdata = new vB_Datamanager_User(vB_DataManager_Constants::ERRTYPE_SILENT); $userdata->set_existing($userinfo); $userdata->set('lastactivity', $timeNow - $options['cookietimeout']); $userdata->set('lastvisit', $timeNow); $userdata->save(); if (!defined('VB_API')) { $assertor->delete('session', array('userid' => $userinfo['userid'], 'apiaccesstoken' => null)); $assertor->delete('cpsession', array('userid' => $userinfo['userid'])); } } $assertor->delete('session', array('sessionhash' => $session->get('dbsessionhash'))); // Remove accesstoken from apiclient table so that a new one will be generated if (defined('VB_API') and VB_API === true and $vbulletin->apiclient['apiclientid']) { $assertor->update('apiclient', array('apiaccesstoken' => '', 'userid' => 0), array('apiclientid' => intval($vbulletin->apiclient['apiclientid']))); $vbulletin->apiclient['apiaccesstoken'] = ''; } if ($vbulletin->session->created == true and (!defined('VB_API') or !VB_API)) { // if we just created a session on this page, there's no reason not to use it $newsession = $vbulletin->session; } else { // API should always create a new session here to generate a new accesstoken $newsession = vB_Session::getNewSession(vB::getDbAssertor(), vB::getDatastore(), vB::getConfig(), '', 0, '', vB::getCurrentSession()->get('styleid')); } $newsession->set('userid', 0); $newsession->set('loggedin', 0); $vbulletin->session =& $newsession; $result = array(); $result['sessionhash'] = $newsession->get('dbsessionhash'); $result['apiaccesstoken'] = $newsession->get('apiaccesstoken'); if (defined('VB_API') and VB_API === true) { if ($_REQUEST['api_c']) { $assertor->update('apiclient', array('apiaccesstoken' => $result['apiaccesstoken'], 'userid' => 0), array('apiclientid' => intval($_REQUEST['api_c']))); } } return $result; }
function process_logout() { global $vbulletin; // clear all cookies beginning with COOKIE_PREFIX $prefix_length = strlen(COOKIE_PREFIX); foreach ($_COOKIE as $key => $val) { $index = strpos($key, COOKIE_PREFIX); if ($index == 0 and $index !== false) { $key = substr($key, $prefix_length); if (trim($key) == '') { continue; } // vbsetcookie will add the cookie prefix vbsetcookie($key, '', 1); } } if ($vbulletin->userinfo['userid'] and $vbulletin->userinfo['userid'] != -1) { // init user data manager $userdata = new vB_Datamanager_User($vbulletin, vB_DataManager_Constants::ERRTYPE_SILENT); $userdata->set_existing($vbulletin->userinfo); $userdata->set('lastactivity', TIMENOW - $vbulletin->options['cookietimeout']); $userdata->set('lastvisit', TIMENOW); $userdata->save(); // make sure any other of this user's sessions are deleted (in case they ended up with more than one) $vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "session WHERE userid = " . $vbulletin->userinfo['userid']); } $vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "session WHERE sessionhash = '" . $vbulletin->db->escape_string(vB::getCurrentSession()->get('dbsessionhash')) . "'"); // Remove accesstoken from apiclient table so that a new one will be generated if (defined('VB_API') and VB_API === true and $vbulletin->apiclient['apiclientid']) { $vbulletin->db->query_write("UPDATE " . TABLE_PREFIX . "apiclient SET apiaccesstoken = '', userid = 0\n\t\t\tWHERE apiclientid = " . intval($vbulletin->apiclient['apiclientid'])); $vbulletin->apiclient['apiaccesstoken'] = ''; } if ($vbulletin->session->created == true and !VB_API) { // if we just created a session on this page, there's no reason not to use it $newsession = $vbulletin->session; } else { // API should always create a new session here to generate a new accesstoken // $newsession = new vB_Session($vbulletin, '', 0, '', vB::getCurrentSession()->get('styleid')); $newsession = vB_Session::getNewSession(vB::getDbAssertor(), vB::getDatastore(), vB::getConfig(), '', 0, '', vB::getCurrentSession()->get('styleid')); } $newsession->set('userid', 0); $newsession->set('loggedin', 0); $vbulletin->session =& $newsession; // Legacy Hook 'logout_process' Removed // }