code_header(400); $Page->Content = ''; $Page->warning($L->inactive_client_id); $Index->stop = true; return; } } if ($client['domain'] && $_GET['response_type'] != 'guest_token') { if (!isset($_GET['redirect_uri'])) { code_header(400); $Page->Content = ''; $Page->warning($L->redirect_uri_parameter_required); $Index->stop = true; return; } elseif (urldecode($_GET['redirect_uri']) != $Config->base_url() . '/OAuth2/blank/' && !preg_match("/^[^\\/]+:\\/\\/{$client['domain']}/", urldecode($_GET['redirect_uri']))) { code_header(400); $Page->Content = ''; $Page->warning($L->redirect_uri_parameter_invalid); $Index->stop = true; return; } } $redirect_uri = isset($_GET['redirect_uri']) ? urldecode($_GET['redirect_uri']) : $Config->base_url() . '/OAuth2/blank/'; if (!isset($_GET['response_type'])) { header('Location: ' . http_build_url(urldecode($redirect_uri), ['error' => 'invalid_request', 'error_description' => 'response_type parameter required', 'state' => isset($_GET['state']) ? $_GET['state'] : false]), true, 302); $Page->Content = ''; $Index->stop = true; return; } if (!in_array($_GET['response_type'], ['code', 'token', 'guest_token'])) { header('Location: ' . http_build_url(urldecode($redirect_uri), ['error' => 'unsupported_response_type', 'error_description' => 'Specified response type is not supported, only "token" or "code" types available', 'state' => isset($_GET['state']) ? $_GET['state'] : false]), true, 302);
/** * Error pages processing * * @param null|string|string[] $custom_text Custom error text instead of text like "404 Not Found", * or array with two elements: [error, error_description] * @param bool $json Force JSON return format */ function error($custom_text = null, $json = false) { static $error_showed = false; if ($error_showed) { return; } $error_showed = true; if (!defined('ERROR_CODE')) { error_code(500); } if (defined('API') && !API && ERROR_CODE == 403 && _getcookie('sign_out')) { header('Location: ' . Config::instance()->base_url(), true, 302); $this->Content = ''; exit; } interface_off(); $error = code_header(ERROR_CODE); if (is_array($custom_text)) { $error = $custom_text[0]; $error_description = $custom_text[1]; } else { $error_description = $custom_text ?: $error; } if (defined('API') && API || $json) { if ($json) { header('Content-Type: application/json; charset=utf-8', true); interface_off(); } $this->json(['error' => $error, 'error_description' => $error_description]); } else { ob_start(); if (!_include_once(THEMES . "/{$this->theme}/error.html", false) && !_include_once(THEMES . "/{$this->theme}/error.php", false)) { echo "<!doctype html>\n" . h::title(code_header($error)) . ($error_description ?: $error); } $this->Content = ob_get_clean(); } $this->__finish(); exit; }
if (!isset($_GET['response_type'])) { header('Location: ' . http_build_url(urldecode($redirect_uri), ['error' => 'invalid_request', 'error_description' => 'response_type parameter required', 'state' => isset($_GET['state']) ? $_GET['state'] : false]), true, 302); $Page->Content = ''; $Index->stop = true; return; } if (!in_array($_GET['response_type'], ['code', 'token', 'guest_token'])) { header('Location: ' . http_build_url(urldecode($redirect_uri), ['error' => 'unsupported_response_type', 'error_description' => 'Specified response type is not supported, only "token" or "code" types available', 'state' => isset($_GET['state']) ? $_GET['state'] : false]), true, 302); $Page->Content = ''; $Index->stop = true; return; } $User = User::instance(); if (!$User->user()) { if ($_GET['response_type'] != 'guest_token') { code_header(403); if (Trigger::instance()->run('OAuth2/custom_sign_in_page')) { $Page->Content = ''; $Page->warning($L->you_are_not_logged_in); } $Index->stop = true; return; } elseif (!$Config->module('OAuth2')->guest_tokens) { header('Location: ' . http_build_url(urldecode($redirect_uri), ['error' => 'access_denied', 'error_description' => 'Guest tokens disabled', 'state' => isset($_GET['state']) ? $_GET['state'] : false]), true, 302); $Page->Content = ''; $Index->stop = true; return; } } /** * Authorization processing
/** * Executes plugins processing, blocks and module page generation */ function __finish() { static $finished = false; if ($finished) { return; } $finished = true; $Config = Config::instance(); $Page = Page::instance(); /** * If site is closed, user is not admin, and it is not request for sign in */ if (!$Config->core['site_mode'] && !(User::instance()->admin() || API && $Config->route === ['user', 'sign_in'])) { code_header(503); return; } if (defined('ERROR_CODE')) { $Page->error(); } Trigger::instance()->run('System/Index/preload'); if (!IN_ADMIN && !$this->api && file_exists(MODULES . '/' . MODULE . '/index.html')) { ob_start(); _include(MODULES . '/' . MODULE . '/index.html', false, false); $Page->content(ob_get_clean()); if ($this->title_auto) { $Page->title(Language::instance()->{HOME ? 'home' : MODULE}); } } elseif (!defined('ERROR_CODE') && !$this->stop) { $this->init_auto && $this->init(); } if ($this->generate_auto) { $this->generate(); } if ($this->stop) { if (_getcookie('sign_out') && !(API && MODULE == 'System' && $Config->route == ['user', 'sign_out'])) { _setcookie('sign_out', ''); } return; } if (defined('ERROR_CODE')) { $Page->error(); } elseif (_getcookie('sign_out') && !(API && MODULE == 'System' && $Config->route == ['user', 'sign_out'])) { _setcookie('sign_out', ''); } Trigger::instance()->run('System/Index/postload'); }
/** * Processing of all DB request * * @param int $connection Database id * @param array|bool $mirror * * @return DB\_Abstract|False_class */ protected function connecting($connection, $mirror = true) { /** * If connection found in list of failed connections - return instance of False_class */ if (isset($this->failed_connections[$connection])) { return False_class::instance(); } /** * If we want to get data and connection with DB mirror already exists - return reference on the instance of DB engine object */ if ($mirror === true && isset($this->mirrors[$connection])) { return $this->mirrors[$connection]; } /** * If connection already exists - return reference on the instance of DB engine object */ if (isset($this->connections[$connection])) { return $this->connections[$connection]; } $Config = Config::instance(); $Core = Core::instance(); $L = Language::instance(); /** * If connection to the core DB and it is not connection to the mirror */ if ($connection == 0 && !is_array($mirror)) { $db['type'] = $Core->db_type; $db['name'] = $Core->db_name; $db['user'] = $Core->db_user; $db['password'] = $Core->db_password; $db['host'] = $Core->db_host; $db['charset'] = $Core->db_charset; $db['prefix'] = $Core->db_prefix; } else { /** * If it is connection to the DB mirror */ if (is_array($mirror)) { $db =& $mirror; } else { if (!isset($Config->db[$connection]) || !is_array($Config->db[$connection])) { return False_class::instance(); } $db =& $Config->db[$connection]; } } /** * Create new DB connection */ $engine_class = '\\cs\\DB\\' . $db['type']; $this->connections[$connection] = new $engine_class($db['name'], $db['user'], $db['password'], $db['host'], $db['charset'], $db['prefix']); unset($engine_class); /** * If successfully - add connection to the list of success connections and return instance of DB engine object */ if (is_object($this->connections[$connection]) && $this->connections[$connection]->connected()) { $this->successful_connections[] = ($connection == 0 ? $L->core_db . '(' . $Core->db_type . ')' : $connection) . '/' . $db['host'] . '/' . $db['type']; unset($db); $this->{$connection} = $this->connections[$connection]; return $this->connections[$connection]; /** * If failed - add connection to the list of failed connections and try to connect to the DB mirror if it is allowed */ } else { unset($this->{$connection}); $this->failed_connections[$connection] = ($connection == 0 ? $L->core_db . '(' . $Core->db_type . ')' : $connection) . '/' . $db['host'] . '/' . $db['type']; unset($db); if ($mirror === true && ($connection == 0 && isset($Config->db[0]['mirrors']) && is_array($Config->db[0]['mirrors']) && count($Config->db[0]['mirrors']) || isset($Config->db[$connection]['mirrors']) && is_array($Config->db[$connection]['mirrors']) && count($Config->db[$connection]['mirrors']))) { $dbx = $connection == 0 ? $Config->db[0]['mirrors'] : $Config->db[$connection]['mirrors']; foreach ($dbx as $i => &$mirror_data) { $mirror_connection = $this->connecting($connection . ' (' . $mirror_data['name'] . ')', $mirror_data); if (is_object($mirror_connection) && $mirror_connection->connected()) { $this->mirrors[$connection] = $mirror_connection; $this->{$connection} = $this->connections[$connection]; return $this->mirrors[$connection]; } } unset($dbx, $i, $mirror_data, $mirror_connection); } /** * If mirror connection is not allowed - display connection error */ $return = False_class::instance(); if (!is_array($mirror)) { code_header(500); if ($connection == 0) { trigger_error($L->error_core_db, E_USER_ERROR); } else { trigger_error($L->error_db . ' ' . $this->failed_connections[$connection], E_USER_ERROR); } $return->error = 'Connection failed'; } return $return; } }
$User->add_session($result['id']); add_session_after(); Trigger::instance()->run('HybridAuth/add_session/after', ['adapter' => $adapter, 'provider' => $rc[0]]); if ($User->id != User::GUEST_ID) { $existing_data = $User->get(array_keys($profile_info), $User->id); foreach ($profile_info as $item => $value) { if (!$existing_data[$item] || $existing_data[$item] != $value) { $User->set($item, $value, $User->id); } } unset($existing_data, $item, $value); update_user_contacts($contacts, $rc[0]); } header('Location: ' . (_getcookie('HybridAuth_referer') ?: $Config->base_url())); _setcookie('HybridAuth_referer', ''); code_header(301); } else { $User->registration_cancel(); $Page->title($L->sending_reg_mail_error_title); $Page->warning($L->sending_reg_mail_error); header('Refresh: 5; url=' . (_getcookie('HybridAuth_referer') ?: $Config->base_url())); _setcookie('HybridAuth_referer', ''); } } catch (Exception $e) { trigger_error($e->getMessage()); header('Refresh: 5; url=' . (_getcookie('HybridAuth_referer') ?: $Config->base_url())); _setcookie('HybridAuth_referer', ''); } } else { $profile_info = $HybridAuth_data['profile_info']; $body = $L->reg_need_confirmation_mail_body(isset($profile_info['username']) ? $profile_info['username'] : strstr($result['email'], '@', true), get_core_ml_text('name'), $Config->core_url() . '/profile/registration_confirmation/' . $result['reg_key'], $L->time($Config->core['registration_confirmation_time'], 'd'));