public function output() { global $vbulletin, $db, $show, $VB_API_REQUESTS; if (!$VB_API_REQUESTS['api_c']) { // The client doesn't have an ID yet. So we need to generate a new one. $vbulletin->input->clean_array_gpc('r', array('clientname' => TYPE_STR, 'clientversion' => TYPE_STR, 'platformname' => TYPE_STR, 'platformversion' => TYPE_STR, 'uniqueid' => TYPE_STR)); // All params are required. // uniqueid is the best to be a permanent unique id such as hardware ID (CPU ID, // Harddisk ID or Mobile IMIE). Some client can not get a such a uniqueid, // so it needs to generate an unique ID and save it in its local storage. If it // requires the client ID and Secret again, pass the same unique ID. if (!$vbulletin->GPC['clientname'] or !$vbulletin->GPC['clientversion'] or !$vbulletin->GPC['platformname'] or !$vbulletin->GPC['platformversion'] or !$vbulletin->GPC['uniqueid']) { return $this->error('apiclientinfomissing', 'Miss required client information'); } // Gererate clienthash. $clienthash = md5($vbulletin->GPC['clientname'] . $vbulletin->GPC['platformname'] . $vbulletin->GPC['uniqueid']); // Generate a new secret $secret = fetch_random_password(32); // If the same clienthash exists, return secret back to the client. $client = $db->query_first_slave("SELECT *\n\t\t\t\tFROM " . TABLE_PREFIX . "apiclient\n\t\t\t\tWHERE clienthash = '" . $db->escape_string($clienthash) . "'\n\t\t\t\tLIMIT 1\n\t\t\t"); $apiclientid = $client['apiclientid']; if ($apiclientid) { // Update secret // Also remove userid so it will logout previous loggedin and remembered user. (VBM-553) $db->query_write("UPDATE " . TABLE_PREFIX . "apiclient SET\n\t\t\t\t\tsecret = '" . $db->escape_string($secret) . "',\n\t\t\t\t\tapiaccesstoken = '" . $db->escape_string($vbulletin->session->vars['apiaccesstoken']) . "',\n\t\t\t\t\tlastactivity = " . TIMENOW . ",\n\t\t\t\t\tclientversion = '" . $db->escape_string($vbulletin->GPC['clientversion']) . "',\n\t\t\t\t\tplatformversion = '" . $db->escape_string($vbulletin->GPC['platformversion']) . "',\n\t\t\t\t\tuserid = 0\n\t\t\t\t\tWHERE apiclientid = {$apiclientid}"); } else { // Create a new client $db->query_write("\n\t\t\t\t\tINSERT INTO " . TABLE_PREFIX . "apiclient (\n\t\t\t\t\t\tsecret, clienthash, clientname, clientversion, platformname,\n\t\t\t\t\t\tplatformversion, uniqueid, initialipaddress, apiaccesstoken,\n\t\t\t\t\t\tdateline, lastactivity\n\t\t\t\t\t)\n\t\t\t\t\tVALUES (\n\t\t\t\t\t\t'" . $db->escape_string($secret) . "', " . "'" . $db->escape_string($clienthash) . "', " . "'" . $db->escape_string($vbulletin->GPC['clientname']) . "', " . "'" . $db->escape_string($vbulletin->GPC['clientversion']) . "', " . "'" . $db->escape_string($vbulletin->GPC['platformname']) . "', " . "'" . $db->escape_string($vbulletin->GPC['platformversion']) . "', " . "'" . $db->escape_string($vbulletin->GPC['uniqueid']) . "', " . "'" . $db->escape_string($vbulletin->alt_ip) . "', " . "'" . $db->escape_string($vbulletin->session->vars['apiaccesstoken']) . "', " . TIMENOW . ", " . TIMENOW . "\n\t\t\t\t\t)\n\t\t\t\t"); $apiclientid = $db->insert_id(); } // Set session client ID $vbulletin->session->set('apiclientid', $apiclientid); } else { // api_c and api_sig are verified in init.php so we don't need to verify here again. $apiclientid = intval($VB_API_REQUESTS['api_c']); // Update lastactivity $db->query_write("UPDATE " . TABLE_PREFIX . "apiclient SET\n\t\t\t\tlastactivity = " . TIMENOW . "\n\t\t\t\tWHERE apiclientid = {$apiclientid}"); } $contenttypescache = vB_Types::instance()->getContentTypes(); foreach ($contenttypescache as $contenttype) { $contenttypes[$contenttype['class']] = $contenttype['id']; } // Check the status of CMS and Blog $blogenabled = $vbulletin->products['vbblog'] == '1'; $cmsenabled = $vbulletin->products['vbcms'] == '1'; $data = array('apiversion' => VB_API_VERSION, 'apiaccesstoken' => $vbulletin->session->vars['apiaccesstoken'], 'bbtitle' => $vbulletin->options['bbtitle'], 'bburl' => $vbulletin->options['bburl'], 'bbactive' => $vbulletin->options['bbactive'], 'forumhome' => $vbulletin->options['forumhome'], 'vbulletinversion' => $vbulletin->options['templateversion'], 'contenttypes' => $contenttypes, 'features' => array('blogenabled' => $blogenabled, 'cmsenabled' => $cmsenabled, 'pmsenabled' => (bool) $vbulletin->options['enablepms'], 'searchesenabled' => (bool) $vbulletin->options['enablesearches'], 'groupsenabled' => (bool) ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_groups']), 'albumsenabled' => (bool) ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_albums']), 'friendsenabled' => (bool) ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_friends']), 'visitor_trackingenabled' => (bool) ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_visitor_tracking']), 'visitor_messagingenabled' => (bool) ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_visitor_messaging']), 'multitypesearch' => true, 'taggingenabled' => (bool) $vbulletin->options['threadtagging'], 'paidsubs' => $this->paidSubs()), 'permissions' => $vbulletin->userinfo['permissions'], 'show' => $show); if (!$vbulletin->options['bbactive']) { $data['bbclosedreason'] = $vbulletin->options['bbclosedreason']; } $data['apiclientid'] = $apiclientid; if (!$VB_API_REQUESTS['api_c']) { $data['secret'] = $secret; } return $data; }
$user = $db->query_first("\n\t\tSELECT activationid, dateline\n\t\tFROM " . TABLE_PREFIX . "useractivation\n\t\tWHERE type = 1\n\t\t\tAND userid = {$userinfo['userid']}\n\t"); if (!$user) { // no activation record, probably got back here after a successful request, back to home exec_header_redirect($vbulletin->options['forumhome'] . '.php'); } if ($user['dateline'] < TIMENOW - 24 * 60 * 60) { // is it older than 24 hours? eval(standard_error(fetch_error('resetexpired', $vbulletin->session->vars['sessionurl']))); } if ($user['activationid'] != $vbulletin->GPC['activationid']) { //wrong act id eval(standard_error(fetch_error('resetbadid', $vbulletin->session->vars['sessionurl']))); } // delete old activation id $db->query_write("DELETE FROM " . TABLE_PREFIX . "useractivation WHERE userid = {$userinfo['userid']} AND type = 1"); $newpassword = fetch_random_password(8); // init user data manager $userdata =& datamanager_init('User', $vbulletin, ERRTYPE_STANDARD); $userdata->set_existing($userinfo); $userdata->set('password', $newpassword); $userdata->save(); ($hook = vBulletinHook::fetch_hook('reset_password')) ? eval($hook) : false; eval(fetch_email_phrases('resetpw', $userinfo['languageid'])); vbmail($userinfo['email'], $subject, $message, true); eval(standard_error(fetch_error('resetpw', $vbulletin->session->vars['sessionurl']))); } /*======================================================================*\ || #################################################################### || # Downloaded: 12:39, Wed May 30th 2012 || # CVS: $RCSfile$ - $Revision: 39862 $ || ####################################################################
if (!$vbulletin->options['apikey']) { print_form_header('api', 'newkey'); print_table_header($vbphrase['api_key']); print_description_row($vbphrase['api_key_empty']); print_submit_row($vbphrase['go'], ''); } else { print_table_start(); print_table_header($vbphrase['api_key']); print_label_row($vbphrase['api_key'], "<div id=\"ctrl_apikey\"><input type=\"text\" class=\"bginput\" name=\"apikey\" id=\"apikey\" value=\"" . $vbulletin->options['apikey'] . "\" size=\"35\" dir=\"\" tabindex=\"1\" readonly=\"readonly\" /></div>", '', 'top', 'apikey'); print_description_row($vbphrase['api_key_description']); print_table_footer(2, '', '', false); } } // ###################### Start Generate API Key ####################### if ($_REQUEST['do'] == 'newkey') { if ($vbulletin->options['apikey']) { print_stop_message('already_has_api_key'); } $newapikey = fetch_random_password(); $db->query_write("\n\t\tUPDATE " . TABLE_PREFIX . "setting\n\t\tSET value = '" . $newapikey . "'\n\t\tWHERE varname = 'apikey'\n\t"); build_options(); define('CP_REDIRECT', 'api.php'); print_stop_message('api_key_generated_successfully'); } print_cp_footer(); /*======================================================================*\ || #################################################################### || # Downloaded: 03:13, Sat Sep 7th 2013 || # CVS: $RCSfile$ - $Revision: 37624 $ || #################################################################### \*======================================================================*/
/** * Initializes an API client * * @param int $api_c API Client ID * @param array $apiclientdata 'clientname', 'clientversion', 'platformname', 'platformversion', 'uniqueid' * * @throws vB_Exception_Api Throws 'apiclientinfomissing' if any of clientname, clientversion, platformname, platformversion, or uniqueid are missing. * * @return array Api information, format: * array( * apiversion => string * apiaccesstoken => string * bbtitle => string * bburl => string * bbactive => int * bbclosedreason => string (only set if bbactive = 0) * forumhome => string * vbulletinversion => string * contenttypes => array( * content type class => content type id * [...] * ) * features => array( * blogenabled => 1 * cmsenabled => 0 * pmsenabled => int * searchesenabled => tin * groupsenabled => 1 * albumsenabled => 0 * multitypesearch => 1 * visitor_messagingenabled => 1 * taggingenabled => int * visitor_trackingenabled => 0 * paidsubs => int * friendsenabled => 0 * activitystream => 1 * ) * permissions => empty array * show => array( * registerbutton => 1 * ) * apiclientid => int * secret => string (only if API Client ID was specified in the call) * ) */ public function init($clientname, $clientversion, $platformname, $platformversion, $uniqueid, $api_c = 0) { $clientname = strip_tags($clientname); $clientversion = strip_tags($clientversion); $platformname = strip_tags($platformname); $platformversion = strip_tags($platformversion); $uniqueid = strip_tags($uniqueid); $api_c = intval($api_c); $oldclientid = $api_c; if (!$api_c) { // The client doesn't have an ID yet. So we need to generate a new one. // All params are required. // uniqueid is the best to be a permanent unique id such as hardware ID (CPU ID, // Harddisk ID or Mobile IMIE). Some client can not get a such a uniqueid, // so it needs to generate an unique ID and save it in its local storage. If it // requires the client ID and Secret again, pass the same unique ID. if (!$clientname or !$clientversion or !$platformname or !$platformversion or !$uniqueid) { throw new vB_Exception_Api('apiclientinfomissing'); } // Gererate clienthash. $clienthash = md5($clientname . $platformname . $uniqueid); // Generate a new secret $secret = fetch_random_password(32); // If the same clienthash exists, return secret back to the client. $client = $this->dbassertor->getRow('apiclient', array('clienthash' => $clienthash)); $api_c = $client['apiclientid']; if ($api_c) { // Update secret // Also remove userid so it will logout previous loggedin and remembered user. (VBM-553) $this->dbassertor->update('apiclient', array('secret' => $secret, 'apiaccesstoken' => vB::getCurrentSession()->get('apiaccesstoken'), 'lastactivity' => vB::getRequest()->getTimeNow(), 'clientversion' => $clientversion, 'platformversion' => $platformversion, 'userid' => 0), array('apiclientid' => $api_c)); } else { $api_c = $this->dbassertor->insert('apiclient', array('secret' => $secret, 'clienthash' => $clienthash, 'clientname' => $clientname, 'clientversion' => $clientversion, 'platformname' => $platformname, 'platformversion' => $platformversion, 'initialipaddress' => vB::getRequest()->getAltIp(), 'apiaccesstoken' => vB::getCurrentSession()->get('apiaccesstoken'), 'dateline' => vB::getRequest()->getTimeNow(), 'lastactivity' => vB::getRequest()->getTimeNow())); if (is_array($api_c)) { $api_c = array_pop($api_c); } $api_c = (int) $api_c; } // Set session client ID vB::getCurrentSession()->set('apiclientid', $api_c); } else { // api_c and api_sig are verified in init.php so we don't need to verify here again. $api_c = intval($api_c); // Update lastactivity $this->dbassertor->update('apiclient', array('lastactivity' => vB::getRequest()->getTimeNow()), array('apiclientid' => $api_c)); } $contenttypescache = vB_Types::instance()->getContentTypes(); $contenttypes = array(); foreach ($contenttypescache as $contenttype) { $contenttypes[$contenttype['class']] = $contenttype['id']; } $products = vB::getDatastore()->getValue('products'); $vboptions = vB::getDatastore()->getValue('options'); $userinfo = vB::getCurrentSession()->fetch_userinfo(); // Check the status of CMS and Blog $blogenabled = true; $cmsenabled = false; try { vB_Api::instanceInternal('paidsubscription')->checkStatus(); $paidsubs = 1; } catch (Exception $e) { $paidsubs = 0; } $forumHome = vB_Library::instance('content_channel')->getForumHomeChannel(); $forumhomeUrl = vB5_Route::buildUrl($forumHome['routeid'] . '|fullurl'); $data = array('apiversion' => VB_API_VERSION, 'apiaccesstoken' => vB::getCurrentSession()->get('apiaccesstoken'), 'bbtitle' => $vboptions['bbtitle'], 'bburl' => $vboptions['bburl'], 'bbactive' => $vboptions['bbactive'], 'forumhome' => $forumhomeUrl, 'vbulletinversion' => $vboptions['templateversion'], 'contenttypes' => $contenttypes, 'features' => array('blogenabled' => 1, 'cmsenabled' => 0, 'pmsenabled' => $vboptions['enablepms'] ? 1 : 0, 'searchesenabled' => $vboptions['enablesearches'] ? 1 : 0, 'groupsenabled' => 1, 'albumsenabled' => 0, 'multitypesearch' => 1, 'visitor_messagingenabled' => 1, 'taggingenabled' => $vboptions['threadtagging'] ? 1 : 0, 'visitor_trackingenabled' => 0, 'paidsubs' => $paidsubs, 'friendsenabled' => 0, 'activitystream' => 1), 'permissions' => array(), 'show' => array('registerbutton' => 1)); if (!$vboptions['bbactive']) { $data['bbclosedreason'] = $vboptions['bbclosedreason']; } $data['apiclientid'] = $api_c; if (!$oldclientid) { $data['secret'] = $secret; } return $data; }
function getNewPosthash() { return fetch_random_password(32); }