public static function get($key)
{
if (self::$_options === null) {
self::$_options = XenForo_Application::get('options');
}
switch ($key) {
case 'applicationVersionId':
return XenForo_Application::$versionId;
case 'cacheCutoffDays':
return 7;
case 'indexTabId':
return 'WidgetFramework_home';
case 'layoutEditorEnabled':
if (self::$_layoutEditorEnabled === null) {
if (!XenForo_Application::isRegistered('session')) {
// no session yet...
return false;
}
$session = XenForo_Application::getSession();
self::$_layoutEditorEnabled = $session->get('_WidgetFramework_layoutEditor') === true;
if (!self::$_layoutEditorEnabled and !empty($_REQUEST['_layoutEditor'])) {
$visitor = XenForo_Visitor::getInstance();
if ($visitor->hasAdminPermission('style')) {
self::$_layoutEditorEnabled = true;
}
}
}
// use the cached value
return self::$_layoutEditorEnabled;
}
return self::$_options->get('wf_' . $key);
}
/**
* List of currently online users.
*
* @return XenForo_ControllerResponse_Abstract
*/
public function actionIndex()
{
if (!$this->_getUserModel()->canViewMemberList()) {
return $this->responseNoPermission();
}
$sessionModel = $this->_getSessionModel();
$page = $this->_input->filterSingle('page', XenForo_Input::UINT);
$userPerPage = XenForo_Application::get('options')->membersPerPage;
$bypassUserPrivacy = $this->_getUserModel()->canBypassUserPrivacy();
$userLimit = $this->_input->filterSingle('type', XenForo_Input::STRING);
$conditions = array('userLimit' => $userLimit, 'cutOff' => array('>', $sessionModel->getOnlineStatusTimeout()), 'getInvisible' => $bypassUserPrivacy, 'getUnconfirmed' => $bypassUserPrivacy, 'forceInclude' => $bypassUserPrivacy ? false : XenForo_Visitor::getUserId());
$onlineUsers = $sessionModel->getSessionActivityRecords($conditions, array('perPage' => $userPerPage, 'page' => $page, 'join' => XenForo_Model_Session::FETCH_USER_FULL, 'order' => 'view_date'));
$session = XenForo_Application::getSession();
foreach ($onlineUsers as &$online) {
if ($online['robot_key']) {
$online['robotInfo'] = $session->getRobotInfo($online['robot_key']);
}
$online['ipHex'] = bin2hex($online['ip']);
$online['canViewCurrentActivity'] = $this->_getUserModel()->canViewUserCurrentActivity($online);
}
$visitor = XenForo_Visitor::getInstance();
//TODO: this is taken directly from the forum list, could be faster if just counts
$onlineTotals = $sessionModel->getSessionActivityQuickList($visitor->toArray(), array('cutOff' => array('>', $sessionModel->getOnlineStatusTimeout())), $visitor['user_id'] ? $visitor->toArray() : null);
$viewParams = array('onlineUsers' => $sessionModel->addSessionActivityDetailsToList($onlineUsers), 'totalOnlineUsers' => $sessionModel->countSessionActivityRecords($conditions), 'userLimit' => $userLimit, 'page' => $page, 'usersPerPage' => $userPerPage, 'canViewIps' => $this->_getUserModel()->canViewIps(), 'onlineTotals' => $onlineTotals);
return $this->responseView('XenForo_ViewPublic_Online_List', 'online_list', $viewParams);
}
public static function prepareDiscoveryParams(array &$params, Zend_Controller_Response_Http $response, $topicType, $topicId, $selfLink, $subscriptionOption)
{
if (!bdApi_Option::getSubscription($topicType)) {
// subscription for this topic type has been disabled
return false;
}
// subscription discovery
$hubLink = bdApi_Data_Helper_Core::safeBuildApiLink('subscriptions', null, array('hub.topic' => bdApi_Model_Subscription::getTopic($topicType, $topicId), 'oauth_token' => ''));
$response->setHeader('Link', sprintf('<%s>; rel=hub', $hubLink));
$response->setHeader('Link', sprintf('<%s>; rel=self', $selfLink));
// subscription info
if (!empty($subscriptionOption)) {
$subscriptionOption = @unserialize($subscriptionOption);
if (!empty($subscriptionOption['subscriptions'])) {
/* @var $session bdApi_Session */
$session = XenForo_Application::getSession();
$clientId = $session->getOAuthClientId();
foreach ($subscriptionOption['subscriptions'] as $subscription) {
if ($subscription['client_id'] == $clientId) {
$params['subscription_callback'] = $subscription['callback'];
}
}
}
}
return true;
}
public function getAttachmentTempHash(array $contentData = array())
{
$prefix = '';
$inputHash = $this->_controller->getInput()->filterSingle('attachment_hash', XenForo_Input::STRING);
if (!empty($inputHash)) {
$prefix = sprintf('hash%s', $inputHash);
} elseif (!empty($contentData['post_id'])) {
$prefix = sprintf('post%d', $contentData['post_id']);
} elseif (!empty($contentData['thread_id'])) {
$prefix = sprintf('thread%d', $contentData['thread_id']);
} elseif (!empty($contentData['forum_id'])) {
$prefix = sprintf('node%d', $contentData['forum_id']);
} elseif (!empty($contentData['node_id'])) {
$prefix = sprintf('node%d', $contentData['node_id']);
} elseif (!empty($contentData['message_id'])) {
$prefix = sprintf('message%d', $contentData['message_id']);
} elseif (!empty($contentData['conversation_id'])) {
$prefix = sprintf('conversation%d', $contentData['conversation_id']);
}
/* @var $session bdApi_Session */
$session = XenForo_Application::getSession();
$clientId = $session->getOAuthClientId();
$visitorUserId = XenForo_Visitor::getUserId();
return md5(sprintf('prefix%s_client%s_visitor%d_salt%s', $prefix, $clientId, $visitorUserId, XenForo_Application::getConfig()->get('globalSalt')));
}
public function actionExternal()
{
$this->_assertPostOnly();
$providerCode = $this->_input->filterSingle('provider', XenForo_Input::STRING);
$provider = bdApiConsumer_Option::getProviderByCode($providerCode);
if (empty($provider)) {
return $this->responseNoPermission();
}
$externalUserId = $this->_input->filterSingle('external_user_id', XenForo_Input::UINT);
if (empty($externalUserId)) {
return $this->responseNoPermission();
}
if (!bdApiConsumer_Helper_Api::verifyJsSdkSignature($provider, $_REQUEST)) {
return $this->responseNoPermission();
}
$userModel = $this->_getUserModel();
/** @var bdApiConsumer_XenForo_Model_UserExternal $userExternalModel */
$userExternalModel = $this->getModelFromCache('XenForo_Model_UserExternal');
$existingAssoc = $userExternalModel->getExternalAuthAssociation($userExternalModel->bdApiConsumer_getProviderCode($provider), $externalUserId);
if (!empty($existingAssoc)) {
$accessToken = $userExternalModel->bdApiConsumer_getAccessTokenFromAuth($provider, $existingAssoc);
if (empty($accessToken)) {
// no access token in the auth, consider no auth at all
$existingAssoc = null;
}
}
if (empty($existingAssoc)) {
$autoRegister = bdApiConsumer_Option::get('autoRegister');
if ($autoRegister === 'on' or $autoRegister === 'id_sync') {
// we have to do a refresh here
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildPublicLink('canonical:register/external', null, array('provider' => $providerCode, 'reg' => 1, 'redirect' => $this->getDynamicRedirect())), new XenForo_Phrase('bdapi_consumer_being_auto_login_auto_register_x', array('provider' => $provider['name'])));
}
}
if (!$existingAssoc) {
return $this->responseError(new XenForo_Phrase('bdapi_consumer_auto_login_with_x_failed', array('provider' => $provider['name'])));
}
$user = $userModel->getFullUserById($existingAssoc['user_id']);
if (empty($user)) {
return $this->responseError(new XenForo_Phrase('requested_user_not_found'));
}
if (XenForo_Application::$versionId > 1050000) {
/** @var XenForo_ControllerHelper_Login $loginHelper */
$loginHelper = $this->getHelper('Login');
if ($loginHelper->userTfaConfirmationRequired($user)) {
$loginHelper->setTfaSessionCheck($user['user_id']);
return $this->responseMessage(new XenForo_Phrase('bdapi_consumer_auto_login_user_x_requires_tfa', array('username' => $user['username'], 'twoStepLink' => XenForo_Link::buildPublicLink('login/two-step', null, array('redirect' => $this->getDynamicRedirect(), 'remember' => 1)))));
}
}
$userModel->setUserRememberCookie($user['user_id']);
XenForo_Model_Ip::log($user['user_id'], 'user', $user['user_id'], 'login_api_consumer');
$userModel->deleteSessionActivity(0, $this->_request->getClientIp(false));
if (XenForo_Application::$versionId < 1050000) {
XenForo_Application::getSession()->changeUserId($user['user_id']);
XenForo_Visitor::setup($user['user_id']);
} else {
$visitor = XenForo_Visitor::setup($user['user_id']);
XenForo_Application::getSession()->userLogin($user['user_id'], $visitor['password_date']);
}
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $this->getDynamicRedirect(), new XenForo_Phrase('bdapi_consumer_auto_login_with_x_succeeded_y', array('provider' => $provider['name'], 'username' => $user['username'])));
}
public function actionGetIndex()
{
/* @var $session bdApi_Session */
$session = XenForo_Application::getSession();
$visitor = XenForo_Visitor::getInstance();
$systemInfo = array();
if ($session->getOAuthClientId() === '') {
$systemInfo += array('oauth/authorize' => bdApi_Data_Helper_Core::safeBuildApiLink('oauth/authorize', array(), array('oauth_token' => '')), 'oauth/token' => bdApi_Data_Helper_Core::safeBuildApiLink('oauth/token', array(), array('oauth_token' => '')));
}
if ($session->checkScope(bdApi_Model_OAuth2::SCOPE_POST)) {
$systemInfo = array('api_revision' => 2015121801, 'api_modules' => $this->_getModules());
}
$data = array();
$data['links'] = array('search' => bdApi_Data_Helper_Core::safeBuildApiLink('search'), 'navigation' => bdApi_Data_Helper_Core::safeBuildApiLink('navigation', array(), array('parent' => 0)), 'threads/recent' => bdApi_Data_Helper_Core::safeBuildApiLink('threads/recent'), 'users' => bdApi_Data_Helper_Core::safeBuildApiLink('users'));
if ($visitor['user_id'] > 0) {
$data['links']['conversations'] = bdApi_Data_Helper_Core::safeBuildApiLink('conversations');
$data['links']['forums/followed'] = bdApi_Data_Helper_Core::safeBuildApiLink('forums/followed');
$data['links']['notifications'] = bdApi_Data_Helper_Core::safeBuildApiLink('notifications');
$data['links']['threads/followed'] = bdApi_Data_Helper_Core::safeBuildApiLink('threads/followed');
$data['links']['threads/new'] = bdApi_Data_Helper_Core::safeBuildApiLink('threads/new');
$data['links']['users/ignored'] = bdApi_Data_Helper_Core::safeBuildApiLink('users/ignored');
$data['links']['users/me'] = bdApi_Data_Helper_Core::safeBuildApiLink('users', array('user_id' => XenForo_Visitor::getInstance()->toArray()), array('oauth_token' => ''));
if ($visitor->canUpdateStatus()) {
$data['post']['status'] = bdApi_Data_Helper_Core::safeBuildApiLink('users/me/timeline');
}
}
$data['system_info'] = $systemInfo;
return $this->responseData('bdApi_ViewApi_Index', $data);
}
public function logRequest($requestMethod, $requestUri, array $requestData, $responseCode, array $responseOutput, array $bulkSet = array())
{
$days = bdApi_Option::get('logRetentionDays');
if ($days == 0) {
return false;
}
$dw = XenForo_DataWriter::create('bdApi_DataWriter_Log');
$dw->bulkSet($bulkSet);
if (!isset($bulkSet['client_id'])) {
/* @var $session bdApi_Session */
$session = XenForo_Application::getSession();
$dw->set('client_id', $session->getOAuthClientId());
}
if (!isset($bulkSet['user_id'])) {
$visitor = XenForo_Visitor::getInstance();
$dw->set('user_id', $visitor->get('user_id'));
}
if (!isset($bulkSet['ip_address'])) {
$dw->set('ip_address', isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '');
}
$dw->set('request_date', XenForo_Application::$time);
$dw->set('request_method', $requestMethod);
$dw->set('request_uri', $requestUri);
$dw->set('request_data', $this->_filterData($requestData));
$dw->set('response_code', $responseCode);
$dw->set('response_output', $this->_filterData($responseOutput));
return $dw->save();
}
/**
* Fetches all notices applicable to the visiting user
*
* @param array $params
* @param array $containerData
*
* @return array
*/
protected function _getSocialNoticesContainerParams(XenForo_ControllerResponse_View $controllerResponse, array $notices = array())
{
$socialForum = ThemeHouse_SocialGroups_SocialForum::getInstance();
/* @var $noticeModel XenForo_Model_Notice */
$noticeModel = XenForo_Model::create('XenForo_Model_Notice');
if (XenForo_Application::get('options')->enableNotices) {
$user = XenForo_Visitor::getInstance()->toArray();
if (XenForo_Application::isRegistered('session')) {
$dismissedNotices = XenForo_Application::getSession()->get('dismissedNotices');
}
if (!isset($dismissedNotices) || !is_array($dismissedNotices)) {
$dismissedNotices = array();
}
// handle style overrides
$user['style_id'] = XenForo_Application::get('options')->defaultStyleId;
$noticeTokens = array('{name}' => $user['username'] !== '' ? $user['username'] : new XenForo_Phrase('guest'), '{user_id}' => $user['user_id']);
$allNotices = $noticeModel->getNoticesForSocialForum($socialForum['social_forum_id']);
foreach ($allNotices as $noticeId => $notice) {
if (!in_array($noticeId, $dismissedNotices) && XenForo_Helper_Criteria::userMatchesCriteria($notice['user_criteria'], true, $user) && XenForo_Helper_Criteria::pageMatchesCriteria($notice['page_criteria'], true, $controllerResponse->params, $controllerResponse->containerParams)) {
$notices[$noticeId] = array('title' => $notice['title'], 'message' => str_replace(array_keys($noticeTokens), $noticeTokens, $notice['message']), 'wrap' => $notice['wrap'], 'dismissible' => $notice['dismissible'] && XenForo_Visitor::getUserId());
}
}
}
return $notices;
}
public function actionIndex()
{
$defaultOrder = 'media_date';
$order = $this->_input->filterSingle('order', XenForo_Input::STRING, array('default' => $defaultOrder));
$type = $this->_input->filterSingle('type', XenForo_Input::STRING);
$categoryId = $this->_input->filterSingle('category_id', XenForo_Input::UINT);
if (!$categoryId) {
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL_PERMANENT, XenForo_Link::buildPublicLink('xengallery'));
}
$mediaHelper = $this->_getMediaHelper();
$categoryModel = $this->_getCategoryModel();
$category = $mediaHelper->assertCategoryValidAndViewable($categoryId);
$categoryBreadcrumbs = $categoryModel->getCategoryBreadcrumb($category, false);
$containerCategory = false;
$uploadUserGroups = unserialize($category['upload_user_groups']);
if (!$uploadUserGroups) {
$canAddMedia = false;
$containerCategory = true;
} else {
$canAddMedia = $this->_getMediaModel()->canAddMediaToCategory($uploadUserGroups);
}
$page = $this->_input->filterSingle('page', XenForo_Input::UINT);
$perPage = XenForo_Application::getOptions()->xengalleryMediaMaxPerPage;
$childIds = array();
$showCategory = false;
if ($containerCategory) {
$childCategories = $categoryModel->getCategoryStructure(null, $categoryId);
foreach ($childCategories as $child) {
$childIds[] = $child['category_id'];
}
if (!$childCategories) {
$containerCategory = false;
}
$showCategory = true;
}
$conditions = array('category_id' => $containerCategory ? $childIds : $categoryId, 'deleted' => XenForo_Permission::hasPermission(XenForo_Visitor::getInstance()->permissions, 'xengallery', 'viewDeleted'), 'type' => $type);
$fetchOptions = $this->_getMediaFetchOptions() + array('order' => $order ? $order : $defaultOrder, 'page' => $page, 'perPage' => $perPage);
$mediaModel = $this->_getMediaModel();
$media = $mediaModel->getMedia($conditions, $fetchOptions);
$media = $mediaModel->prepareMediaItems($media);
$inlineModOptions = $mediaModel->prepareInlineModOptions($media, false);
$ignoredNames = array();
foreach ($media as $item) {
if (!empty($item['isIgnored'])) {
$ignoredNames[] = $item['username'];
}
}
$mediaCount = $mediaModel->countMedia($conditions);
$this->canonicalizePageNumber($page, $perPage, $mediaCount, 'xengallery/categories', $category);
$this->canonicalizeRequestUrl(XenForo_Link::buildPublicLink('xengallery/categories', $category, array('page' => $page)));
$pageNavParams = array('order' => $order != $defaultOrder ? $order : false, 'type' => $type ? $type : false);
$session = XenForo_Application::getSession();
$requiresTranscode = $session->get('xfmgVideoRequiresTranscode');
if ($requiresTranscode) {
$session->remove('xfmgVideoRequiresTranscode');
}
$viewParams = array('category' => $category, 'canWatchCategory' => $categoryModel->canWatchCategory(), 'containerCategory' => $containerCategory, 'showCategory' => $showCategory, 'media' => $media, 'order' => $order, 'defaultOrder' => $defaultOrder, 'type' => $type, 'typeFilter' => $type, 'ignoredNames' => array_unique($ignoredNames), 'mediaCount' => $mediaCount, 'page' => $page <= 1 ? '' : $page, 'perPage' => $perPage, 'canAddMedia' => $canAddMedia, 'canViewRatings' => $mediaModel->canViewRatings(), 'canViewComments' => $this->_getCommentModel()->canViewComments(), 'categoryBreadcrumbs' => $categoryBreadcrumbs, 'inlineModOptions' => $inlineModOptions, 'pageNavParams' => $pageNavParams, 'requiresTranscode' => $requiresTranscode);
return $this->_getSiteMediaWrapper($categoryId, $this->responseView('XenGallery_ViewPublic_Category_View', 'xengallery_category_view', $viewParams));
}
public static function isBot()
{
if (!XenForo_Application::isRegistered('session')) {
return false;
}
$session = XenForo_Application::getSession();
return $session->get('robotId');
}
public function getAccountsRequestUrl($redirectUri, $state = null)
{
if (is_null($state)) {
$state = md5(uniqid('xf', true));
}
$session = XenForo_Application::getSession();
$session->set('accountsCsrfState', $state);
return $this->schema . '://' . $this->api . '/oauth/?client_id=' . $this->clientId . '&redirect_uri=' . urlencode($redirectUri) . '&state=' . $state . '&roles=profile,email' . '&access_type=offline' . '&response_type=code';
}
public function actionLogin()
{
if (!$this->_request->isPost()) {
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL, XenForo_Link::buildAdminLink('index'));
}
$data = $this->_input->filter(array('login' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'redirect' => XenForo_Input::STRING, 'cookie_check' => XenForo_Input::UINT));
$redirect = $data['redirect'] ? $data['redirect'] : XenForo_Link::buildAdminLink('index');
$loginModel = $this->_getLoginModel();
if ($data['cookie_check'] && count($_COOKIE) == 0) {
// login came from a page, so we should at least have a session cookie.
// if we don't, assume that cookies are disabled
return $this->responseError(new XenForo_Phrase('cookies_required_to_log_in_to_site'));
}
$needCaptcha = $loginModel->requireLoginCaptcha($data['login']);
if ($needCaptcha) {
// just block logins here instead of using the captcha
return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts'));
}
$userModel = $this->_getUserModel();
$userId = $userModel->validateAuthentication($data['login'], $data['password'], $error);
if (!$userId) {
$loginModel->logLoginAttempt($data['login']);
if ($loginModel->requireLoginCaptcha($data['login'])) {
return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts'));
}
if ($this->_input->filterSingle('upgrade', XenForo_Input::UINT)) {
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
} else {
// note - JSON view will return responseError($text)
return $this->responseView('XenForo_ViewAdmin_Login_Error', 'login_form', array('text' => $error, 'defaultLogin' => $data['login'], 'redirect' => $redirect), array('containerTemplate' => 'LOGIN_PAGE'));
}
}
$loginModel->clearLoginAttempts($data['login']);
XenForo_Model_Ip::log($userId, 'user', $userId, 'login_admin');
$visitor = XenForo_Visitor::setup($userId);
XenForo_Application::getSession()->userLogin($userId, $visitor['password_date']);
// if guest on front-end, login there too
$class = XenForo_Application::resolveDynamicClass('XenForo_Session');
$publicSession = new $class();
$publicSession->start();
if (!$publicSession->get('user_id')) {
$publicSession->userLogin($userId, $visitor['password_date']);
$publicSession->save();
}
// now check that the user will be able to get into the ACP (is_admin)
if (!$visitor->is_admin) {
return $this->responseError(new XenForo_Phrase('your_account_does_not_have_admin_privileges'));
}
if ($this->_input->filterSingle('repost', XenForo_Input::UINT)) {
$postVars = $this->_input->filterSingle('postVars', XenForo_Input::JSON_ARRAY);
$postVars['_xfToken'] = $visitor['csrf_token_page'];
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect, '', array('repost' => 1, 'postVars' => $postVars));
} else {
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
}
}
protected static function _getKey()
{
/* @var $session bdApi_Session */
$session = XenForo_Application::getSession();
$clientSecret = $session->getOAuthClientSecret();
if (empty($clientSecret)) {
throw new XenForo_Exception(new XenForo_Phrase('bdapi_request_must_authorize_to_encrypt'), true);
}
return $clientSecret;
}
protected function _getRegisterFormResponse(array $fields, array $errors = array())
{
XenForo_Application::getSession()->set('ct_submit_register_time', time());
$field_name = CleanTalk_Base_CleanTalk::getCheckjsName();
$ct_check_def = CleanTalk_Base_CleanTalk::getCheckjsDefaultValue();
//if (!isset($_COOKIE[$field_name])) {
setcookie($field_name, $ct_check_def, 0, '/');
//}
return parent::_getRegisterFormResponse($fields, $errors);
}
public function actionGetIndex()
{
/* @var $session bdApi_Session */
$session = XenForo_Application::getSession();
$systemInfo = array();
if ($session->checkScope(bdApi_Model_OAuth2::SCOPE_POST)) {
$systemInfo = array('api_revision' => 2014030701, 'api_modules' => $this->_getModules());
}
$data = array('links' => array('conversations' => XenForo_Link::buildApiLink('conversations'), 'conversation-messages' => XenForo_Link::buildApiLink('conversation-messages'), 'notifications' => XenForo_Link::buildApiLink('notifications'), 'search' => XenForo_Link::buildApiLink('search'), 'navigation' => XenForo_Link::buildApiLink('navigation', array(), array('parent' => 0)), 'threads' => XenForo_Link::buildApiLink('threads'), 'threads/recent' => XenForo_Link::buildApiLink('threads/recent'), 'threads/new' => XenForo_Link::buildApiLink('threads/new'), 'posts' => XenForo_Link::buildApiLink('posts'), 'users' => XenForo_Link::buildApiLink('users'), 'batch' => XenForo_Link::buildApiLink('batch'), 'subscriptions' => XenForo_Link::buildApiLink('subscriptions'), 'oauth_authorize' => XenForo_Link::buildApiLink('oauth/authorize', array(), array('oauth_token' => '')), 'oauth_token' => XenForo_Link::buildApiLink('oauth/token', array(), array('oauth_token' => ''))), 'system_info' => $systemInfo);
return $this->responseData('bdApi_ViewApi_Index', $data);
}
public static function getRequestUrl(array $provider, $redirectUri, array $extraParams = array())
{
$url = call_user_func_array('sprintf', array('%s/index.php?oauth/authorize/&client_id=%s&redirect_uri=%s&response_type=code&scope=%s', rtrim($provider['root'], '/'), rawurlencode($provider['client_id']), rawurlencode($redirectUri), rawurlencode(self::SCOPE)));
if (XenForo_Application::getConfig()->get(bdApiConsumer_Option::CONFIG_TRACK_AUTHORIZE_URL_STATE) && !isset($extraParams['state'])) {
$extraParams['state'] = base64_encode(json_encode(array('time' => XenForo_Application::$time, 'ip' => XenForo_Helper_Ip::convertIpBinaryToString(XenForo_Application::getSession()->get('ip')))));
}
foreach ($extraParams as $key => $value) {
$url .= sprintf('&%s=%s', $key, rawurlencode($value));
}
return $url;
}
protected function _body()
{
$visitor = XenForo_Visitor::getInstance();
$sessionId = XenForo_Application::getSession()->getSessionId();
if (isset($visitor['parent_session']) && $visitor['parent_session'] && $visitor['parent_session'] == $sessionId) {
$pattern = '#<fieldset id="moderatorBar">\\s*<div class="pageWidth">\\s*<div class="pageContent">#Us';
if (!preg_match($pattern, $this->_contents)) {
$this->_prependTemplate('moderator_bar');
}
$this->_appendTemplateAtPattern($pattern, 'th_moderator_bar_logged_in_parentalcontrol');
}
}
public function actionWfLayoutEditor()
{
if (!XenForo_Application::isRegistered('session')) {
return $this->responseNoPermission();
}
$session = XenForo_Application::getSession();
$visitor = XenForo_Visitor::getInstance();
if (!$visitor->hasAdminPermission('style')) {
return $this->responseNoPermission();
}
$session->set('_WidgetFramework_layoutEditor', !WidgetFramework_Option::get('layoutEditorEnabled'));
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $this->getDynamicRedirect());
}
public static function getUnreadCount()
{
if ($userId = XenForo_Visitor::getUserId()) {
if (XenForo_Application::isRegistered('session')) {
$session = XenForo_Application::getSession();
$unreadPostCount = $session->get('unreadPostCount');
if (is_array($unreadPostCount)) {
return intval($unreadPostCount['count']);
}
}
}
return 0;
}
public function actionLogin()
{
$data = $this->_input->filter(array('login' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'remember' => XenForo_Input::UINT, 'register' => XenForo_Input::UINT, 'redirect' => XenForo_Input::STRING, 'cookie_check' => XenForo_Input::UINT, 'postData' => XenForo_Input::JSON_ARRAY));
if ($data['register'] || $data['password'] === '') {
return $this->responseReroute('XenForo_ControllerPublic_Register', 'index');
}
$redirect = $data['redirect'] ? $data['redirect'] : $this->getDynamicRedirectIfNot(XenForo_Link::buildPublicLink('login'));
if (XenForo_Visitor::getUserId()) {
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
}
$this->_assertPostOnly();
$loginModel = $this->_getLoginModel();
if ($data['cookie_check'] && count($_COOKIE) == 0) {
// login came from a page, so we should at least have a session cookie.
// if we don't, assume that cookies are disabled
return $this->_loginErrorResponse(new XenForo_Phrase('cookies_required_to_log_in_to_site'), $data['login'], true, $redirect);
}
$needCaptcha = $loginModel->requireLoginCaptcha($data['login']);
if ($needCaptcha) {
switch (XenForo_Application::getOptions()->loginLimit) {
case 'captcha':
if (!XenForo_Captcha_Abstract::validateDefault($this->_input, true)) {
return $this->_loginErrorResponse(new XenForo_Phrase('did_not_complete_the_captcha_verification_properly'), $data['login'], true, $redirect, $data['postData']);
}
break;
case 'block':
return $this->_loginErrorResponse(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts'), $data['login'], true, $redirect, $data['postData']);
break;
}
}
$userModel = $this->_getUserModel();
$userId = $userModel->validateAuthentication($data['login'], $data['password'], $error);
if (!$userId) {
$loginModel->logLoginAttempt($data['login']);
return $this->_loginErrorResponse($error, $data['login'], $needCaptcha || $loginModel->requireLoginCaptcha($data['login']), $redirect, $data['postData']);
}
$loginModel->clearLoginAttempts($data['login']);
if ($data['remember']) {
$userModel->setUserRememberCookie($userId);
}
XenForo_Model_Ip::log($userId, 'user', $userId, 'login');
$userModel->deleteSessionActivity(0, $this->_request->getClientIp(false));
$visitor = XenForo_Visitor::setup($userId);
XenForo_Application::getSession()->userLogin($userId, $visitor['password_date']);
if ($data['postData']) {
return $this->responseView('XenForo_ViewPublic_Login_PostRedirect', 'login_post_redirect', array('postData' => $data['postData'], 'redirect' => $redirect));
} else {
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
}
}
public static function loadControllerListener($controller, $action)
{
if (!self::$_triggered) {
self::$_triggered = true;
if (XenForo_Visitor::getUserId() > 0) {
// logged in user
if (XenForo_Application::isRegistered('session')) {
$session = XenForo_Application::getSession();
if (!$session->get('analyticsClientSet')) {
$request = $controller->getRequest();
if (!($clientId = $request->getCookie('_ga'))) {
$clientId = 'DP.' . uniqid('', true);
}
$session->set('analyticsClientSet', $clientId);
if ($clientId) {
$writer = XenForo_DataWriter::create('XenForo_DataWriter_User');
$writer->setExistingData(XenForo_Visitor::getUserId());
$writer->setOption(XenForo_DataWriter_User::OPTION_ADMIN_EDIT, true);
if (XenForo_Application::$versionId >= 1030000) {
$writer->setOption(XenForo_DataWriter_User::OPTION_LOG_CHANGES, false);
}
$writer->setCustomFields(array('analytics_cid' => $clientId));
$writer->save();
}
} elseif (XenForo_Application::getOptions()->dpAnalyticsTrackBlocked != 'never') {
// logged in user without an Analytics cookie
$clientId = $session->get('analyticsClientSet');
if (substr($clientId, 0, 3) == 'DP.') {
self::$backendLogging = $clientId;
}
}
}
} elseif (XenForo_Application::isRegistered('session')) {
$session = XenForo_Application::getSession();
if (!($clientId = $session->get('analyticsClientSet'))) {
$request = $controller->getRequest();
if (!($clientId = $request->getCookie('_ga'))) {
$clientId = 'DP.' . uniqid('', true);
}
$session->set('analyticsClientSet', $clientId);
}
// no Analytics cookie
if (substr($clientId, 0, 3) == 'DP.') {
if (XenForo_Application::getOptions()->dpAnalyticsTrackBlocked == 'guests' && !$session->get('robotId') || XenForo_Application::getOptions()->dpAnalyticsTrackBlocked == 'everyone') {
self::$backendLogging = $clientId;
}
}
}
}
}
public function getUserForTfaCheck()
{
$session = XenForo_Application::getSession();
$loginUserId = $session->get('tfaLoginUserId');
if (XenForo_Visitor::getUserId() || !$loginUserId) {
return null;
}
$tfaLoginDate = $session->get('tfaLoginDate');
if (!$tfaLoginDate || time() - $tfaLoginDate > 900) {
return null;
}
$user = $this->_getUserModel()->getFullUserById($loginUserId);
if (!$user) {
return null;
}
return $user;
}
protected function _postSaveAfterTransaction()
{
parent::_postSaveAfterTransaction();
if (SV_UserPromoOnUpdate_Globals::$RunPromotion) {
// ensure we don't attempt to run the promotion twice in the same request
SV_UserPromoOnUpdate_Globals::$RunPromotion = false;
$user = $this->getMergedData();
/** @var $promotionModel XenForo_Model_UserGroupPromotion */
$promotionModel = $this->getModelFromCache('XenForo_Model_UserGroupPromotion');
if ($promotionModel->updatePromotionsForUser($user)) {
$visitor = XenForo_Visitor::getInstance();
// awarded promotions, reload session
if (XenForo_Application::isRegistered('session') && $visitor['user_id'] && $visitor['user_id'] == $user['user_id']) {
XenForo_Application::getSession()->set('promotionChecked', true);
XenForo_Visitor::setup($user['user_id'], XenForo_Visitor::getVisitorSetupOptions());
}
}
}
}
public function actionMarkRead()
{
$parent = parent::actionMarkRead();
if ($parent instanceof XenForo_ControllerResponse_Redirect && $this->isConfirmedPost()) {
$session = XenForo_Application::getSession();
/** @var $unreadPostCountModel UnreadPostCount_Model_Unread */
$unreadPostCountModel = $this->getModelFromCache('UnreadPostCount_Model_Unread');
$viewableNodes = XenForo_Model::create('XenForo_Model_Node')->getViewableNodeList();
$nodeIds = array();
foreach ($viewableNodes as $key => $node) {
if ($node['node_type_id'] == 'Forum') {
$nodeIds[$key] = $key;
}
}
$unreadPosts = $unreadPostCountModel->getUnreadPostCount(XenForo_Visitor::getUserId(), $nodeIds);
$unreadPostCount = array('post_ids' => $unreadPosts['unread'], 'count' => $unreadPosts['count'], 'last_update' => XenForo_Application::$time);
$session->set('unreadPostCount', $unreadPostCount);
}
return $parent;
}
public function markThreadRead(array $thread, array $forum, $readDate, array $viewingUser = null)
{
$parent = parent::markThreadRead($thread, $forum, $readDate, $viewingUser);
if (XenForo_Application::isRegistered('session') && XenForo_Visitor::getUserId()) {
$session = XenForo_Application::getSession();
$unreadPostCount = $session->get('unreadPostCount');
if (isset($unreadPostCount['post_ids']) && $thread['discussion_state'] == 'visible') {
unset($unreadPostCount['post_ids'][$thread['thread_id']]);
$postIds = array();
foreach ($unreadPostCount['post_ids'] as $threadId) {
foreach ($threadId as $postId) {
$postIds[] = $postId;
}
}
$unreadPostCount['count'] = count($postIds);
$session->set('unreadPostCount', $unreadPostCount);
}
}
return $parent;
}
public static function controllerPreDispatch(XenForo_Controller $controller, $action)
{
if (XenForo_Application::isRegistered('session') && XenForo_Visitor::getUserId() && $controller instanceof XenForo_ControllerPublic_Abstract && self::$_hasFired === false) {
self::$_hasFired = true;
$session = XenForo_Application::getSession();
/** @var $unreadPostCountModel UnreadPostCount_Model_Unread */
$unreadPostCountModel = XenForo_Model::create('UnreadPostCount_Model_Unread');
$unreadPostCount = $session->get('unreadPostCount');
if ($unreadPostCountModel->needsRecache($unreadPostCount)) {
$viewableNodes = XenForo_Model::create('XenForo_Model_Node')->getViewableNodeList();
$nodeIds = array();
foreach ($viewableNodes as $key => $node) {
if ($node['node_type_id'] == 'Forum') {
$nodeIds[$key] = $key;
}
}
$unreadPosts = $unreadPostCountModel->getUnreadPostCount(XenForo_Visitor::getUserId(), $nodeIds);
$unreadPostCount = array('post_ids' => $unreadPosts['unread'], 'count' => $unreadPosts['count'], 'last_update' => XenForo_Application::$time);
$session->set('unreadPostCount', $unreadPostCount);
}
}
}
public function actionGetLogout()
{
$redirectUri = $this->_input->filterSingle('redirect_uri', XenForo_Input::STRING);
if (empty($redirectUri)) {
return $this->responseError(new XenForo_Phrase('bdapi_slash_tools_login_requires_redirect_uri'), 400);
}
/* @var $session bdApi_Session */
$session = XenForo_Application::getSession();
$clientId = $session->getOAuthClientId();
if (empty($clientId)) {
$this->_response->setHeader('X-Api-Logout-Error', 'client_id');
return $this->responseNoPermission();
}
if (!$session->isValidRedirectUri($redirectUri)) {
$this->_response->setHeader('X-Api-Logout-Error', 'redirect_uri');
return $this->responseNoPermission();
}
$logoutLinkData = array('redirect' => $redirectUri, '_xfToken' => XenForo_Visitor::getInstance()->get('csrf_token_page'), 'timestamp' => XenForo_Application::$time + 10);
$logoutLinkData['md5'] = bdApi_Crypt::encryptTypeOne(md5($logoutLinkData['redirect']), $logoutLinkData['timestamp']);
$logoutLink = XenForo_Link::buildPublicLink('logout', '', $logoutLinkData);
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL_PERMANENT, $logoutLink);
}
public function handleManage(XenForo_Controller $controller, array $user, array $providerData)
{
$input = $controller->getInput();
$request = $controller->getRequest();
$session = XenForo_Application::getSession();
$newProviderData = null;
$newTriggerData = null;
$showSetup = false;
if ($controller->isConfirmedPost()) {
$sessionKey = 'tfaData_totp';
if ($input->filterSingle('regen', XenForo_Input::BOOLEAN)) {
$newProviderData = $this->generateInitialData($user, array());
$newTriggerData = $this->triggerVerification('setup', $user, $request->getClientIp(false), $newProviderData);
$session->set($sessionKey, $newProviderData);
$showSetup = true;
} else {
if ($input->filterSingle('confirm', XenForo_Input::BOOLEAN)) {
$newProviderData = $session->get($sessionKey);
if (!is_array($newProviderData)) {
return null;
}
if (!$this->verifyFromInput('setup', $input, $user, $newProviderData)) {
return $controller->responseError(new XenForo_Phrase('two_step_verification_value_could_not_be_confirmed'));
}
/** @var XenForo_Model_Tfa $tfaModel */
$tfaModel = XenForo_Model::create('XenForo_Model_Tfa');
$tfaModel->enableUserTfaProvider($user['user_id'], $this->_providerId, $newProviderData);
$session->remove($sessionKey);
return null;
} else {
return null;
}
}
}
$viewParams = array('provider' => $this, 'providerId' => $this->_providerId, 'user' => $user, 'providerData' => $providerData, 'newProviderData' => $newProviderData, 'newTriggerData' => $newTriggerData, 'showSetup' => $showSetup);
return $controller->responseView('XenForo_ViewPublic_Account_Tfa_TotpManage', 'account_two_step_totp_manage', $viewParams);
}
/**
* Registers a new account (or associates with an existing one) using Google.
*
* @return XenForo_ControllerResponse_Abstract
*/
public function actionGoogleRegister()
{
$this->_assertPostOnly();
$session = XenForo_Application::getSession();
$credentials = $session->get('googleCredentials');
if (!$credentials) {
return $this->responseError(new XenForo_Phrase('you_did_not_grant_permission_to_access_external_account'));
}
$userExternalModel = $this->_getUserExternalModel();
$doAssoc = $this->_input->filterSingle('associate', XenForo_Input::STRING) || $this->_input->filterSingle('force_assoc', XenForo_Input::UINT);
$redirect = XenForo_Application::getSession()->get('loginRedirect');
if (!$redirect) {
$redirect = $this->getDynamicRedirect(false, false);
}
if ($doAssoc) {
$userId = $this->_associateExternalAccount();
$userExternalModel->updateExternalAuthAssociation('google', $credentials['basic']['sub'], $userId, $credentials['extra']);
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
}
$googleUser = $credentials['user'];
$data = $this->_input->filter(array('username' => XenForo_Input::STRING, 'timezone' => XenForo_Input::STRING, 'location' => XenForo_Input::STRING, 'dob_day' => XenForo_Input::UINT, 'dob_month' => XenForo_Input::UINT, 'dob_year' => XenForo_Input::UINT));
$data['email'] = $credentials['basic']['email'];
if (!empty($googleUser['currentLocation'])) {
$data['location'] = $googleUser['currentLocation'];
} else {
if (!empty($googleUser['placesLived']) && is_array($googleUser['placesLived'])) {
foreach ($googleUser['placesLived'] as $place) {
if (!empty($place['primary'])) {
$data['location'] = $place['value'];
break;
}
}
}
}
if (isset($googleUser['gender'])) {
switch ($googleUser['gender']) {
case 'male':
case 'female':
$data['gender'] = $googleUser['gender'];
break;
}
}
if (!empty($googleUser['birthday'])) {
$birthday = $this->_validateBirthdayString($googleUser['birthday'], 'y-m-d');
if ($birthday) {
$data['dob_year'] = $birthday[0];
$data['dob_month'] = $birthday[1];
$data['dob_day'] = $birthday[2];
}
}
$writer = $this->_setupExternalUser($data);
if (!$this->_validateBirthdayInput($writer, $birthdayError)) {
$writer->error($birthdayError);
}
$spamModel = $this->_runSpamCheck($writer);
$writer->advanceRegistrationUserState(false);
$writer->save();
$user = $writer->getMergedData();
$spamModel->logSpamTrigger('user', $user['user_id']);
if (!empty($googleUser['image']['url']) && $this->_canApplyAvatar()) {
try {
// get the original size
$url = preg_replace('/(\\?|&)sz=\\d+/', '', $googleUser['image']['url']);
$request = XenForo_Helper_Http::getClient($url)->request();
$avatarData = $request->getBody();
} catch (Exception $e) {
$avatarData = '';
}
$this->_applyAvatar($user, $avatarData);
}
$userExternalModel->updateExternalAuthAssociation('google', $credentials['basic']['sub'], $user['user_id'], $credentials['extra']);
return $this->_completeRegistration($user);
}
public function actionAccountsfreedomRegister()
{
$this->_assertPostOnly();
$session = XenForo_Application::getSession();
$accountsToken = $session->get('accountsToken');
$accountsUser = $session->get('accountsUser');
if (empty($accountsUser['user_id'])) {
return $this->responseError(new XenForo_Phrase('accountsfreedom_error_occurred_while_connecting_with_accountsfreedom4'));
}
$userExternalModel = $this->_getUserExternalModel();
$redirect = XenForo_Application::getSession()->get('loginRedirect');
if (!$redirect) {
$redirect = $this->getDynamicRedirect(false, false);
}
$doAssoc = $this->_input->filterSingle('associate', XenForo_Input::STRING) || $this->_input->filterSingle('force_assoc', XenForo_Input::UINT);
if ($doAssoc) {
$userId = $this->_associateExternalAccount();
$userExternalModel->updateExternalAuthAssociation('accountsfreedom', $accountsUser['user_id'], $userId, array('token' => $accountsToken));
$session->remove('loginRedirect');
$session->remove('accountsToken');
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
}
$data = $this->_input->filter(array('username' => XenForo_Input::STRING, 'timezone' => XenForo_Input::STRING, 'location' => XenForo_Input::STRING, 'email' => XenForo_Input::STRING));
if (isset($accountsUser['gender'])) {
switch ($accountsUser['gender']) {
case 'man':
case 'male':
$data['gender'] = 'male';
break;
case 'woman':
case 'female':
$data['gender'] = 'female';
break;
}
}
if (!empty($accountsUser['birthday'])) {
$birthday = $this->_validateBirthdayString($accountsUser['birthday'], 'm/d/y');
if ($birthday) {
$data['dob_year'] = $birthday[0];
$data['dob_month'] = $birthday[1];
$data['dob_day'] = $birthday[2];
}
}
if (!empty($accountsUser['website'])) {
list($website) = preg_split('/\\r?\\n/', $accountsUser['website']);
if ($website && Zend_Uri::check($website)) {
$data['homepage'] = $website;
}
}
if (!empty($accountsUser['location']['name'])) {
$data['location'] = $accountsUser['location']['name'];
}
$writer = $this->_setupExternalUser($data);
/*if (!$this->_validateBirthdayInput($writer, $birthdayError))
{
$writer->error($birthdayError);
}*/
$spamModel = $this->_runSpamCheck($writer);
$writer->advanceRegistrationUserState(false);
$writer->save();
$user = $writer->getMergedData();
$spamModel->logSpamTrigger('user', $user['user_id']);
try {
$avatarData = file_get_contents($accountsUser['profile_picture']);
} catch (Exception $e) {
$avatarData = '';
}
if ($avatarData) {
$this->_applyAvatar($user, $avatarData);
}
$userExternalModel->updateExternalAuthAssociation('accountsfreedom', $accountsUser['user_id'], $user['user_id'], array('token' => $accountsToken));
$session->remove('loginRedirect');
$session->remove('accountsToken');
$session->remove('accountsUser');
return $this->_completeRegistration($user, array('redirect' => $redirect));
}
