コード例 #1
0
ファイル: Login.php プロジェクト: hahuunguyen/DTUI_201105
 public function actionLogin()
 {
     $this->_assertPostOnly();
     $data = $this->_input->filter(array('login' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'redirect' => XenForo_Input::STRING, 'cookie_check' => XenForo_Input::UINT));
     $redirect = $data['redirect'] ? $data['redirect'] : XenForo_Link::buildAdminLink('index');
     $loginModel = $this->_getLoginModel();
     if ($data['cookie_check'] && count($_COOKIE) == 0) {
         // login came from a page, so we should at least have a session cookie.
         // if we don't, assume that cookies are disabled
         return $this->responseError(new XenForo_Phrase('cookies_required_to_log_in_to_site'));
     }
     $needCaptcha = $loginModel->requireLoginCaptcha($data['login']);
     if ($needCaptcha) {
         // just block logins here instead of using the captcha
         return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts'));
     }
     $userModel = $this->_getUserModel();
     $userId = $userModel->validateAuthentication($data['login'], $data['password'], $error);
     if (!$userId) {
         $loginModel->logLoginAttempt($data['login']);
         if ($loginModel->requireLoginCaptcha($data['login'])) {
             return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts'));
         }
         if ($this->_input->filterSingle('upgrade', XenForo_Input::UINT)) {
             return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
         } else {
             // note - JSON view will return responseError($text)
             return $this->responseView('XenForo_ViewAdmin_Login_Error', 'login_form', array('text' => $error, 'defaultLogin' => $data['login'], 'redirect' => $redirect), array('containerTemplate' => 'LOGIN_PAGE'));
         }
     }
     $loginModel->clearLoginAttempts($data['login']);
     XenForo_Model_Ip::log($userId, 'user', $userId, 'login_admin');
     XenForo_Application::get('session')->changeUserId($userId);
     XenForo_Visitor::setup($userId);
     // if guest on front-end, login there too
     $publicSession = new XenForo_Session();
     $publicSession->start();
     if (!$publicSession->get('user_id')) {
         $publicSession->changeUserId($userId);
         $publicSession->save();
     }
     $visitor = XenForo_Visitor::getInstance();
     // now check that the user will be able to get into the ACP (is_admin)
     if (!$visitor->is_admin) {
         return $this->responseError(new XenForo_Phrase('your_account_does_not_have_admin_privileges'));
     }
     if ($this->_input->filterSingle('repost', XenForo_Input::UINT)) {
         return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect, '', array('repost' => 1, 'postVars' => $this->_input->filterSingle('postVars', XenForo_Input::JSON_ARRAY)));
     } else {
         return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
     }
 }
コード例 #2
0
ファイル: Logout.php プロジェクト: hahuunguyen/DTUI_201105
 /**
  * Single-stage logout procedure
  */
 public function actionIndex()
 {
     $this->_checkCsrfFromToken($this->_input->filterSingle('_xfToken', XenForo_Input::STRING));
     // remove an admin session if we're logged in as the same person
     if (XenForo_Visitor::getInstance()->get('is_admin')) {
         $adminSession = new XenForo_Session(array('admin' => true));
         $adminSession->start();
         if ($adminSession->get('user_id') == XenForo_Visitor::getUserId()) {
             $adminSession->delete();
         }
     }
     $this->getModelFromCache('XenForo_Model_Session')->processLastActivityUpdateForLogOut(XenForo_Visitor::getUserId());
     XenForo_Application::get('session')->delete();
     XenForo_Helper_Cookie::deleteAllCookies(array('session'), array('user' => array('httpOnly' => false)));
     XenForo_Visitor::setup(0);
     $redirect = $this->_input->filterSingle('redirect', XenForo_Input::STRING);
     return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect ? $redirect : XenForo_Link::buildPublicLink('index'));
 }
コード例 #3
0
ファイル: xenforo.php プロジェクト: qexyorg/webMCR-1
 public static function logout()
 {
     self::start();
     if (!self::userLoad()) {
         return;
     }
     if (XenForo_Visitor::getInstance()->get('is_admin')) {
         $adminSession = new XenForo_Session(array('admin' => true));
         $adminSession->start();
         if ($adminSession->get('user_id') == XenForo_Visitor::getUserId()) {
             $adminSession->delete();
         }
     }
     XenForo_Model::create('XenForo_Model_Session')->processLastActivityUpdateForLogOut(XenForo_Visitor::getUserId());
     XenForo_Application::get('session')->delete();
     XenForo_Helper_Cookie::deleteAllCookies(array('session'), array('user' => array('httpOnly' => false)));
     XenForo_Visitor::setup(0);
 }
コード例 #4
0
 public function actionTest()
 {
     $this->assertAdminPermission('user');
     $publicSession = new XenForo_Session();
     $publicSession->start();
     if ($publicSession->get('user_id') != XenForo_Visitor::getUserId()) {
         return $this->responseError(new XenForo_Phrase('please_login_via_public_login_page_before_testing_permissions'));
     }
     if ($this->_request->isPost()) {
         $username = $this->_input->filterSingle('username', XenForo_Input::STRING);
         /* @var $userModel XenForo_Model_User */
         $userModel = $this->getModelFromCache('XenForo_Model_User');
         $user = $userModel->getUserByName($username);
         if (!$user) {
             return $this->responseError(new XenForo_Phrase('requested_user_not_found'), 404);
         }
         $publicSession->set('permissionTest', array('user_id' => $user['user_id'], 'username' => $user['username']));
         $publicSession->save();
         return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildPublicLink('index'));
     } else {
         return $this->responseView('XenForo_ViewAdmin_Permission_Test', 'permission_test');
     }
 }
コード例 #5
0
ファイル: XenForoSDK.php プロジェクト: nickcuper/xenforo-sdk
 public function adminLogout()
 {
     $session = new XenForo_Session(array('admin' => true));
     $session->start();
     if ($session->get('user_id') == $this->getVisitor()->getUserId()) {
         return $session->delete();
     }
     return true;
 }
コード例 #6
0
ファイル: Login.php プロジェクト: Sywooch/forums
 public function actionLogout()
 {
     $fr_username = $this->_input->filterSingle('fr_username', XenForo_Input::STRING);
     if (XenForo_Visitor::getInstance()->get('is_admin')) {
         $admin = new XenForo_Session(array('admin' => true));
         $admin->start();
         if ($admin->get('user_id') == XenForo_Visitor::getUserId()) {
             $admin->delete();
         }
     }
     fr_remove_push_user();
     $this->getModelFromCache('XenForo_Model_Session')->processLastActivityUpdateForLogOut(XenForo_Visitor::getUserId());
     XenForo_Application::get('session')->delete();
     XenForo_Helper_Cookie::deleteAllCookies(array('session'), array('user' => array('httpOnly' => false)));
     XenForo_Visitor::setup(0);
     $requires_authentication = false;
     if (!XenForo_Visitor::getInstance()->hasPermission('general', 'view')) {
         $requires_authentication = true;
     }
     $options = XenForo_Application::get('options');
     if (!$options->boardActive) {
         $requires_authentication = true;
     }
     return array('success' => true, 'requires_authentication' => $requires_authentication);
 }
コード例 #7
0
ファイル: Widget.php プロジェクト: Sywooch/forums
 public function actionReveal()
 {
     $publicSession = new XenForo_Session();
     $publicSession->start();
     if ($publicSession->get('user_id') != XenForo_Visitor::getUserId()) {
         return $this->responseError(new XenForo_Phrase('please_login_via_public_login_page_before_testing_permissions'));
     }
     $publicSession->set('_WidgetFramework_reveal', true);
     $publicSession->save();
     return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildPublicLink('index'));
 }
コード例 #8
0
ファイル: Session.php プロジェクト: hahuunguyen/DTUI_201105
 /**
  * Starts the admin session and sets up the visitor.
  *
  * @param Zend_Controller_Request_Http|null $request
  *
  * @return XenForo_Session
  */
 public static function startAdminSession(Zend_Controller_Request_Http $request = null)
 {
     $session = new XenForo_Session(array('admin' => true));
     $session->start();
     XenForo_Application::set('session', $session);
     XenForo_Visitor::setup($session->get('user_id'));
     return $session;
 }
コード例 #9
0
ファイル: Session.php プロジェクト: burtay/bdApi
 public function start($sessionId = null, $ipAddress = null)
 {
     parent::start($sessionId, $ipAddress);
     /* @var $oauth2Model bdApi_Model_OAuth2 */
     $oauth2Model = XenForo_Model::create('bdApi_Model_OAuth2');
     $helper = bdApi_Template_Helper_Core::getInstance();
     $this->_oauthToken = $oauth2Model->getServer()->getEffectiveToken();
     if (empty($this->_oauthToken) and isset($_REQUEST['oauth_token'])) {
         // added support for one time oauth token
         $parts = explode(',', $_REQUEST['oauth_token']);
         $userId = 0;
         $timestamp = 0;
         $once = '';
         $client = null;
         if (count($parts) == 4) {
             $userId = intval($parts[0]);
             $timestamp = intval($parts[1]);
             $once = $parts[2];
             if ($timestamp >= XenForo_Application::$time) {
                 $client = $oauth2Model->getClientModel()->getClientById($parts[3]);
             }
         }
         if (!empty($client)) {
             if ($userId == 0) {
                 // guest
                 if ($once == md5($userId . $timestamp . $client['client_secret'])) {
                     // make up fake token with full scopes for guest
                     $this->_oauthToken = array('token_id' => 0, 'client_id' => $client['client_id'], 'token_text' => '', 'expire_date' => XenForo_Application::$time, 'issue_date' => XenForo_Application::$time, 'user_id' => $userId, 'scope' => $helper->scopeJoin($oauth2Model->getSystemSupportedScopes()));
                 }
             } else {
                 // user
                 $userTokens = $oauth2Model->getTokenModel()->getTokens(array('user_id' => $userId));
                 foreach ($userTokens as $userToken) {
                     if ($userToken['expire_date'] >= XenForo_Application::$time) {
                         if ($once == md5($userId . $timestamp . $userToken['token_text'] . $client['client_secret'])) {
                             $this->_oauthToken = $userToken;
                         }
                     }
                 }
             }
             if (!empty($this->_oauthToken)) {
                 // oauth token is set using one time token
                 // update the token text to avoid exposing real access token
                 $this->_oauthToken['token_text'] = $_REQUEST['oauth_token'];
             }
         }
     }
     if (!empty($this->_oauthToken)) {
         if (!empty($this->_oauthToken['user_id'])) {
             $this->changeUserId($this->_oauthToken['user_id']);
         }
         $scopes = $helper->scopeSplit($this->_oauthToken['scope']);
         $this->set('scopes', $scopes);
     } else {
         $guestScopes = array();
         if (!bdApi_Option::get('restrictAccess')) {
             $guestScopes[] = bdApi_Model_OAuth2::SCOPE_READ;
         }
         $this->set('scopes', $guestScopes);
     }
 }