public function getAttachmentTempHash(array $contentData = array()) { $prefix = ''; $inputHash = $this->_controller->getInput()->filterSingle('attachment_hash', XenForo_Input::STRING); if (!empty($inputHash)) { $prefix = sprintf('hash%s', $inputHash); } elseif (!empty($contentData['post_id'])) { $prefix = sprintf('post%d', $contentData['post_id']); } elseif (!empty($contentData['thread_id'])) { $prefix = sprintf('thread%d', $contentData['thread_id']); } elseif (!empty($contentData['forum_id'])) { $prefix = sprintf('node%d', $contentData['forum_id']); } elseif (!empty($contentData['node_id'])) { $prefix = sprintf('node%d', $contentData['node_id']); } elseif (!empty($contentData['message_id'])) { $prefix = sprintf('message%d', $contentData['message_id']); } elseif (!empty($contentData['conversation_id'])) { $prefix = sprintf('conversation%d', $contentData['conversation_id']); } /* @var $session bdApi_Session */ $session = XenForo_Application::getSession(); $clientId = $session->getOAuthClientId(); $visitorUserId = XenForo_Visitor::getUserId(); return md5(sprintf('prefix%s_client%s_visitor%d_salt%s', $prefix, $clientId, $visitorUserId, XenForo_Application::getConfig()->get('globalSalt'))); }
public function bdApi_actionPostVotes(array $poll, bdApi_ControllerApi_Abstract $controller) { if (!$this->canVoteOnPoll($poll, $errorPhraseKey)) { throw $controller->getErrorOrNoPermissionResponseException($errorPhraseKey); } $responseIds = $controller->getInput()->filterSingle('response_ids', XenForo_Input::UINT, array('array' => true)); $responseId = $controller->getInput()->filterSingle('response_id', XenForo_Input::UINT); if ($responseId > 0) { $responseIds[] = $responseId; $responseIds = array_unique($responseIds); } if (empty($responseIds)) { if (!$responseIds) { return $controller->responseError(new XenForo_Phrase('bdapi_slash_poll_vote_requires_response_id')); } } if ($poll['max_votes'] > 0 && count($responseIds) > $poll['max_votes']) { return $controller->responseError(new XenForo_Phrase('you_may_select_up_to_x_choices', array('max' => $poll['max_votes']))); } if ($this->voteOnPoll($poll['poll_id'], $responseIds)) { return $controller->responseMessage(new XenForo_Phrase('changes_saved')); } else { return $controller->responseError(new XenForo_Phrase('unexpected_error_occurred')); } }
protected function _checkUserCredentials_runTfaValidation($userId) { if ($userId < 1 || XenForo_Application::$versionId < 1050000) { return true; } if ($this->_controller === null) { // since XenForo 1.5+, $_controller must be set to check for two factor authentication // otherwise, deny access immediately return false; } /** @var XenForo_ControllerHelper_Login $loginHelper */ $loginHelper = $this->_controller->getHelper('Login'); $user = $this->_model->getUserModel()->getFullUserById($userId); if (!$loginHelper->userTfaConfirmationRequired($user)) { return true; } /** @var XenForo_Model_Tfa $tfaModel */ $tfaModel = $this->_model->getModelFromCache('XenForo_Model_Tfa'); $providers = $tfaModel->getTfaConfigurationForUser($user['user_id'], $userData); if (empty($providers)) { return true; } $this->_server->actionOauthToken_setTfaProviders($providers); $tfaProvider = $this->_controller->getInput()->filterSingle('tfa_provider', XenForo_Input::STRING); if (strlen($tfaProvider) === 0) { return false; } $tfaTrigger = $this->_controller->getInput()->filterSingle('tfa_trigger', XenForo_Input::BOOLEAN); if ($tfaTrigger) { $loginHelper->triggerTfaCheck($user, $tfaProvider, $providers, $userData); throw $this->_controller->responseException($this->_controller->responseMessage(new XenForo_Phrase('changes_saved'))); } $loginHelper->assertNotTfaAttemptLimited($user['user_id']); if ($loginHelper->runTfaValidation($user, $tfaProvider, $providers, $userData) === true) { return true; } throw $this->_controller->responseException($this->_controller->responseError(new XenForo_Phrase('two_step_verification_value_could_not_be_confirmed'))); }