public function createSession($userid = 1) { //$this->session = vB_Session_Web::getSession(1); $this->session = new vB_Session_Cli(vB::getDbAssertor(), vB::getDatastore(), vB::getConfig(), $userid); vB::setCurrentSession($this->session); $this->timeNow = time(); }
/** * Processes logins into CP * Adapted from functions_login.php::process_new_login * THIS METHOD DOES NOT SET ANY COOKIES, SO IT CANNOT REPLACE DIRECTLY THE LEGACY FUNCTION * * @static * @param array $auth The userinfo returned by vB_User::verifyAuthentication() * @param string $logintype Currently 'cplogin' only or empty * @param string $cssprefs AdminCP css preferences array * @return array The userinfo returned by vB_User::verifyAuthentication() together with sessionhash and cpsessionhash */ public static function processNewLogin($auth, $logintype = '', $cssprefs = '') { $assertor = vB::getDbAssertor(); $result = array(); if ($session = vB::getCurrentSession() and $session->isCreated() and $session->get('userid') == 0) { // if we just created a session on this page, there's no reason not to use it $newsession = $session; $newsession->set('userid', $auth['userid']); } else { $sessionClass = vB::getRequest()->getSessionClass(); $newsession = call_user_func(array($sessionClass, 'getSession'), $auth['userid']); } $newsession->set('loggedin', 1); if ($logintype == 'cplogin') { $newsession->set('bypass', 1); } else { $newsession->set('bypass', 0); } $newsession->fetch_userinfo(); vB::setCurrentSession($newsession); $result['sessionhash'] = $newsession->get('dbsessionhash'); $usercontext = vB::getUserContext(); if ($usercontext->isAdministrator() or $usercontext->getCanModerate()) { // If the user is admin or moderator, we create the cpsession $cpsession = $newsession->fetchCpsessionHash(); $result['cpsession'] = $cpsession; } // admin control panel or upgrade script login if ($logintype === 'cplogin') { if ($usercontext->hasAdminPermission('cancontrolpanel')) { if ($cssprefs != '') { $admininfo = $assertor->getRow('vBForum:administrator', array('userid' => $auth['userid'])); if ($admininfo) { $admindm = new vB_DataManager_Admin(null, vB_DataManager_Constants::ERRTYPE_SILENT); $admindm->set_existing($admininfo); $admindm->set('cssprefs', $cssprefs); $admindm->save(); } } } } if (defined('VB_API') and VB_API === true) { $apiclient = $newsession->getApiClient(); if ($apiclient['apiclientid'] and $auth['userid']) { $assertor->update('apiclient', array('userid' => intval($auth['userid'])), array('apiclientid' => intval($apiclient['apiclientid']))); } } $result = array_merge($result, $auth); return $result; }
/** * Creates a session for a specific user * * Used to create session for a particular user based on the current * request information. Useful for creating a session after the user logs in. * This will overwrite the current Session in this request class and the * vB current session. * * @param $userid integer The user to create the session for. * @return $session vB_Session The session created. Not that this will be a subclass * of the abstract vB_Session Class */ public function createSessionForUser($userid) { //refactored from vB_User login code //if we currently have a session, get rid of it. $currentSession = vB::getCurrentSession(); if ($currentSession) { $currentSession->delete(); } $sessionClass = $this->getSessionClass(); //these are references so we need to set to locals. $db =& vB::getDbAssertor(); $store =& vB::getDatastore(); $config =& vB::getConfig(); $this->session = call_user_func(array($sessionClass, 'getSession'), $userid, '', $db, $store, $config); vB::setCurrentSession($this->session); return $this->session; }
$vbulletin->GPC[COOKIE_PREFIX . 'skipmobilestyle'] = 1; } elseif (isset($vbulletin->options['mobilestyleid_advanced']) and $styleid == $vbulletin->options['mobilestyleid_advanced'] or isset($vbulletin->options['mobilestyleid_basic']) and $styleid == $vbulletin->options['mobilestyleid_basic']) { vbsetcookie('skipmobilestyle', 0); $vbulletin->GPC[COOKIE_PREFIX . 'skipmobilestyle'] = 0; } } elseif ($mobile_browser_advanced && $vbulletin->options['mobilestyleid_advanced'] && !$vbulletin->GPC[COOKIE_PREFIX . 'skipmobilestyle']) { $styleid = $vbulletin->options['mobilestyleid_advanced']; } elseif ($mobile_browser && $vbulletin->options['mobilestyleid_basic'] && !$vbulletin->GPC[COOKIE_PREFIX . 'skipmobilestyle']) { $styleid = $vbulletin->options['mobilestyleid_basic']; } elseif ($vbulletin->GPC[COOKIE_PREFIX . 'userstyleid']) { $styleid = $vbulletin->GPC[COOKIE_PREFIX . 'userstyleid']; } else { $styleid = 0; } $session = vB_Session::getNewSession(vB::getDbAssertor(), vB::getDatastore(), vB::getConfig(), $sessionhash, $vbulletin->GPC[COOKIE_PREFIX . 'userid'], $vbulletin->GPC[COOKIE_PREFIX . 'password'], $styleid, $languageid); vB::setCurrentSession($session); //needs to go after the session // fetch url of referring page after we have access to vboptions['forumhome'] $vbulletin->url = $vbulletin->input->fetch_url(); define('REFERRER_PASSTHRU', $vbulletin->url); // conditional used in templates to hide things from search engines. $show['search_engine'] = preg_match("#(google|msnbot|yahoo! slurp)#si", $_SERVER['HTTP_USER_AGENT']); $vbulletin->session->doLastVisitUpdate($vbulletin->GPC[COOKIE_PREFIX . 'lastvisit'], $vbulletin->GPC[COOKIE_PREFIX . 'lastactivity']); // Because of Signature Verification, VB API won't need to verify securitytoken // CSRF Protection for POST requests if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST' and !VB_API) { if (empty($_POST) and isset($_SERVER['CONTENT_LENGTH']) and $_SERVER['CONTENT_LENGTH'] > 0) { die('The file(s) uploaded were too large to process.'); } if ($vbulletin->userinfo['userid'] > 0 and defined('CSRF_PROTECTION') and CSRF_PROTECTION === true) { $vbulletin->input->clean_array_gpc('p', array('securitytoken' => vB_Cleaner::TYPE_STR));
/** * starts a new lightweight (no shutdown) guest session and returns the session object. * * @return vB_Session session data. */ public function getGuestSession() { $session = vB_Session_Web::getSession(0, ''); $languageid = vB::getDatastore()->getOption('languageid'); $session->set('languageid', $languageid); vB::skipShutdown(true); vB::setCurrentSession($session); return $session; }