public function __construct()
{
// in collapsed form, we want to be able to load API classes
$core_path = vB5_Config::instance()->core_path;
vB5_Autoloader::register($core_path);
vB::init();
$request = new vB_Request_Test(array('userid' => 1, 'ipAddress' => '127.0.0.1', 'altIp' => '127.0.0.1', 'userAgent' => 'CLI'));
vB::setRequest($request);
$request->createSession();
}
/**
* This enables a light session. The main issue is that we skip testing control panel, last activity, and shutdown queries.
*/
public function init()
{
if ($this->initialized) {
return true;
}
//initialize core
$core_path = vB5_Config::instance()->core_path;
require_once $core_path . '/vb/vb.php';
vB::init();
$request = new vB_Request_WebApi();
vB::setRequest($request);
$config = vB5_Config::instance();
$cookiePrefix = $config->cookie_prefix;
$checkTimeout = false;
if (empty($_COOKIE[$cookiePrefix . 'sessionhash'])) {
$sessionhash = false;
if (!empty($_REQUEST['s'])) {
$sessionhash = (string) $_REQUEST['s'];
$checkTimeout = true;
}
} else {
$sessionhash = $_COOKIE[$cookiePrefix . 'sessionhash'];
}
if (empty($_COOKIE[$cookiePrefix . 'cpsession'])) {
$cphash = false;
} else {
$cphash = $_COOKIE[$cookiePrefix . 'cpsession'];
}
if (empty($_COOKIE[$cookiePrefix . 'languageid'])) {
$languageid = 0;
} else {
$languageid = $_COOKIE[$cookiePrefix . 'languageid'];
}
vB_Api_Session::startSessionLight($sessionhash, $cphash, $languageid, $checkTimeout);
$this->initialized = true;
}
/** This is the standard way to initialize an application
*
* @param string location of the configuration file
*
* @return this application object
*/
public static function init($configFile)
{
self::$instance = new vB5_Frontend_ApplicationLight();
$config = vB5_Config::instance();
$config->loadConfigFile($configFile);
$corePath = vB5_Config::instance()->core_path;
//this will be set by vb::init
//define('CWD', $corePath);
define('CSRF_PROTECTION', true);
define('VB_AREA', 'Presentation');
require_once $corePath . "/vb/vb.php";
vB::init();
vB::setRequest(new vB_Request_WebApi());
self::ajaxCharsetConvert();
return self::$instance;
}
$api_sig = trim($_REQUEST['api_sig']);
$api_version = intval($_REQUEST['api_v']);
global $VB_API_PARAMS_TO_VERIFY, $VB_API_REQUESTS;
if (empty($api_m) || $api_version >= VB5_API_VERSION_START && !strpos($api_m, '.') && !strstr($api_m, 'api_init')) {
header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
header("Connection: Close");
die;
}
unset($_GET['']);
// See VBM-835
$VB_API_PARAMS_TO_VERIFY = $_GET;
unset($VB_API_PARAMS_TO_VERIFY['api_c'], $VB_API_PARAMS_TO_VERIFY['api_v'], $VB_API_PARAMS_TO_VERIFY['api_s'], $VB_API_PARAMS_TO_VERIFY['api_sig'], $VB_API_PARAMS_TO_VERIFY['debug'], $VB_API_PARAMS_TO_VERIFY['showall'], $VB_API_PARAMS_TO_VERIFY['do'], $VB_API_PARAMS_TO_VERIFY['r']);
ksort($VB_API_PARAMS_TO_VERIFY);
$VB_API_REQUESTS = array('api_m' => $api_m, 'api_version' => $api_version, 'api_c' => $api_c, 'api_s' => $api_s, 'api_sig' => $api_sig);
$request = new vB_Request_Api();
vB::setRequest($request);
try {
$request->createSession($VB_API_PARAMS_TO_VERIFY, $VB_API_REQUESTS);
} catch (Exception $e) {
if ($e instanceof vB_Exception_Api) {
print_apierror($e->get_errors(), $e->getMessage());
} else {
print_apierror($e->getMessage());
}
}
$api_m = trim($_REQUEST['api_m']);
// API Version
if (!$api_version) {
$api_version = VB_API_VERSION;
}
if ($api_version < VB_API_VERSION_MIN) {
echo 'VB_AREA and THIS_SCRIPT must be defined to continue';
exit;
}
// start the page generation timer
define('TIMESTART', microtime(true));
// set the current unix timestamp
define('TIMENOW', time());
// Define safe_mode
define('SAFEMODE', (@ini_get('safe_mode') == 1 or strtolower(@ini_get('safe_mode')) == 'on') ? true : false);
// #############################################################################
// fetch the core includes
if (!class_exists('vB')) {
require_once dirname(__FILE__) . '/../vb/vb.php';
}
vB::init();
vB::setRequest(new vB_Request_Web());
require_once CWD . '/includes/class_core.php';
// initialize the data registry
global $vbulletin;
$vbulletin = vB::get_registry();
$vb5_config =& vB::getConfig();
if ($vb5_config['Misc']['debug']) {
restore_error_handler();
}
$db =& $vbulletin->db;
require_once DIR . '/includes/functions.php';
if (defined('DEMO_MODE') and DEMO_MODE and function_exists('vbulletin_demo_init_db')) {
vbulletin_demo_init_db();
}
// #############################################################################
// fetch options and other data from the datastore
public function init()
{
if ($this->initialized) {
return true;
}
//initialize core
$core_path = vB5_Config::instance()->core_path;
require_once $core_path . '/vb/vb.php';
vB::init();
$request = new vB_Request_WebApi();
vB::setRequest($request);
// When we reach here, there's no user information loaded. What we can do is trying to load language from cookies.
// Shouldn't use vB5_User::getLanguageId() as it will try to load userinfo from session
$languageid = vB5_Cookie::get('languageid', vB5_Cookie::TYPE_UINT);
if ($languageid) {
$request->setLanguageid($languageid);
}
$sessionhash = vB5_Cookie::get('sessionhash', vB5_Cookie::TYPE_STRING);
$restoreSessionInfo['userid'] = vB5_Cookie::get('userid', vB5_Cookie::TYPE_STRING);
$restoreSessionInfo['remembermetoken'] = vB5_Cookie::get('password', vB5_Cookie::TYPE_STRING);
$remembermetokenOrig = $restoreSessionInfo['remembermetoken'];
$retry = false;
if ($restoreSessionInfo['remembermetoken'] == 'facebook-retry') {
$restoreSessionInfo['remembermetoken'] = 'facebook';
$retry = true;
}
//We normally don't allow the use of the backend classes in the front end, but the
//rules are relaxed inside the api class and especially in the bootstrap dance of getting
//things set up. Right now getting at the options in the front end is nasty, but I don't
//want the backend dealing with cookies if I can help it (among other things it makes
//it nasty to handle callers of the backend that don't have cookies). But we need
//so information to determine what the cookie name is. This is the least bad way
//of handling things.
$options = vB::getDatastore()->getValue('options');
if ($options['facebookactive'] and $options['facebookappid']) {
//this is not a vB cookie so it doesn't use our prefix -- which the cookie class adds automatically
$cookie_name = 'fbsr_' . $options['facebookappid'];
$restoreSessionInfo['fb_signed_request'] = isset($_COOKIE[$cookie_name]) ? strval($_COOKIE[$cookie_name]) : '';
}
$session = $request->createSessionNew($sessionhash, $restoreSessionInfo);
if ($session['sessionhash'] !== $sessionhash) {
vB5_Cookie::set('sessionhash', $session['sessionhash'], 0, true);
}
//redirect to handle a stale FB cookie when doing a FB "remember me".
//only do it once to prevent redirect loops -- don't try this with
//posts since we'd lose the post data in that case
//
//Some notes on the JS code (don't want them in the JS inself to avoid
//increasing what gets sent to the browser).
//1) This code is deliberately designed to avoid using subsystems that
// would increase the processing time for something that doesn't need it
// (we even avoid initializing JQUERY here). This is the reason it is
// inline and not in a template.
//2) The code inits the FB system which will create update the cookie
// if it is able to validate the user. The cookie is what we are after.
// We use getLoginStatus instead of setting status to true because
// the latter introduces a race condition were we can do the redirect
// before the we've fully initialized and updated the cookie. The
// explicit call to getLoginStatus allows us to redirect when the
// status is obtained.
//3) If we fail to update the cookie we catch that when we try to
// create the vb session (which is why we only allow one retry)
//4) The JS here should *never* prompt the user, assuming the FB
// docs are correct.
//5) If the FB version is changed it needs to changed in the
// FB library class and the facebook.js file
if (strtolower($_SERVER['REQUEST_METHOD']) == 'get' and vB::getCurrentSession()->get('userid') == 0 and $options['facebookactive'] and $options['facebookappid'] and $restoreSessionInfo['remembermetoken'] == 'facebook') {
if (!$retry) {
//if this isn't a retry, then do a redirect
vB5_Auth::setRememberMeCookies('facebook-retry', $restoreSessionInfo['userid']);
$fbredirect = "\n\t\t\t\t\t<!DOCTYPE html>\n\t\t\t\t\t<html>\n\t\t\t\t\t<head>\n\t\t\t\t\t\t<script type='text/javascript' src='//connect.facebook.net/en_US/sdk.js'></script>\n\t\t\t\t\t\t<script type='text/javascript'>\n\t\t\t\t\t\t\tFB.init({\n\t\t\t\t\t\t\t\tappId : '{$options['facebookappid']}',\n\t\t\t\t\t\t\t\tversion : 'v2.2',\n\t\t\t\t\t\t\t\tstatus : false,\n\t\t\t\t\t\t\t\tcookie : true,\n\t\t\t\t\t\t\t\txfbml : false\n\t\t\t\t\t\t\t});\n\n\t\t\t\t\t\t\tFB.getLoginStatus(function(response)\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\twindow.top.location.reload(true);\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t</script>\n\t\t\t\t\t</head>\n\t\t\t\t\t<body></body>\n\t\t\t\t\t</html>\n\t\t\t\t";
echo $fbredirect;
exit;
} else {
//we tried and failed to log in via FB. That probably means that the user
//is logged out of facebook. Let's kill the autolog in so that we stop
//trying to connect via FB
vB5_Auth::setRememberMeCookies('', '');
}
}
//if we have an existing token and if we got a token back from the session that is different then we
//need to update the token in the browser. We shouldn't get a token back if we didn't pass one in but
//we shouldn't depend on that behavior.
if ($session['remembermetoken'] and $session['remembermetoken'] != $remembermetokenOrig) {
vB5_Auth::setRememberMeCookies($session['remembermetoken'], $restoreSessionInfo['userid']);
}
// Try to set cpsession hash to session object if exists
vB::getCurrentSession()->setCpsessionHash(vB5_Cookie::get('cpsession', vB5_Cookie::TYPE_STRING));
// Update lastvisit/lastactivity
$info = vB::getCurrentSession()->doLastVisitUpdate(vB5_Cookie::get('lastvisit', vB5_Cookie::TYPE_UINT), vB5_Cookie::get('lastactivity', vB5_Cookie::TYPE_UINT));
if (!empty($info)) {
// for guests we need to set some cookies
if (isset($info['lastvisit'])) {
vB5_Cookie::set('lastvisit', $info['lastvisit']);
}
if (isset($info['lastactivity'])) {
vB5_Cookie::set('lastactivity', $info['lastactivity']);
}
}
$this->initialized = true;
}
