protected function processQueryString()
{
if (!isset($_SERVER['QUERY_STRING'])) {
$_SERVER['QUERY_STRING'] = '';
}
parse_str($_SERVER['QUERY_STRING'], $params);
if (isset($params['styleid'])) {
$styleid = intval($params['styleid']);
$styleid = $styleid > 0 ? $styleid : 1;
vB5_Cookie::set('userstyleid', $styleid, 0, false);
$prefix = vB5_Config::instance()->cookie_prefix;
$_COOKIE[$prefix . 'userstyleid'] = $styleid;
// set it for the rest of this request as well
}
}
function do_logout()
{
$vbulletin = vB::get_registry();
$userinfo = vB_Api::instance('user')->fetchUserInfo();
$cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('fr_username' => vB_Cleaner::TYPE_STR));
if ($userinfo['userid'] < 1) {
return json_error(ERR_NO_PERMISSION);
}
$tableinfo = $vbulletin->db->query_first("\n\t\tSHOW TABLES LIKE '" . TABLE_PREFIX . "forumrunner_push_users'\n\t\t");
if ($tableinfo) {
$vbulletin->db->query_write("\n\t\t\tDELETE FROM " . TABLE_PREFIX . "forumrunner_push_users\n\t\t\tWHERE fr_username = '******'fr_username']) . "' AND vb_userid = {$userinfo['userid']}\n\t\t\t");
}
vB_User::processLogout();
//
// Properly set cookies on logout
//
$login = array();
$session = vB::getCurrentSession();
$login['sessionhash'] = $session->get('sessionhash');
$login['password'] = $session->get('password');
$login['cpsession'] = $session->get('cpsession');
$login['userid'] = $session->get('userid');
vB5_Cookie::set('cpsession', $login['cpsession'], 30);
vB5_Cookie::set('sessionhash', $login['sessionhash'], 30);
vB5_Cookie::set('password', $login['password'], 30);
vB5_Cookie::set('userid', $login['userid'], 30);
return array('success' => true, 'requires_authentication' => requires_authentication());
}
/**
* This handles all saves of social group data.
*/
public function actionSocialgroup()
{
$fields = array('title', 'description', 'nodeid', 'filedataid', 'invite_usernames', 'parentid', 'invite_userids', 'group_type', 'viewperms', 'commentperms', 'moderate_topics', 'autoparselinks', 'disablesmilies', 'allow_post', 'approve_subscription', 'group_type');
// forum options map
$channelOpts = array('allowsmilies' => 'disablesmilies', 'allowposting' => 'allow_post');
$input = array();
foreach ($fields as $field) {
if (isset($_POST[$field])) {
$input[$field] = $_POST[$field];
}
}
//If this is the "permission" step, we must pass the four checkboxes
if (isset($_POST['next']) and $_POST['next'] == 'contributors') {
foreach (array('moderate_comments', 'autoparselinks', 'disablesmilies', 'allow_post', 'approve_subscription', 'moderate_topics') as $field) {
// channeloptions
if ($idx = array_search($field, $channelOpts)) {
// some options means totally the oppositve than the bf when enable, tweak then
if (isset($_POST[$field])) {
$input['options'][$idx] = in_array($field, array('disablesmilies')) ? 0 : 1;
} else {
$input['options'][$idx] = in_array($field, array('disablesmilies')) ? 1 : 0;
}
}
if (!isset($_POST[$field])) {
$input[$field] = 0;
}
}
}
// default input values
$input['displayorder'] = 1;
$api = Api_InterfaceAbstract::instance();
if (count($input) > 1) {
if (!isset($input['nodeid']) or intval($input['nodeid']) == 0) {
$nodeid = $api->callApi('socialgroup', 'createSocialGroup', array($input));
$url = vB5_Template_Options::instance()->get('options.frontendurl') . '/sgadmin/create/settings';
if (is_array($nodeid) and array_key_exists('errors', $nodeid)) {
$message = $api->callApi('phrase', 'fetch', array('phrases' => $nodeid['errors'][0][0]));
if (empty($message)) {
$message = $api->callApi('phrase', 'fetch', array('phrases' => 'pm_ajax_error_desc'));
}
vB5_ApplicationAbstract::handleFormError(array_pop($message), $url);
}
if (!is_numeric($nodeid) and !empty($nodeid['errors'])) {
$urlparams = array('sgaction' => 'create', 'action2' => 'settings');
$url = $api->callApi('route', 'getUrl', array('sgadmin', $urlparams, array()));
header('Location: ' . vB5_Template_Options::instance()->get('options.frontendurl') . $url);
vB5_Cookie::set('sgadmin_error', $nodeid['errors'][0][0]);
if (isset($input['title'])) {
vB5_Cookie::set('sg_title', $input['title']);
}
if (isset($input['description'])) {
vB5_Cookie::set('sg_description', $input['description']);
}
die;
}
if ($nodeid and !empty($nodeid['errors'])) {
$urlparams = array('sgaction' => 'create', 'action2' => 'settings');
$url = $api->callApi('route', 'getUrl', array('sgadmin', $urlparams, array()));
header('Location: ' . vB5_Template_Options::instance()->get('options.frontendurl') . $url);
vB5_Cookie::set('sgadmin_error', $nodeid['errors'][0][0]);
if (isset($input['title'])) {
vB5_Cookie::set('sg_title', $input['title']);
}
if (isset($input['description'])) {
vB5_Cookie::set('sg_description', $input['description']);
}
die;
}
} else {
if (isset($input['invite_usernames']) and $input['nodeid']) {
$inviteUnames = explode(',', $input['invite_usernames']);
$inviteIds = isset($input['invite_userids']) ? $input['invite_userids'] : array();
$nodeid = $input['nodeid'];
$api->callApi('user', 'inviteMembers', array($inviteIds, $inviteUnames, $nodeid, 'sg_member_to'));
} else {
$nodeid = $input['nodeid'];
unset($input['nodeid']);
$update = $api->callApi('content_channel', 'update', array($nodeid, $input));
// set group type nodeoptions
if (empty($update['errors']) and isset($input['group_type'])) {
$bitfields = array();
switch ($input['group_type']) {
case 2:
$bitfields['invite_only'] = 1;
$bitfields['approve_membership'] = 0;
break;
case 1:
$bitfields['invite_only'] = 0;
$bitfields['approve_membership'] = 0;
break;
default:
$bitfields['invite_only'] = 0;
$bitfields['approve_membership'] = 1;
break;
}
$api->callApi('node', 'setNodeOptions', array($nodeid, $bitfields));
}
//if this is for the permission page we handle differently
}
}
// set_exception_handler(array('vB5_ApplicationAbstract','handleException'));
//
// if (!is_numeric($nodeid) AND !empty($nodeid['errors']))
// {
// throw new exception($nodeid['errors'][0][0]);
// }
} else {
if (isset($_POST['nodeid'])) {
$nodeid = $_POST['nodeid'];
if (isset($_POST['next']) and $_POST['next'] == 'contributors') {
$updates = array();
foreach (array('allow_post', 'moderate_comments', 'autoparselinks', 'disablesmilies', 'approve_subscription') as $bitfield) {
if (empty($_POST[$bitfield])) {
$updates[$bitfield] = 0;
} else {
$updates[$bitfield] = 1;
}
}
$api->callApi('node', 'setNodeOptions', array($nodeid, $updates));
$updates = array();
if (isset($_POST['viewperms'])) {
$updates['viewperms'] = $_POST['viewperms'];
}
if (isset($_POST['commentperms'])) {
$updates['commentperms'] = $_POST['commentperms'];
}
if (!empty($updates)) {
$results = $api->callApi('node', 'setNodePerms', array($nodeid, $updates));
}
}
} else {
$nodeid = 0;
}
}
//If the user clicked Next we go to the permissions page. Otherwise we go to the node.
if (isset($_POST['btnSubmit'])) {
if (isset($_POST['next'])) {
$action2 = $_POST['next'];
} else {
$action2 = 'permissions';
}
if (isset($_POST['sgaction'])) {
$sgaction = $_POST['sgaction'];
} else {
$sgaction = 'admin';
}
$urlparams = array('nodeid' => $nodeid, 'sgaction' => $sgaction, 'action2' => $action2);
$url = $api->callApi('route', 'getUrl', array('sgadmin', $urlparams, array()));
} else {
$node = $api->callApi('node', 'getNode', array('nodeid' => $nodeid));
$url = $api->callApi('route', 'getUrl', array($node['routeid'], array('nodeid' => $nodeid, 'title' => $node['title'], 'urlident' => $node['urlident']), array()));
}
header('Location: ' . vB5_Template_Options::instance()->get('options.frontendurl') . $url);
}
/**
* Checks whether a user with a specific birthday is COPPA
**/
public function actionIscoppa()
{
$vboptions = vB5_Template_Options::instance()->getOptions();
$vboptions = $vboptions['options'];
// Coppaage cookie
if ($vboptions['usecoppa'] and $vboptions['checkcoppa']) {
vB5_Cookie::set('coppaage', $_REQUEST['month'] . '-' . $_REQUEST['day'] . '-' . $_REQUEST['year'], 365, 0);
}
//Note that 0 = wide open
// 1 means COPPA users (under 13) can register but need approval before posting
// 2 means COPPA users cannot register
$api = Api_InterfaceAbstract::instance();
$coppa = $api->callApi('user', 'needsCoppa', array('data' => $_REQUEST));
$this->sendAsJson(array('needcoppa' => $coppa));
}
function fr_set_bbarray_cookie($name, $id, $value)
{
$cookie = vB5_Cookie::get($name, vB5_Cookie::TYPE_STRING);
$cookie = preg_replace('/\\./', '"', $cookie);
$cookie = preg_replace('/-/', ':', $cookie);
$cookie = preg_replace('/_/', ';', $cookie);
$cookie = json_decode($cookie, true);
$cookie[$id] = $value;
$cookie = json_encode($cookie, true);
$cookie = preg_replace('/"/', '.', $cookie);
$cookie = preg_replace('/:/', '-', $cookie);
$cookie = preg_replace('/;/', '_', $cookie);
$cookie = vB5_Cookie::set($name, $cookie, 365);
}
function forumrunner_request($default)
{
define('MCWD', DIR . '/packages/forumrunner');
define('IN_FRNR', true);
header('Content-type: application/json');
if (isset($_REQUEST['d'])) {
error_reporting(E_ALL);
} else {
error_reporting(0);
}
require_once MCWD . '/version.php';
require_once MCWD . '/support/utils.php';
require_once MCWD . '/support/JSON.php';
require_once MCWD . '/include/general_vb.php';
if (file_exists(MCWD . '/branded.php')) {
require_once MCWD . '/branded.php';
}
$processed = process_input(array('cmd' => STRING, 'frv' => STRING, 'frp' => STRING));
if (!$processed['cmd']) {
return json_error(ERR_NO_PERMISSION);
}
$frcl_version = '1.3.3';
$frcl_platform = 'ip';
if (isset($processed['frv'])) {
$frcl_version = $processed['frv'];
}
if (isset($processed['frp'])) {
$frcl_platform = $processed['frp'];
}
require_once MCWD . '/support/common_methods.php';
require_once MCWD . '/support/vbulletin_methods.php';
if (file_exists(MCWD . '/support/other_methods.php')) {
require_once MCWD . '/support/other_methods.php';
}
$json = new Services_JSON();
if (!isset($methods[$processed['cmd']])) {
return json_error(ERR_NO_PERMISSION);
}
if ($methods[$processed['cmd']]['include']) {
require_once MCWD . '/include/' . $methods[$processed['cmd']]['include'];
}
if (isset($_REQUEST['d'])) {
error_reporting(E_ALL);
}
$out = call_user_func($methods[$processed['cmd']]['function']);
if (is_string($out)) {
return $out;
} else {
if (is_array($out)) {
$data = $out;
} else {
if (is_bool($out) && $out) {
$data = array('success' => true);
} else {
return json_error(ERR_NO_PERMISSION);
}
}
}
// If we're here, we have success!
$json_out = array();
$json_out['success'] = true;
$json_out['data'] = $data;
$json_out['ads'] = fr_show_ad();
$userinfo = vB_Api::instance('user')->fetchUserInfo();
// Return Unread PM/Subscribed Threads count
if ($userinfo['userid'] > 0 && $processed['cmd'] != 'get_new_updates' && $processed['cmd'] != 'logout' && $processed['cmd'] != 'login') {
if ($userinfo['userid'] > 0) {
$json_out['pm_notices'] = get_pm_unread();
$json_out['sub_notices'] = get_sub_thread_updates();
}
}
vB5_Cookie::set('lastvisit', vB::getRequest()->getTimeNow(), 365, true);
return $json->encode($json_out);
}
public function init()
{
if ($this->initialized) {
return true;
}
//initialize core
$core_path = vB5_Config::instance()->core_path;
require_once $core_path . '/vb/vb.php';
vB::init();
$request = new vB_Request_WebApi();
vB::setRequest($request);
// When we reach here, there's no user information loaded. What we can do is trying to load language from cookies.
// Shouldn't use vB5_User::getLanguageId() as it will try to load userinfo from session
$languageid = vB5_Cookie::get('languageid', vB5_Cookie::TYPE_UINT);
if ($languageid) {
$request->setLanguageid($languageid);
}
$sessionhash = vB5_Cookie::get('sessionhash', vB5_Cookie::TYPE_STRING);
$restoreSessionInfo['userid'] = vB5_Cookie::get('userid', vB5_Cookie::TYPE_STRING);
$restoreSessionInfo['remembermetoken'] = vB5_Cookie::get('password', vB5_Cookie::TYPE_STRING);
$remembermetokenOrig = $restoreSessionInfo['remembermetoken'];
$retry = false;
if ($restoreSessionInfo['remembermetoken'] == 'facebook-retry') {
$restoreSessionInfo['remembermetoken'] = 'facebook';
$retry = true;
}
//We normally don't allow the use of the backend classes in the front end, but the
//rules are relaxed inside the api class and especially in the bootstrap dance of getting
//things set up. Right now getting at the options in the front end is nasty, but I don't
//want the backend dealing with cookies if I can help it (among other things it makes
//it nasty to handle callers of the backend that don't have cookies). But we need
//so information to determine what the cookie name is. This is the least bad way
//of handling things.
$options = vB::getDatastore()->getValue('options');
if ($options['facebookactive'] and $options['facebookappid']) {
//this is not a vB cookie so it doesn't use our prefix -- which the cookie class adds automatically
$cookie_name = 'fbsr_' . $options['facebookappid'];
$restoreSessionInfo['fb_signed_request'] = isset($_COOKIE[$cookie_name]) ? strval($_COOKIE[$cookie_name]) : '';
}
$session = $request->createSessionNew($sessionhash, $restoreSessionInfo);
if ($session['sessionhash'] !== $sessionhash) {
vB5_Cookie::set('sessionhash', $session['sessionhash'], 0, true);
}
//redirect to handle a stale FB cookie when doing a FB "remember me".
//only do it once to prevent redirect loops -- don't try this with
//posts since we'd lose the post data in that case
//
//Some notes on the JS code (don't want them in the JS inself to avoid
//increasing what gets sent to the browser).
//1) This code is deliberately designed to avoid using subsystems that
// would increase the processing time for something that doesn't need it
// (we even avoid initializing JQUERY here). This is the reason it is
// inline and not in a template.
//2) The code inits the FB system which will create update the cookie
// if it is able to validate the user. The cookie is what we are after.
// We use getLoginStatus instead of setting status to true because
// the latter introduces a race condition were we can do the redirect
// before the we've fully initialized and updated the cookie. The
// explicit call to getLoginStatus allows us to redirect when the
// status is obtained.
//3) If we fail to update the cookie we catch that when we try to
// create the vb session (which is why we only allow one retry)
//4) The JS here should *never* prompt the user, assuming the FB
// docs are correct.
//5) If the FB version is changed it needs to changed in the
// FB library class and the facebook.js file
if (strtolower($_SERVER['REQUEST_METHOD']) == 'get' and vB::getCurrentSession()->get('userid') == 0 and $options['facebookactive'] and $options['facebookappid'] and $restoreSessionInfo['remembermetoken'] == 'facebook') {
if (!$retry) {
//if this isn't a retry, then do a redirect
vB5_Auth::setRememberMeCookies('facebook-retry', $restoreSessionInfo['userid']);
$fbredirect = "\n\t\t\t\t\t<!DOCTYPE html>\n\t\t\t\t\t<html>\n\t\t\t\t\t<head>\n\t\t\t\t\t\t<script type='text/javascript' src='//connect.facebook.net/en_US/sdk.js'></script>\n\t\t\t\t\t\t<script type='text/javascript'>\n\t\t\t\t\t\t\tFB.init({\n\t\t\t\t\t\t\t\tappId : '{$options['facebookappid']}',\n\t\t\t\t\t\t\t\tversion : 'v2.2',\n\t\t\t\t\t\t\t\tstatus : false,\n\t\t\t\t\t\t\t\tcookie : true,\n\t\t\t\t\t\t\t\txfbml : false\n\t\t\t\t\t\t\t});\n\n\t\t\t\t\t\t\tFB.getLoginStatus(function(response)\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\twindow.top.location.reload(true);\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t</script>\n\t\t\t\t\t</head>\n\t\t\t\t\t<body></body>\n\t\t\t\t\t</html>\n\t\t\t\t";
echo $fbredirect;
exit;
} else {
//we tried and failed to log in via FB. That probably means that the user
//is logged out of facebook. Let's kill the autolog in so that we stop
//trying to connect via FB
vB5_Auth::setRememberMeCookies('', '');
}
}
//if we have an existing token and if we got a token back from the session that is different then we
//need to update the token in the browser. We shouldn't get a token back if we didn't pass one in but
//we shouldn't depend on that behavior.
if ($session['remembermetoken'] and $session['remembermetoken'] != $remembermetokenOrig) {
vB5_Auth::setRememberMeCookies($session['remembermetoken'], $restoreSessionInfo['userid']);
}
// Try to set cpsession hash to session object if exists
vB::getCurrentSession()->setCpsessionHash(vB5_Cookie::get('cpsession', vB5_Cookie::TYPE_STRING));
// Update lastvisit/lastactivity
$info = vB::getCurrentSession()->doLastVisitUpdate(vB5_Cookie::get('lastvisit', vB5_Cookie::TYPE_UINT), vB5_Cookie::get('lastactivity', vB5_Cookie::TYPE_UINT));
if (!empty($info)) {
// for guests we need to set some cookies
if (isset($info['lastvisit'])) {
vB5_Cookie::set('lastvisit', $info['lastvisit']);
}
if (isset($info['lastactivity'])) {
vB5_Cookie::set('lastactivity', $info['lastactivity']);
}
}
$this->initialized = true;
}
public static function setRememberMeCookies($rememberMeToken, $userid)
{
vB5_Cookie::set('password', $rememberMeToken, 30);
vB5_Cookie::set('userid', $userid, 30);
}
