public function __call($method, $arguments) { try { $logger = vB::getLogger('api.' . $this->controller . '.' . $method); //check so that we don't var_export large variables when we don't have to if ($logger->isInfoEnabled()) { if (!($ip = vB::getRequest()->getAltIp())) { $ip = vB::getRequest()->getIpAddress(); } $message = str_repeat('=', 80) . "\ncalled {$method} on {$this->controller} from ip {$ip} \n\$arguments = " . var_export($arguments, true) . "\n" . str_repeat('=', 80) . "\n"; $logger->info($message); $logger->info("time: " . microtime(true)); } if ($logger->isTraceEnabled()) { $message = str_repeat('=', 80) . "\n " . $this->getTrace() . str_repeat('=', 80) . "\n"; $logger->trace($message); } $c = $this->api; // This is a hack to prevent method parameter reference error. See VBV-5546 $hackedarguments = array(); foreach ($arguments as $k => &$arg) { $hackedarguments[$k] =& $arg; } $return = call_user_func_array(array(&$c, $method), $hackedarguments); //check so that we don't var_export large variables when we don't have to if ($logger->isDebugEnabled()) { $message = str_repeat('=', 80) . "\ncalled {$method} on {$this->controller}\n\$return = " . var_export($return, true) . "\n" . str_repeat('=', 80) . "\n"; $logger->debug($message); } return $return; } catch (vB_Exception_Api $e) { $errors = $e->get_errors(); $config = vB::getConfig(); if (!empty($config['Misc']['debug'])) { $trace = '## ' . $e->getFile() . '(' . $e->getLine() . ") Exception Thrown \n" . $e->getTraceAsString(); $errors[] = array("exception_trace", $trace); } return array('errors' => $errors); } catch (vB_Exception_Database $e) { $config = vB::getConfig(); if (!empty($config['Misc']['debug']) or vB::getUserContext()->hasAdminPermission('cancontrolpanel')) { $errors = array('Error ' . $e->getMessage()); $trace = '## ' . $e->getFile() . '(' . $e->getLine() . ") Exception Thrown \n" . $e->getTraceAsString(); $errors[] = array("exception_trace", $trace); return array('errors' => $errors); } else { // This text is purposely hard-coded since we don't have // access to the database to get a phrase return array('errors' => array(array('There has been a database error, and the current page cannot be displayed. Site staff have been notified.'))); } } catch (Exception $e) { $errors = array(array('unexpected_error', $e->getMessage())); $config = vB::getConfig(); if (!empty($config['Misc']['debug'])) { $trace = '## ' . $e->getFile() . '(' . $e->getLine() . ") Exception Thrown \n" . $e->getTraceAsString(); $errors[] = array("exception_trace", $trace); } return array('errors' => $errors); } }
public function __construct(&$config, &$db_assertor) { parent::__construct($config, $db_assertor); if (defined('SKIP_DEFAULTDATASTORE')) { $this->cacheableitems = array('options', 'bitfields'); } //this define is only used in this file so move it here. $vb5_config =& vB::getConfig(); if (!empty($vb5_config['Misc']['datastorepath'])) { $this->datastoreLocation = $vb5_config['Misc']['datastorepath']; return; } //It's cool if the user can set this in fileSystem cache and let this pick it up. if (!empty($vb5_config['Cache']['fileCachePath']) and file_exists($vb5_config['Cache']['fileCachePath']) and is_dir($vb5_config['Cache']['fileCachePath'])) { $path = $vb5_config['Cache']['fileCachePath'] . '/datastore'; if (!file_exists($path)) { mkdir($path); file_put_contents($path . '/index.html', ''); } if (is_dir($path)) { if (!file_exists($path . '/datastore_cache.php') and file_exists(DIR . '/includes/datastore/datastore_cache.php')) { copy(DIR . '/includes/datastore/datastore_cache.php', $path . '/datastore_cache.php'); } if (!file_exists($path . 'datastore_cache.php')) { $this->datastoreLocation = $path; } return; } } $this->datastoreLocation = DIR . '/includes/datastore'; }
public function createSession($userid = 1) { //$this->session = vB_Session_Web::getSession(1); $this->session = new vB_Session_Cli(vB::getDbAssertor(), vB::getDatastore(), vB::getConfig(), $userid); vB::setCurrentSession($this->session); $this->timeNow = time(); }
/** * Create a session for this page load * * Should only be called from the Request code. * Will use a reexisting session that matches the session hash * * @param string $sessionhash -- the token given to the client for session handling. If the client has this token they * can use the session. * @param array $restoreSessionInfo -- Information to handle "remember me" logic. * * remembermetoken -- Token value for "remember me". Stored in the "password" cookie for legacy reasons. There are * so special values to indicate that we should reauthentic via a method other than the internal vB remember me * system. * * userid -- user we are remembering * * fbsr_{appid} (optional) -- Only valid if facebook is enabled, and only used if "remembermetoken" is "facebook". */ public static function createSessionNew($sessionhash, $restoreSessionInfo = array()) { $assertor = vB::getDbAssertor(); $datastore = vB::getDatastore(); $config = vB::getConfig(); //this looks weird but its valid. Will create the an instance of whatever session class this was called //on. So vB_Session_Web::createSessionNew() will do the expected thing. $session = new vB_Session_WebApi($assertor, $datastore, $config, $sessionhash, $restoreSessionInfo); return $session; }
public static function createSession($vbApiParamsToVerify, $vBApiRequests) { self::$vBApiParamsToVerify = $vbApiParamsToVerify; self::$vBApiRequests = $vBApiRequests; $assertor = vB::getDbAssertor(); $datastore = vB::getDatastore(); $config = vB::getConfig(); $session = new vB_Session_Api($assertor, $datastore, $config, '', $vbApiParamsToVerify, $vBApiRequests); return $session; }
public static function getSession($userId, $sessionHash = '', &$dBAssertor = null, &$datastore = null, &$config = null) { $dBAssertor = $dBAssertor ? $dBAssertor : vB::getDbAssertor(); $datastore = $datastore ? $datastore : vB::getDatastore(); $config = $config ? $config : vB::getConfig(); $restoreSessionInfo = array('userid' => $userId); $session = new vB_Session_Web($dBAssertor, $datastore, $config, $sessionHash, $restoreSessionInfo); $session->set('userid', $userId); $session->fetch_userinfo(); return $session; }
/** * Constructor protected to enforce singleton use. * @see instance() */ protected function __construct($cachetype) { parent::__construct($cachetype); //get the APC prefix. $config = vB::getConfig(); if (empty($config['Cache']['apcprefix'])) { $this->prefix = $config['Database']['tableprefix']; } else { $this->prefix = $config['Cache']['apcprefix']; } }
/** Standard vB exception constructor for database exceptions. * * @param string text message * @param mixed array of data- intended for debug mode * @code mixed normally an error flog. If passed FALSE we won't send an email. */ public function __construct($message = "", $data = array(), $code = 0) { $this->sql = $message; $this->data = $data; $message = $this->createMessage(); $config = vB::getConfig(); parent::__construct($message, $code); if (!empty($config['Database']['technicalemail']) and $code !== FALSE) { // This text is purposely hard-coded since we don't have // access to the database to get a phrase vB_Mail::vbmail($config['Database']['technicalemail'], 'Database Error', $message, true, $config['Database']['technicalemail'], '', '', true); } }
/** * Constructor public to allow for separate automated unit testing. Actual code should use * vB_Cache::instance(); * @see vB_Cache::instance() */ public function __construct($cachetype) { parent::__construct($cachetype); $this->requestStart = vB::getRequest()->getTimeNow(); $config = vB::getConfig(); $this->cachetype = $cachetype; if (!isset($config['Cache']['fileCachePath'])) { throw new vB_Exception_Cache('need_filecache_location'); } $this->cacheLocation = $config['Cache']['fileCachePath']; if (!is_dir($this->cacheLocation) or !is_writable($this->cacheLocation)) { throw new vB_Exception_Cache('invalid_filecache_location- ' . $this->cacheLocation); } }
public static function instance() { if (!isset(self::$instance)) { if (class_exists('Memcached', FALSE)) { $class = 'vB_Memcached'; } else { if (class_exists('Memcache', FALSE)) { $class = __CLASS__; } else { throw new Exception('Memcached is not installed'); } } self::$instance = new $class(); self::$instance->config = vB::getConfig(); } return self::$instance; }
/** * Constructor protected to enforce singleton use. * @see instance() */ protected function __construct($cachetype) { parent::__construct($cachetype); $this->memcached = vB_Memcache::instance(); $check = $this->memcached->connect(); if ($check === 3) { trigger_error('Unable to connect to memcache server', E_USER_ERROR); } $this->expiration = 48 * 60 * 60; // two days $this->timeNow = vB::getRequest()->getTimeNow(); //get the memcache prefix. $config = vB::getConfig(); if (empty($config['Cache']['memcacheprefix'])) { $this->prefix = $config['Database']['tableprefix']; } else { $this->prefix = $config['Cache']['memcacheprefix']; } }
public function __call($method, $arguments) { try { // check if API method is enabled // @TODO this is a temp fix, fix as part of VBV-10619 // performing checkApiState for those being called through callNamed is definitive // Also Skip state check for the 'getRoute' and 'checkBeforeView' api calls, because // this state check uses the route info from getRoute and calls checkBeforeView to // determine state. See VBV-11808 and the vB5_ApplicationAbstract::checkState calls // in vB5_Frontend_Routing::setRoutes. if (!in_array($method, array('callNamed', 'getRoute', 'checkBeforeView'))) { if (!$this->api->checkApiState($method)) { return false; } } $result = null; $type = $this->validateCall($this->api, $method, $arguments); if ($type) { if (is_callable(array($this->api, $method))) { $call = call_user_func_array(array(&$this->api, $method), $arguments); if ($call !== null) { $result = $call; } } } if ($elist = vB_Api_Extensions::getExtensions($this->controller)) { foreach ($elist as $class) { if (is_callable(array($class, $method))) { $args = $arguments; array_unshift($args, $result); $call = call_user_func_array(array($class, $method), $args); if ($call !== null) { $result = $call; } } } } return $result; } catch (vB_Exception_Api $e) { $errors = $e->get_errors(); $config = vB::getConfig(); if (!empty($config['Misc']['debug'])) { $trace = '## ' . $e->getFile() . '(' . $e->getLine() . ") Exception Thrown \n" . $e->getTraceAsString(); $errors[] = array("exception_trace", $trace); } return array('errors' => $errors); } catch (vB_Exception_Database $e) { $config = vB::getConfig(); if (!empty($config['Misc']['debug']) or vB::getUserContext()->hasAdminPermission('cancontrolpanel')) { $errors = array('Error ' . $e->getMessage()); $trace = '## ' . $e->getFile() . '(' . $e->getLine() . ") Exception Thrown \n" . $e->getTraceAsString(); $errors[] = array("exception_trace", $trace); return array('errors' => $errors); } else { // This text is purposely hard-coded since we don't have // access to the database to get a phrase return array('errors' => array(array('There has been a database error, and the current page cannot be displayed. Site staff have been notified.'))); } } catch (Exception $e) { $errors = array(array('unexpected_error', $e->getMessage())); $config = vB::getConfig(); if (!empty($config['Misc']['debug'])) { $trace = '## ' . $e->getFile() . '(' . $e->getLine() . ") Exception Thrown \n" . $e->getTraceAsString(); $errors[] = array("exception_trace", $trace); } return array('errors' => $errors); } }
/** * Process the filters for the query string * * @param vB_Legacy_Current_User $user user requesting the search * @param vB_Search_Criteria $criteria search criteria to process */ protected function process_keywords_filters(vB_Search_Criteria &$criteria) { $keywords = $criteria->get_keywords(); // nothing to process if (empty($keywords)) { return; } $words = array(); // get the map table names for the keywords. these tables will be joined into the search query $has_or_joiner = false; foreach ($keywords as $word_details) { $suffix = vBDBSearch_Core::get_table_name($word_details['word']); //$words[$suffix][$clean_word] = array('wordid'=>false,'joiner'=>$word['joiner']); $words[$word_details['word']] = array('suffix' => $suffix, 'word' => $word_details['word'], 'joiner' => $word_details['joiner']); if ($word_details['joiner'] == "OR") { $has_or_joiner = true; } } // nothing to process if (empty($words)) { return; } $set = $this->db->query_read_slave($query = "\n\t\t\t\t\tSELECT *\n\t\t\t\t\tFROM " . TABLE_PREFIX . "words as words\n\t\t\t\t\tWHERE " . self::make_equals_filter('words', 'word', array_keys($words))); $config = vB::getConfig(); if (!empty($config['Misc']['debug_sql']) or self::DEBUG) { echo "{$query};\n"; } $wordids = array(); while ($word_details = $this->db->fetch_array($set)) { $wordids[$word_details['word']] = $word_details['wordid']; } $this->db->free_result($set); $word_details = array(); foreach ($words as $word => $details) { // if the word was not found if (!isset($wordids[$word])) { // and it's not with a NOT or OR operator if (!$has_or_joiner and $details['joiner'] != 'NOT') { // this word is not indexed so there is nothing to return $this->where[] = "0 /** word is not indexed **/"; $this->sort = array('node.created' => 'ASC'); return; } // still need to add this word to the mix (either as a NOT operator or maybe as an OR). we use the word itself as a key to make it unique $key = $word; $details['wordid'] = 0; } else { $key = $details['wordid'] = $wordids[$word]; } $word_details[$key] = $details; } unset($wordids); unset($words); if (count($word_details) == 1) { $this->process_one_word_rank(array_pop($word_details), $criteria->is_title_only()); } elseif ($has_or_joiner or isset($this->sort['rank'])) { $this->process_existing_words_or($word_details, $criteria->is_title_only()); } else { $this->process_existing_words_and($word_details, $criteria->is_title_only()); } }
/** * Adds theme data (GUID, icon, preview image) to a style if in debug mode. (used by update & insert) * * @param string $guid Theme GUID * @param binary $icon Theme icon * @param boolean $iconRemove Whether to remove the current icon (if there is one, and we're not uploading a new one) * @param binary $previewImage Theme preview image * @param boolean $previewImageRemove Whether to remove the current preview image (if there is one, and we're not uploading a new one) */ protected function addThemeData($dostyleid, $guid, $icon, $iconRemove, $previewImage, $previewImageRemove) { $config = vB::getConfig(); if (empty($config['Misc']['debug'])) { // only modify theme information in debug mode. return; } $style = $this->library->fetchStyleByID($dostyleid); $themeImporter = new vB_Xml_Import_Theme(); $updateValues = array(); // ----- GUID ----- if (!empty($guid)) { $updateValues['guid'] = $guid; } else { $updateValues['guid'] = vB_dB_Query::VALUE_ISNULL; } // ----- Icon ----- if (!empty($icon)) { // upload it & get a filedataid $filedataid = $themeImporter->uploadThemeImageData($icon); if ($filedataid > 0 and $filedataid != $style['filedataid']) { $updateValues['filedataid'] = $filedataid; } } if ($style['filedataid'] > 0 and ($iconRemove or !empty($updateValues['filedataid']))) { // remove previous icon (if there was one and they checked 'remove' or if there was one and we just uploaded a new one) vB::getDbAssertor()->assertQuery('decrementFiledataRefcount', array('filedataid' => $style['filedataid'])); // set icon to blank if we don't have a new one if (empty($updateValues['filedataid'])) { $updateValues['filedataid'] = 0; } } // ----- Preview Image ----- if (!empty($previewImage)) { // upload it & get a previewfiledataid $previewfiledataid = $themeImporter->uploadThemeImageData($previewImage); if ($previewfiledataid > 0 and $previewfiledataid != $style['previewfiledataid']) { $updateValues['previewfiledataid'] = $previewfiledataid; } } if ($style['previewfiledataid'] > 0 and ($previewImageRemove or !empty($updateValues['previewfiledataid']))) { // remove previous preview image (if there was one and they checked 'remove' or if there was one and we just uploaded a new one) vB::getDbAssertor()->assertQuery('decrementFiledataRefcount', array('filedataid' => $style['previewfiledataid'])); // set preview image to blank if we don't have a new one if (empty($updateValues['previewfiledataid'])) { $updateValues['previewfiledataid'] = 0; } } // save if (!empty($updateValues)) { vB::getDbAssertor()->update('style', $updateValues, array('styleid' => $dostyleid)); } }
global $phrasegroups, $specialtemplates, $vbphrase, $vbulletin; $phrasegroups = array('cron', 'logging'); $specialtemplates = array(); // ########################## REQUIRE BACK-END ############################ require_once dirname(__FILE__) . '/global.php'; // ######################## CHECK ADMIN PERMISSIONS ####################### if (is_demo_mode() or !can_administer('canadmincron')) { print_cp_no_permission(); } // ############################# LOG ACTION ############################### $vbulletin->input->clean_array_gpc('r', array('cronid' => vB_Cleaner::TYPE_INT)); log_admin_action(iif($vbulletin->GPC['cronid'] != 0, 'cron id = ' . $vbulletin->GPC['cronid'])); // ######################################################################## // ######################### START MAIN SCRIPT ############################ // ######################################################################## $vb5_config =& vB::getConfig(); print_cp_header($vbphrase['scheduled_task_manager_gcron']); if (empty($_REQUEST['do'])) { $_REQUEST['do'] = 'modify'; } // ############## quick enabled/disabled status ################ if ($_POST['do'] == 'updateenabled') { $vbulletin->input->clean_gpc('p', 'enabled', vB_Cleaner::TYPE_ARRAY_BOOL); $updates = array(); //$crons_result = $vbulletin->db->query_read("SELECT varname, active FROM " . TABLE_PREFIX . "cron"); $crons_result = vB::getDbAssertor()->assertQuery('cron'); foreach ($crons_result as $cron) { $old = $cron['active'] ? 1 : 0; $new = $vbulletin->GPC['enabled']["{$cron['varname']}"] ? 1 : 0; if ($old != $new) { $updates["{$cron['varname']}"] = $new;
/** * Saves an uploaded file into the filedata system. * * @param int $userid Id of user uploading the image. This user's permissions will be checked when necessary * @param array $filearray Array of data describing the uploaded file with data-types & keys: * string 'name' Filename * int 'size' Filesize * string 'type' Filetype * string 'tmp_name' Filepath to the temporary file created on the server * int 'parentid' Optional. Node/Channelid this file will be uploaded under. If provided * permissions will be checked under this node. * bool 'is_sigpic' Optional. If this is not empty, the saved filedata will replace * the user's sigpicnew record (or inserted for the user if none exists), * and the filedata record will have refcount incremented & publicview * set to 1. * @param string $fileContents String(?) containing file content BLOB * @param int $filesize File size * @param string $extension File extension * @param bool $imageOnly If true, this function will throw an exception if the file is not an image * @param bool $skipUploadPermissionCheck Optional boolean to skip permission checks. Only used internally when the system * saves a theme icon. Do not use for normal calls to this function. * * @return array Array of saved filedata info with data-types & keys: * int 'filedataid' * int 'filesize' * int 'thumbsize' file size of the thumbnail of the saved filedata * string 'extension' * string 'filename' * string[] 'headers' array containing the content-type http header of the saved filedata * boolean 'isimage' * * @throws vB_Exception_Api('invalid_attachment_storage') If 'attachfile' ("Save attachments as File") is enabled and the path specified * by 'attachpath' option is not writable for some reason * @throws vB_Exception_Api('dangerous_image_rejected') If image verification failed for $fileContents or $filearray['tmp_name'] * @throws vB_Exception_Api('upload_attachfull_total') If attachment quota specified by 'attachtotalspace' option is exceeded * @throws vB_Exception_Api('cannot_create_file') If the user fails the permission checks * @throws vB_Exception_Api('upload_invalid_image') If $imageOnly is true and the uploaded file is not an image * @throws vB_Exception_Api('unable_to_add_filedata') If adding the filedata record failed * @throws vB_Exception_Api('attachpathfailed') If 'attachfile' ("Save attachments as File") is enabled and creating or fetching * the path to the attachment directory for the user failed * @throws vB_Exception_Api('upload_file_system_is_not_writable_path') If 'attachfile' ("Save attachments as File") is enabled and the * path retrieved for the user is not writable. * * @access public */ public function saveUpload($userid, $filearray, $fileContents, $filesize, $extension, $imageOnly = false, $skipUploadPermissionCheck = false) { $assertor = vB::getDbAssertor(); $datastore = vB::getDatastore(); $options = $datastore->getValue('options'); $config = vB::getConfig(); $usercontext = vB::getUserContext($userid); //make sure there's a place to put attachments. if ($options['attachfile'] and (empty($options['attachpath']) or !file_exists($options['attachpath']) or !is_writable($options['attachpath']) or !is_dir($options['attachpath']))) { throw new vB_Exception_Api('invalid_attachment_storage'); } //make sure the file is good. if (!$this->imageHandler->verifyImageFile($fileContents, $filearray['tmp_name'])) { @unlink($filearray['tmp_name']); throw new vB_Exception_Api('dangerous_image_rejected'); } // Check if this is an image extension we're dealing with for displaying later. // exif_imagetype() will check the validity of image $isImageExtension = $isImage = $this->imageHandler->isImage($extension); if ($isImage and function_exists('exif_imagetype')) { $imageType = @exif_imagetype($filearray['tmp_name']); $isImage = (bool) $imageType; } else { if ($isImage and function_exists('finfo_open') and function_exists('finfo_file')) { /* * TODO: When pdf thumbnail support is fixed, this check might have to be updated. */ // Just in case exif_imagetype is not there. finfo extension should be installed // by default (except windows), and is an alternative way to detect // if this is an image. // In the future, perhaps we can just use below to set the mimetype in the database, // and have the fetchImage functions return the mimetype as well rather than // trying to set it based on the filedata.extension (which may not be correct). $finfo = finfo_open(FILEINFO_MIME_TYPE); $mimetype = finfo_file($finfo, $filearray['tmp_name']); if ($mimetype) { $mimetype = explode('/', $mimetype); $toplevel = $mimetype[0]; if ($toplevel != 'image') { $isImage = false; } } else { $isImage = false; } } } /* * Note, this is for identification only, NOT for security! * If we're going to depend on the extension to determine if it's an image, * let's at least check that it's an image. */ if ($isImageExtension and !$isImage) { // Do not allow a non-image to use an image extension. throw new vB_Exception_Api('image_extension_but_wrong_type'); } // Thumbnails are a different story altogether. Something like a PDF // might have a thumbnail. $canHaveThumbnail = $this->imageHandler->imageThumbnailSupported($extension); /* * TODO: We might want to check that the extension matches the mimetype. * */ //We check to see if this file already exists. $filehash = md5($fileContents); $fileCheck = $assertor->getRow('vBForum:getFiledataWithThumb', array('filehash' => $filehash, 'filesize' => $filesize)); // Does filedata already exist? if (empty($fileCheck) or $fileCheck['userid'] != $userid) { // Check if we are not exceeding the quota if ($options['attachtotalspace'] > 0) { $usedSpace = $assertor->getField('vBForum:getUserFiledataFilesizeSum', array('userid' => $userid)); $overage = $usedSpace + $filesize - $options['attachtotalspace']; if ($overage > 0) { $overage = vb_number_format($overage, 1, true); $userinfo = vB::getCurrentSession()->fetch_userinfo(); $maildata = vB_Api::instanceInternal('phrase')->fetchEmailPhrases('attachfull', array($userinfo['username'], $options['attachtotalspace'], $options['bburl'], 'admincp'), array($options['bbtitle']), 0); vB_Mail::vbmail($options['webmasteremail'], $maildata['subject'], $maildata['message']); throw new vB_Exception_Api('upload_attachfull_total', $overage); } } // Can we move this permission check out of this library function? if (!$usercontext->canUpload($filesize, $extension, !empty($filearray['parentid']) ? $filearray['parentid'] : false) and !$skipUploadPermissionCheck) { @unlink($filearray['tmp_name']); throw new vB_Exception_Api('cannot_create_file'); } if ($imageOnly and !$isImage) { throw new vB_Exception_Api('upload_invalid_image'); } $timenow = vB::getRequest()->getTimeNow(); if ($canHaveThumbnail) { //Get the image size information. $imageInfo = $this->imageHandler->fetchImageInfo($filearray['tmp_name']); $sizes = @unserialize($options['attachresizes']); if (!isset($sizes['thumb']) or empty($sizes['thumb'])) { $sizes['thumb'] = 100; } $thumbnail = $this->imageHandler->fetchThumbnail($filearray['name'], $filearray['tmp_name'], $sizes['thumb'], $sizes['thumb'], $options['thumbquality']); } else { $thumbnail = array('filesize' => 0, 'width' => 0, 'height' => 0, 'filedata' => null); } $thumbnail_data = array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_INSERT, 'resize_type' => 'thumb', 'resize_dateline' => $timenow, 'resize_filesize' => $thumbnail['filesize'], 'resize_width' => $thumbnail['width'], 'resize_height' => $thumbnail['height']); // Note, unless this is a sigpic (defined as !empty($filearray['is_sigpic'])), below will set // the refcount of the new filedata record to 0. // So the caller MUST increment the refcount if this image should not be removed by the cron. $data = array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_INSERT, 'userid' => $userid, 'dateline' => $timenow, 'filesize' => $filesize, 'filehash' => $filehash, 'extension' => $extension, 'refcount' => 0); if (!empty($imageInfo)) { $data['width'] = $imageInfo[0]; $data['height'] = $imageInfo[1]; } //Looks like we're ready to store. But do we put it in the database or the filesystem? if ($options['attachfile']) { //We name the files based on the filedata record, but we don't have that until we create the record. So we need // to do an insert, then create/move the files. $filedataid = $assertor->assertQuery('filedata', $data); if (is_array($filedataid)) { $filedataid = $filedataid[0]; } if (!intval($filedataid)) { throw new vB_Exception_Api('unable_to_add_filedata'); } $path = $this->verifyAttachmentPath($userid); if (!$path) { throw new vB_Exception_Api('attachpathfailed'); } if (!is_writable($path)) { throw new vB_Exception_Api('upload_file_system_is_not_writable_path', array(htmlspecialchars($path))); } if (!empty($thumbnail['filedata'])) { file_put_contents($path . $filedataid . '.thumb', $thumbnail['filedata']); } rename($filearray['tmp_name'], $path . $filedataid . '.attach'); } else { //We put the file contents into the data record. $data['filedata'] = $fileContents; $filedataid = $assertor->assertQuery('filedata', $data); if (is_array($filedataid)) { $filedataid = $filedataid[0]; } $thumbnail_data['resize_filedata'] = $thumbnail['filedata']; } $thumbnail_data['filedataid'] = $filedataid; if ($canHaveThumbnail) { $assertor->assertQuery('vBForum:filedataresize', $thumbnail_data); } if (!empty($filearray['name'])) { $filename = $filearray['name']; } else { $filename = ''; } $result = array('filedataid' => $filedataid, 'filesize' => $filesize, 'thumbsize' => $thumbnail['filesize'], 'extension' => $extension, 'filename' => $filename, 'headers' => $this->getAttachmentHeaders(strtolower($extension)), 'isimage' => $isImage); if (!empty($filearray['is_sigpic'])) { $assertor->assertQuery('replaceSigpic', array('userid' => $userid, 'filedataid' => $filedataid)); $assertor->assertQuery('incrementFiledataRefcountAndMakePublic', array('filedataid' => $filedataid)); } } else { // file already exists so we are not going to insert a new one $filedataid = $fileCheck['filedataid']; if (!empty($filearray['is_sigpic'])) { // Get old signature picture data and decrease refcount $oldfiledata = vB::getDbAssertor()->getRow('vBForum:sigpicnew', array('userid' => $userid)); if ($oldfiledata) { vB::getDbAssertor()->assertQuery('decrementFiledataRefcount', array('filedataid' => $oldfiledata['filedataid'])); } $assertor->assertQuery('replaceSigpic', array('userid' => $fileCheck['userid'], 'filedataid' => $filedataid)); $assertor->assertQuery('incrementFiledataRefcountAndMakePublic', array('filedataid' => $filedataid)); } $result = array('filedataid' => $filedataid, 'filesize' => $fileCheck['filesize'], 'thumbsize' => $fileCheck['resize_filesize'], 'extension' => $extension, 'filename' => $filearray['name'], 'headers' => $this->getAttachmentHeaders(strtolower($extension)), 'isimage' => $isImage); } return $result; }
/** * Constructor - checks that the registry object has been passed correctly. * * @param integer One of the ERRTYPE_x constants */ function vB_DataManager_Moderator($registry = NULL, $errtype = vB_DataManager_Constants::ERRTYPE_STANDARD) { parent::__construct($registry, $errtype); $this->config = vB::getConfig(); // Legacy Hook 'moderatordata_start' Removed // }
/** * Handles facebook exceptions (expose the exception if in debug mode) * * @param object The facebook exception */ protected function handleFacebookException(Exception $e) { $config = vB::getConfig(); if (isset($config['Misc']['debug']) and $config['Misc']['debug']) { throw $e; } }
/** * Prints a language row for use in language.php?do=modify * * @param array Language array containing languageid, title */ function print_language_row($language) { global $vbulletin, $typeoptions, $vbphrase; $vb5_config = vB::getConfig(); $languageid = $language['languageid']; $cell = array(); $cell[] = iif($vb5_config['Misc']['debug'] and $languageid != -1, '-- ', '') . fetch_tag_wrap($language['title'], 'b', $languageid == $vbulletin->options['languageid']); $cell[] = "<a href=\"language.php?" . vB::getCurrentSession()->get('sessionurl') . "do=edit&dolanguageid={$languageid}\">" . construct_phrase($vbphrase['edit_translate_x_y_phrases'], $language['title'], '') . "</a>"; $cell[] = iif($languageid != -1, construct_link_code($vbphrase['edit_settings_glanguage'], "language.php?" . vB::getCurrentSession()->get('sessionurl') . "do=edit_settings&dolanguageid={$languageid}") . construct_link_code($vbphrase['delete'], "language.php?" . vB::getCurrentSession()->get('sessionurl') . "do=delete&dolanguageid={$languageid}")) . construct_link_code($vbphrase['download'], "language.php?" . vB::getCurrentSession()->get('sessionurl') . "do=files&dolanguageid={$languageid}"); $cell[] = iif($languageid != -1, "<input type=\"button\" class=\"button\" value=\"{$vbphrase['set_default']}\" tabindex=\"1\"" . iif($languageid == $vbulletin->options['languageid'], ' disabled="disabled"') . " onclick=\"window.location='language.php?" . vB::getCurrentSession()->get('sessionurl') . "do=setdefault&dolanguageid={$languageid}';\" />", ''); print_cells_row($cell, 0, '', -2); }
/** * Does the actual work to make a variable safe * * @param mixed The data we want to make safe * @param integer The type of the data * * @return mixed */ protected function &doClean(&$data, $type) { static $booltypes = array('1', 'yes', 'y', 'true', 'on'); switch ($type) { case self::TYPE_NUM: case self::TYPE_UNUM: $userinfo = vB::getCurrentSession()->fetch_userinfo(); // Account for language specific separators if (isset($userinfo['lang_decimalsep']) and $userinfo['lang_decimalsep'] != '') { $data = strtr($data, array($userinfo['lang_decimalsep'] => '.', $userinfo['lang_thousandsep'] => '')); } } switch ($type) { case self::TYPE_INT: $data = intval($data); break; case self::TYPE_UINT: $data = ($data = intval($data)) < 0 ? 0 : $data; break; case self::TYPE_NUM: $data = strval($data) + 0; break; case self::TYPE_UNUM: $data = strval($data) + 0; $data = $data < 0 ? 0 : $data; break; case self::TYPE_BINARY: $data = strval($data); break; case self::TYPE_STR: $data = trim(strval($data)); break; case self::TYPE_NOTRIM: $data = strval($data); break; case self::TYPE_NOHTML: $data = vB_String::htmlSpecialCharsUni(trim(strval($data))); break; case self::TYPE_BOOL: $data = in_array(strtolower($data), $booltypes) ? 1 : 0; break; case self::TYPE_ARRAY: $data = is_array($data) ? $data : array(); break; case self::TYPE_NOHTMLCOND: $data = trim(strval($data)); if (strcspn($data, '<>"') < strlen($data) or strpos($data, '&') !== false and !preg_match('/&(#[0-9]+|amp|lt|gt|quot);/si', $data)) { // data is not htmlspecialchars because it still has characters or entities it shouldn't $data = vB_String::htmlSpecialCharsUni($data); } break; case self::TYPE_FILE: // perhaps redundant :p if (is_array($data)) { if (is_array($data['name'])) { $files = count($data['name']); for ($index = 0; $index < $files; $index++) { $data['name']["{$index}"] = trim(strval($data['name']["{$index}"])); $data['type']["{$index}"] = trim(strval($data['type']["{$index}"])); $data['tmp_name']["{$index}"] = trim(strval($data['tmp_name']["{$index}"])); $data['error']["{$index}"] = intval($data['error']["{$index}"]); $data['size']["{$index}"] = intval($data['size']["{$index}"]); } } else { $data['name'] = trim(strval($data['name'])); $data['type'] = trim(strval($data['type'])); $data['tmp_name'] = trim(strval($data['tmp_name'])); $data['error'] = intval($data['error']); $data['size'] = intval($data['size']); } } else { $data = array('name' => '', 'type' => '', 'tmp_name' => '', 'error' => 0, 'size' => 4); } break; case self::TYPE_UNIXTIME: if (is_array($data)) { $data = $this->clean($data, vB_Cleaner::TYPE_ARRAY_UINT); if ($data['month'] and $data['day'] and $data['year']) { require_once DIR . '/includes/functions_misc.php'; $data = vbmktime($data['hour'], $data['minute'], $data['second'], $data['month'], $data['day'], $data['year']); } else { $data = 0; } } else { $data = ($data = intval($data)) < 0 ? 0 : $data; } break; // null actions should be deifned here so we can still catch typos below // null actions should be deifned here so we can still catch typos below case self::TYPE_NOCLEAN: break; default: if ($config = vB::getConfig() and $config['Misc']['debug']) { trigger_error('vB_Cleaner::doClean() Invalid data type specified', E_USER_WARNING); } } // strip out characters that really have no business being in non-binary data switch ($type) { case self::TYPE_STR: case self::TYPE_NOTRIM: case self::TYPE_NOHTML: case self::TYPE_NOHTMLCOND: $data = str_replace(chr(0), '', $data); } return $data; }
/** * Lock tables * * @param mixed List of tables to lock * @param string Type of lock to perform * */ function lock_tables($tablelist) { if (!empty($tablelist) and is_array($tablelist)) { $vb5_config =& vB::getConfig(); $sql = ''; foreach ($tablelist as $name => $type) { $sql .= (!empty($sql) ? ', ' : '') . TABLE_PREFIX . $name . " " . $type; } $this->query_write("LOCK TABLES {$sql}"); $this->locked = true; } }
function construct_banned_user_row($user, $canunbanuser) { global $vbulletin, $vbphrase; $vb5_config =& vB::getConfig(); if ($user['liftdate'] == 0) { $user['banperiod'] = $vbphrase['permanent']; $user['banlift'] = $vbphrase['never']; $user['banremaining'] = $vbphrase['forever']; } else { $user['banlift'] = vbdate($vbulletin->options['dateformat'] . ', ~' . $vbulletin->options['timeformat'], $user['liftdate']); $user['banperiod'] = ceil(($user['liftdate'] - $user['bandate']) / 86400); if ($user['banperiod'] == 1) { $user['banperiod'] .= " {$vbphrase['day']}"; } else { $user['banperiod'] .= " {$vbphrase['days']}"; } $remain = $user['liftdate'] - TIMENOW; $remain_days = floor($remain / 86400); $remain_hours = ceil(($remain - $remain_days * 86400) / 3600); if ($remain_hours == 24) { $remain_days += 1; $remain_hours = 0; } if ($remain_days < 0) { $user['banremaining'] = "<i>{$vbphrase['will_be_lifted_soon']}</i>"; } else { if ($remain_days == 1) { $day_word = $vbphrase['day']; } else { $day_word = $vbphrase['days']; } if ($remain_hours == 1) { $hour_word = $vbphrase['hour']; } else { $hour_word = $vbphrase['hours']; } $user['banremaining'] = "{$remain_days} {$day_word}, {$remain_hours} {$hour_word}"; } } $cell = array("<a href=\"" . (can_administer('canadminusers') ? '../admincp/' : '') . 'user.php?' . vB::getCurrentSession()->get('sessionurl') . "do=edit&u={$user['userid']}\"><b>{$user['username']}</b></a>"); if ($user['bandate']) { $cell[] = $user['adminid'] ? "<a href=\"" . (can_administer('canadminusers') ? '../admincp/' : '') . 'user.php?' . vB::getCurrentSession()->get('sessionurl') . "do=edit&u={$user['adminid']}\">{$user['adminname']}</a>" : $vbphrase['n_a']; $cell[] = vbdate($vbulletin->options['dateformat'], $user['bandate']); } else { $cell[] = $vbphrase['n_a']; $cell[] = $vbphrase['n_a']; } $cell[] = $user['banperiod']; $cell[] = $user['banlift']; $cell[] = $user['banremaining']; if ($canunbanuser) { $cell[] = construct_link_code($vbphrase['lift_ban'], 'banning.php?' . vB::getCurrentSession()->get('sessionurl') . "do=liftban&u={$user['userid']}"); } $cell[] = construct_link_code(!empty($user['reason']) ? $user['reason'] : $vbphrase['n_a'], 'banning.php?' . vB::getCurrentSession()->get('sessionurl') . "do=editreason&userid=" . $user['userid']); return $cell; }
/** * Halts execution of the entire system and displays an error message * * @param string Text of the error message. Leave blank to use $this->sql as error text. * * @return integer */ function halt($errortext = '') { static $called = false; /* if ($this->inTransaction) { $this->rollbackTransaction(); } */ if ($called) { if (!empty($errortext)) { $this->error = $errortext; } return $this->error; } else { $called = true; } if ($this->connection_recent) { $this->error = $this->error($this->connection_recent); $this->errno = $this->errno($this->connection_recent); } if ($this->errno == -1) { throw new exception('no_vb5_database'); } if ($this->reporterror) { if ($errortext == '') { $this->sql = "Invalid SQL:\r\n" . chop($this->sql) . ';'; $errortext =& $this->sql; if (strlen($errortext) > 2048) { $truncated_errortext = "\r\n[Showing truncated query, original length: " . strlen($this->sql) . "]\r\n[First 500 chars]\r\n" . substr($errortext, 0, 500) . "\r\n[Last 500 chars]\r\n" . substr($errortext, -500); $errortext = $truncated_errortext; unset($truncated_errortext); } } $session = vB::getCurrentSession(); if ($session) { $userinfo = $session->fetch_userinfo(); } //TODO -- need to clean up VB_AREA stuff if (defined('VB_AREA') and (VB_AREA == 'Upgrade' or VB_AREA == 'Install')) { $display_db_error = true; } else { $userContext = vB::getUserContext(); $display_db_error = $userContext ? $userContext->isAdministrator() : false; } // Hide the MySQL Version if its going in the source if (!$display_db_error) { $mysqlversion = ''; } else { if ($this->connection_recent) { $this->hide_errors(); list($mysqlversion) = $this->query_first("SELECT VERSION() AS version", self::DBARRAY_NUM); $this->show_errors(); } } $vb5_config = vB::getConfig(); $request = vB::getRequest(); if ($request) { $timeNow = $request->getTimeNow(); $scriptpath = 'unknown'; $ipAddress = 'unknown'; $scriptpath = $request->getScriptPath(); $ipAddress = $request->getIpAddress(); $referer = $request->getReferrer(); } else { $timeNow = time(); $scriptpath = ''; $ipAddress = ''; $referer = ''; } $vboptions = vB::getDatastore()->getValue('options'); $technicalemail =& $vb5_config['Database']['technicalemail']; $data = array(); $data['error'] = $this->error; $data['errno'] = $this->errno; $data['requestdate'] = date('l, F jS Y @ h:i:s A', $timeNow); $data['date'] = date('l, F jS Y @ h:i:s A'); $data['host'] = ""; //todo figure this out for non http requests $data['scriptpath'] = str_replace('&', '&', $scriptpath); $data['referer'] = $referer; $data['ipaddress'] = $ipAddress; $data['username'] = isset($userinfo['username']) ? $userinfo['username'] : ""; $data['classname'] = get_class($this); $data['mysqlversion'] = $mysqlversion; $data['technicalemail'] = $technicalemail; $data['appname'] = $this->appname; $data['templateversion'] = $vboptions['templateversion']; if ($vb5_config['Misc']['debug']) { $data['trace'] = debug_backtrace(); } $dbexception = new vB_Exception_Database($errortext, $data); //log message require_once DIR . '/includes/functions_log_error.php'; if (function_exists('log_vbulletin_error')) { log_vbulletin_error($dbexception->getMessage(), 'database'); } if ($this->reporterror) { throw $dbexception; } } else { if (!empty($errortext)) { $this->error = $errortext; } } }
public static function processLogout() { global $vbulletin; $assertor = vB::getDbAssertor(); $userinfo = vB::getCurrentSession()->fetch_userinfo(); $timeNow = vB::getRequest()->getTimeNow(); $options = vB::getDatastore()->get_value('options'); $session = vB::getCurrentSession(); if ($userinfo['userid'] and $userinfo['userid'] != -1) { // init user data manager $userdata = new vB_Datamanager_User(vB_DataManager_Constants::ERRTYPE_SILENT); $userdata->set_existing($userinfo); $userdata->set('lastactivity', $timeNow - $options['cookietimeout']); $userdata->set('lastvisit', $timeNow); $userdata->save(); if (!defined('VB_API')) { $assertor->delete('session', array('userid' => $userinfo['userid'], 'apiaccesstoken' => null)); $assertor->delete('cpsession', array('userid' => $userinfo['userid'])); } } $assertor->delete('session', array('sessionhash' => $session->get('dbsessionhash'))); // Remove accesstoken from apiclient table so that a new one will be generated if (defined('VB_API') and VB_API === true and $vbulletin->apiclient['apiclientid']) { $assertor->update('apiclient', array('apiaccesstoken' => '', 'userid' => 0), array('apiclientid' => intval($vbulletin->apiclient['apiclientid']))); $vbulletin->apiclient['apiaccesstoken'] = ''; } if ($vbulletin->session->created == true and (!defined('VB_API') or !VB_API)) { // if we just created a session on this page, there's no reason not to use it $newsession = $vbulletin->session; } else { // API should always create a new session here to generate a new accesstoken $newsession = vB_Session::getNewSession(vB::getDbAssertor(), vB::getDatastore(), vB::getConfig(), '', 0, '', vB::getCurrentSession()->get('styleid')); } $newsession->set('userid', 0); $newsession->set('loggedin', 0); $vbulletin->session =& $newsession; $result = array(); $result['sessionhash'] = $newsession->get('dbsessionhash'); $result['apiaccesstoken'] = $newsession->get('apiaccesstoken'); if (defined('VB_API') and VB_API === true) { if ($_REQUEST['api_c']) { $assertor->update('apiclient', array('apiaccesstoken' => $result['apiaccesstoken'], 'userid' => 0), array('apiclientid' => intval($_REQUEST['api_c']))); } } return $result; }
/** * Renders the template. * * @param boolean Whether to suppress the HTML comment surrounding option (for JS, etc) * @return string Rendered version of the template */ public function render($suppress_html_comments = false, $final = false, $nopermissioncheck = false) { global $vbulletin, $show; $vb5_config =& vB::getConfig(); $callback = vB_APICallback::instance(); if ($final) { self::remove_common_show($show); // register whitelisted globals $this->register_globals(); $callback->setname('result_prewhitelist'); $callback->addParamRef(0, $this->registered); $callback->callback(); if (!($vb5_config['Misc']['debug'] and $vbulletin->GPC['showall'])) { $this->whitelist_filter(); } $callback->setname('result_overwrite'); $callback->addParamRef(0, $this->registered); $callback->callback(); if ($vb5_config['Misc']['debug'] and $vbulletin->GPC['debug']) { return '<pre>' . htmlspecialchars(var_export($this->registered, true)) . '</pre>' . '<br />' . number_format(memory_get_usage() / 1024) . 'KB'; } else { // only render data on final render return $this->render_output($suppress_html_comments, $nopermissioncheck); } } else { $callback->setname('result_prerender'); $callback->addParam(0, $this->template); $callback->addParamRef(1, $this->registered); $callback->callback(); } return $this->render_token(); }
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # || || ###################################################################### || \*========================================================================*/ // ######################## SET PHP ENVIRONMENT ########################### error_reporting(E_ALL & ~E_NOTICE); // ##################### DEFINE IMPORTANT CONSTANTS ####################### define('CVS_REVISION', '$RCSfile$ - $Revision: 83432 $'); // #################### PRE-CACHE TEMPLATES AND DATA ###################### global $phrasegroups, $specialtemplates; $phrasegroups = array(); $specialtemplates = array(); // ########################## REQUIRE BACK-END ############################ require_once dirname(__FILE__) . '/global.php'; require_once DIR . '/includes/class_rss_poster.php'; header('Content-Type: text/xml; charset=utf-8'); $licenseid = 'LD18132D6F'; $config = vB::getConfig(); if (isset($config['Misc']['licenseid'])) { $licenseid = $config['Misc']['licenseid']; } if ($result = fetch_file_via_socket('http://version.vbulletin.com/news.xml?v=' . SIMPLE_VERSION . "&id={$licenseid}", array('type' => ''))) { echo $result['body']; } else { echo 'Error'; } /*=========================================================================*\ || ####################################################################### || # Downloaded: 15:45, Tue Sep 8th 2015 || # CVS: $RCSfile$ - $Revision: 83432 $ || ####################################################################### \*=========================================================================*/
/** * Determine if the url is safe to load * * @param $urlinfo -- The parsed url info from vB_String::parseUrl -- scheme, port, host * @return boolean */ private function validateUrl($urlinfo) { // VBV-11823, only allow http/https schemes if (!isset($urlinfo['scheme']) or !in_array(strtolower($urlinfo['scheme']), array('http', 'https'))) { return false; } // VBV-11823, do not allow localhost and 127.0.0.0/8 range by default if (!isset($urlinfo['host']) or preg_match('#localhost|127\\.(\\d)+\\.(\\d)+\\.(\\d)+#i', $urlinfo['host'])) { return false; } if (empty($urlinfo['port'])) { if ($urlinfo['scheme'] == 'https') { $urlinfo['port'] = 443; } else { $urlinfo['port'] = 80; } } // VBV-11823, restrict detination ports to 80 and 443 by default // allow the admin to override the allowed ports in config.php (in case they have a proxy server they need to go to). $config = vB::getConfig(); $allowedPorts = isset($config['Misc']['uploadallowedports']) ? $config['Misc']['uploadallowedports'] : array(); if (!is_array($allowedPorts)) { $allowedPorts = array(80, 443, $allowedPorts); } else { $allowedPorts = array_merge(array(80, 443), $allowedPorts); } if (!in_array($urlinfo['port'], $allowedPorts)) { return false; } return true; }
/** * Performs fetching of the file if possible * * @return integer Returns one of two constants, VURL_NEXT or VURL_HANDLED */ function exec() { $urlinfo = @vB_String::parseUrl($this->vurl->options[VURL_URL]); // VBV-11823, only allow http/https schemes if (!isset($urlinfo['scheme']) or !in_array(strtolower($urlinfo['scheme']), array('http', 'https'))) { return VURL_NEXT; } // VBV-11823, do not allow localhost and 127.0.0.0/8 range by default if (!isset($urlinfo['host']) or preg_match('#localhost|127\\.(\\d)+\\.(\\d)+\\.(\\d)+#i', $urlinfo['host'])) { return VURL_NEXT; } if (empty($urlinfo['port'])) { if ($urlinfo['scheme'] == 'https') { $urlinfo['port'] = 443; } else { $urlinfo['port'] = 80; } } // VBV-11823, restrict destination ports to 80 and 443 by default // allow the admin to override the allowed ports in config.php (in case they have a proxy server they need to go to). $config = vB::getConfig(); $allowedPorts = isset($config['Misc']['uploadallowedports']) ? $config['Misc']['uploadallowedports'] : array(); if (!is_array($allowedPorts)) { $allowedPorts = array(80, 443, $allowedPorts); } else { $allowedPorts = array_merge(array(80, 443), $allowedPorts); } if (!in_array($urlinfo['port'], $allowedPorts)) { return VURL_NEXT; } if (!function_exists('curl_init') or ($this->ch = curl_init()) === false) { return VURL_NEXT; } if ($urlinfo['scheme'] == 'https') { // curl_version crashes if no zlib support in cURL (php <= 5.2.5) $curlinfo = curl_version(); if (empty($curlinfo['ssl_version'])) { curl_close($this->ch); return VURL_NEXT; } } curl_setopt($this->ch, CURLOPT_URL, $this->vurl->options[VURL_URL]); curl_setopt($this->ch, CURLOPT_TIMEOUT, $this->vurl->options[VURL_TIMEOUT]); if (!empty($this->vurl->options[VURL_CUSTOMREQUEST])) { curl_setopt($this->ch, CURLOPT_CUSTOMREQUEST, $this->vurl->options[VURL_CUSTOMREQUEST]); } else { if ($this->vurl->bitoptions & VURL_POST) { curl_setopt($this->ch, CURLOPT_POST, 1); curl_setopt($this->ch, CURLOPT_POSTFIELDS, $this->vurl->options[VURL_POSTFIELDS]); } else { curl_setopt($this->ch, CURLOPT_POST, 0); } } curl_setopt($this->ch, CURLOPT_HEADER, $this->vurl->bitoptions & VURL_HEADER ? 1 : 0); curl_setopt($this->ch, CURLOPT_HTTPHEADER, $this->vurl->options[VURL_HTTPHEADER]); curl_setopt($this->ch, CURLOPT_RETURNTRANSFER, $this->vurl->bitoptions & VURL_RETURNTRANSFER ? 1 : 0); if ($this->vurl->bitoptions & VURL_NOBODY) { curl_setopt($this->ch, CURLOPT_NOBODY, 1); } if ($this->vurl->bitoptions & VURL_FOLLOWLOCATION) { if (@curl_setopt($this->ch, CURLOPT_FOLLOWLOCATION, 1) === false) { curl_close($this->ch); return VURL_NEXT; } curl_setopt($this->ch, CURLOPT_MAXREDIRS, $this->vurl->options[VURL_MAXREDIRS]); } else { curl_setopt($this->ch, CURLOPT_FOLLOWLOCATION, 0); } if ($this->vurl->options[VURL_ENCODING]) { @curl_setopt($this->ch, CURLOPT_ENCODING, $this->vurl->options[VURL_ENCODING]); // this will work on versions of cURL after 7.10, though was broken on PHP 4.3.6/Win32 } $this->reset(); curl_setopt($this->ch, CURLOPT_WRITEFUNCTION, array(&$this, 'curl_callback_response')); curl_setopt($this->ch, CURLOPT_HEADERFUNCTION, array(&$this, 'curl_callback_header')); if (!($this->vurl->bitoptions & VURL_VALIDSSLONLY)) { curl_setopt($this->ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($this->ch, CURLOPT_SSL_VERIFYHOST, 0); } $result = curl_exec($this->ch); if ($urlinfo['scheme'] == 'https' and $result === false and curl_errno($this->ch) == '60') { curl_setopt($this->ch, CURLOPT_CAINFO, DIR . '/includes/paymentapi/ca-bundle.crt'); $result = curl_exec($this->ch); } curl_close($this->ch); if ($this->fp) { fclose($this->fp); $this->fp = null; } if ($result !== false or !$this->vurl->options[VURL_DIEONMAXSIZE] and $this->max_limit_reached) { return VURL_HANDLED; } return VURL_NEXT; }
/** * Check if the DM currently has errors. Will kill execution if it does and $die is true. * * @param bool Whether or not to end execution if errors are found; ignored if the error type is ERRTYPE_SILENT * * @return bool True if there *are* errors, false otherwise */ public function has_errors($die = true) { if (!empty($this->errors)) { if ($this->error_handler == vB_DataManager_Constants::ERRTYPE_SILENT or $die == false) { return true; } else { if ($this->error_handler == vB_DataManager_Constants::ERRTYPE_UPGRADE) { return true; } else { $error = ''; $config = vB::getConfig(); if (!empty($config['Misc']['debug'])) { $trace = debug_backtrace(); foreach ($trace as $level => $record) { if (!empty($level)) { echo "Level {$level}<br/>\n\t\tFunction " . $record['function'] . '..Line ' . (empty($record['line']) ? ' ' : $record['line']) . "..<br/>\n" . (empty($record['file']) ? '' : "in\t\t " . $record['file'] . "<br/>\n"); } } $error .= var_export($this->errors, true); } $error .= '</ul>Unable to proceed with save while $errors array is not empty in class <strong>' . get_class($this) . '</strong>'; trigger_error($error, E_USER_ERROR); return true; } } } else { return false; } }
/** * Creates a session for a specific user * * Used to create session for a particular user based on the current * request information. Useful for creating a session after the user logs in. * This will overwrite the current Session in this request class and the * vB current session. * * @param $userid integer The user to create the session for. * @return $session vB_Session The session created. Not that this will be a subclass * of the abstract vB_Session Class */ public function createSessionForUser($userid) { //refactored from vB_User login code //if we currently have a session, get rid of it. $currentSession = vB::getCurrentSession(); if ($currentSession) { $currentSession->delete(); } $sessionClass = $this->getSessionClass(); //these are references so we need to set to locals. $db =& vB::getDbAssertor(); $store =& vB::getDatastore(); $config =& vB::getConfig(); $this->session = call_user_func(array($sessionClass, 'getSession'), $userid, '', $db, $store, $config); vB::setCurrentSession($this->session); return $this->session; }