public function deleteAllTemplateFiles() { $template_path = vB::getDatastore()->getOption('template_cache_path'); $db = vB::getDBAssertor(); $result = $db->select('template', array(), false, array('templateid', 'template')); foreach ($result as $template) { $this->deleteTemplateFromFileSystem($template['templateid'], $template_path); } }
/** * This is a temporary getter for retrieving the vbulletin object while we still needed * TODO: remove this method * * @global vB_Registry $vbulletin * @return vB_Registry */ public static function &get_registry() { global $vbulletin; if (!isset($vbulletin)) { //move some initialization of the registry from the legacy bootstrap. require_once DIR . '/includes/class_core.php'; $vbulletin = new vB_Registry(); //this is the *only* place we should call getDBConnection!!! $vbulletin->db =& vB::getDBAssertor()->getDBConnection(); $vbulletin->datastore = vB::getDatastore(); //force load some values the vbulletin object. Otherwise init.php can crap out. if (!$vbulletin->datastore->registerCount()) { $vbulletin->datastore->getValue('options'); } $vbulletin->datastore->init_registry(); $request = self::getRequest(); if ($request) { $vbulletin->ipaddress = $request->getIpAddress(); $vbulletin->alt_ip = $request->getAltIp(); //a bit of a hack, but we only have URL values if this comes in from the web //we may need to sort things out better so that we do something with these //functions when we don't have a web request, but this is simpler and this //is temporary code anyway. if ($request instanceof vB_Request_Web) { $cleaner = self::getCleaner(); // store a relative path that includes the sessionhash for reloadurl $vbulletin->reloadurl = $request->addQuery($cleaner->xssClean($request->getVbUrlPath()), $request->getVbUrlQueryRaw()); // store the current script $vbulletin->script = $_SERVER['SCRIPT_NAME']; // store the scriptpath $vbulletin->scriptpath = $request->getScriptPath(); } } } return $vbulletin; }
/** * Checks to see if a password is in the user's password history * * Will also delete any expired records in the password history. * * @param integer $userid User ID * @param string $fe_password -- the frontend encoded password * @param integer $lookback The time period to look back for passwords in seconds * * @return boolean Returns true if password is in the history */ protected function checkPasswordHistory($userid, $fe_password, $lookback) { $db = vB::getDBAssertor(); // first delete old password history $db->delete('passwordhistory', array('userid' => $userid, array('field' => 'passworddate', 'value' => $lookback, 'operator' => vB_dB_Query::OPERATOR_LTE))); $old_passwords = $db->select('passwordhistory', array('userid' => $userid)); foreach ($old_passwords as $old_password) { //need to use the same scheme as when the history hash was created. If the front end scheme has changed //then we'll be unable to check -- we'll just have to pass it along. When we implement front end schemes //other than plain md5 we'll need to do something here to check if its changed. try { $verify = vB_Utility_Password_Algorithm::instance($old_password['scheme'])->verifyPassword($fe_password, $old_password['token']); } catch (Exception $e) { //if we fail to hash the password we'll just ignore that history record. Better than failing because of an old //record that has a now invalid scheme or something else equally silly. continue; } if ($verify) { return false; } } return true; }