/**
* Returns permission values of a group of nodes for current user.
* @param string $group
* @param string $permission
* @param array $nodeIds
* @return mixed - Boolean or integer
* @see vB_Api_User::hasPermissions
*/
public function havePermissions($group, $permission, $nodeIds = array())
{
if (empty($nodeIds)) {
return array();
}
$cleaner = vB::get_cleaner();
$nodeIds = $cleaner->clean($nodeIds, vB_Cleaner::TYPE_ARRAY_INT);
$result = array();
foreach ($nodeIds as $nodeId) {
$result[$nodeId] = $this->hasPermissions($group, $permission, $nodeId);
}
return $result;
}
/**
* Verifies that the supplied data is one of the fields used by this object
*
* Also ensures that the data is of the correct type,
* and attempts to correct errors in the supplied data.
*
* @param string The name of the field to which the supplied data should be applied
* @param mixed The data itself
* @param boolean Whether to verify the data with the appropriate function. Data is still cleaned though.
*
* @return boolean Returns true if the data is one of the fields used by this object, and is the correct type (or has been successfully corrected to be so)
*/
function verify($fieldname, &$value, $doverify = true)
{
if (isset($this->validfields["{$fieldname}"])) {
$field =& $this->validfields["{$fieldname}"];
// clean the value according to its type
$value = vB::get_cleaner()->clean($value, $field[vB_DataManager_Constants::VF_TYPE]);
if ($doverify and isset($field[vB_DataManager_Constants::VF_CODE])) {
if ($field[vB_DataManager_Constants::VF_CODE] === vB_DataManager_Constants::VF_METHOD) {
if (isset($field[vB_DataManager_Constants::VF_METHODNAME])) {
return $this->{$field[vB_DataManager_Constants::VF_METHODNAME]}($value);
} else {
return $this->{'verify_' . $fieldname}($value);
}
} else {
$lamdafunction = create_function('&$data, &$dm', $field[vB_DataManager_Constants::VF_CODE]);
return $lamdafunction($value, $this);
}
} else {
return true;
}
} else {
trigger_error("Field <em>{$fieldname}</em> is not defined in <em>\$validfields</em> in class <strong>" . get_class($this) . "</strong>", E_USER_ERROR);
return false;
}
}
/**
* Verifies that the provided birthday is valid
*
* @param mixed Birthday - can be yyyy-mm-dd, mm-dd-yyyy or an array containing day/month/year and converts it into a valid yyyy-mm-dd
*
* @return boolean
*/
function verify_birthday(&$birthday)
{
if (!$this->adminoverride and $this->options['reqbirthday']) {
// required birthday. If current birthday is acceptable, don't go any further (bypass form manipulation)
$bday = explode('-', $this->existing['birthday']);
if ($bday[2] > 1901 and $bday[2] <= date('Y') and @checkdate($bday[0], $bday[1], $bday[2])) {
$this->set('birthday_search', $bday[2] . '-' . $bday[0] . '-' . $bday[1]);
$birthday = "{$bday['0']}-{$bday['1']}-{$bday['2']}";
return true;
}
}
if (!is_array($birthday)) {
// check for yyyy-mm-dd string
if (preg_match('#^(\\d{4})-(\\d{1,2})-(\\d{1,2})$#', $birthday, $match)) {
$birthday = array('day' => $match[3], 'month' => $match[2], 'year' => $match[1]);
} else {
if (preg_match('#^(\\d{1,2})-(\\d{1,2})-(\\d{4})$#', $birthday, $match)) {
$birthday = array('day' => $match[2], 'month' => $match[1], 'year' => $match[3]);
}
}
}
// check that all neccessary array keys are set
if (!is_array($birthday) or !isset($birthday['day']) or !isset($birthday['month']) or !isset($birthday['year'])) {
$this->error('birthdayfield');
return false;
}
// force all array keys to integer
$birthday = vB::get_cleaner()->cleanArray($birthday, array('day' => vB_Cleaner::TYPE_INT, 'month' => vB_Cleaner::TYPE_INT, 'year' => vB_Cleaner::TYPE_INT));
if ($birthday['day'] <= 0 and $birthday['month'] > 0 or $birthday['day'] > 0 and $birthday['month'] <= 0 or !$this->adminoverride and $this->options['reqbirthday'] and ($birthday['day'] <= 0 or $birthday['month'] <= 0 or $birthday['year'] <= 0)) {
$this->error('birthdayfield');
return false;
}
if ($birthday['day'] <= 0 and $birthday['month'] <= 0) {
$this->set('birthday_search', '');
$birthday = '';
return true;
} else {
if (($birthday['year'] <= 0 or $birthday['year'] > 1901 and $birthday['year'] <= date('Y')) and checkdate($birthday['month'], $birthday['day'], $birthday['year'] == 0 ? 1996 : $birthday['year'])) {
$birthday['day'] = str_pad($birthday['day'], 2, '0', STR_PAD_LEFT);
$birthday['month'] = str_pad($birthday['month'], 2, '0', STR_PAD_LEFT);
$birthday['year'] = str_pad($birthday['year'], 4, '0', STR_PAD_LEFT);
$this->set('birthday_search', $birthday['year'] . '-' . $birthday['month'] . '-' . $birthday['day']);
$birthday = "{$birthday['month']}-{$birthday['day']}-{$birthday['year']}";
return true;
} else {
$this->error('birthdayfield');
return false;
}
}
}
/**
* Fetches and parses to html signatures
*
* @param array $userIds
* @param array $rawSignatures (Optional) Raw signatures to avoid fetching them again
*
* @return array the parsed (html) signatures keyed by the userid.
*/
public function parseSignatures($userIds, $rawSignatures = array())
{
$cleaner = vB::get_cleaner();
$userIds = $cleaner->clean($userIds, vB_Cleaner::TYPE_ARRAY_INT);
$rawSignatures = $cleaner->clean($rawSignatures, vB_Cleaner::TYPE_ARRAY_STR);
if (empty($userIds)) {
return array();
}
$result = array();
// if we know the signature is empty, we don't even need to query cache
if (!empty($rawSignatures)) {
foreach ($rawSignatures as $userId => $rawSignature) {
if (empty($rawSignature)) {
$result[$userId] = '';
}
}
}
$remainingUserIds = array_diff($userIds, array_keys($result));
if (empty($remainingUserIds)) {
return $result;
}
// now query cache
$cacheKeys = array();
foreach ($remainingUserIds as $userId) {
$cacheKeys["vbSig_{$userId}"] = $userId;
}
$cache = vB_Cache::instance(vB_Cache::CACHE_STD);
$cachedSignatures = $cache->read(array_keys($cacheKeys));
if ($cachedSignatures) {
foreach ($cachedSignatures as $cacheKey => $cache) {
if ($cache !== false) {
//note that the cache value is the sig string and not the siginfo array.
$result[$cacheKeys[$cacheKey]] = $cache;
}
}
}
$remainingUserIds = array_diff($remainingUserIds, array_keys($result));
if (empty($remainingUserIds)) {
return $result;
}
// if we still need signatures do the parsing
foreach ($remainingUserIds as $userId) {
if (isset($rawSignatures[$userId])) {
$sigInfo = $this->doParseSignature($userId, $rawSignatures[$userId]);
} else {
$sigInfo = $this->doParseSignature($userId);
}
$result[$userId] = $sigInfo['signature'];
}
return $result;
}
/**
* This checks whether a user needs COPPA approval based on birthdate. Responds to Ajax call
*
* @param mixed $dateInfo array of month/day/year.
* @return int 0 - no COPPA needed, 1- Approve but require adult validation, 2- Deny
*/
public function needsCoppa($dateInfo)
{
$options = vB::getDatastore()->get_value('options');
$cleaner = vB::get_cleaner();
if ((bool) $options['usecoppa']) {
// date can come as a unix timestamp, or an array, or 'YYYY-MM-DD'
if (is_array($dateInfo)) {
$dateInfo = $cleaner->cleanArray($dateInfo, array('day' => vB_Cleaner::TYPE_UINT, 'month' => vB_Cleaner::TYPE_UINT, 'year' => vB_Cleaner::TYPE_UINT));
$birthdate = mktime(0, 0, 0, $dateInfo['month'], $dateInfo['day'], $dateInfo['year']);
} else {
if (strlen($dateInfo) == 10) {
$birthdate = strtotime($dateInfo);
} else {
if (intval($dateInfo)) {
$birthdate = intval($dateInfo);
} else {
return true;
}
}
}
if (empty($dateInfo)) {
return $options['usecoppa'];
}
$request = vB::getRequest();
if (empty($request)) {
// mainly happens in test- should never happen in production.
$cutoff = strtotime(date("Y-m-d", time()) . '- 13 years');
} else {
$cutoff = strtotime(date("Y-m-d", vB::getRequest()->getTimeNow()) . '- 13 years');
}
if ($birthdate > $cutoff) {
return $options['usecoppa'];
}
}
return 0;
}
/**
* This creates a new message folder. It returns false if the record already exists and the id if it is able to create the folder
* @return int
*/
public function createMessageFolder($folderName, $userid)
{
$cleaner = vB::get_cleaner();
$foldername = $cleaner->clean($folderName, $vartype = vB_Cleaner::TYPE_NOHTML);
$this->checkFolders($userid);
if (!in_array($foldername, $this->folders[$userid]['folders'])) {
$data = array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_INSERT, 'userid' => $userid, 'title' => $foldername);
//We need for the new folder to be sorted correctly. Easiest to unset, and if needed the folders will be rebuilt.
unset($this->folders[$userid]);
return $this->assertor->assertQuery('vBForum:messagefolder', $data);
}
}
protected function resolveRequestUrl()
{
// Ports which will not be appended to the URL
$ignore_ports = array(80, 443);
$config = vB::getConfig();
$backend_ports = @$config['Misc']['backendports'];
if (!empty($backend_ports)) {
$ignore_ports = array_merge($ignore_ports, $backend_ports);
}
// Numerical port this request came from, may be a backend port
$rawport = 80;
// Will contain the port portion of the built URL, default empty
$port = '';
if (!empty($_SERVER['SERVER_PORT'])) {
$rawport = intval($_SERVER['SERVER_PORT']);
$port = in_array($rawport, $ignore_ports) ? '' : ':' . $rawport;
}
// resolve the request scheme
$scheme = ($rawport == 443 or !empty($_SERVER['HTTPS']) and $_SERVER['HTTPS'] !== 'off') ? 'https://' : 'http://';
$host = $this->fetchServerValue('HTTP_HOST');
$name = $this->fetchServerValue('SERVER_NAME');
// If host exists use it, otherwise fallback to servername.
$host = !empty($host) ? $host : $name;
// resolve the query
$query = ($query = $this->fetchServerValue('QUERY_STRING')) ? '?' . $query : '';
// resolve the path and query
if (!($scriptpath = $this->fetchServerValue('REQUEST_URI'))) {
if (!($scriptpath = $this->fetchServerValue('UNENCODED_URL'))) {
$scriptpath = $this->fetchServerValue('HTTP_X_REWRITE_URL');
}
}
if ($scriptpath) {
// already have the query
if ($scriptpath) {
$query = '';
}
} else {
// server hasn't provided a URI, try to resolve one
if (!($scriptpath = $this->fetchServerValue('PATH_INFO'))) {
if (!($scriptpath = $this->fetchServerValue('REDIRECT_URL'))) {
if (!($scriptpath = $this->fetchServerValue('URL'))) {
if (!($scriptpath = $this->fetchServerValue('PHP_SELF'))) {
$scriptpath = $this->fetchServerValue('SCRIPT_NAME');
}
}
}
}
}
// build the URL
$url = $scheme . $host . '/' . ltrim($scriptpath, '/\\') . $query;
// store a literal version
$vbUrl = $url;
if (!defined('VB_URL')) {
define('VB_URL', $vbUrl);
}
$vbUrlRelativePath = '';
// Set URL info
$url_info = @vB_String::parseUrl($vbUrl);
$url_info['path'] = '/' . ltrim($url_info['path'], '/\\');
$url_info['query_raw'] = isset($url_info['query']) ? $url_info['query'] : '';
$url_info['query'] = self::stripSessionhash($url_info['query_raw']);
$url_info['query'] = trim($url_info['query'], '?&') ? $url_info['query'] : '';
$url_info['scheme'] = substr($scheme, 0, strlen($scheme) - 3);
/*
values seen in the wild:
CGI+suexec:
SCRIPT_NAME: /vb4/admincp/index.php
ORIG_SCRIPT_NAME: /cgi-sys/php53-fcgi-starter.fcgi
CGI #1:
SCRIPT_NAME: /index.php
ORIG_SCRIPT_NAME: /search/foo
CGI #2:
SCRIPT_NAME: /index.php/search/foo
ORIG_SCRIPT_NAME: /index.php
*/
if (substr(PHP_SAPI, -3) == 'cgi' and (isset($_SERVER['ORIG_SCRIPT_NAME']) and !empty($_SERVER['ORIG_SCRIPT_NAME']))) {
if (substr($_SERVER['SCRIPT_NAME'], 0, strlen($_SERVER['ORIG_SCRIPT_NAME'])) == $_SERVER['ORIG_SCRIPT_NAME']) {
// cgi #2 above
$url_info['script'] = $_SERVER['ORIG_SCRIPT_NAME'];
} else {
// cgi #1 and CGI+suexec above
$url_info['script'] = $_SERVER['SCRIPT_NAME'];
}
} else {
$url_info['script'] = (isset($_SERVER['ORIG_SCRIPT_NAME']) and !empty($_SERVER['ORIG_SCRIPT_NAME'])) ? $_SERVER['ORIG_SCRIPT_NAME'] : $_SERVER['SCRIPT_NAME'];
}
$url_info['script'] = '/' . ltrim($url_info['script'], '/\\');
// define constants
$this->vBUrlScheme = $url_info['scheme'];
$vBUrlScriptPath = rtrim(dirname($url_info['script']), '/\\') . '/';
$this->vBUrlPath = urldecode($url_info['path']);
if (!defined('VB_URL_PATH')) {
define('VB_URL_PATH', $this->vBUrlPath);
}
$this->vBUrlQuery = $url_info['query'] ? $url_info['query'] : '';
if (!defined('VB_URL_QUERY')) {
define('VB_URL_QUERY', $this->vBUrlQuery);
}
$this->vBUrlQueryRaw = $url_info['query_raw'];
if (!defined('VB_URL_QUERY_RAW')) {
define('VB_URL_QUERY_RAW', $this->vBUrlQueryRaw);
}
$cleaner = vB::get_cleaner();
$this->vBUrlClean = $cleaner->xssClean(self::stripSessionhash($vbUrl));
if (!defined('VB_URL_CLEAN')) {
define('VB_URL_CLEAN', $this->vBUrlClean);
}
$this->vBUrlWebroot = $cleaner->xssClean($this->vBUrlScheme . '://' . $url_info['host'] . $port);
$this->vBUrlBasePath = $cleaner->xssClean($this->vBUrlScheme . '://' . $url_info['host'] . $port . $vBUrlScriptPath . $vbUrlRelativePath);
if (!defined('VB_URL_BASE_PATH')) {
define('VB_URL_BASE_PATH', $this->vBUrlBasePath);
}
$this->scriptPath = $cleaner->xssClean($this->addQuery($this->vBUrlPath));
// legacy constants
if (!defined('SCRIPT')) {
define('SCRIPT', $_SERVER['SCRIPT_NAME']);
}
if (!defined('SCRIPTPATH')) {
define('SCRIPTPATH', $this->scriptPath);
}
if (!empty($url_info) and !empty($url_info['host'])) {
$this->vBHttpHost = $url_info['host'];
if (!defined('VB_HTTP_HOST')) {
define('VB_HTTP_HOST', $this->vBHttpHost);
}
}
}
/**
* Updates the title
*
* @param string The folder name
* @param int The folder ID
*
* @return array The array of folder information for this folder.
*/
public function updateFolderTitle($folderName, $folderid)
{
if (!$this->canUsePmSystem()) {
throw new vB_Exception_Api('not_logged_no_permission');
}
$userid = vB::getCurrentSession()->get('userid');
$this->library->checkFolders($userid);
if (empty($folderid) or empty($folderName)) {
throw new vB_Exception_Api('invalid_data');
}
$cleaner = vB::get_cleaner();
$foldername = $cleaner->clean($folderName, $vartype = vB_Cleaner::TYPE_NOHTML);
$folderid = intval($folderid);
$folders = $this->library->fetchFolders($userid);
if (!array_key_exists($folderid, $folders['folders']) or in_array($folderid, $folders['systemfolders'])) {
throw new vB_Exception_Api('invalid_data');
}
if (empty($foldername) or strlen($foldername) > 512) {
throw new vB_Exception_Api('invalid_msgfolder_name');
}
//If we got here we have valid data.
return $this->assertor->assertQuery('vBForum:messagefolder', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_UPDATE, vB_dB_Query::CONDITIONS_KEY => array('folderid' => $folderid), 'title' => $foldername));
}
/**
* Get the return url for the tag UI
*
* This is where we go when we finish saving tag changes.
*
*/
public function fetchReturnUrl()
{
$cleaner = vB::get_cleaner();
$cleaned = $cleaner->clean('returnurl', vB_Cleaner::TYPE_STR);
if ($cleaned['returnurl']) {
return $cleaned['returnurl'];
} else {
return "";
}
}
