public function __construct() { // in collapsed form, we want to be able to load API classes $core_path = vB5_Config::instance()->core_path; vB5_Autoloader::register($core_path); vB::init(); $request = new vB_Request_Test(array('userid' => 1, 'ipAddress' => '127.0.0.1', 'altIp' => '127.0.0.1', 'userAgent' => 'CLI')); vB::setRequest($request); $request->createSession(); }
/** * This enables a light session. The main issue is that we skip testing control panel, last activity, and shutdown queries. */ public function init() { if ($this->initialized) { return true; } //initialize core $core_path = vB5_Config::instance()->core_path; require_once $core_path . '/vb/vb.php'; vB::init(); $request = new vB_Request_WebApi(); vB::setRequest($request); $config = vB5_Config::instance(); $cookiePrefix = $config->cookie_prefix; $checkTimeout = false; if (empty($_COOKIE[$cookiePrefix . 'sessionhash'])) { $sessionhash = false; if (!empty($_REQUEST['s'])) { $sessionhash = (string) $_REQUEST['s']; $checkTimeout = true; } } else { $sessionhash = $_COOKIE[$cookiePrefix . 'sessionhash']; } if (empty($_COOKIE[$cookiePrefix . 'cpsession'])) { $cphash = false; } else { $cphash = $_COOKIE[$cookiePrefix . 'cpsession']; } if (empty($_COOKIE[$cookiePrefix . 'languageid'])) { $languageid = 0; } else { $languageid = $_COOKIE[$cookiePrefix . 'languageid']; } vB_Api_Session::startSessionLight($sessionhash, $cphash, $languageid, $checkTimeout); $this->initialized = true; }
/** This is the standard way to initialize an application * * @param string location of the configuration file * * @return this application object */ public static function init($configFile) { self::$instance = new vB5_Frontend_ApplicationLight(); $config = vB5_Config::instance(); $config->loadConfigFile($configFile); $corePath = vB5_Config::instance()->core_path; //this will be set by vb::init //define('CWD', $corePath); define('CSRF_PROTECTION', true); define('VB_AREA', 'Presentation'); require_once $corePath . "/vb/vb.php"; vB::init(); vB::setRequest(new vB_Request_WebApi()); self::ajaxCharsetConvert(); return self::$instance; }
$api_sig = trim($_REQUEST['api_sig']); $api_version = intval($_REQUEST['api_v']); global $VB_API_PARAMS_TO_VERIFY, $VB_API_REQUESTS; if (empty($api_m) || $api_version >= VB5_API_VERSION_START && !strpos($api_m, '.') && !strstr($api_m, 'api_init')) { header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request'); header("Connection: Close"); die; } unset($_GET['']); // See VBM-835 $VB_API_PARAMS_TO_VERIFY = $_GET; unset($VB_API_PARAMS_TO_VERIFY['api_c'], $VB_API_PARAMS_TO_VERIFY['api_v'], $VB_API_PARAMS_TO_VERIFY['api_s'], $VB_API_PARAMS_TO_VERIFY['api_sig'], $VB_API_PARAMS_TO_VERIFY['debug'], $VB_API_PARAMS_TO_VERIFY['showall'], $VB_API_PARAMS_TO_VERIFY['do'], $VB_API_PARAMS_TO_VERIFY['r']); ksort($VB_API_PARAMS_TO_VERIFY); $VB_API_REQUESTS = array('api_m' => $api_m, 'api_version' => $api_version, 'api_c' => $api_c, 'api_s' => $api_s, 'api_sig' => $api_sig); $request = new vB_Request_Api(); vB::setRequest($request); try { $request->createSession($VB_API_PARAMS_TO_VERIFY, $VB_API_REQUESTS); } catch (Exception $e) { if ($e instanceof vB_Exception_Api) { print_apierror($e->get_errors(), $e->getMessage()); } else { print_apierror($e->getMessage()); } } $api_m = trim($_REQUEST['api_m']); // API Version if (!$api_version) { $api_version = VB_API_VERSION; } if ($api_version < VB_API_VERSION_MIN) {
echo 'VB_AREA and THIS_SCRIPT must be defined to continue'; exit; } // start the page generation timer define('TIMESTART', microtime(true)); // set the current unix timestamp define('TIMENOW', time()); // Define safe_mode define('SAFEMODE', (@ini_get('safe_mode') == 1 or strtolower(@ini_get('safe_mode')) == 'on') ? true : false); // ############################################################################# // fetch the core includes if (!class_exists('vB')) { require_once dirname(__FILE__) . '/../vb/vb.php'; } vB::init(); vB::setRequest(new vB_Request_Web()); require_once CWD . '/includes/class_core.php'; // initialize the data registry global $vbulletin; $vbulletin = vB::get_registry(); $vb5_config =& vB::getConfig(); if ($vb5_config['Misc']['debug']) { restore_error_handler(); } $db =& $vbulletin->db; require_once DIR . '/includes/functions.php'; if (defined('DEMO_MODE') and DEMO_MODE and function_exists('vbulletin_demo_init_db')) { vbulletin_demo_init_db(); } // ############################################################################# // fetch options and other data from the datastore
public function init() { if ($this->initialized) { return true; } //initialize core $core_path = vB5_Config::instance()->core_path; require_once $core_path . '/vb/vb.php'; vB::init(); $request = new vB_Request_WebApi(); vB::setRequest($request); // When we reach here, there's no user information loaded. What we can do is trying to load language from cookies. // Shouldn't use vB5_User::getLanguageId() as it will try to load userinfo from session $languageid = vB5_Cookie::get('languageid', vB5_Cookie::TYPE_UINT); if ($languageid) { $request->setLanguageid($languageid); } $sessionhash = vB5_Cookie::get('sessionhash', vB5_Cookie::TYPE_STRING); $restoreSessionInfo['userid'] = vB5_Cookie::get('userid', vB5_Cookie::TYPE_STRING); $restoreSessionInfo['remembermetoken'] = vB5_Cookie::get('password', vB5_Cookie::TYPE_STRING); $remembermetokenOrig = $restoreSessionInfo['remembermetoken']; $retry = false; if ($restoreSessionInfo['remembermetoken'] == 'facebook-retry') { $restoreSessionInfo['remembermetoken'] = 'facebook'; $retry = true; } //We normally don't allow the use of the backend classes in the front end, but the //rules are relaxed inside the api class and especially in the bootstrap dance of getting //things set up. Right now getting at the options in the front end is nasty, but I don't //want the backend dealing with cookies if I can help it (among other things it makes //it nasty to handle callers of the backend that don't have cookies). But we need //so information to determine what the cookie name is. This is the least bad way //of handling things. $options = vB::getDatastore()->getValue('options'); if ($options['facebookactive'] and $options['facebookappid']) { //this is not a vB cookie so it doesn't use our prefix -- which the cookie class adds automatically $cookie_name = 'fbsr_' . $options['facebookappid']; $restoreSessionInfo['fb_signed_request'] = isset($_COOKIE[$cookie_name]) ? strval($_COOKIE[$cookie_name]) : ''; } $session = $request->createSessionNew($sessionhash, $restoreSessionInfo); if ($session['sessionhash'] !== $sessionhash) { vB5_Cookie::set('sessionhash', $session['sessionhash'], 0, true); } //redirect to handle a stale FB cookie when doing a FB "remember me". //only do it once to prevent redirect loops -- don't try this with //posts since we'd lose the post data in that case // //Some notes on the JS code (don't want them in the JS inself to avoid //increasing what gets sent to the browser). //1) This code is deliberately designed to avoid using subsystems that // would increase the processing time for something that doesn't need it // (we even avoid initializing JQUERY here). This is the reason it is // inline and not in a template. //2) The code inits the FB system which will create update the cookie // if it is able to validate the user. The cookie is what we are after. // We use getLoginStatus instead of setting status to true because // the latter introduces a race condition were we can do the redirect // before the we've fully initialized and updated the cookie. The // explicit call to getLoginStatus allows us to redirect when the // status is obtained. //3) If we fail to update the cookie we catch that when we try to // create the vb session (which is why we only allow one retry) //4) The JS here should *never* prompt the user, assuming the FB // docs are correct. //5) If the FB version is changed it needs to changed in the // FB library class and the facebook.js file if (strtolower($_SERVER['REQUEST_METHOD']) == 'get' and vB::getCurrentSession()->get('userid') == 0 and $options['facebookactive'] and $options['facebookappid'] and $restoreSessionInfo['remembermetoken'] == 'facebook') { if (!$retry) { //if this isn't a retry, then do a redirect vB5_Auth::setRememberMeCookies('facebook-retry', $restoreSessionInfo['userid']); $fbredirect = "\n\t\t\t\t\t<!DOCTYPE html>\n\t\t\t\t\t<html>\n\t\t\t\t\t<head>\n\t\t\t\t\t\t<script type='text/javascript' src='//connect.facebook.net/en_US/sdk.js'></script>\n\t\t\t\t\t\t<script type='text/javascript'>\n\t\t\t\t\t\t\tFB.init({\n\t\t\t\t\t\t\t\tappId : '{$options['facebookappid']}',\n\t\t\t\t\t\t\t\tversion : 'v2.2',\n\t\t\t\t\t\t\t\tstatus : false,\n\t\t\t\t\t\t\t\tcookie : true,\n\t\t\t\t\t\t\t\txfbml : false\n\t\t\t\t\t\t\t});\n\n\t\t\t\t\t\t\tFB.getLoginStatus(function(response)\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\twindow.top.location.reload(true);\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t</script>\n\t\t\t\t\t</head>\n\t\t\t\t\t<body></body>\n\t\t\t\t\t</html>\n\t\t\t\t"; echo $fbredirect; exit; } else { //we tried and failed to log in via FB. That probably means that the user //is logged out of facebook. Let's kill the autolog in so that we stop //trying to connect via FB vB5_Auth::setRememberMeCookies('', ''); } } //if we have an existing token and if we got a token back from the session that is different then we //need to update the token in the browser. We shouldn't get a token back if we didn't pass one in but //we shouldn't depend on that behavior. if ($session['remembermetoken'] and $session['remembermetoken'] != $remembermetokenOrig) { vB5_Auth::setRememberMeCookies($session['remembermetoken'], $restoreSessionInfo['userid']); } // Try to set cpsession hash to session object if exists vB::getCurrentSession()->setCpsessionHash(vB5_Cookie::get('cpsession', vB5_Cookie::TYPE_STRING)); // Update lastvisit/lastactivity $info = vB::getCurrentSession()->doLastVisitUpdate(vB5_Cookie::get('lastvisit', vB5_Cookie::TYPE_UINT), vB5_Cookie::get('lastactivity', vB5_Cookie::TYPE_UINT)); if (!empty($info)) { // for guests we need to set some cookies if (isset($info['lastvisit'])) { vB5_Cookie::set('lastvisit', $info['lastvisit']); } if (isset($info['lastactivity'])) { vB5_Cookie::set('lastactivity', $info['lastactivity']); } } $this->initialized = true; }