public static function getLanguageId() { if ($languageid = vB5_Cookie::get('languageid', vB5_Cookie::TYPE_UINT)) { return $languageid; } else { return self::instance()->_get('languageid'); } }
protected function processQueryString() { if (!isset($_SERVER['QUERY_STRING'])) { $_SERVER['QUERY_STRING'] = ''; } parse_str($_SERVER['QUERY_STRING'], $params); if (isset($params['styleid'])) { $styleid = intval($params['styleid']); $styleid = $styleid > 0 ? $styleid : 1; vB5_Cookie::set('userstyleid', $styleid, 0, false); $prefix = vB5_Config::instance()->cookie_prefix; $_COOKIE[$prefix . 'userstyleid'] = $styleid; // set it for the rest of this request as well } }
/** * Gets the styles to be used ordered by preference */ protected function getStylePreference() { $this->stylePreference = array(); try { $router = vB5_ApplicationAbstract::instance()->getRouter(); if (!empty($router)) { $arguments = $router->getArguments(); // #1 check for a forced style in current route if (!empty($arguments) and !empty($arguments['forceStyleId']) and intval($arguments['forceStyleId'])) { $this->stylePreference[] = $arguments['forceStyleId']; } } } catch (vB5_Exception $e) { // the application instance might not be initialized yet, so just ignore this first check } // #2 check for a style cookie (style chooser in footer) // If style is set in querystring, the routing component will set this cookie (VBV-3322) $cookieStyleId = vB5_Cookie::get('userstyleid', vB5_Cookie::TYPE_UINT); if (!empty($cookieStyleId)) { $this->stylePreference[] = $cookieStyleId; } // #3 check for user defined style $userStyleId = vB5_User::get('styleid'); if (!empty($userStyleId)) { $this->stylePreference[] = $userStyleId; } // #4 check for a route style which is not forced if (!empty($arguments) and isset($arguments['routeStyleId']) and is_int($arguments['routeStyleId'])) { $this->stylePreference[] = $arguments['routeStyleId']; } // #5 check for the overall site default style $defaultStyleId = vB5_Template_Options::instance()->get('options.styleid'); if ($defaultStyleId) { $this->stylePreference[] = $defaultStyleId; } // Moved from Api_Interface_Collapsed::init, it was calling getPreferredStyleId when the forced // style set by the route wasn't ready yet. (see VBV-3324) if (!empty($this->stylePreference[0])) { // If style is -1 then fetch site default styleid if ($this->stylePreference[0] == '-1') { $this->stylePreference[0] = $defaultStyleId; } vB::getCurrentSession()->set('styleid', $this->stylePreference[0]); } }
/** * Fetch the Avatars for a userid array * * @param array The User IDs array * @param boolean $ Whether to get the Thumbnailed avatar or not * @param array Array of userinfo, possibly already containing the avatar information * @return array Information regarding the avatar */ public function fetchAvatars($userids = array(), $thumb = false, $userinfo = array()) { foreach ($userinfo as $userid => $_userinfo) { if (!isset($this->avatarUserCache[$userid]) and isset($_userinfo['hascustomavatar'])) { $this->avatarUserCache[$userid] = array('userid' => $_userinfo['userid'], 'avatarid' => $_userinfo['avatarid'], 'avatarpath' => $_userinfo['avatarpath'], 'avatarrevision' => $_userinfo['avatarrevision'], 'dateline' => $_userinfo['avatardateline'], 'width' => $_userinfo['avwidth'], 'height' => $_userinfo['avheight'], 'height_thumb' => $_userinfo['avheight_thumb'], 'width_thumb' => $_userinfo['avwidth_thumb']); } } if (empty($userids)) { return false; } if (empty($thumb)) { $typekey = 'avatar'; } elseif ($thumb === 'profile') { $typekey = 'profile'; $thumb = false; } else { $typekey = 'thumb'; } $cachedKeys = array(); if (isset($this->avatarsCache[$typekey])) { $cachedKeys = array_keys($this->avatarsCache[$typekey]); } $notCachedKeys = array_diff($userids, $cachedKeys); $cachedIdsKeys = array_intersect($cachedKeys, $userids); $arrayAux = array(); foreach ($notCachedKeys as $notCachedKey) { $arrayAux[$notCachedKey] = $notCachedKey; } $notCached = $arrayAux; $arrayAux = array(); foreach ($cachedIdsKeys as $cachedIdsKey) { $arrayAux[$cachedIdsKey] = $this->avatarsCache[$typekey][$cachedIdsKey]; } $cachedIds = $arrayAux; unset($arrayAux); $avatarsurl = array(); if (!empty($notCached)) { $options = vB::getDatastore()->getValue('options'); $avatars = array(); foreach ($notCached as $userid) { if (isset($this->avatarUserCache[$userid])) { $avatars[$userid] = $this->avatarUserCache[$userid]; unset($notCached[$userid]); } } if (!empty($notCached)) { $avatarsinfo = vB::getDbAssertor()->assertQuery('vbForum:fetchAvatarsForUsers', array('userid' => $notCached)); foreach ($avatarsinfo as $user) { $this->avatarUserCache[$user['userid']] = $user; $avatars[$user['userid']] = $user; } } $avatarpaths = array(); foreach ($avatars as $user) { $userid = $user['userid']; $this->avatarsCache[$typekey][$userid]['avatarurl'] = array(); if (!empty($user['avatarid'])) { if (!isset($avatarpaths[$user['avatarid']])) { $avatarpath = $user['avatarpath']; //If this is an absolute path we must trim the DIR portion if (substr($avatarpath, 0, strlen(DIR)) == DIR) { $avatarpath = substr($avatarpath, strlen(DIR) + 1); } $avatarpaths[$user['avatarid']] = array('hascustom' => 0, 'avatarpath' => $avatarpath); } $this->avatarsCache[$typekey][$userid]['avatarurl'] = $avatarpaths[$user['avatarid']]; } else { $this->avatarsCache['avatar'][$userid]['avatarurl'] = array('hascustom' => 1); $this->avatarsCache['thumb'][$userid]['avatarurl'] = array('hascustom' => 1); $this->avatarsCache['profile'][$userid]['avatarurl'] = array('hascustom' => 1); $defaultAvatarPath = 'images/default/default_avatar_medium.png'; $defaultAvatarThumbPath = 'images/default/default_avatar_thumb.png'; $defaultAvatarProfilePath = 'images/default/default_avatar_large.png'; //the user did not select any avatars if (!$user['avatarrevision'] and !$user['dateline'] or $options['usefileavatar'] and !$user['filename']) { $this->avatarsCache['avatar'][$userid]['avatarurl']['avatarpath'] = $defaultAvatarPath; $this->avatarsCache['avatar'][$userid]['avatarurl']['hascustom'] = 0; $this->avatarsCache['thumb'][$userid]['avatarurl']['avatarpath'] = $defaultAvatarThumbPath; $this->avatarsCache['thumb'][$userid]['avatarurl']['hascustom'] = 0; $this->avatarsCache['profile'][$userid]['avatarurl']['avatarpath'] = $defaultAvatarProfilePath; $this->avatarsCache['profile'][$userid]['avatarurl']['hascustom'] = 0; } else { if ($options['usefileavatar']) { $avatarpathoption = substr($options['avatarpath'], 0, 2) == './' ? substr($options['avatarpath'], 2) : $options['avatarpath']; $userAvatar = $avatarpathoption . "/{$user['filename']}"; $userThumb = $avatarpathoption . "/thumbs/{$user['filename']}"; if (file_exists(DIR . "/" . $userAvatar) and file_exists(DIR . "/" . $userThumb)) { $this->avatarsCache['avatar'][$userid]['avatarurl']['avatarpath'] = $userAvatar; $this->avatarsCache['thumb'][$userid]['avatarurl']['avatarpath'] = $userThumb; $this->avatarsCache['profile'][$userid]['avatarurl']['avatarpath'] = $userAvatar; } else { $this->avatarsCache['avatar'][$userid]['avatarurl']['avatarpath'] = $defaultAvatarPath; $this->avatarsCache['avatar'][$userid]['avatarurl']['hascustom'] = 0; $this->avatarsCache['thumb'][$userid]['avatarurl']['avatarpath'] = $defaultAvatarThumbPath; $this->avatarsCache['thumb'][$userid]['avatarurl']['hascustom'] = 0; $this->avatarsCache['profile'][$userid]['avatarurl']['avatarpath'] = $defaultAvatarProfilePath; $this->avatarsCache['profile'][$userid]['avatarurl']['hascustom'] = 0; } } else { $add_session = (class_exists('vB5_Cookie') and vB5_Cookie::isEnabled()) ? '' : vB::getCurrentSession()->get('sessionurl'); $this->avatarsCache['avatar'][$userid]['avatarurl']['avatarpath'] = "image.php?" . $add_session . "userid={$userid}"; $this->avatarsCache['thumb'][$userid]['avatarurl']['avatarpath'] = "image.php?" . $add_session . "userid={$userid}&thumb=1"; $this->avatarsCache['profile'][$userid]['avatarurl']['avatarpath'] = "image.php?" . $add_session . "userid={$userid}&profile=1"; if (!empty($user['dateline'])) { $this->avatarsCache['profile'][$userid]['avatarurl']['avatarpath'] .= '&dateline=' . $user['dateline']; $this->avatarsCache['thumb'][$userid]['avatarurl']['avatarpath'] .= '&dateline=' . $user['dateline']; $this->avatarsCache['avatar'][$userid]['avatarurl']['avatarpath'] .= '&dateline=' . $user['dateline']; } } } /* This code was used in vB3 & 4 to passback the avatar image sizes for use in the templates As far as I can tell, no vB5 templates make use of this, so I have commented it out for now */ // if ($thumb) // { // if (isset($user['width_thumb']) AND isset($user['height_thumb'])) // { // $avatarurl[] = " width=\"$user[width_thumb]\" height=\"$user[height_thumb]\" "; // } // } // else // { // if (isset($user['width']) AND isset($user['height'])) // { // $avatarurl[] = " width=\"$user[width]\" height=\"$user[height]\" "; // } // } } //$this->avatarsCache[$typekey][$userid]['avatarurl'] = $avatarurl; $avatarsurl[$userid] = $this->avatarsCache[$typekey][$userid]['avatarurl']; } } if (!empty($cachedIds)) { foreach ($cachedIds as $uId => $avatarArray) { $avatarsurl[$uId] = $avatarArray['avatarurl']; } } return $avatarsurl; }
function do_logout() { $vbulletin = vB::get_registry(); $userinfo = vB_Api::instance('user')->fetchUserInfo(); $cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('fr_username' => vB_Cleaner::TYPE_STR)); if ($userinfo['userid'] < 1) { return json_error(ERR_NO_PERMISSION); } $tableinfo = $vbulletin->db->query_first("\n\t\tSHOW TABLES LIKE '" . TABLE_PREFIX . "forumrunner_push_users'\n\t\t"); if ($tableinfo) { $vbulletin->db->query_write("\n\t\t\tDELETE FROM " . TABLE_PREFIX . "forumrunner_push_users\n\t\t\tWHERE fr_username = '******'fr_username']) . "' AND vb_userid = {$userinfo['userid']}\n\t\t\t"); } vB_User::processLogout(); // // Properly set cookies on logout // $login = array(); $session = vB::getCurrentSession(); $login['sessionhash'] = $session->get('sessionhash'); $login['password'] = $session->get('password'); $login['cpsession'] = $session->get('cpsession'); $login['userid'] = $session->get('userid'); vB5_Cookie::set('cpsession', $login['cpsession'], 30); vB5_Cookie::set('sessionhash', $login['sessionhash'], 30); vB5_Cookie::set('password', $login['password'], 30); vB5_Cookie::set('userid', $login['userid'], 30); return array('success' => true, 'requires_authentication' => requires_authentication()); }
/** * This handles all saves of social group data. */ public function actionSocialgroup() { $fields = array('title', 'description', 'nodeid', 'filedataid', 'invite_usernames', 'parentid', 'invite_userids', 'group_type', 'viewperms', 'commentperms', 'moderate_topics', 'autoparselinks', 'disablesmilies', 'allow_post', 'approve_subscription', 'group_type'); // forum options map $channelOpts = array('allowsmilies' => 'disablesmilies', 'allowposting' => 'allow_post'); $input = array(); foreach ($fields as $field) { if (isset($_POST[$field])) { $input[$field] = $_POST[$field]; } } //If this is the "permission" step, we must pass the four checkboxes if (isset($_POST['next']) and $_POST['next'] == 'contributors') { foreach (array('moderate_comments', 'autoparselinks', 'disablesmilies', 'allow_post', 'approve_subscription', 'moderate_topics') as $field) { // channeloptions if ($idx = array_search($field, $channelOpts)) { // some options means totally the oppositve than the bf when enable, tweak then if (isset($_POST[$field])) { $input['options'][$idx] = in_array($field, array('disablesmilies')) ? 0 : 1; } else { $input['options'][$idx] = in_array($field, array('disablesmilies')) ? 1 : 0; } } if (!isset($_POST[$field])) { $input[$field] = 0; } } } // default input values $input['displayorder'] = 1; $api = Api_InterfaceAbstract::instance(); if (count($input) > 1) { if (!isset($input['nodeid']) or intval($input['nodeid']) == 0) { $nodeid = $api->callApi('socialgroup', 'createSocialGroup', array($input)); $url = vB5_Template_Options::instance()->get('options.frontendurl') . '/sgadmin/create/settings'; if (is_array($nodeid) and array_key_exists('errors', $nodeid)) { $message = $api->callApi('phrase', 'fetch', array('phrases' => $nodeid['errors'][0][0])); if (empty($message)) { $message = $api->callApi('phrase', 'fetch', array('phrases' => 'pm_ajax_error_desc')); } vB5_ApplicationAbstract::handleFormError(array_pop($message), $url); } if (!is_numeric($nodeid) and !empty($nodeid['errors'])) { $urlparams = array('sgaction' => 'create', 'action2' => 'settings'); $url = $api->callApi('route', 'getUrl', array('sgadmin', $urlparams, array())); header('Location: ' . vB5_Template_Options::instance()->get('options.frontendurl') . $url); vB5_Cookie::set('sgadmin_error', $nodeid['errors'][0][0]); if (isset($input['title'])) { vB5_Cookie::set('sg_title', $input['title']); } if (isset($input['description'])) { vB5_Cookie::set('sg_description', $input['description']); } die; } if ($nodeid and !empty($nodeid['errors'])) { $urlparams = array('sgaction' => 'create', 'action2' => 'settings'); $url = $api->callApi('route', 'getUrl', array('sgadmin', $urlparams, array())); header('Location: ' . vB5_Template_Options::instance()->get('options.frontendurl') . $url); vB5_Cookie::set('sgadmin_error', $nodeid['errors'][0][0]); if (isset($input['title'])) { vB5_Cookie::set('sg_title', $input['title']); } if (isset($input['description'])) { vB5_Cookie::set('sg_description', $input['description']); } die; } } else { if (isset($input['invite_usernames']) and $input['nodeid']) { $inviteUnames = explode(',', $input['invite_usernames']); $inviteIds = isset($input['invite_userids']) ? $input['invite_userids'] : array(); $nodeid = $input['nodeid']; $api->callApi('user', 'inviteMembers', array($inviteIds, $inviteUnames, $nodeid, 'sg_member_to')); } else { $nodeid = $input['nodeid']; unset($input['nodeid']); $update = $api->callApi('content_channel', 'update', array($nodeid, $input)); // set group type nodeoptions if (empty($update['errors']) and isset($input['group_type'])) { $bitfields = array(); switch ($input['group_type']) { case 2: $bitfields['invite_only'] = 1; $bitfields['approve_membership'] = 0; break; case 1: $bitfields['invite_only'] = 0; $bitfields['approve_membership'] = 0; break; default: $bitfields['invite_only'] = 0; $bitfields['approve_membership'] = 1; break; } $api->callApi('node', 'setNodeOptions', array($nodeid, $bitfields)); } //if this is for the permission page we handle differently } } // set_exception_handler(array('vB5_ApplicationAbstract','handleException')); // // if (!is_numeric($nodeid) AND !empty($nodeid['errors'])) // { // throw new exception($nodeid['errors'][0][0]); // } } else { if (isset($_POST['nodeid'])) { $nodeid = $_POST['nodeid']; if (isset($_POST['next']) and $_POST['next'] == 'contributors') { $updates = array(); foreach (array('allow_post', 'moderate_comments', 'autoparselinks', 'disablesmilies', 'approve_subscription') as $bitfield) { if (empty($_POST[$bitfield])) { $updates[$bitfield] = 0; } else { $updates[$bitfield] = 1; } } $api->callApi('node', 'setNodeOptions', array($nodeid, $updates)); $updates = array(); if (isset($_POST['viewperms'])) { $updates['viewperms'] = $_POST['viewperms']; } if (isset($_POST['commentperms'])) { $updates['commentperms'] = $_POST['commentperms']; } if (!empty($updates)) { $results = $api->callApi('node', 'setNodePerms', array($nodeid, $updates)); } } } else { $nodeid = 0; } } //If the user clicked Next we go to the permissions page. Otherwise we go to the node. if (isset($_POST['btnSubmit'])) { if (isset($_POST['next'])) { $action2 = $_POST['next']; } else { $action2 = 'permissions'; } if (isset($_POST['sgaction'])) { $sgaction = $_POST['sgaction']; } else { $sgaction = 'admin'; } $urlparams = array('nodeid' => $nodeid, 'sgaction' => $sgaction, 'action2' => $action2); $url = $api->callApi('route', 'getUrl', array('sgadmin', $urlparams, array())); } else { $node = $api->callApi('node', 'getNode', array('nodeid' => $nodeid)); $url = $api->callApi('route', 'getUrl', array($node['routeid'], array('nodeid' => $nodeid, 'title' => $node['title'], 'urlident' => $node['urlident']), array())); } header('Location: ' . vB5_Template_Options::instance()->get('options.frontendurl') . $url); }
/** * Checks whether a user with a specific birthday is COPPA **/ public function actionIscoppa() { $vboptions = vB5_Template_Options::instance()->getOptions(); $vboptions = $vboptions['options']; // Coppaage cookie if ($vboptions['usecoppa'] and $vboptions['checkcoppa']) { vB5_Cookie::set('coppaage', $_REQUEST['month'] . '-' . $_REQUEST['day'] . '-' . $_REQUEST['year'], 365, 0); } //Note that 0 = wide open // 1 means COPPA users (under 13) can register but need approval before posting // 2 means COPPA users cannot register $api = Api_InterfaceAbstract::instance(); $coppa = $api->callApi('user', 'needsCoppa', array('data' => $_REQUEST)); $this->sendAsJson(array('needcoppa' => $coppa)); }
public function actionLogout() { $api = Api_InterfaceAbstract::instance(); $api->callApi('user', 'logout', array($_REQUEST['logouthash'])); //delete all cookies with cookiePrefix vB5_Cookie::deleteAll(); // @todo: this should redirect the user back to where they were header('Location: ' . vB5_Template_Options::instance()->get('options.frontendurl')); exit; }
function fr_parse_thread($node, $previewtype = 1) { $userinfo = vB_Api::instance('user')->fetchUserInfo(); $options = vB::get_datastore()->get_value('options'); $topic = array('thread_id' => $node['nodeid'], 'thread_title' => html_entity_decode($node['title']), 'forum_id' => $node['parentid'], 'forum_title' => $node['content']['channeltitle'], 'post_username' => $node['userid'] > 0 ? $node['authorname'] : (string) new vB_Phrase('global', 'guest'), 'post_userid' => $node['userid'], 'post_lastposttime' => fr_date($node['lastupdate']), 'total_posts' => $node['textcount']); $did_lastcontent = false; if ($node['lastcontentid'] > 0 && $node['lastcontentid'] != $node['nodeid'] && $previewtype == 2) { $lastcontent = vB_Api::instance('node')->getFullContentforNodes(array($node['lastcontentid'])); $lastcontent = $lastcontent[0]; if ($lastcontent['parentid'] == $lastcontent['starter']) { if (in_array($lastcontent['content']['contenttypeclass'], array('Text', 'Photo', 'Link', 'Video'))) { $topic['post_userid'] = $node['lastauthorid']; $topic['post_username'] = $node['lastauthorid'] > 0 ? $node['lastcontentauthor'] : (string) new vB_Phrase('global', 'guest'); $topic['thread_preview'] = make_preview($lastcontent['content']['rawtext']); if ($avatarurl = fr_find_avatarurl($lastcontent)) { $topic['avatarurl'] = $options['bburl'] . '/' . $avatarurl; } $did_lastcontent = true; } } } if (!$did_lastcontent) { $topic['thread_preview'] = make_preview($node['content']['rawtext']); if ($avatarurl = fr_find_avatarurl($node)) { $topic['avatarurl'] = $options['bburl'] . '/' . $avatarurl; } } if ($options['threadmarking'] and $userinfo['userid']) { $userlastvisit = !empty($node['readtime']) ? $node['readtime'] : vB::getRequest()->getTimeNow() - $options['markinglimit'] * 86400; } else { $lastvisit = vB5_Cookie::get('lastvisit', vB5_Cookie::TYPE_UINT); $forumview = fr_fetch_bbarray_cookie('discussion-view', $node['nodeid']); //use which one produces the highest value, most likely cookie $userlastvisit = $forumview > $lastvisit ? $forumview : $lastvisit; } if (!empty($node['content']['prefix_plain'])) { $topic['prefix'] = $node['content']['prefix_plain']; } $topic['new_posts'] = 0; if ($node['lastupdate'] and $userlastvisit < $node['lastupdate']) { $topic['new_posts'] = 1; } return $topic; }
public function index($pageid) { //the api init can redirect. We need to make sure that happens before we echo anything $api = Api_InterfaceAbstract::instance(); $top = ''; // We should not cache register page for guest. See VBV-7695. if (vB5_Request::get('cachePageForGuestTime') > 0 and !vB5_User::get('userid') and (empty($_REQUEST['routestring']) or $_REQUEST['routestring'] != 'register' and $_REQUEST['routestring'] != 'lostpw')) { // languageid should be in the pagekey to fix VBV-8095 $fullPageKey = 'vBPage_' . md5(serialize($_REQUEST)) . '_' . vB::getCurrentSession()->get('languageid'); $styleid = vB5_Cookie::get('userstyleid', vB5_Cookie::TYPE_UINT); if (!empty($styleid)) { $fullPageKey .= '_' . $styleid; } $fullPage = vB_Cache::instance(vB_Cache::CACHE_LARGE)->read($fullPageKey); if (!empty($fullPage)) { echo $fullPage; exit; } } $preheader = vB5_ApplicationAbstract::getPreheader(); $top .= $preheader; if (vB5_Request::get('useEarlyFlush')) { echo $preheader; flush(); } $router = vB5_ApplicationAbstract::instance()->getRouter(); $arguments = $router->getArguments(); $userAction = $router->getUserAction(); $pageKey = $router->getPageKey(); $api->callApi('page', 'preload', array($pageKey)); if (!empty($userAction)) { $api->callApi('wol', 'register', array($userAction['action'], $userAction['params'], $pageKey, vB::getRequest()->getScriptPath(), !empty($arguments['nodeid']) ? $arguments['nodeid'] : 0)); } if (isset($arguments['pagenum'])) { $arguments['pagenum'] = intval($arguments['pagenum']) > 0 ? intval($arguments['pagenum']) : 1; } $pageid = (int) (isset($arguments['pageid']) ? $arguments['pageid'] : (isset($arguments['contentid']) ? $arguments['contentid'] : 0)); if ($pageid < 1) { // @todo This needs to output a user-friendly "page not found" page throw new Exception('Could not find page.'); } $page = $api->callApi('page', 'fetchPageById', array($pageid, $arguments)); if (!$page) { // @todo This needs to output a user-friendly "page not found" page throw new Exception('Could not find page.'); } // Go to the first new / unread post for this user in this topic if (!empty($_REQUEST['goto']) and $_REQUEST['goto'] == 'newpost' and !empty($arguments['nodeid']) and !empty($arguments['channelid'])) { if ($this->vboptions['threadmarking'] and vB5_User::get('userid')) { // Database read marking $channelRead = $api->callApi('node', 'getNodeReadTime', array($arguments['channelid'])); $topicRead = $api->callApi('node', 'getNodeReadTime', array($arguments['nodeid'])); $topicView = max($topicRead, $channelRead, time() - $this->vboptions['markinglimit'] * 86400); } else { // Cookie read marking $topicView = intval(vB5_Cookie::fetchBbarrayCookie('discussion_view', $arguments['nodeid'])); if (!$topicView) { $topicView = vB5_User::get('lastvisit'); } } $topicView = intval($topicView); // Get the first unread reply $goToNodeId = $api->callApi('node', 'getFirstChildAfterTime', array($arguments['nodeid'], $topicView)); if (empty($goToNodeId)) { $thread = $api->callApi('node', 'getNodes', array(array($arguments['nodeid']))); if (!empty($thread) and isset($thread[$arguments['nodeid']])) { $goToNodeId = $thread[$arguments['nodeid']]['lastcontentid']; } } if ($goToNodeId) { // Redirect to the new post $urlCache = vB5_Template_Url::instance(); $urlKey = $urlCache->register($router->getRouteId(), array('nodeid' => $arguments['nodeid']), array('p' => $goToNodeId)); $replacements = $urlCache->finalBuildUrls(array($urlKey)); $url = $replacements[$urlKey]; if ($url) { $url .= '#post' . $goToNodeId; if (headers_sent()) { echo '<script type="text/javascript">window.location = "' . $url . '";</script>'; } else { header('Location: ' . $url); } exit; } } } $page['routeInfo'] = array('routeId' => $router->getRouteId(), 'arguments' => $arguments, 'queryParameters' => $router->getQueryParameters()); $page['crumbs'] = $router->getBreadcrumbs(); $page['headlinks'] = $router->getHeadLinks(); $page['pageKey'] = $pageKey; // default value for pageSchema $page['pageSchema'] = 'http://schema.org/WebPage'; $queryParameters = $router->getQueryParameters(); /* * VBV-12506 * this is where we would add other things to clean up dangerous query params. * For VBV-12486, I'll just unset anything here that can't use vb:var in the templates, * but really we should just make a whitelist of expected page object parameters that * come from the query string and unset EVERYTHING else. For the expected ones, we * should also force the value into the expected (and hopefully safer) range */ /* * VBV-12506 * $doNotReplaceWithQueryParams is a list of parameters that the page object usually * gets naturally/internally, and we NEVER want to replace with a user provided query * parameter. (In fact, *when* exactly DO we want to do this???) * If we don't do this, it's a potential XSS vulnerability for the items that we * cannot send through vb:var for whatever reason (title for ex) * and even if they *are* sent through vb:var, the replacements can sometimes just * break the page even when it's sent through vb:var (for example, ?pagetemplateid=%0D, * the new line this inserts in var pageData = {...} in the header template tends to * break things (tested on Chrome). * Furthermore, any script that uses the pageData var would get the user injected data * that might cause more problems down the line. * Parameter Notes: * 'titleprefix' * As these two should already be html escaped, we don't want to double escape * them. So we can't us vb:var in the templates. As such, we must prevent a * malicious querystring from being injected into the page object here. * 'title' * Similar to above, but channels are allowed to have HTML in the title, so * they are intentinoally not escaped in the DB, and the templates can't use * vb:var. * 'pageid', 'channelid', 'nodeid' * These are usually set in the arguments, so the array_merge below usually * takes care of not passing a pageid query string through to the page object, * but I'm leaving them in just in case. */ $doNotReplaceWithQueryParams = array('titleprefix', 'title', 'pageid', 'channelid', 'nodeid', 'pagetemplateid', 'url', 'pagenum', 'tagCloudTitle'); foreach ($doNotReplaceWithQueryParams as $key) { unset($queryParameters[$key]); } $arguments = array_merge($queryParameters, $arguments); foreach ($arguments as $key => $value) { $page[$key] = $value; } $options = vB5_Template_Options::instance(); $page['phrasedate'] = $options->get('miscoptions.phrasedate'); $page['optionsdate'] = $options->get('miscoptions.optionsdate'); // if no meta description, use node data or global one instead, prefer node data if (empty($page['metadescription']) and !empty($page['nodedescription'])) { $page['metadescription'] = $page['nodedescription']; } if (empty($page['metadescription'])) { $page['metadescription'] = $options->get('options.description'); } $config = vB5_Config::instance(); // Non-persistent notices @todo - change this to use vB_Cookie $page['ignore_np_notices'] = vB5_ApplicationAbstract::getIgnoreNPNotices(); $templateCache = vB5_Template_Cache::instance(); $templater = new vB5_Template($page['screenlayouttemplate']); //IMPORTANT: If you add any variable to the page object here, // please make sure you add them to other controllers which create page objects. // That includes at a minimum the search controller (in two places currently) // and vB5_ApplicationAbstract::showErrorPage $templater->registerGlobal('page', $page); $page = $this->outputPage($templater->render(), false); $fullPage = $top . $page; if (!empty($fullPageKey) and is_string($fullPageKey)) { vB_Cache::instance(vB_Cache::CACHE_LARGE)->write($fullPageKey, $fullPage, vB5_Request::get('cachePageForGuestTime'), 'vbCachedFullPage'); } // these are the templates rendered for this page $loadedTemplates = vB5_Template::getRenderedTemplates(); $api->callApi('page', 'savePreCacheInfo', array($pageKey)); if (!vB5_Request::get('useEarlyFlush')) { echo $fullPage; } else { echo $page; } }
function forumrunner_request($default) { define('MCWD', DIR . '/packages/forumrunner'); define('IN_FRNR', true); header('Content-type: application/json'); if (isset($_REQUEST['d'])) { error_reporting(E_ALL); } else { error_reporting(0); } require_once MCWD . '/version.php'; require_once MCWD . '/support/utils.php'; require_once MCWD . '/support/JSON.php'; require_once MCWD . '/include/general_vb.php'; if (file_exists(MCWD . '/branded.php')) { require_once MCWD . '/branded.php'; } $processed = process_input(array('cmd' => STRING, 'frv' => STRING, 'frp' => STRING)); if (!$processed['cmd']) { return json_error(ERR_NO_PERMISSION); } $frcl_version = '1.3.3'; $frcl_platform = 'ip'; if (isset($processed['frv'])) { $frcl_version = $processed['frv']; } if (isset($processed['frp'])) { $frcl_platform = $processed['frp']; } require_once MCWD . '/support/common_methods.php'; require_once MCWD . '/support/vbulletin_methods.php'; if (file_exists(MCWD . '/support/other_methods.php')) { require_once MCWD . '/support/other_methods.php'; } $json = new Services_JSON(); if (!isset($methods[$processed['cmd']])) { return json_error(ERR_NO_PERMISSION); } if ($methods[$processed['cmd']]['include']) { require_once MCWD . '/include/' . $methods[$processed['cmd']]['include']; } if (isset($_REQUEST['d'])) { error_reporting(E_ALL); } $out = call_user_func($methods[$processed['cmd']]['function']); if (is_string($out)) { return $out; } else { if (is_array($out)) { $data = $out; } else { if (is_bool($out) && $out) { $data = array('success' => true); } else { return json_error(ERR_NO_PERMISSION); } } } // If we're here, we have success! $json_out = array(); $json_out['success'] = true; $json_out['data'] = $data; $json_out['ads'] = fr_show_ad(); $userinfo = vB_Api::instance('user')->fetchUserInfo(); // Return Unread PM/Subscribed Threads count if ($userinfo['userid'] > 0 && $processed['cmd'] != 'get_new_updates' && $processed['cmd'] != 'logout' && $processed['cmd'] != 'login') { if ($userinfo['userid'] > 0) { $json_out['pm_notices'] = get_pm_unread(); $json_out['sub_notices'] = get_sub_thread_updates(); } } vB5_Cookie::set('lastvisit', vB::getRequest()->getTimeNow(), 365, true); return $json->encode($json_out); }
protected static function loadConfig() { if (self::$cookiePrefix !== null) { return; } $config = vB5_Config::instance(); // these could potentially all be config options self::$enabled = $config->cookie_enabled !== false; self::$cookiePrefix = $config->cookie_prefix; $options = vB5_Template_Options::instance(); self::$path = $options->get('options.cookiepath'); self::$domain = $options->get('options.cookiedomain'); self::$secure = ((isset($_SERVER['SERVER_PORT']) and 443 === intval($_SERVER['SERVER_PORT']) or isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] and $_SERVER['HTTPS'] != 'off') and (isset($url['scheme']) and $url['scheme'] == 'https')); }
function fr_get_and_parse_forum($forumid, $foruminfo = false) { $userinfo = vB_Api::instance('user')->fetchUserInfo(); $options = vB::get_datastore()->get_value('options'); if (!$foruminfo) { $foruminfo = vB_Api::instance('node')->getFullContentforNodes(array($forumid)); if (empty($foruminfo)) { return null; } $foruminfo = $foruminfo[0]; } if (!$foruminfo) { return null; } $type = 'old'; if ($options['threadmarking'] and $userinfo['userid']) { $userlastvisit = !empty($foruminfo['readtime']) ? $foruminfo['readtime'] : vB::getRequest()->getTimeNow() - $options['markinglimit'] * 86400; } else { $lastvisit = vB5_Cookie::get('lastvisit', vB5_Cookie::TYPE_UINT); $forumview = fr_fetch_bbarray_cookie('channel_view', $foruminfo['nodeid']); //use which one produces the highest value, most likely cookie $userlastvisit = $forumview > $lastvisit ? $forumview : $lastvisit; } if ($foruminfo['lastcontent'] and $userlastvisit < $foruminfo['lastcontent']) { $type = 'new'; } else { $type = 'old'; } $out = array('id' => $foruminfo['nodeid'], 'new' => $type == 'new' ? true : false, 'name' => html_entity_decode(strip_tags($foruminfo['title'])), 'password' => false); $icon = fr_get_forum_icon($foruminfo['nodeid'], $foruminfo == 'new'); if ($icon) { $out['icon'] = $icon; } if ($foruminfo['description'] != '') { $desc = strip_tags($foruminfo['description']); if (strlen($desc) > 0) { $out['desc'] = $desc; } } return $out; }
public function init() { if ($this->initialized) { return true; } //initialize core $core_path = vB5_Config::instance()->core_path; require_once $core_path . '/vb/vb.php'; vB::init(); $request = new vB_Request_WebApi(); vB::setRequest($request); // When we reach here, there's no user information loaded. What we can do is trying to load language from cookies. // Shouldn't use vB5_User::getLanguageId() as it will try to load userinfo from session $languageid = vB5_Cookie::get('languageid', vB5_Cookie::TYPE_UINT); if ($languageid) { $request->setLanguageid($languageid); } $sessionhash = vB5_Cookie::get('sessionhash', vB5_Cookie::TYPE_STRING); $restoreSessionInfo['userid'] = vB5_Cookie::get('userid', vB5_Cookie::TYPE_STRING); $restoreSessionInfo['remembermetoken'] = vB5_Cookie::get('password', vB5_Cookie::TYPE_STRING); $remembermetokenOrig = $restoreSessionInfo['remembermetoken']; $retry = false; if ($restoreSessionInfo['remembermetoken'] == 'facebook-retry') { $restoreSessionInfo['remembermetoken'] = 'facebook'; $retry = true; } //We normally don't allow the use of the backend classes in the front end, but the //rules are relaxed inside the api class and especially in the bootstrap dance of getting //things set up. Right now getting at the options in the front end is nasty, but I don't //want the backend dealing with cookies if I can help it (among other things it makes //it nasty to handle callers of the backend that don't have cookies). But we need //so information to determine what the cookie name is. This is the least bad way //of handling things. $options = vB::getDatastore()->getValue('options'); if ($options['facebookactive'] and $options['facebookappid']) { //this is not a vB cookie so it doesn't use our prefix -- which the cookie class adds automatically $cookie_name = 'fbsr_' . $options['facebookappid']; $restoreSessionInfo['fb_signed_request'] = isset($_COOKIE[$cookie_name]) ? strval($_COOKIE[$cookie_name]) : ''; } $session = $request->createSessionNew($sessionhash, $restoreSessionInfo); if ($session['sessionhash'] !== $sessionhash) { vB5_Cookie::set('sessionhash', $session['sessionhash'], 0, true); } //redirect to handle a stale FB cookie when doing a FB "remember me". //only do it once to prevent redirect loops -- don't try this with //posts since we'd lose the post data in that case // //Some notes on the JS code (don't want them in the JS inself to avoid //increasing what gets sent to the browser). //1) This code is deliberately designed to avoid using subsystems that // would increase the processing time for something that doesn't need it // (we even avoid initializing JQUERY here). This is the reason it is // inline and not in a template. //2) The code inits the FB system which will create update the cookie // if it is able to validate the user. The cookie is what we are after. // We use getLoginStatus instead of setting status to true because // the latter introduces a race condition were we can do the redirect // before the we've fully initialized and updated the cookie. The // explicit call to getLoginStatus allows us to redirect when the // status is obtained. //3) If we fail to update the cookie we catch that when we try to // create the vb session (which is why we only allow one retry) //4) The JS here should *never* prompt the user, assuming the FB // docs are correct. //5) If the FB version is changed it needs to changed in the // FB library class and the facebook.js file if (strtolower($_SERVER['REQUEST_METHOD']) == 'get' and vB::getCurrentSession()->get('userid') == 0 and $options['facebookactive'] and $options['facebookappid'] and $restoreSessionInfo['remembermetoken'] == 'facebook') { if (!$retry) { //if this isn't a retry, then do a redirect vB5_Auth::setRememberMeCookies('facebook-retry', $restoreSessionInfo['userid']); $fbredirect = "\n\t\t\t\t\t<!DOCTYPE html>\n\t\t\t\t\t<html>\n\t\t\t\t\t<head>\n\t\t\t\t\t\t<script type='text/javascript' src='//connect.facebook.net/en_US/sdk.js'></script>\n\t\t\t\t\t\t<script type='text/javascript'>\n\t\t\t\t\t\t\tFB.init({\n\t\t\t\t\t\t\t\tappId : '{$options['facebookappid']}',\n\t\t\t\t\t\t\t\tversion : 'v2.2',\n\t\t\t\t\t\t\t\tstatus : false,\n\t\t\t\t\t\t\t\tcookie : true,\n\t\t\t\t\t\t\t\txfbml : false\n\t\t\t\t\t\t\t});\n\n\t\t\t\t\t\t\tFB.getLoginStatus(function(response)\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\twindow.top.location.reload(true);\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t</script>\n\t\t\t\t\t</head>\n\t\t\t\t\t<body></body>\n\t\t\t\t\t</html>\n\t\t\t\t"; echo $fbredirect; exit; } else { //we tried and failed to log in via FB. That probably means that the user //is logged out of facebook. Let's kill the autolog in so that we stop //trying to connect via FB vB5_Auth::setRememberMeCookies('', ''); } } //if we have an existing token and if we got a token back from the session that is different then we //need to update the token in the browser. We shouldn't get a token back if we didn't pass one in but //we shouldn't depend on that behavior. if ($session['remembermetoken'] and $session['remembermetoken'] != $remembermetokenOrig) { vB5_Auth::setRememberMeCookies($session['remembermetoken'], $restoreSessionInfo['userid']); } // Try to set cpsession hash to session object if exists vB::getCurrentSession()->setCpsessionHash(vB5_Cookie::get('cpsession', vB5_Cookie::TYPE_STRING)); // Update lastvisit/lastactivity $info = vB::getCurrentSession()->doLastVisitUpdate(vB5_Cookie::get('lastvisit', vB5_Cookie::TYPE_UINT), vB5_Cookie::get('lastactivity', vB5_Cookie::TYPE_UINT)); if (!empty($info)) { // for guests we need to set some cookies if (isset($info['lastvisit'])) { vB5_Cookie::set('lastvisit', $info['lastvisit']); } if (isset($info['lastactivity'])) { vB5_Cookie::set('lastactivity', $info['lastactivity']); } } $this->initialized = true; }
public static function setRememberMeCookies($rememberMeToken, $userid) { vB5_Cookie::set('password', $rememberMeToken, 30); vB5_Cookie::set('userid', $userid, 30); }