Exemplo n.º 1
0
 public static function getLanguageId()
 {
     if ($languageid = vB5_Cookie::get('languageid', vB5_Cookie::TYPE_UINT)) {
         return $languageid;
     } else {
         return self::instance()->_get('languageid');
     }
 }
Exemplo n.º 2
0
 protected function processQueryString()
 {
     if (!isset($_SERVER['QUERY_STRING'])) {
         $_SERVER['QUERY_STRING'] = '';
     }
     parse_str($_SERVER['QUERY_STRING'], $params);
     if (isset($params['styleid'])) {
         $styleid = intval($params['styleid']);
         $styleid = $styleid > 0 ? $styleid : 1;
         vB5_Cookie::set('userstyleid', $styleid, 0, false);
         $prefix = vB5_Config::instance()->cookie_prefix;
         $_COOKIE[$prefix . 'userstyleid'] = $styleid;
         // set it for the rest of this request as well
     }
 }
Exemplo n.º 3
0
 /**
  * Gets the styles to be used ordered by preference
  */
 protected function getStylePreference()
 {
     $this->stylePreference = array();
     try {
         $router = vB5_ApplicationAbstract::instance()->getRouter();
         if (!empty($router)) {
             $arguments = $router->getArguments();
             // #1 check for a forced style in current route
             if (!empty($arguments) and !empty($arguments['forceStyleId']) and intval($arguments['forceStyleId'])) {
                 $this->stylePreference[] = $arguments['forceStyleId'];
             }
         }
     } catch (vB5_Exception $e) {
         // the application instance might not be initialized yet, so just ignore this first check
     }
     // #2 check for a style cookie (style chooser in footer)
     // If style is set in querystring, the routing component will set this cookie (VBV-3322)
     $cookieStyleId = vB5_Cookie::get('userstyleid', vB5_Cookie::TYPE_UINT);
     if (!empty($cookieStyleId)) {
         $this->stylePreference[] = $cookieStyleId;
     }
     // #3 check for user defined style
     $userStyleId = vB5_User::get('styleid');
     if (!empty($userStyleId)) {
         $this->stylePreference[] = $userStyleId;
     }
     // #4 check for a route style which is not forced
     if (!empty($arguments) and isset($arguments['routeStyleId']) and is_int($arguments['routeStyleId'])) {
         $this->stylePreference[] = $arguments['routeStyleId'];
     }
     // #5 check for the overall site default style
     $defaultStyleId = vB5_Template_Options::instance()->get('options.styleid');
     if ($defaultStyleId) {
         $this->stylePreference[] = $defaultStyleId;
     }
     // Moved from Api_Interface_Collapsed::init, it was calling getPreferredStyleId when the forced
     // style set by the route wasn't ready yet. (see VBV-3324)
     if (!empty($this->stylePreference[0])) {
         // If style is -1 then fetch site default styleid
         if ($this->stylePreference[0] == '-1') {
             $this->stylePreference[0] = $defaultStyleId;
         }
         vB::getCurrentSession()->set('styleid', $this->stylePreference[0]);
     }
 }
Exemplo n.º 4
0
 /**
  * Fetch the Avatars for a userid array
  *
  * @param array The User IDs array
  * @param boolean $ Whether to get the Thumbnailed avatar or not
  * @param array	Array of userinfo, possibly already containing the avatar information
  * @return array Information regarding the avatar
  */
 public function fetchAvatars($userids = array(), $thumb = false, $userinfo = array())
 {
     foreach ($userinfo as $userid => $_userinfo) {
         if (!isset($this->avatarUserCache[$userid]) and isset($_userinfo['hascustomavatar'])) {
             $this->avatarUserCache[$userid] = array('userid' => $_userinfo['userid'], 'avatarid' => $_userinfo['avatarid'], 'avatarpath' => $_userinfo['avatarpath'], 'avatarrevision' => $_userinfo['avatarrevision'], 'dateline' => $_userinfo['avatardateline'], 'width' => $_userinfo['avwidth'], 'height' => $_userinfo['avheight'], 'height_thumb' => $_userinfo['avheight_thumb'], 'width_thumb' => $_userinfo['avwidth_thumb']);
         }
     }
     if (empty($userids)) {
         return false;
     }
     if (empty($thumb)) {
         $typekey = 'avatar';
     } elseif ($thumb === 'profile') {
         $typekey = 'profile';
         $thumb = false;
     } else {
         $typekey = 'thumb';
     }
     $cachedKeys = array();
     if (isset($this->avatarsCache[$typekey])) {
         $cachedKeys = array_keys($this->avatarsCache[$typekey]);
     }
     $notCachedKeys = array_diff($userids, $cachedKeys);
     $cachedIdsKeys = array_intersect($cachedKeys, $userids);
     $arrayAux = array();
     foreach ($notCachedKeys as $notCachedKey) {
         $arrayAux[$notCachedKey] = $notCachedKey;
     }
     $notCached = $arrayAux;
     $arrayAux = array();
     foreach ($cachedIdsKeys as $cachedIdsKey) {
         $arrayAux[$cachedIdsKey] = $this->avatarsCache[$typekey][$cachedIdsKey];
     }
     $cachedIds = $arrayAux;
     unset($arrayAux);
     $avatarsurl = array();
     if (!empty($notCached)) {
         $options = vB::getDatastore()->getValue('options');
         $avatars = array();
         foreach ($notCached as $userid) {
             if (isset($this->avatarUserCache[$userid])) {
                 $avatars[$userid] = $this->avatarUserCache[$userid];
                 unset($notCached[$userid]);
             }
         }
         if (!empty($notCached)) {
             $avatarsinfo = vB::getDbAssertor()->assertQuery('vbForum:fetchAvatarsForUsers', array('userid' => $notCached));
             foreach ($avatarsinfo as $user) {
                 $this->avatarUserCache[$user['userid']] = $user;
                 $avatars[$user['userid']] = $user;
             }
         }
         $avatarpaths = array();
         foreach ($avatars as $user) {
             $userid = $user['userid'];
             $this->avatarsCache[$typekey][$userid]['avatarurl'] = array();
             if (!empty($user['avatarid'])) {
                 if (!isset($avatarpaths[$user['avatarid']])) {
                     $avatarpath = $user['avatarpath'];
                     //If this is an absolute path we must trim the DIR portion
                     if (substr($avatarpath, 0, strlen(DIR)) == DIR) {
                         $avatarpath = substr($avatarpath, strlen(DIR) + 1);
                     }
                     $avatarpaths[$user['avatarid']] = array('hascustom' => 0, 'avatarpath' => $avatarpath);
                 }
                 $this->avatarsCache[$typekey][$userid]['avatarurl'] = $avatarpaths[$user['avatarid']];
             } else {
                 $this->avatarsCache['avatar'][$userid]['avatarurl'] = array('hascustom' => 1);
                 $this->avatarsCache['thumb'][$userid]['avatarurl'] = array('hascustom' => 1);
                 $this->avatarsCache['profile'][$userid]['avatarurl'] = array('hascustom' => 1);
                 $defaultAvatarPath = 'images/default/default_avatar_medium.png';
                 $defaultAvatarThumbPath = 'images/default/default_avatar_thumb.png';
                 $defaultAvatarProfilePath = 'images/default/default_avatar_large.png';
                 //the user did not select any avatars
                 if (!$user['avatarrevision'] and !$user['dateline'] or $options['usefileavatar'] and !$user['filename']) {
                     $this->avatarsCache['avatar'][$userid]['avatarurl']['avatarpath'] = $defaultAvatarPath;
                     $this->avatarsCache['avatar'][$userid]['avatarurl']['hascustom'] = 0;
                     $this->avatarsCache['thumb'][$userid]['avatarurl']['avatarpath'] = $defaultAvatarThumbPath;
                     $this->avatarsCache['thumb'][$userid]['avatarurl']['hascustom'] = 0;
                     $this->avatarsCache['profile'][$userid]['avatarurl']['avatarpath'] = $defaultAvatarProfilePath;
                     $this->avatarsCache['profile'][$userid]['avatarurl']['hascustom'] = 0;
                 } else {
                     if ($options['usefileavatar']) {
                         $avatarpathoption = substr($options['avatarpath'], 0, 2) == './' ? substr($options['avatarpath'], 2) : $options['avatarpath'];
                         $userAvatar = $avatarpathoption . "/{$user['filename']}";
                         $userThumb = $avatarpathoption . "/thumbs/{$user['filename']}";
                         if (file_exists(DIR . "/" . $userAvatar) and file_exists(DIR . "/" . $userThumb)) {
                             $this->avatarsCache['avatar'][$userid]['avatarurl']['avatarpath'] = $userAvatar;
                             $this->avatarsCache['thumb'][$userid]['avatarurl']['avatarpath'] = $userThumb;
                             $this->avatarsCache['profile'][$userid]['avatarurl']['avatarpath'] = $userAvatar;
                         } else {
                             $this->avatarsCache['avatar'][$userid]['avatarurl']['avatarpath'] = $defaultAvatarPath;
                             $this->avatarsCache['avatar'][$userid]['avatarurl']['hascustom'] = 0;
                             $this->avatarsCache['thumb'][$userid]['avatarurl']['avatarpath'] = $defaultAvatarThumbPath;
                             $this->avatarsCache['thumb'][$userid]['avatarurl']['hascustom'] = 0;
                             $this->avatarsCache['profile'][$userid]['avatarurl']['avatarpath'] = $defaultAvatarProfilePath;
                             $this->avatarsCache['profile'][$userid]['avatarurl']['hascustom'] = 0;
                         }
                     } else {
                         $add_session = (class_exists('vB5_Cookie') and vB5_Cookie::isEnabled()) ? '' : vB::getCurrentSession()->get('sessionurl');
                         $this->avatarsCache['avatar'][$userid]['avatarurl']['avatarpath'] = "image.php?" . $add_session . "userid={$userid}";
                         $this->avatarsCache['thumb'][$userid]['avatarurl']['avatarpath'] = "image.php?" . $add_session . "userid={$userid}&thumb=1";
                         $this->avatarsCache['profile'][$userid]['avatarurl']['avatarpath'] = "image.php?" . $add_session . "userid={$userid}&profile=1";
                         if (!empty($user['dateline'])) {
                             $this->avatarsCache['profile'][$userid]['avatarurl']['avatarpath'] .= '&dateline=' . $user['dateline'];
                             $this->avatarsCache['thumb'][$userid]['avatarurl']['avatarpath'] .= '&dateline=' . $user['dateline'];
                             $this->avatarsCache['avatar'][$userid]['avatarurl']['avatarpath'] .= '&dateline=' . $user['dateline'];
                         }
                     }
                 }
                 /* This code was used in vB3 & 4 to passback the avatar image sizes for use in the templates
                 			As far as I can tell, no vB5 templates make use of this, so I have commented it out for now */
                 //					if ($thumb)
                 //					{
                 //						if (isset($user['width_thumb']) AND isset($user['height_thumb']))
                 //						{
                 //							$avatarurl[] = " width=\"$user[width_thumb]\" height=\"$user[height_thumb]\" ";
                 //						}
                 //					}
                 //					else
                 //					{
                 //						if (isset($user['width']) AND isset($user['height']))
                 //						{
                 //							$avatarurl[] = " width=\"$user[width]\" height=\"$user[height]\" ";
                 //						}
                 //					}
             }
             //$this->avatarsCache[$typekey][$userid]['avatarurl'] = $avatarurl;
             $avatarsurl[$userid] = $this->avatarsCache[$typekey][$userid]['avatarurl'];
         }
     }
     if (!empty($cachedIds)) {
         foreach ($cachedIds as $uId => $avatarArray) {
             $avatarsurl[$uId] = $avatarArray['avatarurl'];
         }
     }
     return $avatarsurl;
 }
Exemplo n.º 5
0
function do_logout()
{
    $vbulletin = vB::get_registry();
    $userinfo = vB_Api::instance('user')->fetchUserInfo();
    $cleaned = vB::getCleaner()->cleanArray($_REQUEST, array('fr_username' => vB_Cleaner::TYPE_STR));
    if ($userinfo['userid'] < 1) {
        return json_error(ERR_NO_PERMISSION);
    }
    $tableinfo = $vbulletin->db->query_first("\n\t\tSHOW TABLES LIKE '" . TABLE_PREFIX . "forumrunner_push_users'\n\t\t");
    if ($tableinfo) {
        $vbulletin->db->query_write("\n\t\t\tDELETE FROM " . TABLE_PREFIX . "forumrunner_push_users\n\t\t\tWHERE fr_username = '******'fr_username']) . "' AND vb_userid = {$userinfo['userid']}\n\t\t\t");
    }
    vB_User::processLogout();
    //
    // Properly set cookies on logout
    //
    $login = array();
    $session = vB::getCurrentSession();
    $login['sessionhash'] = $session->get('sessionhash');
    $login['password'] = $session->get('password');
    $login['cpsession'] = $session->get('cpsession');
    $login['userid'] = $session->get('userid');
    vB5_Cookie::set('cpsession', $login['cpsession'], 30);
    vB5_Cookie::set('sessionhash', $login['sessionhash'], 30);
    vB5_Cookie::set('password', $login['password'], 30);
    vB5_Cookie::set('userid', $login['userid'], 30);
    return array('success' => true, 'requires_authentication' => requires_authentication());
}
Exemplo n.º 6
0
 /**
  * This handles all saves of social group data.
  */
 public function actionSocialgroup()
 {
     $fields = array('title', 'description', 'nodeid', 'filedataid', 'invite_usernames', 'parentid', 'invite_userids', 'group_type', 'viewperms', 'commentperms', 'moderate_topics', 'autoparselinks', 'disablesmilies', 'allow_post', 'approve_subscription', 'group_type');
     // forum options map
     $channelOpts = array('allowsmilies' => 'disablesmilies', 'allowposting' => 'allow_post');
     $input = array();
     foreach ($fields as $field) {
         if (isset($_POST[$field])) {
             $input[$field] = $_POST[$field];
         }
     }
     //If this is the "permission" step, we must pass the four checkboxes
     if (isset($_POST['next']) and $_POST['next'] == 'contributors') {
         foreach (array('moderate_comments', 'autoparselinks', 'disablesmilies', 'allow_post', 'approve_subscription', 'moderate_topics') as $field) {
             // channeloptions
             if ($idx = array_search($field, $channelOpts)) {
                 // some options means totally the oppositve than the bf when enable, tweak then
                 if (isset($_POST[$field])) {
                     $input['options'][$idx] = in_array($field, array('disablesmilies')) ? 0 : 1;
                 } else {
                     $input['options'][$idx] = in_array($field, array('disablesmilies')) ? 1 : 0;
                 }
             }
             if (!isset($_POST[$field])) {
                 $input[$field] = 0;
             }
         }
     }
     // default input values
     $input['displayorder'] = 1;
     $api = Api_InterfaceAbstract::instance();
     if (count($input) > 1) {
         if (!isset($input['nodeid']) or intval($input['nodeid']) == 0) {
             $nodeid = $api->callApi('socialgroup', 'createSocialGroup', array($input));
             $url = vB5_Template_Options::instance()->get('options.frontendurl') . '/sgadmin/create/settings';
             if (is_array($nodeid) and array_key_exists('errors', $nodeid)) {
                 $message = $api->callApi('phrase', 'fetch', array('phrases' => $nodeid['errors'][0][0]));
                 if (empty($message)) {
                     $message = $api->callApi('phrase', 'fetch', array('phrases' => 'pm_ajax_error_desc'));
                 }
                 vB5_ApplicationAbstract::handleFormError(array_pop($message), $url);
             }
             if (!is_numeric($nodeid) and !empty($nodeid['errors'])) {
                 $urlparams = array('sgaction' => 'create', 'action2' => 'settings');
                 $url = $api->callApi('route', 'getUrl', array('sgadmin', $urlparams, array()));
                 header('Location: ' . vB5_Template_Options::instance()->get('options.frontendurl') . $url);
                 vB5_Cookie::set('sgadmin_error', $nodeid['errors'][0][0]);
                 if (isset($input['title'])) {
                     vB5_Cookie::set('sg_title', $input['title']);
                 }
                 if (isset($input['description'])) {
                     vB5_Cookie::set('sg_description', $input['description']);
                 }
                 die;
             }
             if ($nodeid and !empty($nodeid['errors'])) {
                 $urlparams = array('sgaction' => 'create', 'action2' => 'settings');
                 $url = $api->callApi('route', 'getUrl', array('sgadmin', $urlparams, array()));
                 header('Location: ' . vB5_Template_Options::instance()->get('options.frontendurl') . $url);
                 vB5_Cookie::set('sgadmin_error', $nodeid['errors'][0][0]);
                 if (isset($input['title'])) {
                     vB5_Cookie::set('sg_title', $input['title']);
                 }
                 if (isset($input['description'])) {
                     vB5_Cookie::set('sg_description', $input['description']);
                 }
                 die;
             }
         } else {
             if (isset($input['invite_usernames']) and $input['nodeid']) {
                 $inviteUnames = explode(',', $input['invite_usernames']);
                 $inviteIds = isset($input['invite_userids']) ? $input['invite_userids'] : array();
                 $nodeid = $input['nodeid'];
                 $api->callApi('user', 'inviteMembers', array($inviteIds, $inviteUnames, $nodeid, 'sg_member_to'));
             } else {
                 $nodeid = $input['nodeid'];
                 unset($input['nodeid']);
                 $update = $api->callApi('content_channel', 'update', array($nodeid, $input));
                 // set group type nodeoptions
                 if (empty($update['errors']) and isset($input['group_type'])) {
                     $bitfields = array();
                     switch ($input['group_type']) {
                         case 2:
                             $bitfields['invite_only'] = 1;
                             $bitfields['approve_membership'] = 0;
                             break;
                         case 1:
                             $bitfields['invite_only'] = 0;
                             $bitfields['approve_membership'] = 0;
                             break;
                         default:
                             $bitfields['invite_only'] = 0;
                             $bitfields['approve_membership'] = 1;
                             break;
                     }
                     $api->callApi('node', 'setNodeOptions', array($nodeid, $bitfields));
                 }
                 //if this is for the permission page we handle differently
             }
         }
         //			set_exception_handler(array('vB5_ApplicationAbstract','handleException'));
         //
         //			if (!is_numeric($nodeid) AND !empty($nodeid['errors']))
         //			{
         //				throw new exception($nodeid['errors'][0][0]);
         //			}
     } else {
         if (isset($_POST['nodeid'])) {
             $nodeid = $_POST['nodeid'];
             if (isset($_POST['next']) and $_POST['next'] == 'contributors') {
                 $updates = array();
                 foreach (array('allow_post', 'moderate_comments', 'autoparselinks', 'disablesmilies', 'approve_subscription') as $bitfield) {
                     if (empty($_POST[$bitfield])) {
                         $updates[$bitfield] = 0;
                     } else {
                         $updates[$bitfield] = 1;
                     }
                 }
                 $api->callApi('node', 'setNodeOptions', array($nodeid, $updates));
                 $updates = array();
                 if (isset($_POST['viewperms'])) {
                     $updates['viewperms'] = $_POST['viewperms'];
                 }
                 if (isset($_POST['commentperms'])) {
                     $updates['commentperms'] = $_POST['commentperms'];
                 }
                 if (!empty($updates)) {
                     $results = $api->callApi('node', 'setNodePerms', array($nodeid, $updates));
                 }
             }
         } else {
             $nodeid = 0;
         }
     }
     //If the user clicked Next we go to the permissions page. Otherwise we go to the node.
     if (isset($_POST['btnSubmit'])) {
         if (isset($_POST['next'])) {
             $action2 = $_POST['next'];
         } else {
             $action2 = 'permissions';
         }
         if (isset($_POST['sgaction'])) {
             $sgaction = $_POST['sgaction'];
         } else {
             $sgaction = 'admin';
         }
         $urlparams = array('nodeid' => $nodeid, 'sgaction' => $sgaction, 'action2' => $action2);
         $url = $api->callApi('route', 'getUrl', array('sgadmin', $urlparams, array()));
     } else {
         $node = $api->callApi('node', 'getNode', array('nodeid' => $nodeid));
         $url = $api->callApi('route', 'getUrl', array($node['routeid'], array('nodeid' => $nodeid, 'title' => $node['title'], 'urlident' => $node['urlident']), array()));
     }
     header('Location: ' . vB5_Template_Options::instance()->get('options.frontendurl') . $url);
 }
Exemplo n.º 7
0
 /** 
  *	Checks whether a user with a specific birthday is COPPA
  **/
 public function actionIscoppa()
 {
     $vboptions = vB5_Template_Options::instance()->getOptions();
     $vboptions = $vboptions['options'];
     // Coppaage cookie
     if ($vboptions['usecoppa'] and $vboptions['checkcoppa']) {
         vB5_Cookie::set('coppaage', $_REQUEST['month'] . '-' . $_REQUEST['day'] . '-' . $_REQUEST['year'], 365, 0);
     }
     //Note that 0 = wide open
     // 1 means COPPA users (under 13) can register but need approval before posting
     // 2 means COPPA users cannot register
     $api = Api_InterfaceAbstract::instance();
     $coppa = $api->callApi('user', 'needsCoppa', array('data' => $_REQUEST));
     $this->sendAsJson(array('needcoppa' => $coppa));
 }
Exemplo n.º 8
0
 public function actionLogout()
 {
     $api = Api_InterfaceAbstract::instance();
     $api->callApi('user', 'logout', array($_REQUEST['logouthash']));
     //delete all cookies with cookiePrefix
     vB5_Cookie::deleteAll();
     // @todo: this should redirect the user back to where they were
     header('Location: ' . vB5_Template_Options::instance()->get('options.frontendurl'));
     exit;
 }
Exemplo n.º 9
0
function fr_parse_thread($node, $previewtype = 1)
{
    $userinfo = vB_Api::instance('user')->fetchUserInfo();
    $options = vB::get_datastore()->get_value('options');
    $topic = array('thread_id' => $node['nodeid'], 'thread_title' => html_entity_decode($node['title']), 'forum_id' => $node['parentid'], 'forum_title' => $node['content']['channeltitle'], 'post_username' => $node['userid'] > 0 ? $node['authorname'] : (string) new vB_Phrase('global', 'guest'), 'post_userid' => $node['userid'], 'post_lastposttime' => fr_date($node['lastupdate']), 'total_posts' => $node['textcount']);
    $did_lastcontent = false;
    if ($node['lastcontentid'] > 0 && $node['lastcontentid'] != $node['nodeid'] && $previewtype == 2) {
        $lastcontent = vB_Api::instance('node')->getFullContentforNodes(array($node['lastcontentid']));
        $lastcontent = $lastcontent[0];
        if ($lastcontent['parentid'] == $lastcontent['starter']) {
            if (in_array($lastcontent['content']['contenttypeclass'], array('Text', 'Photo', 'Link', 'Video'))) {
                $topic['post_userid'] = $node['lastauthorid'];
                $topic['post_username'] = $node['lastauthorid'] > 0 ? $node['lastcontentauthor'] : (string) new vB_Phrase('global', 'guest');
                $topic['thread_preview'] = make_preview($lastcontent['content']['rawtext']);
                if ($avatarurl = fr_find_avatarurl($lastcontent)) {
                    $topic['avatarurl'] = $options['bburl'] . '/' . $avatarurl;
                }
                $did_lastcontent = true;
            }
        }
    }
    if (!$did_lastcontent) {
        $topic['thread_preview'] = make_preview($node['content']['rawtext']);
        if ($avatarurl = fr_find_avatarurl($node)) {
            $topic['avatarurl'] = $options['bburl'] . '/' . $avatarurl;
        }
    }
    if ($options['threadmarking'] and $userinfo['userid']) {
        $userlastvisit = !empty($node['readtime']) ? $node['readtime'] : vB::getRequest()->getTimeNow() - $options['markinglimit'] * 86400;
    } else {
        $lastvisit = vB5_Cookie::get('lastvisit', vB5_Cookie::TYPE_UINT);
        $forumview = fr_fetch_bbarray_cookie('discussion-view', $node['nodeid']);
        //use which one produces the highest value, most likely cookie
        $userlastvisit = $forumview > $lastvisit ? $forumview : $lastvisit;
    }
    if (!empty($node['content']['prefix_plain'])) {
        $topic['prefix'] = $node['content']['prefix_plain'];
    }
    $topic['new_posts'] = 0;
    if ($node['lastupdate'] and $userlastvisit < $node['lastupdate']) {
        $topic['new_posts'] = 1;
    }
    return $topic;
}
Exemplo n.º 10
0
 public function index($pageid)
 {
     //the api init can redirect.  We need to make sure that happens before we echo anything
     $api = Api_InterfaceAbstract::instance();
     $top = '';
     // We should not cache register page for guest. See VBV-7695.
     if (vB5_Request::get('cachePageForGuestTime') > 0 and !vB5_User::get('userid') and (empty($_REQUEST['routestring']) or $_REQUEST['routestring'] != 'register' and $_REQUEST['routestring'] != 'lostpw')) {
         // languageid should be in the pagekey to fix VBV-8095
         $fullPageKey = 'vBPage_' . md5(serialize($_REQUEST)) . '_' . vB::getCurrentSession()->get('languageid');
         $styleid = vB5_Cookie::get('userstyleid', vB5_Cookie::TYPE_UINT);
         if (!empty($styleid)) {
             $fullPageKey .= '_' . $styleid;
         }
         $fullPage = vB_Cache::instance(vB_Cache::CACHE_LARGE)->read($fullPageKey);
         if (!empty($fullPage)) {
             echo $fullPage;
             exit;
         }
     }
     $preheader = vB5_ApplicationAbstract::getPreheader();
     $top .= $preheader;
     if (vB5_Request::get('useEarlyFlush')) {
         echo $preheader;
         flush();
     }
     $router = vB5_ApplicationAbstract::instance()->getRouter();
     $arguments = $router->getArguments();
     $userAction = $router->getUserAction();
     $pageKey = $router->getPageKey();
     $api->callApi('page', 'preload', array($pageKey));
     if (!empty($userAction)) {
         $api->callApi('wol', 'register', array($userAction['action'], $userAction['params'], $pageKey, vB::getRequest()->getScriptPath(), !empty($arguments['nodeid']) ? $arguments['nodeid'] : 0));
     }
     if (isset($arguments['pagenum'])) {
         $arguments['pagenum'] = intval($arguments['pagenum']) > 0 ? intval($arguments['pagenum']) : 1;
     }
     $pageid = (int) (isset($arguments['pageid']) ? $arguments['pageid'] : (isset($arguments['contentid']) ? $arguments['contentid'] : 0));
     if ($pageid < 1) {
         // @todo This needs to output a user-friendly "page not found" page
         throw new Exception('Could not find page.');
     }
     $page = $api->callApi('page', 'fetchPageById', array($pageid, $arguments));
     if (!$page) {
         // @todo This needs to output a user-friendly "page not found" page
         throw new Exception('Could not find page.');
     }
     // Go to the first new / unread post for this user in this topic
     if (!empty($_REQUEST['goto']) and $_REQUEST['goto'] == 'newpost' and !empty($arguments['nodeid']) and !empty($arguments['channelid'])) {
         if ($this->vboptions['threadmarking'] and vB5_User::get('userid')) {
             // Database read marking
             $channelRead = $api->callApi('node', 'getNodeReadTime', array($arguments['channelid']));
             $topicRead = $api->callApi('node', 'getNodeReadTime', array($arguments['nodeid']));
             $topicView = max($topicRead, $channelRead, time() - $this->vboptions['markinglimit'] * 86400);
         } else {
             // Cookie read marking
             $topicView = intval(vB5_Cookie::fetchBbarrayCookie('discussion_view', $arguments['nodeid']));
             if (!$topicView) {
                 $topicView = vB5_User::get('lastvisit');
             }
         }
         $topicView = intval($topicView);
         // Get the first unread reply
         $goToNodeId = $api->callApi('node', 'getFirstChildAfterTime', array($arguments['nodeid'], $topicView));
         if (empty($goToNodeId)) {
             $thread = $api->callApi('node', 'getNodes', array(array($arguments['nodeid'])));
             if (!empty($thread) and isset($thread[$arguments['nodeid']])) {
                 $goToNodeId = $thread[$arguments['nodeid']]['lastcontentid'];
             }
         }
         if ($goToNodeId) {
             // Redirect to the new post
             $urlCache = vB5_Template_Url::instance();
             $urlKey = $urlCache->register($router->getRouteId(), array('nodeid' => $arguments['nodeid']), array('p' => $goToNodeId));
             $replacements = $urlCache->finalBuildUrls(array($urlKey));
             $url = $replacements[$urlKey];
             if ($url) {
                 $url .= '#post' . $goToNodeId;
                 if (headers_sent()) {
                     echo '<script type="text/javascript">window.location = "' . $url . '";</script>';
                 } else {
                     header('Location: ' . $url);
                 }
                 exit;
             }
         }
     }
     $page['routeInfo'] = array('routeId' => $router->getRouteId(), 'arguments' => $arguments, 'queryParameters' => $router->getQueryParameters());
     $page['crumbs'] = $router->getBreadcrumbs();
     $page['headlinks'] = $router->getHeadLinks();
     $page['pageKey'] = $pageKey;
     // default value for pageSchema
     $page['pageSchema'] = 'http://schema.org/WebPage';
     $queryParameters = $router->getQueryParameters();
     /*
      *	VBV-12506
      *	this is where we would add other things to clean up dangerous query params.
      *	For VBV-12486, I'll just unset anything here that can't use vb:var in the templates,
      *	but really we should just make a whitelist of expected page object parameters that
      *	come from the query string and unset EVERYTHING else. For the expected ones, we
      *	should also force the value into the expected (and hopefully safer) range
      */
     /*
      *	VBV-12506
      *	$doNotReplaceWithQueryParams is a list of parameters that the page object usually
      *	gets naturally/internally, and we NEVER want to replace with a user provided query
      *	parameter. (In fact, *when* exactly DO we want to do this???)
      *	If we don't do this, it's a potential XSS vulnerability for the items that we
      *	cannot send through vb:var for whatever reason (title for ex)
      * 	and even if they *are* sent through vb:var, the replacements can sometimes just
      *	break the page even when it's sent through vb:var (for example, ?pagetemplateid=%0D,
      *	the new line this inserts in var pageData = {...} in the header template tends to
      *	break things (tested on Chrome).
      *	Furthermore, any script that uses the pageData var would get the user injected data
      *	that might cause more problems down the line.
      *	Parameter Notes:
      *		'titleprefix'
      *			As these two should already be html escaped, we don't want to double escape
      *			them. So we can't us vb:var in the templates. As such, we must prevent a
      *			malicious querystring from being injected into the page object here.
      *		'title'
      *			Similar to above, but channels are allowed to have HTML in the title, so
      *			they are intentinoally not escaped in the DB, and the templates can't use
      *			vb:var.
      *		'pageid', 'channelid', 'nodeid'
      *			These are usually set in the arguments, so the array_merge below usually
      *			takes care of not passing a pageid query string through to the page object,
      *			but I'm leaving them in just in case.
      */
     $doNotReplaceWithQueryParams = array('titleprefix', 'title', 'pageid', 'channelid', 'nodeid', 'pagetemplateid', 'url', 'pagenum', 'tagCloudTitle');
     foreach ($doNotReplaceWithQueryParams as $key) {
         unset($queryParameters[$key]);
     }
     $arguments = array_merge($queryParameters, $arguments);
     foreach ($arguments as $key => $value) {
         $page[$key] = $value;
     }
     $options = vB5_Template_Options::instance();
     $page['phrasedate'] = $options->get('miscoptions.phrasedate');
     $page['optionsdate'] = $options->get('miscoptions.optionsdate');
     // if no meta description, use node data or global one instead, prefer node data
     if (empty($page['metadescription']) and !empty($page['nodedescription'])) {
         $page['metadescription'] = $page['nodedescription'];
     }
     if (empty($page['metadescription'])) {
         $page['metadescription'] = $options->get('options.description');
     }
     $config = vB5_Config::instance();
     // Non-persistent notices @todo - change this to use vB_Cookie
     $page['ignore_np_notices'] = vB5_ApplicationAbstract::getIgnoreNPNotices();
     $templateCache = vB5_Template_Cache::instance();
     $templater = new vB5_Template($page['screenlayouttemplate']);
     //IMPORTANT: If you add any variable to the page object here,
     // please make sure you add them to other controllers which create page objects.
     // That includes at a minimum the search controller (in two places currently)
     // and vB5_ApplicationAbstract::showErrorPage
     $templater->registerGlobal('page', $page);
     $page = $this->outputPage($templater->render(), false);
     $fullPage = $top . $page;
     if (!empty($fullPageKey) and is_string($fullPageKey)) {
         vB_Cache::instance(vB_Cache::CACHE_LARGE)->write($fullPageKey, $fullPage, vB5_Request::get('cachePageForGuestTime'), 'vbCachedFullPage');
     }
     // these are the templates rendered for this page
     $loadedTemplates = vB5_Template::getRenderedTemplates();
     $api->callApi('page', 'savePreCacheInfo', array($pageKey));
     if (!vB5_Request::get('useEarlyFlush')) {
         echo $fullPage;
     } else {
         echo $page;
     }
 }
Exemplo n.º 11
0
 function forumrunner_request($default)
 {
     define('MCWD', DIR . '/packages/forumrunner');
     define('IN_FRNR', true);
     header('Content-type: application/json');
     if (isset($_REQUEST['d'])) {
         error_reporting(E_ALL);
     } else {
         error_reporting(0);
     }
     require_once MCWD . '/version.php';
     require_once MCWD . '/support/utils.php';
     require_once MCWD . '/support/JSON.php';
     require_once MCWD . '/include/general_vb.php';
     if (file_exists(MCWD . '/branded.php')) {
         require_once MCWD . '/branded.php';
     }
     $processed = process_input(array('cmd' => STRING, 'frv' => STRING, 'frp' => STRING));
     if (!$processed['cmd']) {
         return json_error(ERR_NO_PERMISSION);
     }
     $frcl_version = '1.3.3';
     $frcl_platform = 'ip';
     if (isset($processed['frv'])) {
         $frcl_version = $processed['frv'];
     }
     if (isset($processed['frp'])) {
         $frcl_platform = $processed['frp'];
     }
     require_once MCWD . '/support/common_methods.php';
     require_once MCWD . '/support/vbulletin_methods.php';
     if (file_exists(MCWD . '/support/other_methods.php')) {
         require_once MCWD . '/support/other_methods.php';
     }
     $json = new Services_JSON();
     if (!isset($methods[$processed['cmd']])) {
         return json_error(ERR_NO_PERMISSION);
     }
     if ($methods[$processed['cmd']]['include']) {
         require_once MCWD . '/include/' . $methods[$processed['cmd']]['include'];
     }
     if (isset($_REQUEST['d'])) {
         error_reporting(E_ALL);
     }
     $out = call_user_func($methods[$processed['cmd']]['function']);
     if (is_string($out)) {
         return $out;
     } else {
         if (is_array($out)) {
             $data = $out;
         } else {
             if (is_bool($out) && $out) {
                 $data = array('success' => true);
             } else {
                 return json_error(ERR_NO_PERMISSION);
             }
         }
     }
     // If we're here, we have success!
     $json_out = array();
     $json_out['success'] = true;
     $json_out['data'] = $data;
     $json_out['ads'] = fr_show_ad();
     $userinfo = vB_Api::instance('user')->fetchUserInfo();
     // Return Unread PM/Subscribed Threads count
     if ($userinfo['userid'] > 0 && $processed['cmd'] != 'get_new_updates' && $processed['cmd'] != 'logout' && $processed['cmd'] != 'login') {
         if ($userinfo['userid'] > 0) {
             $json_out['pm_notices'] = get_pm_unread();
             $json_out['sub_notices'] = get_sub_thread_updates();
         }
     }
     vB5_Cookie::set('lastvisit', vB::getRequest()->getTimeNow(), 365, true);
     return $json->encode($json_out);
 }
Exemplo n.º 12
0
 protected static function loadConfig()
 {
     if (self::$cookiePrefix !== null) {
         return;
     }
     $config = vB5_Config::instance();
     // these could potentially all be config options
     self::$enabled = $config->cookie_enabled !== false;
     self::$cookiePrefix = $config->cookie_prefix;
     $options = vB5_Template_Options::instance();
     self::$path = $options->get('options.cookiepath');
     self::$domain = $options->get('options.cookiedomain');
     self::$secure = ((isset($_SERVER['SERVER_PORT']) and 443 === intval($_SERVER['SERVER_PORT']) or isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] and $_SERVER['HTTPS'] != 'off') and (isset($url['scheme']) and $url['scheme'] == 'https'));
 }
Exemplo n.º 13
0
function fr_get_and_parse_forum($forumid, $foruminfo = false)
{
    $userinfo = vB_Api::instance('user')->fetchUserInfo();
    $options = vB::get_datastore()->get_value('options');
    if (!$foruminfo) {
        $foruminfo = vB_Api::instance('node')->getFullContentforNodes(array($forumid));
        if (empty($foruminfo)) {
            return null;
        }
        $foruminfo = $foruminfo[0];
    }
    if (!$foruminfo) {
        return null;
    }
    $type = 'old';
    if ($options['threadmarking'] and $userinfo['userid']) {
        $userlastvisit = !empty($foruminfo['readtime']) ? $foruminfo['readtime'] : vB::getRequest()->getTimeNow() - $options['markinglimit'] * 86400;
    } else {
        $lastvisit = vB5_Cookie::get('lastvisit', vB5_Cookie::TYPE_UINT);
        $forumview = fr_fetch_bbarray_cookie('channel_view', $foruminfo['nodeid']);
        //use which one produces the highest value, most likely cookie
        $userlastvisit = $forumview > $lastvisit ? $forumview : $lastvisit;
    }
    if ($foruminfo['lastcontent'] and $userlastvisit < $foruminfo['lastcontent']) {
        $type = 'new';
    } else {
        $type = 'old';
    }
    $out = array('id' => $foruminfo['nodeid'], 'new' => $type == 'new' ? true : false, 'name' => html_entity_decode(strip_tags($foruminfo['title'])), 'password' => false);
    $icon = fr_get_forum_icon($foruminfo['nodeid'], $foruminfo == 'new');
    if ($icon) {
        $out['icon'] = $icon;
    }
    if ($foruminfo['description'] != '') {
        $desc = strip_tags($foruminfo['description']);
        if (strlen($desc) > 0) {
            $out['desc'] = $desc;
        }
    }
    return $out;
}
Exemplo n.º 14
0
 public function init()
 {
     if ($this->initialized) {
         return true;
     }
     //initialize core
     $core_path = vB5_Config::instance()->core_path;
     require_once $core_path . '/vb/vb.php';
     vB::init();
     $request = new vB_Request_WebApi();
     vB::setRequest($request);
     // When we reach here, there's no user information loaded. What we can do is trying to load language from cookies.
     // Shouldn't use vB5_User::getLanguageId() as it will try to load userinfo from session
     $languageid = vB5_Cookie::get('languageid', vB5_Cookie::TYPE_UINT);
     if ($languageid) {
         $request->setLanguageid($languageid);
     }
     $sessionhash = vB5_Cookie::get('sessionhash', vB5_Cookie::TYPE_STRING);
     $restoreSessionInfo['userid'] = vB5_Cookie::get('userid', vB5_Cookie::TYPE_STRING);
     $restoreSessionInfo['remembermetoken'] = vB5_Cookie::get('password', vB5_Cookie::TYPE_STRING);
     $remembermetokenOrig = $restoreSessionInfo['remembermetoken'];
     $retry = false;
     if ($restoreSessionInfo['remembermetoken'] == 'facebook-retry') {
         $restoreSessionInfo['remembermetoken'] = 'facebook';
         $retry = true;
     }
     //We normally don't allow the use of the backend classes in the front end, but the
     //rules are relaxed inside the api class and especially in the bootstrap dance of getting
     //things set up.  Right now getting at the options in the front end is nasty, but I don't
     //want the backend dealing with cookies if I can help it (among other things it makes
     //it nasty to handle callers of the backend that don't have cookies).  But we need
     //so information to determine what the cookie name is.  This is the least bad way
     //of handling things.
     $options = vB::getDatastore()->getValue('options');
     if ($options['facebookactive'] and $options['facebookappid']) {
         //this is not a vB cookie so it doesn't use our prefix -- which the cookie class adds automatically
         $cookie_name = 'fbsr_' . $options['facebookappid'];
         $restoreSessionInfo['fb_signed_request'] = isset($_COOKIE[$cookie_name]) ? strval($_COOKIE[$cookie_name]) : '';
     }
     $session = $request->createSessionNew($sessionhash, $restoreSessionInfo);
     if ($session['sessionhash'] !== $sessionhash) {
         vB5_Cookie::set('sessionhash', $session['sessionhash'], 0, true);
     }
     //redirect to handle a stale FB cookie when doing a FB "remember me".
     //only do it once to prevent redirect loops -- don't try this with
     //posts since we'd lose the post data in that case
     //
     //Some notes on the JS code (don't want them in the JS inself to avoid
     //increasing what gets sent to the browser).
     //1) This code is deliberately designed to avoid using subsystems that
     //	would increase the processing time for something that doesn't need it
     //	(we even avoid initializing JQUERY here).  This is the reason it is
     //	inline and not in a template.
     //2) The code inits the FB system which will create update the cookie
     //	if it is able to validate the user.  The cookie is what we are after.
     //	We use getLoginStatus instead of setting status to true because
     //	the latter introduces a race condition were we can do the redirect
     //	before the we've fully initialized and updated the cookie.  The
     //	explicit call to getLoginStatus allows us to redirect when the
     //	status is obtained.
     //3) If we fail to update the cookie we catch that when we try to
     //	create the vb session (which is why we only allow one retry)
     //4) The JS here should *never* prompt the user, assuming the FB
     //	docs are correct.
     //5) If the FB version is changed it needs to changed in the
     //	FB library class and the facebook.js file
     if (strtolower($_SERVER['REQUEST_METHOD']) == 'get' and vB::getCurrentSession()->get('userid') == 0 and $options['facebookactive'] and $options['facebookappid'] and $restoreSessionInfo['remembermetoken'] == 'facebook') {
         if (!$retry) {
             //if this isn't a retry, then do a redirect
             vB5_Auth::setRememberMeCookies('facebook-retry', $restoreSessionInfo['userid']);
             $fbredirect = "\n\t\t\t\t\t<!DOCTYPE html>\n\t\t\t\t\t<html>\n\t\t\t\t\t<head>\n\t\t\t\t\t\t<script type='text/javascript' src='//connect.facebook.net/en_US/sdk.js'></script>\n\t\t\t\t\t\t<script type='text/javascript'>\n\t\t\t\t\t\t\tFB.init({\n\t\t\t\t\t\t\t\tappId   : '{$options['facebookappid']}',\n\t\t\t\t\t\t\t\tversion : 'v2.2',\n\t\t\t\t\t\t\t\tstatus  : false,\n\t\t\t\t\t\t\t\tcookie  : true,\n\t\t\t\t\t\t\t\txfbml   : false\n\t\t\t\t\t\t\t});\n\n\t\t\t\t\t\t\tFB.getLoginStatus(function(response)\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\twindow.top.location.reload(true);\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t</script>\n\t\t\t\t\t</head>\n\t\t\t\t\t<body></body>\n\t\t\t\t\t</html>\n\t\t\t\t";
             echo $fbredirect;
             exit;
         } else {
             //we tried and failed to log in via FB.  That probably means that the user
             //is logged out of facebook.  Let's kill the autolog in so that we stop
             //trying to connect via FB
             vB5_Auth::setRememberMeCookies('', '');
         }
     }
     //if we have an existing token and if we got a token back from the session that is different then we
     //need to update the token in the browser.  We shouldn't get a token back if we didn't pass one in but
     //we shouldn't depend on that behavior.
     if ($session['remembermetoken'] and $session['remembermetoken'] != $remembermetokenOrig) {
         vB5_Auth::setRememberMeCookies($session['remembermetoken'], $restoreSessionInfo['userid']);
     }
     // Try to set cpsession hash to session object if exists
     vB::getCurrentSession()->setCpsessionHash(vB5_Cookie::get('cpsession', vB5_Cookie::TYPE_STRING));
     // Update lastvisit/lastactivity
     $info = vB::getCurrentSession()->doLastVisitUpdate(vB5_Cookie::get('lastvisit', vB5_Cookie::TYPE_UINT), vB5_Cookie::get('lastactivity', vB5_Cookie::TYPE_UINT));
     if (!empty($info)) {
         // for guests we need to set some cookies
         if (isset($info['lastvisit'])) {
             vB5_Cookie::set('lastvisit', $info['lastvisit']);
         }
         if (isset($info['lastactivity'])) {
             vB5_Cookie::set('lastactivity', $info['lastactivity']);
         }
     }
     $this->initialized = true;
 }
Exemplo n.º 15
0
 public static function setRememberMeCookies($rememberMeToken, $userid)
 {
     vB5_Cookie::set('password', $rememberMeToken, 30);
     vB5_Cookie::set('userid', $userid, 30);
 }