/** * Handles setting adding a newly created session to the request object * * Adds the session to the request * Sets the session language to the request langauge if we have one * Registers the session with the vB class * * @param vB_Session $session */ protected function setSession($session) { $this->session = $session; if ($this->languageid) { $this->session->set('languageid', $this->languageid); } vB::setCurrentSession($this->session); }
/** * Constructor - Checks for necessity of registry object * * Note that this method will accept only the $errtype parameter (via some magic checking of the parameters) * and this is the preferred way of calling the datamanager functions. The registry object is deprecated * and will be created internally for those managers that still need it. * * @param vB_Registry $registry -- Instance of the vBulletin data registry object - expected to have the * database object as one of its $this->db member. * @param integer $errtype --One of the ERRTYPE_x constants */ public function __construct($registry = NULL, $errtype = NULL) { if (is_object($registry)) { $this->registry =& $registry; } else { if ($this->needRegistry) { $this->registry = vB::get_registry(); } } if (is_int($registry) and $errtype === NULL) { //This allows us to function as either vb3/4 style with $vbulletin, // or vb5-style with no global variables $errtype = $registry; } else { if ($errtype === NULL) { $errtype = vB_DataManager_Constants::ERRTYPE_STANDARD; } } $this->assertor = vB::getDbAssertor(); $this->session = vB::getCurrentSession(); $this->userinfo = $this->session->fetch_userinfo(); $this->datastore = vB::getDatastore(); $this->options = $this->datastore->get_value('options'); $this->setErrorHandler($errtype); if (is_array($this->bitfields)) { foreach ($this->bitfields as $key => $val) { //set this to bitfields array directly and unset if bad. if we try to set this to a interim //variable we end up getting the references crossed so that every element of the array is //the same as the last value loaded (this is a bit of a problem). We could not use references //but I'd like to avoid copying static arrays more than I need to. $this->bitfields["{$key}"] = $this->datastore->get_value($val); if (!$this->bitfields["{$key}"]) { unset($this->bitfields["{$key}"]); trigger_error("Please check the <em>\$bitfields</em> array in the <strong>" . get_class($this) . "</strong> class definition - <em>\$vbulletin->{$val}</em> is not a valid bitfield.<br />", E_USER_ERROR); } } } /* Legacy Hook $this->hook_start Removed */ }
public function __construct(&$dBAssertor, &$datastore, &$config, $styleid = 0, $languageid = 0) { parent::__construct($dBAssertor, $datastore, $config, '', array(), $styleid, $languageid); }
function process_logout() { global $vbulletin; // clear all cookies beginning with COOKIE_PREFIX $prefix_length = strlen(COOKIE_PREFIX); foreach ($_COOKIE AS $key => $val) { $index = strpos($key, COOKIE_PREFIX); if ($index == 0 AND $index !== false) { $key = substr($key, $prefix_length); if (trim($key) == '') { continue; } // vbsetcookie will add the cookie prefix vbsetcookie($key, '', 1); } } if ($vbulletin->userinfo['userid'] AND $vbulletin->userinfo['userid'] != -1) { // init user data manager $userdata =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT); $userdata->set_existing($vbulletin->userinfo); $userdata->set('lastactivity', TIMENOW - $vbulletin->options['cookietimeout']); $userdata->set('lastvisit', TIMENOW); $userdata->save(); // make sure any other of this user's sessions are deleted (in case they ended up with more than one) $vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "session WHERE userid = " . $vbulletin->userinfo['userid']); } $vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "session WHERE sessionhash = '" . $vbulletin->db->escape_string($vbulletin->session->vars['dbsessionhash']) . "'"); if ($vbulletin->session->created == true) { // if we just created a session on this page, there's no reason not to use it $newsession = $vbulletin->session; } else { $newsession = new vB_Session($vbulletin, '', 0, '', $vbulletin->session->vars['styleid']); } $newsession->set('userid', 0); $newsession->set('loggedin', 0); $newsession->set_session_visibility(($vbulletin->superglobal_size['_COOKIE'] > 0)); $vbulletin->session =& $newsession; ($hook = vBulletinHook::fetch_hook('logout_process')) ? eval($hook) : false; }
public function saveForTesting() { parent::save(); }
public static function processLogout() { global $vbulletin; $assertor = vB::getDbAssertor(); $userinfo = vB::getCurrentSession()->fetch_userinfo(); $timeNow = vB::getRequest()->getTimeNow(); $options = vB::getDatastore()->get_value('options'); $session = vB::getCurrentSession(); if ($userinfo['userid'] and $userinfo['userid'] != -1) { // init user data manager $userdata = new vB_Datamanager_User(vB_DataManager_Constants::ERRTYPE_SILENT); $userdata->set_existing($userinfo); $userdata->set('lastactivity', $timeNow - $options['cookietimeout']); $userdata->set('lastvisit', $timeNow); $userdata->save(); if (!defined('VB_API')) { $assertor->delete('session', array('userid' => $userinfo['userid'], 'apiaccesstoken' => null)); $assertor->delete('cpsession', array('userid' => $userinfo['userid'])); } } $assertor->delete('session', array('sessionhash' => $session->get('dbsessionhash'))); // Remove accesstoken from apiclient table so that a new one will be generated if (defined('VB_API') and VB_API === true and $vbulletin->apiclient['apiclientid']) { $assertor->update('apiclient', array('apiaccesstoken' => '', 'userid' => 0), array('apiclientid' => intval($vbulletin->apiclient['apiclientid']))); $vbulletin->apiclient['apiaccesstoken'] = ''; } if ($vbulletin->session->created == true and (!defined('VB_API') or !VB_API)) { // if we just created a session on this page, there's no reason not to use it $newsession = $vbulletin->session; } else { // API should always create a new session here to generate a new accesstoken $newsession = vB_Session::getNewSession(vB::getDbAssertor(), vB::getDatastore(), vB::getConfig(), '', 0, '', vB::getCurrentSession()->get('styleid')); } $newsession->set('userid', 0); $newsession->set('loggedin', 0); $vbulletin->session =& $newsession; $result = array(); $result['sessionhash'] = $newsession->get('dbsessionhash'); $result['apiaccesstoken'] = $newsession->get('apiaccesstoken'); if (defined('VB_API') and VB_API === true) { if ($_REQUEST['api_c']) { $assertor->update('apiclient', array('apiaccesstoken' => $result['apiaccesstoken'], 'userid' => 0), array('apiclientid' => intval($_REQUEST['api_c']))); } } return $result; }
/** * * @param vB_Session $session */ public static function setCurrentSession(vB_Session $session) { if (self::$currentSession !== null) { //if we are changing to a new user, let's reload the permissions. It may be slower, but it should //be safer and shouldn't be that common. unset(self::$usercontexts[$session->get('userid')]); } self::$currentSession =& $session; // this should be the ONLY way of setting $vbulletin->session and $vbulletin->userinfo attributes // old code may set attributes inside session and userinfo, but as we have references the session object should be updated as well $vbulletin =& self::get_registry(); $vbulletin->session =& $session; $vbulletin->userinfo =& $session->fetch_userinfo(); }
function process_logout() { global $vbulletin; // clear all cookies beginning with COOKIE_PREFIX $prefix_length = strlen(COOKIE_PREFIX); foreach ($_COOKIE as $key => $val) { $index = strpos($key, COOKIE_PREFIX); if ($index == 0 and $index !== false) { $key = substr($key, $prefix_length); if (trim($key) == '') { continue; } // vbsetcookie will add the cookie prefix vbsetcookie($key, '', 1); } } if ($vbulletin->userinfo['userid'] and $vbulletin->userinfo['userid'] != -1) { // init user data manager $userdata =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT); $userdata->set_existing($vbulletin->userinfo); $userdata->set('lastactivity', TIMENOW - $vbulletin->options['cookietimeout']); $userdata->set('lastvisit', TIMENOW); $userdata->save(); // make sure any other of this user's sessions are deleted (in case they ended up with more than one) $vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "session WHERE userid = " . $vbulletin->userinfo['userid']); } $vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "session WHERE sessionhash = '" . $vbulletin->db->escape_string($vbulletin->session->vars['dbsessionhash']) . "'"); // Remove accesstoken from apiclient table so that a new one will be generated if (defined('VB_API') and VB_API === true and $vbulletin->apiclient['apiclientid']) { $vbulletin->db->query_write("UPDATE " . TABLE_PREFIX . "apiclient SET apiaccesstoken = '', userid = 0\n\t\t\tWHERE apiclientid = " . intval($vbulletin->apiclient['apiclientid'])); $vbulletin->apiclient['apiaccesstoken'] = ''; } if ($vbulletin->session->created == true and !VB_API) { // if we just created a session on this page, there's no reason not to use it $newsession = $vbulletin->session; } else { // API should always create a new session here to generate a new accesstoken $newsession = new vB_Session($vbulletin, '', 0, '', $vbulletin->session->vars['styleid']); } $newsession->set('userid', 0); $newsession->set('loggedin', 0); $newsession->set_session_visibility($vbulletin->superglobal_size['_COOKIE'] > 0); $vbulletin->session =& $newsession; ($hook = vBulletinHook::fetch_hook('logout_process')) ? eval($hook) : false; }
vbsetcookie('skipmobilestyle', 1); $vbulletin->GPC[COOKIE_PREFIX . 'skipmobilestyle'] = 1; } elseif (isset($vbulletin->options['mobilestyleid_advanced']) and $styleid == $vbulletin->options['mobilestyleid_advanced'] or isset($vbulletin->options['mobilestyleid_basic']) and $styleid == $vbulletin->options['mobilestyleid_basic']) { vbsetcookie('skipmobilestyle', 0); $vbulletin->GPC[COOKIE_PREFIX . 'skipmobilestyle'] = 0; } } elseif ($mobile_browser_advanced && $vbulletin->options['mobilestyleid_advanced'] && !$vbulletin->GPC[COOKIE_PREFIX . 'skipmobilestyle']) { $styleid = $vbulletin->options['mobilestyleid_advanced']; } elseif ($mobile_browser && $vbulletin->options['mobilestyleid_basic'] && !$vbulletin->GPC[COOKIE_PREFIX . 'skipmobilestyle']) { $styleid = $vbulletin->options['mobilestyleid_basic']; } elseif ($vbulletin->GPC[COOKIE_PREFIX . 'userstyleid']) { $styleid = $vbulletin->GPC[COOKIE_PREFIX . 'userstyleid']; } else { $styleid = 0; } $session = vB_Session::getNewSession(vB::getDbAssertor(), vB::getDatastore(), vB::getConfig(), $sessionhash, $vbulletin->GPC[COOKIE_PREFIX . 'userid'], $vbulletin->GPC[COOKIE_PREFIX . 'password'], $styleid, $languageid); vB::setCurrentSession($session); //needs to go after the session // fetch url of referring page after we have access to vboptions['forumhome'] $vbulletin->url = $vbulletin->input->fetch_url(); define('REFERRER_PASSTHRU', $vbulletin->url); // conditional used in templates to hide things from search engines. $show['search_engine'] = preg_match("#(google|msnbot|yahoo! slurp)#si", $_SERVER['HTTP_USER_AGENT']); $vbulletin->session->doLastVisitUpdate($vbulletin->GPC[COOKIE_PREFIX . 'lastvisit'], $vbulletin->GPC[COOKIE_PREFIX . 'lastactivity']); // Because of Signature Verification, VB API won't need to verify securitytoken // CSRF Protection for POST requests if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST' and !VB_API) { if (empty($_POST) and isset($_SERVER['CONTENT_LENGTH']) and $_SERVER['CONTENT_LENGTH'] > 0) { die('The file(s) uploaded were too large to process.'); } if ($vbulletin->userinfo['userid'] > 0 and defined('CSRF_PROTECTION') and CSRF_PROTECTION === true) {
protected function __construct(&$dBAssertor, &$datastore, &$config, $sessionhash = '', $restoreSessionInfo = array(), $styleid = 0, $languageid = 0) { parent::__construct($dBAssertor, $datastore, $config, $sessionhash, $restoreSessionInfo, $styleid, $languageid); }
protected function fetch_session($userid = 0) { $session = parent::fetch_session($userid); if ($this->apiclient['apiaccesstoken']) { // Access Token is valid here because it's validated in init.php $accesstoken = $this->apiclient['apiaccesstoken']; } else { // Generate an accesstoken $accesstoken = fetch_random_string(); $this->apiclient['apiaccesstoken'] = $accesstoken; } $session['apiaccesstoken'] = $accesstoken; if ($this->apiclient['apiclientid']) { $session['apiclientid'] = intval($this->apiclient['apiclientid']); // Save accesstoken to apiclient table $this->dBAssertor->update('apiclient', array('apiaccesstoken' => $accesstoken, 'lastactivity' => TIMENOW), array('apiclientid' => $session['apiclientid'])); } return $session; }