/**
* Checks the state of the request to make sure that it's valid and that
* we have the necessary permissions to continue. Checks things like
* CSRF and banning.
*/
public function check_state()
{
global $vbulletin, $show, $VB_API_REQUESTS;
if (defined('CSRF_ERROR')) {
define('VB_ERROR_LITE', true);
$ajaxerror = $vbulletin->GPC['ajax'] ? '_ajax' : '';
switch (CSRF_ERROR) {
case 'missing':
standard_error(fetch_error('security_token_missing'));
break;
case 'guest':
standard_error(fetch_error('security_token_guest' . $ajaxerror));
break;
case 'timeout':
standard_error(fetch_error('security_token_timeout' . $ajaxerror));
break;
case 'invalid':
default:
standard_error(fetch_error('security_token_invalid'));
}
exit;
}
// #############################################################################
// check to see if server is too busy. this is checked at the end of session.php
if ($this->server_overloaded() and !($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) and THIS_SCRIPT != 'login') {
standard_error(fetch_error('toobusy'));
}
// #############################################################################
// check that board is active - if not admin, then display error
if (!defined('BYPASS_FORUM_DISABLED') and !$vbulletin->options['bbactive'] and !in_array(THIS_SCRIPT, array('login', 'css')) and !($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])) {
if (defined('DIE_QUIETLY')) {
exit;
}
if (defined('VB_API') and VB_API === true) {
standard_error(fetch_error('bbclosed', $vbulletin->options['bbclosedreason']));
} else {
// If this is a post submission from an admin whose session timed out, give them a chance to log back in and save what they were working on. See bug #34258
if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST' and !empty($_POST) and !$vbulletin->userinfo['userid'] and !empty($_COOKIE[COOKIE_PREFIX . 'cpsession'])) {
define('VB_ERROR_PERMISSION', true);
}
$show['enableforumjump'] = true;
unset($vbulletin->db->shutdownqueries['lastvisit']);
// unregister in the assertor
vB::getDbAssertor()->unregisterShutdownQuery('lastvisit');
require_once DIR . '/includes/functions_misc.php';
eval('standard_error("' . make_string_interpolation_safe(str_replace("\\'", "'", addslashes($vbulletin->options['bbclosedreason']))) . '");');
}
}
// #############################################################################
// password expiry system
if ($vbulletin->userinfo['userid'] and $vbulletin->userinfo['permissions']['passwordexpires']) {
$passworddaysold = floor((TIMENOW - $vbulletin->userinfo['passworddate']) / 86400);
if ($passworddaysold >= $vbulletin->userinfo['permissions']['passwordexpires']) {
if (THIS_SCRIPT != 'login' and THIS_SCRIPT != 'profile' and THIS_SCRIPT != 'ajax' or THIS_SCRIPT == 'profile' and $_REQUEST['do'] != 'editpassword' and $_POST['do'] != 'updatepassword' or THIS_SCRIPT == 'ajax' and $_REQUEST['do'] != 'imagereg' and $_REQUEST['do'] != 'securitytoken' and $_REQUEST['do'] != 'dismissnotice') {
standard_error(fetch_error('passwordexpired', $passworddaysold, vB::getCurrentSession()->get('sessionurl')));
} else {
$show['passwordexpired'] = true;
}
}
} else {
$show['passwordexpired'] = false;
}
// #############################################################################
// check required profile fields
if (vB::getCurrentSession()->get('profileupdate') and THIS_SCRIPT != 'login' and THIS_SCRIPT != 'profile' and !VB_API and !vB::getUserContext()->isAdministrator()) {
standard_error(fetch_error('updateprofilefields', vB::getCurrentSession()->get('sessionurl')));
}
// #############################################################################
// check permission to view forum
if (!$this->has_global_view_permission()) {
if (defined('DIE_QUIETLY')) {
exit;
} else {
print_no_permission();
}
}
// #############################################################################
// check for IP ban on user
verify_ip_ban();
// Legacy Hook 'global_state_check' Removed //
}
{
exec_header_redirect($vbulletin->options['bburl'] . '/' . $vbulletin->options['forumhome'] . '.php' . $vbulletin->session->vars['sessionurl_q']);
}
// if password is expired, deny access
if ($vbulletin->userinfo['userid'] AND $permissions['passwordexpires'])
{
$passworddaysold = floor((TIMENOW - $vbulletin->userinfo['passworddate']) / 86400);
if ($passworddaysold >= $permissions['passwordexpires'])
{
exec_header_redirect($vbulletin->options['bburl'] . '/' . $vbulletin->options['forumhome'] . '.php' . $vbulletin->session->vars['sessionurl_q']);
}
}
verify_ip_ban();
$cache_templates = array('ad_archive_above_content1', 'ad_archive_above_content2', 'ad_archive_below_content');
($hook = vBulletinHook::fetch_hook('archive_global')) ? eval($hook) : false;
cache_templates($cache_templates, $style['templatelist']);
unset($cache_templates);
// #########################################################################################
// ###################### ARCHIVE FUNCTIONS ################################################
// function to list forums in their correct order and nesting
function print_archive_forum_list($parentid = -1, $indent = '')
{
global $vbulletin;
/**
* Checks the state of the request to make sure that it's valid and that
* we have the necessary permissions to continue. Checks things like
* CSRF and banning.
*/
public function check_state()
{
global $vbulletin, $show;
if (defined('CSRF_ERROR'))
{
define('VB_ERROR_LITE', true);
$ajaxerror = $vbulletin->GPC['ajax'] ? '_ajax' : '';
switch (CSRF_ERROR)
{
case 'missing':
standard_error(fetch_error('security_token_missing', $vbulletin->options['contactuslink']));
break;
case 'guest':
standard_error(fetch_error('security_token_guest' . $ajaxerror));
break;
case 'timeout':
standard_error(fetch_error('security_token_timeout' . $ajaxerror, $vbulletin->options['contactuslink']));
break;
case 'invalid':
default:
standard_error(fetch_error('security_token_invalid', $vbulletin->options['contactuslink']));
}
exit;
}
// #############################################################################
// check to see if server is too busy. this is checked at the end of session.php
if ($this->server_overloaded() AND !($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) AND THIS_SCRIPT != 'login')
{
$vbulletin->options['useforumjump'] = 0;
standard_error(fetch_error('toobusy'));
}
// #############################################################################
// phpinfo display for support purposes
if (!empty($_REQUEST['do']) AND $_REQUEST['do'] == 'phpinfo')
{
if ($vbulletin->options['allowphpinfo'] AND !is_demo_mode())
{
phpinfo();
exit;
}
else
{
standard_error(fetch_error('admin_disabled_php_info'));
}
}
// #############################################################################
// check that board is active - if not admin, then display error
if (
!defined('BYPASS_FORUM_DISABLED')
AND
!$vbulletin->options['bbactive']
AND
!in_array(THIS_SCRIPT, array('login', 'css'))
AND
!($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])
)
{
if (defined('DIE_QUIETLY'))
{
exit;
}
// If this is a post submission from an admin whose session timed out, give them a chance to log back in and save what they were working on. See bug #34258
if (strtoupper($_SERVER['REQUEST_METHOD']) == 'POST' AND !empty($_POST) AND !$vbulletin->userinfo['userid'] AND !empty($_COOKIE[COOKIE_PREFIX . 'cpsession']))
{
define('VB_ERROR_PERMISSION', true);
}
$show['enableforumjump'] = true;
unset($vbulletin->db->shutdownqueries['lastvisit']);
require_once(DIR . '/includes/functions_misc.php');
eval('standard_error("' . make_string_interpolation_safe(str_replace("\\'", "'", addslashes($vbulletin->options['bbclosedreason']))) . '");');
}
// #############################################################################
// password expiry system
if ($vbulletin->userinfo['userid'] AND $vbulletin->userinfo['permissions']['passwordexpires'])
{
$passworddaysold = floor((TIMENOW - $vbulletin->userinfo['passworddate']) / 86400);
if ($passworddaysold >= $vbulletin->userinfo['permissions']['passwordexpires'])
{
if ((THIS_SCRIPT != 'login' AND THIS_SCRIPT != 'profile' AND THIS_SCRIPT != 'ajax')
OR (THIS_SCRIPT == 'profile' AND $_REQUEST['do'] != 'editpassword' AND $_POST['do'] != 'updatepassword')
OR (THIS_SCRIPT == 'ajax' AND $_REQUEST['do'] != 'imagereg' AND $_REQUEST['do'] != 'securitytoken' AND $_REQUEST['do'] != 'dismissnotice')
)
{
standard_error(fetch_error('passwordexpired',
$passworddaysold,
$vbulletin->session->vars['sessionurl']
));
}
else
{
$show['passwordexpired'] = true;
}
}
}
else
{
$show['passwordexpired'] = false;
}
// #############################################################################
// password same as username?
if (!defined('ALLOW_SAME_USERNAME_PASSWORD') AND $vbulletin->userinfo['userid'])
{
// save the resource on md5'ing if the option is not enabled or guest
if ($vbulletin->userinfo['password'] == md5(md5($vbulletin->userinfo['username']) . $vbulletin->userinfo['salt']))
{
if ((THIS_SCRIPT != 'login' AND THIS_SCRIPT != 'profile') OR (THIS_SCRIPT == 'profile' AND $_REQUEST['do'] != 'editpassword' AND $_POST['do'] != 'updatepassword'))
{
standard_error(fetch_error('username_same_as_password',
$vbulletin->session->vars['sessionurl']
));
}
}
}
// #############################################################################
// check required profile fields
if ($vbulletin->session->vars['profileupdate'] AND THIS_SCRIPT != 'login' AND THIS_SCRIPT != 'profile')
{
$vbulletin->options['useforumjump'] = 0;
standard_error(fetch_error('updateprofilefields', $vbulletin->session->vars['sessionurl']));
}
// #############################################################################
// check permission to view forum
if (!$this->has_global_view_permission())
{
if (defined('DIE_QUIETLY'))
{
exit;
}
else
{
print_no_permission();
}
}
// #############################################################################
// check for IP ban on user
verify_ip_ban();
($hook = vBulletinHook::fetch_hook('global_state_check')) ? eval($hook) : false;
}
