/** * Confirms a lost password reset request and resets the password. * * @return XenForo_ControllerResponse_Abstract */ public function actionConfirm() { $userId = $this->_input->filterSingle('user_id', XenForo_Input::UINT); if (!$userId) { return $this->responseError(new XenForo_Phrase('no_account_specified')); } $confirmationModel = $this->_getUserConfirmationModel(); $confirmation = $confirmationModel->getUserConfirmationRecord($userId, 'password'); if (!$confirmation) { if (XenForo_Visitor::getUserId()) { // probably already been reset return $this->responseRedirect(XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL, XenForo_Link::buildPublicLink('index')); } else { return $this->responseError(new XenForo_Phrase('your_password_could_not_be_reset')); } } $confirmationKey = $this->_input->filterSingle('c', XenForo_Input::STRING); if ($confirmationKey) { $accountConfirmed = $confirmationModel->validateUserConfirmationRecord($confirmationKey, $confirmation); } else { $accountConfirmed = false; } if ($accountConfirmed) { $confirmationModel->resetPassword($userId); $confirmationModel->deleteUserConfirmationRecord($userId, 'password'); XenForo_Visitor::setup(0); return $this->responseMessage(new XenForo_Phrase('your_password_has_been_reset')); } else { return $this->responseError(new XenForo_Phrase('your_password_could_not_be_reset')); } }
public function login($username, $password) { /** * @var $loginModel XenForo_Model_Login * @var $userModel XenForo_Model_User * @var $session XenForo_Session */ $loginModel = XenForo_Model::create('XenForo_Model_Login'); $userModel = XenForo_Model::create('XenForo_Model_User'); $userId = $userModel->validateAuthentication($username, $password, $this->error); //var_dump($userId); //die; if (!$userId) { $loginModel->logLoginAttempt($username); return false; } $loginModel->clearLoginAttempts($username); /* if ($data['remember']) { $userModel->setUserRememberCookie($userId); } */ XenForo_Model_Ip::log($userId, 'user', $userId, 'login'); $userModel->deleteSessionActivity(0, $this->getClientIp(false)); $session = XenForo_Application::get('session'); //die('aaabb'); /*if(!$this->session){ $this->session = XenForo_Application::get('session'); }*/ $session->changeUserId($userId); XenForo_Visitor::setup($userId); $this->visitor = XenForo_Visitor::getInstance(); $userInfo = $userModel->getFullUserById($this->visitor->getUserId()); return $userInfo; }
public function actionExternal() { $this->_assertPostOnly(); $providerCode = $this->_input->filterSingle('provider', XenForo_Input::STRING); $provider = bdApiConsumer_Option::getProviderByCode($providerCode); if (empty($provider)) { return $this->responseNoPermission(); } $externalUserId = $this->_input->filterSingle('external_user_id', XenForo_Input::UINT); if (empty($externalUserId)) { return $this->responseNoPermission(); } if (!bdApiConsumer_Helper_Api::verifyJsSdkSignature($provider, $_REQUEST)) { return $this->responseNoPermission(); } $userModel = $this->_getUserModel(); /** @var bdApiConsumer_XenForo_Model_UserExternal $userExternalModel */ $userExternalModel = $this->getModelFromCache('XenForo_Model_UserExternal'); $existingAssoc = $userExternalModel->getExternalAuthAssociation($userExternalModel->bdApiConsumer_getProviderCode($provider), $externalUserId); if (!empty($existingAssoc)) { $accessToken = $userExternalModel->bdApiConsumer_getAccessTokenFromAuth($provider, $existingAssoc); if (empty($accessToken)) { // no access token in the auth, consider no auth at all $existingAssoc = null; } } if (empty($existingAssoc)) { $autoRegister = bdApiConsumer_Option::get('autoRegister'); if ($autoRegister === 'on' or $autoRegister === 'id_sync') { // we have to do a refresh here return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildPublicLink('canonical:register/external', null, array('provider' => $providerCode, 'reg' => 1, 'redirect' => $this->getDynamicRedirect())), new XenForo_Phrase('bdapi_consumer_being_auto_login_auto_register_x', array('provider' => $provider['name']))); } } if (!$existingAssoc) { return $this->responseError(new XenForo_Phrase('bdapi_consumer_auto_login_with_x_failed', array('provider' => $provider['name']))); } $user = $userModel->getFullUserById($existingAssoc['user_id']); if (empty($user)) { return $this->responseError(new XenForo_Phrase('requested_user_not_found')); } if (XenForo_Application::$versionId > 1050000) { /** @var XenForo_ControllerHelper_Login $loginHelper */ $loginHelper = $this->getHelper('Login'); if ($loginHelper->userTfaConfirmationRequired($user)) { $loginHelper->setTfaSessionCheck($user['user_id']); return $this->responseMessage(new XenForo_Phrase('bdapi_consumer_auto_login_user_x_requires_tfa', array('username' => $user['username'], 'twoStepLink' => XenForo_Link::buildPublicLink('login/two-step', null, array('redirect' => $this->getDynamicRedirect(), 'remember' => 1))))); } } $userModel->setUserRememberCookie($user['user_id']); XenForo_Model_Ip::log($user['user_id'], 'user', $user['user_id'], 'login_api_consumer'); $userModel->deleteSessionActivity(0, $this->_request->getClientIp(false)); if (XenForo_Application::$versionId < 1050000) { XenForo_Application::getSession()->changeUserId($user['user_id']); XenForo_Visitor::setup($user['user_id']); } else { $visitor = XenForo_Visitor::setup($user['user_id']); XenForo_Application::getSession()->userLogin($user['user_id'], $visitor['password_date']); } return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $this->getDynamicRedirect(), new XenForo_Phrase('bdapi_consumer_auto_login_with_x_succeeded_y', array('provider' => $provider['name'], 'username' => $user['username']))); }
public function actionApi() { $input = $this->_input->filter(array('redirect' => XenForo_Input::STRING, 'timestamp' => XenForo_Input::UINT, 'user_id' => XenForo_Input::STRING)); $userId = 0; if (!empty($input['user_id']) && !empty($input['timestamp'])) { try { $userId = intval(bdApi_Crypt::decryptTypeOne($input['user_id'], $input['timestamp'])); } catch (XenForo_Exception $e) { if (XenForo_Application::debugMode()) { $this->_response->setHeader('X-Api-Exception', $e->getMessage()); } } } if ($userId > 0) { $this->_response->setHeader('X-Api-Login-User', $userId); $this->_getUserModel()->setUserRememberCookie($userId); XenForo_Model_Ip::log($userId, 'user', $userId, 'login_api'); $this->_getUserModel()->deleteSessionActivity(0, $this->_request->getClientIp(false)); $session = XenForo_Application::get('session'); $session->changeUserId($userId); XenForo_Visitor::setup($userId); } if (empty($input['redirect'])) { $input['redirect'] = $this->getDynamicRedirectIfNot(XenForo_Link::buildPublicLink('login')); } return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $input['redirect']); }
/** * Single-stage logout procedure */ public function actionIndex() { $csrfToken = $this->_input->filterSingle('_xfToken', XenForo_Input::STRING); $redirectResponse = $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $this->getDynamicRedirect(false, false)); $userId = XenForo_Visitor::getUserId(); if (!$userId) { return $redirectResponse; } if ($this->_noRedirect() || !$csrfToken) { // request is likely from JSON, probably XenForo.OverlayTrigger, so show a confirmation dialog return $this->responseView('XenForo_ViewPublic_LogOut', 'log_out'); } else { $this->_checkCsrfFromToken($csrfToken); // remove an admin session if we're logged in as the same person if (XenForo_Visitor::getInstance()->get('is_admin')) { $class = XenForo_Application::resolveDynamicClass('XenForo_Session'); $adminSession = new $class(array('admin' => true)); $adminSession->start(); if ($adminSession->get('user_id') == $userId) { $adminSession->delete(); } } $this->getModelFromCache('XenForo_Model_Session')->processLastActivityUpdateForLogOut(XenForo_Visitor::getUserId()); XenForo_Application::get('session')->delete(); XenForo_Helper_Cookie::deleteAllCookies($this->_getRetainedCookies(), array('user' => array('httpOnly' => false))); XenForo_Visitor::setup(0); return $redirectResponse; } }
/** * Setup the session. * * @param string $action */ protected function _setupSession($action) { if (XenForo_Application::isRegistered('session')) { return; } $session = new XenForo_Session(array('admin' => true)); XenForo_Application::set('session', $session); $session->start(); XenForo_Visitor::setup($session->get('user_id')); }
public function actionLogin() { $data = $this->_input->filter(array('login' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'remember' => XenForo_Input::UINT, 'register' => XenForo_Input::UINT, 'redirect' => XenForo_Input::STRING, 'cookie_check' => XenForo_Input::UINT, 'postData' => XenForo_Input::JSON_ARRAY)); if ($data['register'] || $data['password'] === '') { return $this->responseReroute('XenForo_ControllerPublic_Register', 'index'); } $redirect = $data['redirect'] ? $data['redirect'] : $this->getDynamicRedirectIfNot(XenForo_Link::buildPublicLink('login')); if (XenForo_Visitor::getUserId()) { return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect); } $this->_assertPostOnly(); $loginModel = $this->_getLoginModel(); if ($data['cookie_check'] && count($_COOKIE) == 0) { // login came from a page, so we should at least have a session cookie. // if we don't, assume that cookies are disabled return $this->_loginErrorResponse(new XenForo_Phrase('cookies_required_to_log_in_to_site'), $data['login'], true, $redirect); } $needCaptcha = $loginModel->requireLoginCaptcha($data['login']); if ($needCaptcha) { switch (XenForo_Application::getOptions()->loginLimit) { case 'captcha': if (!XenForo_Captcha_Abstract::validateDefault($this->_input, true)) { return $this->_loginErrorResponse(new XenForo_Phrase('did_not_complete_the_captcha_verification_properly'), $data['login'], true, $redirect, $data['postData']); } break; case 'block': return $this->_loginErrorResponse(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts'), $data['login'], true, $redirect, $data['postData']); break; } } $userModel = $this->_getUserModel(); $userId = $userModel->validateAuthentication($data['login'], $data['password'], $error); if (!$userId) { $loginModel->logLoginAttempt($data['login']); return $this->_loginErrorResponse($error, $data['login'], $needCaptcha || $loginModel->requireLoginCaptcha($data['login']), $redirect, $data['postData']); } $loginModel->clearLoginAttempts($data['login']); if ($data['remember']) { $userModel->setUserRememberCookie($userId); } XenForo_Model_Ip::log($userId, 'user', $userId, 'login'); $userModel->deleteSessionActivity(0, $this->_request->getClientIp(false)); $visitor = XenForo_Visitor::setup($userId); XenForo_Application::getSession()->userLogin($userId, $visitor['password_date']); if ($data['postData']) { return $this->responseView('XenForo_ViewPublic_Login_PostRedirect', 'login_post_redirect', array('postData' => $data['postData'], 'redirect' => $redirect)); } else { return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect); } }
public function actionExternal() { $this->_assertPostOnly(); $providerCode = $this->_input->filterSingle('provider', XenForo_Input::STRING); $provider = bdApiConsumer_Option::getProviderByCode($providerCode); if (empty($provider)) { return $this->responseNoPermission(); } $externalUserId = $this->_input->filterSingle('external_user_id', XenForo_Input::UINT); if (empty($externalUserId)) { return $this->responseNoPermission(); } if (!bdApiConsumer_Helper_Api::verifyJsSdkSignature($provider, $_REQUEST)) { return $this->responseNoPermission(); } $userModel = $this->_getUserModel(); $userExternalModel = $this->getModelFromCache('XenForo_Model_UserExternal'); $existingAssoc = $userExternalModel->getExternalAuthAssociation($userExternalModel->bdApiConsumer_getProviderCode($provider), $externalUserId); if (!empty($existingAssoc)) { $accessToken = $userExternalModel->bdApiConsumer_getAccessTokenFromAuth($provider, $existingAssoc); if (empty($accessToken)) { // no access token in the auth, consider no auth at all $existingAssoc = null; } } if (empty($existingAssoc)) { $autoRegister = bdApiConsumer_Option::get('autoRegister'); if ($autoRegister === 'on' or $autoRegister === 'id_sync') { // we have to do a refresh here return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildPublicLink('canonical:register/external', null, array('provider' => $providerCode, 'reg' => 1, 'redirect' => $this->getDynamicRedirect())), new XenForo_Phrase('bdapi_consumer_being_auto_login_auto_register_x', array('provider' => $provider['name']))); } } if ($existingAssoc and $user = $userModel->getUserById($existingAssoc['user_id'])) { $userModel->setUserRememberCookie($user['user_id']); XenForo_Model_Ip::log($user['user_id'], 'user', $user['user_id'], 'login_api_consumer'); $userModel->deleteSessionActivity(0, $this->_request->getClientIp(false)); $session = XenForo_Application::get('session'); $session->changeUserId($user['user_id']); XenForo_Visitor::setup($user['user_id']); $message = new XenForo_Phrase('bdapi_consumer_auto_login_with_x_succeeded_y', array('provider' => $provider['name'], 'username' => $user['username'])); return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $this->getDynamicRedirect(), $message); } else { return $this->responseError(new XenForo_Phrase('bdapi_consumer_auto_login_with_x_failed', array('provider' => $provider['name']))); } }
public static function logout() { self::start(); if (!self::userLoad()) { return; } if (XenForo_Visitor::getInstance()->get('is_admin')) { $adminSession = new XenForo_Session(array('admin' => true)); $adminSession->start(); if ($adminSession->get('user_id') == XenForo_Visitor::getUserId()) { $adminSession->delete(); } } XenForo_Model::create('XenForo_Model_Session')->processLastActivityUpdateForLogOut(XenForo_Visitor::getUserId()); XenForo_Application::get('session')->delete(); XenForo_Helper_Cookie::deleteAllCookies(array('session'), array('user' => array('httpOnly' => false))); XenForo_Visitor::setup(0); }
/** * Single-stage logout procedure */ public function actionIndex() { $this->_checkCsrfFromToken($this->_input->filterSingle('_xfToken', XenForo_Input::STRING)); // remove an admin session if we're logged in as the same person if (XenForo_Visitor::getInstance()->get('is_admin')) { $adminSession = new XenForo_Session(array('admin' => true)); $adminSession->start(); if ($adminSession->get('user_id') == XenForo_Visitor::getUserId()) { $adminSession->delete(); } } $this->getModelFromCache('XenForo_Model_Session')->processLastActivityUpdateForLogOut(XenForo_Visitor::getUserId()); XenForo_Application::get('session')->delete(); XenForo_Helper_Cookie::deleteAllCookies(array('session'), array('user' => array('httpOnly' => false))); XenForo_Visitor::setup(0); $redirect = $this->_input->filterSingle('redirect', XenForo_Input::STRING); return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect ? $redirect : XenForo_Link::buildPublicLink('index')); }
protected function _executePromotionUpdate($force = false) { if (!XenForo_Application::isRegistered('session') || XenForo_Application::getSession()->get('promotionChecked')) { return; } $visitor = XenForo_Visitor::getInstance(); if (!$visitor['user_id'] || $visitor['last_activity'] > XenForo_Application::$time - 1800 && !$force) { // guest or we've been active recently, so let the cron do it return; } XenForo_Application::getSession()->set('promotionChecked', true); /** @var $promotionModel XenForo_Model_UserGroupPromotion */ $promotionModel = $this->getModelFromCache('XenForo_Model_UserGroupPromotion'); if ($promotionModel->updatePromotionsForUser($visitor->toArray())) { // awarded promotions, reload XenForo_Visitor::setup($visitor['user_id'], XenForo_Visitor::getVisitorSetupOptions()); } }
protected function _postSaveAfterTransaction() { parent::_postSaveAfterTransaction(); if (SV_UserPromoOnUpdate_Globals::$RunPromotion) { // ensure we don't attempt to run the promotion twice in the same request SV_UserPromoOnUpdate_Globals::$RunPromotion = false; $user = $this->getMergedData(); /** @var $promotionModel XenForo_Model_UserGroupPromotion */ $promotionModel = $this->getModelFromCache('XenForo_Model_UserGroupPromotion'); if ($promotionModel->updatePromotionsForUser($user)) { $visitor = XenForo_Visitor::getInstance(); // awarded promotions, reload session if (XenForo_Application::isRegistered('session') && $visitor['user_id'] && $visitor['user_id'] == $user['user_id']) { XenForo_Application::getSession()->set('promotionChecked', true); XenForo_Visitor::setup($user['user_id'], XenForo_Visitor::getVisitorSetupOptions()); } } } }
public function actionLogin() { $this->_assertPostOnly(); $data = $this->_input->filter(array('login' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'remember' => XenForo_Input::UINT, 'register' => XenForo_Input::UINT, 'redirect' => XenForo_Input::STRING, 'cookie_check' => XenForo_Input::UINT)); if ($data['register'] || $data['password'] === '') { return $this->responseReroute('XenForo_ControllerPublic_Register', 'index'); } $redirect = $data['redirect'] ? $data['redirect'] : $this->getDynamicRedirect(); $loginModel = $this->_getLoginModel(); if ($data['cookie_check'] && count($_COOKIE) == 0) { // login came from a page, so we should at least have a session cookie. // if we don't, assume that cookies are disabled return $this->_loginErrorResponse(new XenForo_Phrase('cookies_required_to_log_in_to_site'), $data['login'], true, $redirect); } $needCaptcha = $loginModel->requireLoginCaptcha($data['login']); if ($needCaptcha) { if (!XenForo_Captcha_Abstract::validateDefault($this->_input, true)) { $loginModel->logLoginAttempt($data['login']); return $this->_loginErrorResponse(new XenForo_Phrase('did_not_complete_the_captcha_verification_properly'), $data['login'], true, $redirect); } } $userModel = $this->_getUserModel(); $userId = $userModel->validateAuthentication($data['login'], $data['password'], $error); if (!$userId) { $loginModel->logLoginAttempt($data['login']); return $this->_loginErrorResponse($error, $data['login'], $needCaptcha || $loginModel->requireLoginCaptcha($data['login']), $redirect); } $loginModel->clearLoginAttempts($data['login']); if ($data['remember']) { $userModel->setUserRememberCookie($userId); } XenForo_Model_Ip::log($userId, 'user', $userId, 'login'); $userModel->deleteSessionActivity(0, $this->_request->getClientIp(false)); $session = XenForo_Application::get('session'); $session->changeUserId($userId); XenForo_Visitor::setup($userId); return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect); }
public function actionExternalRegister() { $this->_assertPostOnly(); $redirect = $this->_bdApiConsumer_getRedirect(); $userModel = $this->_getUserModel(); /** @var bdApiConsumer_XenForo_Model_UserExternal $userExternalModel */ $userExternalModel = $this->_getUserExternalModel(); $providerCode = $this->_input->filterSingle('provider', XenForo_Input::STRING); $provider = bdApiConsumer_Option::getProviderByCode($providerCode); if (empty($provider)) { return $this->responseNoPermission(); } $doAssoc = $this->_input->filterSingle('associate', XenForo_Input::STRING) || $this->_input->filterSingle('force_assoc', XenForo_Input::UINT); $userId = 0; if ($doAssoc) { $associate = $this->_input->filter(array('associate_login' => XenForo_Input::STRING, 'associate_password' => XenForo_Input::STRING)); $loginModel = $this->_getLoginModel(); if ($loginModel->requireLoginCaptcha($associate['associate_login'])) { return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts')); } $userId = $userModel->validateAuthentication($associate['associate_login'], $associate['associate_password'], $error); if (!$userId) { $loginModel->logLoginAttempt($associate['associate_login']); return $this->responseError($error); } } $refreshToken = $this->_input->filterSingle('refresh_token', XenForo_Input::STRING); $externalToken = bdApiConsumer_Helper_Api::getAccessTokenFromRefreshToken($provider, $refreshToken); if (empty($externalToken)) { return $this->responseError(new XenForo_Phrase('bdapi_consumer_error_occurred_while_connecting_with_x', array('provider' => $provider['name']))); } $externalVisitor = bdApiConsumer_Helper_Api::getVisitor($provider, $externalToken['access_token']); if (empty($externalVisitor)) { return $this->responseError(new XenForo_Phrase('bdapi_consumer_error_occurred_while_connecting_with_x', array('provider' => $provider['name']))); } if (empty($externalVisitor['user_email'])) { return $this->responseError(new XenForo_Phrase('bdapi_consumer_x_returned_unknown_error', array('provider' => $provider['name']))); } if (isset($externalVisitor['user_is_valid']) and isset($externalVisitor['user_is_verified'])) { if (empty($externalVisitor['user_is_valid']) or empty($externalVisitor['user_is_verified'])) { return $this->responseError(new XenForo_Phrase('bdapi_consumer_x_account_not_good_standing', array('provider' => $provider['name']))); } } if ($doAssoc) { $userExternalModel->bdApiConsumer_updateExternalAuthAssociation($provider, $externalVisitor['user_id'], $userId, array_merge($externalVisitor, array('token' => $externalToken))); XenForo_Application::getSession()->changeUserId($userId); XenForo_Visitor::setup($userId); return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect); } if (bdApiConsumer_Option::get('bypassRegistrationActive')) { // do not check for registration active option } else { $this->_assertRegistrationActive(); } $data = $this->_input->filter(array('username' => XenForo_Input::STRING, 'timezone' => XenForo_Input::STRING)); // TODO: custom fields if (XenForo_Dependencies_Public::getTosUrl() && !$this->_input->filterSingle('agree', XenForo_Input::UINT)) { return $this->responseError(new XenForo_Phrase('you_must_agree_to_terms_of_service')); } $user = bdApiConsumer_Helper_AutoRegister::createUser($data, $provider, $externalToken, $externalVisitor, $this->_getUserExternalModel()); XenForo_Application::getSession()->changeUserId($user['user_id']); XenForo_Visitor::setup($user['user_id']); $viewParams = array('user' => $user, 'redirect' => $redirect); return $this->responseView('XenForo_ViewPublic_Register_Process', 'register_process', $viewParams, $this->_getRegistrationContainerParams()); }
public function actionLogout() { $fr_username = $this->_input->filterSingle('fr_username', XenForo_Input::STRING); if (XenForo_Visitor::getInstance()->get('is_admin')) { $admin = new XenForo_Session(array('admin' => true)); $admin->start(); if ($admin->get('user_id') == XenForo_Visitor::getUserId()) { $admin->delete(); } } fr_remove_push_user(); $this->getModelFromCache('XenForo_Model_Session')->processLastActivityUpdateForLogOut(XenForo_Visitor::getUserId()); XenForo_Application::get('session')->delete(); XenForo_Helper_Cookie::deleteAllCookies(array('session'), array('user' => array('httpOnly' => false))); XenForo_Visitor::setup(0); $requires_authentication = false; if (!XenForo_Visitor::getInstance()->hasPermission('general', 'view')) { $requires_authentication = true; } $options = XenForo_Application::get('options'); if (!$options->boardActive) { $requires_authentication = true; } return array('success' => true, 'requires_authentication' => $requires_authentication); }
public function setupVisitorFromUpgradeCookie() { $cookie = XenForo_Helper_Cookie::getCookie('upgrade'); if (!$cookie) { return false; } /** @var $userModel XenForo_Model_User */ $userModel = $this->getModelFromCache('XenForo_Model_User'); $userId = $userModel->loginUserByRememberCookie($cookie); if ($userId) { XenForo_Visitor::setup($userId); } return $userId; }
/** * Starts the admin session and sets up the visitor. * * @param Zend_Controller_Request_Http|null $request * * @return XenForo_Session */ public static function startAdminSession(Zend_Controller_Request_Http $request = null) { $session = new XenForo_Session(array('admin' => true)); $session->start(); XenForo_Application::set('session', $session); XenForo_Visitor::setup($session->get('user_id')); return $session; }
public function actionPostIndex() { /* @var $oauth2Model bdApi_Model_OAuth2 */ $oauth2Model = $this->getModelFromCache('bdApi_Model_OAuth2'); /* @var $userConfirmationModel XenForo_Model_UserConfirmation */ $userConfirmationModel = $this->getModelFromCache('XenForo_Model_UserConfirmation'); /* @var $session bdApi_Session */ $session = XenForo_Application::getSession(); $clientId = $session->getOAuthClientId(); $clientSecret = $session->getOAuthClientSecret(); if (empty($clientId) or empty($clientSecret)) { $clientId = $this->_input->filterSingle('client_id', XenForo_Input::STRING); $client = $oauth2Model->getClientModel()->getClientById($clientId); if (empty($client)) { return $this->responseError(new XenForo_Phrase('bdapi_post_slash_users_requires_client_id'), 400); } $clientSecret = $client['client_secret']; } $input = $this->_input->filter(array('user_email' => XenForo_Input::STRING, 'username' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'password_algo' => XenForo_Input::STRING, 'user_dob_day' => XenForo_Input::UINT, 'user_dob_month' => XenForo_Input::UINT, 'user_dob_year' => XenForo_Input::UINT)); if (empty($input['user_email'])) { // backward compatibility $input['user_email'] = $this->_input->filterSingle('email', XenForo_Input::STRING); } $extraInput = $this->_input->filter(array('extra_data' => XenForo_Input::STRING, 'extra_timestamp' => XenForo_Input::UINT)); if (!empty($extraInput['extra_data'])) { $extraData = bdApi_Crypt::decryptTypeOne($extraInput['extra_data'], $extraInput['extra_timestamp']); if (!empty($extraData)) { $extraData = @unserialize($extraData); } if (empty($extraData)) { $extraData = array(); } } $userModel = $this->_getUserModel(); $options = XenForo_Application::getOptions(); $session = XenForo_Application::getSession(); $visitor = XenForo_Visitor::getInstance(); /* @var $writer XenForo_DataWriter_User */ $writer = XenForo_DataWriter::create('XenForo_DataWriter_User'); $registrationDefaults = $options->get('registrationDefaults'); if (!empty($registrationDefaults)) { $writer->bulkSet($registrationDefaults, array('ignoreInvalidFields' => true)); } $writer->set('email', $input['user_email']); $writer->set('username', $input['username']); $password = bdApi_Crypt::decrypt($input['password'], $input['password_algo'], $clientSecret); if (!empty($password)) { $writer->setPassword($password, $password); } else { // no password or unable to decrypt password // create new user with no password auth scheme $auth = XenForo_Authentication_Abstract::create('XenForo_Authentication_NoPassword'); $writer->set('scheme_class', $auth->getClassName()); $writer->set('data', $auth->generate(''), 'xf_user_authenticate'); } if ($options->get('gravatarEnable') && XenForo_Model_Avatar::gravatarExists($input['user_email'])) { $writer->set('gravatar', $input['user_email']); } $writer->set('dob_day', $input['user_dob_day']); $writer->set('dob_month', $input['user_dob_month']); $writer->set('dob_year', $input['user_dob_year']); $writer->set('user_group_id', XenForo_Model_User::$defaultRegisteredGroupId); $writer->set('language_id', XenForo_Visitor::getInstance()->get('language_id')); $allowEmailConfirm = true; if (!empty($extraData['user_email']) && $extraData['user_email'] == $writer->get('email')) { // the email address has been validated by some other mean (external provider?) // do not require email confirmation again to avoid complication $allowEmailConfirm = false; } $writer->advanceRegistrationUserState($allowEmailConfirm); if ($visitor->hasAdminPermission('user') and $session->checkScope(bdApi_Model_OAuth2::SCOPE_MANAGE_SYSTEM)) { $writer->set('user_state', 'valid'); } $writer->save(); $user = $writer->getMergedData(); // log the ip of the user registering XenForo_Model_Ip::log(XenForo_Visitor::getUserId() ? XenForo_Visitor::getUserId() : $user['user_id'], 'user', $user['user_id'], 'register'); if ($user['user_state'] == 'email_confirm') { $userConfirmationModel->sendEmailConfirmation($user); } if (!empty($extraData['external_provider']) && !empty($extraData['external_provider_key'])) { /* @var $userExternalModel XenForo_Model_UserExternal */ $userExternalModel = $this->getModelFromCache('XenForo_Model_UserExternal'); $userExternalModel->updateExternalAuthAssociation($extraData['external_provider'], $extraData['external_provider_key'], $user['user_id']); } if (XenForo_Visitor::getUserId() == 0) { XenForo_Visitor::setup($user['user_id']); } $scopes = $oauth2Model->getSystemSupportedScopes(); $scopes = bdApi_Template_Helper_Core::getInstance()->scopeJoin($scopes); $token = $oauth2Model->getServer()->createAccessToken($clientId, $user['user_id'], $scopes); $user = $userModel->getUserById($user['user_id'], $userModel->getFetchOptionsToPrepareApiData()); $data = array('user' => $this->_filterDataSingle($this->_getUserModel()->prepareApiDataForUser($user)), '_user' => $user, 'token' => $token); return $this->responseData('bdApi_ViewApi_User_Single', $data); }
public function actionLogin() { if ($this->_getUpgradeModel()->setupVisitorFromUpgradeCookie()) { $visitor = XenForo_Visitor::getInstance(); if ($visitor['is_admin'] && $visitor->hasAdminPermission('upgradeXenForo')) { return $this->responseRedirect(XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL, 'index.php?upgrade/'); } } $error = ''; if ($this->isConfirmedPost()) { $data = $this->_input->filter(array('login' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'redirect' => XenForo_Input::STRING)); $redirect = $data['redirect'] ? $data['redirect'] : 'index.php?upgrade/'; /** @var $loginModel XenForo_Model_Login */ $loginModel = $this->getModelFromCache('XenForo_Model_Login'); if ($loginModel->requireLoginCaptcha($data['login'])) { // just block logins here instead of using the captcha return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts')); } /** @var $userModel XenForo_Model_User */ $userModel = $this->getModelFromCache('XenForo_Model_User'); $userId = false; $user = $userModel->getUserByNameOrEmail($data['login']); if ($user) { $authentication = $userModel->getUserAuthenticationObjectByUserId($user['user_id']); if ($authentication && $authentication->authenticate($user['user_id'], $data['password'])) { $userId = $user['user_id']; } else { $error = new XenForo_Phrase('incorrect_password'); } } else { $error = new XenForo_Phrase('requested_user_x_not_found', array('name' => $data['login'])); } if (!$userId) { try { $loginModel->logLoginAttempt($data['login']); if ($loginModel->requireLoginCaptcha($data['login'])) { return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts')); } } catch (Exception $e) { } } else { try { $loginModel->clearLoginAttempts($data['login']); XenForo_Model_Ip::log($userId, 'user', $userId, 'login_upgrade'); } catch (Exception $e) { } XenForo_Visitor::setup($userId); $visitor = XenForo_Visitor::getInstance(); if (!$visitor->is_admin) { return $this->responseError(new XenForo_Phrase('your_account_does_not_have_admin_privileges')); } if (!$visitor->hasAdminPermission('upgradeXenForo')) { return $this->responseError(new XenForo_Phrase('you_do_not_have_permission_upgrade')); } $this->_getUpgradeModel()->setUpgradeCookie($userId); return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect); } } return $this->responseView('XenForo_Install_View_Upgrade_Login', 'upgrade_login', array('error' => $error)); }
/** * Starts the admin session and sets up the visitor. * * @param Zend_Controller_Request_Http|null $request * * @return XenForo_Session */ public static function startAdminSession(Zend_Controller_Request_Http $request = null) { $class = XenForo_Application::resolveDynamicClass('XenForo_Session'); /** @var $session XenForo_Session */ $session = new $class(array('admin' => true)); $session->start(); XenForo_Application::set('session', $session); $visitor = XenForo_Visitor::setup($session->get('user_id')); if ($visitor['user_id'] && $session->get('password_date') && $session->get('password_date') != $visitor['password_date']) { $session->changeUserId(0); $visitor = XenForo_Visitor::setup(0); } return $session; }
{ return 'UTF-8'; } } require $fileDir . '/library/Sabre/Sabre.autoload.php'; $request = new Zend_Controller_Request_Http(); $baseUrl = $request->getBaseUrl(); $auth = new Sabre_HTTP_BasicAuth(); $auth->setRealm('XenForo Admin CP WebDAV'); $authData = $auth->getUserPass(); /* @var $userModel XenForo_Model_User */ $userModel = XenForo_Model::create('XenForo_Model_User'); $authValid = false; $userId = $userModel->validateAuthentication($authData[0], $authData[1]); if ($userId) { $visitor = XenForo_Visitor::setup($userId); if ($visitor['is_admin']) { $authValid = true; } } if (!$authValid) { $auth->requireLogin(); echo "Authentication required"; exit; } $root = new XenForo_SabreDav_RootDirectory(); $tree = new Sabre_DAV_ObjectTree($root); $server = new Sabre_DAV_Server($tree); $server->setBaseUri($baseUrl . '/'); // implement but ignore locking, in attempt to allow finder, etc to do writes $lockBackend = new XenForo_SabreDav_LocksNoOp();
public function actionRegister() { $this->_assertRegistrationActive(); $vals = $this->_input->filter(array('username' => XenForo_Input::STRING, 'email' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'password_md5' => XenForo_Input::STRING, 'birthday' => XenForo_Input::STRING, 'timezone_name' => XenForo_Input::STRING)); $options = XenForo_Application::get('options'); if (!$options->forumrunnerRegistration) { $p = new XenForo_Phrase('do_not_have_permission'); json_error($p->render()); } $out = array(); if ($vals['username']) { $writer = XenForo_DataWriter::create('XenForo_DataWriter_User'); if ($options->registrationDefaults) { $writer->bulkSet($options->registrationDefaults, array('ignoreInvalidFields' => true)); } $day = $month = $year = ''; if ($vals['birthday']) { $parts = preg_split('#/#', $vals['birthday']); if ($parts[0]) { $month = intval($parts[0]); } if ($parts[1]) { $day = intval($parts[1]); } if ($parts[2]) { $year = intval($parts[2]); } } // Figure out Time Zone $data = array('username' => $vals['username'], 'email' => $vals['email'], 'gender' => '', 'dob_day' => $day, 'dob_month' => $month, 'dob_year' => $year, 'timezone' => $vals['timezone_name']); $writer->bulkSet($data); $writer->setPassword($vals['password'], $vals['password']); // verified by client // if the email corresponds to an existing Gravatar, use it if ($options->gravatarEnable && XenForo_Model_Avatar::gravatarExists($data['email'])) { $writer->set('gravatar', $data['email']); } $writer->set('user_group_id', XenForo_Model_User::$defaultRegisteredGroupId); $writer->set('language_id', XenForo_Visitor::getInstance()->get('language_id')); $writer->advanceRegistrationUserState(); $writer->preSave(); if ($options->get('registrationSetup', 'requireDob')) { // dob required if (!$data['dob_day'] || !$data['dob_month'] || !$data['dob_year']) { $p = new XenForo_Phrase('please_enter_valid_date_of_birth'); json_error($p->render()); } $userAge = $this->_getUserProfileModel()->getUserAge($writer->getMergedData(), true); if ($userAge < 1) { $p = new XenForo_Phrase('please_enter_valid_date_of_birth'); json_error($p->render()); } if ($userAge < intval($options->get('registrationSetup', 'minimumAge'))) { $p = new XenForo_Phrase('sorry_you_too_young_to_create_an_account'); json_error($p->render()); } } $errors = $writer->getErrors(); if (count($errors)) { // only show first $errors = array_values($errors); json_error($errors[0]->render()); } $writer->save(); $user = $writer->getMergedData(); // log the ip of the user registering XenForo_Model_Ip::log($user['user_id'], 'user', $user['user_id'], 'register'); if ($user['user_state'] == 'email_confirm') { $this->_getUserConfirmationModel()->sendEmailConfirmation($user); $out['emailverify'] = true; } else { $out['emailverify'] = false; } XenForo_Visitor::setup(0); } else { $p = new XenForo_Phrase('fr_register_forum_rules'); $out += array('rules' => preg_replace('/<a href=\\"(.*?)\\">(.*?)<\\/a>/', "\\2", $p->render()), 'birthday' => $options->get('registrationSetup', 'requireDob') ? true : false); } return $out; }
public function completeLogin($userId, $remember, $redirect, array $postData = array()) { $userModel = $this->_getUserModel(); if ($remember) { $userModel->setUserRememberCookie($userId); } XenForo_Model_Ip::log($userId, 'user', $userId, 'login'); $userModel->deleteSessionActivity(0, $this->_request->getClientIp(false)); $visitor = XenForo_Visitor::setup($userId); XenForo_Application::getSession()->userLogin($userId, $visitor['password_date']); if ($postData) { return $this->responseView('XenForo_ViewPublic_Login_PostRedirect', 'login_post_redirect', array('postData' => $postData, 'redirect' => $redirect)); } else { return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect, ''); } }
public function actionLogout() { $this->_checkCsrfFromToken($this->_input->filterSingle('_xfToken', XenForo_Input::STRING)); XenForo_Application::get('session')->delete(); XenForo_Visitor::setup(0); return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildAdminLink('index')); }
public function renderTagParseHtml(array $tag, array $rendererStates) { if ($this->user_id < 1) { return $this->renderTagUnparsed($tag, $rendererStates); } if (empty(self::$permissionCache[$this->user_id])) { $oldUserId = XenForo_Visitor::getUserId(); $user = XenForo_Visitor::setup($this->user_id); self::$permissionCache[$this->user_id] = $user->hasPermission('HQCoder_ParseHTML', 'thread'); XenForo_Visitor::setup($oldUserId); } if (!self::$permissionCache[$this->user_id]) { return $this->renderTagUnparsed($tag, $rendererStates); } $content = $this->stringifyTree($tag['children']); $content = str_ireplace(array("[url]", "[/url]", "[email]", "[/email]", "[media]", "[/media]"), "", $content); $content = XenForo_Helper_String::censorString($content); return '<div class="parseHTML">' . $content . '</div>'; }
/** * Starts running the API session handler. This will automatically log in the * user via OAuth if needed, and setup the visitor object. The session will be * registered in the registry. * * @param Zend_Controller_Request_Http|null $request * * @return XenForo_Session */ public static function startApiSession(Zend_Controller_Request_Http $request = null) { if (!$request) { $request = new Zend_Controller_Request_Http(); } if (XenForo_Application::$versionId >= 1020000) { $addOns = XenForo_Application::get('addOns'); if (empty($addOns['bdApi'])) { die('The API is currently disabled.'); } } $session = new bdApi_Session(); $session->start(); XenForo_Application::set('session', $session); $options = $session->getAll(); $visitor = XenForo_Visitor::setup($session->get('user_id'), $options); if (empty($visitor['user_id'])) { $guestUsername = $request->getParam('guestUsername'); if (!empty($guestUsername)) { $visitor['username'] = $guestUsername; } } return $session; }
public function actionAccountsfreedom() { $accounts = new AnyTV_AccountsAuthentication_Accounts(); if (!$accounts->isConnectable()) { return $this->responseError(new XenForo_Phrase('something_went_wrong_please_try_again')); } $assocUserId = $this->_input->filterSingle('assoc', XenForo_Input::UINT); $redirect = $this->_getExternalAuthRedirect(); $session = XenForo_Application::getSession(); $redirectUri = XenForo_Link::buildPublicLink('canonical:register/accountsfreedom', false, array('assoc' => $assocUserId ? $assocUserId : false)); if ($this->_input->filterSingle('reg', XenForo_Input::UINT)) { $session->set('loginRedirect', $redirect); $session->remove('accountsToken'); return $this->responseRedirect(XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL, $accounts->getAccountsRequestUrl($redirectUri)); } $accountsToken = $this->_input->filterSingle('token', XenForo_Input::STRING); if (!$accountsToken) { $accountsToken = $session->get('accountsToken'); } $accountsUser = false; if (!$accountsToken) { $error = $this->_input->filterSingle('error', XenForo_Input::STRING); if ($error == 'access_denied') { return $this->responseError(new XenForo_Phrase('you_did_not_grant_permission_to_access_external_account')); } $code = $this->_input->filterSingle('code', XenForo_Input::STRING); if (!$code) { return $this->responseError(new XenForo_Phrase('accountsfreedom_error_occurred_while_connecting_with_accountsfreedom1')); } $state = $this->_input->filterSingle('state', XenForo_Input::STRING); if (!$state || !$session->get('accountsCsrfState') || $state !== $session->get('accountsCsrfState')) { return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildPublicLink('canonical:index')); } $token = $accounts->getAccessTokenFromCode($code, $redirectUri); if (!isset($token['access_token'])) { return $this->responseError(new XenForo_Phrase('accountsfreedom_error_occurred_while_connecting_with_accountsfreedom2')); } $accountsToken = $token['access_token']; $accountsUser = $accounts->getUserInfo(null, $accountsToken); } if (!isset($accountsUser['user_id'])) { return $this->responseError(new XenForo_Phrase('accountsfreedom_error_occurred_while_connecting_with_accountsfreedom3')); } $userModel = $this->_getUserModel(); $userExternalModel = $this->_getUserExternalModel(); $accountsAssoc = $userExternalModel->getExternalAuthAssociation('accountsfreedom', $accountsUser['user_id']); if ($accountsAssoc && $userModel->getUserById($accountsAssoc['user_id'])) { $userExternalModel->updateExternalAuthAssociationExtra($accountsAssoc['user_id'], 'accountsfreedom', array('token' => $accountsToken)); $userExternalModel->updateExternalAuthAssociationExtra($accountsAssoc['user_id'], 'accountsfreedom', array('data' => $accountsUser)); $redirect = XenForo_Application::getSession()->get('loginRedirect'); if (!$redirect) { $redirect = $this->getDynamicRedirect(false, false); } $visitor = XenForo_Visitor::setup($accountsAssoc['user_id']); XenForo_Application::getSession()->userLogin($accountsAssoc['user_id'], $visitor['password_date']); $this->_getUserModel()->setUserRememberCookie($accountsAssoc['user_id']); return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect); } $existingUser = false; $emailMatch = false; if (XenForo_Visitor::getUserId()) { $existingUser = XenForo_Visitor::getInstance(); } else { if ($assocUserId) { $existingUser = $userModel->getUserById($assocUserId); } } $existingUser = $userModel->getUserByEmail($accountsUser['email']); if ($existingUser) { $emailMatch = true; } $viewName = 'AnyTV_AccountsAuthentication_ViewPublic_Accounts_Register'; $templateName = 'register_accountsfreedom'; XenForo_Application::getSession()->set('accountsToken', $accountsToken); XenForo_Application::getSession()->set('accountsUser', $accountsUser); if ($existingUser) { // must associate: matching user return $this->_getExternalRegisterFormResponse($viewName, $templateName, array('associateOnly' => true, 'accountsfreedom' => $accountsUser, 'existingUser' => $existingUser, 'emailMatch' => $emailMatch, 'redirect' => $redirect)); } $this->_assertRegistrationActive(); if (!empty($accountsUser['birthday'])) { $this->_validateBirthdayString($accountsUser['birthday'], 'm/d/y'); } return $this->_getExternalRegisterFormResponse($viewName, $templateName, array('accountsfreedom' => $accountsUser, 'redirect' => $redirect, 'showDob' => empty($accountsUser['birthday']))); }
/** * Registers a new account (or associates with an existing one) using Facebook. * * @return XenForo_ControllerResponse_Abstract */ public function actionFacebookRegister() { $this->_assertPostOnly(); $fbToken = $this->_input->filterSingle('fb_token', XenForo_Input::STRING); $fbUser = XenForo_Helper_Facebook::getUserInfo($fbToken); if (empty($fbUser['id'])) { return $this->responseError(new XenForo_Phrase('error_occurred_while_connecting_with_facebook')); } $userModel = $this->_getUserModel(); $userExternalModel = $this->_getUserExternalModel(); $doAssoc = $this->_input->filterSingle('associate', XenForo_Input::STRING) || $this->_input->filterSingle('force_assoc', XenForo_Input::UINT); if ($doAssoc) { $associate = $this->_input->filter(array('associate_login' => XenForo_Input::STRING, 'associate_password' => XenForo_Input::STRING)); $loginModel = $this->_getLoginModel(); if ($loginModel->requireLoginCaptcha($associate['associate_login'])) { return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts')); } $userId = $userModel->validateAuthentication($associate['associate_login'], $associate['associate_password'], $error); if (!$userId) { $loginModel->logLoginAttempt($associate['associate_login']); return $this->responseError($error); } $userExternalModel->updateExternalAuthAssociation('facebook', $fbUser['id'], $userId); XenForo_Helper_Facebook::setUidCookie($fbUser['id']); XenForo_Application::get('session')->changeUserId($userId); XenForo_Visitor::setup($userId); $redirect = XenForo_Application::get('session')->get('fbRedirect'); XenForo_Application::get('session')->remove('fbRedirect'); if (!$redirect) { $redirect = $this->getDynamicRedirect(false, false); } return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect); } $this->_assertRegistrationActive(); $data = $this->_input->filter(array('username' => XenForo_Input::STRING, 'timezone' => XenForo_Input::STRING)); if (XenForo_Dependencies_Public::getTosUrl() && !$this->_input->filterSingle('agree', XenForo_Input::UINT)) { return $this->responseError(new XenForo_Phrase('you_must_agree_to_terms_of_service')); } $options = XenForo_Application::get('options'); $gender = ''; if (isset($fbUser['gender'])) { switch ($fbUser['gender']) { case 'man': case 'male': $gender = 'male'; break; case 'woman': case 'female': $gender = 'female'; break; } } $writer = XenForo_DataWriter::create('XenForo_DataWriter_User'); if ($options->registrationDefaults) { $writer->bulkSet($options->registrationDefaults, array('ignoreInvalidFields' => true)); } $writer->bulkSet($data); $writer->bulkSet(array('gender' => $gender, 'email' => $fbUser['email'], 'location' => isset($fbUser['location']['name']) ? $fbUser['location']['name'] : '')); if (!empty($fbUser['birthday'])) { $birthdayParts = explode('/', $fbUser['birthday']); if (count($birthdayParts) == 3) { list($month, $day, $year) = $birthdayParts; $userAge = $this->_getUserProfileModel()->calculateAge($year, $month, $day); if ($userAge < intval($options->get('registrationSetup', 'minimumAge'))) { // TODO: set a cookie to prevent re-registration attempts return $this->responseError(new XenForo_Phrase('sorry_you_too_young_to_create_an_account')); } $writer->bulkSet(array('dob_year' => $year, 'dob_month' => $month, 'dob_day' => $day)); } } if (!empty($fbUser['website'])) { list($website) = preg_split('/\\r?\\n/', $fbUser['website']); if ($website && Zend_Uri::check($website)) { $writer->set('homepage', $website); } } $auth = XenForo_Authentication_Abstract::create('XenForo_Authentication_NoPassword'); $writer->set('scheme_class', $auth->getClassName()); $writer->set('data', $auth->generate(''), 'xf_user_authenticate'); $writer->set('user_group_id', XenForo_Model_User::$defaultRegisteredGroupId); $writer->set('language_id', XenForo_Visitor::getInstance()->get('language_id')); $writer->advanceRegistrationUserState(false); $writer->preSave(); // TODO: option for extra user group $writer->save(); $user = $writer->getMergedData(); $avatarFile = tempnam(XenForo_Helper_File::getTempDir(), 'xf'); if ($avatarFile) { $data = XenForo_Helper_Facebook::getUserPicture($fbToken); if ($data && $data[0] != '{') { file_put_contents($avatarFile, $data); try { $user = array_merge($user, $this->getModelFromCache('XenForo_Model_Avatar')->applyAvatar($user['user_id'], $avatarFile)); } catch (XenForo_Exception $e) { } } @unlink($avatarFile); } $userExternalModel->updateExternalAuthAssociation('facebook', $fbUser['id'], $user['user_id']); XenForo_Model_Ip::log($user['user_id'], 'user', $user['user_id'], 'register'); XenForo_Helper_Facebook::setUidCookie($fbUser['id']); XenForo_Application::get('session')->changeUserId($user['user_id']); XenForo_Visitor::setup($user['user_id']); $redirect = $this->_input->filterSingle('redirect', XenForo_Input::STRING); $viewParams = array('user' => $user, 'redirect' => $redirect ? XenForo_Link::convertUriToAbsoluteUri($redirect) : '', 'facebook' => true); return $this->responseView('XenForo_ViewPublic_Register_Process', 'register_process', $viewParams, $this->_getRegistrationContainerParams()); }
public function actionGoogle() { $code = $this->_input->filterSingle('code', XenForo_Input::STRING); $options = XenForo_Application::getOptions(); $session = XenForo_Application::getSession(); $redirect = $this->_getExternalAuthRedirect(); if (!$options->googleClientId) { return $this->responseRedirect(XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL, $this->getDynamicRedirect()); } $csrf = $this->_input->filterSingle('csrf', XenForo_Input::STRING); if ($csrf !== $session->get('sessionCsrf')) { return $this->responseError(new XenForo_Phrase('unexpected_error_occurred')); } $client = XenForo_Helper_Http::getClient('https://accounts.google.com/o/oauth2/token'); $client->setParameterPost(array('code' => $code, 'client_id' => $options->googleClientId, 'client_secret' => $options->googleClientSecret, 'redirect_uri' => 'postmessage', 'grant_type' => 'authorization_code')); $result = $client->request('POST'); $body = @json_decode($result->getBody(), true); if (!$body || !empty($body['error'])) { $credentials = $session->get('googleCredentials'); if (!$credentials) { return $this->responseError(new XenForo_Phrase('error_occurred_when_connecting_to_google')); } } else { $idTokenParts = explode('.', $body['id_token']); $basicInfo = json_decode(base64_decode($idTokenParts[1]), true); if (!$basicInfo || empty($basicInfo['sub'])) { return $this->responseError(new XenForo_Phrase('error_occurred_when_connecting_to_google')); } $credentials = array('extra' => array('access_token' => $body['access_token'], 'expiry' => XenForo_Application::$time + $body['expires_in'], 'refresh_token' => isset($body['refresh_token']) ? $body['refresh_token'] : null), 'basic' => $basicInfo); } $basicInfo = $credentials['basic']; $userId = $basicInfo['sub']; $userModel = $this->_getUserModel(); $userExternalModel = $this->_getUserExternalModel(); $googleAssoc = $userExternalModel->getExternalAuthAssociation('google', $userId); if ($googleAssoc && $userModel->getUserById($googleAssoc['user_id'])) { $existingExtra = unserialize($googleAssoc['extra_data']); if (!$credentials['extra']['refresh_token'] && !empty($existingExtra['refresh_token'])) { $credentials['extra']['refresh_token'] = $existingExtra['refresh_token']; } $userExternalModel->updateExternalAuthAssociationExtra($googleAssoc['user_id'], 'google', $credentials['extra']); /** @var XenForo_ControllerHelper_Login $loginHelper */ $loginHelper = $this->getHelper('Login'); $loginHelper->tfaRedirectIfRequiredPublic($googleAssoc['user_id'], $redirect, true); $visitor = XenForo_Visitor::setup($googleAssoc['user_id']); XenForo_Application::getSession()->userLogin($googleAssoc['user_id'], $visitor['password_date']); $this->_getUserModel()->setUserRememberCookie($googleAssoc['user_id']); return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect); } if (empty($basicInfo['email']) || empty($basicInfo['email_verified']) || $basicInfo['email_verified'] != 'true') { return $this->responseError(new XenForo_Phrase('you_must_have_verified_email_to_register_via_google')); } parent::_assertBoardActive('google'); if (empty($credentials['user'])) { $client = XenForo_Helper_Http::getClient('https://www.googleapis.com/plus/v1/people/me'); $client->setParameterGet('access_token', $credentials['extra']['access_token']); $response = $client->request('GET'); $userInfo = json_decode($response->getBody(), true); $credentials['user'] = $userInfo; } $session->set('googleCredentials', $credentials); $viewName = 'XenForo_ViewPublic_Register_Google'; $templateName = 'register_google'; $emailMatch = false; if (XenForo_Visitor::getUserId()) { $existingUser = XenForo_Visitor::getInstance(); } else { $existingUser = $userModel->getUserByEmail($basicInfo['email']); $emailMatch = (bool) $existingUser; } XenForo_Application::getSession()->set('loginRedirect', $redirect); if ($existingUser) { // must associate: matching user return $this->_getExternalRegisterFormResponse($viewName, $templateName, array('associateOnly' => true, 'existingUser' => $existingUser, 'emailMatch' => $emailMatch, 'redirect' => $redirect)); } $this->_assertRegistrationActive(); return $this->_getExternalRegisterFormResponse($viewName, $templateName, array('redirect' => $redirect, 'credentials' => $credentials, 'showDob' => empty($credentials['user']['birthday']))); }
protected function _associateExternalAccount() { $associate = $this->_input->filter(array('associate_login' => XenForo_Input::STRING, 'associate_password' => XenForo_Input::STRING)); $loginModel = $this->_getLoginModel(); $userModel = $this->_getUserModel(); if ($loginModel->requireLoginCaptcha($associate['associate_login'])) { throw $this->responseException($this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts'))); } $userId = $userModel->validateAuthentication($associate['associate_login'], $associate['associate_password'], $error); if (!$userId) { $loginModel->logLoginAttempt($associate['associate_login']); throw $this->responseException($this->responseError($error)); } $visitor = XenForo_Visitor::setup($userId); XenForo_Application::getSession()->userLogin($userId, $visitor['password_date']); $this->_getUserModel()->setUserRememberCookie($userId); return $userId; }