/**
* Confirms a lost password reset request and resets the password.
*
* @return XenForo_ControllerResponse_Abstract
*/
public function actionConfirm()
{
$userId = $this->_input->filterSingle('user_id', XenForo_Input::UINT);
if (!$userId) {
return $this->responseError(new XenForo_Phrase('no_account_specified'));
}
$confirmationModel = $this->_getUserConfirmationModel();
$confirmation = $confirmationModel->getUserConfirmationRecord($userId, 'password');
if (!$confirmation) {
if (XenForo_Visitor::getUserId()) {
// probably already been reset
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL, XenForo_Link::buildPublicLink('index'));
} else {
return $this->responseError(new XenForo_Phrase('your_password_could_not_be_reset'));
}
}
$confirmationKey = $this->_input->filterSingle('c', XenForo_Input::STRING);
if ($confirmationKey) {
$accountConfirmed = $confirmationModel->validateUserConfirmationRecord($confirmationKey, $confirmation);
} else {
$accountConfirmed = false;
}
if ($accountConfirmed) {
$confirmationModel->resetPassword($userId);
$confirmationModel->deleteUserConfirmationRecord($userId, 'password');
XenForo_Visitor::setup(0);
return $this->responseMessage(new XenForo_Phrase('your_password_has_been_reset'));
} else {
return $this->responseError(new XenForo_Phrase('your_password_could_not_be_reset'));
}
}
public function login($username, $password)
{
/**
* @var $loginModel XenForo_Model_Login
* @var $userModel XenForo_Model_User
* @var $session XenForo_Session
*/
$loginModel = XenForo_Model::create('XenForo_Model_Login');
$userModel = XenForo_Model::create('XenForo_Model_User');
$userId = $userModel->validateAuthentication($username, $password, $this->error);
//var_dump($userId);
//die;
if (!$userId) {
$loginModel->logLoginAttempt($username);
return false;
}
$loginModel->clearLoginAttempts($username);
/* if ($data['remember'])
{
$userModel->setUserRememberCookie($userId);
} */
XenForo_Model_Ip::log($userId, 'user', $userId, 'login');
$userModel->deleteSessionActivity(0, $this->getClientIp(false));
$session = XenForo_Application::get('session');
//die('aaabb');
/*if(!$this->session){
$this->session = XenForo_Application::get('session');
}*/
$session->changeUserId($userId);
XenForo_Visitor::setup($userId);
$this->visitor = XenForo_Visitor::getInstance();
$userInfo = $userModel->getFullUserById($this->visitor->getUserId());
return $userInfo;
}
public function actionExternal()
{
$this->_assertPostOnly();
$providerCode = $this->_input->filterSingle('provider', XenForo_Input::STRING);
$provider = bdApiConsumer_Option::getProviderByCode($providerCode);
if (empty($provider)) {
return $this->responseNoPermission();
}
$externalUserId = $this->_input->filterSingle('external_user_id', XenForo_Input::UINT);
if (empty($externalUserId)) {
return $this->responseNoPermission();
}
if (!bdApiConsumer_Helper_Api::verifyJsSdkSignature($provider, $_REQUEST)) {
return $this->responseNoPermission();
}
$userModel = $this->_getUserModel();
/** @var bdApiConsumer_XenForo_Model_UserExternal $userExternalModel */
$userExternalModel = $this->getModelFromCache('XenForo_Model_UserExternal');
$existingAssoc = $userExternalModel->getExternalAuthAssociation($userExternalModel->bdApiConsumer_getProviderCode($provider), $externalUserId);
if (!empty($existingAssoc)) {
$accessToken = $userExternalModel->bdApiConsumer_getAccessTokenFromAuth($provider, $existingAssoc);
if (empty($accessToken)) {
// no access token in the auth, consider no auth at all
$existingAssoc = null;
}
}
if (empty($existingAssoc)) {
$autoRegister = bdApiConsumer_Option::get('autoRegister');
if ($autoRegister === 'on' or $autoRegister === 'id_sync') {
// we have to do a refresh here
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildPublicLink('canonical:register/external', null, array('provider' => $providerCode, 'reg' => 1, 'redirect' => $this->getDynamicRedirect())), new XenForo_Phrase('bdapi_consumer_being_auto_login_auto_register_x', array('provider' => $provider['name'])));
}
}
if (!$existingAssoc) {
return $this->responseError(new XenForo_Phrase('bdapi_consumer_auto_login_with_x_failed', array('provider' => $provider['name'])));
}
$user = $userModel->getFullUserById($existingAssoc['user_id']);
if (empty($user)) {
return $this->responseError(new XenForo_Phrase('requested_user_not_found'));
}
if (XenForo_Application::$versionId > 1050000) {
/** @var XenForo_ControllerHelper_Login $loginHelper */
$loginHelper = $this->getHelper('Login');
if ($loginHelper->userTfaConfirmationRequired($user)) {
$loginHelper->setTfaSessionCheck($user['user_id']);
return $this->responseMessage(new XenForo_Phrase('bdapi_consumer_auto_login_user_x_requires_tfa', array('username' => $user['username'], 'twoStepLink' => XenForo_Link::buildPublicLink('login/two-step', null, array('redirect' => $this->getDynamicRedirect(), 'remember' => 1)))));
}
}
$userModel->setUserRememberCookie($user['user_id']);
XenForo_Model_Ip::log($user['user_id'], 'user', $user['user_id'], 'login_api_consumer');
$userModel->deleteSessionActivity(0, $this->_request->getClientIp(false));
if (XenForo_Application::$versionId < 1050000) {
XenForo_Application::getSession()->changeUserId($user['user_id']);
XenForo_Visitor::setup($user['user_id']);
} else {
$visitor = XenForo_Visitor::setup($user['user_id']);
XenForo_Application::getSession()->userLogin($user['user_id'], $visitor['password_date']);
}
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $this->getDynamicRedirect(), new XenForo_Phrase('bdapi_consumer_auto_login_with_x_succeeded_y', array('provider' => $provider['name'], 'username' => $user['username'])));
}
public function actionApi()
{
$input = $this->_input->filter(array('redirect' => XenForo_Input::STRING, 'timestamp' => XenForo_Input::UINT, 'user_id' => XenForo_Input::STRING));
$userId = 0;
if (!empty($input['user_id']) && !empty($input['timestamp'])) {
try {
$userId = intval(bdApi_Crypt::decryptTypeOne($input['user_id'], $input['timestamp']));
} catch (XenForo_Exception $e) {
if (XenForo_Application::debugMode()) {
$this->_response->setHeader('X-Api-Exception', $e->getMessage());
}
}
}
if ($userId > 0) {
$this->_response->setHeader('X-Api-Login-User', $userId);
$this->_getUserModel()->setUserRememberCookie($userId);
XenForo_Model_Ip::log($userId, 'user', $userId, 'login_api');
$this->_getUserModel()->deleteSessionActivity(0, $this->_request->getClientIp(false));
$session = XenForo_Application::get('session');
$session->changeUserId($userId);
XenForo_Visitor::setup($userId);
}
if (empty($input['redirect'])) {
$input['redirect'] = $this->getDynamicRedirectIfNot(XenForo_Link::buildPublicLink('login'));
}
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $input['redirect']);
}
/**
* Single-stage logout procedure
*/
public function actionIndex()
{
$csrfToken = $this->_input->filterSingle('_xfToken', XenForo_Input::STRING);
$redirectResponse = $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $this->getDynamicRedirect(false, false));
$userId = XenForo_Visitor::getUserId();
if (!$userId) {
return $redirectResponse;
}
if ($this->_noRedirect() || !$csrfToken) {
// request is likely from JSON, probably XenForo.OverlayTrigger, so show a confirmation dialog
return $this->responseView('XenForo_ViewPublic_LogOut', 'log_out');
} else {
$this->_checkCsrfFromToken($csrfToken);
// remove an admin session if we're logged in as the same person
if (XenForo_Visitor::getInstance()->get('is_admin')) {
$class = XenForo_Application::resolveDynamicClass('XenForo_Session');
$adminSession = new $class(array('admin' => true));
$adminSession->start();
if ($adminSession->get('user_id') == $userId) {
$adminSession->delete();
}
}
$this->getModelFromCache('XenForo_Model_Session')->processLastActivityUpdateForLogOut(XenForo_Visitor::getUserId());
XenForo_Application::get('session')->delete();
XenForo_Helper_Cookie::deleteAllCookies($this->_getRetainedCookies(), array('user' => array('httpOnly' => false)));
XenForo_Visitor::setup(0);
return $redirectResponse;
}
}
/**
* Setup the session.
*
* @param string $action
*/
protected function _setupSession($action)
{
if (XenForo_Application::isRegistered('session')) {
return;
}
$session = new XenForo_Session(array('admin' => true));
XenForo_Application::set('session', $session);
$session->start();
XenForo_Visitor::setup($session->get('user_id'));
}
public function actionLogin()
{
$data = $this->_input->filter(array('login' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'remember' => XenForo_Input::UINT, 'register' => XenForo_Input::UINT, 'redirect' => XenForo_Input::STRING, 'cookie_check' => XenForo_Input::UINT, 'postData' => XenForo_Input::JSON_ARRAY));
if ($data['register'] || $data['password'] === '') {
return $this->responseReroute('XenForo_ControllerPublic_Register', 'index');
}
$redirect = $data['redirect'] ? $data['redirect'] : $this->getDynamicRedirectIfNot(XenForo_Link::buildPublicLink('login'));
if (XenForo_Visitor::getUserId()) {
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
}
$this->_assertPostOnly();
$loginModel = $this->_getLoginModel();
if ($data['cookie_check'] && count($_COOKIE) == 0) {
// login came from a page, so we should at least have a session cookie.
// if we don't, assume that cookies are disabled
return $this->_loginErrorResponse(new XenForo_Phrase('cookies_required_to_log_in_to_site'), $data['login'], true, $redirect);
}
$needCaptcha = $loginModel->requireLoginCaptcha($data['login']);
if ($needCaptcha) {
switch (XenForo_Application::getOptions()->loginLimit) {
case 'captcha':
if (!XenForo_Captcha_Abstract::validateDefault($this->_input, true)) {
return $this->_loginErrorResponse(new XenForo_Phrase('did_not_complete_the_captcha_verification_properly'), $data['login'], true, $redirect, $data['postData']);
}
break;
case 'block':
return $this->_loginErrorResponse(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts'), $data['login'], true, $redirect, $data['postData']);
break;
}
}
$userModel = $this->_getUserModel();
$userId = $userModel->validateAuthentication($data['login'], $data['password'], $error);
if (!$userId) {
$loginModel->logLoginAttempt($data['login']);
return $this->_loginErrorResponse($error, $data['login'], $needCaptcha || $loginModel->requireLoginCaptcha($data['login']), $redirect, $data['postData']);
}
$loginModel->clearLoginAttempts($data['login']);
if ($data['remember']) {
$userModel->setUserRememberCookie($userId);
}
XenForo_Model_Ip::log($userId, 'user', $userId, 'login');
$userModel->deleteSessionActivity(0, $this->_request->getClientIp(false));
$visitor = XenForo_Visitor::setup($userId);
XenForo_Application::getSession()->userLogin($userId, $visitor['password_date']);
if ($data['postData']) {
return $this->responseView('XenForo_ViewPublic_Login_PostRedirect', 'login_post_redirect', array('postData' => $data['postData'], 'redirect' => $redirect));
} else {
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
}
}
public function actionExternal()
{
$this->_assertPostOnly();
$providerCode = $this->_input->filterSingle('provider', XenForo_Input::STRING);
$provider = bdApiConsumer_Option::getProviderByCode($providerCode);
if (empty($provider)) {
return $this->responseNoPermission();
}
$externalUserId = $this->_input->filterSingle('external_user_id', XenForo_Input::UINT);
if (empty($externalUserId)) {
return $this->responseNoPermission();
}
if (!bdApiConsumer_Helper_Api::verifyJsSdkSignature($provider, $_REQUEST)) {
return $this->responseNoPermission();
}
$userModel = $this->_getUserModel();
$userExternalModel = $this->getModelFromCache('XenForo_Model_UserExternal');
$existingAssoc = $userExternalModel->getExternalAuthAssociation($userExternalModel->bdApiConsumer_getProviderCode($provider), $externalUserId);
if (!empty($existingAssoc)) {
$accessToken = $userExternalModel->bdApiConsumer_getAccessTokenFromAuth($provider, $existingAssoc);
if (empty($accessToken)) {
// no access token in the auth, consider no auth at all
$existingAssoc = null;
}
}
if (empty($existingAssoc)) {
$autoRegister = bdApiConsumer_Option::get('autoRegister');
if ($autoRegister === 'on' or $autoRegister === 'id_sync') {
// we have to do a refresh here
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildPublicLink('canonical:register/external', null, array('provider' => $providerCode, 'reg' => 1, 'redirect' => $this->getDynamicRedirect())), new XenForo_Phrase('bdapi_consumer_being_auto_login_auto_register_x', array('provider' => $provider['name'])));
}
}
if ($existingAssoc and $user = $userModel->getUserById($existingAssoc['user_id'])) {
$userModel->setUserRememberCookie($user['user_id']);
XenForo_Model_Ip::log($user['user_id'], 'user', $user['user_id'], 'login_api_consumer');
$userModel->deleteSessionActivity(0, $this->_request->getClientIp(false));
$session = XenForo_Application::get('session');
$session->changeUserId($user['user_id']);
XenForo_Visitor::setup($user['user_id']);
$message = new XenForo_Phrase('bdapi_consumer_auto_login_with_x_succeeded_y', array('provider' => $provider['name'], 'username' => $user['username']));
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $this->getDynamicRedirect(), $message);
} else {
return $this->responseError(new XenForo_Phrase('bdapi_consumer_auto_login_with_x_failed', array('provider' => $provider['name'])));
}
}
public static function logout()
{
self::start();
if (!self::userLoad()) {
return;
}
if (XenForo_Visitor::getInstance()->get('is_admin')) {
$adminSession = new XenForo_Session(array('admin' => true));
$adminSession->start();
if ($adminSession->get('user_id') == XenForo_Visitor::getUserId()) {
$adminSession->delete();
}
}
XenForo_Model::create('XenForo_Model_Session')->processLastActivityUpdateForLogOut(XenForo_Visitor::getUserId());
XenForo_Application::get('session')->delete();
XenForo_Helper_Cookie::deleteAllCookies(array('session'), array('user' => array('httpOnly' => false)));
XenForo_Visitor::setup(0);
}
/**
* Single-stage logout procedure
*/
public function actionIndex()
{
$this->_checkCsrfFromToken($this->_input->filterSingle('_xfToken', XenForo_Input::STRING));
// remove an admin session if we're logged in as the same person
if (XenForo_Visitor::getInstance()->get('is_admin')) {
$adminSession = new XenForo_Session(array('admin' => true));
$adminSession->start();
if ($adminSession->get('user_id') == XenForo_Visitor::getUserId()) {
$adminSession->delete();
}
}
$this->getModelFromCache('XenForo_Model_Session')->processLastActivityUpdateForLogOut(XenForo_Visitor::getUserId());
XenForo_Application::get('session')->delete();
XenForo_Helper_Cookie::deleteAllCookies(array('session'), array('user' => array('httpOnly' => false)));
XenForo_Visitor::setup(0);
$redirect = $this->_input->filterSingle('redirect', XenForo_Input::STRING);
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect ? $redirect : XenForo_Link::buildPublicLink('index'));
}
protected function _executePromotionUpdate($force = false)
{
if (!XenForo_Application::isRegistered('session') || XenForo_Application::getSession()->get('promotionChecked')) {
return;
}
$visitor = XenForo_Visitor::getInstance();
if (!$visitor['user_id'] || $visitor['last_activity'] > XenForo_Application::$time - 1800 && !$force) {
// guest or we've been active recently, so let the cron do it
return;
}
XenForo_Application::getSession()->set('promotionChecked', true);
/** @var $promotionModel XenForo_Model_UserGroupPromotion */
$promotionModel = $this->getModelFromCache('XenForo_Model_UserGroupPromotion');
if ($promotionModel->updatePromotionsForUser($visitor->toArray())) {
// awarded promotions, reload
XenForo_Visitor::setup($visitor['user_id'], XenForo_Visitor::getVisitorSetupOptions());
}
}
protected function _postSaveAfterTransaction()
{
parent::_postSaveAfterTransaction();
if (SV_UserPromoOnUpdate_Globals::$RunPromotion) {
// ensure we don't attempt to run the promotion twice in the same request
SV_UserPromoOnUpdate_Globals::$RunPromotion = false;
$user = $this->getMergedData();
/** @var $promotionModel XenForo_Model_UserGroupPromotion */
$promotionModel = $this->getModelFromCache('XenForo_Model_UserGroupPromotion');
if ($promotionModel->updatePromotionsForUser($user)) {
$visitor = XenForo_Visitor::getInstance();
// awarded promotions, reload session
if (XenForo_Application::isRegistered('session') && $visitor['user_id'] && $visitor['user_id'] == $user['user_id']) {
XenForo_Application::getSession()->set('promotionChecked', true);
XenForo_Visitor::setup($user['user_id'], XenForo_Visitor::getVisitorSetupOptions());
}
}
}
}
public function actionLogin()
{
$this->_assertPostOnly();
$data = $this->_input->filter(array('login' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'remember' => XenForo_Input::UINT, 'register' => XenForo_Input::UINT, 'redirect' => XenForo_Input::STRING, 'cookie_check' => XenForo_Input::UINT));
if ($data['register'] || $data['password'] === '') {
return $this->responseReroute('XenForo_ControllerPublic_Register', 'index');
}
$redirect = $data['redirect'] ? $data['redirect'] : $this->getDynamicRedirect();
$loginModel = $this->_getLoginModel();
if ($data['cookie_check'] && count($_COOKIE) == 0) {
// login came from a page, so we should at least have a session cookie.
// if we don't, assume that cookies are disabled
return $this->_loginErrorResponse(new XenForo_Phrase('cookies_required_to_log_in_to_site'), $data['login'], true, $redirect);
}
$needCaptcha = $loginModel->requireLoginCaptcha($data['login']);
if ($needCaptcha) {
if (!XenForo_Captcha_Abstract::validateDefault($this->_input, true)) {
$loginModel->logLoginAttempt($data['login']);
return $this->_loginErrorResponse(new XenForo_Phrase('did_not_complete_the_captcha_verification_properly'), $data['login'], true, $redirect);
}
}
$userModel = $this->_getUserModel();
$userId = $userModel->validateAuthentication($data['login'], $data['password'], $error);
if (!$userId) {
$loginModel->logLoginAttempt($data['login']);
return $this->_loginErrorResponse($error, $data['login'], $needCaptcha || $loginModel->requireLoginCaptcha($data['login']), $redirect);
}
$loginModel->clearLoginAttempts($data['login']);
if ($data['remember']) {
$userModel->setUserRememberCookie($userId);
}
XenForo_Model_Ip::log($userId, 'user', $userId, 'login');
$userModel->deleteSessionActivity(0, $this->_request->getClientIp(false));
$session = XenForo_Application::get('session');
$session->changeUserId($userId);
XenForo_Visitor::setup($userId);
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
}
public function actionExternalRegister()
{
$this->_assertPostOnly();
$redirect = $this->_bdApiConsumer_getRedirect();
$userModel = $this->_getUserModel();
/** @var bdApiConsumer_XenForo_Model_UserExternal $userExternalModel */
$userExternalModel = $this->_getUserExternalModel();
$providerCode = $this->_input->filterSingle('provider', XenForo_Input::STRING);
$provider = bdApiConsumer_Option::getProviderByCode($providerCode);
if (empty($provider)) {
return $this->responseNoPermission();
}
$doAssoc = $this->_input->filterSingle('associate', XenForo_Input::STRING) || $this->_input->filterSingle('force_assoc', XenForo_Input::UINT);
$userId = 0;
if ($doAssoc) {
$associate = $this->_input->filter(array('associate_login' => XenForo_Input::STRING, 'associate_password' => XenForo_Input::STRING));
$loginModel = $this->_getLoginModel();
if ($loginModel->requireLoginCaptcha($associate['associate_login'])) {
return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts'));
}
$userId = $userModel->validateAuthentication($associate['associate_login'], $associate['associate_password'], $error);
if (!$userId) {
$loginModel->logLoginAttempt($associate['associate_login']);
return $this->responseError($error);
}
}
$refreshToken = $this->_input->filterSingle('refresh_token', XenForo_Input::STRING);
$externalToken = bdApiConsumer_Helper_Api::getAccessTokenFromRefreshToken($provider, $refreshToken);
if (empty($externalToken)) {
return $this->responseError(new XenForo_Phrase('bdapi_consumer_error_occurred_while_connecting_with_x', array('provider' => $provider['name'])));
}
$externalVisitor = bdApiConsumer_Helper_Api::getVisitor($provider, $externalToken['access_token']);
if (empty($externalVisitor)) {
return $this->responseError(new XenForo_Phrase('bdapi_consumer_error_occurred_while_connecting_with_x', array('provider' => $provider['name'])));
}
if (empty($externalVisitor['user_email'])) {
return $this->responseError(new XenForo_Phrase('bdapi_consumer_x_returned_unknown_error', array('provider' => $provider['name'])));
}
if (isset($externalVisitor['user_is_valid']) and isset($externalVisitor['user_is_verified'])) {
if (empty($externalVisitor['user_is_valid']) or empty($externalVisitor['user_is_verified'])) {
return $this->responseError(new XenForo_Phrase('bdapi_consumer_x_account_not_good_standing', array('provider' => $provider['name'])));
}
}
if ($doAssoc) {
$userExternalModel->bdApiConsumer_updateExternalAuthAssociation($provider, $externalVisitor['user_id'], $userId, array_merge($externalVisitor, array('token' => $externalToken)));
XenForo_Application::getSession()->changeUserId($userId);
XenForo_Visitor::setup($userId);
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
}
if (bdApiConsumer_Option::get('bypassRegistrationActive')) {
// do not check for registration active option
} else {
$this->_assertRegistrationActive();
}
$data = $this->_input->filter(array('username' => XenForo_Input::STRING, 'timezone' => XenForo_Input::STRING));
// TODO: custom fields
if (XenForo_Dependencies_Public::getTosUrl() && !$this->_input->filterSingle('agree', XenForo_Input::UINT)) {
return $this->responseError(new XenForo_Phrase('you_must_agree_to_terms_of_service'));
}
$user = bdApiConsumer_Helper_AutoRegister::createUser($data, $provider, $externalToken, $externalVisitor, $this->_getUserExternalModel());
XenForo_Application::getSession()->changeUserId($user['user_id']);
XenForo_Visitor::setup($user['user_id']);
$viewParams = array('user' => $user, 'redirect' => $redirect);
return $this->responseView('XenForo_ViewPublic_Register_Process', 'register_process', $viewParams, $this->_getRegistrationContainerParams());
}
public function actionLogout()
{
$fr_username = $this->_input->filterSingle('fr_username', XenForo_Input::STRING);
if (XenForo_Visitor::getInstance()->get('is_admin')) {
$admin = new XenForo_Session(array('admin' => true));
$admin->start();
if ($admin->get('user_id') == XenForo_Visitor::getUserId()) {
$admin->delete();
}
}
fr_remove_push_user();
$this->getModelFromCache('XenForo_Model_Session')->processLastActivityUpdateForLogOut(XenForo_Visitor::getUserId());
XenForo_Application::get('session')->delete();
XenForo_Helper_Cookie::deleteAllCookies(array('session'), array('user' => array('httpOnly' => false)));
XenForo_Visitor::setup(0);
$requires_authentication = false;
if (!XenForo_Visitor::getInstance()->hasPermission('general', 'view')) {
$requires_authentication = true;
}
$options = XenForo_Application::get('options');
if (!$options->boardActive) {
$requires_authentication = true;
}
return array('success' => true, 'requires_authentication' => $requires_authentication);
}
public function setupVisitorFromUpgradeCookie()
{
$cookie = XenForo_Helper_Cookie::getCookie('upgrade');
if (!$cookie) {
return false;
}
/** @var $userModel XenForo_Model_User */
$userModel = $this->getModelFromCache('XenForo_Model_User');
$userId = $userModel->loginUserByRememberCookie($cookie);
if ($userId) {
XenForo_Visitor::setup($userId);
}
return $userId;
}
/**
* Starts the admin session and sets up the visitor.
*
* @param Zend_Controller_Request_Http|null $request
*
* @return XenForo_Session
*/
public static function startAdminSession(Zend_Controller_Request_Http $request = null)
{
$session = new XenForo_Session(array('admin' => true));
$session->start();
XenForo_Application::set('session', $session);
XenForo_Visitor::setup($session->get('user_id'));
return $session;
}
public function actionPostIndex()
{
/* @var $oauth2Model bdApi_Model_OAuth2 */
$oauth2Model = $this->getModelFromCache('bdApi_Model_OAuth2');
/* @var $userConfirmationModel XenForo_Model_UserConfirmation */
$userConfirmationModel = $this->getModelFromCache('XenForo_Model_UserConfirmation');
/* @var $session bdApi_Session */
$session = XenForo_Application::getSession();
$clientId = $session->getOAuthClientId();
$clientSecret = $session->getOAuthClientSecret();
if (empty($clientId) or empty($clientSecret)) {
$clientId = $this->_input->filterSingle('client_id', XenForo_Input::STRING);
$client = $oauth2Model->getClientModel()->getClientById($clientId);
if (empty($client)) {
return $this->responseError(new XenForo_Phrase('bdapi_post_slash_users_requires_client_id'), 400);
}
$clientSecret = $client['client_secret'];
}
$input = $this->_input->filter(array('user_email' => XenForo_Input::STRING, 'username' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'password_algo' => XenForo_Input::STRING, 'user_dob_day' => XenForo_Input::UINT, 'user_dob_month' => XenForo_Input::UINT, 'user_dob_year' => XenForo_Input::UINT));
if (empty($input['user_email'])) {
// backward compatibility
$input['user_email'] = $this->_input->filterSingle('email', XenForo_Input::STRING);
}
$extraInput = $this->_input->filter(array('extra_data' => XenForo_Input::STRING, 'extra_timestamp' => XenForo_Input::UINT));
if (!empty($extraInput['extra_data'])) {
$extraData = bdApi_Crypt::decryptTypeOne($extraInput['extra_data'], $extraInput['extra_timestamp']);
if (!empty($extraData)) {
$extraData = @unserialize($extraData);
}
if (empty($extraData)) {
$extraData = array();
}
}
$userModel = $this->_getUserModel();
$options = XenForo_Application::getOptions();
$session = XenForo_Application::getSession();
$visitor = XenForo_Visitor::getInstance();
/* @var $writer XenForo_DataWriter_User */
$writer = XenForo_DataWriter::create('XenForo_DataWriter_User');
$registrationDefaults = $options->get('registrationDefaults');
if (!empty($registrationDefaults)) {
$writer->bulkSet($registrationDefaults, array('ignoreInvalidFields' => true));
}
$writer->set('email', $input['user_email']);
$writer->set('username', $input['username']);
$password = bdApi_Crypt::decrypt($input['password'], $input['password_algo'], $clientSecret);
if (!empty($password)) {
$writer->setPassword($password, $password);
} else {
// no password or unable to decrypt password
// create new user with no password auth scheme
$auth = XenForo_Authentication_Abstract::create('XenForo_Authentication_NoPassword');
$writer->set('scheme_class', $auth->getClassName());
$writer->set('data', $auth->generate(''), 'xf_user_authenticate');
}
if ($options->get('gravatarEnable') && XenForo_Model_Avatar::gravatarExists($input['user_email'])) {
$writer->set('gravatar', $input['user_email']);
}
$writer->set('dob_day', $input['user_dob_day']);
$writer->set('dob_month', $input['user_dob_month']);
$writer->set('dob_year', $input['user_dob_year']);
$writer->set('user_group_id', XenForo_Model_User::$defaultRegisteredGroupId);
$writer->set('language_id', XenForo_Visitor::getInstance()->get('language_id'));
$allowEmailConfirm = true;
if (!empty($extraData['user_email']) && $extraData['user_email'] == $writer->get('email')) {
// the email address has been validated by some other mean (external provider?)
// do not require email confirmation again to avoid complication
$allowEmailConfirm = false;
}
$writer->advanceRegistrationUserState($allowEmailConfirm);
if ($visitor->hasAdminPermission('user') and $session->checkScope(bdApi_Model_OAuth2::SCOPE_MANAGE_SYSTEM)) {
$writer->set('user_state', 'valid');
}
$writer->save();
$user = $writer->getMergedData();
// log the ip of the user registering
XenForo_Model_Ip::log(XenForo_Visitor::getUserId() ? XenForo_Visitor::getUserId() : $user['user_id'], 'user', $user['user_id'], 'register');
if ($user['user_state'] == 'email_confirm') {
$userConfirmationModel->sendEmailConfirmation($user);
}
if (!empty($extraData['external_provider']) && !empty($extraData['external_provider_key'])) {
/* @var $userExternalModel XenForo_Model_UserExternal */
$userExternalModel = $this->getModelFromCache('XenForo_Model_UserExternal');
$userExternalModel->updateExternalAuthAssociation($extraData['external_provider'], $extraData['external_provider_key'], $user['user_id']);
}
if (XenForo_Visitor::getUserId() == 0) {
XenForo_Visitor::setup($user['user_id']);
}
$scopes = $oauth2Model->getSystemSupportedScopes();
$scopes = bdApi_Template_Helper_Core::getInstance()->scopeJoin($scopes);
$token = $oauth2Model->getServer()->createAccessToken($clientId, $user['user_id'], $scopes);
$user = $userModel->getUserById($user['user_id'], $userModel->getFetchOptionsToPrepareApiData());
$data = array('user' => $this->_filterDataSingle($this->_getUserModel()->prepareApiDataForUser($user)), '_user' => $user, 'token' => $token);
return $this->responseData('bdApi_ViewApi_User_Single', $data);
}
public function actionLogin()
{
if ($this->_getUpgradeModel()->setupVisitorFromUpgradeCookie()) {
$visitor = XenForo_Visitor::getInstance();
if ($visitor['is_admin'] && $visitor->hasAdminPermission('upgradeXenForo')) {
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL, 'index.php?upgrade/');
}
}
$error = '';
if ($this->isConfirmedPost()) {
$data = $this->_input->filter(array('login' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'redirect' => XenForo_Input::STRING));
$redirect = $data['redirect'] ? $data['redirect'] : 'index.php?upgrade/';
/** @var $loginModel XenForo_Model_Login */
$loginModel = $this->getModelFromCache('XenForo_Model_Login');
if ($loginModel->requireLoginCaptcha($data['login'])) {
// just block logins here instead of using the captcha
return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts'));
}
/** @var $userModel XenForo_Model_User */
$userModel = $this->getModelFromCache('XenForo_Model_User');
$userId = false;
$user = $userModel->getUserByNameOrEmail($data['login']);
if ($user) {
$authentication = $userModel->getUserAuthenticationObjectByUserId($user['user_id']);
if ($authentication && $authentication->authenticate($user['user_id'], $data['password'])) {
$userId = $user['user_id'];
} else {
$error = new XenForo_Phrase('incorrect_password');
}
} else {
$error = new XenForo_Phrase('requested_user_x_not_found', array('name' => $data['login']));
}
if (!$userId) {
try {
$loginModel->logLoginAttempt($data['login']);
if ($loginModel->requireLoginCaptcha($data['login'])) {
return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts'));
}
} catch (Exception $e) {
}
} else {
try {
$loginModel->clearLoginAttempts($data['login']);
XenForo_Model_Ip::log($userId, 'user', $userId, 'login_upgrade');
} catch (Exception $e) {
}
XenForo_Visitor::setup($userId);
$visitor = XenForo_Visitor::getInstance();
if (!$visitor->is_admin) {
return $this->responseError(new XenForo_Phrase('your_account_does_not_have_admin_privileges'));
}
if (!$visitor->hasAdminPermission('upgradeXenForo')) {
return $this->responseError(new XenForo_Phrase('you_do_not_have_permission_upgrade'));
}
$this->_getUpgradeModel()->setUpgradeCookie($userId);
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
}
}
return $this->responseView('XenForo_Install_View_Upgrade_Login', 'upgrade_login', array('error' => $error));
}
/**
* Starts the admin session and sets up the visitor.
*
* @param Zend_Controller_Request_Http|null $request
*
* @return XenForo_Session
*/
public static function startAdminSession(Zend_Controller_Request_Http $request = null)
{
$class = XenForo_Application::resolveDynamicClass('XenForo_Session');
/** @var $session XenForo_Session */
$session = new $class(array('admin' => true));
$session->start();
XenForo_Application::set('session', $session);
$visitor = XenForo_Visitor::setup($session->get('user_id'));
if ($visitor['user_id'] && $session->get('password_date') && $session->get('password_date') != $visitor['password_date']) {
$session->changeUserId(0);
$visitor = XenForo_Visitor::setup(0);
}
return $session;
}
{
return 'UTF-8';
}
}
require $fileDir . '/library/Sabre/Sabre.autoload.php';
$request = new Zend_Controller_Request_Http();
$baseUrl = $request->getBaseUrl();
$auth = new Sabre_HTTP_BasicAuth();
$auth->setRealm('XenForo Admin CP WebDAV');
$authData = $auth->getUserPass();
/* @var $userModel XenForo_Model_User */
$userModel = XenForo_Model::create('XenForo_Model_User');
$authValid = false;
$userId = $userModel->validateAuthentication($authData[0], $authData[1]);
if ($userId) {
$visitor = XenForo_Visitor::setup($userId);
if ($visitor['is_admin']) {
$authValid = true;
}
}
if (!$authValid) {
$auth->requireLogin();
echo "Authentication required";
exit;
}
$root = new XenForo_SabreDav_RootDirectory();
$tree = new Sabre_DAV_ObjectTree($root);
$server = new Sabre_DAV_Server($tree);
$server->setBaseUri($baseUrl . '/');
// implement but ignore locking, in attempt to allow finder, etc to do writes
$lockBackend = new XenForo_SabreDav_LocksNoOp();
public function actionRegister()
{
$this->_assertRegistrationActive();
$vals = $this->_input->filter(array('username' => XenForo_Input::STRING, 'email' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'password_md5' => XenForo_Input::STRING, 'birthday' => XenForo_Input::STRING, 'timezone_name' => XenForo_Input::STRING));
$options = XenForo_Application::get('options');
if (!$options->forumrunnerRegistration) {
$p = new XenForo_Phrase('do_not_have_permission');
json_error($p->render());
}
$out = array();
if ($vals['username']) {
$writer = XenForo_DataWriter::create('XenForo_DataWriter_User');
if ($options->registrationDefaults) {
$writer->bulkSet($options->registrationDefaults, array('ignoreInvalidFields' => true));
}
$day = $month = $year = '';
if ($vals['birthday']) {
$parts = preg_split('#/#', $vals['birthday']);
if ($parts[0]) {
$month = intval($parts[0]);
}
if ($parts[1]) {
$day = intval($parts[1]);
}
if ($parts[2]) {
$year = intval($parts[2]);
}
}
// Figure out Time Zone
$data = array('username' => $vals['username'], 'email' => $vals['email'], 'gender' => '', 'dob_day' => $day, 'dob_month' => $month, 'dob_year' => $year, 'timezone' => $vals['timezone_name']);
$writer->bulkSet($data);
$writer->setPassword($vals['password'], $vals['password']);
// verified by client
// if the email corresponds to an existing Gravatar, use it
if ($options->gravatarEnable && XenForo_Model_Avatar::gravatarExists($data['email'])) {
$writer->set('gravatar', $data['email']);
}
$writer->set('user_group_id', XenForo_Model_User::$defaultRegisteredGroupId);
$writer->set('language_id', XenForo_Visitor::getInstance()->get('language_id'));
$writer->advanceRegistrationUserState();
$writer->preSave();
if ($options->get('registrationSetup', 'requireDob')) {
// dob required
if (!$data['dob_day'] || !$data['dob_month'] || !$data['dob_year']) {
$p = new XenForo_Phrase('please_enter_valid_date_of_birth');
json_error($p->render());
}
$userAge = $this->_getUserProfileModel()->getUserAge($writer->getMergedData(), true);
if ($userAge < 1) {
$p = new XenForo_Phrase('please_enter_valid_date_of_birth');
json_error($p->render());
}
if ($userAge < intval($options->get('registrationSetup', 'minimumAge'))) {
$p = new XenForo_Phrase('sorry_you_too_young_to_create_an_account');
json_error($p->render());
}
}
$errors = $writer->getErrors();
if (count($errors)) {
// only show first
$errors = array_values($errors);
json_error($errors[0]->render());
}
$writer->save();
$user = $writer->getMergedData();
// log the ip of the user registering
XenForo_Model_Ip::log($user['user_id'], 'user', $user['user_id'], 'register');
if ($user['user_state'] == 'email_confirm') {
$this->_getUserConfirmationModel()->sendEmailConfirmation($user);
$out['emailverify'] = true;
} else {
$out['emailverify'] = false;
}
XenForo_Visitor::setup(0);
} else {
$p = new XenForo_Phrase('fr_register_forum_rules');
$out += array('rules' => preg_replace('/<a href=\\"(.*?)\\">(.*?)<\\/a>/', "\\2", $p->render()), 'birthday' => $options->get('registrationSetup', 'requireDob') ? true : false);
}
return $out;
}
public function completeLogin($userId, $remember, $redirect, array $postData = array())
{
$userModel = $this->_getUserModel();
if ($remember) {
$userModel->setUserRememberCookie($userId);
}
XenForo_Model_Ip::log($userId, 'user', $userId, 'login');
$userModel->deleteSessionActivity(0, $this->_request->getClientIp(false));
$visitor = XenForo_Visitor::setup($userId);
XenForo_Application::getSession()->userLogin($userId, $visitor['password_date']);
if ($postData) {
return $this->responseView('XenForo_ViewPublic_Login_PostRedirect', 'login_post_redirect', array('postData' => $postData, 'redirect' => $redirect));
} else {
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect, '');
}
}
public function actionLogout()
{
$this->_checkCsrfFromToken($this->_input->filterSingle('_xfToken', XenForo_Input::STRING));
XenForo_Application::get('session')->delete();
XenForo_Visitor::setup(0);
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildAdminLink('index'));
}
public function renderTagParseHtml(array $tag, array $rendererStates)
{
if ($this->user_id < 1) {
return $this->renderTagUnparsed($tag, $rendererStates);
}
if (empty(self::$permissionCache[$this->user_id])) {
$oldUserId = XenForo_Visitor::getUserId();
$user = XenForo_Visitor::setup($this->user_id);
self::$permissionCache[$this->user_id] = $user->hasPermission('HQCoder_ParseHTML', 'thread');
XenForo_Visitor::setup($oldUserId);
}
if (!self::$permissionCache[$this->user_id]) {
return $this->renderTagUnparsed($tag, $rendererStates);
}
$content = $this->stringifyTree($tag['children']);
$content = str_ireplace(array("[url]", "[/url]", "[email]", "[/email]", "[media]", "[/media]"), "", $content);
$content = XenForo_Helper_String::censorString($content);
return '<div class="parseHTML">' . $content . '</div>';
}
/**
* Starts running the API session handler. This will automatically log in the
* user via OAuth if needed, and setup the visitor object. The session will be
* registered in the registry.
*
* @param Zend_Controller_Request_Http|null $request
*
* @return XenForo_Session
*/
public static function startApiSession(Zend_Controller_Request_Http $request = null)
{
if (!$request) {
$request = new Zend_Controller_Request_Http();
}
if (XenForo_Application::$versionId >= 1020000) {
$addOns = XenForo_Application::get('addOns');
if (empty($addOns['bdApi'])) {
die('The API is currently disabled.');
}
}
$session = new bdApi_Session();
$session->start();
XenForo_Application::set('session', $session);
$options = $session->getAll();
$visitor = XenForo_Visitor::setup($session->get('user_id'), $options);
if (empty($visitor['user_id'])) {
$guestUsername = $request->getParam('guestUsername');
if (!empty($guestUsername)) {
$visitor['username'] = $guestUsername;
}
}
return $session;
}
public function actionAccountsfreedom()
{
$accounts = new AnyTV_AccountsAuthentication_Accounts();
if (!$accounts->isConnectable()) {
return $this->responseError(new XenForo_Phrase('something_went_wrong_please_try_again'));
}
$assocUserId = $this->_input->filterSingle('assoc', XenForo_Input::UINT);
$redirect = $this->_getExternalAuthRedirect();
$session = XenForo_Application::getSession();
$redirectUri = XenForo_Link::buildPublicLink('canonical:register/accountsfreedom', false, array('assoc' => $assocUserId ? $assocUserId : false));
if ($this->_input->filterSingle('reg', XenForo_Input::UINT)) {
$session->set('loginRedirect', $redirect);
$session->remove('accountsToken');
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL, $accounts->getAccountsRequestUrl($redirectUri));
}
$accountsToken = $this->_input->filterSingle('token', XenForo_Input::STRING);
if (!$accountsToken) {
$accountsToken = $session->get('accountsToken');
}
$accountsUser = false;
if (!$accountsToken) {
$error = $this->_input->filterSingle('error', XenForo_Input::STRING);
if ($error == 'access_denied') {
return $this->responseError(new XenForo_Phrase('you_did_not_grant_permission_to_access_external_account'));
}
$code = $this->_input->filterSingle('code', XenForo_Input::STRING);
if (!$code) {
return $this->responseError(new XenForo_Phrase('accountsfreedom_error_occurred_while_connecting_with_accountsfreedom1'));
}
$state = $this->_input->filterSingle('state', XenForo_Input::STRING);
if (!$state || !$session->get('accountsCsrfState') || $state !== $session->get('accountsCsrfState')) {
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, XenForo_Link::buildPublicLink('canonical:index'));
}
$token = $accounts->getAccessTokenFromCode($code, $redirectUri);
if (!isset($token['access_token'])) {
return $this->responseError(new XenForo_Phrase('accountsfreedom_error_occurred_while_connecting_with_accountsfreedom2'));
}
$accountsToken = $token['access_token'];
$accountsUser = $accounts->getUserInfo(null, $accountsToken);
}
if (!isset($accountsUser['user_id'])) {
return $this->responseError(new XenForo_Phrase('accountsfreedom_error_occurred_while_connecting_with_accountsfreedom3'));
}
$userModel = $this->_getUserModel();
$userExternalModel = $this->_getUserExternalModel();
$accountsAssoc = $userExternalModel->getExternalAuthAssociation('accountsfreedom', $accountsUser['user_id']);
if ($accountsAssoc && $userModel->getUserById($accountsAssoc['user_id'])) {
$userExternalModel->updateExternalAuthAssociationExtra($accountsAssoc['user_id'], 'accountsfreedom', array('token' => $accountsToken));
$userExternalModel->updateExternalAuthAssociationExtra($accountsAssoc['user_id'], 'accountsfreedom', array('data' => $accountsUser));
$redirect = XenForo_Application::getSession()->get('loginRedirect');
if (!$redirect) {
$redirect = $this->getDynamicRedirect(false, false);
}
$visitor = XenForo_Visitor::setup($accountsAssoc['user_id']);
XenForo_Application::getSession()->userLogin($accountsAssoc['user_id'], $visitor['password_date']);
$this->_getUserModel()->setUserRememberCookie($accountsAssoc['user_id']);
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
}
$existingUser = false;
$emailMatch = false;
if (XenForo_Visitor::getUserId()) {
$existingUser = XenForo_Visitor::getInstance();
} else {
if ($assocUserId) {
$existingUser = $userModel->getUserById($assocUserId);
}
}
$existingUser = $userModel->getUserByEmail($accountsUser['email']);
if ($existingUser) {
$emailMatch = true;
}
$viewName = 'AnyTV_AccountsAuthentication_ViewPublic_Accounts_Register';
$templateName = 'register_accountsfreedom';
XenForo_Application::getSession()->set('accountsToken', $accountsToken);
XenForo_Application::getSession()->set('accountsUser', $accountsUser);
if ($existingUser) {
// must associate: matching user
return $this->_getExternalRegisterFormResponse($viewName, $templateName, array('associateOnly' => true, 'accountsfreedom' => $accountsUser, 'existingUser' => $existingUser, 'emailMatch' => $emailMatch, 'redirect' => $redirect));
}
$this->_assertRegistrationActive();
if (!empty($accountsUser['birthday'])) {
$this->_validateBirthdayString($accountsUser['birthday'], 'm/d/y');
}
return $this->_getExternalRegisterFormResponse($viewName, $templateName, array('accountsfreedom' => $accountsUser, 'redirect' => $redirect, 'showDob' => empty($accountsUser['birthday'])));
}
/**
* Registers a new account (or associates with an existing one) using Facebook.
*
* @return XenForo_ControllerResponse_Abstract
*/
public function actionFacebookRegister()
{
$this->_assertPostOnly();
$fbToken = $this->_input->filterSingle('fb_token', XenForo_Input::STRING);
$fbUser = XenForo_Helper_Facebook::getUserInfo($fbToken);
if (empty($fbUser['id'])) {
return $this->responseError(new XenForo_Phrase('error_occurred_while_connecting_with_facebook'));
}
$userModel = $this->_getUserModel();
$userExternalModel = $this->_getUserExternalModel();
$doAssoc = $this->_input->filterSingle('associate', XenForo_Input::STRING) || $this->_input->filterSingle('force_assoc', XenForo_Input::UINT);
if ($doAssoc) {
$associate = $this->_input->filter(array('associate_login' => XenForo_Input::STRING, 'associate_password' => XenForo_Input::STRING));
$loginModel = $this->_getLoginModel();
if ($loginModel->requireLoginCaptcha($associate['associate_login'])) {
return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts'));
}
$userId = $userModel->validateAuthentication($associate['associate_login'], $associate['associate_password'], $error);
if (!$userId) {
$loginModel->logLoginAttempt($associate['associate_login']);
return $this->responseError($error);
}
$userExternalModel->updateExternalAuthAssociation('facebook', $fbUser['id'], $userId);
XenForo_Helper_Facebook::setUidCookie($fbUser['id']);
XenForo_Application::get('session')->changeUserId($userId);
XenForo_Visitor::setup($userId);
$redirect = XenForo_Application::get('session')->get('fbRedirect');
XenForo_Application::get('session')->remove('fbRedirect');
if (!$redirect) {
$redirect = $this->getDynamicRedirect(false, false);
}
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
}
$this->_assertRegistrationActive();
$data = $this->_input->filter(array('username' => XenForo_Input::STRING, 'timezone' => XenForo_Input::STRING));
if (XenForo_Dependencies_Public::getTosUrl() && !$this->_input->filterSingle('agree', XenForo_Input::UINT)) {
return $this->responseError(new XenForo_Phrase('you_must_agree_to_terms_of_service'));
}
$options = XenForo_Application::get('options');
$gender = '';
if (isset($fbUser['gender'])) {
switch ($fbUser['gender']) {
case 'man':
case 'male':
$gender = 'male';
break;
case 'woman':
case 'female':
$gender = 'female';
break;
}
}
$writer = XenForo_DataWriter::create('XenForo_DataWriter_User');
if ($options->registrationDefaults) {
$writer->bulkSet($options->registrationDefaults, array('ignoreInvalidFields' => true));
}
$writer->bulkSet($data);
$writer->bulkSet(array('gender' => $gender, 'email' => $fbUser['email'], 'location' => isset($fbUser['location']['name']) ? $fbUser['location']['name'] : ''));
if (!empty($fbUser['birthday'])) {
$birthdayParts = explode('/', $fbUser['birthday']);
if (count($birthdayParts) == 3) {
list($month, $day, $year) = $birthdayParts;
$userAge = $this->_getUserProfileModel()->calculateAge($year, $month, $day);
if ($userAge < intval($options->get('registrationSetup', 'minimumAge'))) {
// TODO: set a cookie to prevent re-registration attempts
return $this->responseError(new XenForo_Phrase('sorry_you_too_young_to_create_an_account'));
}
$writer->bulkSet(array('dob_year' => $year, 'dob_month' => $month, 'dob_day' => $day));
}
}
if (!empty($fbUser['website'])) {
list($website) = preg_split('/\\r?\\n/', $fbUser['website']);
if ($website && Zend_Uri::check($website)) {
$writer->set('homepage', $website);
}
}
$auth = XenForo_Authentication_Abstract::create('XenForo_Authentication_NoPassword');
$writer->set('scheme_class', $auth->getClassName());
$writer->set('data', $auth->generate(''), 'xf_user_authenticate');
$writer->set('user_group_id', XenForo_Model_User::$defaultRegisteredGroupId);
$writer->set('language_id', XenForo_Visitor::getInstance()->get('language_id'));
$writer->advanceRegistrationUserState(false);
$writer->preSave();
// TODO: option for extra user group
$writer->save();
$user = $writer->getMergedData();
$avatarFile = tempnam(XenForo_Helper_File::getTempDir(), 'xf');
if ($avatarFile) {
$data = XenForo_Helper_Facebook::getUserPicture($fbToken);
if ($data && $data[0] != '{') {
file_put_contents($avatarFile, $data);
try {
$user = array_merge($user, $this->getModelFromCache('XenForo_Model_Avatar')->applyAvatar($user['user_id'], $avatarFile));
} catch (XenForo_Exception $e) {
}
}
@unlink($avatarFile);
}
$userExternalModel->updateExternalAuthAssociation('facebook', $fbUser['id'], $user['user_id']);
XenForo_Model_Ip::log($user['user_id'], 'user', $user['user_id'], 'register');
XenForo_Helper_Facebook::setUidCookie($fbUser['id']);
XenForo_Application::get('session')->changeUserId($user['user_id']);
XenForo_Visitor::setup($user['user_id']);
$redirect = $this->_input->filterSingle('redirect', XenForo_Input::STRING);
$viewParams = array('user' => $user, 'redirect' => $redirect ? XenForo_Link::convertUriToAbsoluteUri($redirect) : '', 'facebook' => true);
return $this->responseView('XenForo_ViewPublic_Register_Process', 'register_process', $viewParams, $this->_getRegistrationContainerParams());
}
public function actionGoogle()
{
$code = $this->_input->filterSingle('code', XenForo_Input::STRING);
$options = XenForo_Application::getOptions();
$session = XenForo_Application::getSession();
$redirect = $this->_getExternalAuthRedirect();
if (!$options->googleClientId) {
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL, $this->getDynamicRedirect());
}
$csrf = $this->_input->filterSingle('csrf', XenForo_Input::STRING);
if ($csrf !== $session->get('sessionCsrf')) {
return $this->responseError(new XenForo_Phrase('unexpected_error_occurred'));
}
$client = XenForo_Helper_Http::getClient('https://accounts.google.com/o/oauth2/token');
$client->setParameterPost(array('code' => $code, 'client_id' => $options->googleClientId, 'client_secret' => $options->googleClientSecret, 'redirect_uri' => 'postmessage', 'grant_type' => 'authorization_code'));
$result = $client->request('POST');
$body = @json_decode($result->getBody(), true);
if (!$body || !empty($body['error'])) {
$credentials = $session->get('googleCredentials');
if (!$credentials) {
return $this->responseError(new XenForo_Phrase('error_occurred_when_connecting_to_google'));
}
} else {
$idTokenParts = explode('.', $body['id_token']);
$basicInfo = json_decode(base64_decode($idTokenParts[1]), true);
if (!$basicInfo || empty($basicInfo['sub'])) {
return $this->responseError(new XenForo_Phrase('error_occurred_when_connecting_to_google'));
}
$credentials = array('extra' => array('access_token' => $body['access_token'], 'expiry' => XenForo_Application::$time + $body['expires_in'], 'refresh_token' => isset($body['refresh_token']) ? $body['refresh_token'] : null), 'basic' => $basicInfo);
}
$basicInfo = $credentials['basic'];
$userId = $basicInfo['sub'];
$userModel = $this->_getUserModel();
$userExternalModel = $this->_getUserExternalModel();
$googleAssoc = $userExternalModel->getExternalAuthAssociation('google', $userId);
if ($googleAssoc && $userModel->getUserById($googleAssoc['user_id'])) {
$existingExtra = unserialize($googleAssoc['extra_data']);
if (!$credentials['extra']['refresh_token'] && !empty($existingExtra['refresh_token'])) {
$credentials['extra']['refresh_token'] = $existingExtra['refresh_token'];
}
$userExternalModel->updateExternalAuthAssociationExtra($googleAssoc['user_id'], 'google', $credentials['extra']);
/** @var XenForo_ControllerHelper_Login $loginHelper */
$loginHelper = $this->getHelper('Login');
$loginHelper->tfaRedirectIfRequiredPublic($googleAssoc['user_id'], $redirect, true);
$visitor = XenForo_Visitor::setup($googleAssoc['user_id']);
XenForo_Application::getSession()->userLogin($googleAssoc['user_id'], $visitor['password_date']);
$this->_getUserModel()->setUserRememberCookie($googleAssoc['user_id']);
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect);
}
if (empty($basicInfo['email']) || empty($basicInfo['email_verified']) || $basicInfo['email_verified'] != 'true') {
return $this->responseError(new XenForo_Phrase('you_must_have_verified_email_to_register_via_google'));
}
parent::_assertBoardActive('google');
if (empty($credentials['user'])) {
$client = XenForo_Helper_Http::getClient('https://www.googleapis.com/plus/v1/people/me');
$client->setParameterGet('access_token', $credentials['extra']['access_token']);
$response = $client->request('GET');
$userInfo = json_decode($response->getBody(), true);
$credentials['user'] = $userInfo;
}
$session->set('googleCredentials', $credentials);
$viewName = 'XenForo_ViewPublic_Register_Google';
$templateName = 'register_google';
$emailMatch = false;
if (XenForo_Visitor::getUserId()) {
$existingUser = XenForo_Visitor::getInstance();
} else {
$existingUser = $userModel->getUserByEmail($basicInfo['email']);
$emailMatch = (bool) $existingUser;
}
XenForo_Application::getSession()->set('loginRedirect', $redirect);
if ($existingUser) {
// must associate: matching user
return $this->_getExternalRegisterFormResponse($viewName, $templateName, array('associateOnly' => true, 'existingUser' => $existingUser, 'emailMatch' => $emailMatch, 'redirect' => $redirect));
}
$this->_assertRegistrationActive();
return $this->_getExternalRegisterFormResponse($viewName, $templateName, array('redirect' => $redirect, 'credentials' => $credentials, 'showDob' => empty($credentials['user']['birthday'])));
}
protected function _associateExternalAccount()
{
$associate = $this->_input->filter(array('associate_login' => XenForo_Input::STRING, 'associate_password' => XenForo_Input::STRING));
$loginModel = $this->_getLoginModel();
$userModel = $this->_getUserModel();
if ($loginModel->requireLoginCaptcha($associate['associate_login'])) {
throw $this->responseException($this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts')));
}
$userId = $userModel->validateAuthentication($associate['associate_login'], $associate['associate_password'], $error);
if (!$userId) {
$loginModel->logLoginAttempt($associate['associate_login']);
throw $this->responseException($this->responseError($error));
}
$visitor = XenForo_Visitor::setup($userId);
XenForo_Application::getSession()->userLogin($userId, $visitor['password_date']);
$this->_getUserModel()->setUserRememberCookie($userId);
return $userId;
}
