protected function _getModules() { $modules = array('forum' => 2015121802, 'oauth2' => 2015121501, 'subscription' => 2014092301); $option = bdApi_Data_Helper_Core::safeGetSession()->getOAuthClientOption('allow_search_indexing'); if (!empty($option)) { $modules['search/indexing'] = 2015091601; } return $modules; }
public function setVisitorLanguage($languageId) { if ($this->get('user_id') > 0) { // because XenForo ignore session language id if user is logged in // we have to override its value here // NOTE: the load_class for XenForo_Visitor requires 1.2.0+ $session = bdApi_Data_Helper_Core::safeGetSession(); $requestLanguageId = $session->get('languageId'); if ($requestLanguageId > 0) { $languageId = $requestLanguageId; } } return parent::setVisitorLanguage($languageId); }
public function actionPutIndex() { $input = $this->_input->filter(array('password' => XenForo_Input::STRING, 'password_old' => XenForo_Input::STRING, 'password_algo' => XenForo_Input::STRING, 'user_email' => XenForo_Input::STRING, 'username' => XenForo_Input::STRING, 'primary_group_id' => XenForo_Input::UINT, 'secondary_group_ids' => array(XenForo_Input::UINT, 'array' => true), 'user_dob_day' => XenForo_Input::UINT, 'user_dob_month' => XenForo_Input::UINT, 'user_dob_year' => XenForo_Input::UINT, 'user_fields' => XenForo_Input::ARRAY_SIMPLE)); $user = $this->_getUserOrError(); $visitor = XenForo_Visitor::getInstance(); $session = bdApi_Data_Helper_Core::safeGetSession(); $isAdmin = $session->checkScope(bdApi_Model_OAuth2::SCOPE_MANAGE_SYSTEM) && $visitor->hasAdminPermission('user'); $requiredAuth = 0; if (!empty($input['password'])) { $requiredAuth++; } if (!empty($input['user_email'])) { $requiredAuth++; } if ($requiredAuth > 0) { $isAuth = false; if ($isAdmin && $visitor['user_id'] != $user['user_id']) { $isAuth = true; } elseif (!empty($input['password_old'])) { $auth = $this->_getUserModel()->getUserAuthenticationObjectByUserId($user['user_id']); if (!empty($auth)) { $passwordOld = bdApi_Crypt::decrypt($input['password_old'], $input['password_algo']); if ($auth->hasPassword() && $auth->authenticate($user['user_id'], $passwordOld)) { $isAuth = true; } } } if (!$isAuth) { return $this->responseError(new XenForo_Phrase('bdapi_slash_users_requires_password_old'), 403); } } /* @var $writer XenForo_DataWriter_User */ $writer = XenForo_DataWriter::create('XenForo_DataWriter_User'); $writer->setExistingData($user, true); if ($isAdmin) { $writer->setOption(XenForo_DataWriter_User::OPTION_ADMIN_EDIT, true); } if (!empty($input['password'])) { $password = bdApi_Crypt::decrypt($input['password'], $input['password_algo']); $writer->setPassword($password, $password); } if (!empty($input['user_email'])) { $writer->set('email', $input['user_email']); if ($writer->isChanged('email') && XenForo_Application::getOptions()->get('registrationSetup', 'emailConfirmation') && !$isAdmin) { switch ($writer->get('user_state')) { case 'moderated': case 'email_confirm': $writer->set('user_state', 'email_confirm'); break; default: $writer->set('user_state', 'email_confirm_edit'); } } } if (!empty($input['username'])) { $writer->set('username', $input['username']); if ($writer->isChanged('username') && !$isAdmin) { return $this->responseError(new XenForo_Phrase('bdapi_slash_users_denied_username'), 403); } } if ($input['primary_group_id'] > 0) { $userGroups = $this->_getUserGroupModel()->getAllUserGroups(); if (!isset($userGroups[$input['primary_group_id']])) { return $this->responseError(new XenForo_Phrase('requested_user_group_not_found')); } if (!empty($input['secondary_group_ids'])) { foreach ($input['secondary_group_ids'] as $secondaryGroupId) { if (!isset($userGroups[$secondaryGroupId])) { return $this->responseError(new XenForo_Phrase('requested_user_group_not_found')); } } } $writer->set('user_group_id', $input['primary_group_id']); $writer->setSecondaryGroups($input['secondary_group_ids']); } if (!empty($input['user_dob_day']) && !empty($input['user_dob_month']) && !empty($input['user_dob_year'])) { $writer->set('dob_day', $input['user_dob_day']); $writer->set('dob_month', $input['user_dob_month']); $writer->set('dob_year', $input['user_dob_year']); $hasExistingDob = false; $hasExistingDob = $hasExistingDob || !!$writer->getExisting('dob_day'); $hasExistingDob = $hasExistingDob || !!$writer->getExisting('dob_month'); $hasExistingDob = $hasExistingDob || !!$writer->getExisting('dob_year'); if ($hasExistingDob && ($writer->isChanged('dob_day') || $writer->isChanged('dob_month') || $writer->isChanged('dob_year')) && !$isAdmin) { // setting new dob is fine but changing dob requires admin permission return $this->responseError(new XenForo_Phrase('bdapi_slash_users_denied_dob'), 403); } } if (!empty($input['user_fields'])) { $profileFieldsInput = new XenForo_Input($input['user_fields']); $profileFields = $profileFieldsInput->filter(array('about' => XenForo_Input::STRING, 'homepage' => XenForo_Input::STRING, 'location' => XenForo_Input::STRING, 'occupation' => XenForo_Input::STRING)); $writer->bulkSet($profileFields); $writer->setCustomFields($input['user_fields']); } $writer->preSave(); if (!$isAdmin) { if ($writer->isChanged('user_group_id') || $writer->isChanged('secondary_group_ids')) { // this has to be checked here because `secondary_group_ids` only get set within preSave() return $this->responseError(new XenForo_Phrase('bdapi_slash_users_denied_user_group'), 403); } } $writer->save(); $user = $writer->getMergedData(); if ($writer->isChanged('email') && in_array($user['user_state'], array('email_confirm', 'email_confirm_edit'))) { /* @var $userConfirmationModel XenForo_Model_UserConfirmation */ $userConfirmationModel = $this->getModelFromCache('XenForo_Model_UserConfirmation'); $userConfirmationModel->sendEmailConfirmation($user); } return $this->responseMessage(new XenForo_Phrase('changes_saved')); }
public static function buildApiLink($type, $data = null, array $extraParams = array(), $skipPrepend = false) { // the type MUST BE full:type // NOTE: this is the opposite with public links if (strpos($type, 'canonical:') === 0) { // replace canonical: with full: $type = str_replace('canonical:', 'full:', $type); } elseif (strpos($type, 'full:') === false) { // enforce full: $type = 'full:' . $type; } // auto appends oauth_token param from the session if (!isset($extraParams['oauth_token'])) { $session = bdApi_Data_Helper_Core::safeGetSession(); if (!empty($session)) { $oauthToken = $session->getOAuthTokenText(); if (!empty($oauthToken) && !empty($_REQUEST['oauth_token']) && $_REQUEST['oauth_token'] === $oauthToken) { // only append token to built link if the current request has token in query too // this will prevent token in links if it's requested with OTT, token in Auth header // or token in body (PUT/POST requests) $extraParams['oauth_token'] = $oauthToken; } } } $type = XenForo_Link::_checkForFullLink($type, $fullLink, $fullLinkPrefix); $link = XenForo_Link::_buildLink(self::API_LINK_GROUP, $type, $data, $extraParams); $queryString = XenForo_Link::buildQueryString($extraParams); if ($link instanceof XenForo_Link) { $canPrependFull = $link->canPrependFull(); } else { $canPrependFull = true; if (strpos($link, '#') !== false) { list($link, $hash) = explode('#', $link); } } if ($queryString !== '' && $link !== '') { $append = "?{$link}&{$queryString}"; } else { // 1 or neither of these has content $append = $link . $queryString; if ($append !== '') { $append = "?{$append}"; } } if ($skipPrepend) { $outputLink = $append; } else { $outputLink = 'index.php' . $append; } if ($fullLink && $canPrependFull) { $outputLink = $fullLinkPrefix . $outputLink; } // deal with a hash in the $type {xen:link prefix#hash..} if (($hashPos = strpos($type, '#')) !== false) { $hash = substr($type, $hashPos + 1); } if ($outputLink === '') { $outputLink = '.'; } return $outputLink . (empty($hash) ? '' : '#' . $hash); }
protected function _prepareSessionActivityForApi(&$controllerName, &$action, array &$params) { $controllerName = 'bdApi_ControllerApi_Index'; $action = ''; $params = array(); $session = bdApi_Data_Helper_Core::safeGetSession(); if (!empty($session)) { $params['client_id'] = $session->getOAuthClientId(); } }
public function prepareApiDataForUser(array $user) { $visitor = XenForo_Visitor::getInstance(); $session = bdApi_Data_Helper_Core::safeGetSession(); /* @var $userGroupModel bdApi_XenForo_Model_UserGroup */ $userGroupModel = $this->getModelFromCache('XenForo_Model_UserGroup'); /* @var $conversationModel XenForo_Model_Conversation */ $conversationModel = $this->getModelFromCache('XenForo_Model_Conversation'); $hasAdminScope = !empty($session) && $session->checkScope(bdApi_Model_OAuth2::SCOPE_MANAGE_SYSTEM); $isAdminRequest = $hasAdminScope && $visitor->hasAdminPermission('user'); $prepareProtectedData = $user['user_id'] == $visitor->get('user_id') || $isAdminRequest; $publicKeys = array('user_id' => 'user_id', 'username' => 'username', 'message_count' => 'user_message_count', 'register_date' => 'user_register_date', 'like_count' => 'user_like_count'); if ($prepareProtectedData) { $publicKeys = array_merge($publicKeys, array('email' => 'user_email', 'alerts_unread' => 'user_unread_notification_count', 'dob_day' => 'user_dob_day', 'dob_month' => 'user_dob_month', 'dob_year' => 'user_dob_year')); if (!empty($session) and $session->checkScope(bdApi_Model_OAuth2::SCOPE_PARTICIPATE_IN_CONVERSATIONS)) { // xf_user $publicKeys['conversations_unread'] = 'user_unread_conversation_count'; } } $data = bdApi_Data_Helper_Core::filter($user, $publicKeys); $data['user_title'] = XenForo_Template_Helper_Core::helperUserTitle($user); if (isset($user['user_state']) and isset($user['is_banned'])) { if (!empty($user['is_banned'])) { $data['user_is_valid'] = false; $data['user_is_verified'] = true; } else { switch ($user['user_state']) { case 'valid': $data['user_is_valid'] = true; $data['user_is_verified'] = true; break; case 'email_confirm': case 'email_confirm_edit': $data['user_is_valid'] = true; $data['user_is_verified'] = false; break; case 'moderated': $data['user_is_valid'] = false; $data['user_is_verified'] = false; break; } } } $data['user_is_followed'] = !empty($user['bdapi_user_is_followed']); if ($this->canViewUserCurrentActivity($user)) { $data['user_last_seen_date'] = $user['last_activity']; } else { // user hides his/her activity, use the register date value instead // (IMHO using 0 will make it too obvious that activity is hidden) $data['user_last_seen_date'] = $user['register_date']; } $data['links'] = array('permalink' => XenForo_Link::buildPublicLink('members', $user), 'detail' => bdApi_Data_Helper_Core::safeBuildApiLink('users', $user), 'avatar' => XenForo_Template_Helper_Core::callHelper('avatar', array($user, 'm', false, true)), 'avatar_big' => XenForo_Template_Helper_Core::callHelper('avatar', array($user, 'l', false, true)), 'avatar_small' => XenForo_Template_Helper_Core::callHelper('avatar', array($user, 's', false, true)), 'followers' => bdApi_Data_Helper_Core::safeBuildApiLink('users/followers', $user), 'followings' => bdApi_Data_Helper_Core::safeBuildApiLink('users/followings', $user), 'ignore' => bdApi_Data_Helper_Core::safeBuildApiLink('users/ignore', $user)); $data['permissions'] = array('edit' => $prepareProtectedData, 'follow' => $user['user_id'] != $visitor->get('user_id') && $visitor->canFollow()); /** @var XenForo_Model_UserIgnore $ignoreModel */ $ignoreModel = $this->getModelFromCache('XenForo_Model_UserIgnore'); $data['permissions']['ignore'] = $ignoreModel->canIgnoreUser($visitor->get('user_id'), $user); $data['user_is_ignored'] = $visitor->isIgnoring($user['user_id']); $data['user_is_visitor'] = $user['user_id'] == $visitor->get('user_id'); if ($prepareProtectedData) { if (isset($user['timezone'])) { $dtz = new DateTimeZone($user['timezone']); $dt = new DateTime('now', $dtz); $data['user_timezone_offset'] = $dtz->getOffset($dt); } $auth = $this->getUserAuthenticationObjectByUserId($user['user_id']); $data['user_has_password'] = $auth->hasPassword(); $data['user_fields'] = $this->prepareApiDataForUserFields($user); $thisUserGroups = array(); $userGroups = $userGroupModel->bdApi_getAllUserGroupsCached(); foreach ($userGroups as $userGroup) { if ($this->isMemberOfUserGroup($user, $userGroup['user_group_id'])) { $thisUserGroups[] = $userGroup; } } $data['user_groups'] = $userGroupModel->prepareApiDataForUserGroups($thisUserGroups); foreach ($data['user_groups'] as &$userGroupRef) { if ($userGroupRef['user_group_id'] == $user['user_group_id']) { $userGroupRef['is_primary_group'] = true; } else { $userGroupRef['is_primary_group'] = false; } } $data['self_permissions'] = array('create_conversation' => $conversationModel->canStartConversations(), 'upload_attachment_conversation' => $conversationModel->canUploadAndManageAttachment()); $data['edit_permissions'] = array('password' => true, 'user_email' => true, 'username' => false, 'user_title' => false, 'primary_group_id' => false, 'secondary_group_ids' => false, 'user_dob_day' => false, 'user_dob_month' => false, 'user_dob_year' => false, 'user_fields' => true); if ($isAdminRequest) { $data['edit_permissions'] = array_merge($data['edit_permissions'], array('username' => true, 'user_title' => true, 'primary_group_id' => true, 'secondary_group_ids' => true)); } if (empty($data['user_dob_day']) && empty($data['user_dob_month']) && empty($data['user_dob_year']) || $isAdminRequest) { $data['edit_permissions'] = array_merge($data['edit_permissions'], array('user_dob_day' => true, 'user_dob_month' => true, 'user_dob_year' => true)); } } /** @var XenForo_Model_UserProfile $userProfileModel */ $userProfileModel = $this->getModelFromCache('XenForo_Model_UserProfile'); if ($userProfileModel->canViewProfilePosts($user)) { $data['links']['timeline'] = bdApi_Data_Helper_Core::safeBuildApiLink('users/timeline', $user); if ($user['user_id'] == $visitor->get('user_id')) { $data['permissions']['profile_post'] = $visitor->canUpdateStatus(); } else { $data['permissions']['profile_post'] = $userProfileModel->canPostOnProfile($user); } } return $data; }
public function actionPostIndexing() { $input = $this->_input->filter(array('content_type' => XenForo_Input::STRING, 'content_id' => XenForo_Input::UINT, 'title' => XenForo_Input::STRING, 'body' => XenForo_Input::STRING, 'date' => array(XenForo_Input::UINT, 'default' => XenForo_Application::$time), 'link' => XenForo_Input::STRING, 'extra_data' => XenForo_Input::ARRAY_SIMPLE)); $session = bdApi_Data_Helper_Core::safeGetSession(); $option = $session->getOAuthClientOption('allow_search_indexing'); if (empty($option)) { return $this->responseNoPermission(); } $dbKeys = array('client_id' => $session->getOAuthClientId(), 'content_type' => $input['content_type'], 'content_id' => $input['content_id']); /** @var bdApi_Model_ClientContent $clientContentModel */ $clientContentModel = $this->getModelFromCache('bdApi_Model_ClientContent'); $existingContents = $clientContentModel->getClientContents($dbKeys); $existingContent = null; if (!empty($existingContents)) { $existingContent = reset($existingContents); } $dw = XenForo_DataWriter::create('bdApi_DataWriter_ClientContent'); if (!empty($existingContent)) { $dw->setExistingData($existingContent, true); $input['extra_data'] = array_merge($existingContent['extraData'], $input['extra_data']); } else { $dw->bulkSet($dbKeys); } $dw->set('title', $input['title']); $dw->set('body', $input['body']); $dw->set('date', $input['date']); $dw->set('link', $input['link']); $dw->set('extra_data', $input['extra_data']); if ($dw->isInsert() || XenForo_Visitor::getUserId() > 0) { $dw->set('user_id', XenForo_Visitor::getUserId()); } $dw->preSave(); if ($dw->hasErrors()) { return $this->responseErrors($dw->getErrors(), 400); } $dw->save(); return $this->responseMessage(new XenForo_Phrase('changes_saved')); }
public function actionPutIndex() { $user = $this->_getUserOrError(); $visitor = XenForo_Visitor::getInstance(); $input = $this->_input->filter(array('password_old' => XenForo_Input::STRING, 'password_algo' => XenForo_Input::STRING, 'user_email' => XenForo_Input::STRING, 'username' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'user_dob_day' => XenForo_Input::UINT, 'user_dob_month' => XenForo_Input::UINT, 'user_dob_year' => XenForo_Input::UINT)); $session = bdApi_Data_Helper_Core::safeGetSession(); $isAdmin = $session->checkScope(bdApi_Model_OAuth2::SCOPE_MANAGE_SYSTEM) && $visitor->hasAdminPermission('user'); $isAuth = false; if ($isAdmin && $visitor['user_id'] != $user['user_id']) { $isAuth = true; } elseif (!empty($input['password_old'])) { $auth = $this->_getUserModel()->getUserAuthenticationObjectByUserId($user['user_id']); if (!empty($auth)) { $passwordOld = bdApi_Crypt::decrypt($input['password_old'], $input['password_algo']); if ($auth->hasPassword() && $auth->authenticate($user['user_id'], $passwordOld)) { $isAuth = true; } } } if (!$isAuth) { return $this->responseNoPermission(); } /* @var $writer XenForo_DataWriter_User */ $writer = XenForo_DataWriter::create('XenForo_DataWriter_User'); $writer->setExistingData($user, true); if (!empty($input['user_email'])) { $writer->set('email', $input['user_email']); if ($writer->isChanged('email') && XenForo_Application::getOptions()->get('registrationSetup', 'emailConfirmation') && !$isAdmin) { switch ($writer->get('user_state')) { case 'moderated': case 'email_confirm': $writer->set('user_state', 'email_confirm'); break; default: $writer->set('user_state', 'email_confirm_edit'); } } } if (!empty($input['username'])) { if (!$isAdmin) { return $this->responseNoPermission(); } $writer->set('username', $input['username']); } if (!empty($input['password'])) { $password = bdApi_Crypt::decrypt($input['password'], $input['password_algo']); $writer->setPassword($password, $password); } if (!empty($input['user_dob_day']) && !empty($input['user_dob_month']) && !empty($input['user_dob_year'])) { $hasExistingDob = false; $hasExistingDob = $hasExistingDob || !!$writer->getExisting('dob_day'); $hasExistingDob = $hasExistingDob || !!$writer->getExisting('dob_month'); $hasExistingDob = $hasExistingDob || !!$writer->getExisting('dob_year'); if ($hasExistingDob) { if (!$isAdmin) { // changing dob requires admin permission return $this->responseNoPermission(); } } else { // new dob just needs auth } $writer->set('dob_day', $input['user_dob_day']); $writer->set('dob_month', $input['user_dob_month']); $writer->set('dob_year', $input['user_dob_year']); } if (!$writer->hasChanges()) { return $this->responseError(new XenForo_Phrase('error_occurred_or_request_stopped'), 400); } $writer->save(); $user = $writer->getMergedData(); if ($writer->isChanged('email') && in_array($user['user_state'], array('email_confirm', 'email_confirm_edit'))) { /* @var $userConfirmationModel XenForo_Model_UserConfirmation */ $userConfirmationModel = $this->getModelFromCache('XenForo_Model_UserConfirmation'); $userConfirmationModel->sendEmailConfirmation($user); } return $this->responseMessage(new XenForo_Phrase('changes_saved')); }
protected function _getClientOrError() { /* @var $oauth2Model bdApi_Model_OAuth2 */ $oauth2Model = $this->getModelFromCache('bdApi_Model_OAuth2'); $session = bdApi_Data_Helper_Core::safeGetSession(); $oauthClientId = $session->getOAuthClientId(); $client = null; if (empty($oauthClientId)) { $inputClientId = $this->_input->filterSingle('client_id', XenForo_Input::STRING); $inputClientSecret = $this->_input->filterSingle('client_secret', XenForo_Input::STRING); if (!empty($inputClientId) and !empty($inputClientSecret)) { $client = $oauth2Model->getClientModel()->getClientById($inputClientId); if (!empty($client) and !$oauth2Model->getClientModel()->verifySecret($client, $inputClientSecret)) { throw $this->getNoPermissionResponseException(); } } } else { $client = $oauth2Model->getClientModel()->getClientById($oauthClientId); } if (empty($client)) { throw $this->getNoPermissionResponseException(); } return $client; }
public function isValidTopic(&$topic, array $viewingUser = null) { $this->standardizeViewingUserReference($viewingUser); list($type, $id) = self::parseTopic($topic); if ($type != self::TYPE_CLIENT && !bdApi_Option::getSubscription($type)) { // subscription for this topic type has been disabled return false; } switch ($type) { case self::TYPE_NOTIFICATION: if ($id === 'me') { // now supports user_notification_me $id = $viewingUser['user_id']; $topic = self::getTopic($type, $id); } return $id > 0 and $id == $viewingUser['user_id']; case self::TYPE_THREAD_POST: /* @var $threadModel XenForo_Model_Thread */ $threadModel = $this->getModelFromCache('XenForo_Model_Thread'); $thread = $threadModel->getThreadById($id); return $thread['user_id'] == $viewingUser['user_id']; case self::TYPE_USER: if ($id === 'me') { // now supports user_me $id = $viewingUser['user_id']; $topic = self::getTopic($type, $id); } return $id > 0 and $id == $viewingUser['user_id']; case self::TYPE_CLIENT: $session = bdApi_Data_Helper_Core::safeGetSession(); return $session->getOAuthClientId() !== ''; } return false; }