Untitled

<?php

require_once(CWD . '/library/php-jwt-master/src/JWTException.php');
require_once(CWD . '/library/php-jwt-master/src/ValidatesJWT.php');
require_once(CWD . '/library/php-jwt-master/src/JWT.php');
require_once('./includes/functions.php');

use Ahc\Jwt\JWT;

/**
  FILES WHERE WE ADDED PC3_ACTIVITY
    - index.php
 */

class PC3_Session {
  /**
  * Constructor. Attempts to grab a session that matches parameters, but will create one if it can't.
  *
  * @param    vB_Registry    Reference to a registry object
  * @param    string         styleid calculated in init.php
  */

  function __construct(&$registry, $styleid)
  {
    $this->registry =& $registry;
    $this->token = $registry->GPC['pc3_token'];
    $this->refreshtoken = $registry->GPC['pc3_refreshtoken'];
    $this->styleid = intval($styleid);
    $this->lastactivity = TIMENOW;
    $this->languageid = 4; // english
    $this->created = TRUE; // stub, doesn't matter with stateless auth
    $this->jwt = new JWT(
      $registry->config['PC3_Bridge']['jwt_secret'],
      'HS256',
      $registry->config['PC3_Bridge']['jwt_expires_in'],
    );

    $this->authenticate_by_access_token() || $this->authenticate_by_refresh_token();

    if ($this->deviceid) {
      $this->device = $registry->db->query_first_slave("
        select * from user_authenticated_devices
        where id = '" . $registry->db->escape_string($this->deviceid) .
      "'");
    }

    // not a stored device, don't authenticate
    if (!$this->device) {
      setcookie('pc3_token', '');
      $this->userid = null;
    }

    $this->fetch_userinfo();

    $this->set('styleid', $styleid);
  }

  private function authenticate_by_access_token() {
    if ($this->token) {
      try {
        $this->set_payload($this->jwt->decode($this->token));
        return true;
      } catch(Exception $e) {}
    }

    return false;
  }

  private function authenticate_by_refresh_token() {
    if ($this->refreshtoken) {
      try {
        $payload = $this->jwt->decode($this->refreshtoken);

        if ($payload['type'] !== 'refresh') {
          throw new Exception("tried to use non-refresh token as refresh token");
        }

        $access_token = $this->jwt->encode(array(
          'userId' => $payload['userId'],
          'deviceId' => $payload['deviceId'],
        ));

        setcookie(
          'pc3_token',
          $access_token,
          time() + $this->registry->config['PC3_Bridge']['jwt_expires_in'],
          "/",
          "",
          TRUE
        );
        $this->token = $access_token;
        $this->set_payload($payload);

        return true;
      } catch(Exception $e) {
        die($e);
      }
    }

    return false;
  }

  private function set_payload($payload) {
    if ($payload) {
      $this->userid = $payload['userId'];
      $this->deviceid = $payload['deviceId'];
    }
  }

  function save() {
    // no-op
  }

  function set_session_visibility() {
    // no-op
  }

  function do_lastvisit_update() {
    $ip = '"' . $this->registry->db->escape_string(IPADDRESS) . '"';
    $ua = '"' . $this->registry->db->escape_string(USER_AGENT) . '"';
    $uid = $this->userid ? $this->userid : 'NULL';
    $activity = (defined('PC3_ACTIVITY') && PC3_ACTIVITY) ? ('"' . PC3_ACTIVITY . '"') : NULL;

    if ($activity) {
      $this->registry->db->query_write("
        replace into online_visitor_activities (ipAddress, userAgent, userId, activity)
        values ($ip, $ua, $uid, $activity)
      ");
    }
  }

  function set($key, $value) {
    $this->$key = $value;
    $this->changes[$key] = $value;
  }


  function fetch_sessionhash() {
    return md5(uniqid(microtime(), true));
  }


  function &fetch_userinfo() {
    if($this->userinfo) {
      // we have this already so don’t bother
      return $this->userinfo;
    }
    else if ($this->userid AND !defined('SKIP_USERINFO')) {
      // user is logged in
      $useroptions = (defined('IN_CONTROL_PANEL') ? FETCH_USERINFO_ADMIN : 0) + (defined('AVATAR_ON_NAVBAR') ? FETCH_USERINFO_AVATAR : 0);
      $this->userinfo = fetch_userinfo($this->userid, $useroptions, $this->languageid);
      return $this->userinfo;
    }
    else {
      // guest setup
      $this->userinfo = array(
        'userid'         => 0,
        'usergroupid'    => 1,
        'username'       => (!empty($_REQUEST['username']) ? htmlspecialchars_uni($_REQUEST['username']) : ''),
        'password'       => '',
        'email'          => '',
        'styleid'        => $this->styleid,
        'languageid'     => $this->languageid,
        'lastactivity'   => $this->lastactivity,
        'daysprune'      => 0,
        'timezoneoffset' => $this->registry->options['timeoffset'],
        'dstonoff'       => $this->registry->options['dstonoff'],
        'showsignatures' => 1,
        'showavatars'    => 1,
        'showimages'     => 1,
        'showusercss'    => 1,
        'dstauto'        => 0,
        'maxposts'       => -1,
        'startofweek'    => 1,
        'threadedmode'   => $this->registry->options['threadedmode'],
        'securitytoken'  => 'guest',
        'securitytoken_raw'  => 'guest'
      );

      $this->userinfo['options'] =
                    $this->registry->bf_misc_useroptions['showsignatures'] | $this->registry->bf_misc_useroptions['showavatars'] |
                    $this->registry->bf_misc_useroptions['showimages'] | $this->registry->bf_misc_useroptions['dstauto'] |
                    $this->registry->bf_misc_useroptions['showusercss'];

      if (!defined('SKIP_USERINFO'))
      {
        // get default language
        $phraseinfo = $this->registry->db->query_first_slave("
          SELECT languageid" . fetch_language_fields_sql(0) . "
          FROM " . TABLE_PREFIX . "language
          WHERE languageid = " . (!empty($this->vars['languageid']) ? $this->vars['languageid'] : intval($this->registry->options['languageid'])) . "
        ");
        if (empty($phraseinfo))
        { // can't phrase this since we can't find the language
          trigger_error('The requested language does not exist, reset via tools.php.', E_USER_ERROR);
        }
        foreach($phraseinfo AS $_arrykey => $_arryval)
        {
          $this->userinfo["$_arrykey"] = $_arryval;
        }
        unset($phraseinfo);
      }

      return $this->userinfo;
    }
  }
}

// function human_readable_visitor_activity($activity) {
//   $matches = NULL;

//   switch(true) {
//     case preg_match('/^index$/', $activity): {
//       return _link_to('Viewing Index', '/');
//     }
//     case preg_match('/^thread (\\d+)$/', $activity, $matches, PREG_UNMATCHED_AS_NULL): {
//       $thread = fetch_threadinfo($matches[1]);
//       return _use_thread($thread);
//     }
//     default: {
//       return NULL;
//     }
//   }
// }

// function _use_thread($thread) {
//   if (_can_see_thread($thread)) {
//     return _link_to("Viewing Thread $thread[title]", "/showthread.php?t=$thread[threadid]");
//   } else {
//     return _link_to('Viewing Thread');
//   }
// }

// // centralize this better for newcore
// function _can_see_thread($thread) {
//   global $vbulletin;

//   if (!can_see_unpublished_post($thread) OR ($thread['isdeleted'] AND !can_moderate($thread['forumid']))) {
//     return false;
//   }

//   $forumperms = fetch_permissions($thread['forumid']);

//   if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview']) OR !($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewthreads']))
//   {
//     return false;
//   }

//   if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canviewothers']) AND ($thread['postuserid'] != $vbulletin->userinfo['userid'] OR $vbulletin->userinfo['userid'] == 0))
//   {
//     return false;
//   }

//   return true;
// }

// function _link_to($title, $path = NULL) {
//   return array(
//     'title' => $title,
//     'path' => $path,
//   );
// }