/**
* Verifies that the provided username is valid, and attempts to correct it if it is not valid
*
* @param string Username
*
* @return boolean Returns true if the username is valid, or has been corrected to be valid
*/
function verify_username(&$username)
{
// fix extra whitespace and invisible ascii stuff
$username = trim(preg_replace('#[ \\r\\n\\t]+#si', ' ', strip_blank_ascii($username, ' ')));
$username_raw = $username;
if (strtolower(vB_String::getCharset()) !== 'utf-8') {
// Following lines don't work for UTF-8. See VBV-3225.
$username = vB_String::cleanUserName($username);
}
$username = str_replace(chr(0), '', $username);
$username = trim($username);
if (empty($this->existing['userid'])) {
$this->existing['userid'] = false;
}
if (empty($this->existing['username'])) {
if ($this->existing['userid']) {
$userInfo = $this->assertor->getRow('user', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_SELECT, 'userid' => $this->existing['userid']));
$this->existing['username'] = $userInfo['username'];
} else {
$this->existing['username'] = false;
}
}
// check length only if it's a new user or if the username changed
if ($this->existing['username'] === false or $username != $this->existing['username']) {
$length = iconv_strlen($username, vB_String::getCharset());
// We shouldn't use vB_String::vbStrlen() as it will count &xxx; as one character.
if ($length == 0) {
// check for empty string
$this->error('fieldmissing_username');
return false;
} else {
if ($length < $this->options['minuserlength'] and !$this->adminoverride) {
// name too short
$this->error('usernametooshort', $this->options['minuserlength']);
return false;
} else {
if ($length > $this->options['maxuserlength'] and !$this->adminoverride) {
// name too long
$this->error('usernametoolong', $this->options['maxuserlength']);
return false;
} else {
if (preg_match('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $username)) {
// name contains semicolons
$this->error('username_contains_semi_colons');
return false;
} else {
if ($username != fetch_censored_text($username) and !$this->adminoverride) {
// name contains censored words
$this->error('censorfield');
return false;
}
}
}
}
}
/*else if (vB_String::htmlSpecialCharsUni($username_raw) != $this->existing['username'] AND $user = $this->dbobject->query_first("
SELECT userid, username FROM " . TABLE_PREFIX . "user
WHERE userid != " . intval($this->existing['userid']) . "
AND
(
username = '******'
OR
username = '******'
)
"))*/
}
if ((empty($this->existing['username']) or vB_String::htmlSpecialCharsUni($username_raw) != $this->existing['username']) and $user = $this->assertor->getRow('getUsernameAndId', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED, 'userid' => intval($this->existing['userid']), 'username' => vB_String::htmlSpecialCharsUni($username), 'username_raw' => vB_String::htmlSpecialCharsUni($username_raw)))) {
// name is already in use
if ($this->error_handler == vB_DataManager_Constants::ERRTYPE_CP) {
$this->error('usernametaken_edit_here', vB_String::htmlSpecialCharsUni($username), $this->session->get('sessionurl'), $user['userid']);
} else {
$this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), $this->session->get('sessionurl'));
}
return false;
}
if (!empty($this->options['usernameregex']) and !$this->adminoverride) {
// check for regex compliance
if (!preg_match('#' . str_replace('#', '\\#', $this->options['usernameregex']) . '#siU', $username)) {
$this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), vB::getCurrentSession()->get('sessionurl'));
return false;
}
}
if (!empty($this->existing['username']) and (vB_String::htmlSpecialCharsUni($username_raw) != $this->existing['username'] and !$this->adminoverride and $this->options['usernamereusedelay'] > 0)) {
require_once DIR . '/includes/class_userchangelog.php';
$userchangelog = new vB_UserChangeLog($this->registry);
$userchangelog->set_execute(true);
$userchangelog->set_just_count(true);
if ($userchangelog->sql_select_by_username(vB_String::htmlSpecialCharsUni($username), vB::getRequest()->getTimeNow() - $this->options['usernamereusedelay'] * 86400)) {
$this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), vB::getCurrentSession()->get('sessionurl'));
return false;
}
}
if ((empty($this->existing['username']) or vB_String::htmlSpecialCharsUni($username_raw) != $this->existing['username']) and !empty($this->options['illegalusernames']) and !$this->adminoverride) {
// check for illegal username
$usernames = preg_split('/[ \\r\\n\\t]+/', $this->options['illegalusernames'], -1, PREG_SPLIT_NO_EMPTY);
foreach ($usernames as $val) {
if (strpos(strtolower($username), strtolower($val)) !== false) {
// wierd error to show, but hey...
$this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), vB::getCurrentSession()->get('sessionurl'));
return false;
}
}
}
$unregisteredphrases = $this->assertor->getRows('phrase', array('varname' => 'unregistered', 'fieldname' => 'global'));
//while ($unregisteredphrase = $this->registry->db->fetch_array($unregisteredphrases))
foreach ($unregisteredphrases as $unregisteredphrase) {
if (strtolower($unregisteredphrase['text']) == strtolower($username) or strtolower($unregisteredphrase['text']) == strtolower($username_raw)) {
//$this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), vB::getCurrentSession()->get('sessionurl'));
$this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), $this->session->get('sessionurl'));
return false;
}
}
// if we got here, everything is okay
$username = vB_String::htmlSpecialCharsUni($username);
// remove any trailing HTML entities that will be cut off when we stick them in the DB.
// if we don't do this, the affected person won't be able to login, be banned, etc...
$column_info = $this->assertor->getRow('getColumnUsername', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_STORED, 'field' => 'username'));
if (preg_match('#char\\((\\d+)\\)#i', $column_info['Type'], $match) and $match[1] > 0) {
$username = preg_replace('/&([a-z0-9#]*)$/i', '', substr($username, 0, $match[1]));
}
$username = trim($username);
return true;
}
function verify_authentication2($username)
{
global $vbulletin;
$username = strip_blank_ascii($username, ' ');
if ($vbulletin->userinfo = $vbulletin->db->query_first("SELECT userid, usergroupid, membergroupids, infractiongroupids, username, password, salt FROM " . TABLE_PREFIX . "user WHERE username = '******'")) {
if ($vbulletin->GPC[COOKIE_PREFIX . 'userid'] and $vbulletin->GPC[COOKIE_PREFIX . 'userid'] != $vbulletin->userinfo['userid']) {
// we have a cookie from a user and we're logging in as
// a different user and we're not going to store a new cookie,
// so let's unset the old one
vbsetcookie('userid', '', true, true, true);
vbsetcookie('password', '', true, true, true);
}
vbsetcookie('userid', $vbulletin->userinfo['userid'], true, true, true);
vbsetcookie('password', md5($vbulletin->userinfo['password'] . COOKIE_SALT), true, true, true);
$return_value = true;
($hook = vBulletinHook::fetch_hook('login_verify_success')) ? eval($hook) : false;
return $return_value;
}
$return_value = false;
($hook = vBulletinHook::fetch_hook('login_verify_failure_username')) ? eval($hook) : false;
return $return_value;
}
/**
* Verifies that the provided username is valid, and attempts to correct it if it is not valid
*
* @param string Username
*
* @return boolean Returns true if the username is valid, or has been corrected to be valid
*/
function verify_username(&$username)
{
// this is duplicated from the user manager
// fix extra whitespace and invisible ascii stuff
$username = trim(preg_replace('#[ \\r\\n\\t]+#si', ' ', strip_blank_ascii($username, ' ')));
$username_raw = $username;
$username = vB_String::cleanUserName($username);
$username = str_replace(chr(0), '', $username);
$username = trim($username);
$length = vB_String::vbStrlen($username);
if ($length < $this->registry->options['minuserlength']) {
// name too short
$this->error('usernametooshort', $this->registry->options['minuserlength']);
return false;
} else {
if ($length > $this->registry->options['maxuserlength']) {
// name too long
$this->error('usernametoolong', $this->registry->options['maxuserlength']);
return false;
} else {
if (preg_match('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $username)) {
// name contains semicolons
$this->error('username_contains_semi_colons');
return false;
} else {
if ($username != fetch_censored_text($username)) {
// name contains censored words
$this->error('censorfield');
return false;
} else {
$result = $this->assertor->assertQuery('verifyUsername', array('userid' => intval($this->existing['userid']), 'username' => vB_String::htmlSpecialCharsUni($username), 'username_raw' => vB_String::htmlSpecialCharsUni($username_raw)));
if ($result->valid() and $result->current()) {
// name is already in use
$this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), vB::getCurrentSession()->get('sessionurl'));
return false;
} else {
if (!empty($this->registry->options['illegalusernames'])) {
// check for illegal username
$usernames = preg_split('/[ \\r\\n\\t]+/', $this->registry->options['illegalusernames'], -1, PREG_SPLIT_NO_EMPTY);
foreach ($usernames as $val) {
if (strpos(strtolower($username), strtolower($val)) !== false) {
// wierd error to show, but hey...
$this->error('usernametaken', vB_String::htmlSpecialCharsUni($username), vB::getCurrentSession()->get('sessionurl'));
return false;
}
}
}
}
}
}
}
}
// if we got here, everything is okay
$username = vB_String::htmlSpecialCharsUni($username);
return true;
}
/**
* Verifies that the provided username is valid, and attempts to correct it if it is not valid
*
* @param string Username
*
* @return boolean Returns true if the username is valid, or has been corrected to be valid
*/
function verify_username(&$username)
{
// this is duplicated from the user manager
// fix extra whitespace and invisible ascii stuff
$username = trim(preg_replace('#[ \\r\\n\\t]+#si', ' ', strip_blank_ascii($username, ' ')));
$username_raw = $username;
global $stylevar;
$username = preg_replace('/&#([0-9]+);/ie', "convert_unicode_char_to_charset('\\1', \$stylevar['charset'])", $username);
$username = preg_replace('/�*([0-9]{1,2}|1[01][0-9]|12[0-7]);/ie', "convert_int_to_utf8('\\1')", $username);
$username = str_replace(chr(0), '', $username);
$username = trim($username);
$length = vbstrlen($username);
if ($length < $this->registry->options['minuserlength']) {
// name too short
$this->error('usernametooshort', $this->registry->options['minuserlength']);
return false;
} else {
if ($length > $this->registry->options['maxuserlength']) {
// name too long
$this->error('usernametoolong', $this->registry->options['maxuserlength']);
return false;
} else {
if (preg_match('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $username)) {
// name contains semicolons
$this->error('username_contains_semi_colons');
return false;
} else {
if ($username != fetch_censored_text($username)) {
// name contains censored words
$this->error('censorfield', $this->registry->options['contactuslink']);
return false;
} else {
if ($this->dbobject->query_first("\n\t\t\tSELECT userid, username FROM " . TABLE_PREFIX . "user\n\t\t\tWHERE userid != " . intval($this->existing['userid']) . "\n\t\t\tAND\n\t\t\t(\n\t\t\t\tusername = '******'\n\t\t\t\tOR\n\t\t\t\tusername = '******'\n\t\t\t)\n\t\t")) {
// name is already in use
$this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']);
return false;
} else {
if (!empty($this->registry->options['illegalusernames'])) {
// check for illegal username
$usernames = preg_split('/[ \\r\\n\\t]+/', $this->registry->options['illegalusernames'], -1, PREG_SPLIT_NO_EMPTY);
foreach ($usernames as $val) {
if (strpos(strtolower($username), strtolower($val)) !== false) {
// wierd error to show, but hey...
$this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']);
return false;
}
}
}
}
}
}
}
}
// if we got here, everything is okay
$username = htmlspecialchars_uni($username);
return true;
}
function verify_authentication($username, $password, $md5password, $md5password_utf, $cookieuser, $send_cookies)
{
global $vbulletin;
$username = strip_blank_ascii($username, ' ');
if ($vbulletin->userinfo = $vbulletin->db->query_first("SELECT userid, usergroupid, membergroupids, infractiongroupids, username, password, salt FROM " . TABLE_PREFIX . "user WHERE username = '******'"))
{
if (
$vbulletin->userinfo['password'] != iif($password AND !$md5password, md5(md5($password) . $vbulletin->userinfo['salt']), '') AND
$vbulletin->userinfo['password'] != iif($md5password, md5($md5password . $vbulletin->userinfo['salt']), '') AND
$vbulletin->userinfo['password'] != iif($md5password_utf, md5($md5password_utf . $vbulletin->userinfo['salt']), '')
)
{
$return_value = false;
($hook = vBulletinHook::fetch_hook('login_verify_failure_password')) ? eval($hook) : false;
if (isset($return_value))
{
// unset $return_value if you want to run the $send_cookies stuff
return $return_value;
}
}
else if ($vbulletin->userinfo['password'] == '')
{
// sanity check, though there should never really be an empty string for a password
$return_value = false;
($hook = vBulletinHook::fetch_hook('login_verify_failure_password')) ? eval($hook) : false;
if (isset($return_value))
{
// unset $return_value if you want to run the $send_cookies stuff
return $return_value;
}
}
if ($send_cookies)
{
set_authentication_cookies($cookieuser);
}
$return_value = true;
($hook = vBulletinHook::fetch_hook('login_verify_success')) ? eval($hook) : false;
return $return_value;
}
$return_value = false;
($hook = vBulletinHook::fetch_hook('login_verify_failure_username')) ? eval($hook) : false;
return $return_value;
}
/**
* This checks whether the a username is available and valid
*
* @param username $
* @return bool
*/
public function checkUsername($candidate)
{
$cleaner = vB::get_cleaner();
$candidate = $cleaner->clean($candidate, vB_Cleaner::TYPE_STR);
$options = vB::getDatastore()->getValue('options');
if (empty($candidate)) {
throw new vB_Exception_Api('invalid_username_specified');
}
$usernameLen = iconv_strlen($candidate, vB_String::getCharset());
// We shouldn't use vB_String::vbStrlen() as it will count &xxx; as one character.
if ($usernameLen < $options['minuserlength']) {
throw new vB_Exception_Api('invalid_username_specified_minlength_x', array($options['minuserlength']));
}
if ($usernameLen > $options['maxuserlength']) {
throw new vB_Exception_Api('invalid_username_specified_maxlength_x', array($options['maxuserlength']));
}
if (!empty($options['usernameregex'])) {
// check for regex compliance
if (!preg_match('#' . str_replace('#', '\\#', $options['usernameregex']) . '#siU', $candidate)) {
throw new vB_Exception_Api('usernametaken', array(vB_String::htmlSpecialCharsUni($candidate), vB::getCurrentSession()->get('sessionurl')));
}
}
if (!empty($options['illegalusernames'])) {
// check for illegal username
$usernames = preg_split('/[ \\r\\n\\t]+/', $options['illegalusernames'], -1, PREG_SPLIT_NO_EMPTY);
foreach ($usernames as $val) {
if (strpos(strtolower($candidate), strtolower($val)) !== false) {
// wierd error to show, but hey...
throw new vB_Exception_Api('usernametaken', array(vB_String::htmlSpecialCharsUni($candidate), vB::getCurrentSession()->get('sessionurl')));
}
}
}
$candidate = trim(preg_replace('#[ \\r\\n\\t]+#si', ' ', strip_blank_ascii($candidate, ' ')));
$check = vB::getDbAssertor()->getRow('user', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_SELECT, 'username' => $candidate));
if (isset($check['errors'])) {
throw new vB_Exception_Api($check['errors'][0][0]);
} else {
if (!empty($check)) {
throw new vB_Exception_Api('user_name_x_already_in_use_choose_different_name', array($candidate));
}
}
return true;
}
function verify_authentication($username, $password, $md5password, $md5password_utf, $cookieuser, $send_cookies)
{
global $vbulletin;
$username = strip_blank_ascii($username, ' ');
if ($vbulletin->userinfo = $vbulletin->db->query_first("SELECT userid, usergroupid, membergroupids, infractiongroupids, username, password, salt FROM " . TABLE_PREFIX . "user WHERE username = '******'")) {
if ($vbulletin->userinfo['password'] != iif($password and !$md5password, md5(md5($password) . $vbulletin->userinfo['salt']), '') and $vbulletin->userinfo['password'] != iif($md5password, md5($md5password . $vbulletin->userinfo['salt']), '') and $vbulletin->userinfo['password'] != iif($md5password_utf, md5($md5password_utf . $vbulletin->userinfo['salt']), '')) {
$return_value = false;
($hook = vBulletinHook::fetch_hook('login_verify_failure_password')) ? eval($hook) : false;
if (isset($return_value)) {
// unset $return_value if you want to run the $send_cookies stuff
return $return_value;
}
} else {
if ($vbulletin->userinfo['password'] == '') {
// sanity check, though there should never really be an empty string for a password
$return_value = false;
($hook = vBulletinHook::fetch_hook('login_verify_failure_password')) ? eval($hook) : false;
if (isset($return_value)) {
// unset $return_value if you want to run the $send_cookies stuff
return $return_value;
}
}
}
if ($send_cookies) {
if ($cookieuser) {
vbsetcookie('userid', $vbulletin->userinfo['userid'], true, true, true);
vbsetcookie('password', md5($vbulletin->userinfo['password'] . COOKIE_SALT), true, true, true);
} else {
if ($vbulletin->GPC[COOKIE_PREFIX . 'userid'] and $vbulletin->GPC[COOKIE_PREFIX . 'userid'] != $vbulletin->userinfo['userid']) {
// we have a cookie from a user and we're logging in as
// a different user and we're not going to store a new cookie,
// so let's unset the old one
vbsetcookie('userid', '', true, true, true);
vbsetcookie('password', '', true, true, true);
}
}
}
$return_value = true;
($hook = vBulletinHook::fetch_hook('login_verify_success')) ? eval($hook) : false;
return $return_value;
}
$return_value = false;
($hook = vBulletinHook::fetch_hook('login_verify_failure_username')) ? eval($hook) : false;
return $return_value;
}
/**
* Verifies that the provided username is valid, and attempts to correct it if it is not valid
*
* @param string Username
*
* @return boolean Returns true if the username is valid, or has been corrected to be valid
*/
function verify_username(&$username)
{
// fix extra whitespace and invisible ascii stuff
$username = trim(preg_replace('#[ \\r\\n\\t]+#si', ' ', strip_blank_ascii($username, ' ')));
$username_raw = $username;
global $stylevar;
$username = preg_replace('/&#([0-9]+);/ie', "convert_unicode_char_to_charset('\\1', \$stylevar['charset'])", $username);
$username = preg_replace('/�*([0-9]{1,2}|1[01][0-9]|12[0-7]);/ie', "convert_int_to_utf8('\\1')", $username);
$username = str_replace(chr(0), '', $username);
$username = trim($username);
$length = vbstrlen($username);
if ($length == 0) {
// check for empty string
$this->error('fieldmissing_username');
return false;
} else {
if ($length < $this->registry->options['minuserlength'] and !$this->adminoverride) {
// name too short
$this->error('usernametooshort', $this->registry->options['minuserlength']);
return false;
} else {
if ($length > $this->registry->options['maxuserlength'] and !$this->adminoverride) {
// name too long
$this->error('usernametoolong', $this->registry->options['maxuserlength']);
return false;
} else {
if (preg_match('/(?<!&#[0-9]{3}|&#[0-9]{4}|&#[0-9]{5});/', $username)) {
// name contains semicolons
$this->error('username_contains_semi_colons');
return false;
} else {
if ($username != fetch_censored_text($username) and !$this->adminoverride) {
// name contains censored words
$this->error('censorfield', $this->registry->options['contactuslink']);
return false;
} else {
if (htmlspecialchars_uni($username_raw) != $this->existing['username'] and $user = $this->dbobject->query_first("\n\t\t\tSELECT userid, username FROM " . TABLE_PREFIX . "user\n\t\t\tWHERE userid != " . intval($this->existing['userid']) . "\n\t\t\tAND\n\t\t\t(\n\t\t\t\tusername = '******'\n\t\t\t\tOR\n\t\t\t\tusername = '******'\n\t\t\t)\n\t\t")) {
// name is already in use
if ($this->error_handler == ERRTYPE_CP) {
$this->error('usernametaken_edit_here', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl'], $user['userid']);
} else {
$this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']);
}
return false;
}
}
}
}
}
}
if (!empty($this->registry->options['usernameregex']) and !$this->adminoverride) {
// check for regex compliance
if (!preg_match('#' . str_replace('#', '\\#', $this->registry->options['usernameregex']) . '#siU', $username)) {
$this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']);
return false;
}
}
if (htmlspecialchars_uni($username_raw) != $this->existing['username'] and !$this->adminoverride and $this->registry->options['usernamereusedelay'] > 0) {
require_once DIR . '/includes/class_userchangelog.php';
$userchangelog = new vB_UserChangeLog($this->registry);
$userchangelog->set_execute(true);
$userchangelog->set_just_count(true);
if ($userchangelog->sql_select_by_username(htmlspecialchars_uni($username), TIMENOW - $this->registry->options['usernamereusedelay'] * 86400)) {
$this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']);
return false;
}
}
if (htmlspecialchars_uni($username_raw) != $this->existing['username'] and !empty($this->registry->options['illegalusernames']) and !$this->adminoverride) {
// check for illegal username
$usernames = preg_split('/[ \\r\\n\\t]+/', $this->registry->options['illegalusernames'], -1, PREG_SPLIT_NO_EMPTY);
foreach ($usernames as $val) {
if (strpos(strtolower($username), strtolower($val)) !== false) {
// wierd error to show, but hey...
$this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']);
return false;
}
}
}
$unregisteredphrases = $this->registry->db->query_read("\n\t\t\tSELECT text\n\t\t\tFROM " . TABLE_PREFIX . "phrase\n\t\t\tWHERE varname = 'unregistered'\n\t\t\t\tAND fieldname = 'global'\n\t\t");
while ($unregisteredphrase = $this->registry->db->fetch_array($unregisteredphrases)) {
if (strtolower($unregisteredphrase['text']) == strtolower($username) or strtolower($unregisteredphrase['text']) == strtolower($username_raw)) {
$this->error('usernametaken', htmlspecialchars_uni($username), $this->registry->session->vars['sessionurl']);
return false;
}
}
// if we got here, everything is okay
$username = htmlspecialchars_uni($username);
// remove any trailing HTML entities that will be cut off when we stick them in the DB.
// if we don't do this, the affected person won't be able to login, be banned, etc...
$column_info = $this->dbobject->query_first("SHOW COLUMNS FROM " . TABLE_PREFIX . "user LIKE 'username'");
if (preg_match('#char\\((\\d+)\\)#i', $column_info['Type'], $match) and $match[1] > 0) {
$username = preg_replace('/&([a-z0-9#]*)$/i', '', substr($username, 0, $match[1]));
}
return true;
}
// Process input data
GetInputData('Config', $Config);
if (!array_key_exists('CookieMember', $Config)) {
FatalError("Key 'CookieMember' is not exists in \$Config array");
}
$CookieUser = $Config['CookieMember'];
if (!array_key_exists('RedirectMethod', $Config)) {
FatalError("Key 'RedirectMethod' is not exists in \$Config array");
}
$RedirectMethod = $Config['RedirectMethod'];
if (!in_array($RedirectMethod, array('SubmitForm', 'SendHeader'))) {
FatalError("Invalid RedirectMethod option: '{$RedirectMethod}'");
}
GetInputData('UserIdentifier', $Username);
GetInputData('LoginMessage', $LoginMessage);
$Username = strip_blank_ascii($Username, ' ');
if ($vbulletin->userinfo = $vbulletin->db->query_first("SELECT userid, usergroupid, membergroupids, username, password, salt \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tFROM " . TABLE_PREFIX . "user \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE username = '******'")) {
if ($CookieUser) {
vbsetcookie('userid', $vbulletin->userinfo['userid']);
vbsetcookie('password', md5($vbulletin->userinfo['password'] . COOKIE_SALT));
} else {
if ($vbulletin->{$_COOKIE}[COOKIE_PREFIX . 'userid'] and $_COOKIE[COOKIE_PREFIX . 'userid'] != $vbulletin->userinfo['userid']) {
// If there is cookie from other user, delete it
vbsetcookie('userid', '');
vbsetcookie('password', '');
}
}
} else {
FatalError("Erroneous or empty query result: " . "SELECT userid, usergroupid, membergroupids, username, password, salt FROM " . TABLE_PREFIX . "user WHERE username = '******'");
}
// Create new session
/**
* Replaces any instances of words censored in $vbulletin->options['censorwords'] with $vbulletin->options['censorchar']
*
* @param string Text to be censored
*
* @return string
*/
function fetch_censored_text($text)
{
global $vbulletin;
static $censorwords;
if (!$text)
{
// return $text rather than nothing, since this could be '' or 0
return $text;
}
if ($vbulletin->options['enablecensor'] AND !empty($vbulletin->options['censorwords']))
{
if (empty($censorwords))
{
$vbulletin->options['censorwords'] = preg_quote($vbulletin->options['censorwords'], '#');
$censorwords = preg_split('#[ \r\n\t]+#', $vbulletin->options['censorwords'], -1, PREG_SPLIT_NO_EMPTY);
}
foreach ($censorwords AS $censorword)
{
if (substr($censorword, 0, 2) == '\\{')
{
if (substr($censorword, -2, 2) == '\\}')
{
// prevents errors from the replace if the { and } are mismatched
$censorword = substr($censorword, 2, -2);
}
// ASCII character search 0-47, 58-64, 91-96, 123-127
$nonword_chars = '\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f';
// words are delimited by ASCII characters outside of A-Z, a-z and 0-9
$text = preg_replace(
'#(?<=[' . $nonword_chars . ']|^)' . $censorword . '(?=[' . $nonword_chars . ']|$)#si',
str_repeat($vbulletin->options['censorchar'], vbstrlen($censorword)),
$text
);
}
else
{
$text = preg_replace("#$censorword#si", str_repeat($vbulletin->options['censorchar'], vbstrlen($censorword)), $text);
}
}
}
// strip any admin-specified blank ascii chars
$text = strip_blank_ascii($text, $vbulletin->options['censorchar']);
return $text;
}
}
if ($vbulletin->GPC['perpage'] < 1) {
$vbulletin->GPC['perpage'] = $vbulletin->options['rcd_pm_log_rows_per_page'];
}
$perpage = $vbulletin->GPC['perpage'];
$search_keywords = trim($vbulletin->GPC['keywords']);
if ($vbulletin->GPC_exists['userid']) {
$userinfo = verify_id('user', $vbulletin->GPC['userid'], false, true);
if (!$userinfo) {
print_stop_message('invalidid', $vbphrase["{$idname}"], $vbulletin->options['contactuslink']);
}
$vbulletin->GPC['username'] = $userinfo['username'];
}
if ($vbulletin->GPC['username']) {
$user_name = $vbulletin->GPC['username'];
$user_name = strip_blank_ascii($user_name, ' ');
}
if (!$vbulletin->GPC['total_count']) {
$vbulletin->GPC['total_count'] = rcd_pm_get_total_count($user_name, $search_keywords);
}
$total_count = $vbulletin->GPC['total_count'];
if (!$endlogid and MOVE_LAST == $move or !$startlogid and MOVE_PREV == $move or !$startlogid and MOVE_FIRST == $move) {
print_stop_message('rcd_pm_log_invalid_parameters');
}
$sql_draft = 'SELECT
pm.logid, pm.fromuserid, pm.fromusername, pm.touserid, pm.tousername, pm.title, pm.dateline
FROM
' . TABLE_PREFIX . 'rcd_log_pm AS pm';
$order = 'DESC';
$limit = $perpage + 1;
switch ($move) {
function verify_authentication($username, $password, $md5password, $md5password_utf, $cookieuser, $send_cookies)
{
global $vbulletin;
$username = strip_blank_ascii($username, ' ');
// See VBM-635: &#xxx; should be converted to windows-1252 extended char. This may not happen if a browser submits the form. But from API or user manually input, it does.
// See also vB_DataManager_User::verify_username()
$charset = strtolower(vB_Template_Runtime::fetchStyleVar('charset')) == 'iso-8859-1' ? 'windows-1252' : vB_Template_Runtime::fetchStyleVar('charset');
$username = preg_replace('/&#([0-9]+);/ie', "convert_unicode_char_to_charset('\\1', '{$charset}')", $username);
if ($vbulletin->userinfo = $vbulletin->db->query_first("SELECT userid, usergroupid, membergroupids, infractiongroupids, username, password, salt FROM " . TABLE_PREFIX . "user WHERE username = '******'")) {
if ($vbulletin->userinfo['password'] != iif($password and !$md5password, md5(md5($password) . $vbulletin->userinfo['salt']), '') and $vbulletin->userinfo['password'] != iif($md5password, md5($md5password . $vbulletin->userinfo['salt']), '') and $vbulletin->userinfo['password'] != iif($md5password_utf, md5($md5password_utf . $vbulletin->userinfo['salt']), '')) {
$return_value = false;
($hook = vBulletinHook::fetch_hook('login_verify_failure_password')) ? eval($hook) : false;
if (isset($return_value)) {
// unset $return_value if you want to run the $send_cookies stuff
return $return_value;
}
} else {
if ($vbulletin->userinfo['password'] == '') {
// sanity check, though there should never really be an empty string for a password
$return_value = false;
($hook = vBulletinHook::fetch_hook('login_verify_failure_password')) ? eval($hook) : false;
if (isset($return_value)) {
// unset $return_value if you want to run the $send_cookies stuff
return $return_value;
}
}
}
if ($send_cookies) {
set_authentication_cookies($cookieuser);
}
$return_value = true;
($hook = vBulletinHook::fetch_hook('login_verify_success')) ? eval($hook) : false;
return $return_value;
}
$return_value = false;
($hook = vBulletinHook::fetch_hook('login_verify_failure_username')) ? eval($hook) : false;
return $return_value;
}