Beispiel #1
0
 /**
  * Login a user
  *
  * @param string $username
  * @param string $password
  * @param string $md5password
  * @param string $md5passwordutf
  * @param string $logintype
  *
  * @return array
  *	'userid' => int the id of the vbulletin user logged in
  *	'password' => string "remeber me token".  A value that can be used to create a new
  *		session without the user explicitly logging in
  *	'lastvisit'
  *	'lastactivity'
  *	'sessionhash' => the session value used to authenticate the user on subsequent page loads
  *	'cpsessionhash' => value needed to access the admincp.  Defines being logged in "as an admin"
  */
 public function login($username, $password = null, $md5password = null, $md5passwordutf = null, $logintype = null)
 {
     $username = vB_String::htmlSpecialCharsUni($username);
     // require_once(DIR . '/includes/functions_login.php');
     $vboptions = vB::getDatastore()->getValue('options');
     if (!$username) {
         throw new vB_Exception_Api('badlogin', vB5_Route::buildUrl('lostpw'));
     }
     $strikes = vB_User::verifyStrikeStatus($username);
     if ($strikes === false) {
         // todo: check for missing args
         throw new vB_Exception_Api('strikes', vB5_Route::buildUrl('lostpw'));
     }
     $auth = vB_User::verifyAuthentication($username, $password, $md5password, $md5passwordutf);
     if (!$auth) {
         // check password
         vB_User::execStrikeUser($username);
         if ($logintype === 'cplogin') {
             // log this error if attempting to access the control panel
             require_once DIR . '/includes/functions_log_error.php';
             log_vbulletin_error($username, 'security');
         }
         // TODO: we need to add missing parameters for 'forgot password'
         if ($vboptions['usestrikesystem']) {
             throw new vB_Exception_Api('badlogin_strikes_passthru', array(vB5_Route::buildUrl('lostpw'), $strikes + 1));
         } else {
             throw new vB_Exception_Api('badlogin_passthru', array(vB5_Route::buildUrl('lostpw'), $strikes + 1));
         }
     }
     vB_User::execUnstrikeUser($username);
     // create new session
     $res = vB_User::processNewLogin($auth, $logintype);
     return $res;
 }
Beispiel #2
0
     }
 }
 // can the user login?
 $strikes = vB_User::verifyStrikeStatus($vbulletin->GPC['vb_login_username']);
 if ($strikes === false) {
     admin_login_error('strikes');
     eval(standard_error(fetch_error('strikes', $vbulletin->options['bburl'], vB::getCurrentSession()->get('sessionurl'))));
 }
 if ($vbulletin->GPC['vb_login_username'] == '') {
     admin_login_error('badlogin', array('strikes' => $strikes));
     eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], vB::getCurrentSession()->get('sessionurl'), $strikes)));
 }
 // WE DON'T NEED THIS ANYMORE, AS verify_authentication WILL MODIFY vbulletin->userinfo ONLY IF IT PASSES THE CHECK
 //	// make sure our user info stays as whoever we were (for example, we might be logged in via cookies already)
 //	$original_userinfo = $vbulletin->userinfo;
 $auth = vB_User::verifyAuthentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['vb_login_password'], $vbulletin->GPC['vb_login_md5password'], $vbulletin->GPC['vb_login_md5password_utf']);
 if (!$auth) {
     // Legacy Hook 'login_failure' Removed //
     // check password
     vB_User::execStrikeUser($vbulletin->userinfo['username']);
     if ($vbulletin->GPC['logintype'] === 'cplogin' or $vbulletin->GPC['logintype'] === 'modcplogin') {
         // log this error if attempting to access the control panel
         require_once DIR . '/includes/functions_log_error.php';
         log_vbulletin_error($vbulletin->GPC['vb_login_username'], 'security');
     }
     //		$vbulletin->userinfo = $original_userinfo;
     // For vB_API we need to unlogin the users we logged in before
     if (defined('VB_API') and VB_API === true) {
         $vbulletin->session->set('userid', 0);
         $vbulletin->session->set('loggedin', 0);
     }