else
{
$vbulletin->GPC['postvars'] = '';
}
}
// workaround IIS cookie+location header bug
$forceredirect = (strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') !== false);
eval(print_standard_redirect('forumpasswordcorrect', true, $forceredirect));
}
else
{
require_once(DIR . '/includes/functions_misc.php');
$vbulletin->GPC['url'] = str_replace('&', '&', $vbulletin->GPC['url']);
$postvars = construct_post_vars_html()
. '<input type="hidden" name="securitytoken" value="' . $vbulletin->userinfo['securitytoken'] . '" />';
// TODO; Convert 'forumpasswordincorrect' to vB4 style
eval(standard_error(fetch_error('forumpasswordincorrect',
$vbulletin->session->vars['sessionhash'],
htmlspecialchars_uni($vbulletin->GPC['url']),
$foruminfo['forumid'],
$postvars,
10,
1
)));
}
}
// ###### END SPECIAL PATHS
/**
* Displays the login form for the various control panel areas
*
* The actual form displayed is dependent upon the VB_AREA constant
*/
function print_cp_login($mismatch = false)
{
global $vbulletin, $vbphrase, $stylevar;
$focusfield = iif($vbulletin->userinfo['userid'] == 0, 'username', 'password');
$vbulletin->input->clean_array_gpc('r', array('vb_login_username' => TYPE_NOHTML));
$printusername = iif(!empty($vbulletin->GPC['vb_login_username']), $vbulletin->GPC['vb_login_username'], $vbulletin->userinfo['username']);
$vbulletin->userinfo['badlocation'] = 1;
switch (VB_AREA) {
case 'AdminCP':
$pagetitle = $vbphrase['admin_control_panel'];
$getcssoptions = fetch_cpcss_options();
$cssoptions = array();
foreach ($getcssoptions as $folder => $foldername) {
$key = iif($folder == $vbulletin->options['cpstylefolder'], '', $folder);
$cssoptions["{$key}"] = $foldername;
}
$showoptions = true;
$logintype = 'cplogin';
break;
case 'ModCP':
$pagetitle = $vbphrase['moderator_control_panel'];
$showoptions = false;
$logintype = 'modcplogin';
break;
default:
($hook = vBulletinHook::fetch_hook('admin_login_area_switch')) ? eval($hook) : false;
}
define('NO_PAGE_TITLE', true);
print_cp_header($vbphrase['log_in'], "document.forms.loginform.vb_login_{$focusfield}.focus()");
require_once DIR . '/includes/functions_misc.php';
$postvars = construct_post_vars_html();
?>
<script type="text/javascript" src="../clientscript/vbulletin_md5.js"></script>
<script type="text/javascript">
<!--
function js_show_options(objectid, clickedelm)
{
fetch_object(objectid).style.display = "";
clickedelm.disabled = true;
}
function js_fetch_url_append(origbit,addbit)
{
if (origbit.search(/\?/) != -1)
{
return origbit + '&' + addbit;
}
else
{
return origbit + '?' + addbit;
}
}
function js_do_options(formobj)
{
if (typeof(formobj.nojs) != "undefined" && formobj.nojs.checked == true)
{
formobj.url.value = js_fetch_url_append(formobj.url.value, 'nojs=1');
}
return true;
}
//-->
</script>
<form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">
<input type="hidden" name="url" value="<?php
echo $vbulletin->scriptpath;
?>
" />
<input type="hidden" name="s" value="<?php
echo $vbulletin->session->vars['dbsessionhash'];
?>
" />
<input type="hidden" name="securitytoken" value="<?php
echo $vbulletin->userinfo['securitytoken'];
?>
" />
<input type="hidden" name="logintype" value="<?php
echo $logintype;
?>
" />
<input type="hidden" name="do" value="login" />
<input type="hidden" name="vb_login_md5password" value="" />
<input type="hidden" name="vb_login_md5password_utf" value="" />
<?php
echo $postvars;
?>
<p> </p><p> </p>
<table class="tborder" cellpadding="0" cellspacing="0" border="0" width="450" align="center"><tr><td>
<!-- header -->
<div class="tcat" style="padding:4px; text-align:center"><b><?php
echo $vbphrase['log_in'];
?>
</b></div>
<!-- /header -->
<!-- logo and version -->
<table cellpadding="4" cellspacing="0" border="0" width="100%" class="navbody">
<tr valign="bottom">
<td><img src="../cpstyles/<?php
echo $vbulletin->options['cpstylefolder'];
?>
/cp_logo.gif" alt="" title="<?php
echo $vbphrase['vbulletin_copyright'];
?>
" border="0" /></td>
<td>
<b><a href="../<?php
echo $vbulletin->options['forumhome'];
?>
.php"><?php
echo $vbulletin->options['bbtitle'];
?>
</a></b><br />
<?php
echo "vBulletin " . $vbulletin->options['templateversion'] . " {$pagetitle}";
?>
<br />
</td>
</tr>
<?php
if ($mismatch) {
?>
<tr>
<td colspan="2" class="navbody"><b><?php
echo $vbphrase['to_continue_this_action'];
?>
</b></td>
</tr>
<?php
}
?>
</table>
<!-- /logo and version -->
<table cellpadding="4" cellspacing="0" border="0" width="100%" class="logincontrols">
<col width="50%" style="text-align:<?php
echo $stylevar['right'];
?>
; white-space:nowrap"></col>
<col></col>
<col width="50%"></col>
<!-- login fields -->
<tbody>
<tr>
<td><?php
echo $vbphrase['username'];
?>
</td>
<td><input type="text" style="padding-<?php
echo $stylevar['left'];
?>
:5px; font-weight:bold; width:250px" name="vb_login_username" value="<?php
echo $printusername;
?>
" accesskey="u" tabindex="1" id="vb_login_username" /></td>
<td> </td>
</tr>
<tr>
<td><?php
echo $vbphrase['password'];
?>
</td>
<td><input type="password" style="padding-<?php
echo $stylevar['left'];
?>
:5px; font-weight:bold; width:250px" name="vb_login_password" accesskey="p" tabindex="2" id="vb_login_password" /></td>
<td> </td>
</tr>
<tr style="display: none" id="cap_lock_alert">
<td> </td>
<td class="tborder"><?php
echo $vbphrase['caps_lock_is_on'];
?>
</td>
<td> </td>
</tr>
</tbody>
<!-- /login fields -->
<?php
if ($showoptions) {
?>
<!-- admin options -->
<tbody id="loginoptions" style="display:none">
<tr>
<td><?php
echo $vbphrase['style'];
?>
</td>
<td><select name="cssprefs" class="login" style="padding-<?php
echo $stylevar['left'];
?>
:5px; font-weight:normal; width:250px" tabindex="5"><?php
echo construct_select_options($cssoptions, $csschoice);
?>
</select></td>
<td> </td>
</tr>
<tr>
<td><?php
echo $vbphrase['options'];
?>
</td>
<td>
<input type="checkbox" name="nojs" value="1" tabindex="6" /><?php
echo $vbphrase['save_open_groups_automatically'];
?>
</td>
<td class="login"> </td>
</tr>
</tbody>
<!-- /admin options -->
<?php
}
?>
<!-- submit row -->
<tbody>
<tr>
<td colspan="3" align="center">
<input type="submit" class="button" value=" <?php
echo $vbphrase['log_in'];
?>
" accesskey="s" tabindex="3" />
<?php
if ($showoptions) {
?>
<input type="button" class="button" value=" <?php
echo $vbphrase['options'];
?>
" accesskey="o" onclick="js_show_options('loginoptions', this)" tabindex="4" /><?php
}
?>
</td>
</tr>
</tbody>
<!-- /submit row -->
</table>
</td></tr></table>
</form>
<script type="text/javascript">
<!--
function caps_check(e)
{
var detected_on = detect_caps_lock(e);
var alert_box = fetch_object('cap_lock_alert');
if (alert_box.style.display == '')
{
// box showing already, hide if caps lock turns off
if (!detected_on)
{
alert_box.style.display = 'none';
}
}
else
{
if (detected_on)
{
alert_box.style.display = '';
}
}
}
fetch_object('vb_login_password').onkeypress = caps_check;
//-->
</script>
<?php
define('NO_CP_COPYRIGHT', true);
unset($GLOBALS['DEVDEBUG']);
print_cp_footer();
}
/**
* Returns whether or not the visiting user can view the specified password-protected forum
*
* @param integer Forum ID
* @param string Provided password
* @param boolean If true, show error when access is denied
*
* @return boolean
*/
function verify_forum_password($forumid, $password, $showerror = true)
{
global $vbulletin;
if (!$password OR ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) OR ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator']) OR can_moderate($forumid))
{
return true;
}
$foruminfo = fetch_foruminfo($forumid);
$parents = explode(',', $foruminfo['parentlist']);
foreach ($parents AS $fid)
{ // get the pwd from any parent forums -- allows pwd cookies to cascade down
if ($temp = fetch_bbarray_cookie('forumpwd', $fid) AND $temp === md5($vbulletin->userinfo['userid'] . $password))
{
return true;
}
}
// didn't match the password in any cookie
if ($showerror)
{
require_once(DIR . '/includes/functions_misc.php');
$security_token_html = '<input type="hidden" name="securitytoken" value="' . $vbulletin->userinfo['securitytoken'] . '" />';
// forum password is bad - show error
// TODO convert the 'forumpasswordmissoing' phrase to vB4
eval(standard_error(fetch_error('forumpasswordmissing',
$vbulletin->session->vars['sessionhash'],
$vbulletin->scriptpath,
$forumid,
construct_post_vars_html() . $security_token_html,
10,
1
)));
}
else
{
// forum password is bad - return false
return false;
}
}
if (($check = verify_client_string($vbulletin->GPC['postvars'])) !== false) {
$temp = unserialize($check);
if ($temp['do'] == 'doenterpwd') {
$vbulletin->GPC['postvars'] = '';
}
} else {
$vbulletin->GPC['postvars'] = '';
}
}
// workaround IIS cookie+location header bug
$forceredirect = strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') !== false;
eval(print_standard_redirect('forumpasswordcorrect', true, $forceredirect));
} else {
require_once DIR . '/includes/functions_misc.php';
$vbulletin->GPC['url'] = str_replace('&', '&', $vbulletin->GPC['url']);
$postvars = construct_post_vars_html() . '<input type="hidden" name="securitytoken" value="' . $vbulletin->userinfo['securitytoken'] . '" />';
eval(standard_error(fetch_error('forumpasswordincorrect', $vbulletin->session->vars['sessionhash'], htmlspecialchars_uni($vbulletin->GPC['url']), $foruminfo['forumid'], $postvars, $stylevar['cellpadding'], $stylevar['cellspacing'])));
}
}
// ###### END SPECIAL PATHS
// These $_REQUEST values will get used in the sort template so they are assigned to normal variables
$perpage = $vbulletin->input->clean_gpc('r', 'perpage', TYPE_UINT);
$pagenumber = $vbulletin->input->clean_gpc('r', 'pagenumber', TYPE_UINT);
$daysprune = $vbulletin->input->clean_gpc('r', 'daysprune', TYPE_INT);
$sortfield = $vbulletin->input->clean_gpc('r', 'sortfield', TYPE_STR);
// get permission to view forum
$_permsgetter_ = 'forumdisplay';
$forumperms = fetch_permissions($foruminfo['forumid']);
if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview'])) {
print_no_permission();
}
/**
* Shows the form for inline mod authentication.
*/
function show_inline_mod_login()
{
global $vbulletin, $stylevar, $vbphrase, $show;
$formvars['url'] = $vbulletin->scriptpath;
$formvars['username'] = $vbulletin->userinfo['username'];
$postvars = construct_post_vars_html();
eval('$html = "' . fetch_template("threadadmin_authenticate") . '";');
standard_error($html);
}
/**
* Returns whether or not the visiting user can view the specified password-protected forum
*
* @param integer Forum ID
* @param string Provided password
* @param boolean If true, show error when access is denied
*
* @return boolean
*/
function verify_forum_password($forumid, $password, $showerror = true)
{
global $vbulletin;
if (!$password or $vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or $vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator'] or can_moderate($forumid)) {
return true;
}
$foruminfo = fetch_foruminfo($forumid);
$parents = explode(',', $foruminfo['parentlist']);
if (!VB_API) {
foreach ($parents as $fid) {
// get the pwd from any parent forums -- allows pwd cookies to cascade down
if ($temp = fetch_bbarray_cookie('forumpwd', $fid) and $temp === md5($vbulletin->userinfo['userid'] . $password)) {
return true;
}
}
} else {
$forumpwdmd5 = $vbulletin->input->clean_gpc('r', 'forumpwdmd5', TYPE_STR);
if ($forumpwdmd5 === md5($vbulletin->userinfo['userid'] . $password)) {
return true;
}
}
// didn't match the password in any cookie
if ($showerror) {
require_once DIR . '/includes/functions_misc.php';
$security_token_html = '<input type="hidden" name="securitytoken" value="' . $vbulletin->userinfo['securitytoken'] . '" />';
// forum password is bad - show error
//use the basic link here. I'm not sure how the advanced link will play with the postvars in the form.
require_once DIR . '/includes/class_friendly_url.php';
$forumlink = vB_Friendly_Url::fetchLibrary($vbulletin, 'forum|nosession', $foruminfo, array('do' => 'doenterpwd'));
$forumlink = $forumlink->get_url(FRIENDLY_URL_OFF);
// TODO convert the 'forumpasswordmissoing' phrase to vB4
eval(standard_error(fetch_error('forumpasswordmissing', $vbulletin->session->vars['sessionhash'], $vbulletin->scriptpath, $forumid, construct_post_vars_html() . $security_token_html, 10, 1, $forumlink)));
} else {
// forum password is bad - return false
return false;
}
}
/**
* Displays the login form for the various control panel areas
*
* The actual form displayed is dependent upon the VB_AREA constant
*/
function print_cp_login($mismatch = false)
{
global $vbulletin, $vbphrase;
if ($vbulletin->GPC['ajax']) {
print_stop_message2('you_have_been_logged_out_of_the_cp');
}
$focusfield = iif($vbulletin->userinfo['userid'] == 0, 'username', 'password');
$vbulletin->input->clean_array_gpc('r', array('vb_login_username' => vB_Cleaner::TYPE_NOHTML, 'loginerror' => vB_Cleaner::TYPE_STR, 'strikes' => vB_Cleaner::TYPE_INT));
$printusername = iif(!empty($vbulletin->GPC['vb_login_username']), $vbulletin->GPC['vb_login_username'], $vbulletin->userinfo['userid'] ? $vbulletin->userinfo['username'] : '');
$vbulletin->userinfo['badlocation'] = 1;
$options = vB::getDatastore()->getValue('options');
$filebase = $options['bburl'];
switch (VB_AREA) {
case 'AdminCP':
$pagetitle = $vbphrase['admin_control_panel'];
$getcssoptions = fetch_cpcss_options();
$cssoptions = array();
foreach ($getcssoptions as $folder => $foldername) {
$key = iif($folder == $options['cpstylefolder'], '', $folder);
$cssoptions["{$key}"] = $foldername;
}
$showoptions = true;
$logintype = 'cplogin';
break;
case 'ModCP':
$pagetitle = $vbphrase['moderator_control_panel'];
$showoptions = false;
$logintype = 'modcplogin';
break;
default:
// Legacy Hook 'admin_login_area_switch' Removed //
}
define('NO_PAGE_TITLE', true);
print_cp_header($vbphrase['log_in'], "document.forms.loginform.vb_login_{$focusfield}.focus()");
require_once DIR . '/includes/functions_misc.php';
$postvars = construct_post_vars_html();
$forumHome = vB_Library::instance('content_channel')->getForumHomeChannel();
$forumhome_url = vB5_Route::buildUrl($forumHome['routeid'] . '|fullurl');
if (strpos('://', $forumhome_url) == 'false') {
$forumhome_url = '../' . $forumhome_url;
}
?>
<script type="text/javascript" src="<?php
echo $filebase;
?>
/clientscript/vbulletin_md5.js?v=<?php
echo SIMPLE_VERSION;
?>
"></script>
<script type="text/javascript">
<!--
function js_show_options(objectid, clickedelm)
{
fetch_object(objectid).style.display = "";
clickedelm.disabled = true;
}
function js_fetch_url_append(origbit,addbit)
{
if (origbit.search(/\?/) != -1)
{
return origbit + '&' + addbit;
}
else
{
return origbit + '?' + addbit;
}
}
function js_do_options(formobj)
{
if (typeof(formobj.nojs) != "undefined" && formobj.nojs.checked == true)
{
formobj.url.value = js_fetch_url_append(formobj.url.value, 'nojs=1');
}
return true;
}
//-->
</script>
<form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)">
<input type="hidden" name="url" value="<?php
echo $vbulletin->scriptpath;
?>
" />
<input type="hidden" name="s" value="<?php
echo vB::getCurrentSession()->get('dbsessionhash');
?>
" />
<input type="hidden" name="securitytoken" value="<?php
echo $vbulletin->userinfo['securitytoken'];
?>
" />
<input type="hidden" name="logintype" value="<?php
echo $logintype;
?>
" />
<input type="hidden" name="do" value="login" />
<input type="hidden" name="vb_login_md5password" value="" />
<input type="hidden" name="vb_login_md5password_utf" value="" />
<?php
echo $postvars;
?>
<p> </p><p> </p>
<table class="tborder" cellpadding="0" cellspacing="0" border="0" width="450" align="center"><tr><td>
<!-- header -->
<div class="tcat" style="text-align:center"><b><?php
echo $vbphrase['log_in'];
?>
</b></div>
<!-- /header -->
<!-- logo and version -->
<table cellpadding="4" cellspacing="0" border="0" width="100%" class="login-logo">
<tr valign="bottom">
<td><img src="<?php
echo $filebase;
?>
/cpstyles/<?php
echo $options['cpstylefolder'];
?>
/cp_logo.<?php
echo $options['cpstyleimageext'];
?>
" title="<?php
echo $vbphrase['vbulletin_copyright'];
?>
" border="0" /></td>
<td>
<b><a href="<?php
echo $forumhome_url;
?>
"><?php
echo $options['bbtitle'];
?>
</a></b><br />
<?php
echo "{$pagetitle}";
?>
<br />
</td>
</tr>
<?php
if ($mismatch) {
?>
<tr>
<td colspan="2" class="navbody"><b><?php
echo $vbphrase['to_continue_this_action'];
?>
</b></td>
</tr>
<?php
}
if ($vbulletin->GPC['loginerror']) {
$errorphrase = vB_Api::instanceInternal('phrase')->fetch($vbulletin->GPC['loginerror']);
$errorphrase = $errorphrase[$vbulletin->GPC['loginerror']];
?>
<tr>
<td colspan="2" class="navbody error"><b><?php
echo construct_phrase($errorphrase, '../lostpw', $vbulletin->GPC['strikes']);
?>
</b></td>
</tr>
<?php
}
?>
</table>
<!-- /logo and version -->
<table cellpadding="4" cellspacing="0" border="0" width="100%" class="alt1">
<col width="50%" style="text-align:<?php
echo vB_Template_Runtime::fetchStyleVar('right');
?>
; white-space:nowrap"></col>
<col></col>
<col width="50%"></col>
<!-- login fields -->
<tbody>
<tr>
<td><?php
echo $vbphrase['username'];
?>
</td>
<td><input type="text" style="padding-<?php
echo vB_Template_Runtime::fetchStyleVar('left');
?>
:5px; font-weight:bold; width:250px" name="vb_login_username" value="<?php
echo $printusername;
?>
" accesskey="u" tabindex="1" id="vb_login_username" /></td>
<td> </td>
</tr>
<tr>
<td><?php
echo $vbphrase['password'];
?>
</td>
<td><input type="password" autocomplete="off" style="padding-<?php
echo vB_Template_Runtime::fetchStyleVar('left');
?>
:5px; font-weight:bold; width:250px" name="vb_login_password" accesskey="p" tabindex="2" id="vb_login_password" /></td>
<td> </td>
</tr>
<tr style="display: none" id="cap_lock_alert">
<td> </td>
<td class="tborder"><?php
echo $vbphrase['caps_lock_is_on'];
?>
</td>
<td> </td>
</tr>
</tbody>
<!-- /login fields -->
<?php
if ($showoptions) {
?>
<!-- admin options -->
<tbody id="loginoptions" style="display:none">
<tr>
<td><?php
echo $vbphrase['style'];
?>
</td>
<td><select name="cssprefs" class="login" style="padding-<?php
echo vB_Template_Runtime::fetchStyleVar('left');
?>
:5px; font-weight:normal; width:250px" tabindex="5"><?php
echo construct_select_options($cssoptions, $csschoice);
?>
</select></td>
<td> </td>
</tr>
<tr>
<td><?php
echo $vbphrase['options'];
?>
</td>
<td>
<label><input type="checkbox" name="nojs" value="1" tabindex="6" /> <?php
echo $vbphrase['save_open_groups_automatically'];
?>
</label>
</td>
<td class="login"> </td>
</tr>
</tbody>
<!-- END admin options -->
<?php
}
?>
<!-- submit row -->
<tbody>
<tr>
<td colspan="3" align="center">
<input type="submit" class="button" value=" <?php
echo $vbphrase['log_in'];
?>
" accesskey="s" tabindex="3" />
<?php
if ($showoptions) {
?>
<input type="button" class="button" value=" <?php
echo $vbphrase['options'];
?>
" accesskey="o" onclick="js_show_options('loginoptions', this)" tabindex="4" /><?php
}
?>
</td>
</tr>
</tbody>
<!-- /submit row -->
</table>
</td></tr></table>
</form>
<script type="text/javascript">
<!--
function caps_check(e)
{
var detected_on = detect_caps_lock(e);
var alert_box = fetch_object('cap_lock_alert');
if (alert_box.style.display == '')
{
// box showing already, hide if caps lock turns off
if (!detected_on)
{
alert_box.style.display = 'none';
}
}
else
{
if (detected_on)
{
alert_box.style.display = '';
}
}
}
fetch_object('vb_login_password').onkeypress = caps_check;
//-->
</script>
<?php
define('NO_CP_COPYRIGHT', true);
unset($GLOBALS['DEVDEBUG']);
print_cp_footer();
}
