$querystring = 'f-' . $f . iif($p, '-p-' . intval($p)) . '.html'; } } if ($vbulletin->GPC['pda']) { vbsetcookie('pda', '1', 1); exec_header_redirect($querystring); } else { if ($vbulletin->GPC[COOKIE_PREFIX . 'pda']) { $pda = true; } } $title = $vbulletin->options['bbtitle']; if ($vbulletin->userinfo['userid'] == 0 and $vbulletin->GPC['login']) { if (!empty($vbulletin->GPC['username']) and !empty($vbulletin->GPC['password'])) { require_once DIR . '/includes/functions_login.php'; $strikes = verify_strike_status($vbulletin->GPC['username'], true); if ($strikes === false) { // user has got too many wrong passwords $error_message = fetch_error('strikes', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl']); $do = 'error'; } else { if (verify_authentication($vbulletin->GPC['username'], $vbulletin->GPC['password'], '', '', false, true)) { exec_unstrike_user($vbulletin->GPC['username']); $db->query_write("DELETE FROM " . TABLE_PREFIX . "session WHERE sessionhash = '" . $db->escape_string($vbulletin->session->vars['dbsessionhash']) . "'"); $vbulletin->session->vars = $vbulletin->session->fetch_session($vbulletin->userinfo['userid']); /*insert query*/ $db->query_write("\n\t\t\t\tINSERT INTO " . TABLE_PREFIX . "session\n\t\t\t\t\t(sessionhash, userid, host, idhash, lastactivity, styleid, loggedin, bypass, useragent)\n\t\t\t\tVALUES\n\t\t\t\t\t('" . $db->escape_string($vbulletin->session->vars['sessionhash']) . "', " . $vbulletin->session->vars['userid'] . ", '" . $db->escape_string($vbulletin->session->vars['host']) . "', '" . $db->escape_string($vbulletin->session->vars['idhash']) . "', " . TIMENOW . ", " . $vbulletin->session->vars['styleid'] . ", 1, " . iif($logintype === 'cplogin', 1, 0) . ", '" . $db->escape_string($vbulletin->session->vars['useragent']) . "')\n\t\t\t"); exec_header_redirect($querystring); } else { // wrong username / password exec_strike_user($vbulletin->userinfo['username']);
eval(standard_error(fetch_error('logout_error', $vbulletin->session->vars['sessionurl'], $vbulletin->userinfo['securitytoken']))); } process_logout(); $vbulletin->url = fetch_replaced_session_url($vbulletin->url); if (strpos($vbulletin->url, 'do=logout') !== false) { $vbulletin->url = $vbulletin->options['forumhome'] . '.php' . $vbulletin->session->vars['sessionurl_q']; } $show['member'] = false; eval(standard_error(fetch_error('cookieclear', create_full_url($vbulletin->url), $vbulletin->options['forumhome'], $vbulletin->session->vars['sessionurl_q']), '', false)); } // ############################### start do login ############################### // this was a _REQUEST action but where do we all login via request? if ($_POST['do'] == 'login') { $vbulletin->input->clean_array_gpc('p', array('vb_login_username' => TYPE_STR, 'vb_login_password' => TYPE_STR, 'vb_login_md5password' => TYPE_STR, 'vb_login_md5password_utf' => TYPE_STR, 'postvars' => TYPE_BINARY, 'cookieuser' => TYPE_BOOL, 'logintype' => TYPE_STR, 'cssprefs' => TYPE_STR)); // can the user login? $strikes = verify_strike_status($vbulletin->GPC['vb_login_username']); if ($vbulletin->GPC['vb_login_username'] == '') { eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes))); } // make sure our user info stays as whoever we were (for example, we might be logged in via cookies already) $original_userinfo = $vbulletin->userinfo; if (!verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['vb_login_password'], $vbulletin->GPC['vb_login_md5password'], $vbulletin->GPC['vb_login_md5password_utf'], $vbulletin->GPC['cookieuser'], true)) { ($hook = vBulletinHook::fetch_hook('login_failure')) ? eval($hook) : false; // check password exec_strike_user($vbulletin->userinfo['username']); if ($vbulletin->GPC['logintype'] === 'cplogin' or $vbulletin->GPC['logintype'] === 'modcplogin') { // log this error if attempting to access the control panel require_once DIR . '/includes/functions_log_error.php'; log_vbulletin_error($vbulletin->GPC['vb_login_username'], 'security'); } $vbulletin->userinfo = $original_userinfo;
function do_login() { global $vbulletin, $fr_version, $fr_platform; $vbulletin->input->clean_array_gpc('r', array('username' => TYPE_STR, 'password' => TYPE_STR, 'md5_password' => TYPE_STR, 'fr_username' => TYPE_STR, 'fr_b' => TYPE_BOOL)); $navbg = null; if (strlen($vbulletin->options['forumrunner_branding_navbar_bg'])) { $navbg = $vbulletin->options['forumrunner_branding_navbar_bg']; if (is_iphone() && strlen($navbg) == 7) { $r = hexdec(substr($navbg, 1, 2)); $g = hexdec(substr($navbg, 3, 2)); $b = hexdec(substr($navbg, 5, 2)); $navbg = "{$r},{$g},{$b}"; } } $vbulletin->GPC['username'] = prepare_remote_utf8_string($vbulletin->GPC['username']); $vbulletin->GPC['password'] = prepare_remote_utf8_string($vbulletin->GPC['password']); $out = array('v' => $fr_version, 'p' => $fr_platform); if ($navbg) { $out['navbg'] = $navbg; } if (is_iphone() && $vbulletin->options['forumrunner_admob_publisherid_iphone']) { $out['admob'] = $vbulletin->options['forumrunner_admob_publisherid_iphone']; } else { if (is_android() && $vbulletin->options['forumrunner_admob_publisherid_android']) { $out['admob'] = $vbulletin->options['forumrunner_admob_publisherid_android']; } } if ($vbulletin->options['forumrunner_google_analytics_id']) { $out['gan'] = $vbulletin->options['forumrunner_google_analytics_id']; } if ($vbulletin->options['forumrunner_facebook_application_id']) { $out['fb'] = $vbulletin->options['forumrunner_facebook_application_id']; } if ($vbulletin->options['forumrunner_cms_onoff']) { $out['cms'] = true; $out['cms_section'] = $vbulletin->options['forumrunner_cms_section']; } if ($vbulletin->options['forumrunner_enable_registration']) { $out['reg'] = true; } if ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_albums']) { $out['albums'] = true; } if (!$vbulletin->GPC['username'] || !$vbulletin->GPC['password'] && !$vbulletin->GPC['md5_password']) { // This could be an attempt to see if forums require login. Check. $requires_authentication = false; if (!($vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview'])) { $requires_authentication = true; } // If the forum is closed, require login! if (!$vbulletin->options['bbactive']) { $requires_authentication = true; } $out += array('authenticated' => false, 'requires_authentication' => $requires_authentication); } else { // can the user login? $strikes = verify_strike_status($vbulletin->GPC['username'], true); // make sure our user info stays as whoever we were (for example, we might be logged in via cookies already) $original_userinfo = $vbulletin->userinfo; if (!verify_authentication($vbulletin->GPC['username'], $vbulletin->GPC['password'], $vbulletin->GPC['md5_password'], $vbulletin->GPC['md5_password'], true, true)) { exec_strike_user($vbulletin->GPC['username']); if ($vbulletin->options['usestrikesystem']) { if ($strikes === false) { $message = 'Incorrect login. You have used up your login allowance. Please wait 15 minutes before trying again.'; } else { $message = 'Incorrect login (' . ($strikes + 1) . ' of 5 tries allowed)'; } } else { $message = 'Incorrect login.'; } json_error($message, RV_BAD_PASSWORD); } exec_unstrike_user($vbulletin->GPC['username']); // create new session process_new_login('', true, ''); cache_permissions($vbulletin->userinfo, true); $vbulletin->session->save(); // If the forum is closed, boot em if (!$vbulletin->options['bbactive'] && !($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])) { process_logout(); json_error(strip_tags($vbulletin->options['bbclosedreason']), RV_BAD_PASSWORD); } fr_update_push_user($vbulletin->GPC['fr_username'], $vbulletin->GPC['fr_b']); $out += array('authenticated' => true, 'username' => prepare_utf8_string($vbulletin->userinfo['username']), 'cookiepath' => $vbulletin->options['cookiepath']); } return $out; }