/** * Login a user * * @param string $username * @param string $password * @param string $md5password * @param string $md5passwordutf * @param string $logintype * * @return array * 'userid' => int the id of the vbulletin user logged in * 'password' => string "remeber me token". A value that can be used to create a new * session without the user explicitly logging in * 'lastvisit' * 'lastactivity' * 'sessionhash' => the session value used to authenticate the user on subsequent page loads * 'cpsessionhash' => value needed to access the admincp. Defines being logged in "as an admin" */ public function login($username, $password = null, $md5password = null, $md5passwordutf = null, $logintype = null) { $username = vB_String::htmlSpecialCharsUni($username); // require_once(DIR . '/includes/functions_login.php'); $vboptions = vB::getDatastore()->getValue('options'); if (!$username) { throw new vB_Exception_Api('badlogin', vB5_Route::buildUrl('lostpw')); } $strikes = vB_User::verifyStrikeStatus($username); if ($strikes === false) { // todo: check for missing args throw new vB_Exception_Api('strikes', vB5_Route::buildUrl('lostpw')); } $auth = vB_User::verifyAuthentication($username, $password, $md5password, $md5passwordutf); if (!$auth) { // check password vB_User::execStrikeUser($username); if ($logintype === 'cplogin') { // log this error if attempting to access the control panel require_once DIR . '/includes/functions_log_error.php'; log_vbulletin_error($username, 'security'); } // TODO: we need to add missing parameters for 'forgot password' if ($vboptions['usestrikesystem']) { throw new vB_Exception_Api('badlogin_strikes_passthru', array(vB5_Route::buildUrl('lostpw'), $strikes + 1)); } else { throw new vB_Exception_Api('badlogin_passthru', array(vB5_Route::buildUrl('lostpw'), $strikes + 1)); } } vB_User::execUnstrikeUser($username); // create new session $res = vB_User::processNewLogin($auth, $logintype); return $res; }
show_inline_mod_login(true); } else { define('VB_ERROR_PERMISSION', true); $show['useurl'] = true; $show['specificerror'] = true; $url = $vbulletin->url; if ($vbulletin->options['usestrikesystem']) { admin_login_error('badlogin_strikes_passthru', array('strikes' => $strikes + 1)); eval(standard_error(fetch_error('badlogin_strikes_passthru', vB5_Route::buildUrl('lostpw|fullurl'), $strikes + 1))); } else { admin_login_error('badlogin_passthru', array('strikes' => $strikes + 1)); eval(standard_error(fetch_error('badlogin_passthru', vB5_Route::buildUrl('lostpw|fullurl'), $strikes + 1))); } } } vB_User::execUnstrikeUser($vbulletin->GPC['vb_login_username']); // create new session $res = vB_User::processNewLogin($auth, $vbulletin->GPC['logintype'], $vbulletin->GPC['cssprefs']); // set cookies (temp hack for admincp) if (isset($res['cpsession'])) { vbsetcookie('cpsession', $res['cpsession'], false, true, true); } vbsetcookie('userid', $res['userid'], false, true, true); vbsetcookie('password', $res['password'], false, true, true); vbsetcookie('sessionhash', $res['sessionhash'], false, false, true); // do redirect do_login_redirect(); } else { if ($_GET['do'] == 'login') { // add consistency with previous behavior exec_header_redirect(vB5_Route::buildUrl('home|fullurl'));