/** * Log in via a third party provider. * * For now facebook is the only provider supported. We do not support control panel logins via * external providers. * * @param string $provider. Currently ignored, should be passed as 'facebook' since that is the only * provider recognized. * * @param array $info. The various information needed for the provider to log in. One of * 'token' or 'signedrequest' must be provided. If both are then 'token' will be tried first. * * 'token' string the facebook access/oAuth token. (optional) * * 'signedrequest' string the facebook signedrequest. this is a one use token that can be used * to retrieve the auth token. (optional) * * @return array. * 'login' => array (should match the return from "login" function). Only present if the login succeeded. * 'userid' => int the id of the vbulletin user logged in * 'password' => string "remeber me token" will always be blank for this method * 'lastvisit' * 'lastactivity' * 'sessionhash' => the session value used to authenticate the user on subsequent page loads * 'cpsessionhash' => will never be set for this function */ public function loginExternal($provider, $info) { $fblib = vB_Library::instance('facebook'); $vbuserid = $fblib->createSessionForLogin($info); if (!$vbuserid) { //shouldn't be here, should throw an exception is vbuserid isn't valid //this error isn't 100% correct but somes up the basic problem and we //don't really know what precisely happened. throw new vB_Exception_Api('error_external_no_vb_user', $provider); } $session = vB::getRequest()->createSessionForUser($vbuserid); $sessionUserInfo = $session->fetch_userinfo(); //don't try to set "rememberme" for FB logins (the remember me token is called 'password' for legacy reasons. $auth = array('userid' => $vbuserid, 'password' => $provider, 'lastvisit' => $sessionUserInfo['lastvisit'], 'lastactivity' => $sessionUserInfo['lastactivity']); // create new session -- this is probably 90% unnecesary both for us and for the // normal login, but that's how we used to do it and using it doesn't make things // any worse. $res = vB_User::processNewLogin($auth, $logintype); return array('login' => $res); }
define('VB_ERROR_PERMISSION', true); $show['useurl'] = true; $show['specificerror'] = true; $url = $vbulletin->url; if ($vbulletin->options['usestrikesystem']) { admin_login_error('badlogin_strikes_passthru', array('strikes' => $strikes + 1)); eval(standard_error(fetch_error('badlogin_strikes_passthru', vB5_Route::buildUrl('lostpw|fullurl'), $strikes + 1))); } else { admin_login_error('badlogin_passthru', array('strikes' => $strikes + 1)); eval(standard_error(fetch_error('badlogin_passthru', vB5_Route::buildUrl('lostpw|fullurl'), $strikes + 1))); } } } vB_User::execUnstrikeUser($vbulletin->GPC['vb_login_username']); // create new session $res = vB_User::processNewLogin($auth, $vbulletin->GPC['logintype'], $vbulletin->GPC['cssprefs']); // set cookies (temp hack for admincp) if (isset($res['cpsession'])) { vbsetcookie('cpsession', $res['cpsession'], false, true, true); } vbsetcookie('userid', $res['userid'], false, true, true); vbsetcookie('password', $res['password'], false, true, true); vbsetcookie('sessionhash', $res['sessionhash'], false, false, true); // do redirect do_login_redirect(); } else { if ($_GET['do'] == 'login') { // add consistency with previous behavior exec_header_redirect(vB5_Route::buildUrl('home|fullurl')); } }