else { $vbulletin->GPC['postvars'] = ''; } } // workaround IIS cookie+location header bug $forceredirect = (strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') !== false); eval(print_standard_redirect('forumpasswordcorrect', true, $forceredirect)); } else { require_once(DIR . '/includes/functions_misc.php'); $vbulletin->GPC['url'] = str_replace('&', '&', $vbulletin->GPC['url']); $postvars = construct_post_vars_html() . '<input type="hidden" name="securitytoken" value="' . $vbulletin->userinfo['securitytoken'] . '" />'; // TODO; Convert 'forumpasswordincorrect' to vB4 style eval(standard_error(fetch_error('forumpasswordincorrect', $vbulletin->session->vars['sessionhash'], htmlspecialchars_uni($vbulletin->GPC['url']), $foruminfo['forumid'], $postvars, 10, 1 ))); } } // ###### END SPECIAL PATHS
/** * Displays the login form for the various control panel areas * * The actual form displayed is dependent upon the VB_AREA constant */ function print_cp_login($mismatch = false) { global $vbulletin, $vbphrase, $stylevar; $focusfield = iif($vbulletin->userinfo['userid'] == 0, 'username', 'password'); $vbulletin->input->clean_array_gpc('r', array('vb_login_username' => TYPE_NOHTML)); $printusername = iif(!empty($vbulletin->GPC['vb_login_username']), $vbulletin->GPC['vb_login_username'], $vbulletin->userinfo['username']); $vbulletin->userinfo['badlocation'] = 1; switch (VB_AREA) { case 'AdminCP': $pagetitle = $vbphrase['admin_control_panel']; $getcssoptions = fetch_cpcss_options(); $cssoptions = array(); foreach ($getcssoptions as $folder => $foldername) { $key = iif($folder == $vbulletin->options['cpstylefolder'], '', $folder); $cssoptions["{$key}"] = $foldername; } $showoptions = true; $logintype = 'cplogin'; break; case 'ModCP': $pagetitle = $vbphrase['moderator_control_panel']; $showoptions = false; $logintype = 'modcplogin'; break; default: ($hook = vBulletinHook::fetch_hook('admin_login_area_switch')) ? eval($hook) : false; } define('NO_PAGE_TITLE', true); print_cp_header($vbphrase['log_in'], "document.forms.loginform.vb_login_{$focusfield}.focus()"); require_once DIR . '/includes/functions_misc.php'; $postvars = construct_post_vars_html(); ?> <script type="text/javascript" src="../clientscript/vbulletin_md5.js"></script> <script type="text/javascript"> <!-- function js_show_options(objectid, clickedelm) { fetch_object(objectid).style.display = ""; clickedelm.disabled = true; } function js_fetch_url_append(origbit,addbit) { if (origbit.search(/\?/) != -1) { return origbit + '&' + addbit; } else { return origbit + '?' + addbit; } } function js_do_options(formobj) { if (typeof(formobj.nojs) != "undefined" && formobj.nojs.checked == true) { formobj.url.value = js_fetch_url_append(formobj.url.value, 'nojs=1'); } return true; } //--> </script> <form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)"> <input type="hidden" name="url" value="<?php echo $vbulletin->scriptpath; ?> " /> <input type="hidden" name="s" value="<?php echo $vbulletin->session->vars['dbsessionhash']; ?> " /> <input type="hidden" name="securitytoken" value="<?php echo $vbulletin->userinfo['securitytoken']; ?> " /> <input type="hidden" name="logintype" value="<?php echo $logintype; ?> " /> <input type="hidden" name="do" value="login" /> <input type="hidden" name="vb_login_md5password" value="" /> <input type="hidden" name="vb_login_md5password_utf" value="" /> <?php echo $postvars; ?> <p> </p><p> </p> <table class="tborder" cellpadding="0" cellspacing="0" border="0" width="450" align="center"><tr><td> <!-- header --> <div class="tcat" style="padding:4px; text-align:center"><b><?php echo $vbphrase['log_in']; ?> </b></div> <!-- /header --> <!-- logo and version --> <table cellpadding="4" cellspacing="0" border="0" width="100%" class="navbody"> <tr valign="bottom"> <td><img src="../cpstyles/<?php echo $vbulletin->options['cpstylefolder']; ?> /cp_logo.gif" alt="" title="<?php echo $vbphrase['vbulletin_copyright']; ?> " border="0" /></td> <td> <b><a href="../<?php echo $vbulletin->options['forumhome']; ?> .php"><?php echo $vbulletin->options['bbtitle']; ?> </a></b><br /> <?php echo "vBulletin " . $vbulletin->options['templateversion'] . " {$pagetitle}"; ?> <br /> </td> </tr> <?php if ($mismatch) { ?> <tr> <td colspan="2" class="navbody"><b><?php echo $vbphrase['to_continue_this_action']; ?> </b></td> </tr> <?php } ?> </table> <!-- /logo and version --> <table cellpadding="4" cellspacing="0" border="0" width="100%" class="logincontrols"> <col width="50%" style="text-align:<?php echo $stylevar['right']; ?> ; white-space:nowrap"></col> <col></col> <col width="50%"></col> <!-- login fields --> <tbody> <tr> <td><?php echo $vbphrase['username']; ?> </td> <td><input type="text" style="padding-<?php echo $stylevar['left']; ?> :5px; font-weight:bold; width:250px" name="vb_login_username" value="<?php echo $printusername; ?> " accesskey="u" tabindex="1" id="vb_login_username" /></td> <td> </td> </tr> <tr> <td><?php echo $vbphrase['password']; ?> </td> <td><input type="password" style="padding-<?php echo $stylevar['left']; ?> :5px; font-weight:bold; width:250px" name="vb_login_password" accesskey="p" tabindex="2" id="vb_login_password" /></td> <td> </td> </tr> <tr style="display: none" id="cap_lock_alert"> <td> </td> <td class="tborder"><?php echo $vbphrase['caps_lock_is_on']; ?> </td> <td> </td> </tr> </tbody> <!-- /login fields --> <?php if ($showoptions) { ?> <!-- admin options --> <tbody id="loginoptions" style="display:none"> <tr> <td><?php echo $vbphrase['style']; ?> </td> <td><select name="cssprefs" class="login" style="padding-<?php echo $stylevar['left']; ?> :5px; font-weight:normal; width:250px" tabindex="5"><?php echo construct_select_options($cssoptions, $csschoice); ?> </select></td> <td> </td> </tr> <tr> <td><?php echo $vbphrase['options']; ?> </td> <td> <input type="checkbox" name="nojs" value="1" tabindex="6" /><?php echo $vbphrase['save_open_groups_automatically']; ?> </td> <td class="login"> </td> </tr> </tbody> <!-- /admin options --> <?php } ?> <!-- submit row --> <tbody> <tr> <td colspan="3" align="center"> <input type="submit" class="button" value=" <?php echo $vbphrase['log_in']; ?> " accesskey="s" tabindex="3" /> <?php if ($showoptions) { ?> <input type="button" class="button" value=" <?php echo $vbphrase['options']; ?> " accesskey="o" onclick="js_show_options('loginoptions', this)" tabindex="4" /><?php } ?> </td> </tr> </tbody> <!-- /submit row --> </table> </td></tr></table> </form> <script type="text/javascript"> <!-- function caps_check(e) { var detected_on = detect_caps_lock(e); var alert_box = fetch_object('cap_lock_alert'); if (alert_box.style.display == '') { // box showing already, hide if caps lock turns off if (!detected_on) { alert_box.style.display = 'none'; } } else { if (detected_on) { alert_box.style.display = ''; } } } fetch_object('vb_login_password').onkeypress = caps_check; //--> </script> <?php define('NO_CP_COPYRIGHT', true); unset($GLOBALS['DEVDEBUG']); print_cp_footer(); }
/** * Returns whether or not the visiting user can view the specified password-protected forum * * @param integer Forum ID * @param string Provided password * @param boolean If true, show error when access is denied * * @return boolean */ function verify_forum_password($forumid, $password, $showerror = true) { global $vbulletin; if (!$password OR ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']) OR ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator']) OR can_moderate($forumid)) { return true; } $foruminfo = fetch_foruminfo($forumid); $parents = explode(',', $foruminfo['parentlist']); foreach ($parents AS $fid) { // get the pwd from any parent forums -- allows pwd cookies to cascade down if ($temp = fetch_bbarray_cookie('forumpwd', $fid) AND $temp === md5($vbulletin->userinfo['userid'] . $password)) { return true; } } // didn't match the password in any cookie if ($showerror) { require_once(DIR . '/includes/functions_misc.php'); $security_token_html = '<input type="hidden" name="securitytoken" value="' . $vbulletin->userinfo['securitytoken'] . '" />'; // forum password is bad - show error // TODO convert the 'forumpasswordmissoing' phrase to vB4 eval(standard_error(fetch_error('forumpasswordmissing', $vbulletin->session->vars['sessionhash'], $vbulletin->scriptpath, $forumid, construct_post_vars_html() . $security_token_html, 10, 1 ))); } else { // forum password is bad - return false return false; } }
if (($check = verify_client_string($vbulletin->GPC['postvars'])) !== false) { $temp = unserialize($check); if ($temp['do'] == 'doenterpwd') { $vbulletin->GPC['postvars'] = ''; } } else { $vbulletin->GPC['postvars'] = ''; } } // workaround IIS cookie+location header bug $forceredirect = strpos($_SERVER['SERVER_SOFTWARE'], 'Microsoft-IIS') !== false; eval(print_standard_redirect('forumpasswordcorrect', true, $forceredirect)); } else { require_once DIR . '/includes/functions_misc.php'; $vbulletin->GPC['url'] = str_replace('&', '&', $vbulletin->GPC['url']); $postvars = construct_post_vars_html() . '<input type="hidden" name="securitytoken" value="' . $vbulletin->userinfo['securitytoken'] . '" />'; eval(standard_error(fetch_error('forumpasswordincorrect', $vbulletin->session->vars['sessionhash'], htmlspecialchars_uni($vbulletin->GPC['url']), $foruminfo['forumid'], $postvars, $stylevar['cellpadding'], $stylevar['cellspacing']))); } } // ###### END SPECIAL PATHS // These $_REQUEST values will get used in the sort template so they are assigned to normal variables $perpage = $vbulletin->input->clean_gpc('r', 'perpage', TYPE_UINT); $pagenumber = $vbulletin->input->clean_gpc('r', 'pagenumber', TYPE_UINT); $daysprune = $vbulletin->input->clean_gpc('r', 'daysprune', TYPE_INT); $sortfield = $vbulletin->input->clean_gpc('r', 'sortfield', TYPE_STR); // get permission to view forum $_permsgetter_ = 'forumdisplay'; $forumperms = fetch_permissions($foruminfo['forumid']); if (!($forumperms & $vbulletin->bf_ugp_forumpermissions['canview'])) { print_no_permission(); }
/** * Shows the form for inline mod authentication. */ function show_inline_mod_login() { global $vbulletin, $stylevar, $vbphrase, $show; $formvars['url'] = $vbulletin->scriptpath; $formvars['username'] = $vbulletin->userinfo['username']; $postvars = construct_post_vars_html(); eval('$html = "' . fetch_template("threadadmin_authenticate") . '";'); standard_error($html); }
/** * Returns whether or not the visiting user can view the specified password-protected forum * * @param integer Forum ID * @param string Provided password * @param boolean If true, show error when access is denied * * @return boolean */ function verify_forum_password($forumid, $password, $showerror = true) { global $vbulletin; if (!$password or $vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'] or $vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['ismoderator'] or can_moderate($forumid)) { return true; } $foruminfo = fetch_foruminfo($forumid); $parents = explode(',', $foruminfo['parentlist']); if (!VB_API) { foreach ($parents as $fid) { // get the pwd from any parent forums -- allows pwd cookies to cascade down if ($temp = fetch_bbarray_cookie('forumpwd', $fid) and $temp === md5($vbulletin->userinfo['userid'] . $password)) { return true; } } } else { $forumpwdmd5 = $vbulletin->input->clean_gpc('r', 'forumpwdmd5', TYPE_STR); if ($forumpwdmd5 === md5($vbulletin->userinfo['userid'] . $password)) { return true; } } // didn't match the password in any cookie if ($showerror) { require_once DIR . '/includes/functions_misc.php'; $security_token_html = '<input type="hidden" name="securitytoken" value="' . $vbulletin->userinfo['securitytoken'] . '" />'; // forum password is bad - show error //use the basic link here. I'm not sure how the advanced link will play with the postvars in the form. require_once DIR . '/includes/class_friendly_url.php'; $forumlink = vB_Friendly_Url::fetchLibrary($vbulletin, 'forum|nosession', $foruminfo, array('do' => 'doenterpwd')); $forumlink = $forumlink->get_url(FRIENDLY_URL_OFF); // TODO convert the 'forumpasswordmissoing' phrase to vB4 eval(standard_error(fetch_error('forumpasswordmissing', $vbulletin->session->vars['sessionhash'], $vbulletin->scriptpath, $forumid, construct_post_vars_html() . $security_token_html, 10, 1, $forumlink))); } else { // forum password is bad - return false return false; } }
/** * Displays the login form for the various control panel areas * * The actual form displayed is dependent upon the VB_AREA constant */ function print_cp_login($mismatch = false) { global $vbulletin, $vbphrase; if ($vbulletin->GPC['ajax']) { print_stop_message2('you_have_been_logged_out_of_the_cp'); } $focusfield = iif($vbulletin->userinfo['userid'] == 0, 'username', 'password'); $vbulletin->input->clean_array_gpc('r', array('vb_login_username' => vB_Cleaner::TYPE_NOHTML, 'loginerror' => vB_Cleaner::TYPE_STR, 'strikes' => vB_Cleaner::TYPE_INT)); $printusername = iif(!empty($vbulletin->GPC['vb_login_username']), $vbulletin->GPC['vb_login_username'], $vbulletin->userinfo['userid'] ? $vbulletin->userinfo['username'] : ''); $vbulletin->userinfo['badlocation'] = 1; $options = vB::getDatastore()->getValue('options'); $filebase = $options['bburl']; switch (VB_AREA) { case 'AdminCP': $pagetitle = $vbphrase['admin_control_panel']; $getcssoptions = fetch_cpcss_options(); $cssoptions = array(); foreach ($getcssoptions as $folder => $foldername) { $key = iif($folder == $options['cpstylefolder'], '', $folder); $cssoptions["{$key}"] = $foldername; } $showoptions = true; $logintype = 'cplogin'; break; case 'ModCP': $pagetitle = $vbphrase['moderator_control_panel']; $showoptions = false; $logintype = 'modcplogin'; break; default: // Legacy Hook 'admin_login_area_switch' Removed // } define('NO_PAGE_TITLE', true); print_cp_header($vbphrase['log_in'], "document.forms.loginform.vb_login_{$focusfield}.focus()"); require_once DIR . '/includes/functions_misc.php'; $postvars = construct_post_vars_html(); $forumHome = vB_Library::instance('content_channel')->getForumHomeChannel(); $forumhome_url = vB5_Route::buildUrl($forumHome['routeid'] . '|fullurl'); if (strpos('://', $forumhome_url) == 'false') { $forumhome_url = '../' . $forumhome_url; } ?> <script type="text/javascript" src="<?php echo $filebase; ?> /clientscript/vbulletin_md5.js?v=<?php echo SIMPLE_VERSION; ?> "></script> <script type="text/javascript"> <!-- function js_show_options(objectid, clickedelm) { fetch_object(objectid).style.display = ""; clickedelm.disabled = true; } function js_fetch_url_append(origbit,addbit) { if (origbit.search(/\?/) != -1) { return origbit + '&' + addbit; } else { return origbit + '?' + addbit; } } function js_do_options(formobj) { if (typeof(formobj.nojs) != "undefined" && formobj.nojs.checked == true) { formobj.url.value = js_fetch_url_append(formobj.url.value, 'nojs=1'); } return true; } //--> </script> <form action="../login.php?do=login" method="post" name="loginform" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf); js_do_options(this)"> <input type="hidden" name="url" value="<?php echo $vbulletin->scriptpath; ?> " /> <input type="hidden" name="s" value="<?php echo vB::getCurrentSession()->get('dbsessionhash'); ?> " /> <input type="hidden" name="securitytoken" value="<?php echo $vbulletin->userinfo['securitytoken']; ?> " /> <input type="hidden" name="logintype" value="<?php echo $logintype; ?> " /> <input type="hidden" name="do" value="login" /> <input type="hidden" name="vb_login_md5password" value="" /> <input type="hidden" name="vb_login_md5password_utf" value="" /> <?php echo $postvars; ?> <p> </p><p> </p> <table class="tborder" cellpadding="0" cellspacing="0" border="0" width="450" align="center"><tr><td> <!-- header --> <div class="tcat" style="text-align:center"><b><?php echo $vbphrase['log_in']; ?> </b></div> <!-- /header --> <!-- logo and version --> <table cellpadding="4" cellspacing="0" border="0" width="100%" class="login-logo"> <tr valign="bottom"> <td><img src="<?php echo $filebase; ?> /cpstyles/<?php echo $options['cpstylefolder']; ?> /cp_logo.<?php echo $options['cpstyleimageext']; ?> " title="<?php echo $vbphrase['vbulletin_copyright']; ?> " border="0" /></td> <td> <b><a href="<?php echo $forumhome_url; ?> "><?php echo $options['bbtitle']; ?> </a></b><br /> <?php echo "{$pagetitle}"; ?> <br /> </td> </tr> <?php if ($mismatch) { ?> <tr> <td colspan="2" class="navbody"><b><?php echo $vbphrase['to_continue_this_action']; ?> </b></td> </tr> <?php } if ($vbulletin->GPC['loginerror']) { $errorphrase = vB_Api::instanceInternal('phrase')->fetch($vbulletin->GPC['loginerror']); $errorphrase = $errorphrase[$vbulletin->GPC['loginerror']]; ?> <tr> <td colspan="2" class="navbody error"><b><?php echo construct_phrase($errorphrase, '../lostpw', $vbulletin->GPC['strikes']); ?> </b></td> </tr> <?php } ?> </table> <!-- /logo and version --> <table cellpadding="4" cellspacing="0" border="0" width="100%" class="alt1"> <col width="50%" style="text-align:<?php echo vB_Template_Runtime::fetchStyleVar('right'); ?> ; white-space:nowrap"></col> <col></col> <col width="50%"></col> <!-- login fields --> <tbody> <tr> <td><?php echo $vbphrase['username']; ?> </td> <td><input type="text" style="padding-<?php echo vB_Template_Runtime::fetchStyleVar('left'); ?> :5px; font-weight:bold; width:250px" name="vb_login_username" value="<?php echo $printusername; ?> " accesskey="u" tabindex="1" id="vb_login_username" /></td> <td> </td> </tr> <tr> <td><?php echo $vbphrase['password']; ?> </td> <td><input type="password" autocomplete="off" style="padding-<?php echo vB_Template_Runtime::fetchStyleVar('left'); ?> :5px; font-weight:bold; width:250px" name="vb_login_password" accesskey="p" tabindex="2" id="vb_login_password" /></td> <td> </td> </tr> <tr style="display: none" id="cap_lock_alert"> <td> </td> <td class="tborder"><?php echo $vbphrase['caps_lock_is_on']; ?> </td> <td> </td> </tr> </tbody> <!-- /login fields --> <?php if ($showoptions) { ?> <!-- admin options --> <tbody id="loginoptions" style="display:none"> <tr> <td><?php echo $vbphrase['style']; ?> </td> <td><select name="cssprefs" class="login" style="padding-<?php echo vB_Template_Runtime::fetchStyleVar('left'); ?> :5px; font-weight:normal; width:250px" tabindex="5"><?php echo construct_select_options($cssoptions, $csschoice); ?> </select></td> <td> </td> </tr> <tr> <td><?php echo $vbphrase['options']; ?> </td> <td> <label><input type="checkbox" name="nojs" value="1" tabindex="6" /> <?php echo $vbphrase['save_open_groups_automatically']; ?> </label> </td> <td class="login"> </td> </tr> </tbody> <!-- END admin options --> <?php } ?> <!-- submit row --> <tbody> <tr> <td colspan="3" align="center"> <input type="submit" class="button" value=" <?php echo $vbphrase['log_in']; ?> " accesskey="s" tabindex="3" /> <?php if ($showoptions) { ?> <input type="button" class="button" value=" <?php echo $vbphrase['options']; ?> " accesskey="o" onclick="js_show_options('loginoptions', this)" tabindex="4" /><?php } ?> </td> </tr> </tbody> <!-- /submit row --> </table> </td></tr></table> </form> <script type="text/javascript"> <!-- function caps_check(e) { var detected_on = detect_caps_lock(e); var alert_box = fetch_object('cap_lock_alert'); if (alert_box.style.display == '') { // box showing already, hide if caps lock turns off if (!detected_on) { alert_box.style.display = 'none'; } } else { if (detected_on) { alert_box.style.display = ''; } } } fetch_object('vb_login_password').onkeypress = caps_check; //--> </script> <?php define('NO_CP_COPYRIGHT', true); unset($GLOBALS['DEVDEBUG']); print_cp_footer(); }