/**
* Login a user
*
* @param string $username
* @param string $password
* @param string $md5password
* @param string $md5passwordutf
* @param string $logintype
*
* @return array
* 'userid' => int the id of the vbulletin user logged in
* 'password' => string "remeber me token". A value that can be used to create a new
* session without the user explicitly logging in
* 'lastvisit'
* 'lastactivity'
* 'sessionhash' => the session value used to authenticate the user on subsequent page loads
* 'cpsessionhash' => value needed to access the admincp. Defines being logged in "as an admin"
*/
public function login($username, $password = null, $md5password = null, $md5passwordutf = null, $logintype = null)
{
$username = vB_String::htmlSpecialCharsUni($username);
// require_once(DIR . '/includes/functions_login.php');
$vboptions = vB::getDatastore()->getValue('options');
if (!$username) {
throw new vB_Exception_Api('badlogin', vB5_Route::buildUrl('lostpw'));
}
$strikes = vB_User::verifyStrikeStatus($username);
if ($strikes === false) {
// todo: check for missing args
throw new vB_Exception_Api('strikes', vB5_Route::buildUrl('lostpw'));
}
$auth = vB_User::verifyAuthentication($username, $password, $md5password, $md5passwordutf);
if (!$auth) {
// check password
vB_User::execStrikeUser($username);
if ($logintype === 'cplogin') {
// log this error if attempting to access the control panel
require_once DIR . '/includes/functions_log_error.php';
log_vbulletin_error($username, 'security');
}
// TODO: we need to add missing parameters for 'forgot password'
if ($vboptions['usestrikesystem']) {
throw new vB_Exception_Api('badlogin_strikes_passthru', array(vB5_Route::buildUrl('lostpw'), $strikes + 1));
} else {
throw new vB_Exception_Api('badlogin_passthru', array(vB5_Route::buildUrl('lostpw'), $strikes + 1));
}
}
vB_User::execUnstrikeUser($username);
// create new session
$res = vB_User::processNewLogin($auth, $logintype);
return $res;
}
show_inline_mod_login(true);
} else {
define('VB_ERROR_PERMISSION', true);
$show['useurl'] = true;
$show['specificerror'] = true;
$url = $vbulletin->url;
if ($vbulletin->options['usestrikesystem']) {
admin_login_error('badlogin_strikes_passthru', array('strikes' => $strikes + 1));
eval(standard_error(fetch_error('badlogin_strikes_passthru', vB5_Route::buildUrl('lostpw|fullurl'), $strikes + 1)));
} else {
admin_login_error('badlogin_passthru', array('strikes' => $strikes + 1));
eval(standard_error(fetch_error('badlogin_passthru', vB5_Route::buildUrl('lostpw|fullurl'), $strikes + 1)));
}
}
}
vB_User::execUnstrikeUser($vbulletin->GPC['vb_login_username']);
// create new session
$res = vB_User::processNewLogin($auth, $vbulletin->GPC['logintype'], $vbulletin->GPC['cssprefs']);
// set cookies (temp hack for admincp)
if (isset($res['cpsession'])) {
vbsetcookie('cpsession', $res['cpsession'], false, true, true);
}
vbsetcookie('userid', $res['userid'], false, true, true);
vbsetcookie('password', $res['password'], false, true, true);
vbsetcookie('sessionhash', $res['sessionhash'], false, false, true);
// do redirect
do_login_redirect();
} else {
if ($_GET['do'] == 'login') {
// add consistency with previous behavior
exec_header_redirect(vB5_Route::buildUrl('home|fullurl'));
