/**
* Login a user
*
* @param string $username
* @param string $password
* @param string $md5password
* @param string $md5passwordutf
* @param string $logintype
*
* @return array
* 'userid' => int the id of the vbulletin user logged in
* 'password' => string "remeber me token". A value that can be used to create a new
* session without the user explicitly logging in
* 'lastvisit'
* 'lastactivity'
* 'sessionhash' => the session value used to authenticate the user on subsequent page loads
* 'cpsessionhash' => value needed to access the admincp. Defines being logged in "as an admin"
*/
public function login($username, $password = null, $md5password = null, $md5passwordutf = null, $logintype = null)
{
$username = vB_String::htmlSpecialCharsUni($username);
// require_once(DIR . '/includes/functions_login.php');
$vboptions = vB::getDatastore()->getValue('options');
if (!$username) {
throw new vB_Exception_Api('badlogin', vB5_Route::buildUrl('lostpw'));
}
$strikes = vB_User::verifyStrikeStatus($username);
if ($strikes === false) {
// todo: check for missing args
throw new vB_Exception_Api('strikes', vB5_Route::buildUrl('lostpw'));
}
$auth = vB_User::verifyAuthentication($username, $password, $md5password, $md5passwordutf);
if (!$auth) {
// check password
vB_User::execStrikeUser($username);
if ($logintype === 'cplogin') {
// log this error if attempting to access the control panel
require_once DIR . '/includes/functions_log_error.php';
log_vbulletin_error($username, 'security');
}
// TODO: we need to add missing parameters for 'forgot password'
if ($vboptions['usestrikesystem']) {
throw new vB_Exception_Api('badlogin_strikes_passthru', array(vB5_Route::buildUrl('lostpw'), $strikes + 1));
} else {
throw new vB_Exception_Api('badlogin_passthru', array(vB5_Route::buildUrl('lostpw'), $strikes + 1));
}
}
vB_User::execUnstrikeUser($username);
// create new session
$res = vB_User::processNewLogin($auth, $logintype);
return $res;
}
$oldargs = array();
if ($urlquery) {
parse_str($urlquery, $oldargs);
}
$args = array_merge($oldargs, $args);
unset($args['loginerror']);
$argstr = http_build_query($args);
$url = "/{$urlarr['path']}?loginerror=" . $error;
if ($argstr) {
$url .= '&' . $argstr;
}
print_cp_redirect($url);
}
}
// can the user login?
$strikes = vB_User::verifyStrikeStatus($vbulletin->GPC['vb_login_username']);
if ($strikes === false) {
admin_login_error('strikes');
eval(standard_error(fetch_error('strikes', $vbulletin->options['bburl'], vB::getCurrentSession()->get('sessionurl'))));
}
if ($vbulletin->GPC['vb_login_username'] == '') {
admin_login_error('badlogin', array('strikes' => $strikes));
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], vB::getCurrentSession()->get('sessionurl'), $strikes)));
}
// WE DON'T NEED THIS ANYMORE, AS verify_authentication WILL MODIFY vbulletin->userinfo ONLY IF IT PASSES THE CHECK
// // make sure our user info stays as whoever we were (for example, we might be logged in via cookies already)
// $original_userinfo = $vbulletin->userinfo;
$auth = vB_User::verifyAuthentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['vb_login_password'], $vbulletin->GPC['vb_login_md5password'], $vbulletin->GPC['vb_login_md5password_utf']);
if (!$auth) {
// Legacy Hook 'login_failure' Removed //
// check password
