Exemplo n.º 1
0
function verify_strike_status($username = '', $supress_error = false)
{
    global $vbulletin;
    $vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "strikes WHERE striketime < " . (TIMENOW - 3600));
    if (!$vbulletin->options['usestrikesystem']) {
        return 0;
    }
    $strikes = $vbulletin->db->query_first("\n\t\tSELECT COUNT(*) AS strikes, MAX(striketime) AS lasttime\n\t\tFROM " . TABLE_PREFIX . "strikes\n\t\tWHERE strikeip = '" . $vbulletin->db->escape_string(IPADDRESS) . "'\n\t");
    if ($strikes['strikes'] >= 5 and $strikes['lasttime'] > TIMENOW - 900) {
        //they've got it wrong 5 times or greater for any username at the moment
        // the user is still not giving up so lets keep increasing this marker
        exec_strike_user($username);
        if (!$supress_error) {
            eval(standard_error(fetch_error('strikes', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'])));
        } else {
            return false;
        }
    } else {
        if ($strikes['strikes'] > 5) {
            // a bit sneaky but at least it makes the error message look right
            $strikes['strikes'] = 5;
        }
    }
    return $strikes['strikes'];
}
Exemplo n.º 2
0
}
// ############################### start do login ###############################
// this was a _REQUEST action but where do we all login via request?
if ($_POST['do'] == 'login') {
    $vbulletin->input->clean_array_gpc('p', array('vb_login_username' => TYPE_STR, 'vb_login_password' => TYPE_STR, 'vb_login_md5password' => TYPE_STR, 'vb_login_md5password_utf' => TYPE_STR, 'postvars' => TYPE_BINARY, 'cookieuser' => TYPE_BOOL, 'logintype' => TYPE_STR, 'cssprefs' => TYPE_STR));
    // can the user login?
    $strikes = verify_strike_status($vbulletin->GPC['vb_login_username']);
    if ($vbulletin->GPC['vb_login_username'] == '') {
        eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
    }
    // make sure our user info stays as whoever we were (for example, we might be logged in via cookies already)
    $original_userinfo = $vbulletin->userinfo;
    if (!verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['vb_login_password'], $vbulletin->GPC['vb_login_md5password'], $vbulletin->GPC['vb_login_md5password_utf'], $vbulletin->GPC['cookieuser'], true)) {
        ($hook = vBulletinHook::fetch_hook('login_failure')) ? eval($hook) : false;
        // check password
        exec_strike_user($vbulletin->userinfo['username']);
        if ($vbulletin->GPC['logintype'] === 'cplogin' or $vbulletin->GPC['logintype'] === 'modcplogin') {
            // log this error if attempting to access the control panel
            require_once DIR . '/includes/functions_log_error.php';
            log_vbulletin_error($vbulletin->GPC['vb_login_username'], 'security');
        }
        $vbulletin->userinfo = $original_userinfo;
        if ($vbulletin->options['usestrikesystem']) {
            eval(standard_error(fetch_error('badlogin_strikes', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
        } else {
            eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'])));
        }
    }
    exec_unstrike_user($vbulletin->GPC['vb_login_username']);
    // create new session
    process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
Exemplo n.º 3
0
function do_login()
{
    global $vbulletin, $fr_version, $fr_platform;
    $vbulletin->input->clean_array_gpc('r', array('username' => TYPE_STR, 'password' => TYPE_STR, 'md5_password' => TYPE_STR, 'fr_username' => TYPE_STR, 'fr_b' => TYPE_BOOL));
    $navbg = null;
    if (strlen($vbulletin->options['forumrunner_branding_navbar_bg'])) {
        $navbg = $vbulletin->options['forumrunner_branding_navbar_bg'];
        if (is_iphone() && strlen($navbg) == 7) {
            $r = hexdec(substr($navbg, 1, 2));
            $g = hexdec(substr($navbg, 3, 2));
            $b = hexdec(substr($navbg, 5, 2));
            $navbg = "{$r},{$g},{$b}";
        }
    }
    $vbulletin->GPC['username'] = prepare_remote_utf8_string($vbulletin->GPC['username']);
    $vbulletin->GPC['password'] = prepare_remote_utf8_string($vbulletin->GPC['password']);
    $out = array('v' => $fr_version, 'p' => $fr_platform);
    if ($navbg) {
        $out['navbg'] = $navbg;
    }
    if (is_iphone() && $vbulletin->options['forumrunner_admob_publisherid_iphone']) {
        $out['admob'] = $vbulletin->options['forumrunner_admob_publisherid_iphone'];
    } else {
        if (is_android() && $vbulletin->options['forumrunner_admob_publisherid_android']) {
            $out['admob'] = $vbulletin->options['forumrunner_admob_publisherid_android'];
        }
    }
    if ($vbulletin->options['forumrunner_google_analytics_id']) {
        $out['gan'] = $vbulletin->options['forumrunner_google_analytics_id'];
    }
    if ($vbulletin->options['forumrunner_facebook_application_id']) {
        $out['fb'] = $vbulletin->options['forumrunner_facebook_application_id'];
    }
    if ($vbulletin->options['forumrunner_cms_onoff']) {
        $out['cms'] = true;
        $out['cms_section'] = $vbulletin->options['forumrunner_cms_section'];
    }
    if ($vbulletin->options['forumrunner_enable_registration']) {
        $out['reg'] = true;
    }
    if ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_albums']) {
        $out['albums'] = true;
    }
    if (!$vbulletin->GPC['username'] || !$vbulletin->GPC['password'] && !$vbulletin->GPC['md5_password']) {
        // This could be an attempt to see if forums require login.  Check.
        $requires_authentication = false;
        if (!($vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview'])) {
            $requires_authentication = true;
        }
        // If the forum is closed, require login!
        if (!$vbulletin->options['bbactive']) {
            $requires_authentication = true;
        }
        $out += array('authenticated' => false, 'requires_authentication' => $requires_authentication);
    } else {
        // can the user login?
        $strikes = verify_strike_status($vbulletin->GPC['username'], true);
        // make sure our user info stays as whoever we were (for example, we might be logged in via cookies already)
        $original_userinfo = $vbulletin->userinfo;
        if (!verify_authentication($vbulletin->GPC['username'], $vbulletin->GPC['password'], $vbulletin->GPC['md5_password'], $vbulletin->GPC['md5_password'], true, true)) {
            exec_strike_user($vbulletin->GPC['username']);
            if ($vbulletin->options['usestrikesystem']) {
                if ($strikes === false) {
                    $message = 'Incorrect login.  You have used up your login allowance.  Please wait 15 minutes before trying again.';
                } else {
                    $message = 'Incorrect login (' . ($strikes + 1) . ' of 5 tries allowed)';
                }
            } else {
                $message = 'Incorrect login.';
            }
            json_error($message, RV_BAD_PASSWORD);
        }
        exec_unstrike_user($vbulletin->GPC['username']);
        // create new session
        process_new_login('', true, '');
        cache_permissions($vbulletin->userinfo, true);
        $vbulletin->session->save();
        // If the forum is closed, boot em
        if (!$vbulletin->options['bbactive'] && !($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])) {
            process_logout();
            json_error(strip_tags($vbulletin->options['bbclosedreason']), RV_BAD_PASSWORD);
        }
        fr_update_push_user($vbulletin->GPC['fr_username'], $vbulletin->GPC['fr_b']);
        $out += array('authenticated' => true, 'username' => prepare_utf8_string($vbulletin->userinfo['username']), 'cookiepath' => $vbulletin->options['cookiepath']);
    }
    return $out;
}
Exemplo n.º 4
0
                     }
                     process_new_login('', 1, $vbulletin->GPC['cssprefs']);
                     cache_permissions($vbulletin->userinfo, true);
                     $vbulletin->session->save();
                 }
             }
         }
     } else {
         $valid_entries = FALSE;
         $messages['errors'][] = $message = "Please check your username and password.";
         $messages['fields'][] = $error_type = "username-member";
         $messages['errors'][] = $message = "";
         $messages['fields'][] = $error_type = "password-member";
         if ($vbulletin->options['usestrikesystem']) {
             $strikes = verify_strike_status($vbulletin->GPC['username']);
             exec_strike_user($vbulletin->GPC['username']);
             if ($strikes >= 4) {
                 unset($messages);
                 $message = fetch_error('badlogin_strikes', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes);
                 $message = rewrite_error($message);
                 $messages['errors'][] = $message;
                 $messages['fields'][] = $error_type = "username-member";
                 $messages['errors'][] = "";
                 $messages['fields'][] = $error_type = "password-member";
             }
         }
     }
 }
 $arr = array("valid_entries" => $valid_entries, "messages" => $messages, "url" => $url);
 json_headers($arr);
 break;