}
print_stop_message('security_alert_tools_still_exists_in_x', $vbulletin->config['Misc']['admincpdir']);
} else {
if (file_exists(DIR . '/' . $vbulletin->config['Misc']['modcpdir'] . '/tools.php')) {
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
define('CP_CONTINUE', $vbulletin->scriptpath);
}
print_stop_message('security_alert_tools_still_exists_in_x', $vbulletin->config['Misc']['modcpdir']);
}
}
}
}
}
// ############################################ Start Login Check ####################################
$vbulletin->input->clean_array_gpc('p', array('adminhash' => TYPE_STR, 'ajax' => TYPE_BOOL));
assert_cp_sessionhash();
if (!CP_SESSIONHASH or $checkpwd or $vbulletin->options['timeoutcontrolpanel'] and !$vbulletin->session->vars['loggedin']) {
// #############################################################################
// Put in some auto-repair ;)
$check = array();
$spectemps = $db->query_read("SELECT title FROM " . TABLE_PREFIX . "datastore");
while ($spectemp = $db->fetch_array($spectemps)) {
$check["{$spectemp['title']}"] = true;
}
$db->free_result($spectemps);
if (!$check['maxloggedin']) {
build_datastore('maxloggedin', '', 1);
}
if (!$check['smiliecache']) {
build_datastore('smiliecache', '', 1);
build_image_cache('smilie');
/**
* Verifies the CP sessionhash is sent through with the request to prevent
* an XSS-style issue.
*
* @param boolean Whether to halt if an error occurs
* @param string Name of the input variable to look at
*
* @return boolean True on success, false on failure
*/
function verify_cp_sessionhash($halt = true, $input = 'hash')
{
global $vbulletin;
assert_cp_sessionhash();
if (!isset($vbulletin->GPC["{$input}"])) {
$vbulletin->input->clean_array_gpc('r', array($input => TYPE_STR));
}
if ($vbulletin->GPC["{$input}"] != CP_SESSIONHASH) {
if ($halt) {
print_stop_message('security_alert_hash_mismatch');
} else {
return false;
}
}
return true;
}
/**
* Checks if a post request was intended for this item controller.
*
* @return bool
*/
public function verifyPostId()
{
require_once(DIR . '/includes/adminfunctions.php');
assert_cp_sessionhash();
vB::$vbulletin->input->clean_array_gpc('p', array(
'item_type' => vB_Input::TYPE_NOCLEAN,
'item_class' => vB_Input::TYPE_STR,
'item_id' => vB_Input::TYPE_NOCLEAN,
'adminhash' => vB_Input::TYPE_STR
));
return ((vB::$vbulletin->GPC['item_type'] == 'widget')
AND (vB::$vbulletin->GPC['item_class'] == vBCms_Types::instance()->getTypeKey($this->widget->getPackage(), $this->widget->getClass()))
AND vB::$vbulletin->GPC['item_id'] == $this->widget->getId()
AND (!defined('ADMINHASH') OR ADMINHASH == vB::$vbulletin->GPC['adminhash'])
AND (CP_SESSIONHASH AND (!$vbulletin->options['timeoutcontrolpanel'] OR $vbulletin->session->vars['loggedin'])));
}
