function do_get_new_updates()
{
global $vbulletin;
require_once DIR . '/includes/functions_login.php';
$vbulletin->input->clean_array_gpc('r', array('username' => TYPE_STR, 'password' => TYPE_STR, 'md5_password' => TYPE_STR, 'fr_username' => TYPE_STR, 'fr_b' => TYPE_BOOL));
if (!$vbulletin->GPC['username'] || !$vbulletin->GPC['password'] && !$vbulletin->GPC['md5_password']) {
json_error(ERR_NO_PERMISSION);
}
$vbulletin->GPC['username'] = prepare_remote_utf8_string($vbulletin->GPC['username']);
$vbulletin->GPC['password'] = prepare_remote_utf8_string($vbulletin->GPC['password']);
if (!verify_authentication($vbulletin->GPC['username'], $vbulletin->GPC['password'], $vbulletin->GPC['md5_password'], $vbulletin->GPC['md5_password'], $vbulletin->GPC['cookieuser'], true)) {
json_error(ERR_NO_PERMISSION);
}
// Don't save the session, we just want pm & marked thread info
process_new_login('', false, '');
// Since we are not saving the session, fetch our userinfo
$vbulletin->userinfo =& fetch_userinfo($vbulletin->userinfo['userid']);
cache_permissions($vbulletin->userinfo, true);
$sub_notices = get_sub_thread_updates();
fr_update_push_user($vbulletin->GPC['fr_username'], $vbulletin->GPC['fr_b']);
return array('pm_notices' => $vbulletin->userinfo['pmunread'], 'sub_notices' => $sub_notices);
}
public function register($data)
{
global $vbulletin;
$vb_userid = NULL;
// Validate (returns a phrase key on error, or true on success)
$valid = $this->validateRegistration($data);
if ($valid !== true) {
return $valid;
}
// Get user id from database or create a new one, depending on registration type
if ($data['type'] == 'new') {
// Create new vb user and return true or an error string/phrase
$userCreated = $this->createUser($data, $vb_userid);
// $vb_userid byRef
if ($userCreated !== true) {
return $userCreated;
}
} else {
// Validate credentials if linking to an existing account
$userExists = verify_authentication($data['username'], $data['password'], '', '', '', '');
// If it succeeded, $vbulletin->userinfo is now populated
$vb_userid = $vbulletin->userinfo['userid'];
}
$service = $data['service'];
$nonvbid = $data['userid'];
$associated = $data['type'] == 'link' ? '1' : '0';
if (!$vb_userid) {
if ($data['type'] == 'link') {
return 'vbnexus_registration_wrong_credentials';
} else {
return 'vbnexus_registration_linking_failed';
}
}
// Insert new entry in vbnexus_user
$sql = "INSERT INTO `" . TABLE_PREFIX . "vbnexus_user`\r\n (`service`, `nonvbid`, `userid`, `associated`)\r\n VALUES ('{$service}', '{$nonvbid}', '{$vb_userid}', '{$associated}')\r\n ON DUPLICATE KEY UPDATE `userid` = '{$vb_userid}', `associated` = '{$associated}'";
$vbulletin->db->query_write($sql);
return $vbulletin->db->errno() ? 'vbnexus_registration_linking_failed' : true;
}
}
$show['member'] = false;
eval(standard_error(fetch_error('cookieclear', create_full_url($vbulletin->url), $vbulletin->options['forumhome'], $vbulletin->session->vars['sessionurl_q']), '', false));
}
// ############################### start do login ###############################
// this was a _REQUEST action but where do we all login via request?
if ($_POST['do'] == 'login') {
$vbulletin->input->clean_array_gpc('p', array('vb_login_username' => TYPE_STR, 'vb_login_password' => TYPE_STR, 'vb_login_md5password' => TYPE_STR, 'vb_login_md5password_utf' => TYPE_STR, 'postvars' => TYPE_BINARY, 'cookieuser' => TYPE_BOOL, 'logintype' => TYPE_STR, 'cssprefs' => TYPE_STR));
// can the user login?
$strikes = verify_strike_status($vbulletin->GPC['vb_login_username']);
if ($vbulletin->GPC['vb_login_username'] == '') {
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
}
// make sure our user info stays as whoever we were (for example, we might be logged in via cookies already)
$original_userinfo = $vbulletin->userinfo;
if (!verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['vb_login_password'], $vbulletin->GPC['vb_login_md5password'], $vbulletin->GPC['vb_login_md5password_utf'], $vbulletin->GPC['cookieuser'], true)) {
($hook = vBulletinHook::fetch_hook('login_failure')) ? eval($hook) : false;
// check password
exec_strike_user($vbulletin->userinfo['username']);
if ($vbulletin->GPC['logintype'] === 'cplogin' or $vbulletin->GPC['logintype'] === 'modcplogin') {
// log this error if attempting to access the control panel
require_once DIR . '/includes/functions_log_error.php';
log_vbulletin_error($vbulletin->GPC['vb_login_username'], 'security');
}
$vbulletin->userinfo = $original_userinfo;
if ($vbulletin->options['usestrikesystem']) {
eval(standard_error(fetch_error('badlogin_strikes', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
} else {
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'])));
}
}
} else {
if ($vbulletin->GPC[COOKIE_PREFIX . 'pda']) {
$pda = true;
}
}
$title = $vbulletin->options['bbtitle'];
if ($vbulletin->userinfo['userid'] == 0 and $vbulletin->GPC['login']) {
if (!empty($vbulletin->GPC['username']) and !empty($vbulletin->GPC['password'])) {
require_once DIR . '/includes/functions_login.php';
$strikes = verify_strike_status($vbulletin->GPC['username'], true);
if ($strikes === false) {
// user has got too many wrong passwords
$error_message = fetch_error('strikes', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl']);
$do = 'error';
} else {
if (verify_authentication($vbulletin->GPC['username'], $vbulletin->GPC['password'], '', '', false, true)) {
exec_unstrike_user($vbulletin->GPC['username']);
$db->query_write("DELETE FROM " . TABLE_PREFIX . "session WHERE sessionhash = '" . $db->escape_string($vbulletin->session->vars['dbsessionhash']) . "'");
$vbulletin->session->vars = $vbulletin->session->fetch_session($vbulletin->userinfo['userid']);
/*insert query*/
$db->query_write("\n\t\t\t\tINSERT INTO " . TABLE_PREFIX . "session\n\t\t\t\t\t(sessionhash, userid, host, idhash, lastactivity, styleid, loggedin, bypass, useragent)\n\t\t\t\tVALUES\n\t\t\t\t\t('" . $db->escape_string($vbulletin->session->vars['sessionhash']) . "', " . $vbulletin->session->vars['userid'] . ", '" . $db->escape_string($vbulletin->session->vars['host']) . "', '" . $db->escape_string($vbulletin->session->vars['idhash']) . "', " . TIMENOW . ", " . $vbulletin->session->vars['styleid'] . ", 1, " . iif($logintype === 'cplogin', 1, 0) . ", '" . $db->escape_string($vbulletin->session->vars['useragent']) . "')\n\t\t\t");
exec_header_redirect($querystring);
} else {
// wrong username / password
exec_strike_user($vbulletin->userinfo['username']);
$error_message = fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes);
$do = 'error';
}
}
}
}
function do_login()
{
global $vbulletin, $fr_version, $fr_platform;
$vbulletin->input->clean_array_gpc('r', array('username' => TYPE_STR, 'password' => TYPE_STR, 'md5_password' => TYPE_STR, 'fr_username' => TYPE_STR, 'fr_b' => TYPE_BOOL));
$navbg = null;
if (strlen($vbulletin->options['forumrunner_branding_navbar_bg'])) {
$navbg = $vbulletin->options['forumrunner_branding_navbar_bg'];
if (is_iphone() && strlen($navbg) == 7) {
$r = hexdec(substr($navbg, 1, 2));
$g = hexdec(substr($navbg, 3, 2));
$b = hexdec(substr($navbg, 5, 2));
$navbg = "{$r},{$g},{$b}";
}
}
$vbulletin->GPC['username'] = prepare_remote_utf8_string($vbulletin->GPC['username']);
$vbulletin->GPC['password'] = prepare_remote_utf8_string($vbulletin->GPC['password']);
$out = array('v' => $fr_version, 'p' => $fr_platform);
if ($navbg) {
$out['navbg'] = $navbg;
}
if (is_iphone() && $vbulletin->options['forumrunner_admob_publisherid_iphone']) {
$out['admob'] = $vbulletin->options['forumrunner_admob_publisherid_iphone'];
} else {
if (is_android() && $vbulletin->options['forumrunner_admob_publisherid_android']) {
$out['admob'] = $vbulletin->options['forumrunner_admob_publisherid_android'];
}
}
if ($vbulletin->options['forumrunner_google_analytics_id']) {
$out['gan'] = $vbulletin->options['forumrunner_google_analytics_id'];
}
if ($vbulletin->options['forumrunner_facebook_application_id']) {
$out['fb'] = $vbulletin->options['forumrunner_facebook_application_id'];
}
if ($vbulletin->options['forumrunner_cms_onoff']) {
$out['cms'] = true;
$out['cms_section'] = $vbulletin->options['forumrunner_cms_section'];
}
if ($vbulletin->options['forumrunner_enable_registration']) {
$out['reg'] = true;
}
if ($vbulletin->options['socnet'] & $vbulletin->bf_misc_socnet['enable_albums']) {
$out['albums'] = true;
}
if (!$vbulletin->GPC['username'] || !$vbulletin->GPC['password'] && !$vbulletin->GPC['md5_password']) {
// This could be an attempt to see if forums require login. Check.
$requires_authentication = false;
if (!($vbulletin->userinfo['permissions']['forumpermissions'] & $vbulletin->bf_ugp_forumpermissions['canview'])) {
$requires_authentication = true;
}
// If the forum is closed, require login!
if (!$vbulletin->options['bbactive']) {
$requires_authentication = true;
}
$out += array('authenticated' => false, 'requires_authentication' => $requires_authentication);
} else {
// can the user login?
$strikes = verify_strike_status($vbulletin->GPC['username'], true);
// make sure our user info stays as whoever we were (for example, we might be logged in via cookies already)
$original_userinfo = $vbulletin->userinfo;
if (!verify_authentication($vbulletin->GPC['username'], $vbulletin->GPC['password'], $vbulletin->GPC['md5_password'], $vbulletin->GPC['md5_password'], true, true)) {
exec_strike_user($vbulletin->GPC['username']);
if ($vbulletin->options['usestrikesystem']) {
if ($strikes === false) {
$message = 'Incorrect login. You have used up your login allowance. Please wait 15 minutes before trying again.';
} else {
$message = 'Incorrect login (' . ($strikes + 1) . ' of 5 tries allowed)';
}
} else {
$message = 'Incorrect login.';
}
json_error($message, RV_BAD_PASSWORD);
}
exec_unstrike_user($vbulletin->GPC['username']);
// create new session
process_new_login('', true, '');
cache_permissions($vbulletin->userinfo, true);
$vbulletin->session->save();
// If the forum is closed, boot em
if (!$vbulletin->options['bbactive'] && !($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel'])) {
process_logout();
json_error(strip_tags($vbulletin->options['bbclosedreason']), RV_BAD_PASSWORD);
}
fr_update_push_user($vbulletin->GPC['fr_username'], $vbulletin->GPC['fr_b']);
$out += array('authenticated' => true, 'username' => prepare_utf8_string($vbulletin->userinfo['username']), 'cookiepath' => $vbulletin->options['cookiepath']);
}
return $out;
}
function login($username, $password)
{
global $vbulletin;
if (verify_authentication($username, $password, '', '', '', false)) {
process_new_login('', '', '');
return get_userinfo();
} else {
return false;
}
}
public function login($vbuser, $acceptgroups = false)
{
//Get user info from username passed
$this->vbulletin->userinfo = $this->fetch_userinfo_from_username($vbuser['username']);
//Verify login via VB
if (!verify_authentication($vbuser['username'], $vbuser['password'], '', '', 1, true)) {
$this->vbulletin->userinfo['userid'] = 0;
return "Invalid Username or Password.";
}
//Check that user is not awaiting activation
if ($this->vbulletin->userinfo['usergroupid'] == NOACTIVATION_USERGROUP) {
$this->vbulletin->userinfo['userid'] = 0;
return "Un-Activated Account. To activate please request a new activation email <a href='register.php?do=requestemail&username={$vbuser['username']}'>here</a>.";
}
//Check user does not belong to the "banned" user group - TODO: Use VB variables incase usergroupid is different
if ($this->vbulletin->userinfo['usergroupid'] == BANNED_USERGROUP) {
$this->vbulletin->userinfo['userid'] = 0;
return "You're Barred! If you think there has been a mistake or wish to appeal please visit the contact page <a href='contact.php'>here</a>.";
}
//If acceptgroups is set then check that user is part of the usergroups specified
if ($acceptgroups) {
//Check main usergroup as well as additional usergroups
$getadditional = explode(',', $this->vbulletin->userinfo['membergroupids']);
//Loop through specified usergroups
foreach ($acceptgroups as $value) {
//If user is part of the usergroup then allowlogin
if ($value == $this->vbulletin->userinfo['usergroupid']) {
$allowlogin = true;
}
//Check additional usergroups
foreach ($getadditional as $additionalvalue) {
//If user is part of the usergroup then allowlogin
if ($value == $additionalvalue) {
$allowlogin = true;
}
}
}
//If user is not part of any specified usergroups then return error.
if (!$allowlogin) {
$this->vbulletin->userinfo['userid'] = 0;
return "This is a restricted area. Please contact the site administrator for further details.";
}
}
//Unstrike the user (resets vbulletin brute-force protection)
exec_unstrike_user($vbuser['username']);
//Create vbulletin cookies for user
process_new_login('', 1, '');
//Saves cookies & session variables for user
$this->vbulletin->session->save();
//Return false for success!
return false;
}
