$show = array(); // ############################################################################# // Clean Cookie Vars $vbulletin->input->clean_array_gpc('c', array('vbulletin_collapse' => TYPE_STR, COOKIE_PREFIX . 'referrerid' => TYPE_UINT, COOKIE_PREFIX . 'userid' => TYPE_UINT, COOKIE_PREFIX . 'password' => TYPE_STR, COOKIE_PREFIX . 'lastvisit' => TYPE_UINT, COOKIE_PREFIX . 'lastactivity' => TYPE_UINT, COOKIE_PREFIX . 'threadedmode' => TYPE_NOHTML, COOKIE_PREFIX . 'sessionhash' => TYPE_NOHTML, COOKIE_PREFIX . 'userstyleid' => TYPE_INT, COOKIE_PREFIX . 'languageid' => TYPE_UINT, COOKIE_PREFIX . 'skipmobilestyle' => TYPE_BOOL)); // ############################################################################# // VB API Request Signature Verification if (defined('VB_API') and VB_API === true) { // API disabled if (!$vbulletin->options['enableapi'] or !$vbulletin->options['apikey']) { print_apierror('api_disabled', 'API is disabled'); } global $VB_API_PARAMS_TO_VERIFY, $VB_API_REQUESTS; $vbulletin->input->clean_array_gpc('r', array('debug' => TYPE_BOOL, 'showall' => TYPE_BOOL)); if ($VB_API_REQUESTS['api_c']) { // Get client information from api_c. api_c has been intvaled in api.php $client = $db->query_first("SELECT *\n\t\t\tFROM " . TABLE_PREFIX . "apiclient\n\t\t\tWHERE apiclientid = {$VB_API_REQUESTS['api_c']}"); if (!$client) { print_apierror('invalid_clientid', 'Invalid Client ID'); } // An accesstoken is passed but invalid if ($VB_API_REQUESTS['api_s'] and $VB_API_REQUESTS['api_s'] != $client['apiaccesstoken']) { print_apierror('invalid_accesstoken', 'Invalid Access Token'); } $signtoverify = md5(http_build_query($VB_API_PARAMS_TO_VERIFY, '', '&') . $VB_API_REQUESTS['api_s'] . $client['apiclientid'] . $client['secret'] . $vbulletin->options['apikey']); $vbulletin->input->clean_array_gpc('r', array('debug' => TYPE_BOOL)); if ($VB_API_REQUESTS['api_sig'] !== $signtoverify and !($vbulletin->debug and $vbulletin->GPC['debug'])) { //echo ' Should be: ' . $signtoverify . ' md5("' . http_build_query($VB_API_PARAMS_TO_VERIFY, '', '&') . $VB_API_REQUESTS['api_s'] . $client['apiclientid'] . $client['secret'] . '")'; print_apierror('invalid_api_signature', 'Invalid API Signature'); } else { $vbulletin->apiclient = $client; }