API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 29th, 2016
107
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.36 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*======================================================================*\
  3. || #################################################################### ||
  4. || # vBulletin 4.2.2 Alpha 1 - Licence Number VBFSA2W3VC
  5. || # ---------------------------------------------------------------- # ||
  6. || # Copyright ©2000-2013 vBulletin Solutions Inc. All Rights Reserved. ||
  7. || # This file may not be redistributed in whole or significant part. # ||
  8. || # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
  9. || # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
  10. || #################################################################### ||
  11. \*======================================================================*/
  12.  
  13. // ####################### SET PHP ENVIRONMENT ###########################
  14. error_reporting(E_ALL & ~E_NOTICE);
  15.  
  16. // #################### DEFINE IMPORTANT CONSTANTS #######################
  17. define('THIS_SCRIPT', 'login');
  18. define('CSRF_PROTECTION', true);
  19. define('CSRF_SKIP_LIST', 'login');
  20. define('CONTENT_PAGE', false);
  21.  
  22. // ################### PRE-CACHE TEMPLATES AND DATA ######################
  23. // get special phrase groups
  24. $phrasegroups = array();
  25.  
  26. // get special data templates from the datastore
  27. $specialtemplates = array();
  28.  
  29. // pre-cache templates used by all actions
  30. $globaltemplates = array();
  31.  
  32. // pre-cache templates used by specific actions
  33. $actiontemplates = array(
  34. 'lostpw' => array(
  35. 'lostpw',
  36. 'humanverify'
  37. )
  38. );
  39.  
  40. // ######################### REQUIRE BACK-END ############################
  41. require_once('./global.php');
  42. require_once(DIR . '/includes/functions_login.php');
  43.  
  44. // #######################################################################
  45. // ######################## START MAIN SCRIPT ############################
  46. // #######################################################################
  47.  
  48. $vbulletin->input->clean_gpc('r', 'a', TYPE_STR);
  49.  
  50. if (empty($_REQUEST['do']) AND empty($vbulletin->GPC['a']))
  51. {
  52. exec_header_redirect(fetch_seo_url('forumhome|nosession', array()));
  53. }
  54.  
  55. // ############################### start logout ###############################
  56. if ($_REQUEST['do'] == 'logout')
  57. {
  58. // process facebook logout first if applicable
  59. if (is_facebookenabled())
  60. {
  61. do_facebooklogout();
  62. }
  63.  
  64. define('NOPMPOPUP', true);
  65.  
  66. if (!VB_API)
  67. {
  68. $vbulletin->input->clean_gpc('r', 'logouthash', TYPE_STR);
  69.  
  70. if ($vbulletin->userinfo['userid'] != 0 AND !verify_security_token($vbulletin->GPC['logouthash'], $vbulletin->userinfo['securitytoken_raw']))
  71. {
  72. eval(standard_error(fetch_error('logout_error', $vbulletin->session->vars['sessionurl'], $vbulletin->userinfo['securitytoken'])));
  73. }
  74. }
  75.  
  76. process_logout();
  77.  
  78. $vbulletin->url = fetch_replaced_session_url($vbulletin->url);
  79. if (strpos($vbulletin->url, 'do=logout') !== false)
  80. {
  81. $vbulletin->url = fetch_seo_url('forumhome', array());
  82. }
  83. $show['member'] = false;
  84. $show['registerbutton'] = (!$show['search_engine'] AND $vbulletin->options['allowregistration']);
  85. $show['pmmainlink'] = false;
  86.  
  87. eval(standard_error(fetch_error('cookieclear', create_full_url($vbulletin->url), fetch_seo_url('forumhome', array())), '', false));
  88. }
  89.  
  90. // ############################### start do login ###############################
  91. // this was a _REQUEST action but where do we all login via request?
  92. if ($_POST['do'] == 'login')
  93. {
  94. $vbulletin->input->clean_array_gpc('p', array(
  95. 'vb_login_username' => TYPE_STR,
  96. 'vb_login_password' => TYPE_STR,
  97. 'vb_login_md5password' => TYPE_STR,
  98. 'vb_login_md5password_utf' => TYPE_STR,
  99. 'postvars' => TYPE_BINARY,
  100. 'cookieuser' => TYPE_BOOL,
  101. 'logintype' => TYPE_STR,
  102. 'cssprefs' => TYPE_STR,
  103. 'inlineverify' => TYPE_BOOL,
  104. ));
  105.  
  106. // can the user login?
  107. $strikes = verify_strike_status($vbulletin->GPC['vb_login_username']);
  108.  
  109. if ($vbulletin->GPC['vb_login_username'] == '')
  110. {
  111. eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
  112. }
  113.  
  114. // make sure our user info stays as whoever we were (for example, we might be logged in via cookies already)
  115. $original_userinfo = $vbulletin->userinfo;
  116.  
  117. if (!verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['vb_login_password'], $vbulletin->GPC['vb_login_md5password'], $vbulletin->GPC['vb_login_md5password_utf'], $vbulletin->GPC['cookieuser'], true))
  118. {
  119. ($hook = vBulletinHook::fetch_hook('login_failure')) ? eval($hook) : false;
  120.  
  121. // check password
  122. exec_strike_user($vbulletin->userinfo['username']);
  123.  
  124. if ($vbulletin->GPC['logintype'] === 'cplogin' OR $vbulletin->GPC['logintype'] === 'modcplogin')
  125. {
  126. // log this error if attempting to access the control panel
  127. require_once(DIR . '/includes/functions_log_error.php');
  128. log_vbulletin_error($vbulletin->GPC['vb_login_username'], 'security');
  129. }
  130. $vbulletin->userinfo = $original_userinfo;
  131.  
  132. // For vB_API we need to unlogin the users we logged in before
  133. if (defined('VB_API') AND VB_API === true)
  134. {
  135. $vbulletin->session->set('userid', 0);
  136. $vbulletin->session->set('loggedin', 0);
  137. }
  138.  
  139. if ($vbulletin->GPC['inlineverify'] AND $vbulletin->userinfo)
  140. {
  141. require_once(DIR . '/includes/modfunctions.php');
  142. show_inline_mod_login(true);
  143. }
  144. else
  145. {
  146. define('VB_ERROR_PERMISSION', true);
  147. $show['useurl'] = true;
  148. $show['specificerror'] = true;
  149. $url = $vbulletin->url;
  150. if ($vbulletin->options['usestrikesystem'])
  151. {
  152. eval(standard_error(fetch_error('badlogin_strikes_passthru', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
  153. }
  154. else
  155. {
  156. eval(standard_error(fetch_error('badlogin_passthru', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'])));
  157. }
  158. }
  159. }
  160.  
  161. exec_unstrike_user($vbulletin->GPC['vb_login_username']);
  162.  
  163. $_postvars = @unserialize(verify_client_string($vbulletin->GPC['postvars']));
  164.  
  165. // create new session
  166. process_new_login(($_postvars['logintype'] ? $_postvars['logintype'] : $vbulletin->GPC['logintype']), $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
  167.  
  168. // do redirect
  169. do_login_redirect();
  170.  
  171. }
  172. else if ($_GET['do'] == 'login')
  173. {
  174. // add consistency with previous behavior
  175. exec_header_redirect(fetch_seo_url('forumhome|nosession', array()));
  176. }
  177.  
  178. // ############################### start lost password ###############################
  179. if ($_REQUEST['do'] == 'lostpw')
  180. {
  181. $vbulletin->input->clean_gpc('r', 'email', TYPE_NOHTML);
  182. $email = $vbulletin->GPC['email'];
  183.  
  184. $navbits = construct_navbits(array('' => $vbphrase['lost_password_recovery_form']));
  185. $navbar = render_navbar_template($navbits);
  186.  
  187. // human verification
  188. if (fetch_require_hvcheck('lostpw'))
  189. {
  190. require_once(DIR . '/includes/class_humanverify.php');
  191. $verification =& vB_HumanVerify::fetch_library($vbulletin);
  192. $human_verify = $verification->output_token();
  193. }
  194. else
  195. {
  196. $human_verify = '';
  197. }
  198.  
  199. $url =& $vbulletin->url;
  200. $templater = vB_Template::create('lostpw');
  201. $templater->register_page_templates();
  202. $templater->register('email', $email);
  203. $templater->register('human_verify', $human_verify);
  204. $templater->register('navbar', $navbar);
  205. $templater->register('url', $url);
  206. print_output($templater->render());
  207. }
  208.  
  209. // ############################### start email password ###############################
  210. if ($_POST['do'] == 'emailpassword')
  211. {
  212.  
  213. $vbulletin->input->clean_array_gpc('p', array(
  214. 'email' => TYPE_STR,
  215. 'userid' => TYPE_UINT,
  216. 'humanverify' => TYPE_ARRAY,
  217. ));
  218.  
  219. if ($vbulletin->GPC['email'] == '')
  220. {
  221. eval(standard_error(fetch_error('invalidemail', $vbulletin->options['contactuslink'])));
  222. }
  223.  
  224. if (fetch_require_hvcheck('lostpw'))
  225. {
  226. require_once(DIR . '/includes/class_humanverify.php');
  227. $verify =& vB_HumanVerify::fetch_library($vbulletin);
  228. if (!$verify->verify_token($vbulletin->GPC['humanverify']))
  229. {
  230. standard_error(fetch_error($verify->fetch_error()));
  231. }
  232. }
  233.  
  234. require_once(DIR . '/includes/functions_user.php');
  235.  
  236. $users = $db->query_read_slave("
  237. SELECT userid, username, email, languageid
  238. FROM " . TABLE_PREFIX . "user
  239. WHERE email = '" . $db->escape_string($vbulletin->GPC['email']) . "'
  240. ");
  241. if ($db->num_rows($users))
  242. {
  243. while ($user = $db->fetch_array($users))
  244. {
  245. if ($vbulletin->GPC['userid'] AND $vbulletin->GPC['userid'] != $user['userid'])
  246. {
  247. continue;
  248. }
  249. $user['username'] = unhtmlspecialchars($user['username']);
  250.  
  251. $user['activationid'] = build_user_activation_id($user['userid'], 2, 1);
  252.  
  253. eval(fetch_email_phrases('lostpw', $user['languageid']));
  254. vbmail($user['email'], $subject, $message, true);
  255. }
  256.  
  257. $vbulletin->url = str_replace('"', '', $vbulletin->url);
  258. print_standard_redirect('redirect_lostpw', true, true);
  259. }
  260. else
  261. {
  262. eval(standard_error(fetch_error('invalidemail', $vbulletin->options['contactuslink'])));
  263. }
  264. }
  265.  
  266. // ############################### start reset password ###############################
  267. if ($vbulletin->GPC['a'] == 'pwd' OR $_REQUEST['do'] == 'resetpassword')
  268. {
  269.  
  270. $vbulletin->input->clean_array_gpc('r', array(
  271. 'userid' => TYPE_UINT,
  272. 'u' => TYPE_UINT,
  273. 'activationid' => TYPE_STR,
  274. 'i' => TYPE_STR
  275. ));
  276.  
  277. if (!$vbulletin->GPC['userid'])
  278. {
  279. $vbulletin->GPC['userid'] = $vbulletin->GPC['u'];
  280. }
  281.  
  282. if (!$vbulletin->GPC['activationid'])
  283. {
  284. $vbulletin->GPC['activationid'] = $vbulletin->GPC['i'];
  285. }
  286.  
  287. $userinfo = verify_id('user', $vbulletin->GPC['userid'], 1, 1);
  288.  
  289. $user = $db->query_first("
  290. SELECT activationid, dateline
  291. FROM " . TABLE_PREFIX . "useractivation
  292. WHERE type = 1
  293. AND userid = $userinfo[userid]
  294. ");
  295.  
  296. if (!$user)
  297. {
  298. // no activation record, probably got back here after a successful request, back to home
  299. exec_header_redirect(fetch_seo_url('forumhome|nosession', array()));
  300. }
  301.  
  302. if ($user['dateline'] < (TIMENOW - 24 * 60 * 60))
  303. { // is it older than 24 hours?
  304. eval(standard_error(fetch_error('resetexpired', $vbulletin->session->vars['sessionurl'])));
  305. }
  306.  
  307. if ($user['activationid'] != $vbulletin->GPC['activationid'])
  308. { //wrong act id
  309. eval(standard_error(fetch_error('resetbadid', $vbulletin->session->vars['sessionurl'])));
  310. }
  311.  
  312. // delete old activation id
  313. $db->query_write("DELETE FROM " . TABLE_PREFIX . "useractivation WHERE userid = $userinfo[userid] AND type = 1");
  314.  
  315. $newpassword = fetch_random_password(8);
  316.  
  317. // init user data manager
  318. $userdata =& datamanager_init('User', $vbulletin, ERRTYPE_STANDARD);
  319. $userdata->set_existing($userinfo);
  320. $userdata->set('password', $newpassword);
  321. $userdata->save();
  322.  
  323. ($hook = vBulletinHook::fetch_hook('reset_password')) ? eval($hook) : false;
  324.  
  325. eval(fetch_email_phrases('resetpw', $userinfo['languageid']));
  326. vbmail($userinfo['email'], $subject, $message, true);
  327.  
  328. eval(standard_error(fetch_error('resetpw', $vbulletin->session->vars['sessionurl'])));
  329.  
  330. }
  331.  
  332. exec_header_redirect(fetch_seo_url('forumhome|nosession', array()));
  333. /*======================================================================*\
  334. || ####################################################################
  335. || # Downloaded: 03:13, Sat Sep 7th 2013
  336. || # CVS: $RCSfile$ - $Revision: 63389 $
  337. || ####################################################################
  338. \*======================================================================*/
  339. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!