PDA

View Full Version : Delayed Email Verification Hack (DEV)


CharlesHe
08-24-2005, 10:00 PM
This hack allows newly registered users awaiting email activation to use the forums, but then restricts them from logging in after a certain period of time and informing them that the time limit has passed.

My forum is designed for a close community of students, but I still want email verification to prevent abuse. But my forum isn't established yet, and I don't want to scare people off by forcing them to check their email. I would like them to check out the forums and get used to them for a while before forcing them to do more work. So I've made this hack that should allow for a delay in email verification of one day.

Two files need to be modified and an extra phrase must be added.

There are some flaws: In theory because this only restricts login, someone could stay logged on past the grace period, but a higher degree of rigour restricting this exploit would not be appropriate for a delayed email verification anyways.

I've been programming for approximate 1 day. If anyone can teach me how to write admincp functions that allow some customization over the grace periods, or teach me how write a program to install this hack that would be great.

Replace this code in /login.php


if (!verify_authentication($username, $password, $md5password, $md5password_utf, true))
{
// check password
exec_strike_user($bbuserinfo['username']);

if ($logintype === 'cplogin' OR $logintype === 'modcplogin')
{
// log this error if attempting to access the control panel
require_once('./includes/functions_log_error.php');
log_vbulletin_error($username, 'security');
}
$bbuserinfo = array(
'userid' => 0,
'usergroupid' => 1
);
eval(print_standard_error('error_badlogin'));
}


With


if (!verify_authentication($username, $password, $md5password, $md5password_utf, true))
{
// check password
exec_strike_user($bbuserinfo['username']);

if ($logintype === 'cplogin' OR $logintype === 'modcplogin')
{
// log this error if attempting to access the control panel
require_once('./includes/functions_log_error.php');
log_vbulletin_error($username, 'security');
}
//normally only failed password, now there is the possibility of expired grace period
//new error given if variables used in grace period checking are active
if($bbuserinfo['joindate'] == 1984)
{
$bbuserinfo = array(
'userid' => 0,
'usergroupid' => 1
);
eval(print_standard_error('error_expired_grace_ver ification'));
}
else
{
$bbuserinfo = array(
'userid' => 0,
'usergroupid' => 1
);
eval(print_standard_error('error_badlogin'));
}
}


In includes/functions_login.php...

Insert before
if ($send_cookies)
(approximate line 147)
With this this code :

//check to see if user need verification
elseif($bbuserinfo['usergroupid'] == 3)
{
// Calculate days since joining
$bbuserinfo = $DB_site->query_first("SELECT joindate FROM " . TABLE_PREFIX . "user WHERE username = '" . $bbuserinfo['username'] . "'");
$currentday = time();
$dayspassed = ($currentday - $bbuserinfo[joindate])/(60*60*24);
//this is where grace period is controlled enter a number in days after the >=
if($dayspassed >= 1)
{
$bbuserinfo['joindate'] = 1984; //used for verifying type of error
return false;

}
}


Finally you need to do an SQL to add this new error phrase:

UPDATE `phrase` SET `text` = 'You may not login to the forums over one day after registering without activating your account. <br><br>

Activation should be easy. Please check your email to find the instructions to activate your account.
<br><br>
If you''re still having problems, please contact the administrator of the board at $vboptions[webmasteremail].' WHERE `phraseid` = '12302' LIMIT 1;

dndog
08-26-2005, 07:16 PM
You have to attach a text version of this hack as per vbulletin.org TOS.

Good work on your hack!

-dndog