vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Hook profile_updatepassword_start (https://vborg.vbsupport.ru/showthread.php?t=213811)

smokey 05-16-2009 04:45 AM

Hook profile_updatepassword_start
 
Hey all,

Kind of stuck on an issue I cannot seem to get around. At this hook location, I have code in a plugin to update an external member account database for the main site. It will change the email/password on the main site as well as the forum.

The problem I'm having is I'm trying to use the variable $vbulletin->GPC['newpassword'] (the clear text version of the inputed password but it is empty. I've tried setting a variable $plain_newpassword = $vbulletin->GPC['newpassword']; since the code launches before it goes through the hashing process but it is still empty. How is this possible when after this hook, it actually verifies $vbulletin->GPC['newpassword'] is not empty before it hashes it? Any way I can grab the posted clear text password so I can store it in a variable? This is really starting to bug me lol. $_POST['newpassword'] obviously will not work, also tried using $p to no avail. Have no problem with $vbulletin->GPC['email'] showing up on the db edit, exactly how you expect it to work. Oh and I can $vbulletin->GPC['newpassword_md5'] with no problem too, what the heck?

The hook is located in ./profile.php.

Can anyone shed some light on this? I just need a variable to be set with a clear text password when someone updates their password and email.

Thanks in advance!

Lynne 05-16-2009 02:51 PM

Perhaps post your plugin and maybe we can see what is wrong.

smokey 05-17-2009 04:06 AM

Nothing wrong with the plugin. The variable simply is not set or empty, all that is set is the newpassword_md5. I'm just trying to figure out why and a work around. The code is fine.

Anyone?

The default code in profile.php

PHP Code:

// ############################### start update password ###############################
if ($_POST['do'] == 'updatepassword')
{
    
$vbulletin->input->clean_array_gpc('p', array(
        
'currentpassword'        => TYPE_STR,
        
'currentpassword_md5'    => TYPE_STR,
        
'newpassword'            => TYPE_STR,
        
'newpasswordconfirm'     => TYPE_STR,
        
'newpassword_md5'        => TYPE_STR,
        
'newpasswordconfirm_md5' => TYPE_STR,
        
'email'                  => TYPE_STR,
        
'emailconfirm'           => TYPE_STR
    
));

    
// instanciate the data manager class
    
$userdata =& datamanager_init('user'$vbulletinERRTYPE_STANDARD);
    
$userdata->set_existing($vbulletin->userinfo);

    (
$hook vBulletinHook::fetch_hook('profile_updatepassword_start')) ? eval($hook) : false;

    
// validate old password
    
if ($userdata->hash_password($userdata->verify_md5($vbulletin->GPC['currentpassword_md5']) ? $vbulletin->GPC['currentpassword_md5'] : $vbulletin->GPC['currentpassword'], $vbulletin->userinfo['salt']) != $vbulletin->userinfo['password'])
    {
        eval(
standard_error(fetch_error('badpassword'$vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'])));
    }

    
// update password
    
if (!empty($vbulletin->GPC['newpassword']) OR !empty($vbulletin->GPC['newpassword_md5']))
    {
        
// are we using javascript-hashed password strings?
        
if ($userdata->verify_md5($vbulletin->GPC['newpassword_md5']))
        {
            
$vbulletin->GPC['newpassword'] =& $vbulletin->GPC['newpassword_md5'];
            
$vbulletin->GPC['newpasswordconfirm'] =& $vbulletin->GPC['newpasswordconfirm_md5'];
        }
        else
        {
            
$vbulletin->GPC['newpassword'] =& md5($vbulletin->GPC['newpassword']);
            
$vbulletin->GPC['newpasswordconfirm'] =& md5($vbulletin->GPC['newpasswordconfirm']);
        }

        
// check that new passwords match
        
if ($vbulletin->GPC['newpassword'] != $vbulletin->GPC['newpasswordconfirm'])
        {
            eval(
standard_error(fetch_error('passwordmismatch')));
        } 

My code is parsed at that hook location.

This is empty:
PHP Code:

$vbulletin->GPC['newpassword'

and...
PHP Code:

$vbulletin->GPC['newpasswordconfirm'

But this is not:

PHP Code:

$vbulletin->GPC['newpassword_md5'

The hook executes before:

PHP Code:

    if (!empty($vbulletin->GPC['newpassword']) OR !empty($vbulletin->GPC['newpassword_md5']))
    {
        
// are we using javascript-hashed password strings?
        
if ($userdata->verify_md5($vbulletin->GPC['newpassword_md5']))
        {
            
$vbulletin->GPC['newpassword'] =& $vbulletin->GPC['newpassword_md5']; 

So how is that string empty? It doesn't make any since to me

--------------- Added [DATE]1242606969[/DATE] at [TIME]1242606969[/TIME] ---------------

I figured it out after heavy investigating. Javascript in the modifypassword template was actually doing the conversion to submit to the forum as a hashed password thus not sending the clear text password.

Hope this helps anyone else who may need to accomplish the same thing in the future.


All times are GMT. The time now is 08:50 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01137 seconds
  • Memory Usage 1,751KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (3)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete