vb.org Archive - Delayed Email Verification Hack (DEV)

This hack allows newly registered users awaiting email activation to use the forums, but then restricts them from logging in after a certain period of time and informing them that the time limit has passed.

My forum is designed for a close community of students, but I still want email verification to prevent abuse. But my forum isn't established yet, and I don't want to scare people off by forcing them to check their email. I would like them to check out the forums and get used to them for a while before forcing them to do more work. So I've made this hack that should allow for a delay in email verification of one day.

Two files need to be modified and an extra phrase must be added.

There are some flaws: In theory because this only restricts login, someone could stay logged on past the grace period, but a higher degree of rigour restricting this exploit would not be appropriate for a delayed email verification anyways.

I've been programming for approximate 1 day. If anyone can teach me how to write admincp functions that allow some customization over the grace periods, or teach me how write a program to install this hack that would be great.

Replace this code in /login.php

Code:

if (!verify_authentication($username, $password, $md5password, $md5password_utf, true))

        {

                // check password

                exec_strike_user($bbuserinfo['username']);



                if ($logintype === 'cplogin' OR $logintype === 'modcplogin')

                {

                        // log this error if attempting to access the control panel

                        require_once('./includes/functions_log_error.php');

                        log_vbulletin_error($username, 'security');

                }

                $bbuserinfo = array(

                        'userid' => 0,

                        'usergroupid' => 1

                );

                eval(print_standard_error('error_badlogin'));

        }

With

Code:

if (!verify_authentication($username, $password, $md5password, $md5password_utf, true))

        {

                // check password

                exec_strike_user($bbuserinfo['username']);



                if ($logintype === 'cplogin' OR $logintype === 'modcplogin')

                {

                        // log this error if attempting to access the control panel

                        require_once('./includes/functions_log_error.php');

                        log_vbulletin_error($username, 'security');

                }

                //normally only failed password, now there is the possibility of expired grace period

                //new error given if variables used in grace period checking are active

                if($bbuserinfo['joindate'] == 1984)

                {

                        $bbuserinfo = array(

                        'userid' => 0,

                        'usergroupid' => 1

                );

                        eval(print_standard_error('error_expired_grace_verification'));

                }

                else

                {

                        $bbuserinfo = array(

                        'userid' => 0,

                        'usergroupid' => 1

                );

                        eval(print_standard_error('error_badlogin'));

                }

        }

In includes/functions_login.php...

Insert before

Code:

if ($send_cookies)

(approximate line 147)
With this this code :

Code:

//check to see if user need verification

                elseif($bbuserinfo['usergroupid'] == 3)

                {

           // Calculate days since joining

                $bbuserinfo = $DB_site->query_first("SELECT joindate FROM " . TABLE_PREFIX . "user WHERE username = '" . $bbuserinfo['username'] . "'");

                $currentday = time();

                $dayspassed = ($currentday - $bbuserinfo[joindate])/(60*60*24);

//this is where grace period is controlled enter a number in days after the >=

                        if($dayspassed >= 1)

                        {

                                $bbuserinfo['joindate'] = 1984; //used for verifying type of error

                                return false;

                                

                        }

                }

Finally you need to do an SQL to add this new error phrase:

UPDATE `phrase` SET `text` = 'You may not login to the forums over one day after registering without activating your account. <br><br>

Activation should be easy. Please check your email to find the instructions to activate your account.
<br><br>
If you''re still having problems, please contact the administrator of the board at $vboptions[webmasteremail].' WHERE `phraseid` = '12302' LIMIT 1;

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01051 seconds Memory Usage 1,724KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (4)bbcode_code_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (2)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: