vb.org Archive - View Single Post

kh99 · #6 10-22-2012, 11:52 AM

Quote:

Originally Posted by NachoTPAO

I want to be able to disable the password recovery function for staff members so that he can't use this method.

You can do that with a plugin. For instance you could do this (using a hook like global_setup_complete):

Code:

if (THIS_SCRIPT == 'login')
{
   $vbulletin->input->clean_gpc('r', 'a', TYPE_STR);
   if ($vbulletin->GPC['a'] == 'pwd' OR $_REQUEST['do'] == 'resetpassword')
   {

	$vbulletin->input->clean_array_gpc('r', array(
		'userid'       => TYPE_UINT,
		'u'            => TYPE_UINT,
		'activationid' => TYPE_STR,
		'i'            => TYPE_STR
	));

	if (!$vbulletin->GPC['userid'])
	{
		$vbulletin->GPC['userid'] = $vbulletin->GPC['u'];
	}

	if (!$vbulletin->GPC['activationid'])
	{
		$vbulletin->GPC['activationid'] = $vbulletin->GPC['i'];
	}

	$userinfo = verify_id('user', $vbulletin->GPC['userid'], 1, 1);

	if (is_member_of($userinfo, 5, 6, 7))
	{
		$user = $db->query_first("
			SELECT activationid, dateline
			FROM " . TABLE_PREFIX . "useractivation
			WHERE type = 1
				AND userid = $userinfo[userid]
		");

		if (!$user)
		{
			// no activation record, probably got back here after a successful request, back to home
			exec_header_redirect($vbulletin->options['forumhome'] . '.php');
		}

		if ($user['dateline'] < (TIMENOW - 24 * 60 * 60))
		{  // is it older than 24 hours?
			eval(standard_error(fetch_error('resetexpired', $vbulletin->session->vars['sessionurl'])));
		}

		if ($user['activationid'] != $vbulletin->GPC['activationid'])
		{ //wrong act id
			eval(standard_error(fetch_error('resetbadid', $vbulletin->session->vars['sessionurl'])));
		}

		// delete old activation id
		$db->query_write("DELETE FROM " . TABLE_PREFIX . "useractivation WHERE userid = $userinfo[userid] AND type = 1");

		$newpassword = fetch_random_password(8);

		eval(fetch_email_phrases('resetpw', $userinfo['languageid']));
		vbmail($userinfo['email'], $subject, $message, true);

		eval(standard_error(fetch_error('resetpw', $vbulletin->session->vars['sessionurl'])));
	}
   }
}

It's just the code that would normally get called when you click on the emailed link, but if you're a member of groups 5, 6, or 7, it does everything except the actual changing of the password. I kind of like that because if someone tries it they'll probably get frustrated wondering why it isn't working. But if you prefer a message saying that you can't do it at all, then you could just do something like this:

Code:

if (THIS_SCRIPT == 'login')
{
   $vbulletin->input->clean_gpc('r', 'a', TYPE_STR);
   if ($vbulletin->GPC['a'] == 'pwd' OR $_REQUEST['do'] == 'resetpassword')
   {
	$vbulletin->input->clean_array_gpc('r', array(
		'userid'       => TYPE_UINT,
		'u'            => TYPE_UINT,
		'activationid' => TYPE_STR,
		'i'            => TYPE_STR
	));

	if (!$vbulletin->GPC['userid'])
	{
		$vbulletin->GPC['userid'] = $vbulletin->GPC['u'];
	}

	$userinfo = verify_id('user', $vbulletin->GPC['userid'], 1, 1);

	if (is_member_of($userinfo, 5, 6, 7))
	{
            eval(standard_error(fetch_error("Forum staff members are not allowed to use this function.")));
        }
   }
}

If you decide to try one of these you'll probably want to test it.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01488 seconds Memory Usage 1,778KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD_SHOWPOST (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_code (1)bbcode_quote (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_box (1)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit_info (1)postbit (1)postbit_onlinestatus (1)postbit_wrapper (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit reputationlevel showthread	Included Files: ./showpost.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showpost_start bbcode_fetch_tags bbcode_create postbit_factory showpost_post postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start showpost_complete
Messages: