Version: 1.00, by CharlesHe
Developer Last Online: Oct 2006
Version: 3.0.8
Rating:
Released: 08-24-2005
Last Update: Never
Installs: 1
No support by the author.
This hack allows newly registered users awaiting email activation to use the forums, but then restricts them from logging in after a certain period of time and informing them that the time limit has passed.
My forum is designed for a close community of students, but I still want email verification to prevent abuse. But my forum isn't established yet, and I don't want to scare people off by forcing them to check their email. I would like them to check out the forums and get used to them for a while before forcing them to do more work. So I've made this hack that should allow for a delay in email verification of one day.
Two files need to be modified and an extra phrase must be added.
There are some flaws: In theory because this only restricts login, someone could stay logged on past the grace period, but a higher degree of rigour restricting this exploit would not be appropriate for a delayed email verification anyways.
I've been programming for approximate 1 day. If anyone can teach me how to write admincp functions that allow some customization over the grace periods, or teach me how write a program to install this hack that would be great.
Replace this code in /login.php
Code:
if (!verify_authentication($username, $password, $md5password, $md5password_utf, true))
{
// check password
exec_strike_user($bbuserinfo['username']);
if ($logintype === 'cplogin' OR $logintype === 'modcplogin')
{
// log this error if attempting to access the control panel
require_once('./includes/functions_log_error.php');
log_vbulletin_error($username, 'security');
}
$bbuserinfo = array(
'userid' => 0,
'usergroupid' => 1
);
eval(print_standard_error('error_badlogin'));
}
With
Code:
if (!verify_authentication($username, $password, $md5password, $md5password_utf, true))
{
// check password
exec_strike_user($bbuserinfo['username']);
if ($logintype === 'cplogin' OR $logintype === 'modcplogin')
{
// log this error if attempting to access the control panel
require_once('./includes/functions_log_error.php');
log_vbulletin_error($username, 'security');
}
//normally only failed password, now there is the possibility of expired grace period
//new error given if variables used in grace period checking are active
if($bbuserinfo['joindate'] == 1984)
{
$bbuserinfo = array(
'userid' => 0,
'usergroupid' => 1
);
eval(print_standard_error('error_expired_grace_verification'));
}
else
{
$bbuserinfo = array(
'userid' => 0,
'usergroupid' => 1
);
eval(print_standard_error('error_badlogin'));
}
}
In includes/functions_login.php...
Insert before
Code:
if ($send_cookies)
(approximate line 147)
With this this code :
Code:
//check to see if user need verification
elseif($bbuserinfo['usergroupid'] == 3)
{
// Calculate days since joining
$bbuserinfo = $DB_site->query_first("SELECT joindate FROM " . TABLE_PREFIX . "user WHERE username = '" . $bbuserinfo['username'] . "'");
$currentday = time();
$dayspassed = ($currentday - $bbuserinfo[joindate])/(60*60*24);
//this is where grace period is controlled enter a number in days after the >=
if($dayspassed >= 1)
{
$bbuserinfo['joindate'] = 1984; //used for verifying type of error
return false;
}
}
Finally you need to do an SQL to add this new error phrase:
UPDATE `phrase` SET `text` = 'You may not login to the forums over one day after registering without activating your account. <br><br>
Activation should be easy. Please check your email to find the instructions to activate your account.
<br><br>
If you''re still having problems, please contact the administrator of the board at $vboptions[webmasteremail].' WHERE `phraseid` = '12302' LIMIT 1;
Show Your Support
This modification may not be copied, reproduced or published elsewhere without author's permission.
Delayed Email Verification Hack (DEV) Details »»
About Developer
Visit Web Site
No support by the author.
