Thanks for the reply here's the code:
<?phpif(!defined('IN_SUBDREAMER')) die('Hacking attempt!');// ###################### START WITH SESSION NOT CREATED #######################$sessioncreated = false;// ############################## FORUM SETTINGS ###############################$tableprefix = $usersystem['tblprefix'];$cookietimeout = $usersystem['cookietimeout'];$cookieprefix = $usersystem['cookieprefix'];$cookiedomain = '';$cookiepath = '/';//$vblicensenumber = $usersystem['extra']; // the extra column holds vb3's license number// ####################### FIX VBULLETIN 3 COOKIE PREFIX #######################// vbulletin 3 defaults to bb if a cookieprefix is blank, strange... but whatever!$cookieprefix = strlen($cookieprefix) ? $cookieprefix : 'bb';// ####################### GET VBULLETIN 3 SESSION LIMIT #######################// updating to the vbulletin3's session table will not take place if the limit has been reached$getsessionlimit = $DB->query_first("SELECT value FROM " . $tableprefix . "setting WHERE varname = 'sessionlimit'");$sessionlimit = $getsessionlimit['value']; // this value should be store in $usersystem['extra'], wasted query imo// ################################ FIND ALT IP ################################if(isset($_SERVER['HTTP_CLIENT_IP'])){ define('ALT_IP', $_SERVER['HTTP_CLIENT_IP']);}else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $matches)){ foreach($matches[0] AS $ip) { if(!preg_match("#^(10|172\.16|192\.168)\.#", $ip)) { define('ALT_IP', $ip); break; } }}else if(isset($_SERVER['HTTP_FROM'])){ define('ALT_IP', $_SERVER['HTTP_FROM']);}else{ define('ALT_IP', $_SERVER['REMOTE_ADDR']);}// ################################## DEFINES ##################################define('SESSION_IDHASH', md5($_SERVER['HTTP_USER_AGENT'] . ALT_IP )); // this should *never* change during a sessiondefine('USER_AGENT', $_SERVER['HTTP_USER_AGENT']);define('IPADDRESS', $_SERVER['REMOTE_ADDR']);define('SESSION_HOST', substr(IPADDRESS, 0, 15));// ############################### CREATE COOKIE ###############################function CreateCookie($name, $value = '', $permanent = 1){ global $_SERVER, $cookieprefix, $cookiepath, $cookiedomain; $name = $cookieprefix . $name; $expire = $permanent ? (TIMENOW + 60 * 60 * 24 * 365) : 0; $secure = $_SERVER['SERVER_PORT'] == '443' ? 1 : 0; // secure(1) = using SSL setcookie($name, $value, $expire, $cookiepath, $cookiedomain, $secure);}// ############################ CREATE SESSION HASH ############################function CreateSessionHash(){ return md5(TIMENOW . SESSION_IDHASH . SESSION_HOST . rand(1, 1000000));}// ############################## CREATE SESSION ###############################function CreateSession($userid = 0){ global $DB, $sessionlimit, $sessioncreated, $tableprefix; // setup the session $session = array('sessionhash' => CreateSessionHash(), 'userid' => intval($userid), 'host' => SESSION_HOST, 'useragent' => USER_AGENT, 'idhash' => SESSION_IDHASH, 'lastactivity' => TIMENOW); // return the session if the sessionlimit has exceeded if($sessionlimit > 0) { $sessions = $DB->query_first("SELECT COUNT(*) AS sessioncount FROM " . $tableprefix . "session"); if($sessions['sessioncount'] > $sessionlimit) { return $session; } } // return if we are logging in our logging out (since logging in and out already creates sessions) if(isset($_POST['login']) || isset($_GET['logout'])) { return; } // insert the session into the database $DB->query("INSERT INTO " . $tableprefix . "session (sessionhash, userid, host, useragent, idhash, lastactivity) VALUES ('" . addslashes($session['sessionhash']) . "', $session[userid], '" . addslashes($session['host']) . "', '" . addslashes($session['useragent']) . "', '" . addslashes($session['idhash']) . "', $session[lastactivity])"); // save the sessionhash CreateCookie('sessionhash', $session['sessionhash'], 0); // set sessioncreated to true so that we don't update this session later on in the script // (because it was just created) $sessioncreated = true; return $session;}// ######################### UPDATE LAST VISIT/ACTIVITY ########################function UpdateLastActivity($userid){ global $DB, $cookietimeout, $tableprefix; $lastactivity = $DB->query_first("SELECT lastactivity FROM " . $tableprefix . "user WHERE userid = $userid"); if (TIMENOW - $lastactivity[0] > $cookietimeout) { $DB->query("UPDATE " . $tableprefix . "user SET lastvisit = lastactivity, lastactivity = " . TIMENOW . " WHERE userid = $userid"); } else { $DB->query("UPDATE " . $tableprefix . "user SET lastactivity = " . TIMENOW . " WHERE userid = $userid"); }}// ############################# FIND SESSION HASH #############################if(!empty($_POST['s'])){ $sessionhash = $_POST['s'];}else if(!empty($_GET['s'])){ $sessionhash = $_GET['s'];}else{ $sessionhash = isset($_COOKIE[$cookieprefix . 'sessionhash']) ? $_COOKIE[$cookieprefix . 'sessionhash'] : $_COOKIE['sessionhash'];}// ############################# CONTINUE SESSION ##############################if(!empty($sessionhash)){ $session = $DB->query_first("SELECT * FROM " . $tableprefix . "session WHERE sessionhash = '" . addslashes(trim($sessionhash)) . "' AND lastactivity > " . (TIMENOW - $cookietimeout) . " AND host = '" . addslashes(SESSION_HOST) . "' AND idhash = '" . addslashes(SESSION_IDHASH) . "'");}// ############################### COOKIE LOGIN ################################// session has expired or does not exist, but the user might still have a userid and password cookies set:if(empty($session) OR $session['userid'] == 0){ if(!empty($_COOKIE[$cookieprefix . 'userid']) AND !empty($_COOKIE[$cookieprefix . 'password']) AND is_numeric($_COOKIE[$cookieprefix . 'userid'])) { $eraseusercookie = false; if($user = $DB->query_first("SELECT userid, password FROM " . $tableprefix . "user WHERE userid = '" . $_COOKIE[$cookieprefix . 'userid'] . "' LIMIT 1")) { if(md5($user['password']) == $_COOKIE[$cookieprefix . 'password']) { // combination is valid, // delete the old session hash and create a new one if(strlen($session['sessionhash'])) { // old session still exists; kill it $DB->query("DELETE FROM " . $tableprefix . "session WHERE sessionhash = '" . addslashes($session['sessionhash']). "' LIMIT 1"); } $session = CreateSession($user['userid']); } else { $eraseusercookie = true; } } else { $eraseusercookie = true; } if($eraseusercookie) { // cookie has false information *or maybe the user was deleted*, delete the cookies: CreateCookie('userid', '', 1); CreateCookie('password', '', 1); } }}// ########################### CREATE GUEST SESSION ############################if(empty($session)){ // still no session. the user is a guest, so try to find this guest's session $session = $DB->query_first("SELECT * FROM " . $tableprefix . "session WHERE userid = 0 AND host = '" . addslashes(SESSION_HOST) . "' AND idhash = '" . addslashes(SESSION_IDHASH) . "' LIMIT 1"); // still no session found, create a new one for the guest: if(empty($session)) { $session = CreateSession(0); }}// ############################ SETUP USER VARIABLE ############################if($session['userid'] == 0){ // fill in guest userinfo for subdreamer $user = array('userid' => 0, 'usergroupids' => 1, // vBulletin 3 - Unregistered / Not Logged In 'username' => '', 'loggedin' => 0, 'email' => '', 'timezoneoffset' => 0, 'dstonoff' => 0, 'dstauto' => 1);}else if($session['userid'] > 0){ $getuser = $DB->query_first("SELECT * FROM " . $tableprefix . "user WHERE userid = $session[userid]"); // fill in member userinfo for subdreamer $user = array('userid' => $getuser['userid'], 'usergroupids' => $getuser['usergroupid'], 'username' => $getuser['username'], 'loggedin' => 1, 'email' => $getuser['email'], 'timezoneoffset' => $getuser['timezoneoffset']); UpdateLastActivity($user['userid']); // bit values: 'dstauto' => 64, 'dstonoff' => 128, $user['dstonoff'] = (128 & $getuser['options']) ? 1 : 0; $user['dstauto'] = (64 & $getuser['options']) ? 1 : 0;}// ############################## UPDATE SESSION ###############################if(!$sessioncreated){ $DB->query("UPDATE " . $tableprefix . "session SET useragent = '" . addslashes(USER_AGENT) . "', lastactivity = " . TIMENOW . " WHERE sessionhash = '" . addslashes($session['sessionhash']) . "'");}// ################################### LOGIN ###################################if(isset($_POST['login'])){ // post data already cleaned $loginusername = $_POST['loginusername']; $loginpassword = $_POST['loginpassword']; if(strlen($loginusername)) { // get userid for given username if($getuser = $DB->query_first("SELECT * FROM " . $tableprefix . "user WHERE username = '" . addslashes($loginusername) . "'")) { if($getuser['password'] != md5(md5($loginpassword) . $getuser['salt']) ) { $loginerrors[] = $sdlanguage['wrong_password']; } else { // fill in member userinfo for subdreamer $user = array('userid' => $getuser['userid'], 'usergroupids' => $getuser['usergroupid'], 'username' => $getuser['username'], 'loggedin' => 1, 'email' => $getuser['email'], 'timezoneoffset' => $getuser['timezoneoffset']); // bit values: 'dstauto' => 64, 'dstonoff' => 128, $user['dstonoff'] = (128 & $getuser['options']) ? 1 : 0; $user['dstauto'] = (64 & $getuser['options']) ? 1 : 0; // a sessionhash was created before user logged in, so delete this sessionhash and create a new one $DB->query("DELETE FROM " . $tableprefix . "session WHERE sessionhash = '" . addslashes($session['sessionhash']) . "' LIMIT 1"); // insert new session $session['sessionhash'] = CreateSessionHash(); $DB->query("INSERT INTO " . $tableprefix . "session (sessionhash, userid, host, idhash, lastactivity, loggedin, useragent) VALUES ('" . addslashes($session['sessionhash']) . "', " . intval($getuser['userid']) . ", '" . addslashes(SESSION_HOST) . "', '" . addslashes(SESSION_IDHASH) . "', " . TIMENOW . ", 1, '" . addslashes(USER_AGENT) . "') "); // save the sessionhash in the cookie CreateCookie('sessionhash', $session['sessionhash'], 1); // save the userid and password if the user has selected the 'remember me' option if($_POST['rememberme']) { CreateCookie('userid', $getuser['userid'], 1); CreateCookie('password', md5($getuser['password']), 1); } } } else { $loginerrors[] = $sdlanguage['wrong_username']; } } else { $loginerrors[] = $sdlanguage['please_enter_username']; }}// ################################## LOGOUT ###################################if(isset($_GET['logout'])){ // clear all cookies beginning with COOKIE_PREFIX $prefix_length = strlen($cookieprefix); foreach($_COOKIE AS $key => $val) { $index = @strpos($key, $cookieprefix); if($index == 0 AND $index !== false) { $key = substr($key, $prefix_length); if(trim($key) == '') { continue; } CreateCookie($key, '', 1); } } if($user['userid'] > 0) { // delete all sessions that match the userid $DB->query("DELETE FROM " . $tableprefix . "session WHERE userid = $user[userid]"); } // delete all sessions that match the sessionhash $DB->query("DELETE FROM " . $tableprefix . "session WHERE sessionhash = '" . addslashes($session['sessionhash']) . "'"); $session['sessionhash'] = CreateSessionHash(); $DB->query("INSERT INTO " . $tableprefix . "session (sessionhash, userid, host, idhash, lastactivity, styleid, useragent) VALUES ('" . addslashes($session['sessionhash']) . "', 0, '" . addslashes($session['host']) . "', '" . addslashes($session['idhash']) . "', " . TIMENOW . ", 0, '" . addslashes(USER_AGENT) . "') "); CreateCookie('sessionhash', $session['sessionhash'], 0); $user = array('userid' => 0, 'usergroupids' => 1, // vBulletin 3 - Unregistered / Not Logged In 'username' => '', 'loggedin' => 0, 'email' => '', 'timezoneoffset' => 0, 'dstonoff' => 0, 'dstauto' => 1);}// ############################ ADD SESSION TO URL? ############################// write the session id/hash if a LOGGED IN USER does not have cookies in the url,if(sizeof($_COOKIE) > 0 OR preg_match("#(google|msnbot|yahoo! slurp)#si", $_SERVER['HTTP_USER_AGENT']) OR $user['userid'] == 0){ $user['sessionurl'] = '';}else if (strlen($session['sessionhash']) > 0){ $user['sessionurl'] = 's=' . $session['sessionhash'];}// ############################ DELETE OLD SESSIONS ############################$DB->query("DELETE FROM " . $tableprefix . "session WHERE lastactivity < " . intval(TIMENOW - $cookietimeout));// ###################### SUBDREAMER USER SETTINGS SETUP #######################$usersettings = array('userid' => $user['userid'], 'usergroupids' => $user['usergroupids'], 'username' => $user['username'], 'loggedin' => $user['loggedin'], 'email' => $user['email'], 'timezoneoffset' => $user['timezoneoffset'], 'dstonoff' => $user['dstonoff'], 'dstauto' => $user['dstauto'], 'sessionurl' => $user['sessionurl']);// ############################## FASHERMAN CODE ###############################// this code is submitted by fred (fasherman) and will help with the development of vbulletin 3 pluginsif($usersettings['userid'] != 0){ $vb3userinfo = $DB->query_first("SELECT * FROM " . $tableprefix . "user WHERE userid = '$usersettings[userid]'"); if(isset($_COOKIE['bbstyleid'])) { $vb3userinfo['styleid'] = $_COOKIE['bbstyleid']; } $vb3userinfo['logouthash'] = md5($vb3userinfo['userid'] . $vb3userinfo['salt']); if($vb3userinfo['styleid'] == 0 ) { $vb3foruminfo = $DB->query_first("SELECT * FROM " . $tableprefix . "setting WHERE varname = 'styleid'"); $vb3userinfo['styleid'] = $vb3foruminfo['value']; } $vb3styleinfo = $DB->query_first("SELECT * FROM " . $tableprefix . "style WHERE styleid = '$vb3userinfo[styleid]'");}else{ $vb3foruminfo = $DB->query_first("SELECT * FROM " . $tableprefix . "setting WHERE varname = 'styleid'"); $vb3styleinfo = $DB->query_first("SELECT * FROM " . $tableprefix . "style WHERE styleid = '$vb3foruminfo[value]'");}$vb3styleinfo['css'] = str_replace("url(images","url(".$sdurl.$usersystem['folderpath']."images", $vb3styleinfo['css']);$vb3stylevar = unserialize($vb3styleinfo['stylevars']);$getvb3settings = $DB->query("SELECT * FROM " . $tableprefix . "setting");while($vb3setting = $DB->fetch_array($getvb3settings)){ $vb3settings[$vb3setting['varname']] = $vb3setting['value'];}$getvb3datastores = $DB->query("SELECT * FROM " . $tableprefix . "datastore");while($vb3datastore = $DB->fetch_array($getvb3datastores)){ $vb3datastores[$vb3datastore['title']] = $vb3datastore['data'];}// ############################## UNSET VARIABLES ##############################unset($user, $session, $sessionhash,);// ############################## USER FUNCTIONS ##############################function IsIPBanned($clientip){ global $DB, $usersystem, $dbname; if($usersystem['dbname'] != $dbname) { // Subdreamer is being integrated with a Forum in a different database $DB->select_db($usersystem['dbname']); $getbanip = $DB->query_first("SELECT value FROM " . $usersystem['tblprefix'] . "setting WHERE varname = 'banip'"); $DB->select_db($dbname); } else { $getbanip = $DB->query_first("SELECT value FROM " . $usersystem['tblprefix'] . "setting WHERE varname = 'banip'"); } $banip = trim($getbanip[0]); /* This isn't the same code as VB because their code has a bug in it :) */ $addresses = explode(' ', preg_replace("/[[:space:]]+/", " ", $banip) ); $clientaddresses = explode('.', $clientip); foreach ($addresses AS $val) { if (strpos(' ' . $clientip, ' ' . trim($val)) !== false) { // Do we have a full match on last octet of ban IP $ban_ip_a = explode(".", trim($val)); if ($ban_ip_a[count($ban_ip_a) - 1] == $clientaddresses[count($ban_ip_a) - 1]) { return true; } } } return false;}// Returns the relevent forum link url// linkType// 1 - Register// 2 - UserCP// 3 - Recover Password// 4 - UserCP (requires $userid)// 5 - SendPM (requires $userid)function ForumLink($linkType, $userid = -1){ global $sdurl, $usersystem; switch($linkType) { case 1: $url = 'register.php'; break; case 2: $url = 'usercp.php'; break; case 3: $url = 'login.php?do=lostpw'; break; case 4: $url = 'member.php?u=' . $userid; break; case 5: $url = 'private.php?do=newpm&u=' . $userid; break; } return $sdurl . $usersystem['folderpath'] . $url;}function ForumAvatar($userid, $username){ global $DB, $dbname, $usersystem, $sdurl; $avatar = ''; // forum information $forumdbname = $usersystem['dbname']; $forumpath = $usersystem['folderpath']; $tableprefix = $usersystem['tblprefix']; // switch to forum database if($dbname != $forumdbname) { $DB->select_db($forumdbname); } if($userid > 0) { $extrasql = 'WHERE user.userid = ' . $userid; } else { $extrasql = 'WHERE user.username = "' . addslashes($username) . '"'; } $ver = $DB->query_first("SELECT value FROM " . $tableprefix . "setting WHERE varname = 'templateversion'"); $version = explode('.', $ver[0]); if($version[0] == 3) { if($version[1] < 5) { $query = "SELECT user.avatarid, user.avatarrevision, avatarpath, NOT ISNULL(avatardata) AS hascustom, customavatar.dateline, user.userid FROM " . $tableprefix . "user AS user LEFT JOIN " . $tableprefix . "avatar AS avatar ON avatar.avatarid = user.avatarid LEFT JOIN " . $tableprefix . "customavatar AS customavatar ON customavatar.userid = user.userid " . $extrasql; } else { $query = "SELECT user.avatarid, user.avatarrevision, avatarpath, NOT ISNULL(filedata) AS hascustom, customavatar.dateline, user.userid FROM " . $tableprefix . "user AS user LEFT JOIN " . $tableprefix . "avatar AS avatar ON avatar.avatarid = user.avatarid LEFT JOIN " . $tableprefix . "customavatar AS customavatar ON customavatar.userid = user.userid " . $extrasql; } } else { echo 'This doesn\'t appear to be vBulletin 3. The version number is ' . $ver[0]; } if ($avatarinfo = $DB->query_first($query)) { if (!empty($avatarinfo['avatarpath'])) { $avatar = '<img alt="avatar" src="' . $sdurl . $forumpath . $avatarinfo['avatarpath'] . '"/>'; } else if ($avatarinfo['hascustom']) { $usefileavatar = $DB->query_first("SELECT value FROM " . $tableprefix . "setting WHERE varname='usefileavatar'"); if(isset($usefileavatar[0]) && $usefileavatar[0]) { $avatarurl = $DB->query_first("SELECT value FROM " . $tableprefix . "setting WHERE varname='avatarurl'"); if(substr($avatarurl[0], 0, 1) == '/') { $avurl = $avatarurl[0]; } else { $avurl = $sdurl . $forumpath . $avatarurl[0]; } $avatar = '<img alt="avatar" src="' . $avurl . '/avatar' . $avatarinfo['userid'] . '_' . $avatarinfo['avatarrevision'] . '.gif" />'; } else { $avatar = '<img alt="avatar" src="' . $sdurl . $forumpath . 'image.php?u=' . $avatarinfo['userid'] . '&dateline=' . $avatarinfo['dateline'] . '"/>'; } } } // switch back to subdreamer database if($dbname != $forumdbname) { $DB->select_db($dbname); } return $avatar;}?>