Hi,

I don't if this is the right forum. If it's not, i apologize and please move to the right/apropriate forum.

Im setting up a website (on the same domain [subdomain]) outside the forum directory and i want to share cookies and sessions BUT without including the vB global.php file.

I don't like the idea of including the global.php because there is to much complexity in the vB functions/classes structures that i don't really need. I want to eliminate any overhead by just sharing the sessions and the cookies. Anyone tried this before?

Do i need really to code a custom sessions.php or is there something i can do with the vB API's

I really need this, please please please, any help is appreciated.

Grtz,
Hidjra

You'll probably need quite a few files regardless of including global.php.

The minimum would be class_core.php, and initialise at least vB_Session. (which will probably need the database class as well as the registry class)

You'll probably need quite a few files regardless of including global.php.

The minimum would be class_core.php, and initialise at least vB_Session. (which will probably need the database class as well as the registry class)

I'm not an advanced coder so i don't even know where to start. Has anyone done this before or maybe an existing hack that has some similarity?

Grtz,
Hidjra

IF you're not an advanced coder, the best (and really only solution) will be to include global.php

Doing it any other way is quite a hard road.

What do you mean by "share the cookies and sessions", what exactly is it you want to do ?

What do you mean by "share the cookies and sessions", what exactly is it you want to do ?

We have different websites on the same domain, and because our forum has over 90.000 members we want members to be able to browse all the websites by using there vb username and password.

So basicly i'm trying to include the vb userinfo in a nonvb environment. I want members to be able to login to vb without leaving the nonvb page and to stay logged in while browsing outside of vb. We also want people browsing on nonvb pages to be counted in the loggedin users thingy.

Any help is appreciated :)

Grtz,
Hidjra

No one any ideas?

I'm looking for this too. I want to restrict guest access to non-vB pages of my site. For example, I want them to be redirected to the forum login page if they are not logged in and want to view my glossary.

I don't want to include global.php, because it contains a lot of code (and includes other files) that I do not need.

I'll probably end up hacking global.php to bits and pieces to get only the vital code, but thought I'd check here first.

No one any ideas?

When you say "different" sites on your domain do you mean something like "SiteA.domain.com", "SiteB.domain.com" and "SiteC.domain.com"? (All sites point to the same domain)

In vB options, how did you set your Cookie domain?

I'm looking for this too. I want to restrict guest access to non-vB pages of my site. For example, I want them to be redirected to the forum login page if they are not logged in and want to view my glossary.


I could be off the mark but maybe something like this:


<?php
if (!$vbulletin->userinfo['userid'])
{
header("Location: http://www.whatever_page.com/");
exit;
}
?>

When you say "different" sites on your domain do you mean something like "SiteA.domain.com", "SiteB.domain.com" and "SiteC.domain.com"? (All sites point to the same domain)

In vB options, how did you set your Cookie domain?

Yes, that's what i mean. The cookie domain is .domain.com

The cookies are all working without any problems.

Grtz,
Hidjra

If you've set the cookies to point at "/domain.com" then a central login is workable. I've taken and modified bits of code to make things work but as merk mentioned I found using ./global.php is very convenient. I haven't noticed a significant performance hit; my members as well except when the server glitches but that's an entirely different issue.

If you've set the cookies to point at "/domain.com" then a central login is workable. I've taken and modified bits of code to make things work but as merk mentioned I found using ./global.php is very convenient. I haven't noticed a significant performance hit; my members as well except when the server glitches but that's an entirely different issue.


I tried to include .global.php of to integrate with other application, some work ok, some conflict with the cookies of the applications itself. It's always good if you could use the global.php file, but it doesn't work everytime.

i wrote this code to do exactly what i stated above. I'm just not sure this is the best way for doing this. Could some one have a look at this?

// copied from vb3.5 gold
function fetch_alt_ip()
{
if (isset($_SERVER['HTTP_CLIENT_IP']))
{
$alt_ip = $_SERVER['HTTP_CLIENT_IP'];
}
else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3 }#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $matches))
{
// make sure we dont pick up an internal IP defined by RFC1918
foreach ($matches[0] AS $ip)
{
if (!preg_match("#^(10|172\.16|192\.168)\.#", $ip))
{
$alt_ip = $ip;
break;
}
}
}
else if (isset($_SERVER['HTTP_FROM']))
{
$alt_ip = $_SERVER['HTTP_FROM'];
}
else
{
$alt_ip = $_SERVER['REMOTE_ADDR'];
}

return $alt_ip;
}

// define vars
define('COOKIE_SALT', 'blablablabla');
$alt_ip = fetch_alt_ip();
define('ALT_IP', $alt_ip);
define('IPADDRESS', $_SERVER['REMOTE_ADDR']);


if($_COOKIE['bbsessionhash']){
//check if cookie exists
$sessionhash = $_COOKIE['bbsessionhash'];
}elseif($_REQUEST['s']){
// check session in request
$sessionhash = $_REQUEST['s'];
}else{
// no cookie and no session, use vb engine en redirect
chdir('/xx/xx/xxx/forums');
require('./global.php');
header("Location: " .str_replace('.php', '.php' .$vbulletin->session->vars['sessionurl_q']. '&amp;', $_SERVER['PHP_SELF']));
}

define('SESSION_IDHASH', md5($_SERVER['HTTP_USER_AGENT'] . ALT_IP ));
define('SESSION_HOST', substr(IPADDRESS, 0, 15));
define('USER_AGENT', $_SERVER['HTTP_USER_AGENT']);

$cookietime = intval(time() - 900);
$sessie = $DB_site->query_first("SELECT * FROM session WHERE sessionhash = '$sessionhash' AND lastactivity > '$cookietime' AND host = '" .SESSION_HOST. "' AND idhash = '" .SESSION_IDHASH. "' AND useragent='" .USER_AGENT. "'");

if(($_COOKIE['bbuserid']) AND ($_COOKIE['bbpassword'])){
$getuser = $DB_site->query("SELECT * FROM user WHERE userid = '$_COOKIE[bbuserid]'");
$user = $DB_site->fetch_array($getuser);
if($_COOKIE['bbpassword'] == md5($user['password'] . COOKIE_SALT)){
$user['logouthash'] = md5($user['userid'] . $user['salt'] . COOKIE_SALT);
$bbuserinfo = $user;
}
}elseif($sessie['userid']){
$getuser = $DB_site->query("SELECT * FROM user WHERE userid = '$sessie[userid]'");
$user = $DB_site->fetch_array($getuser);
$user['logouthash'] = md5($user['userid'] . $user['salt'] . COOKIE_SALT);
$bbuserinfo = $user;
}

$DB_site->query("UPDATE session SET lastactivity = '" .time(). "' WHERE sessionhash = '$sessionhash'");
if($bbuserinfo['userid']>0){
$DB_site->query("UPDATE user SET lastactivity = '" .time(). "' WHERE userid = '$bbuserinfo[userid]'");
}