I'm in the process of writing a portal that will be connected to our existing vb and share authentication. But i can't figure out what the password value in the cookie is, i assume it's some sort of extra authentication besides the userid but i can't find it's hash in the database.

If its already connected to your vB doesn't that mean you are already including global.php from the forum directory? If so you shouldn't need to use information from the cookies and instead just check if $vbulletin->userinfo['userid'] == 0 to check if they are logged in or not.

If its already connected to your vB doesn't that mean you are already including global.php from the forum directory? If so you shouldn't need to use information from the cookies and instead just check if $vbulletin->userinfo['userid'] == 0 to check if they are logged in or not.

That's nice, i had no idea it was that easy.

I'm afraid i'd still like to know how this hash is calculated though. Because i know the logouthash is calculated from the cookie secret, salt and userid but i can't find out how this one is created.

The thing is that i only need the authentication part, i just need to see if they're logged in or not then i'll get the info i need from the database myself. Beucase the portal is in a totally different location from the message board on the server it would be unpractical to copy a bunch of vbulletin files there just to connect them when i could do it myself in so little code.

But now that i know that you can connect your app with vbulletin that easy i might just think about copying files over, or maybe moving the portal to the message board directories. It's just kinda complicated because the portal will be stand alone apart from the administration interface where one user will login using his vb credentials, and the comments which you will need to be logged in to use. Other than that i'll be writing huge ammounts of code that have nothing to do with vbulletin and need their own large directory structure, it would be cumbersome to have them among a bunch of vbulletin files.

But now that i know that you can connect your app with vbulletin that easy i might just think about copying files over, or maybe moving the portal to the message board directories. It's just kinda complicated because the portal will be stand alone apart from the administration interface where one user will login using his vb credentials, and the comments which you will need to be logged in to use. Other than that i'll be writing huge ammounts of code that have nothing to do with vbulletin and need their own large directory structure, it would be cumbersome to have them among a bunch of vbulletin files.

vBulletin already has a lot of backend code which you can manipulate in your portal, such as the datamanagers, database and input classes.

You can always use the back-end code and just include global.php. (Not that much need to put the files in the vBulletin folders) and then include admincp/global.php for the ACP files :p

$password = md5(md5($password) . $salt);

$logouthash = md5($userid . $salt . $license);

setcookie(COOKIE_PREFIX . 'userid', $userid, time() + 14400);
setcookie(COOKIE_PREFIX . 'password', md5($password . $license), time() + 14400);

If you would have a directory structure like:

/root/
/root/MyApp
/root/vBulletin

Then you could easily use the vBulletin files in your own application.

In your application:
cd ../vBulletin
include global.php
cd ../MyApp
...the rest of your code...

$password = md5(md5($password) . $salt);

$logouthash = md5($userid . $salt . $license);

setcookie(COOKIE_PREFIX . 'userid', $userid, time() + 14400);
setcookie(COOKIE_PREFIX . 'password', md5($password . $license), time() + 14400);

Thank you! Also i thought the logouthash was userid, passwordmd5 and some sort of cookie secret constant i found defined, i was maybe wrong then.

To all you who still think i should include global.php, doesn't that require me to copy a whole lot of other files so my app can see them? For example init.php, config.inc.php and so on, all files included indirectly by global.php, right?

I'm reluctant to copy too many files from vbulletin into the app directory because at each update i would have to do it again. Also all i needed was the password hash from the cookie so now i can authenticate the user and take it from there because the message board and the portal will share a database, with different table prefixes. It just seems easier to do it this way so far, i tried including global.php but sure enough i needed all the other files included by global.php.

No, all you need would be this in your custom files.
$curdir = getcwd();
chdir('./forums');
require_once('./global.php');
chdir($curdir);

No, all you need would be this in your custom files.
$curdir = getcwd();
chdir('./forums');
require_once('./global.php');
chdir($curdir);

Thanks for that tip, sorry i'm late but when i try that it still tries to include from the app directory.

I have this structure, vbulletin is directly in public_html, the web root. The app i'm writing is in a subdirectory of public_html called new. So i do your code but i only do chdir('..'); and i get the error Warning: require_once(/usr/home/foo_bar/public_html/new/includes/init.php) failed to open stream and so forth. You get the idea, basically it's including from the wrong directory.

Edit: I'm sorry, this was my fault and i discovered why now.