I have a custom developed addon for vBulletin that currently ties into the user table so users are able to enter their current username and passwords into the application login form to log themselves in and edit the information this modification contains.

One small problem we are having is, that users have to login both at the forums and the modification. Is there any easy way to share the cookie between them, or another way so users won't have to login twice

If they are both on the same domain, you just get vBulletin to set the cookies for your site, and vice versa.

They are, do I also need to include global.php in the php files as well?

There is no need for that - all you have to do is replicate the cookies that vBulletin sets on login (see login.php).

// ############################### start do login ###############################
// this was a _REQUEST action but where do we all login via request?
if ($_POST['do'] == 'login')
{
$vbulletin->input->clean_array_gpc('p', array(
'vb_login_username' => TYPE_STR,
'vb_login_password' => TYPE_STR,
'vb_login_md5password' => TYPE_STR,
'vb_login_md5password_utf' => TYPE_STR,
'postvars' => TYPE_BINARY,
'cookieuser' => TYPE_BOOL,
'logintype' => TYPE_STR,
'cssprefs' => TYPE_STR,
));

// can the user login?
$strikes = verify_strike_status($vbulletin->GPC['vb_login_username']);

if ($vbulletin->GPC['vb_login_username'] == '')
{
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
}

// make sure our user info stays as whoever we were (for example, we might be logged in via cookies already)
$original_userinfo = $vbulletin->userinfo;

if (!verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['vb_login_password'], $vbulletin->GPC['vb_login_md5password'], $vbulletin->GPC['vb_login_md5password_utf'], $vbulletin->GPC['cookieuser'], true))
{
($hook = vBulletinHook::fetch_hook('login_failure')) ? eval($hook) : false;

// check password
exec_strike_user($vbulletin->userinfo['username']);

if ($vbulletin->GPC['logintype'] === 'cplogin' OR $vbulletin->GPC['logintype'] === 'modcplogin')
{
// log this error if attempting to access the control panel
require_once(DIR . '/includes/functions_log_error.php');
log_vbulletin_error($vbulletin->GPC['vb_login_username'], 'security');
}
$vbulletin->userinfo = $original_userinfo;

if ($vbulletin->options['usestrikesystem'])
{
eval(standard_error(fetch_error('badlogin_strikes' , $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
}
else
{
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'])));
}
}

exec_unstrike_user($vbulletin->GPC['vb_login_username']);

// create new session
process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);

// do redirect
do_login_redirect();

}
else if ($_GET['do'] == 'login')
{
// add consistency with previous behavior
exec_header_redirect($vbulletin->options['forumhome'] . '.php');
}


Thats the part that deals with the cookies right?

Thanks for your help, this should get us at least on the correct path again

Also look in functions_login.php, as login.php refers to functions in that file.