Hello,

I hope someone can help me out with this.

I have two sites... www.mysite.com running html and asp and forum.mysite.com running php.

I would like to authenticate some of the pages on the main site with the forum. I know that when person logs in to the forum a cookie is created on the system.

Here is the question, does anyone have ASP code that would check to see if the person is logged in, if so the script should allow displaying of the content and if not it should redirect the person to the login screen on forum.mysite.com.

I don't think that this should be hard to write, but I don't have enough experience to acomplish this. I think this would be a great mod.

Any help would be very much apreciated!

Regards,

JarekN

Anyone???

Don't bump a thread until 24 hours later. Thank you.

I don't know anything of ASP, but the cookies you'll need are
- bbuserid (the User's ID)
- bbpassword = md5(concat(password, 'LicenseNo'))

Where LicenseNo is your vB License Number and password the value from vB's user table which is actually md5(concat(md5(password), salt)).

In the past I have used...

setcookie("bbuserid","-1", time()-(3600 *24*7*365),"/","domain.com");
setcookie("bbpassword","-1", time()-(3600 *24*7*365),"/","domain.com");

In VB3 this dosent work, do I just change it to:

setcookie("bbuserid","-1", time()-(3600 *24*7*365),"/","domain.com");
setcookie("bbpassword","-1", time()-(3600 *24*7*365),"/","domain.com",LICENCENO);

No ... at least I think this isn't correct.

Do you want to verify that the cookies are correct or do you want to set cookies?

If you want to set cookies then it should be smth. like this (in PHP):

setcookie('bbuserid', $userid, time() + 60 * 60 * 24 * 365, '/', 'domain.com');
setcookie('bbpassword', md5($password . 'FOOBAR'), time() + 60 * 60 * 24 * 365, '/', 'domain.com');


Where $userid is the user id, $password is md5(md5('password') . $salt) and FOOBAR is your vB License Number.

No ... at least I think this isn't correct.

Do you want to verify that the cookies are correct or do you want to set cookies?

If you want to set cookies then it should be smth. like this (in PHP):

setcookie('bbuserid', $userid, time() + 60 * 60 * 24 * 365, '/', 'domain.com');
setcookie('bbpassword', md5($password . 'FOOBAR'), time() + 60 * 60 * 24 * 365, '/', 'domain.com');


Where $userid is the user id, $password is md5(md5('password') . $salt) and FOOBAR is your vB License Number.
Duh I posted the incorrect code ;(


setcookie("bbuserid", $row["player_id"], time()+(3600 *24*7*365),"/","domain.com");
setcookie("bbpassword", $row["player_password"], time()+(3600 *24*7*365),"/","domain.com");


This is what I have currently, The $row["player_password"] is already in MD5 format ....
Do I need to MD5 phase the license key?

What exactly is $row["player_password"], the value of column password in vB user table?

Then you would have to call

setcookie("bbpassword", md5($row["player_password"] . 'LICENSENO'), time()+(3600 *24*365),"/","domain.com");

What exactly is $row["player_password"], the value of column password in vB user table?

Then you would have to call

setcookie("bbpassword", md5($row["player_password"] . 'LICENSENO'), time()+(3600 *24*365),"/","domain.com");

That is the MD5 password from our database, non VB ....

.....so e.g. $row["player_password"] = "4hg5h345y345bhbh35345"

Thanks Kirby I have got it to work....

Regards,
-Shazzy

Hello KirbyDE,

I hope you can help me out,

So how would I go about checking to see if the user is logged in and if he's not how can I redirect him to the login page.

My main site is at www.domain.com (IIS running HTML and ASP) and vBulleting is at forum.domain.com (PHP).

Your help would be very much apreciated.



No ... at least I think this isn't correct.

Do you want to verify that the cookies are correct or do you want to set cookies?

If you want to set cookies then it should be smth. like this (in PHP):

setcookie('bbuserid', $userid, time() + 60 * 60 * 24 * 365, '/', 'domain.com');
setcookie('bbpassword', md5($password . 'FOOBAR'), time() + 60 * 60 * 24 * 365, '/', 'domain.com');


Where $userid is the user id, $password is md5(md5('password') . $salt) and FOOBAR is your vB License Number.

You would have to check if both cookies (bbuserid and bbpassword) exist and if they are valid.
To do so you must query the vB user table for the given userid and check if md5(concat(password, 'LicenseNo')) is the same as the value of cookie bbpassword.
If not perform a header-redirect to login.php.

Unfortunately I can't give you code-examples as I don't know anything about ASP.

Hello,

I know I can check for cookies in ASP, but there is no way for me to check if the password cookie is = to the password in the db.

Is there anything else I can do? or can I just asume that the if both cookies (user and password) exist that the user is valid?

Hello,

I know I can check for cookies in ASP, but there is no way for me to check if the password cookie is = to the password in the db.

Why not? I am not familiar with ASP but it should be possible to access a mySQL-Server with ASP through myODBC.

> Is there anything else I can do?
No. You must query the database.

The password is encrypted, how can I go about checking it to see if it is valid... would the password in the DB be the same as in the cookie and if so I guess I could just see if the dbpswd=cookiepswd .

Has anyone else done anything within ASP?

As I already posted earlier, cookie bbpassword ist md5(concat(password, 'LicenseNo')) where LicenseNo is your vB license number and password is the value form the database.