Hey All, I recently successfully installed the latest version of VB. That was the easy part. The hard part for me is that I have an existing site-wide login this forum is replacing, so I need to use this forum login and session cookie to do the following across all sub-domains:

Check for and decode the vb cookie that has the login information in it to determine if they are logged in or not.

If they are, extract either the username or userid (or both if available) from that cookie.

So in a nutshell, the user will use the VB login and forums, but then can navigate to xxx.domain.com, yyy.domain.com, etc. and will still need to appear as logged in.

Here is an example of it working in action: forum.teamxbox.com

Any help would be greatly appreciated. Thanks!
Dan

You'll need to change your cookie settings I believe. I'm not sure what to change them to or even where to be honest but I believe in your vbulletin settings.

Set the Cookie Domain to .domain.com (the leading dot is important!), then the cookies should be available on all subdomains.

To determine if a user is logged in:
The easiest way would be to require vBulletins global.php and check if $bbuserinfo[userid] is set.

If this is not possible you can check the cookies manually:

bbuserid is, obviously, the UserID
bbpassword is md5(md5(md5('Plaintext-Password') . $salt) . 'LicenseNo'), where $salt is the value of column salt in table user for this UserID and LicenseNo is your vBulletin License Number.


Also note the bb is just the default cookie-prefix. If you have set this to vbcookie for example, the cookies would be vbcookieuserid and vbcookiepassword.

Thanks guys, I got it working. The only obstacle now is figuring out how to hack vbulletin so it allows the login box to sit outside the forum directory. Right now the login doesn't like you to post from a sub-domain other than the main domain the forum is on. It throws up a security message.

In init.php FIND

// referrer check for POSTs


Below this is a referer check. Id' suggest do modify the regex to suit your needs (eg. only check domain, not the complete host).