vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3 Articles (https://vborg.vbsupport.ru/forumdisplay.php?f=187)
-   -   Single Signin / Login Integration Tip (https://vborg.vbsupport.ru/showthread.php?t=115380)

orbita 05-11-2006 10:00 PM

Single Signin / Login Integration Tip
 
Hi people, first post here, hope its useful

I've just installed vbulletin on a client site as they needed a forum/discussion facility and vbulletin provided good moderation facilities. They wanted existing users who were logged into the site not to have to log in again in order to use vbulletin.

I noticed there wasnt much help for this on the forum and quite a few posts asking how it could be done. Since I have solved part of the problem I thought it might be useful to share it with you.

Essentially the problem is to log in an existing user into vbulletin outside of the vbulletin environment so that when they access a vbulletin page it recognises them.

This, as you might imagine involves the use of cookies.

The way I have gone about it is to create an authentication handler in apache to be triggered when anyone tries to access a vbulletin page (i have vbulletin installed under /vb/)

Since we are using mod_perl, the httpd.conf directive looks a bit like this...

<Location /vb/>
AuthType BLAHType
AuthName BLAHName
PerlAccessHandler BLAH->login_to_vb
</Location>


So.. when a user asks for a vb page, first it runs the login_to_vb method in module BLAH. (but you could probably make this a php page or something else)

the login_to_vb script routine works as follows

1) it gets the currently signed in username and password (this will depend on the authorisation your website uses
2) it POSTs this information to /vb/login.php. In perl I do it like this...

my $browser = LWP::UserAgent->new;
my $response = $browser->post( $url, [
vb_login_username=>$user,
vb_login_password=>$pass,
do=>'login');


3) It reads the cookies from the header recieved back and the places them into the outgoing headers..

my $header = $response->headers;
my @cookies = $header->header('Set-Cookie');

foreach my $c (@cookies) {
$r->headers_out->add('Set-Cookie',$c);
}

4) Finally, it redirects the user to the page they were trying to access.

my $redir_url = "http://".$r->hostname.$r->uri;
my $pathinfo = join '&', ( map { "$_=$args->{$_}" } keys %{$args} );
$redir_url.= "?$pathinfo" if $pathinfo;
$r->headers_out->add("Location" => $redir_url);
$r->status(302);
$r->send_http_header;
Apache::exit;


BUT.. there is a problem...

vbulletin is clever, when you login, it registers your IP address against the session it creates for you. Next time you hit a vbulletin page it checks your IP against that session to make sure it is handing it back to the correct user.

If you look at the file includes/class_core.php you will find a SQL query around line 2460 that looks mostly like this...

if ($session = $db->query_first("
SELECT *
FROM " . TABLE_PREFIX . "session
WHERE sessionhash = '" . $db->escape_string($sessionhash) . "'
AND lastactivity > " . (TIMENOW - $registry->options['cookietimeout']) . "
AND ( (
host = '" . $this->registry->db->escape_string(SESSION_HOST) . "'
AND idhash = '" . $this->registry->db->escape_string(SESSION_IDHASH) . "'
)
OR host = '".$_SERVER['SERVER_ADDR']."' )
"))
{


If you modify the query to what I have here, the server will happily let you log in if the session originally came from the server IP address, regardless of the IDHASH or HOST address. This reduces security a little bit so if you are very security conscious you might need to adjust this to suit you better.


What else?

Well, you don't really want the script to log you in EVERY time you access a vB page - bit excessive. So I set an extra cookie with a timestamp and only log in if a certain time has passed since it last logged you in. I set this interval just lower than the timeout set in vbulletin so that it logs you back in just before the vbulletin timeout kicks in. You can hard code this or pull it out of the vbulletin database settings.

Obviously this just handles the login process.. You will need to find a way to keep the users details in sync. There are instructions for editing users details remotely on this site so I dont really need to cover that. One way though, would be to turn off user profile/password editing in the bulletin software and simply update the vbulletin user database from your existing application.

To make updates to the vbulletin user database you need to create a php file (say /vb/updateVB.php within your vb directory that you can call upon to make changes to the user table.

It would probably start something like this..
require_once('./global.php');
require_once('./includes/class_dm.php');
require_once('./includes/class_dm_user.php');

$userdm = new vB_DataManager_User($vbulletin, ERRTYPE_ARRAY);

$userdm->set('username', qpc_post('username'));
$userdm->set('password', qpc_post('password'));

etc...

Then from your application you can make GET requests to your script

eg: /vb/updateVB.php?do=new_user&username=blah&password=bl ah

Hope someone finds this of use.
regards, Tom

gdlx 05-12-2006 04:01 PM

This is really useful information...I wish I would have come across it a few weeks ago!

Connector 05-13-2006 10:33 PM

Could you put full code it will be very usefull .. where user can register outside the forums etc.. :)

skoTner 08-09-2006 09:08 PM

Yes, I would also like it if you could write a few newbie tips. I understand some of what you write, but not all... and how to do this in PHP only?

I have a site with a selfmade login as of today. I also have the vBulletin forum under /forum of the site. How can I make my own login on the root-site match the forum as you have explained here, all in php?

I've tried just reading the cookies the forum sets, but I reckon that doesn't quite do it?

AussieFreelance 08-13-2006 05:57 AM

i second that... i understand most of what is here, but not all, and am also interested in integrating the registration process as well as the login. I guess if you remove the ability to modify their account details or password, then it would just read from your existing customer db table, correct?

definitely interesterd in find out more about this.

thanks

Patrick

tabacco 09-24-2006 05:19 AM

Regarding doing this in PHP... I started to write something along the same lines, then got distracted. Here's what I have, but I haven't really tried it out yet. Might be a helpful starting point, though:
PHP Code:

$timenow time();
if(!isset(
$_SESSION["next_forum_login_request"])) $_SESSION["next_forum_login_request"] = 0;
        
        if(
$timenow $_SESSION["next_forum_login_request"]) {
            
            
$ch curl_init("http://".$_SERVER["HTTP_HOST"]."/forum/login.php");
            
curl_setopt($ch,CURLOPT_POSTtrue);
            
curl_setopt($chCURLOPT_POSTFIELDS"do=login&vb_login_username=".$username."&vb_login_password=&s=&vb_login_md5password=".$pre_md5d_password."&vb_login_md5password_utf=".$pre_md5d_password);
            
curl_setopt($chCURLOPT_HEADERtrue);
            
curl_setopt($chCURLOPT_NOBODYtrue);
            
curl_setopt($chCURLOPT_RETURNTRANSFERtrue);
            
curl_exec($ch);
            
$result explode("\n",curl_multi_getcontent($ch));
                                            
            foreach(
$result as $headerline) {
            
                if(
strpos($headerline,"Set-Cookie: ") === 0) {
                    
header($headerline);
                }
                    
            }
            
            
$_SESSION["next_forum_login_request"] = $timenow 300;
        


If you spot any glaring errors that will break everything, let me know :)
(and remember... I haven't tested this code, so I don't promise it works)

cphonx 09-25-2006 02:13 AM

Exactly what I was looking for. Thanks a ton!

*gets to work*

Hornstar 09-25-2006 09:23 AM

This has been out since last year already https://vborg.vbsupport.ru/showthrea...n+non+vb+pages

I think that would have solved your solution/s already

tabacco 09-27-2006 10:37 PM

My final solution was just to set the bbuserid and bbpassword cookies as session cookies when a user logs onto my site (and disable all the login/logout stuff in the vB templates). It ends up being a little simpler than the POST trick, and doesn't require code changes to vB (which I hate doing, because it makes upgrading a pain)

wcm 10-09-2006 07:03 PM

Has anyone tried the Perl solution with 3.6? It looks like a very neat way to do this.

I am a little bit curious on how the final perl script looks.

Any response is appreciated. :)


All times are GMT. The time now is 11:36 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01283 seconds
  • Memory Usage 1,759KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete