Custom login questions...
 

I created a hook that will creat the vBulletin login information using the data from the php session created by my custom login script for my main site. My main site handles passwords exactly the same as vb.

I need to know, if I did this the right way. I am afrade that there may be security issues and that I may be invalidating some of the vbulletin features such as the infraction system.

What I have done is as follows:

1. Registered user logs in. My login system stores the login info in a php session.
2. When the user goes to my boards, a hook is executed. The hooks retrieves the data that vBulletin would retrieve after a successfull login. After fetching the data, the hook executes the vb function, process_new_login,that normally is executed after vbulletin validates the login.
3. After executing the hook and creating the vbulletin login info, I set a session variable and redirect the user to the boards home page. This way, the code only gets executed once.

Basically, I have bypassed the vBulletin authentication system. Is this bad? If so, why and how do I fix it?

MY hook is as follows: global_start

session_start();

if ($_SESSION['vb_login'] != 'yes') {

require_once($_SERVER['DOCUMENT_ROOT'].'/inc/variables.php');
require_once($_SERVER['DOCUMENT_ROOT'].'/inc/functions.php');
require_once($_SERVER['DOCUMENT_ROOT'].'/boards/includes/functions_login.php');

$mhhmws = db_site("
SELECT userid, usergroupid, membergroupids, infractiongroupids, username, password, salt
FROM VB3_user
WHERE username = '".$_SESSION['my_username']."'
");

$vbulletin->userinfo = mysql_fetch_assoc($mhhmws);

//print_r($_SESSION);
//print_r($vbulletin->userinfo);

//$logintype = '';
$cookieuser = '1';
$cssprefs = '';

process_new_login($logintype, $cookieuser, $cssprefs);

$_SESSION['vb_login'] = 'yes';

header ('Location: http://www.myhobbyhorse.com/boards/');

}

Any idea as to exactly what the following variables do?

//$logintype = ''; "Always seems to be blank...?"
$cookieuser = '1';
$cssprefs = '';