vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Force login from external script without vb login form (https://vborg.vbsupport.ru/showthread.php?t=189593)

maximized99 08-30-2008 10:45 PM
Force login from external script without vb login form
 
I have a custom coded CMS with an ajax login function. I keep two user tables - one for my custom CMS, and the standard user table for vb - but both use identical user names, passwords, salt, etc... everything is created simultaneously during registration.

I need to use the main site login and not the vb form for various reasons.

I capture the securitytoken and hash the vb_password variable, then call the same functions as login.php. This is where it returns an error:

Warning: array_keys() [function.array-keys]: The first argument should be an array in [path]/includes/functions.php on line 4086

Warning: Invalid argument supplied for foreach() in [path]/includes/functions.php on line 4086

Fatal error: Call to a member function query_read_slave() on a non-object in /home/*****/dev/forums/includes/functions.php on line 3093

I've done a ton of debugging and testing to identify the problem, but now I'm just going in circles. I'm hoping someone here has experience with this, or is willing to help walk me through getting it setup. I appreciate any feedback or help you can provide.

Here is the code I'm using to force the login:
Code:
function vbLogin(){

// ####################### SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~E_NOTICE);

// #################### DEFINE IMPORTANT CONSTANTS #######################
define('THIS_SCRIPT', 'login');
define('CSRF_PROTECTION', true);
define('CSRF_SKIP_LIST', 'login');

// ################### PRE-CACHE TEMPLATES AND DATA ######################
// get special phrase groups
$phrasegroups = array();

// get special data templates from the datastore
$specialtemplates = array();

// pre-cache templates used by all actions
$globaltemplates = array();

// pre-cache templates used by specific actions
$actiontemplates = array(
        'lostpw' => array(
                'lostpw'
        )
);

$_POST['vb_login_username'] = $_REQUEST['user_name'];
$_POST['vb_login_password'] = '';
$_POST['username'] = '';
$_POST['password'] = '';
$_POST['do'] = 'login';
$_POST['vb_login_md5password'] = md5($_REQUEST['password']);
$_POST['vb_login_md5password_utf'] = md5($_REQUEST['password']);
$_POST['s'] = '';

// ######################### REQUIRE BACK-END ############################
chdir(cfg::$setting['docRoot'] . 'forums');
require_once('./global.php');
require_once(DIR . '/includes/functions_login.php');

// #######################################################################
// ######################## START MAIN SCRIPT ############################
// #######################################################################

$vbulletin->input->clean_gpc('r', 'a', TYPE_STR);

// ############################### start do login ###############################
// this was a _REQUEST action but where do we all login via request?
$vbulletin->input->clean_array_gpc('p', array(
        'vb_login_username'        => TYPE_STR,
        'vb_login_password'        => TYPE_STR,
        'vb_login_md5password'    => TYPE_STR,
        'vb_login_md5password_utf' => TYPE_STR,
        'postvars'                => TYPE_BINARY,
        'cookieuser'              => TYPE_BOOL,
        'logintype'                => TYPE_STR,
        'cssprefs'                => TYPE_STR,
));

//######################### MORE PROCESSING REQUIRED ##############################
// can the user login?
$strikes = verify_strike_status($vbulletin->GPC['vb_login_username']);

if ($vbulletin->GPC['vb_login_username'] == '')
{
        eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
}

// make sure our user info stays as whoever we were (for example, we might be logged in via cookies already)
$original_userinfo = $vbulletin->userinfo;

if (!verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['vb_login_password'], $vbulletin->GPC['vb_login_md5password'], $vbulletin->GPC['vb_login_md5password_utf'], $vbulletin->GPC['cookieuser'], true))
{
        ($hook = vBulletinHook::fetch_hook('login_failure')) ? eval($hook) : false;

        // check password
        exec_strike_user($vbulletin->userinfo['username']);

        if ($vbulletin->GPC['logintype'] === 'cplogin' OR $vbulletin->GPC['logintype'] === 'modcplogin')
        {
                // log this error if attempting to access the control panel
                require_once(DIR . '/includes/functions_log_error.php');
                log_vbulletin_error($vbulletin->GPC['vb_login_username'], 'security');
        }
        $vbulletin->userinfo = $original_userinfo;

        if ($vbulletin->options['usestrikesystem'])
        {
                eval(standard_error(fetch_error('badlogin_strikes', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
        }
        else
        {
                eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'])));
        }
}

exec_unstrike_user($vbulletin->GPC['vb_login_username']);

// create new session
process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);

Melchior 07-23-2010 10:14 AM
hi, did you got it working? I've got the same problem :(

greetings

kh99 07-23-2010 12:28 PM
Probably gave up by now. :)

My guess would be that a lot of the initializing stuff would need to be done outside any function, otherwise it won't be working with the global variables. I think the errors in the first post come from the global variable $vbulletin not being initialized.

PinkMilk 07-25-2010 08:36 PM
1 Attachment(s)
Heres a vBulletin bridge class I found a while ago, hope it may help you somewhat:


All times are GMT. The time now is 06:39 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01061 seconds
  • Memory Usage 1,737KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (4)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete