vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Login from external app without any redirect (https://vborg.vbsupport.ru/showthread.php?t=217458)

budget_ben 06-29-2009 08:52 PM
Login from external app without any redirect
 
I've tried to read the great variety of login/redirect threads on the board but haven't found anything akin to what I'm trying to do.

I have a flash app that accesses a wide variety of server-side data via php scripts. What I am attempting is to allow the user to 'log in' via the flash application residing on the same server. I put the 'log in' in quotes only because I'm not expecting the user to be able to browse the forums via my wee app, I just need to authenticate a username/password combo and acquire a valid session.

A brief rundown of the sequence of events:
1. user is playing with the flash app and would like to save his/her progress.
2. a dialog box prompts for the username and password.
3. I do a POST to https://mysite.com/handleLogin.php
4. the php page validates the provided data and returns a 'go/no go' string to the flash app.

The problem I am running into is that the login code below does not work without using the do_login_redirect() function. With the correct username and password, it will return 'true' for a success but I'm not really logged in - when I browse to the forum index.php it acts as if I have not logged in.

Code:
function validateLogin( $username, $password )
{
        global $vbulletin;
       
        $vbulletin->input->clean( $username, TYPE_STR );
        $vbulletin->input->clean( $password, TYPE_STR );
       
        $strikes = verify_strike_status($username);
        if ($strikes === false || $strikes >= 5)
        {
                return false; //locked out       
        }       

        if( !verify_authentication($username, $password, '', '', true, false) )
        {
                return $strikes + 1;        //fat-fingered the password?
        }
        else
        {
                //User and pw ok, let's log them in
                exec_unstrike_user($username);

                process_new_login('', true, '');
               
                //*****************************
                //        WHY MUST I REDIRECT?
                //*****************************
                //do_login_redirect();
               
                return true;       
        }
}
So now my questions (finally):
1. Does anyone know why there needs to be a redirect? Does it need one to properly set the cookie/active user list?
2. Is there a way around this?

I appreciate any help you folks can provide.

Dismounted 06-30-2009 03:44 AM
Cookies don't set unless a complete page load is presented to the browser. That is most likely the problem.

budget_ben 06-30-2009 02:01 PM
Thanks for the help - simply re-loading the page seemed to do the trick.

Here's a complete example for anyone else interested in using the forum database as general purpose user authentication.

Code:
<?php
// ######################### REQUIRE BACK-END ############################
require_once('./global.php');
require_once(DIR . '/includes/functions_login.php');
require_once(DIR . '/includes/functions_misc.php');

//returns FALSE if locked out, or the number of strikes, or TRUE for success
function validateLogin( $username, $password )
{
        global $vbulletin;
       
        $vbulletin->input->clean( $username, TYPE_STR );
        $vbulletin->input->clean( $password, TYPE_STR );
       
        $strikes = verify_strike_status($username);
        if ($strikes === false || $strikes >= 5)
        {
                return false; //locked out       
        }       

        if( !verify_authentication($username, $password, '', '', true, false) )
        {
                exec_strike_user($vbulletin->userinfo[ $username ]);
                return $strikes + 1;        //fat-fingered the password?               
        }
        else
        {
                //User and pw ok, let's log them in
                exec_unstrike_user($username);

                process_new_login('', true, '');
               
                return true;       
        }
}

if( isset($_POST['do']) && $_POST['do'] === 'login' )
{
        if( isset($_POST['username']) )
        {
                $username = $_POST['username'];
        }
       
        if( isset($_POST['password']) )
        {
                $password = $_POST['password'];
        }
       
        if( isset($username) && isset($password) )
        {
                //Attempt the login - input is cleaned in the function
                $result = validateLogin($username, $password);
       
                if( $result === true )
                {
                        //Re-load this page to ensure all cookies are set
                        exec_header_redirect('forumLoginTest.php');       
                }
                else if( $result === false )
                {
                        echo("transaction=ERR_LOCKED_OUT");
                }
                else
                {
                        echo("transaction=ERR_STRIKE&value=$result");       
                }
        }
        else
        {
                echo("transaction=ERR_PARSE");       
        }
}
else
{
        echo("transaction=ERR_NONE");
}

?>

chaim_2003 06-30-2009 03:08 PM
Thanks for this!

jwm0z 11-18-2009 02:03 PM
Reading this post helped me figure out why my session style (not cookie, cookie was fine) login was not working in an ajax function yet it was in a regular POST/redirect style flow.

A redirect is not explicitly needed, it is what happens during the redirect (exec_header_redirect()) which is needed. After looking through the code the reason it appears that a proper redirect is needed is that it eventually calls exec_shut_down() which saves the session.

I could not figure out why my session was not saved correctly with the user info inside and this is the reason.

So for a very simple login:

PHP Code:
$vbulletin->userinfo fetch_userinfo($userid);
$vbulletin->session->created false;
process_new_login($logintype ''$cookieuser false$cssprefs '');
exec_shut_down(); 
Thanks again for the 'redirect' tip-off, this has been pissing me off for about 2 days.

Molech 11-20-2009 09:45 PM
thanks guys, these posts were very helpful for me.

otlayi 08-20-2011 02:27 PM
Quote:
Originally Posted by jwm0z (Post 1916610)
Reading this post helped me figure out why my session style (not cookie, cookie was fine) login was not working in an ajax function yet it was in a regular POST/redirect style flow.

A redirect is not explicitly needed, it is what happens during the redirect (exec_header_redirect()) which is needed. After looking through the code the reason it appears that a proper redirect is needed is that it eventually calls exec_shut_down() which saves the session.

I could not figure out why my session was not saved correctly with the user info inside and this is the reason.

So for a very simple login:

PHP Code:
$vbulletin->userinfo fetch_userinfo($userid);
$vbulletin->session->created false;
process_new_login($logintype ''$cookieuser false$cssprefs '');
exec_shut_down(); 
Thanks again for the 'redirect' tip-off, this has been pissing me off for about 2 days.
You sir, are a badass. Replacing my do_login_redirect() with exec_shut_down() and then my own header('Location: /') worked PERFECTLY. Mad props :up:


All times are GMT. The time now is 12:10 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02122 seconds
  • Memory Usage 1,752KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (2)bbcode_php_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (7)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete