vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=252)
-   -   SOLUTION - VBulletin 4 External, Manual Member Signup/Registration/Login + Cookies (https://vborg.vbsupport.ru/showthread.php?t=254716)

tguillea 12-05-2010 02:20 PM
SOLUTION - VBulletin 4 External, Manual Member Signup/Registration/Login + Cookies
 
This is a solution to this problem, NOT a question.

Apparently all the serious forum posters here don't understand something - there is no VB4 solution to this. I've read dozens of posts with no replies, few replies, and simply lazy replies, with people telling the poster to search through the articles and never posting links... so a big F-U to those guys.

I know the whole vbDatabaseManager thing would make this cleaner, but this is to authenticate a VB4 login from another, external form, which is unrelated to vbulletin (except for the member's accounts that are linked). I don't like the idea of vbulletin handling my errors, redirects, etc. so I made a manual / "forced" way to do this.

Anyways, here is my solution - note the following: the table prefix is "vb_", cookie prefix is "bb_", COOKIE_SALT = "4j2klj5lk2jklj23mlk6j2klj4klj2", and the forum is installed in "/inside/forums/". You can find the COOKIE_SALT on line 34 of /includes/functions.php

PHP Code:
//$password is already MD5'd once, so replace "$password" with md5($_POST['password']) where applicable
/*insert user into table*/
function fetch_user_salt($length 30){
    $salt '';
    for ($i 0$i $length$i++){
        $salt .= chr(rand(33126));
       }
    return mysql_real_escape_string($salt);
    }
$vb_salt fetch_user_salt();
$passdate date('Y-m-d');
$password_salted md5($password.$vb_salt);
$cookie_password_salted md5(md5($password.$vb_salt).'4j2klj5lk2jklj23mlk6j2klj4klj2');

/*USED ONLY WHEN LOGGING IN AND NOT SIGNING UP
$result_salt = mysql_query("SELECT `salt` FROM `vb_user` WHERE `userid`='$userid' LIMIT 1");
$row_salt = mysql_fetch_array($result_salt);
$vb_salt = $row_salt['salt'];
*/

$row_title mysql_fetch_array(mysql_query("SELECT * FROM `vb_usertitle` ORDER BY `usertitleid` ASC LIMIT 1"));
$usertitle $row_title['title']; //get the default first title

mysql_query("INSERT INTO `vb_user` (`userid`, `usergroupid`, `membergroupids`, `displaygroupid`, `username`, `password`, `passworddate`, `email`, `styleid`, `parentemail`, `homepage`, `icq`, `aim`, `yahoo`, `msn`, `skype`, `showvbcode`, `showbirthday`, `usertitle`, `customtitle`, `joindate`, `daysprune`, `lastvisit`, `lastactivity`, `lastpost`, `lastpostid`, `posts`, `reputation`, `reputationlevelid`, `timezoneoffset`, `pmpopup`, `avatarid`, `avatarrevision`, `profilepicrevision`, `sigpicrevision`, `options`, `birthday`, `birthday_search`, `maxposts`, `startofweek`, `ipaddress`, `referrerid`, `languageid`, `emailstamp`, `threadedmode`, `autosubscribe`, `pmtotal`, `pmunread`, `salt`, `ipoints`, `infractions`, `warnings`, `infractiongroupids`, `infractiongroupid`, `adminoptions`, `profilevisits`, `friendcount`, `friendreqcount`, `vmunreadcount`, `vmmoderatedcount`, `socgroupinvitecount`, `socgroupreqcount`, `pcunreadcount`, `pcmoderatedcount`, `gmmoderatedcount`, `assetposthash`, `fbuserid`, `fbjoindate`, `fbname`, `logintype`, `fbaccesstoken`, `bloggroupreqcount`, `showblogcss`) VALUES ('$userid', '2', '', '0', '$username', '$password_salted', '$passdate', '$email', '0', '', '', '', '', '', '', '', '1', '0', '$usertitle', '0', '$timestamp', '0', '$timestamp', '$timestamp', '0', '0', '0', '10', '5', '0', '0', '0', '0', '0', '0', '3163223', '', '0000-00-00', '-1', '-1', '$ip', '0', '1', '0', '0', '-1', '0', '0', '$vb_salt', '0', '0', '0', '', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '', '', '0', '', 'vb', '', '0', '1')") or die(mysql_error());

mysql_query("INSERT INTO `vb_usertextfield` (`userid`) VALUES ('$userid')") or die(mysql_error());
mysql_query("INSERT INTO `vb_userfield` (`userid`) VALUES ('$userid')") or die(mysql_error());

require('getrealip.php');
function fetch_substr_ip($ip$length null){
    if ($length === null OR $length 3){
        $length 1;
        }
    return implode('.'array_slice(explode('.'$ip), 0$length));
    }
$alt_ip fetch_substr_ip(fetch_alt_ip());
$timestamp time();
$user_agent $_SERVER['HTTP_USER_AGENT'];
$idhash md5($_SERVER['HTTP_USER_AGENT'].$alt_ip);
$sessionhash md5(uniqid(microtime(), true));
//delete old sessions - a crude but useable method
mysql_query("DELETE FROM `vb_session` WHERE `userid`='$userid' OR `host`='$ip'") or die(mysql_error());
//insert new session
mysql_query("INSERT INTO `vb_session` (`sessionhash`, `userid`, `host`, `idhash`, `lastactivity`, `location`, `useragent`, `styleid`, `languageid`, `loggedin`, `inforum`, `inthread`, `incalendar`, `badlocation`, `bypass`, `profileupdate`) VALUES ('$sessionhash', '$userid', '$alt_ip', '$idhash', '$timestamp', '/inside/forums/forum.php', '$user_agent', '0', '0', '1', '0', '0', '0', '0', '0', '0')") or die(mysql_error());
//add cookies to link user to session
setcookie('bb_lastvisit',$timestamp);
setcookie('bb_lastactivity',0);
setcookie('bb_sessionhash',$sessionhash);
setcookie('bb_userid',$userid);
setcookie('bb_password',$cookie_password_salted); 
And here is the included file, getrealip.php
PHP Code:
<?php

/**
* Fetches an alternate IP address of the current visitor, attempting to detect proxies etc.
*
* @return    string
*/
function fetch_alt_ip(){
    $alt_ip $_SERVER['REMOTE_ADDR'];

    if (isset($_SERVER['HTTP_CLIENT_IP']))
    {
        $alt_ip $_SERVER['HTTP_CLIENT_IP'];
    }
    else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s'$_SERVER['HTTP_X_FORWARDED_FOR'], $matches))
    {
        // try to avoid using an internal IP address, its probably a proxy
        $ranges = array(
            '10.0.0.0/8' => array(ip2long('10.0.0.0'), ip2long('10.255.255.255')),
            '127.0.0.0/8' => array(ip2long('127.0.0.0'), ip2long('127.255.255.255')),
            '169.254.0.0/16' => array(ip2long('169.254.0.0'), ip2long('169.254.255.255')),
            '172.16.0.0/12' => array(ip2long('172.16.0.0'), ip2long('172.31.255.255')),
            '192.168.0.0/16' => array(ip2long('192.168.0.0'), ip2long('192.168.255.255')),
        );
        foreach ($matches[0] AS $ip)
        {
            $ip_long ip2long($ip);
            if ($ip_long === false)
            {
                continue;
            }

            $private_ip false;
            foreach ($ranges AS $range)
            {
                if ($ip_long >= $range[0] AND $ip_long <= $range[1])
                {
                    $private_ip true;
                    break;
                }
            }

            if (!$private_ip)
            {
                $alt_ip $ip;
                break;
            }
        }
    }
    else if (isset($_SERVER['HTTP_FROM']))
    {
        $alt_ip $_SERVER['HTTP_FROM'];
    }

    return $alt_ip;
}
?>

Just make sure to connect to the database before this code and it should work great. Any problems, shoot me a message :)

ahirmayur 12-17-2010 08:41 AM
Can this work with ASP.net??

Alucard^ 12-25-2010 06:55 AM
Wow, this is great man.

I will use this... but i don't understand at all how to use it... my doubt is, how to connect that code to the form that i make?

I need only a login... so my form have 2 input text (username and password), 1 checkbox (remember me thing) and 1 submit button.

So, how to use this code to get that data?

Thanks and sry for my english.

brandondrury 01-20-2011 06:18 AM
It seems that this is confirmation (that they are logged in) script.

Am I right in thinking that I'd need

if (all this code here checks out)
{
they are logged in, do whatever
}
else
{
show them a "too bad" message and give them a form to fill out
}

nick2100 03-03-2011 01:19 PM
Been searching for a way to do this for a couple days now and this is the only thing I see that makes sense apart from all the other out dated plugins. Would be nice though to have some detail instructions.

Can this be used on an external page that does not share the same login as vBulletin. I hate wordpress login/user account so its always on disable for me. I just need to have vBulletin login on the front of the site that is powered by wordpress.

Thanks in advance for any response

NinjaKiwi 04-06-2011 08:16 PM
Thanks for this.

I have also spent many, many hours searching for a way to do this and have also come up against a brick wall in this forum.... This is the closest thing I've seen.

Really appreciate the work you have done, and shared, for free, but wondering if you could give any pointers on how to bring other things into non-vbulletin pages, such as Avatars, recent posts, etc?

Many thanks

chrymo 09-01-2011 04:35 AM
Watching out how this feature "solution" evolves...

kamakazy_kid 09-22-2011 01:18 PM
Code for visual basic by any chance?

odmorise 01-23-2012 03:03 PM
Hi, thanks for this awesome tutotial. I implemented it on my site and it is working well.

Now I have another problem, after login, vbuletin is in an iframe.
If I do not surf through forum, and surf other parts of my site, user keeps logged on site, but not in vbulletin.

I tried manikg some dummy image, file session_image.php to refresh session every time user visits other parts of the site.
PHP Code:
<?php
// ####################### SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~E_NOTICE);

// #################### DEFINE IMPORTANT CONSTANTS #######################
define('GET_EDIT_TEMPLATES''editsignature,updatesignature');
define('THIS_SCRIPT''slika');
define('CSRF_PROTECTION'true);

// ######################### REQUIRE BACK-END ############################
require_once('./global.php');
require_once(DIR '/includes/functions_user.php');

// bootstrap framework
require_once(DIR '/includes/class_bootstrap_framework.php');
vB_Bootstrap_Framework::init();

header('Content-Type: image/png');
readfile('../session_slika.png');
exit;

?>
Any idea where I am wrong ?

firebrand media 03-13-2013 10:09 PM
Outstanding work. I was able to implement a crazy SSO system based on the strategy you've outlined here. I'll post my version with extended error handling and allowing the userid to autoincrement in a week or two after some testing.


All times are GMT. The time now is 10:32 AM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01146 seconds
  • Memory Usage 1,816KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete