[pianoman993]

Thanks so far for all your useful information.

Marco, would it be possible for you to show me a code example of how to pass information such as the username ($vbulletin->userinfo['username']) into a secure string that I could pass into a CGI script? And also, where would I do that, in the global.php file, a plugin?

Much thanks!

- Pianoman993

Also, just to give you some frame of reference so you know where I'm coming from, this is part of the CGI script.

Code:

# PREFs Section 03: Security.
############################################################################
# Password Protection, Option 3 of 5 (use your site's existing login system):
#
# If your site already has a login system, either cookie-based or based on
# PHP sessions, you can make FileChucker integrate with it.
#
# If using the PHP session method, you must set the following environment
# variables from PHP just before calling filechucker.cgi from PHP:
#f
# 	putenv("PHP_ENC_USERNAME=$username");	# where $username is your PHP user variable.
# 	putenv("PHP_ENC_ISADMIN=$X");		# where $X is a 0 or a 1.
#
# This option is mutually exclusive with the integrate_with_userbase option.
#
$PREF{integrate_with_existing_login_system}		= 'yes';
$PREF{login_error_message}				= qq`Error: not logged in.&nbsp; Perhaps you need to <a href="/">go home</a> and log in first?`;
#$PREF{logout_url}					= '/logout/';
#$PREF{login_url}					= '/login/';
#$PREF{forced_logout_link}				= qq`<p>Logging out; <a href="%%logout_url%%">click here</a> to continue.</p>\n`;
#
$PREF{enable_username_from_cookie}			= 'no';
$PREF{member_username_cookie_name}			= 'username';
$PREF{admin_username_cookie_name}			= 'admin';
#
$PREF{enable_username_from_php_session}			= 'yes';

Code:

# PREFs Section 04: User-directories.
############################################################################
# If you are already storing a username/userdir variable in PHP sessions on
# your server, you can make FileChucker use that.
#
# For Method 1, you'll need to be calling FileChucker from an /upload/index.php
# file like this:
#
#	<?php
#		# set an environment variable from your PHP username variable:
#		session_start(); putenv("PHP_ENC_USERDIR=$username");
#		require("call_filechucker.php");
#	?>
#
# To get the call_filechucker.php file, see step #5 in the instructions:
#
#	http://encodable.com/filechucker/#instructions
#
# For Method 2, you don't necessarily need to call FileChucker exactly that
# way; instead, you'll need to have the PHP::Session Perl module installed on
# your server, and PHP's save_path will need to be readable from Perl.
#
$PREF{enable_userdir_from_php_session__method1}		= 'no';
$PREF{php_session_cookie_name}				= 'PHPSESSID';
$PREF{php_session_cache_ttl}				= 60*60*24; # in seconds.
#
$PREF{enable_userdir_from_php_session__method2}		= 'no';
$PREF{php_session_cookie_name}				= 'PHPSESSID';
$PREF{php_session_save_path}				= '/var/lib/php/session'; # or perhaps '/tmp';
$PREF{php_session_username_variable}			= 'username';