[warhau]

Thanks everyone. With the new redirect code, I can got straight in via our SOAP authentication.

I did have a problem with jaikumarm's patch code, when retaining client-side MD5 encoding. The last line "do_login_redirect()" was causing a loop and eventual PHP memory crash. This appears to be due to the global_complete hook being called in print_output in functions.php, which was looping back into the login process. In the original code, there was a line:

$vbulletin->GPC['vb_login_password'] = '';

This kept the plugin from firing when global_complete was called. Without vb_login_md5password being cleared, the plugin was firing everytime it would reach "do_login_redirect()", resulting in the loop.

I also notice that in jaikumarm's code, he is still using

$vbulletin->GPC['vb_login_password']

in his call to verify_authentication. Theoretically, as part of the original code, isn't vb_login_password empty at this point? I'm not sure how verify_authentication would work there with a blank password. Anyway, I didn't have problem with that, but I did have to clear vb_login_md5password just prior to calling do_login_redirect, since my opening logic in the plugin prevents firing if md5 password is empty.

Finally, in the original code, I noticed:

$vbulletin->GPC['cookieuser'] = $vbulletin->GPC['vb_login_username'];

As I was going through login.php, I noticed that it looks like cookieuser is supposed to be BOOL. Not sure this would cause any problems, but I just removed the line completely and everything works fine.

Thanks to Haqa for a good example, that allowed me to write exactly what I needed, and to jaikumarm for helping to complete the puzzle!