Version 0.3:
- if session expires, resets session and redirects to reload page
Code:
error_reporting(E_ALL & ~E_NOTICE);
// some basic requirements
require(DIR . '/includes/functions_login.php');
// check if already logged in
$logged_in = (empty($_COOKIE[COOKIE_PREFIX . 'lastvisit'])) ? false : true;
// clean up expired session *before* logging in again
if ($logged_in)
{
$vbulletin->session->do_lastvisit_update($vbulletin->GPC[COOKIE_PREFIX . 'lastvisit'], $vbulletin->GPC[COOKIE_PREFIX . 'lastactivity']);
}
$newuser =& datamanager_init('User', $vbulletin, ERRTYPE_ARRAY);
$newuser->set('username', $_SERVER['PHP_AUTH_USER']);
$newuser->set('password', 'SOME_STRING_MAKE_IT_UP'); // http auth is 100% of security, to avoid password issues when passwords change...
$newuser->set('email', $_SERVER['PHP_AUTH_USER']);
$newuser->set('usergroupid', 2);
$newuser->set('timezoneoffset', -6);
$newuser->set('showblogcss', true);
$newuser->set('styleid', 1);
$newuser->pre_save();
$vbulletin->GPC['vb_login_username'] = $_SERVER['PHP_AUTH_USER'];
$vbulletin->GPC['cookieuser'] = $_SERVER['PHP_AUTH_USER'];
$vbulletin->GPC['cssprefs'] = '';
// try to create the user in vBulletin; if it works save the dataset else just login
if (empty($newuser->errors))
{
$newuser->set_info('coppauser', false);
$vbulletin->userinfo['userid'] = $newuser->save();
}
verify_authentication($vbulletin->GPC['vb_login_username'], '','','',$vbulletin->GPC['cookieuser'], true);
exec_unstrike_user($vbulletin->GPC['vb_login_username']);
process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
// redirect back so page reloads with logged in cookie-based session active
if (!$logged_in)
{
header('Location: ' . $_SERVER['PHP_SELF']);
}
--------------- Added [DATE]1264810892[/DATE] at [TIME]1264810892[/TIME] ---------------
Version 0.4:
- Password issue appears to be a non-issue (further testing needed, in mean time, just use $_SERVER['PHP_AUTH_PW']).
- Handle case where session expires and next page load means the user is not logged in (but session cookies are set) and then refresh shows as logged in. Now there is a redirect in this case so user doesn't not see self as ever logged out.
- Handle case where user tries to access a session as someone other than who they are HTTP authenticated as.
Code:
error_reporting(E_ALL & ~E_NOTICE);
// some basic requirements
require(DIR . '/includes/functions_login.php');
if (!$vbulletin->session->vars['loggedin'])
{
httpauth_login();
redirect_self();
}
elseif ($userinfo = $vbulletin->session->fetch_userinfo())
{
if ($userinfo['username'] !== $_SERVER['PHP_AUTH_USER'])
{
httpauth_login();
process_logout();
redirect_self();
}
else
{
}
}
function httpauth_login()
{
global $vbulletin;
$newuser =& datamanager_init('User', $vbulletin, ERRTYPE_ARRAY);
$newuser->set('username', $_SERVER['PHP_AUTH_USER']);
$newuser->set('password', $_SERVER['PHP_AUTH_PW']);
$newuser->set('email', $_SERVER['PHP_AUTH_USER']);
$newuser->set('usergroupid', 2);
$newuser->set('timezoneoffset', -6);
$newuser->set('showblogcss', true);
$newuser->set('styleid', 1);
$newuser->pre_save();
$vbulletin->GPC['vb_login_username'] = $_SERVER['PHP_AUTH_USER'];
$vbulletin->GPC['cookieuser'] = $_SERVER['PHP_AUTH_USER'];
$vbulletin->GPC['cssprefs'] = '';
// try to create the user in vBulletin; if it works save the dataset else just login
if (empty($newuser->errors))
{
$newuser->set_info('coppauser', false);
$vbulletin->userinfo['userid'] = $newuser->save();
}
verify_authentication($vbulletin->GPC['vb_login_username'], '','','',$vbulletin->GPC['cookieuser'], true);
exec_unstrike_user($vbulletin->GPC['vb_login_username']);
process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
}
function redirect_self()
{
// may need adjustment for non-Apache servers!
header('Location: ' . $_SERVER['PHP_SELF']);
}
More Information