[rlarner]

Thanks for the reply, Disasterpiece. Here's some more specifics on my approach. I added the following to vb/init.php immediately after the call to:

Code:

if ($customer_id && !$vbulletin->GPC[COOKIE_PREFIX . 'userid']) {

function fetch_my_salt($length = 30){
    $salt = '';
    for ($i = 0; $i < $length; $i++){
        $salt .= chr(rand(33, 126));
       }
    return mysql_real_escape_string($salt);
}

$userid = $customer_id;
$row_user = mysql_fetch_array(mysql_query("SELECT userid, salt FROM user WHERE userid = '$userid'"));
if (isset($row_user['userid'])) {
    $vb_salt = $row_user['salt'];
} else {
    $row_title = mysql_fetch_array(mysql_query("SELECT * FROM `usertitle` ORDER BY `usertitleid` ASC LIMIT 1"));
    $username = customer::get_avatarname($customer_id);
    $password = customer::get_password($cid);
    $vb_salt = fetch_my_salt();
    $password_salted = md5($password.$vb_salt);
    $passdate = date('Y-m-d');
    $usertitle = $row_title['title']; //get the default first title
    mysql_query("INSERT INTO user (
    userid,
    usergroupid,
    username,
    password,
    passworddate,
    email,
    showvbcode,
    showbirthday,
    usertitle,
    joindate,
    lastactivity,
    lastvisit,
    options,
    ipaddress,
    languageid,
    salt
    ) VALUES (
    '$userid',
    '2',
    '$username',
    '$password_salted',
    '$passdate',
    '$email',
    '1',
    '0',
    '$usertitle',
    '$timestamp',
    '$timestamp',
    '$timestamp',
    '3163223',
    '$ip',
    '1',
    '$vb_salt'
    )") or die(mysql_error());
    
    mysql_query("INSERT INTO `usertextfield` (`userid`) VALUES ('$userid')") or die(mysql_error());
    mysql_query("INSERT INTO `userfield` (`userid`) VALUES ('$userid')") or die(mysql_error());
    
}
$alt_ip = ip::get();
$timestamp = time();
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$idhash = md5($_SERVER['HTTP_USER_AGENT'].$alt_ip);
$sessionhash = md5(uniqid(microtime(), true));
//delete old sessions - a crude but useable method
mysql_query("DELETE FROM `session` WHERE `userid`='$userid' OR `host`='$ip'") or die(mysql_error());
//insert new session
mysql_query("INSERT IGNORE INTO `session` (`sessionhash`, `userid`, `host`, `idhash`, `lastactivity`, `location`, `useragent`, `styleid`, `languageid`, `loggedin`, `inforum`, `inthread`, `incalendar`, `badlocation`, `bypass`, `profileupdate`) 
VALUES ('$sessionhash', '$userid', '$alt_ip', '$idhash', '$timestamp', '/inside/forums/forum.php', '$user_agent', '0', '0', '1', '0', '0', '0', '0', '0', '0')") or die(mysql_error());
//add cookies to link user to session
setcookie('bb_lastvisit',$timestamp);
setcookie('bb_lastactivity',0);
setcookie('bb_sessionhash',$sessionhash);
setcookie('bb_userid',$userid);
$cookie_password_salted = md5(md5($password.$vb_salt).'C6KQEk3jNYBggzqFr0m4uVzFujo');
setcookie('bb_password',$cookie_password_salted); 
}

What happens now is on the first page load I get the message:

Quote:

Your submission could not be processed because you have logged in since the previous page was loaded.<br />
<br />
Please reload the window.

Even though I get this message, it does appear to log the customer in, however subsequent visits do not result in authenticated sessions - the user is treated like a guest.

So, it looks like my problems are two-fold:
1) How do I repress the "logged in since the previous page was loaded" message?

2) How do I properly populate the session table and cookie info on return visits?

Thanks again.

Rosco