[35mm]

Hi Ingwa, my site is not in production yet so I changed the password hashing of the site to use the same hashing method of vb. I also sync the user ID's from both systems. So when a user signs up or changes their password, it also creates/updates their forum account. As the main site also has user profiles and messenger, I didn't want vb user profiles or messenger so re-routed those to the main site's. I also got rid of vb's register page and login.

Now when a user logs into the main site, they are automatically logged into vb too. This is just simply a question of creating the sessions/cookies that vb's login process creates.

I think this is my working code - based on someone else's code example from some other thread here;

PHP Code:

// vBulletin logins
                    $vbuser = "SELECT salt FROM vb_user WHERE userid = '$userID' LIMIT 1";
                    // add query call here....

                    if(mysql_num_rows(query) == 1){
                        $vbsalt = mysql_result(query,0,'salt');
                    }
                    $cookie_salt = "xxxxxxxxxxxxxx"; // cookie salt - from /forum/inc/functions.php line 30 ish
                    $cookie_password_salted = md5($pass.$cookie_salt);
                    // grab user's IP here (we called it $alt_ip)
                    $vbidhash = md5($_SERVER['HTTP_USER_AGENT'].$alt_ip); // not too smart using unpurified &_SERVER var there tut tut
                    $vbsessionhash = md5(uniqid(microtime(), true));
                    mysql_query("DELETE FROM `vb_session` WHERE `userid`='$userID' OR `host`='$ip'",$dbconnect); // delete old session
                    mysql_query("INSERT INTO `vb_session` (`sessionhash`, `userid`, `host`, `idhash`, `lastactivity`, `location`, `useragent`, `styleid`, `languageid`, `loggedin`, `inforum`, `inthread`, `incalendar`, `badlocation`, `bypass`, `profileupdate`) VALUES ('$vbsessionhash', '$userID', '$alt_ip', '$vbidhash', '$session_time', '$url_path/forums/', '$new_useragent', '0', '0', '2', '0', '0', '0', '0', '0', '0')",$dbconnect);
                    setcookie('bb_lastvisit',$session_time,$cookie_expire,$url_path.'/',$site_domain); 
                    setcookie('bb_lastactivity',0,$cookie_expire,$url_path.'/',$site_domain); 
                    setcookie('bb_sessionhash',$vbsessionhash,$cookie_expire,$url_path.'/',$site_domain); 
                    setcookie('bb_userid',$userID,$cookie_expire,$url_path.'/',$site_domain); 
                    setcookie('bb_password',$cookie_password_salted,$cookie_expire,$url_path.'/',$site_domain);
                    // 


Some obvious things have been removed from the code, but it should give you an idea of the process and what needs to be done.

Some considerations;
You are probably better off giving your vb users the same user id as they have in your main user db, rather than using the auto increment in the vb user table.

For ease of integration I would suggest you use vb's password hashing method for password hashing in your main user database so that their passwords in both databases are the same - have the same hashed result.

In your process for users to change or reset their passwords on your main site, make sure you add code so it also updates their password in vb user table.

Redirect all vb registration requests, login and lost password requests etc to your main site registration, login and password reset etc pages.

I hope this helps!