Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Reload this Page sessionhash and idhash
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 11-07-2005, 06:31 AM
marcelk1809 marcelk1809 is offline
 
Join Date: Oct 2005
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default sessionhash and idhash
Where does vb 3.5.1 make the sessionhash and the idhash ???

need to know it, to add sessions of users that visit the site without being in the forums
Reply With Quote
  #2  
Old 11-08-2005, 03:16 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
this is done in class_core.php.
Reply With Quote
  #3  
Old 01-04-2006, 04:12 PM
monotreme monotreme is offline
 
Join Date: Nov 2005
Posts: 25
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Classic example of a glib unhelpful answer.

I KNOW it's done in class_core.php but that code is so forking obtuse and there's so many layers that it takes a couple of HOURS of intense code backtracing to find where the stuff actually originates.

idhash I have discovered.
it comes from SESSION_IDHASH
and to get that you md5 ($_SERVER['HTTP_USER_AGENT'] . $registry->alt_ip);

And if you want to know what alt_ip is you must duplicate the function fetch_alt_ip
which uses optional headers to see if a proxy requester leaked any info about where they really came from. But they are optional. Really sneaky people will turn it all off.

That's a reasonably good way to id people, but if you have a NAT'd group with RFC addys and they all have the same useragent and the same user is logged into several identical stations in a NAT
subnet it might cause trouble so you need the sessionhash.

I'm still working on actually COMPUTING the correct session hash. So far I've found that an alias for it is the 's' variable and that when its inserted in the db it is found in
$vbulletin->session->vars['sessionhash']

Now if I can just figure out how and when that forking thing is computed in the first place I'm home free.
Reply With Quote
  #4  
Old 07-29-2006, 12:00 AM
war_bird war_bird is offline
 
Join Date: Apr 2005
Posts: 5
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
id hash i have discovered;

$ipadress=getenv("REMOTE_ADDR");
$ses_idhash=md5($_SERVER['HTTP_USER_AGENT'].$ipadress);
Reply With Quote
  #5  
Old 07-29-2006, 01:43 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
From class_core ;

PHP Code:
function fetch_sessionhash()
{
    return md5(TIMENOW SCRIPTPATH SESSION_IDHASH SESSION_HOST vbrand(11000000));


Quote:
Originally Posted by monotreme
I KNOW it's done in class_core.php but that code is so forking obtuse and there's so many layers that it takes a couple of HOURS of intense code backtracing to find where the stuff actually originates.
It took about 5 minutes.
Reply With Quote
  #6  
Old 08-08-2007, 10:16 PM
iansmith iansmith is offline
 
Join Date: Aug 2002
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Anyone figure out the formulea for creating an idhash? The above post (old) is for sessionid which is not the same thing.

I am trying to create a login by adding an entry to the session table from outside vb and the idhash seems to be the sticking point.
Reply With Quote
  #7  
Old 08-01-2010, 12:22 AM
janitor123 janitor123 is offline
 
Join Date: Jan 2010
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I know that this reply is to a very, very old post but I wanted to put here an answer that I found for others that may be looking for it. This is taken from the DrupalVB module to auto login to Drupal. This module sets cookies for vBulletin to look for.

I am using this module with Drupal 6.17 and vBulletin 3.8.4 PL2

The below is in PHP
Code:
$idhash = md5($_SERVER['HTTP_USER_AGENT'] . $vbuser['userid']);
$sessionhash = md5($now . request_uri() . $idhash . $_SERVER['REMOTE_ADDR'] . user_password(6));
Reply With Quote
  #8  
Old 08-01-2010, 06:42 AM
Speysider's Avatar
Speysider Speysider is offline
 
Join Date: Apr 2009
Posts: 1,029
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Have you joined to just go around bumping threads?
Reply With Quote
  #9  
Old 10-31-2010, 08:54 AM
aussiev8 aussiev8 is offline
 
Join Date: Aug 2004
Posts: 122
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
They made it much easier now


PHP Code:
    function fetch_sessionhash()
    {
        return md5(uniqid(microtime(), true));
    } 
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 06:18 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04264 seconds
  • Memory Usage 2,243KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (2)bbcode_php
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete