php+curl+login woes...

[newsun]

Ok, so I am logging into vb from within another site that already has membership login. I am able to successfully login with the php+curl code I have.

The problem is that when I go to the forum the I am not actually logged in there. I thought maybe I could nab the bb_sessionhash cookie data from the curl session and the set the cookie, but this is not working.

Anyone have any ideas on how I can transfer this logged in state from the curl session to the actual forum I want to send them to?

[kh99]

Transfering the session hash probably won't work because it's only accepted if it comes from the same ip address and user agent string. I guess you could fake the user agent in curl, but probably not the ip.

A couple things you might try (and I haven't tried either of them) - set the bb_password cookie to md5(password . COOKIE_SALT). COOKIE_SALT is defined in functions.php. I think that should work like "remember me" to log in the user. The other thing would be to create a session for the user by writing to the session table (and that way you can write the user's ip and user agent to get around that problem). ETA...or maybe keep things the way you have them but update the session table record with the user's ip and user agent (although after that you won't be able to use curl for that session).

[newsun]

I have tried most of that.

First thing I was trying, was to create the session myself by inserting it directly to the database and then setting the cookie. This did not work.

So I tried logging in via cURL, this gets logged in though the idhash and host stored in the session table do not match the client as it's coming from my server. So I tried updating the session table to have the client's ip and an idhash based on this ip. Then set the cookie, this still does not work.

The main problem is not the logging in part via cURL, that works fine, it's getting that session to work on the client's end.

[kh99]

Quote:

Originally Posted by newsun

I have tried most of that.

First thing I was trying, was to create the session myself by inserting it directly to the database and then setting the cookie. This did not work.

So I tried logging in via cURL, this gets logged in though the idhash and host stored in the session table do not match the client as it's coming from my server. So I tried updating the session table to have the client's ip and an idhash based on this ip. Then set the cookie, this still does not work.

So do you know why those things didn't work? Do you know if the browser is actually sending the cookies you set (to vb, I mean)?

[newsun]

I am receiving the cookies, can see them in the headers in the chrome console and also via firecookie plugin. I can see them on both the sub-domain of the script and the forum subdomain as the cookie is set to .DOMAIN.com

[kh99]

Quote:

Originally Posted by newsun

So I tried updating the session table to have the client's ip and an idhash based on this ip. Then set the cookie, this still does not work.

I guess if you got that far you were also using the client's user agent. Hmm...don't see why that wouldn't work.

Quote:

Originally Posted by newsun

I am receiving the cookies, can see them in the headers in the chrome console and also via firecookie plugin. I can see them on both the sub-domain of the script and the forum subdomain as the cookie is set to .DOMAIN.com

OK, just checking. Clearly you're ahead of me on this so I don't have any other ideas unless maybe I get the chance to try to myself. Hopefully someone else will know.

[newsun]

I am setting the user_agent, that's not a problem. I even have the correct 'idhash' via this cURL command:

PHP Code:

curl_setopt($ch, CURLOPT_HTTPHEADER, array("X-FORWARDED-FOR: $ip")); 


Everything in the session is set via cURL call correctly except the 'host' (ip address). I dunno yet if this is the problem or not.