The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
How does VB User validation work?
Hello
I am trying to code some sections on my website to validate users through the VB member database. I was able to figure out how to do that by using the salt and double md5 hashing to compare passwords. However, I would like to auto-login members if they have already logged into vbulletin. I know that when you login there is a cookie set that contains the userid number, but this is not strong enough to validate a user's login. I think that anybody can spoof the userid in the cookie through the header. Does anybody know how I can securely validate a user if they are logged in? thanks in advance Roy |
#2
|
||||
|
||||
There are two cookies necessary (which are being set when you log into vB):
(bb)userid and (bb)password where (bb) is the default cookie-prefix (you might have another one). bbuserid should be obvious. bbpassword is md5(md5(md5('password') . $salt) . 'LicenseNo') where LicenseNo ist your license number (found on top of each PHP-file). |
#3
|
|||
|
|||
Quote:
Thanks! I was looking for exactly that information. |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|