Authentication and sessions

[IanM]

Hi all

I'm trying to work out how to use the vBulletin members table to authenticate and then pass this data via a session.

I have a script which is completely seperate to vB, but it currently uses phpBB members to log in.

The code I use for this is:

PHP Code:

if( FORUM_BOARD == 'PHPBB' )
    {
        $username = isset($_POST['username']) ? trim(htmlspecialchars($_POST['username'])) : '';
        $username = substr(str_replace("\\'", "'", $username), 0, 25);
        $username = str_replace("'", "\\'", $username);
        $password = isset($_POST['password']) ? $_POST['password'] : '';

        $sql = "SELECT user_id, username, user_password, user_active, user_level
                FROM " . PHPBB_USERS_TABLE . "
                WHERE username = '" . str_replace("\\'", "''", $username) . "'";
    
        $result = $sys->ExecSQL( $sql );
        if( $row = mysql_fetch_array($result) )
        {
            if( md5($password) == $row['user_password'] && $row['user_active'] )
            {
                $session->Put('userid',intval($row['user_id']));
                $session->Put('logged',1);
                $session->Put('username',$row['username']);
                $session->Store();
            }    
            else
                $errors[] = 'You have specified an incorrect or inactive username, or an invalid password.';    
        }
        else
            $errors[] = 'You have specified an incorrect or inactive username, or an invalid password.';    
    } 


What effectively happens is that when a user logs in, it takes the user_id key in both tables to allow the user to then perform another task in the seperate script.
This works fine.

However, I'm struggling doing this with vBulletin.
I currently have:

PHP Code:

if( FORUM_BOARD == 'vB' )
    {
        $username    = addslashes($_POST ['username']); // username  
        $password     = addslashes($_POST ['password']); // password
                                
        // Convert the password entered into the fancy vBulletin code 
        $newpassword = md5(md5($password) . $userinfo['salt']); 
        
        $sql = "SELECT userid, username, password
                FROM " . vB_USERS_TABLE . "
                WHERE username = '" . str_replace("\\'", "''", $username) . "'";

    
        $result = $sys->ExecSQL( $sql );
        if( $row = mysql_fetch_array($result) )
        {
            if( md5(password) == $row['newpassword'] )
            {
                $session->Put('userid',intval($row['user_id']));
                $session->Put('logged',1);
                $session->Put('username',$row['username']);
                $session->Store();
            }    
            else
                $errors[] = 'You have specified an incorrect or inactive VB username, or an invalid password.';    
        }
        else
            $errors[] = 'You have specified an incorrect or inactive VB username, or an invalid password.';    
    } 


Can anyone point me in the right direction.
The code listed here doesnt even authenticate, I'm struggling with the MD5 encryption I think.

Many thanks,
Ian