Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Reload this Page Single Signin via Key
FAQ Community Calendar Today's Posts Search

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 10-18-2007, 08:06 PM
clykclyk clykclyk is offline
 
Join Date: Oct 2007
Location: Texas
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Single Signin via Key
I've been searching but can't find a solution for what I need. However, if there is one please feel free to post a link.

So, here's what I'm trying to do...

I've got a Java application that will have a link to the vBulletin forums.
The link looks like this:
http://domain.com/signon.php?hash=rand128charkey

The random 128 character key is inserted into an extra database table I've created called vb_hash which stores the 128 char key, username and timestamp. Now, the purpose of this is to authenticate via the KEY not via a login page that is displayed. I'm trying to make the login transparent. The Java app will handle registering the users and initially authenticating them but the movement to the vbulletin forums has to be transparent, silent and present NO user credentials that malicious persons could extract for later use.

To achieve this my thought was to first verify the URL key against the one stored in the database table prior to redirecting to the signon.php script. Then to check the timestamp against now() to make sure its within a given ttl.

If that verification succeeds, the username stored in vb_hash is searched for in vb_users. With that, session variables, cookies, etc. would be created and then the script does a header() redirect to the forums. This way by the time the visitor gets to the forums they are already logged in and don't have to refresh or anything like that.

Here is what I need help with...
Now, I have this entire thing built but I can't seem to figure out how vBulletin qualifies a logged in user. Meaning is it a particular set of session variables and if so what and where are they?
Is it cookies?

If someone could explain the specifics of what vBulletin uses to qualify a user and tell me how I can manually log a user in without their password...using the key. If someone could also point me to the block of code in vb that does this that would be helpful as well. I've checked includes/functions_login.php and login.php but there must be some underlying code thats doing this and I haven't found it yet. I need to know what session or cookie values I can set and where those are set in the production code so I can mimic the authentication behavior manually.

Any help is greatly appreciated.

As far as security, no user information is ever provided in the URL or form redirection... it all has to be silent & server side. The only thing displayed is a random 128 character string that has nothing to do with the user and is deleted after its used the first time. The TTL would serve as a backup to address a borked process where someone captured the URL and it would be too short to do anything. Like 10 seconds.

Thanks,
Kyle
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 06:49 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03873 seconds
  • Memory Usage 2,438KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (3)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (6)post_thanks_box
  • (6)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (6)post_thanks_postbit_info
  • (6)postbit
  • (6)postbit_onlinestatus
  • (6)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete