Go Back   vb.org Archive > vBulletin Article Depository > Read An Article > vBulletin 3 Articles

Reply
 
Thread Tools
Single Signin / Login Integration Tip
orbita
Join Date: May 2006
Posts: 1

 

Show Printable Version Email this Page Subscription
orbita orbita is offline 05-11-2006, 10:00 PM

Hi people, first post here, hope its useful

I've just installed vbulletin on a client site as they needed a forum/discussion facility and vbulletin provided good moderation facilities. They wanted existing users who were logged into the site not to have to log in again in order to use vbulletin.

I noticed there wasnt much help for this on the forum and quite a few posts asking how it could be done. Since I have solved part of the problem I thought it might be useful to share it with you.

Essentially the problem is to log in an existing user into vbulletin outside of the vbulletin environment so that when they access a vbulletin page it recognises them.

This, as you might imagine involves the use of cookies.

The way I have gone about it is to create an authentication handler in apache to be triggered when anyone tries to access a vbulletin page (i have vbulletin installed under /vb/)

Since we are using mod_perl, the httpd.conf directive looks a bit like this...

<Location /vb/>
AuthType BLAHType
AuthName BLAHName
PerlAccessHandler BLAH->login_to_vb
</Location>


So.. when a user asks for a vb page, first it runs the login_to_vb method in module BLAH. (but you could probably make this a php page or something else)

the login_to_vb script routine works as follows

1) it gets the currently signed in username and password (this will depend on the authorisation your website uses
2) it POSTs this information to /vb/login.php. In perl I do it like this...

my $browser = LWP::UserAgent->new;
my $response = $browser->post( $url, [
vb_login_username=>$user,
vb_login_password=>$pass,
do=>'login');


3) It reads the cookies from the header recieved back and the places them into the outgoing headers..

my $header = $response->headers;
my @cookies = $header->header('Set-Cookie');

foreach my $c (@cookies) {
$r->headers_out->add('Set-Cookie',$c);
}

4) Finally, it redirects the user to the page they were trying to access.

my $redir_url = "http://".$r->hostname.$r->uri;
my $pathinfo = join '&', ( map { "$_=$args->{$_}" } keys %{$args} );
$redir_url.= "?$pathinfo" if $pathinfo;
$r->headers_out->add("Location" => $redir_url);
$r->status(302);
$r->send_http_header;
Apache::exit;


BUT.. there is a problem...

vbulletin is clever, when you login, it registers your IP address against the session it creates for you. Next time you hit a vbulletin page it checks your IP against that session to make sure it is handing it back to the correct user.

If you look at the file includes/class_core.php you will find a SQL query around line 2460 that looks mostly like this...

if ($session = $db->query_first("
SELECT *
FROM " . TABLE_PREFIX . "session
WHERE sessionhash = '" . $db->escape_string($sessionhash) . "'
AND lastactivity > " . (TIMENOW - $registry->options['cookietimeout']) . "
AND ( (
host = '" . $this->registry->db->escape_string(SESSION_HOST) . "'
AND idhash = '" . $this->registry->db->escape_string(SESSION_IDHASH) . "'
)
OR host = '".$_SERVER['SERVER_ADDR']."' )
"))
{


If you modify the query to what I have here, the server will happily let you log in if the session originally came from the server IP address, regardless of the IDHASH or HOST address. This reduces security a little bit so if you are very security conscious you might need to adjust this to suit you better.


What else?

Well, you don't really want the script to log you in EVERY time you access a vB page - bit excessive. So I set an extra cookie with a timestamp and only log in if a certain time has passed since it last logged you in. I set this interval just lower than the timeout set in vbulletin so that it logs you back in just before the vbulletin timeout kicks in. You can hard code this or pull it out of the vbulletin database settings.

Obviously this just handles the login process.. You will need to find a way to keep the users details in sync. There are instructions for editing users details remotely on this site so I dont really need to cover that. One way though, would be to turn off user profile/password editing in the bulletin software and simply update the vbulletin user database from your existing application.

To make updates to the vbulletin user database you need to create a php file (say /vb/updateVB.php within your vb directory that you can call upon to make changes to the user table.

It would probably start something like this..
require_once('./global.php');
require_once('./includes/class_dm.php');
require_once('./includes/class_dm_user.php');

$userdm = new vB_DataManager_User($vbulletin, ERRTYPE_ARRAY);

$userdm->set('username', qpc_post('username'));
$userdm->set('password', qpc_post('password'));

etc...

Then from your application you can make GET requests to your script

eg: /vb/updateVB.php?do=new_user&username=blah&password=bl ah

Hope someone finds this of use.
regards, Tom
Reply With Quote
  #2  
Old 05-12-2006, 04:01 PM
gdlx gdlx is offline
 
Join Date: May 2006
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This is really useful information...I wish I would have come across it a few weeks ago!
Reply With Quote
  #3  
Old 05-13-2006, 10:33 PM
Connector Connector is offline
 
Join Date: Dec 2005
Location: Spain
Posts: 97
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Could you put full code it will be very usefull .. where user can register outside the forums etc..
Reply With Quote
  #4  
Old 08-09-2006, 09:08 PM
skoTner skoTner is offline
 
Join Date: Aug 2006
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yes, I would also like it if you could write a few newbie tips. I understand some of what you write, but not all... and how to do this in PHP only?

I have a site with a selfmade login as of today. I also have the vBulletin forum under /forum of the site. How can I make my own login on the root-site match the forum as you have explained here, all in php?

I've tried just reading the cookies the forum sets, but I reckon that doesn't quite do it?
Reply With Quote
  #5  
Old 08-13-2006, 05:57 AM
AussieFreelance AussieFreelance is offline
 
Join Date: Aug 2006
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

i second that... i understand most of what is here, but not all, and am also interested in integrating the registration process as well as the login. I guess if you remove the ability to modify their account details or password, then it would just read from your existing customer db table, correct?

definitely interesterd in find out more about this.

thanks

Patrick
Reply With Quote
  #6  
Old 09-24-2006, 05:19 AM
tabacco tabacco is offline
 
Join Date: Jan 2005
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Regarding doing this in PHP... I started to write something along the same lines, then got distracted. Here's what I have, but I haven't really tried it out yet. Might be a helpful starting point, though:
PHP Code:
$timenow time();
if(!isset(
$_SESSION["next_forum_login_request"])) $_SESSION["next_forum_login_request"] = 0;
        
        if(
$timenow $_SESSION["next_forum_login_request"]) {
            
            
$ch curl_init("http://".$_SERVER["HTTP_HOST"]."/forum/login.php");
            
curl_setopt($ch,CURLOPT_POSTtrue);
            
curl_setopt($chCURLOPT_POSTFIELDS"do=login&vb_login_username=".$username."&vb_login_password=&s=&vb_login_md5password=".$pre_md5d_password."&vb_login_md5password_utf=".$pre_md5d_password);
            
curl_setopt($chCURLOPT_HEADERtrue);
            
curl_setopt($chCURLOPT_NOBODYtrue);
            
curl_setopt($chCURLOPT_RETURNTRANSFERtrue);
            
curl_exec($ch);
            
$result explode("\n",curl_multi_getcontent($ch));
                                            
            foreach(
$result as $headerline) {
            
                if(
strpos($headerline,"Set-Cookie: ") === 0) {
                    
header($headerline);
                }
                    
            }
            
            
$_SESSION["next_forum_login_request"] = $timenow 300;
        

If you spot any glaring errors that will break everything, let me know
(and remember... I haven't tested this code, so I don't promise it works)
Reply With Quote
  #7  
Old 09-25-2006, 02:13 AM
cphonx cphonx is offline
 
Join Date: Sep 2006
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Exactly what I was looking for. Thanks a ton!

*gets to work*
Reply With Quote
  #8  
Old 09-25-2006, 09:23 AM
Hornstar Hornstar is offline
 
Join Date: Jun 2005
Location: Australia
Posts: 2,469
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This has been out since last year already https://vborg.vbsupport.ru/showthrea...n+non+vb+pages

I think that would have solved your solution/s already
Reply With Quote
  #9  
Old 09-27-2006, 10:37 PM
tabacco tabacco is offline
 
Join Date: Jan 2005
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

My final solution was just to set the bbuserid and bbpassword cookies as session cookies when a user logs onto my site (and disable all the login/logout stuff in the vB templates). It ends up being a little simpler than the POST trick, and doesn't require code changes to vB (which I hate doing, because it makes upgrading a pain)
Reply With Quote
  #10  
Old 10-09-2006, 07:03 PM
wcm wcm is offline
 
Join Date: Sep 2006
Posts: 10
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Has anyone tried the Perl solution with 3.6? It looks like a very neat way to do this.

I am a little bit curious on how the final perl script looks.

Any response is appreciated.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:22 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07387 seconds
  • Memory Usage 2,300KB
  • Queries Executed 23 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_article
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (9)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete