Login from external app without any redirect

[budget_ben]

Thanks for the help - simply re-loading the page seemed to do the trick.

Here's a complete example for anyone else interested in using the forum database as general purpose user authentication.

Code:

<?php
// ######################### REQUIRE BACK-END ############################
require_once('./global.php');
require_once(DIR . '/includes/functions_login.php');
require_once(DIR . '/includes/functions_misc.php');

//returns FALSE if locked out, or the number of strikes, or TRUE for success
function validateLogin( $username, $password )
{
	global $vbulletin;
	
	$vbulletin->input->clean( $username, TYPE_STR );
	$vbulletin->input->clean( $password, TYPE_STR );
	
	$strikes = verify_strike_status($username);
	if ($strikes === false || $strikes >= 5)
	{
		return false; //locked out	
	}	

	if( !verify_authentication($username, $password, '', '', true, false) )
	{
		exec_strike_user($vbulletin->userinfo[ $username ]);
		return $strikes + 1;	//fat-fingered the password?		
	}
	else
	{
		//User and pw ok, let's log them in
		exec_unstrike_user($username);

		process_new_login('', true, '');
		
		return true;	
	}
}

if( isset($_POST['do']) && $_POST['do'] === 'login' )
{
	if( isset($_POST['username']) )
	{
		$username = $_POST['username'];
	}
	
	if( isset($_POST['password']) )
	{
		$password = $_POST['password'];
	}
	
	if( isset($username) && isset($password) )
	{
		//Attempt the login - input is cleaned in the function
		$result = validateLogin($username, $password);
	
		if( $result === true )
		{
			//Re-load this page to ensure all cookies are set
			exec_header_redirect('forumLoginTest.php');	
		}
		else if( $result === false )
		{
			echo("transaction=ERR_LOCKED_OUT");
		}
		else
		{
			echo("transaction=ERR_STRIKE&value=$result");	
		}
	}
	else
	{
		echo("transaction=ERR_PARSE");	
	}
}
else
{
	echo("transaction=ERR_NONE");
}

?>