auto login to vb when login to main site?

[35mm]

Hi all.
I am developing a site that has it's own user registration and login system. I have got as far as auto creating a forum account for a user when they register to the main site. That's fine. Now I want them to be auto logged into the forum when they are logged into the main site, so they don't have to login twice.

I have searched about for an answer but not found anything definitive for this. I thought it may be as easy as creating the sessions and cookies for VB in my main login system. I.e bb_sessionhash, bb_userid, bb_password etc. However, I am noticing that the current version of vb no longer seems to generate bb_userid and bb_password cookies when logging in directly to vb. However my bb_sessionhash cookie and coresponding db entry generated by my main login script do seem to be correct, but I'm not logged in to vb.

Can some one tell me what the best method is for logging into vb via an other login system?

[35mm]

Managed to figure it all out and get it working! Once again thank you all so much for the vast number of replies, help, advice and useful information you have all been so keen to provide here. This really is such a great community right here. I just don't know what I would do with out you guys. Big hugs to you all!

[ingwa]

35mm, please let me know how you did it? I am working on an application that has already been developed with it's own auth, along with FB auth, and the forums are an addon for support etc. Ultimately what I would like to do is a kind of FB Connect button but an Application Connect where they click that and it automatically creates an account for them using their application logins. However what I'm not sure how to handle is password changes on the application so the connect button would be a great solution.

[35mm]

Hi Ingwa, my site is not in production yet so I changed the password hashing of the site to use the same hashing method of vb. I also sync the user ID's from both systems. So when a user signs up or changes their password, it also creates/updates their forum account. As the main site also has user profiles and messenger, I didn't want vb user profiles or messenger so re-routed those to the main site's. I also got rid of vb's register page and login.

Now when a user logs into the main site, they are automatically logged into vb too. This is just simply a question of creating the sessions/cookies that vb's login process creates.

I think this is my working code - based on someone else's code example from some other thread here;

PHP Code:

// vBulletin logins
                    $vbuser = "SELECT salt FROM vb_user WHERE userid = '$userID' LIMIT 1";
                    // add query call here....

                    if(mysql_num_rows(query) == 1){
                        $vbsalt = mysql_result(query,0,'salt');
                    }
                    $cookie_salt = "xxxxxxxxxxxxxx"; // cookie salt - from /forum/inc/functions.php line 30 ish
                    $cookie_password_salted = md5($pass.$cookie_salt);
                    // grab user's IP here (we called it $alt_ip)
                    $vbidhash = md5($_SERVER['HTTP_USER_AGENT'].$alt_ip); // not too smart using unpurified &_SERVER var there tut tut
                    $vbsessionhash = md5(uniqid(microtime(), true));
                    mysql_query("DELETE FROM `vb_session` WHERE `userid`='$userID' OR `host`='$ip'",$dbconnect); // delete old session
                    mysql_query("INSERT INTO `vb_session` (`sessionhash`, `userid`, `host`, `idhash`, `lastactivity`, `location`, `useragent`, `styleid`, `languageid`, `loggedin`, `inforum`, `inthread`, `incalendar`, `badlocation`, `bypass`, `profileupdate`) VALUES ('$vbsessionhash', '$userID', '$alt_ip', '$vbidhash', '$session_time', '$url_path/forums/', '$new_useragent', '0', '0', '2', '0', '0', '0', '0', '0', '0')",$dbconnect);
                    setcookie('bb_lastvisit',$session_time,$cookie_expire,$url_path.'/',$site_domain); 
                    setcookie('bb_lastactivity',0,$cookie_expire,$url_path.'/',$site_domain); 
                    setcookie('bb_sessionhash',$vbsessionhash,$cookie_expire,$url_path.'/',$site_domain); 
                    setcookie('bb_userid',$userID,$cookie_expire,$url_path.'/',$site_domain); 
                    setcookie('bb_password',$cookie_password_salted,$cookie_expire,$url_path.'/',$site_domain);
                    // 


Some obvious things have been removed from the code, but it should give you an idea of the process and what needs to be done.

Some considerations;
You are probably better off giving your vb users the same user id as they have in your main user db, rather than using the auto increment in the vb user table.

For ease of integration I would suggest you use vb's password hashing method for password hashing in your main user database so that their passwords in both databases are the same - have the same hashed result.

In your process for users to change or reset their passwords on your main site, make sure you add code so it also updates their password in vb user table.

Redirect all vb registration requests, login and lost password requests etc to your main site registration, login and password reset etc pages.

I hope this helps!

[ingwa]

35mm, thank you so much for sharing your code and experience. At this point we have a main site that has been live for a small time so I'll have to figure out how to handle that. However, you've given me some great direction and I appreciate the time you took to reply.

I'll keep a look out for your posts and try help where I can. Here's hoping I can get this cracked in a few hours and I wish you success with your project too.

Ingwa.

[punterzone]

Would someone be able to tell me what I'm doing wrong here?

PHP Code:

define('START_CWD','/home/pzone/public_html');
define('CWD','/home/pzone/public_html/forum');
chdir(CWD);
include_once CWD.'/includes/class_hook.php';
include_once CWD.'/global.php';
chdir(START_CWD);
include_once('/home/pzone/public_html/forum/includes/functions_login.php');
$password=$_POST['password'];
$username=mysql_real_escape_string($_POST['username']);
$results=mysql_query("SELECT userid,zip,password,salt,dispid FROM com_user WHERE username='$username' LIMIT 1");
$row=mysql_fetch_assoc($results);
$password=md5(md5($password).$row['salt']);
$md5_pass=md5($_POST['password']);
$check=verify_authentication($_POST['username'], '', $md5_pass, $md5_pass, '0', '1');
if($check){
    exec_unstrike_user($username);
    process_new_login('', $username, '');
    $vbulletin->url='/index.php';
    $cookie_salt="kba1j5MmRINZnEnhOEtWrptt0V1ej";
    $cookie_password_salted=md5($pass.$cookie_salt);
    $useragent=$_SERVER['HTTP_USER_AGENT'];
    $userip=$_SERVER['REMOTE_ADDR'];
    $vbidhash=md5($_SERVER['HTTP_USER_AGENT'].$userip);
    $vbsessionhash=md5(uniqid(microtime(), true));
    $session_time=time();
    $cookie_expire=31536000;
    $site_domain="punterzone.com.au";
    $url_path="/forum";
    mysql_query("DELETE FROM session WHERE userid=1 OR host='$userip'");
    mysql_query("INSERT INTO session VALUES ('$vbsessionhash', '1', '$userip', '$vbidhash', '$session_time', '/forum/', '$useragent', '0', '0', '2', '0', '0', '0', '0', '0', '0','','')");
    setcookie('bb_lastvisit',$session_time,$cookie_expire,$url_path.'/',$site_domain); 
    setcookie('bb_lastactivity',0,$cookie_expire,$url_path.'/',$site_domain); 
setcookie('bb_sessionhash',$vbsessionhash,$cookie_expire,$url_path.'/',$site_domain); 
    setcookie('bb_userid',$userID,$cookie_expire,$url_path.'/',$site_domain); 
setcookie('bb_password',$cookie_password_salted,$cookie_expire,$url_path.'/',$site_domain); 
    exec_shut_down();
    header('Location:/');
    exit;
}else{
    header('Location:/loginfail');
} 


Logs in fine on my external site, but the user (userid=1) is not logged in when I load the forum

--------------- Added [DATE]1314731113[/DATE] at [TIME]1314731113[/TIME] ---------------

Just noticed I'd set cookie_expire to the past, but I've sorted that and still it does't work.

[Fever905]

Punterzone - did you get it working? I'm trying this now using VB4....