The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Login from external app without any redirect
I've tried to read the great variety of login/redirect threads on the board but haven't found anything akin to what I'm trying to do.
I have a flash app that accesses a wide variety of server-side data via php scripts. What I am attempting is to allow the user to 'log in' via the flash application residing on the same server. I put the 'log in' in quotes only because I'm not expecting the user to be able to browse the forums via my wee app, I just need to authenticate a username/password combo and acquire a valid session. A brief rundown of the sequence of events: 1. user is playing with the flash app and would like to save his/her progress. 2. a dialog box prompts for the username and password. 3. I do a POST to https://mysite.com/handleLogin.php 4. the php page validates the provided data and returns a 'go/no go' string to the flash app. The problem I am running into is that the login code below does not work without using the do_login_redirect() function. With the correct username and password, it will return 'true' for a success but I'm not really logged in - when I browse to the forum index.php it acts as if I have not logged in. Code:
function validateLogin( $username, $password ) { global $vbulletin; $vbulletin->input->clean( $username, TYPE_STR ); $vbulletin->input->clean( $password, TYPE_STR ); $strikes = verify_strike_status($username); if ($strikes === false || $strikes >= 5) { return false; //locked out } if( !verify_authentication($username, $password, '', '', true, false) ) { return $strikes + 1; //fat-fingered the password? } else { //User and pw ok, let's log them in exec_unstrike_user($username); process_new_login('', true, ''); //***************************** // WHY MUST I REDIRECT? //***************************** //do_login_redirect(); return true; } } 1. Does anyone know why there needs to be a redirect? Does it need one to properly set the cookie/active user list? 2. Is there a way around this? I appreciate any help you folks can provide. |
#2
|
||||
|
||||
Cookies don't set unless a complete page load is presented to the browser. That is most likely the problem.
|
#3
|
|||
|
|||
Thanks for the help - simply re-loading the page seemed to do the trick.
Here's a complete example for anyone else interested in using the forum database as general purpose user authentication. Code:
<?php // ######################### REQUIRE BACK-END ############################ require_once('./global.php'); require_once(DIR . '/includes/functions_login.php'); require_once(DIR . '/includes/functions_misc.php'); //returns FALSE if locked out, or the number of strikes, or TRUE for success function validateLogin( $username, $password ) { global $vbulletin; $vbulletin->input->clean( $username, TYPE_STR ); $vbulletin->input->clean( $password, TYPE_STR ); $strikes = verify_strike_status($username); if ($strikes === false || $strikes >= 5) { return false; //locked out } if( !verify_authentication($username, $password, '', '', true, false) ) { exec_strike_user($vbulletin->userinfo[ $username ]); return $strikes + 1; //fat-fingered the password? } else { //User and pw ok, let's log them in exec_unstrike_user($username); process_new_login('', true, ''); return true; } } if( isset($_POST['do']) && $_POST['do'] === 'login' ) { if( isset($_POST['username']) ) { $username = $_POST['username']; } if( isset($_POST['password']) ) { $password = $_POST['password']; } if( isset($username) && isset($password) ) { //Attempt the login - input is cleaned in the function $result = validateLogin($username, $password); if( $result === true ) { //Re-load this page to ensure all cookies are set exec_header_redirect('forumLoginTest.php'); } else if( $result === false ) { echo("transaction=ERR_LOCKED_OUT"); } else { echo("transaction=ERR_STRIKE&value=$result"); } } else { echo("transaction=ERR_PARSE"); } } else { echo("transaction=ERR_NONE"); } ?> |
#4
|
|||
|
|||
Thanks for this!
|
#5
|
|||
|
|||
Reading this post helped me figure out why my session style (not cookie, cookie was fine) login was not working in an ajax function yet it was in a regular POST/redirect style flow.
A redirect is not explicitly needed, it is what happens during the redirect (exec_header_redirect()) which is needed. After looking through the code the reason it appears that a proper redirect is needed is that it eventually calls exec_shut_down() which saves the session. I could not figure out why my session was not saved correctly with the user info inside and this is the reason. So for a very simple login: PHP Code:
|
#6
|
|||
|
|||
thanks guys, these posts were very helpful for me.
|
#7
|
|||
|
|||
Quote:
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|