Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 06-29-2009, 09:52 PM
budget_ben budget_ben is offline
 
Join Date: Jun 2009
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Login from external app without any redirect

I've tried to read the great variety of login/redirect threads on the board but haven't found anything akin to what I'm trying to do.

I have a flash app that accesses a wide variety of server-side data via php scripts. What I am attempting is to allow the user to 'log in' via the flash application residing on the same server. I put the 'log in' in quotes only because I'm not expecting the user to be able to browse the forums via my wee app, I just need to authenticate a username/password combo and acquire a valid session.

A brief rundown of the sequence of events:
1. user is playing with the flash app and would like to save his/her progress.
2. a dialog box prompts for the username and password.
3. I do a POST to https://mysite.com/handleLogin.php
4. the php page validates the provided data and returns a 'go/no go' string to the flash app.

The problem I am running into is that the login code below does not work without using the do_login_redirect() function. With the correct username and password, it will return 'true' for a success but I'm not really logged in - when I browse to the forum index.php it acts as if I have not logged in.

Code:
function validateLogin( $username, $password )
{
	global $vbulletin;
	
	$vbulletin->input->clean( $username, TYPE_STR );
	$vbulletin->input->clean( $password, TYPE_STR );
	
	$strikes = verify_strike_status($username);
	if ($strikes === false || $strikes >= 5)
	{
		return false; //locked out	
	}	

	if( !verify_authentication($username, $password, '', '', true, false) )
	{
		return $strikes + 1;	//fat-fingered the password?
	}
	else
	{
		//User and pw ok, let's log them in
		exec_unstrike_user($username);

		process_new_login('', true, '');
		
		//*****************************
		//	WHY MUST I REDIRECT?
		//*****************************
		//do_login_redirect();
		
		return true;	
	}
}
So now my questions (finally):
1. Does anyone know why there needs to be a redirect? Does it need one to properly set the cookie/active user list?
2. Is there a way around this?

I appreciate any help you folks can provide.
Reply With Quote
  #2  
Old 06-30-2009, 04:44 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Cookies don't set unless a complete page load is presented to the browser. That is most likely the problem.
Reply With Quote
  #3  
Old 06-30-2009, 03:01 PM
budget_ben budget_ben is offline
 
Join Date: Jun 2009
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks for the help - simply re-loading the page seemed to do the trick.

Here's a complete example for anyone else interested in using the forum database as general purpose user authentication.

Code:
<?php
// ######################### REQUIRE BACK-END ############################
require_once('./global.php');
require_once(DIR . '/includes/functions_login.php');
require_once(DIR . '/includes/functions_misc.php');

//returns FALSE if locked out, or the number of strikes, or TRUE for success
function validateLogin( $username, $password )
{
	global $vbulletin;
	
	$vbulletin->input->clean( $username, TYPE_STR );
	$vbulletin->input->clean( $password, TYPE_STR );
	
	$strikes = verify_strike_status($username);
	if ($strikes === false || $strikes >= 5)
	{
		return false; //locked out	
	}	

	if( !verify_authentication($username, $password, '', '', true, false) )
	{
		exec_strike_user($vbulletin->userinfo[ $username ]);
		return $strikes + 1;	//fat-fingered the password?		
	}
	else
	{
		//User and pw ok, let's log them in
		exec_unstrike_user($username);

		process_new_login('', true, '');
		
		return true;	
	}
}

if( isset($_POST['do']) && $_POST['do'] === 'login' )
{
	if( isset($_POST['username']) )
	{
		$username = $_POST['username'];
	}
	
	if( isset($_POST['password']) )
	{
		$password = $_POST['password'];
	}
	
	if( isset($username) && isset($password) )
	{
		//Attempt the login - input is cleaned in the function
		$result = validateLogin($username, $password);
	
		if( $result === true )
		{
			//Re-load this page to ensure all cookies are set
			exec_header_redirect('forumLoginTest.php');	
		}
		else if( $result === false )
		{
			echo("transaction=ERR_LOCKED_OUT");
		}
		else
		{
			echo("transaction=ERR_STRIKE&value=$result");	
		}
	}
	else
	{
		echo("transaction=ERR_PARSE");	
	}
}
else
{
	echo("transaction=ERR_NONE");
}

?>
Reply With Quote
  #4  
Old 06-30-2009, 04:08 PM
chaim_2003 chaim_2003 is offline
 
Join Date: Jan 2009
Posts: 4
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks for this!
Reply With Quote
  #5  
Old 11-18-2009, 02:03 PM
jwm0z jwm0z is offline
 
Join Date: Oct 2009
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Reading this post helped me figure out why my session style (not cookie, cookie was fine) login was not working in an ajax function yet it was in a regular POST/redirect style flow.

A redirect is not explicitly needed, it is what happens during the redirect (exec_header_redirect()) which is needed. After looking through the code the reason it appears that a proper redirect is needed is that it eventually calls exec_shut_down() which saves the session.

I could not figure out why my session was not saved correctly with the user info inside and this is the reason.

So for a very simple login:

PHP Code:
$vbulletin->userinfo fetch_userinfo($userid);
$vbulletin->session->created false;
process_new_login($logintype ''$cookieuser false$cssprefs '');
exec_shut_down(); 
Thanks again for the 'redirect' tip-off, this has been pissing me off for about 2 days.
Reply With Quote
  #6  
Old 11-20-2009, 09:45 PM
Molech Molech is offline
 
Join Date: Oct 2009
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

thanks guys, these posts were very helpful for me.
Reply With Quote
  #7  
Old 08-20-2011, 03:27 PM
otlayi otlayi is offline
 
Join Date: Jan 2011
Posts: 7
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by jwm0z View Post
Reading this post helped me figure out why my session style (not cookie, cookie was fine) login was not working in an ajax function yet it was in a regular POST/redirect style flow.

A redirect is not explicitly needed, it is what happens during the redirect (exec_header_redirect()) which is needed. After looking through the code the reason it appears that a proper redirect is needed is that it eventually calls exec_shut_down() which saves the session.

I could not figure out why my session was not saved correctly with the user info inside and this is the reason.

So for a very simple login:

PHP Code:
$vbulletin->userinfo fetch_userinfo($userid);
$vbulletin->session->created false;
process_new_login($logintype ''$cookieuser false$cssprefs '');
exec_shut_down(); 
Thanks again for the 'redirect' tip-off, this has been pissing me off for about 2 days.
You sir, are a badass. Replacing my do_login_redirect() with exec_shut_down() and then my own header('Location: /') worked PERFECTLY. Mad props :up:
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:15 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04149 seconds
  • Memory Usage 2,239KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_code
  • (2)bbcode_php
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (7)post_thanks_box
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete