How to verify users group membership from VB cookie

[void]

Hi All,

I need to integrate the vb user/group system into a secondary php system.

The script should return the username if:

1. The users vb cookie is in a logged in state (dont know if it can exist and not be in a logged-in state).

2. The user is a member of a special group. (Hardcoded groupname)

Otherwise the script should return a blank and the receiving system will tell the visitor to log into VB first and/or join the appropiate group .

Oh, and the script should work across domains!, i.e. I need to return the user name or the blank to www.site1.com from www.site2.com.

Any ideas to the various levels in the above?

/Tim

[void]

Ok,

I made the following script

Script 1

PHP Code:

<?php
require_once('./global.php');  

$PRIVILIGED = array("5", "6", "7");        // Super Moderator, Admin, Moderator
$TRUSTED = array("9", "10", "11");        // Wiki, VIP, Special
$ALLOWED = False;                    // Default not logged-in and not priviliged/trusted

// Check if user is logged in
if ($vbulletin->userinfo['userid']!=0) 
{
    if (in_array($vbulletin->userinfo['usergroupid'], $PRIVILIGED)) 
        $ALLOWED = True;

    if (!$ALLOWED)
    {
        $memberships = explode(',',$vbulletin->userinfo['membergroupids']); 
        foreach($memberships as $membership)
            if (in_array($membership, $TRUSTED)) 
            {
                $ALLOWED = True;
                break;
            }
    }
}

if ($ALLOWED)
    $var = $vbulletin->userinfo['username'].','.$vbulletin->userinfo['userid'];
else
    $var= 'no';

echo $var;
?>

This works fine when I execute it directly from my browser.

But I need to call script1 from another domain. Script1 above is actually placed in one subdomain like sub1.mysite.com and I need to call script1 from script2 in another subdomain like sub2.mysite.com.

Script 2

PHP Code:

<?php

ob_start();
include 'http://sub1.mysite.com/script1.php';
$contents = ob_get_contents();
ob_end_clean();

echo $contents;
?>

But this fails!

When script 2 calls script 1 it echos "no" even though calling script1 directly returns a username and id. I found out that script1 fails at "

PHP Code:

if ($vbulletin->userinfo['userid']!=0) 


The VB3.53 has its cookie set to ".mysite.com", so that should be ok.

What am I missing here?

[Andreas]

Simpilfied code:

PHP Code:

<?php
require_once('./global.php');
if (is_member_of($vbulletin->userinfo, 5, 6, 7, 9, 10, 11))
{
    $var = $vbulletin->userinfo['username'].','.$vbulletin->userinfo['userid'];
}
else
{
    $var = 'no';
}
?>

Secondly, I don't understand why you need 2 Scripts.
If you use an include with an URL, the included script will never get cookies.
Also, for cookies to work across subdomains, your cookie-domain must be set to .mysite.com

[void]

Quote:

Originally Posted by Andreas

Simpilfied code:

I know. The script is a work in progress and I need to extend the needed differentiation later. I was stopped in my tracks by this problem

Quote:

Originally Posted by Andreas

Secondly, I don't understand why you need 2 Scripts.

I dont see how I can do it with 1 script. What are you suggesting here?

Quote:

Originally Posted by Andreas

If you use an include with an URL, the included script will never get cookies.

Why? Why should an included script not be able to access cookies that is availible to both sub domains?

Quote:

Originally Posted by Andreas

Also, for cookies to work across subdomains, your cookie-domain must be set to .mysite.com

As I stated in my previous post, it is.

[Andreas]

When you do an include through an URL, the PHP process is the "browser" - and it does not have cookies

You would have to use fsockopen, curl or smth. to pass through the cookies.

But still I don't underestand why you don't just load the vBulletin backend where you need the data?

[void]

Quote:

Originally Posted by Andreas

When you do an include through an URL, the PHP process is the "browser" - and it does not have cookies

Bugger

Quote:

Originally Posted by Andreas

But still I don't underestand why you don't just load the vBulletin backend where you need the data?

You're most welcome to be elaborate. By all means! I'm no php/vb expert so I'm not sure I understand you correctly , but I cant share folders between the 2 sub domains. They dont necessarily run on the same webserver, so that I can connect them behind the lines. Or can I?

Can I require the global.php file from a script on subdomain 2 and run script 1 here instead?

Or do I have to disect the various VB scripts and extract userinfo initialization code into a standalone script that does not require a VB installation but only the cookie and the db?

[Andreas]

I assumed both subdomains are being hosted on the same phsical server (does not necessarily have to be the same webserver). If they are being run on separate machines, it gets more compicated - you could use NFS for example.

Or you could use a standalone login check (that's what I would do).

Or you could take the cookies and pass it (through a GET request for example) to the other server, process it and return if it's authorized or not).

[void]

Andreas,

I'll investigate the different approaches. Thx's for your efforts. It is much appreciated!

/Tim