cookies AND session on nonvb site without including global.php

[Freesteyelz]

If you've set the cookies to point at "/domain.com" then a central login is workable. I've taken and modified bits of code to make things work but as merk mentioned I found using ./global.php is very convenient. I haven't noticed a significant performance hit; my members as well except when the server glitches but that's an entirely different issue.

[ConKien]

Quote:

Originally Posted by Freesteyelz

If you've set the cookies to point at "/domain.com" then a central login is workable. I've taken and modified bits of code to make things work but as merk mentioned I found using ./global.php is very convenient. I haven't noticed a significant performance hit; my members as well except when the server glitches but that's an entirely different issue.

I tried to include .global.php of to integrate with other application, some work ok, some conflict with the cookies of the applications itself. It's always good if you could use the global.php file, but it doesn't work everytime.

[hidjra]

i wrote this code to do exactly what i stated above. I'm just not sure this is the best way for doing this. Could some one have a look at this?

PHP Code:

// copied from vb3.5 gold
function fetch_alt_ip()
    {
        if (isset($_SERVER['HTTP_CLIENT_IP']))
        {
            $alt_ip = $_SERVER['HTTP_CLIENT_IP'];
        }
        else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $matches))
        {
            // make sure we dont pick up an internal IP defined by RFC1918
            foreach ($matches[0] AS $ip)
            {
                if (!preg_match("#^(10|172\.16|192\.168)\.#", $ip))
                {
                    $alt_ip = $ip;
                    break;
                }
            }
        }
        else if (isset($_SERVER['HTTP_FROM']))
        {
            $alt_ip = $_SERVER['HTTP_FROM'];
        }
        else
        {
            $alt_ip = $_SERVER['REMOTE_ADDR'];
        }

        return $alt_ip;
    }

// define vars
define('COOKIE_SALT', 'blablablabla');
$alt_ip = fetch_alt_ip();
define('ALT_IP', $alt_ip);
define('IPADDRESS', $_SERVER['REMOTE_ADDR']);


if($_COOKIE['bbsessionhash']){
  //check if cookie exists
  $sessionhash = $_COOKIE['bbsessionhash'];
}elseif($_REQUEST['s']){
  // check session in request
  $sessionhash = $_REQUEST['s'];
}else{
  // no cookie and no session, use vb engine en redirect
  chdir('/xx/xx/xxx/forums');
  require('./global.php');
  header("Location: " .str_replace('.php', '.php' .$vbulletin->session->vars['sessionurl_q']. '&', $_SERVER['PHP_SELF']));
}

define('SESSION_IDHASH', md5($_SERVER['HTTP_USER_AGENT'] . ALT_IP ));
define('SESSION_HOST', substr(IPADDRESS, 0, 15)); 
define('USER_AGENT', $_SERVER['HTTP_USER_AGENT']);

$cookietime = intval(time() - 900);
$sessie = $DB_site->query_first("SELECT * FROM session WHERE sessionhash = '$sessionhash' AND lastactivity > '$cookietime' AND host = '" .SESSION_HOST. "' AND idhash = '" .SESSION_IDHASH. "' AND useragent='" .USER_AGENT. "'");

if(($_COOKIE['bbuserid']) AND ($_COOKIE['bbpassword'])){
  $getuser = $DB_site->query("SELECT * FROM user WHERE userid = '$_COOKIE[bbuserid]'");
  $user = $DB_site->fetch_array($getuser);
  if($_COOKIE['bbpassword'] == md5($user['password'] . COOKIE_SALT)){
    $user['logouthash'] = md5($user['userid'] . $user['salt'] . COOKIE_SALT);
    $bbuserinfo = $user;
  }
}elseif($sessie['userid']){
  $getuser = $DB_site->query("SELECT * FROM user WHERE userid = '$sessie[userid]'");
  $user = $DB_site->fetch_array($getuser);
  $user['logouthash'] = md5($user['userid'] . $user['salt'] . COOKIE_SALT);
  $bbuserinfo = $user;
}

$DB_site->query("UPDATE session SET lastactivity = '" .time(). "' WHERE sessionhash = '$sessionhash'");
if($bbuserinfo['userid']>0){
  $DB_site->query("UPDATE user SET lastactivity = '" .time(). "' WHERE userid = '$bbuserinfo[userid]'");
}