The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
Single Signin / Login Integration Tip
orbita
Join Date: May 2006
Posts: 1
05-11-2006, 10:00 PM
Hi people, first post here, hope its useful I've just installed vbulletin on a client site as they needed a forum/discussion facility and vbulletin provided good moderation facilities. They wanted existing users who were logged into the site not to have to log in again in order to use vbulletin. I noticed there wasnt much help for this on the forum and quite a few posts asking how it could be done. Since I have solved part of the problem I thought it might be useful to share it with you. Essentially the problem is to log in an existing user into vbulletin outside of the vbulletin environment so that when they access a vbulletin page it recognises them. This, as you might imagine involves the use of cookies. The way I have gone about it is to create an authentication handler in apache to be triggered when anyone tries to access a vbulletin page (i have vbulletin installed under /vb/) Since we are using mod_perl, the httpd.conf directive looks a bit like this... <Location /vb/> AuthType BLAHType AuthName BLAHName PerlAccessHandler BLAH->login_to_vb </Location> So.. when a user asks for a vb page, first it runs the login_to_vb method in module BLAH. (but you could probably make this a php page or something else) the login_to_vb script routine works as follows 1) it gets the currently signed in username and password (this will depend on the authorisation your website uses 2) it POSTs this information to /vb/login.php. In perl I do it like this... my $browser = LWP::UserAgent->new; my $response = $browser->post( $url, [ vb_login_username=>$user, vb_login_password=>$pass, do=>'login'); 3) It reads the cookies from the header recieved back and the places them into the outgoing headers.. my $header = $response->headers; my @cookies = $header->header('Set-Cookie'); foreach my $c (@cookies) { $r->headers_out->add('Set-Cookie',$c); } 4) Finally, it redirects the user to the page they were trying to access. my $redir_url = "http://".$r->hostname.$r->uri; my $pathinfo = join '&', ( map { "$_=$args->{$_}" } keys %{$args} ); $redir_url.= "?$pathinfo" if $pathinfo; $r->headers_out->add("Location" => $redir_url); $r->status(302); $r->send_http_header; Apache::exit; BUT.. there is a problem... vbulletin is clever, when you login, it registers your IP address against the session it creates for you. Next time you hit a vbulletin page it checks your IP against that session to make sure it is handing it back to the correct user. If you look at the file includes/class_core.php you will find a SQL query around line 2460 that looks mostly like this... if ($session = $db->query_first(" SELECT * FROM " . TABLE_PREFIX . "session WHERE sessionhash = '" . $db->escape_string($sessionhash) . "' AND lastactivity > " . (TIMENOW - $registry->options['cookietimeout']) . " AND ( ( host = '" . $this->registry->db->escape_string(SESSION_HOST) . "' AND idhash = '" . $this->registry->db->escape_string(SESSION_IDHASH) . "' ) OR host = '".$_SERVER['SERVER_ADDR']."' ) ")) { If you modify the query to what I have here, the server will happily let you log in if the session originally came from the server IP address, regardless of the IDHASH or HOST address. This reduces security a little bit so if you are very security conscious you might need to adjust this to suit you better. What else? Well, you don't really want the script to log you in EVERY time you access a vB page - bit excessive. So I set an extra cookie with a timestamp and only log in if a certain time has passed since it last logged you in. I set this interval just lower than the timeout set in vbulletin so that it logs you back in just before the vbulletin timeout kicks in. You can hard code this or pull it out of the vbulletin database settings. Obviously this just handles the login process.. You will need to find a way to keep the users details in sync. There are instructions for editing users details remotely on this site so I dont really need to cover that. One way though, would be to turn off user profile/password editing in the bulletin software and simply update the vbulletin user database from your existing application. To make updates to the vbulletin user database you need to create a php file (say /vb/updateVB.php within your vb directory that you can call upon to make changes to the user table. It would probably start something like this.. require_once('./global.php'); require_once('./includes/class_dm.php'); require_once('./includes/class_dm_user.php'); $userdm = new vB_DataManager_User($vbulletin, ERRTYPE_ARRAY); $userdm->set('username', qpc_post('username')); $userdm->set('password', qpc_post('password')); etc... Then from your application you can make GET requests to your script eg: /vb/updateVB.php?do=new_user&username=blah&password=bl ah Hope someone finds this of use. regards, Tom 
|
|
#4
08-09-2006, 09:08 PM
|
|||
|
|||
Yes, I would also like it if you could write a few newbie tips. I understand some of what you write, but not all... and how to do this in PHP only?
I have a site with a selfmade login as of today. I also have the vBulletin forum under /forum of the site. How can I make my own login on the root-site match the forum as you have explained here, all in php? I've tried just reading the cookies the forum sets, but I reckon that doesn't quite do it?
|
|
#5
08-13-2006, 05:57 AM
|
|||
|
|||
|
i second that... i understand most of what is here, but not all, and am also interested in integrating the registration process as well as the login. I guess if you remove the ability to modify their account details or password, then it would just read from your existing customer db table, correct?
definitely interesterd in find out more about this. thanks Patrick
|
|
#6
09-24-2006, 05:19 AM
|
|||
|
|||
|
Regarding doing this in PHP... I started to write something along the same lines, then got distracted. Here's what I have, but I haven't really tried it out yet. Might be a helpful starting point, though:
PHP Code:
 (and remember... I haven't tested this code, so I don't promise it works)
|
|
#8
09-25-2006, 09:23 AM
|
|||
|
|||
|
This has been out since last year already https://vborg.vbsupport.ru/showthrea...n+non+vb+pages
I think that would have solved your solution/s already
|
|
#9
09-27-2006, 10:37 PM
|
|||
|
|||
|
My final solution was just to set the bbuserid and bbpassword cookies as session cookies when a user logs onto my site (and disable all the login/logout stuff in the vB templates). It ends up being a little simpler than the POST trick, and doesn't require code changes to vB (which I hate doing, because it makes upgrading a pain)
|
 |
«
Previous Thread
|
Next Thread
»
|
|
All times are GMT. The time now is 06:54 PM.