Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 09-26-2007, 08:47 PM
ianskate ianskate is offline
 
Join Date: Dec 2002
Posts: 33
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Generating session externally (bbsessionhash cookie and session table)

Solution now found, check a few posts below...

Ok here is my current project:

I am attempting to have users on my website (www.mysite.com) login and have them also logged in on my forum (forum.mysite.com). They can share cookies as they share the domain, right? When using my login function on my website, I create the bbuserid and bbpassword cookies appropriately. This is fairly simple.

Creating the session does not appear to be. As anyone using external login knows, a row in the session table must be created that has a matching sessionhash to that found in the bbsessionhash cookie.

Im trying to figure out how vbulletin creates the session hash. Ive been able to create the idhash, as well as am able to fill out the userid, host, lastactivity, and useragent fields. I am guessing, since this is external login, that the location field would be set to '/'. The function fetch_sessionhash looks like such a maze... it looks liek an md5 of Time(), $_SERVER['REQUEST_URI'], idhash, user ip, and a random # from 1 to 1000000.

If, in my websites controller, I send a row to the session table containing the info above, along with my bbuserid and bbpassword cookies, will vBulletin think I am logged in? Will it work if I generate the sessionhash that way from my website and then navigate to my forum? If not, how do you create the proper row in the session table in order to be "logged in" on vBulletin?

I have been searching the forums all day for the answer to this, and am unable to find any useable info. Could anyone show me the minimum data to send to the vb_session table in order for external login to work? TIA

:up:

--------------- Added at 21:50 ---------------

Oh and another question... will it work if I just place some random string in the sessionhash and also match that string in the bbsessionhash cookie? Will it find me logged in and just switch these strings once ive navigated to the forum or at least somewhere within the forum?
Reply With Quote
  #2  
Old 09-27-2007, 03:35 AM
Analogpoint's Avatar
Analogpoint Analogpoint is offline
 
Join Date: Feb 2007
Posts: 656
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Why don't you do this.

1. Copy the login form HTML from the navbar template.
2. Replace all the variables ($vbphrase etc), with plain text
3. Add the absolute url to /clientscript/vbulletin_md5.js to make sure it gets included.
4. Add the absolute url to the form's action 'login.php?do=login'

You're done, it'll log you in and redirect you back to where you were.
Reply With Quote
  #3  
Old 09-27-2007, 12:25 PM
ianskate ianskate is offline
 
Join Date: Dec 2002
Posts: 33
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

lol... that sounds way too easy. ill give it a shot...

still, can anyone answer the original question?
Reply With Quote
  #4  
Old 09-27-2007, 01:04 PM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You've already found the formula...fetch_session_hash(). Simply trace back the constants.

TIMENOW
PHP Code:
define('TIMENOW'time()); 
SCRIPTPATH
PHP Code:
if ($_SERVER['PATH_INFO'] OR $_ENV['PATH_INFO'])
{
    
$scriptpath $_SERVER['PATH_INFO'] ? $_SERVER['PATH_INFO'] : $_ENV['PATH_INFO'];
}
else if (
$_SERVER['REDIRECT_URL'] OR $_ENV['REDIRECT_URL'])
{
    
$scriptpath $_SERVER['REDIRECT_URL'] ? $_SERVER['REDIRECT_URL'] : $_ENV['REDIRECT_URL'];
}
else
{
    
$scriptpath $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF'];
}

if (
$_SERVER['QUERY_STRING'] OR $_ENV['QUERY_STRING'])
{
    
$scriptpath .= '?' . ($_SERVER['QUERY_STRING'] ? $_SERVER['QUERY_STRING'] : $_ENV['QUERY_STRING']);
}

$quest_pos strpos($scriptpath'?');
if (
$quest_pos !== false)
{
    
$script urldecode(substr($scriptpath0$quest_pos));
    
$scriptpath $script substr($scriptpath$quest_pos);
}
else
{
    
$scriptpath urldecode($scriptpath);
}

define('SCRIPTPATH'preg_replace('/(s|sessionhash)=[a-z0-9]{32}?&?/'''$scriptpath)); 
SESSION_IDHASH
PHP Code:
$alt_ip $_SERVER['REMOTE_ADDR'];

if (isset(
$_SERVER['HTTP_CLIENT_IP']))
{
    
$alt_ip $_SERVER['HTTP_CLIENT_IP'];
}
else if (isset(
$_SERVER['HTTP_X_FORWARDED_FOR']) AND preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s'$_SERVER['HTTP_X_FORWARDED_FOR'], $matches))
{
    foreach (
$matches[0] AS $ip)
    {
        if (!
preg_match("#^(10|172\.16|192\.168)\.#"$ip))
        {
            
$alt_ip $ip;
            break;
        }
    }
}
else if (isset(
$_SERVER['HTTP_FROM']))
{
    
$alt_ip $_SERVER['HTTP_FROM'];
}

$alt_ip implode('.'array_slice(explode('.'$alt_ip), 03));

define('SESSION_IDHASH'md5($_SERVER['HTTP_USER_AGENT'] . $alt_ip)); 
SESSION_HOST
PHP Code:
define('SESSION_HOST'$_SERVER['REMOTE_ADDR']); 
SESSIONHASH
PHP Code:
$sessionhash md5(TIMENOW SCRIPTPATH SESSION_IDHASH SESSION_HOST vbrand(11000000)); 
Reply With Quote
  #5  
Old 09-27-2007, 01:19 PM
ianskate ianskate is offline
 
Join Date: Dec 2002
Posts: 33
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

well because of the random func on the end, is this even possible? Will a new session be generated once I navigated to the forum regardless of what I insert into the table and set the cookie to?

It appears that after creating the above data, that navigating to the forum creates a new session for a non-logged in user, and overwrites the cookie for the logged in user (or rather, user attempting to log in externally). Therefore, am I safe in assuming that this isnt possible?

--------------- Added at 16:20 ---------------

Quote:
Originally Posted by Analogpoint View Post
Why don't you do this.

1. Copy the login form HTML from the navbar template.
2. Replace all the variables ($vbphrase etc), with plain text
3. Add the absolute url to /clientscript/vbulletin_md5.js to make sure it gets included.
4. Add the absolute url to the form's action 'login.php?do=login'

You're done, it'll log you in and redirect you back to where you were.
doesnt work. heres my code (found at the bottom of my website's login routiene):

PHP Code:
echo '<form action="http://forum.mysite.com/login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
                            <script type="text/javascript" src="http://forum.mysite.com/clientscript/vbulletin_md5.js?v=368"></script>
                            <input type="submit" value="Log in" accesskey="s" />
                            <input type="hidden" name="s" value="1" />
                            <input type="hidden" name="vb_login_password" value="' 
$user_txtpassword '" />
                            <input type="hidden" name="vb_login_username" value="' 
$user_name '" />
                            <input type="hidden" name="cookieuser" value="1" />
                            <input type="hidden" name="do" value="login" />        
                            <input type="hidden" name="vb_login_md5password" />
                            <input type="hidden" name="vb_login_md5password_utf" />
                            </form>'

runs through it, does nothing.

has anyone here gotten external login to work properly?
Reply With Quote
  #6  
Old 10-10-2007, 05:24 PM
ianskate ianskate is offline
 
Join Date: Dec 2002
Posts: 33
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

i was able to do this by using the php headers function, if anyone is interested in doing this in the future.

you may need to visit www.php.net and research cURL() and the header() funcs to get this to work right

first, my website opens a curl session and emulates the same action as the login form (sends the info through a post array). then, i save the results of the curl session in a string (the results will be the html page that the login routine on VB will return). I then parse the string where the cookies are found - this would be the sessionhash cookie and the other cookies generated by the login routine. i create the userid and such cookies with my own funcs that act just like the login on vb. then i take the string with the session hash in it and store it in a variable to be sent with the header(). sending all 5 headers as setcookie headers properly creates the sessionhash, userid, and other cookies (NOTE: this is *NOT* the setcookie() func, as that will not work from one domain to another).

i can now login externally from my website to the forum.
Reply With Quote
  #7  
Old 10-10-2007, 06:32 PM
Analogpoint's Avatar
Analogpoint Analogpoint is offline
 
Join Date: Feb 2007
Posts: 656
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by ianskate View Post

doesnt work. heres my code (found at the bottom of my website's login routiene):

PHP Code:
echo '<form action="http://forum.mysite.com/login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
                            <script type="text/javascript" src="http://forum.mysite.com/clientscript/vbulletin_md5.js?v=368"></script>
                            <input type="submit" value="Log in" accesskey="s" />
                            <input type="hidden" name="s" value="1" />
                            <input type="hidden" name="vb_login_password" value="' 
$user_txtpassword '" />
                            <input type="hidden" name="vb_login_username" value="' 
$user_name '" />
                            <input type="hidden" name="cookieuser" value="1" />
                            <input type="hidden" name="do" value="login" />        
                            <input type="hidden" name="vb_login_md5password" />
                            <input type="hidden" name="vb_login_md5password_utf" />
                            </form>'

runs through it, does nothing.

has anyone here gotten external login to work properly?

Sorry, I didn't realize you had replied here.

Here's the code I threw together a month ago. Works fine. Just edit the first two lines, and test it out.

PHP Code:
<?php

// ###################################################################

// Edit this

// Relative or absolute path to your vBulletin installation
define('VBPATH''../testvb');

// Absolute URL to return to after logging in.
$returnto 'http://localhost/sites/vb_remote_login/login3.php';

// Done editing


// ###################################################################
// Get the basics from vB
define('VB_AREA''MyExternalSite');
require_once(
VBPATH '/includes/init.php');

$vbphrase init_language();
$vboptions =& $vbulletin->options;
$bbuserinfo =& $vbulletin->userinfo;

// ###################################################################
// Simulate a "loginform" template
$loginform '';
if (
$vbulletin->userinfo['userid'] < 1)
{
    
$loginform = <<<ENDL
        <style type="text/css">
        .login {background-color:#CCC; border:1px solid #999;}
        .login td {background-color:#EEE;padding:4px;}
        </style>

        <!-- login form -->
        <form action="
$vboptions[bburl]/login.php?do=login&amp;return=$returnto" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, $show[nopasswordempty])">
        <script type="text/javascript" src="
$vboptions[bburl]/clientscript/vbulletin_md5.js?v=$vboptions[simpleversion]"></script>
        <table cellpadding="0" cellspacing="
$stylevar[formspacer]" border="0" class="login">
        <tr>
            <td class="smallfont"><label for="navbar_username">
$vbphrase[username]</label></td>
            <td><input type="text" class="bginput" style="font-size: 11px" name="vb_login_username" id="navbar_username" size="10" accesskey="u" tabindex="101" value="
$vbphrase[username]" onfocus="if (this.value == '$vbphrase[username]') this.value = '';" /></td>
            <td class="smallfont" colspan="2" nowrap="nowrap"><label for="cb_cookieuser_navbar"><input type="checkbox" name="cookieuser" value="1" tabindex="103" id="cb_cookieuser_navbar" accesskey="c" />
$vbphrase[remember_me]</label></td>
        </tr>
        <tr>
            <td class="smallfont"><label for="navbar_password">
$vbphrase[password]</label></td>
            <td><input type="password" class="bginput" style="font-size: 11px" name="vb_login_password" id="navbar_password" size="10" tabindex="102" /></td>
            <td><input type="submit" class="button" value="
$vbphrase[log_in]" tabindex="104" title="$vbphrase[enter_username_to_login_or_register]" accesskey="s" /></td>
        </tr>
        </table>
        <input type="hidden" name="s" value="
$session[sessionhash]" />
        <input type="hidden" name="do" value="login" />
        <input type="hidden" name="vb_login_md5password" />
        <input type="hidden" name="vb_login_md5password_utf" />
        </form>
        <!-- / login form -->
ENDL;
}

// ###################################################################
// Simulate a "logoutlink" template
$logoutlink '';
if (
$vbulletin->userinfo['userid'] > 0)
{
    
$logoutlink = <<<ENDL
        <a href="$vboptions[bburl]/login.php?$session[sessionurl]do=logout&amp;logouthash=$bbuserinfo[logouthash]&amp;return=$returnto" onclick="return log_out('$vbphrase[sure_you_want_to_log_out]')">$vbphrase[log_out]</a>
ENDL;
}

// ###################################################################
// Simulate the page's template
$pageoutput = <<<ENDL
    <html><head><title>Non-vB Page</title></head>
    <body>
    <hr>
    
$loginform
    
$logoutlink
    <hr>
    </body>
    </html>
ENDL;

// ###################################################################
// Send to browser
echo $pageoutput;
die;
?>
Reply With Quote
  #8  
Old 10-11-2007, 02:56 AM
wcreations wcreations is offline
 
Join Date: Oct 2007
Posts: 1
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

ianskate, it sounds like you have a good solution. I'm pretty competent with curl, but since I'm in the same EXACT situation as you (forum is on a subdomain, on the same server), would you mind sharing your code? :erm: That would save me at least a couple of hours coding and debugging.

Thanks in advance! -Matt
Reply With Quote
  #9  
Old 10-14-2007, 11:23 PM
Amenadiel's Avatar
Amenadiel Amenadiel is offline
 
Join Date: Sep 2006
Posts: 171
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This is amazing, I've been wondering how to make users logged from bbpixel's joomla bridge appear in useronline... but it doesn't seem easy at all.

I get it you need to build a sessionhash yourself and put it in the sessiontable? what happens if you just insert a row in vbsession with userid and location?
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:38 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04526 seconds
  • Memory Usage 2,321KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (8)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete