How to login to vbulletin from .net application

[hasan1aj]

Below is the code i am currently using. It appears to work for a couple of seconds. After i run it, the user is redirected to vbulletin welcome page with the username showing then goes back to log in page logging out the user.

Password = MD5(Password);
string data = "vb_login_username=" + Username + "&vb_login_password=&s=&do=login&vb_login_md5passw ord=" + Password + "&vb_login_md5password_utf=" + Password;
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://forum.[domain].com/login.php?do=login");
request.Method = WebRequestMethods.Http.Post;
request.ContentType = "application/x-www-form-urlencoded";
request.UserAgent = "-- vBulletin Vaidation --";
request.ContentLength = data.Length;
StreamWriter rStream = new StreamWriter(request.GetRequestStream());
rStream.Write(data);
rStream.Flush();
rStream.Close();
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
StreamReader resReader = new StreamReader(response.GetResponseStream());
string str = resReader.ReadToEnd();
response.Close();
if (str.Contains("Thank you for logging in"))
{
return str; //str is the html of the welcome page
}
else
{
return "invalid login";
}

another approach i have used is the api. But I wasnt able to make it work. on the official vbulletin api documentation they are saying the below:

"So after this API call (login_login), client should call api_init (get new session as well as new common $show variables) or api_getsecuritytoken to get the new securitytoken. Once the client gains both the new sessionhash and the securitytoken, please save them in application session vars. After this the login process is done. You need to pass the new sessionhash to the API and use the new securitytoken to sign the requests in future API method calls."

I was able to call the login_login successfully with positive response. the rest is not clear. can some1 help

[Dave]

Where do you store the cookies that contains the session data of the user? Those cookies have to be sent to each request after the login in order to stay signed in.

[hasan1aj]

I guess I wasn't able to send the cookie correctly. Can you please clarify? Maybe a sample code. Btw you're talking about the API or the direct post actiob to login.php?

--------------- Added [DATE]1469778401[/DATE] at [TIME]1469778401[/TIME] ---------------

OK, let's dissect the paragraph we pasted earlier because something doesn't make sense to us.

Here is the paragraph:
"So after this API call (login_login), client should call api_init (get new session as well as new common $show variables) or api_getsecuritytoken to get the new securitytoken. Once the client gains both the new sessionhash and the securitytoken, please save them in application session vars. After this the login process is done. You need to pass the new sessionhash to the API and use the new securitytoken to sign the requests in future API method calls."


Now let's dissect it one-by-one:
So after this API call (login_login), client should call api_init (get new session as well as new common $show variables) or api_getsecuritytoken to get the new securitytoken.
Do we need to do anything different with this new call to api_init once we have the "dbsessionhash" from method login_login? How does this new call to api_init know the user is logged in unless we pass something new to it (e.g. the "dbsessionhash" from login_login) ?



Once the client gains both the new sessionhash and the securitytoken, please save them in application session vars.
Which "sessionhash" and "securitytoken" is it referring to specifically? Is "sessionhash" referring to the "dbsessionhash" we get from the login_login method or is it referring to something from api_init (if so, what specifically) ? What about the "securitytoken", is it referring to the "apiaccesstoken" we get from calling api_init again or something else (if so, what specifically) ?



After this the login process is done. You need to pass the new sessionhash to the API and use the new securitytoken to sign the requests in future API method calls.
How do we add this new "sessionhash" and "securitytoken" to a future API method call? Do we add them to the parameter array that already includes ("api_m" => [method name]) ? If so, what do we name the keys?



Please be as clear and specific as you can, and please provide examples where possible. This is very confusing but we are relieved to hear you actually got it to work! Thanks again for your assistance with this, we greatly appreciate it.