Cookie different to database?

[Mutley]

I'm trying to make a simple script where if you are logged in on the Vbulletin forum, you can view pages on the website (seperate to the forum).

 

I matched the ID cookie with the one in the database but when I tried the Password cookie, it's completely different to the one in the database.

 

I'm sure the database stores it in MD5 but no idea about the cookie? Any ideas?

[skali]

Instead of cookies you should use $_SESSION variables that have been setup by the forum, to authenticate user on the other pages of website as well.

[Mutley]

Can you go into a big more detail? So do I not use cookies at all?

 

Thanks.

[skali]

If you are using the forum as the main application for authentication then:

 

1- print_r($_SESSION) variables to see what varibles you forum is storing after authentication

2- Once you find these variables you can check these variables in an include file that you can call on the rest of the pages of your site.

3- suppose if the forum is using varibles $_SESSION['is_authenticated'] for authentication then you can use this variable on other pages as well.

 

This will make sure that if your user is logged in into the forum then he can also access other pages of your website as well.

[Mutley]

The:

 

print_r($_SESSION);

 

Comes up blank?

[rofl90]

Use $_SESSION otherwise you just making things harer for urself..

[Mutley]

How are sessions stored? In the database or in a cookie?

[skali]

On the server sessions are by default stored in a file with session id as its name...

 

before print_r($_SESSION);

 

use: session_start();

[Mutley]

I get:

 

Array()

 

That's it.

[skali]

Where are you placing this code?

 

You have to place in one of the files of your forum which is displayed after user has been authenticated like may be some welcome page or so.

 

And if it still displays array() then the forum is not saving anything in the session, which i doubt to be the case.

[Mutley]

I put it at the bottom of index.php and viewpost.php and it shows nothing.

[skali]

Look into the file that is the forum is using for login purpose, it has to save something or the other in that file in order to authenticate the user. See what is it saving in the session.

[Mutley]

I looked in the login.php and not sure what I'm looking for, this seems close though, maybe it makes more sense to you:

 

if (!verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['vb_login_password'], $vbulletin->GPC['vb_login_md5password'], $vbulletin->GPC['vb_login_md5password_utf'], $vbulletin->GPC['cookieuser'], true))