Announcement

**glennrocksvb** · 04-20-2018, 11:10 AM

Hi Paul aka phands! Thanks for joining and the nice intro.

Have you tried this for the login?

How to log into vBulletin from an external script on your website - vBulletin Community Forum

https://www.vbulletin.com/forum/blogs/david-grove/4327147-how-to-log-into-vbulletin-from-an-external-script-on-your-website

When designing your website and integrating vBulletin with the rest of your site, it's often desirable to have a centralized login form for users to initiate a vBulletin session. Here are some instructions

And the vB5 API documentation

Lost? Don't worry

http://vb5support.com/resources/api/

**phands** · 04-20-2018, 11:51 AM

Hi there, and thanks for the fast reply.

The link is exactly what I tried as a template, and have tried it many times, making experimental changes, and instrumenting the code with echo statements. Whatever I do so far, any of the api calls just seem to do nothing - no return value gets assigned to the relevant variable.

For instance, the call "$api = Api_InterfaceAbstract::instance();" always returns nothing, which is what the API document you linked to says (there is no return value shown), but silently moves on to the next line... "$loginInfo = $api->callApi('user', 'login', array($username, $password));" similarly seems to do nothing and $loginInfo is empty. However $logininfo is used later in the code, in the cookie setting.

In any case, even when I pass a known user and password, the login still doesn't happen.

Again, being a PHP and vB novice probably means I'm doing something stupid, or have the wrong expectations.

**glennrocksvb** · 04-20-2018, 03:42 PM

Is the script running on the same server as vBulletin?
Did you change $vbpath to the correct path to your vbulletin instance?
No PHP errors? Try adding error_reporting(E_ALL); at the top of the script.

**phands** · 04-23-2018, 04:56 AM

Hi...yes, the code is running on the same LAMP stack. The $vbpath variable is correct. The code is in the root of the apache tree. Other code in the same file works, such as stuff I wrote to pull extra info out of a URL query. Only the vB API calls do nothing,

Thanks,

P

**glennrocksvb** · 04-23-2018, 06:21 AM

Can you PM the code?

**phands** · 04-23-2018, 06:25 AM

will do...I have to clean up the plethora of debug "echo" statements first. The code is a short snippet based on the example. None of the stuff in it is confidential - we haven't gone live yet, and the whole build is experimental.
.

**phands** · 04-23-2018, 06:43 AM

I couldn't see a PM button, so here's the code anyway. Note that I'm very aware of the bad idea that is sending a password in a URL query sting, but . this is for test purposes only. Once I get the login working in principle, I'll change that.

:~/htdocs$ more logintest.php

PHP Code:


<?php


// Path to your vBulletin installation

$vbpath = '/opt/bitnami/apache2/htdocs';

echo "VBPath is: $vbpath .";

echo "<br>";

echo "Attempting to start VBulletin session. <br>";

// Start login script

define('CSRF_PROTECTION', false);

require_once($vbpath . '/includes/vb5/autoloader.php');

vB5_Autoloader::register($vbpath);




/*

$autoarray = vB5_Autoloader::getAutoLoadInfo();

$len=count($autoarray);

echo($len);

echo "Autoloader returned: $autoarray[0] <br>";

for ($x=0;$x<$len;$x++)

{

echo "Autoloader return value $x is: =";

echo "$autoarray[$x]";

echo "=";

echo "<br>";

}

*/







vB5_Frontend_Application::init('config.php');




echo "Got past VBulletin Frontend initialization";

echo "<br>";

echo "Server Request Method is: " . $_SERVER['REQUEST_METHOD'];

echo "<br>";

echo "Raw Request URI is: " . $_SERVER['REQUEST_URI'] . "<br>";

//echo urldecode($_SERVER['REQUEST_URI']);

//echo "<br>";

$myurl = $_SERVER['REQUEST_URI'];

echo "<br> url decoded is: ";




echo urldecode($_SERVER['REQUEST_URI']);

echo "<br> Entities is: ";

echo htmlentities($_SERVER['REQUEST_URI']);

echo "<br> Decoded URL is....";

$decodedurl = urldecode($_SERVER['REQUEST_URI']);

echo $decodedurl . "<br>";

$shrapnel = explode("?", $decodedurl);

echo count($shrapnel) . "<br>";

echo $shrapnel[0] . " ...and... " . $shrapnel[1] . "<br>";

$realquery = $shrapnel[1];

echo "Real query is: " . $realquery . ". <br>";

$fragments = explode("&", $realquery);

echo "User Name Fragment is: " . $fragments[0] . "<br>";

echo "Password Fragment is: " . $fragments[1] . "<br>";

$username = explode("=", $fragments[0]);

echo "Username is: " . $username[1] . "<br>";




$password = explode("=", $fragments[1]);

echo "Password is: " . $password[1] . "<br>";










/*

echo "<br>";

var_dump(parse_url($myurl));

echo "<br>";

var_dump(parse_url($myurl, PHP_URL_SCHEME));

echo "<br>";

var_dump(parse_url($myurl, PHP_URL_USER));

echo "<br>";

var_dump(parse_url($myurl, PHP_URL_PASS));

echo "<br>";

var_dump(parse_url($myurl, PHP_URL_HOST));

echo "<br>";

var_dump(parse_url($myurl, PHP_URL_PORT));

echo "<br>";

var_dump(parse_url($myurl, PHP_URL_PATH));

echo "<br>";

var_dump(parse_url($myurl, PHP_URL_QUERY));

echo "<br>";

var_dump(parse_url($myurl, PHP_URL_FRAGMENT));

echo "<br>";

*/







$api = Api_InterfaceAbstract::instance();

$loginInfo = $api->callApi('user', 'login', array(
    $username,
    $password
));

echo "LoginInfo1 is: - " . $LoginInfo . " - <br>";

$cnt = count($LoginInfo, 1);

echo $cnt;

echo "<br>";

//header("Location: http://34.239.115.226");

//exit();










if ($_SERVER['REQUEST_METHOD'] == 'GET') {

    /////////////////////////////////////////////////////////////////////////////////

    // process the login form




    $api = Api_InterfaceAbstract::instance();

    $loginInfo = $api->callApi('user', 'login2', array(
        $username,
        $password
    ));



    echo "Got into Server login2 method";

    echo "<br>";




    if (empty($loginInfo['errors'])) {

        // set cookies

        vB5_Auth::setLoginCookies($loginInfo, '', !empty($_POST['remember']));

        echo "Set login cookies <br>";

        // redirect somewhere Also see: vB5_Auth::doLoginRedirect();

        header('Location: vb5_external_login.php');

        exit;

    }

    else {

        echo "Login Error <br>";

        // there was a problem logging in.

        // redirect or display errors here

    }

}

else {

    ///////////////////////////////////////////////////////////////////////////////////////

    // display a login form




    $userid = vB5_Cookie::get('userid', vB5_Cookie::TYPE_UINT);

    $hash = vB5_Cookie::get('password', vB5_Cookie::TYPE_STRING);

    echo "Got into Login form";

    echo "<br>";

    echo "UserID is: $userid";

    echo ", and Hash is: $hash";







    if (empty($userid) OR empty($hash)) {

?>

<form action="vb5_external_login.php" method="post">




<input type="text" name="username" value="" placeholder="User Name" />

<input type="password" name="password" value="" placeholder="Password" />

<label><input type="checkbox" name="remember" /> Stay logged in?</label>

<input type="submit" value="Log In" />




</form>



<?php

    }

    else {

        echo 'Already logged in';

    }

}

**glennrocksvb** · 04-23-2018, 08:20 AM

1. Try adding error_reporting(E_ALL); at the top to see PHP notices and errors.
2. PHP variables are case-sensitive. You declared $loginInfo variable but in some lines you reference it as $LoginInfo (note the uppercase L).
3. Why are you retrieving the username and password user inputs from the URL? The form method is POST not GET, so you should retrieve them as:

PHP Code:


$username = $_POST["username"];
$password = $_POST["password"];

**glennrocksvb** · 04-23-2018, 08:36 AM

Originally posted by phands View Post

Note that I'm very aware of the bad idea that is sending a password in a URL query sting, but . this is for test purposes only.

Just saw this note. Why then you are not using $_GET['password'] to retrieve the password from querystring? But either way, I recommend using POST right away. There's no benefit using GET for testing when in the end, it will be changed to POST.

**phands** · 04-23-2018, 09:06 AM

Hi again, and once again, thanks for pitching in. I will be sure to put it in Code tags henceforward.
I added the error_reporting(E_ALL); as you suggested/ . It didn't make an visible difference to the output on screen...do errors get logged elsewhere?
Great catch on the mixed-case Ls...I must have looked at that code 1000 times!
I agree the retrieval of username and password should not be done that way - I just needed a fast way to test the login code. The URL parsing will go away once I get login working, and then we'll use a secure and encrypted method. It's an embedded webview in a phone app, which never shows the URL anyway, but I'll never send passwords in clear text anyway.

When all else is said and done, I can'r make the login API call work, even if I pass in the username and password direct.

**glennrocksvb** · 04-23-2018, 10:47 AM

Can you post or PM the URL to the script?

**phands** · 04-24-2018, 06:41 AM

Hi....sorry for the delay in replying...was out of office. With your help, I got it working! I corrected the upper/lower confusion that you spotted, converted over to $_POST, and now I can login a known user, returning a session hash and other useful info!

Now I can clean up and add proper error trapping before handing it to another developer to check it's production ready.

Thanks you VERY much...VBMods Rocks....well rocks!!!

**glennrocksvb** · 04-24-2018, 07:59 AM

Glad you got it working

Announcement

Hello vbmods!

Hello vbmods!

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Users Viewing This Page

Latest Posts