Closed (fixed)
Project:
Drupal vB
Version:
5.x-2.0
Component:
Code
Priority:
Critical
Category:
Bug report
Assigned:
Reporter:
Created:
24 Jun 2008 at 14:47 UTC
Updated:
6 Aug 2008 at 14:18 UTC
Jump to comment: Most recent file
I think, there's a little mistake in the code:
setcookie($cookie_prefix .'password', md5(md5($vbuser['password']) . $vbuser['salt']), $expire, $cookie_path, $cookie_domain);
This is the way passwords are stored in the database. So you take the already encrypted password in the database and encrypt it with salt and md5 again. But the password in cookies is encrypted this way:
setcookie($cookie_prefix .'password', md5($vbuser['password'] . '*YOUR LICENCE NUMBER*'), $expire, $cookie_path, $cookie_domain);
(of course you have to replace *YOUR LICENCE NUMBER* with your vBulletin licence number).
After replacing this part, everything works fine and the users are not logged out at the end of the session lifetime.
I used Drupal 5.7 and vBulletin 3.7.1 Patch Level 2
| Comment | File | Size | Author |
|---|---|---|---|
| #4 | drupalvb.remember.patch | 2 KB | sun |
| #3 | drupalvb.remember.patch | 2 KB | sun |
Comments
Comment #1
sunWe need a way to retrieve the actual license number from vBulletin.
Comment #2
sun@TW-IYF: Do you know how/where vBulletin stores the license number internally? I have already searched through the settings, but was unable to find it.
Comment #3
sunI was unable to find a resource for determining the actual vBulletin license number. Thus, implemented as module setting now.
Please test. I'll probably roll a new official release in the next days.
Comment #4
sunRe-rolled.
Comment #5
sunComment #6
Anonymous (not verified) commentedAutomatically closed -- issue fixed for two weeks with no activity.
Comment #7
ml1 commentedCheck around line 37 of includes/functions.php. We're using 3.7.x.