Comments for Prashant's Blog

Comment on Integrating the Vanilla forum into a PHP application by Jason Judge

Jason Judge — Sun, 23 Nov 2008 17:40:03 +0000

About the verification key - it seems to be a potental security vulnerability. To log into a forum as a specific user, all you need to know is the verification key and user ID. There are ways of getting hold of the user ID (from postings) and if you create a verification key that is determinate (i.e. can be calculated knowing various things about the account you are logging into) then an attacker could create the pair of cookies and waltz right in.

Check out the function DefineVerificationKey() in Vanilla. It goes to great lengths to ensure the key is random. IMO it should be reset and randomised each time the user logs out.

Comment on Integrating the Vanilla forum into a PHP application by differant-jason

differant-jason — Wed, 29 Oct 2008 14:59:48 +0000

thanks dude.. exactly what I was looking for. KUDOS!!

Comment on Integrating the Vanilla forum into a PHP application by Deepak

Deepak — Thu, 28 Aug 2008 16:08:21 +0000

Thanks, Saved lots of time.

Comment on Integrating the Vanilla forum into a PHP application by Jason

Jason — Mon, 25 Aug 2008 20:34:52 +0000

It’s me again, I was able to figure it out. I did what Jan said about and it works like a charm. I can now login and out using whatever method I want. Thanks again for all your efforts, and thank you Jan!

Jason

Comment on Integrating the Vanilla forum into a PHP application by Jason

Jason — Mon, 25 Aug 2008 19:45:11 +0000

It seems Vanilla has changed a bit since this post was written. I was able to use your guide and mod it a bit and can now login to Vanilla through an alternative login form but it won’t logout. It seems Vanilla uses php sessions to store user login information, and it seems Vanilla uses a different session altogether than the application I am trying to integrate it with.

Any pointers or perhaps an updated tutorial? This is the ONLY post I can find about integrating Vanilla into a custom application and I have looked for hours upon hours at other examples and am just lost.

Thanks buddy!

Comment on Integrating the Vanilla forum into a PHP application by Jan

Jan — Tue, 06 May 2008 18:09:33 +0000

Hi Prashant,

many thanks for your great tutorial. It really helped me a lot with our application integration.

Only that I almost killed myself trying to logoff from Vanilla from my applications logout routine. I was able to authenticate but never to deauthenticate. Untill I learned that you have to synchronize the application session and the vanilla session. Which means you have to add the line
$Configuration[’SESSION_NAME’] = ‘my_session’;
in the file conf/settings.php when you are using a not standard session name like ‘my_session’. This line tells Vanilla to use the different session name for its authentication.

Furthermore you have to destroy the session when logging out. Just add the line
session_destroy();
to your applications logout routine and everything seems to be working smoothly afterwards.

Comment on My Tumblelog by Prashant Nadarajan

Prashant Nadarajan — Mon, 24 Mar 2008 07:12:47 +0000

Good idea. Hopefully I can do this via FeedBurner.

Thanks!

Comment on My Tumblelog by Praveen Rajan

Praveen Rajan — Sun, 23 Mar 2008 16:16:27 +0000

Cool!

Why not integrate it into your current blog / feed?

Comment on Winds of Change by Prashant Nadarajan

Prashant Nadarajan — Mon, 10 Mar 2008 08:52:56 +0000

@Rizal: I used an expletive before in place of “disappoint” but changed it as it didn’t seem appropriate after the fact. I don’t think it changed the meaning hence I didn’t use a strike through :p

Comment on Winds of Change by Rizal

Rizal — Mon, 10 Mar 2008 08:03:17 +0000

hmm … you seem to have substituted the word “disappoint” for something else … heh heh …