hi all we have used ccbill for our paid subscriptions for 8 years, we have always had an issue with the username and password field being passed to ccbill as NOUSERNAME and NOPASSWORD, this has been fine as the fields were hidden on ccbills forms, but now we are using upsales at ccbill and the fields are required, ccbill are saying they are required filds for upsaling, and I cant work out why vbulletin is not sending them in payments.php?do=order

this is what is being sent
<input type="hidden" name="username" value="NOUSERNAME" />
<input type="hidden" name="password" value="NOPASSWORD" />

any ideas would be helpful

Craig

Hi friend,
Yes me too have same problem not info of members souscription !!!

This information is present in the subscription_payment_ccbill template, but my question is: what should both fields contain? What username and password?

it should be the current logged in username and password.
but I don't know why its not being filled
Craig

Password?!? vBulletin 4 stores its passwords encrypted with MD5 and a salt. (Although a very bad hashing algorithm.)

I believe the bbuserinfo array can be used in that template. Then it's just a matter of doing this in the subscription_payment_ccbill template.

<input type="hidden" name="clientAccnum" value="{vb:raw settings.clientAccnum}" />
<input type="hidden" name="clientSubacc" value="{vb:raw settings.clientSubacc}" />
<input type="hidden" name="formName" value="{vb:raw settings.formName}" />
<input type="hidden" name="subscriptionTypeId" value="{vb:raw subinfo.ccbillsubid}" />
<input type="hidden" name="allowedTypes" value="{vb:raw subinfo.ccbillsubid}" />
<input type="hidden" name="email" value="{vb:raw settings.email}" />
<input type="hidden" name="hash" value="{vb:raw hash}" />
<input type="hidden" name="username" value="{vb:raw bbuserinfo.username}" />
<input type="hidden" name="password" value="{vb:raw bbuserinfo.password}" />
<input type="hidden" name="noCache" value="1" />

im guessing vb would say this is a security risk...?
Craig

Well the salt is stored in a separate column so even if someone finds out the MD5 hashed password, it's very hard to figure out the actual password without the salt.

thanks for that, it works in as much as it now fills the fields with the username and encrypted pass, not sure if the encrypted pass will be an issue for ccbill, ill have to wait to see what they say.

im assuming they want both to set up the account on the upsale site.
Craig

--------------- Added 1404680922 at 1404680922 ---------------

im right in saying it would not be a good idea to decrypt the pass, as ccbill are saying they need the pass in plain text.

Craig