vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=252)
-   -   ccbill username and password field (https://vborg.vbsupport.ru/showthread.php?t=312718)

ukdalai 07-06-2014 08:27 AM

ccbill username and password field
 
hi all we have used ccbill for our paid subscriptions for 8 years, we have always had an issue with the username and password field being passed to ccbill as NOUSERNAME and NOPASSWORD, this has been fine as the fields were hidden on ccbills forms, but now we are using upsales at ccbill and the fields are required, ccbill are saying they are required filds for upsaling, and I cant work out why vbulletin is not sending them in payments.php?do=order

this is what is being sent
<input type="hidden" name="username" value="NOUSERNAME" />
<input type="hidden" name="password" value="NOPASSWORD" />

any ideas would be helpful

Craig

morpheus28 07-06-2014 11:04 AM

Hi friend,
Yes me too have same problem not info of members souscription !!!

Dave 07-06-2014 11:13 AM

This information is present in the subscription_payment_ccbill template, but my question is: what should both fields contain? What username and password?

ukdalai 07-06-2014 11:16 AM

it should be the current logged in username and password.
but I don't know why its not being filled
Craig

Dave 07-06-2014 11:21 AM

Password?!? vBulletin 4 stores its passwords encrypted with MD5 and a salt. (Although a very bad hashing algorithm.)

I believe the bbuserinfo array can be used in that template. Then it's just a matter of doing this in the subscription_payment_ccbill template.

PHP Code:

<input type="hidden" name="clientAccnum" value="{vb:raw settings.clientAccnum}" />
<
input type="hidden" name="clientSubacc" value="{vb:raw settings.clientSubacc}" />
<
input type="hidden" name="formName" value="{vb:raw settings.formName}" />
<
input type="hidden" name="subscriptionTypeId" value="{vb:raw subinfo.ccbillsubid}" />
<
input type="hidden" name="allowedTypes" value="{vb:raw subinfo.ccbillsubid}" />
<
input type="hidden" name="email" value="{vb:raw settings.email}" />
<
input type="hidden" name="hash" value="{vb:raw hash}" />
<
input type="hidden" name="username" value="{vb:raw bbuserinfo.username}" />
<
input type="hidden" name="password" value="{vb:raw bbuserinfo.password}" />
<
input type="hidden" name="noCache" value="1" /> 


ukdalai 07-06-2014 11:24 AM

im guessing vb would say this is a security risk...?
Craig

Dave 07-06-2014 11:27 AM

Well the salt is stored in a separate column so even if someone finds out the MD5 hashed password, it's very hard to figure out the actual password without the salt.

ukdalai 07-06-2014 11:44 AM

thanks for that, it works in as much as it now fills the fields with the username and encrypted pass, not sure if the encrypted pass will be an issue for ccbill, ill have to wait to see what they say.

im assuming they want both to set up the account on the upsale site.
Craig

--------------- Added [DATE]1404680922[/DATE] at [TIME]1404680922[/TIME] ---------------

im right in saying it would not be a good idea to decrypt the pass, as ccbill are saying they need the pass in plain text.

Craig


All times are GMT. The time now is 08:38 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00996 seconds
  • Memory Usage 1,732KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (8)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete