vb.org Archive - ccbill username and password field

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB4 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=252)

- - ccbill username and password field (https://vborg.vbsupport.ru/showthread.php?t=312718)

ccbill username and password field

hi all we have used ccbill for our paid subscriptions for 8 years, we have always had an issue with the username and password field being passed to ccbill as NOUSERNAME and NOPASSWORD, this has been fine as the fields were hidden on ccbills forms, but now we are using upsales at ccbill and the fields are required, ccbill are saying they are required filds for upsaling, and I cant work out why vbulletin is not sending them in payments.php?do=order

this is what is being sent
<input type="hidden" name="username" value="NOUSERNAME" />
<input type="hidden" name="password" value="NOPASSWORD" />

any ideas would be helpful

Craig

Hi friend,
Yes me too have same problem not info of members souscription !!!

This information is present in the subscription_payment_ccbill template, but my question is: what should both fields contain? What username and password?

it should be the current logged in username and password.
but I don't know why its not being filled
Craig

Password?!? vBulletin 4 stores its passwords encrypted with MD5 and a salt. (Although a very bad hashing algorithm.)

I believe the bbuserinfo array can be used in that template. Then it's just a matter of doing this in the subscription_payment_ccbill template.

PHP Code:


		
			
<input type="hidden" name="clientAccnum" value="{vb:raw settings.clientAccnum}" />
<input type="hidden" name="clientSubacc" value="{vb:raw settings.clientSubacc}" />
<input type="hidden" name="formName" value="{vb:raw settings.formName}" />
<input type="hidden" name="subscriptionTypeId" value="{vb:raw subinfo.ccbillsubid}" />
<input type="hidden" name="allowedTypes" value="{vb:raw subinfo.ccbillsubid}" />
<input type="hidden" name="email" value="{vb:raw settings.email}" />
<input type="hidden" name="hash" value="{vb:raw hash}" />
<input type="hidden" name="username" value="{vb:raw bbuserinfo.username}" />
<input type="hidden" name="password" value="{vb:raw bbuserinfo.password}" />
<input type="hidden" name="noCache" value="1" />

im guessing vb would say this is a security risk...?
Craig

Well the salt is stored in a separate column so even if someone finds out the MD5 hashed password, it's very hard to figure out the actual password without the salt.

thanks for that, it works in as much as it now fills the fields with the username and encrypted pass, not sure if the encrypted pass will be an issue for ccbill, ill have to wait to see what they say.

im assuming they want both to set up the account on the upsale site.
Craig

--------------- Added [DATE]1404680922[/DATE] at [TIME]1404680922[/TIME] ---------------

im right in saying it would not be a good idea to decrypt the pass, as ccbill are saying they need the pass in plain text.

Craig

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_php_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (8)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.00996 seconds Memory Usage 1,732KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_php_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (8)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: