I found a hack that allows users to manipulate the userid behind the post (Post by Proxy mod), but I couldn't find one that allows you to manipulate the username so that it would show up as a user that does not exist.
This is how my custom posting code looks, but it doesn't seem to matter if I manually set the $newpost['username'] to "Fake Username";
PHP Code:
$poststarttime = $vbulletin->input->clean_gpc('p', 'poststarttime', TYPE_UINT);
$poststarttime = time();
$posthash = md5($poststarttime . $vbulletin->userinfo['userid'] . $vbulletin->userinfo['salt']);
$forumid = 17;
$foruminfo = verify_id('forum', $forumid, 0, 1);
$threadid = 493;
$threadinfo = verify_id('thread', $threadid, 0, 1);
$newpost['username'] =& $vbulletin->userinfo['username'];
$newpost['message'] = $_POST['custompagetext'];
$newpost['title'] = $_POST['custompagetitle'];
$newpost['parseurl'] = '1';
$newpost['poststarttime'] = $poststarttime;
$newpost['posthash'] = $posthash;
if ($vbulletin->userinfo['autosubscribe'] != -1){$newpost['emailupdate'] = $vbulletin->userinfo['autosubscribe'];}
else{$newpost['emailupdate'] = 9999;}
if ($vbulletin->userinfo['signature'] != ''){$newpost['signature'] = '1';}
else{$newpost['signature'] = '0';}
$post = array();
$post['visible'] = 1;
$newpost['visible'] = 1;
$threadinfo['visible'] = 1;
build_new_post('reply', $foruminfo, $threadinfo, $post, $newpost, $errors);
$currcont_query = $db->query_read('SELECT username, pagetext, title, dateline, postid FROM ' . TABLE_PREFIX . 'post WHERE threadid = 493 ORDER BY postid DESC LIMIT 1');
$current = mysql_fetch_row($currcont_query);
approve_post ($current[4], 0, true, NULL, NULL, true);
10-02-2008, 09:58 AM
Post using fake usernames?
Hybrid Mode
