Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 08-13-2012, 09:04 PM
Nullifi3d Nullifi3d is offline
 
Join Date: Apr 2004
Location: FL, USA
Posts: 215
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default vBulletin 3.6 - Register new user from outside vbulletin directory

I am trying to implement a script that adds a new vbulletin user during a shopping cart purchase within the WHMCS cart page. I have the basic jquery script built to check for username availability and it's setup for user insertion.

I just need to know what the minimum user variables are that need to be included during sql injection, as well as what validations I may need to use to ensure no vbulletin errors occur. I am using vBulletin 3.6 and the current code I am using in my WHMCS shopping cart is below:

JS Code:
PHP Code:
jQuery(document).ready(function(){
    
jQuery("#customfield2").keyup(function() {
        var 
cfvalue jQuery("#customfield2").val();
        
setTimeout(function() {
            if (
cfvalue != jQuery("#customfield2").val()) {return;}
            
jQuery("#cf2").attr("src","images/custom/icons/hourglass.gif");
            if (
cfvalue == '') {
                
jQuery("#cf2").hide();
            } else if (
cfvalue != '') {
                
jQuery("#cf2").show();
                
checkAvailability(cfvalue);
            }
        }, 
1000);
    });
});

function 
checkAvailability(cf2){
    $.
post("includes/vbusername.php", {task"check"usernamecf2}, function(result) {
        
jQuery("#cf2").attr("src",(result == 'available' 'images/custom/icons/check.gif' 'images/custom/icons/x.gif'));
    });
}

function 
createUser(cf2){
    $.
post("includes/vbusername.php", {task"create"usernamecf2});
}

function 
showUsernameNotification() {
    
document.write('<img src="images/custom/icons/hourglass.gif" alt="-" border="0" id="cf2" style="margin-bottom: -8px;" /> ');
    
jQuery("#cf2").hide();

PHP Code:
<?php

// ####################### SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~E_NOTICE);

// #################### DEFINE IMPORTANT CONSTANTS #######################
define('THIS_SCRIPT''vbusername');

// ######################### REQUIRE BACK-END ############################
chdir('/home/********/public_html/community');
require_once(
'./global.php');
require_once(
DIR '/includes/functions_user.php');
require_once(
DIR '/includes/functions_misc.php');

// #######################################################################
// ######################## START MAIN SCRIPT ############################
// #######################################################################

$vbulletin->GPC['username'] = mysql_real_escape_string($_POST['username']);

if (
$_POST['task'] == "check") {
    if (
$db->query_first("SELECT username FROM ".TABLE_PREFIX."user WHERE username = '".$vbulletin->GPC['username']."'")) {echo "unavailable";} else {echo "available";}
}

if (
$_POST['task'] == "create") {
    
$vbulletin->input->clean_array_gpc('p', array(
        
'options'             => TYPE_ARRAY_BOOL,
        
'username'            => TYPE_STR,
        
'email'               => TYPE_STR,
        
'emailconfirm'        => TYPE_STR,
        
'parentemail'         => TYPE_STR,
        
'password'            => TYPE_STR,
        
'password_md5'        => TYPE_STR,
        
'passwordconfirm'     => TYPE_STR,
        
'passwordconfirm_md5' => TYPE_STR,
        
'referrername'        => TYPE_NOHTML,
        
'imagestamp'          => TYPE_STR,
        
'imagehash'           => TYPE_STR,
        
'coppauser'           => TYPE_BOOL,
        
'day'                 => TYPE_UINT,
        
'month'               => TYPE_UINT,
        
'year'                => TYPE_UINT,
        
'timezoneoffset'      => TYPE_NUM,
        
'dst'                 => TYPE_UINT,
        
'userfield'           => TYPE_ARRAY,
        
'showbirthday'        => TYPE_UINT,
    ));

    
$userdata =& datamanager_init('User'$vbulletinERRTYPE_ARRAY);

    
$userdata->set_info('coppauser'$vbulletin->GPC['coppauser']);
    
$userdata->set_info('coppapassword'$vbulletin->GPC['password']);
    
$userdata->set_bitfield('options''coppauser'$vbulletin->GPC['coppauser']);
    
$userdata->set('parentemail'$vbulletin->GPC['parentemail']);
    
$userdata->set('password', ($vbulletin->GPC['password_md5'] ? $vbulletin->GPC['password_md5'] : $vbulletin->GPC['password']));
    
$userdata->set('email'$vbulletin->GPC['email']);
    
$userdata->set('username'$vbulletin->GPC['username']);
    
$userdata->set('referrerid'$vbulletin->GPC['referrername']);
    if (
$vbulletin->options['verifyemail']) {$newusergroupid 3;}
    else if (
$vbulletin->options['moderatenewmembers'] OR $vbulletin->GPC['coppauser']) {$newusergroupid 4;}
    else {
$newusergroupid 2;}
    
$userdata->set('usergroupid'$newusergroupid);
    
$userdata->set('languageid'$vbulletin->userinfo['languageid']);
    
$userdata->set_usertitle(''false$vbulletin->usergroupcache["$newusergroupid"], falsefalse);
    
$userdata->set('showbirthday'$vbulletin->GPC['showbirthday']);
    
$userdata->set('birthday', array(
        
'day'   => $vbulletin->GPC['day'],
        
'month' => $vbulletin->GPC['month'],
        
'year'  => $vbulletin->GPC['year']
    ));
    
$userdata->set_dst($vbulletin->GPC['dst']);
    
$userdata->set('timezoneoffset'$vbulletin->GPC['timezoneoffset']);
    
$userdata->set('ipaddress'IPADDRESS);
    
$userdata->pre_save();
    
$vbulletin->userinfo['userid']
        = 
$userid
        
$userdata->save();    
}

?>
Reply With Quote
 


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:23 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03564 seconds
  • Memory Usage 2,422KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (2)post_thanks_box
  • (2)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit_info
  • (2)postbit
  • (2)postbit_onlinestatus
  • (2)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete