Go Back   vb.org Archive > vBulletin 5 Connect Discussion > vB5 Programming Discussions

Reply
 
Thread Tools Display Modes
  #11  
Old 09-03-2019, 10:44 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It's not needed as far as I can see. Now regarding the username... I'm not entirely sure but it seems that the username is not updated by making use of the save method in the user API. Not sure at the moment how that can be done.
Reply With Quote
  #12  
Old 09-03-2019, 11:52 PM
doc55 doc55 is offline
 
Join Date: Aug 2019
Posts: 32
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Interesting. After you said that, I went back and looked at the default profile edit page. It looks like vB does not give the option to users to change their username either. So, probably that's why we can't use this api to change the user's name. I guess I need to follow the same process and not allow users change their usernames.

So in that case and for my knowledge, why do we need the following line in the save user api?
PHP Code:
'user' => array( 'email' => $email'username' => $username ), 
Do we really need it? or can I change it to
PHP Code:
'user' => array(), 
--------------- Added [DATE]1567566465[/DATE] at [TIME]1567566465[/TIME] ---------------

OK, now I think I'm losing my mind. This is crazy. When I tested the script I posted here 10 minutes ago, it was working by updating the user's email and password, and when I was entering a wrong password, it was giving me the error message "badpassword".
Now I went back to test again (without changing anything in the code) and I'm getting the error message "enter_current_password" error message, even when I enter correct current password or wrong currect password and nothing is updating.
How in the world is this possible that I'm getting a different response?
Reply With Quote
  #13  
Old 09-05-2019, 12:20 AM
doc55 doc55 is offline
 
Join Date: Aug 2019
Posts: 32
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Finally, I was able to put everything together and make this thing work. Thank you both for all your help.
Now. I have one issue/question.
The following line is updating the username:
PHP Code:
vB::getDbAssertor()->update'user', array( 'username' => $username ), array( "userid" => $vb_userid ) ); 
The only issue is that it doesn't check if the username is already in use or not and it allows duplicate usernames. So I need to first check the user table in the database and throw an error if username is duplicate.

Is there any instruction on how to search the vB database to search for data? Can you help?
Reply With Quote
  #14  
Old 09-05-2019, 06:19 AM
delicjous's Avatar
delicjous delicjous is offline
 
Join Date: Nov 2014
Posts: 352
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You should not use "vB::getDbAssertor()->update" because this is a direct database action. There are api-functions for that.
Reply With Quote
  #15  
Old 09-05-2019, 08:43 AM
doc55 doc55 is offline
 
Join Date: Aug 2019
Posts: 32
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by delicjous View Post
You should not use "vB::getDbAssertor()->update" because this is a direct database action. There are api-functions for that.
Thank you for your reply.
I managed to figure out how to search the database to prevent duplicate username entry by using vB::getDbAssertor()->getRow.

What is the API that I could use instead of vB::getDbAssertor()->update which will be more secure? Can you please advise?

Is it ok to use vB::getDbAssertor()->getRow in an if statement to search for the data?

Thank you again.
Reply With Quote
  #16  
Old 09-05-2019, 09:21 AM
shka shka is offline
 
Join Date: Mar 2016
Posts: 79
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by doc55 View Post
Thank you for your reply.
I managed to figure out how to search the database to prevent duplicate username entry by using vB::getDbAssertor()->getRow.

What is the API that I could use instead of vB::getDbAssertor()->update which will be more secure? Can you please advise?

Is it ok to use vB::getDbAssertor()->getRow in an if statement to search for the data?
That isn't what delicjous means. With vB::getDbAssertor() you are working directly in db structure (like you edit table in phpmyadmin). Yes you can, of course. And you can change in some tables some things.

But a forum is a complex build with some particularly important elements (e.g. users with conventions for name length or password security). If you edit this directly you have to implement the same logic (checks, validations, needed following changes in other tables or cache refresh ...) in your code.

So you should use exposed api calls who implement the logic for you. As a starting point http://vb5support.com/resources/api/ and for this case http://vb5support.com/resources/api/..._checkUsername.

I haven't done such a user update so I can't give you code. But I would go this way or start there.

And http://vb5support.com/resources/api/...ml#method_save could be useful for final update.

And as a general note - if you find a possible useful api call (the description sounds good) and find no examples for that (parameters, more lines example) use the vB source code.
A search for checkUsername shows 5 relevant code lines
\forum\core\vb\api\user.php
5600,18: public function checkUsername($candidate)

\forum\core\vb\api\vb4\register.php
67,38: $check = vB_Api::instance('user')->checkUsername($username);

\forum\includes\vb5\frontend\controller\registrati on.php
285,24: public function actionCheckUsername()
297,36: $result = $api->callApi('user', 'checkUsername', array('candidate' => $_REQUEST['username']));

\forum\js\signup.js
11,2351: ...

First is api implementation, last I think not relevant here. But the others - try to unterstand the methods and the logic there
Reply With Quote
  #17  
Old 09-05-2019, 09:47 AM
doc55 doc55 is offline
 
Join Date: Aug 2019
Posts: 32
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

shka,
Thank you for your helpful post. I am just starting to use vBulletin and I'm gathering as much information as I can, so your comments are much appreciated.
I checked the cherusername api and I will be using it in my code.
However, the user save method, is not updating the username, that's why I'm using the database update.
When I checked the default profile edit page on vB, there is no option for users to change their username. So I think vB by default, doesn't allow this (except from the AdminCP) and therefore the save function doesn't updat the username. Unless I'm missing something.
Reply With Quote
  #18  
Old 09-05-2019, 10:13 AM
shka shka is offline
 
Join Date: Mar 2016
Posts: 79
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

<a href="http://vb5support.com/resources/api/vB_DataManager_User.html" target="_blank">http://vb5support.com/resources/api/...ager_User.html</a> with update_username and verify_username ?
Reply With Quote
  #19  
Old 09-05-2019, 11:22 AM
delicjous's Avatar
delicjous delicjous is offline
 
Join Date: Nov 2014
Posts: 352
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

As Wayne mentioned anywhere you should use the mobile-API including an API-Key!

API=> user -> saveEmailPassword

For security reasons you should not use your scripts on any live forum.
Not that I will say it is unsafe, but changing an email by give users the ability to write anything to the user->email field (even non email-strings) is not the best idea!
Reply With Quote
Благодарность от:
In Omnibus
  #20  
Old 09-05-2019, 11:36 AM
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Location: Inside A Blade Server
Posts: 840
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by delicjous View Post
As Wayne mentioned anywhere you should use the mobile-API including an API-Key!

API=> user -> saveEmailPassword

For security reasons you should not use your scripts on any live forum.
Not that I will say it is unsafe, but changing an email by give users the ability to write anything to the user->email field (even non email-strings) is not the best idea!
Giving anyone other than a trusted administrator the ability to write anything to the database is asking for trouble. One typo from a well-intentioned user can cause an unmitigated disaster.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:52 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04464 seconds
  • Memory Usage 2,263KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_php
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (1)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete