Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 08-13-2012, 09:04 PM
Nullifi3d Nullifi3d is offline
 
Join Date: Apr 2004
Location: FL, USA
Posts: 215
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default vBulletin 3.6 - Register new user from outside vbulletin directory

I am trying to implement a script that adds a new vbulletin user during a shopping cart purchase within the WHMCS cart page. I have the basic jquery script built to check for username availability and it's setup for user insertion.

I just need to know what the minimum user variables are that need to be included during sql injection, as well as what validations I may need to use to ensure no vbulletin errors occur. I am using vBulletin 3.6 and the current code I am using in my WHMCS shopping cart is below:

JS Code:
PHP Code:
jQuery(document).ready(function(){
    
jQuery("#customfield2").keyup(function() {
        var 
cfvalue jQuery("#customfield2").val();
        
setTimeout(function() {
            if (
cfvalue != jQuery("#customfield2").val()) {return;}
            
jQuery("#cf2").attr("src","images/custom/icons/hourglass.gif");
            if (
cfvalue == '') {
                
jQuery("#cf2").hide();
            } else if (
cfvalue != '') {
                
jQuery("#cf2").show();
                
checkAvailability(cfvalue);
            }
        }, 
1000);
    });
});

function 
checkAvailability(cf2){
    $.
post("includes/vbusername.php", {task"check"usernamecf2}, function(result) {
        
jQuery("#cf2").attr("src",(result == 'available' 'images/custom/icons/check.gif' 'images/custom/icons/x.gif'));
    });
}

function 
createUser(cf2){
    $.
post("includes/vbusername.php", {task"create"usernamecf2});
}

function 
showUsernameNotification() {
    
document.write('<img src="images/custom/icons/hourglass.gif" alt="-" border="0" id="cf2" style="margin-bottom: -8px;" /> ');
    
jQuery("#cf2").hide();

PHP Code:
<?php

// ####################### SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~E_NOTICE);

// #################### DEFINE IMPORTANT CONSTANTS #######################
define('THIS_SCRIPT''vbusername');

// ######################### REQUIRE BACK-END ############################
chdir('/home/********/public_html/community');
require_once(
'./global.php');
require_once(
DIR '/includes/functions_user.php');
require_once(
DIR '/includes/functions_misc.php');

// #######################################################################
// ######################## START MAIN SCRIPT ############################
// #######################################################################

$vbulletin->GPC['username'] = mysql_real_escape_string($_POST['username']);

if (
$_POST['task'] == "check") {
    if (
$db->query_first("SELECT username FROM ".TABLE_PREFIX."user WHERE username = '".$vbulletin->GPC['username']."'")) {echo "unavailable";} else {echo "available";}
}

if (
$_POST['task'] == "create") {
    
$vbulletin->input->clean_array_gpc('p', array(
        
'options'             => TYPE_ARRAY_BOOL,
        
'username'            => TYPE_STR,
        
'email'               => TYPE_STR,
        
'emailconfirm'        => TYPE_STR,
        
'parentemail'         => TYPE_STR,
        
'password'            => TYPE_STR,
        
'password_md5'        => TYPE_STR,
        
'passwordconfirm'     => TYPE_STR,
        
'passwordconfirm_md5' => TYPE_STR,
        
'referrername'        => TYPE_NOHTML,
        
'imagestamp'          => TYPE_STR,
        
'imagehash'           => TYPE_STR,
        
'coppauser'           => TYPE_BOOL,
        
'day'                 => TYPE_UINT,
        
'month'               => TYPE_UINT,
        
'year'                => TYPE_UINT,
        
'timezoneoffset'      => TYPE_NUM,
        
'dst'                 => TYPE_UINT,
        
'userfield'           => TYPE_ARRAY,
        
'showbirthday'        => TYPE_UINT,
    ));

    
$userdata =& datamanager_init('User'$vbulletinERRTYPE_ARRAY);

    
$userdata->set_info('coppauser'$vbulletin->GPC['coppauser']);
    
$userdata->set_info('coppapassword'$vbulletin->GPC['password']);
    
$userdata->set_bitfield('options''coppauser'$vbulletin->GPC['coppauser']);
    
$userdata->set('parentemail'$vbulletin->GPC['parentemail']);
    
$userdata->set('password', ($vbulletin->GPC['password_md5'] ? $vbulletin->GPC['password_md5'] : $vbulletin->GPC['password']));
    
$userdata->set('email'$vbulletin->GPC['email']);
    
$userdata->set('username'$vbulletin->GPC['username']);
    
$userdata->set('referrerid'$vbulletin->GPC['referrername']);
    if (
$vbulletin->options['verifyemail']) {$newusergroupid 3;}
    else if (
$vbulletin->options['moderatenewmembers'] OR $vbulletin->GPC['coppauser']) {$newusergroupid 4;}
    else {
$newusergroupid 2;}
    
$userdata->set('usergroupid'$newusergroupid);
    
$userdata->set('languageid'$vbulletin->userinfo['languageid']);
    
$userdata->set_usertitle(''false$vbulletin->usergroupcache["$newusergroupid"], falsefalse);
    
$userdata->set('showbirthday'$vbulletin->GPC['showbirthday']);
    
$userdata->set('birthday', array(
        
'day'   => $vbulletin->GPC['day'],
        
'month' => $vbulletin->GPC['month'],
        
'year'  => $vbulletin->GPC['year']
    ));
    
$userdata->set_dst($vbulletin->GPC['dst']);
    
$userdata->set('timezoneoffset'$vbulletin->GPC['timezoneoffset']);
    
$userdata->set('ipaddress'IPADDRESS);
    
$userdata->pre_save();
    
$vbulletin->userinfo['userid']
        = 
$userid
        
$userdata->save();    
}

?>
Reply With Quote
  #2  
Old 08-20-2012, 03:05 PM
Nullifi3d Nullifi3d is offline
 
Join Date: Apr 2004
Location: FL, USA
Posts: 215
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Can anyone give me any guidance on the minimum tables/fields that need to be inserted when creating a new user? I am simply trying to insert users from my shopping cart pages, but want to ensure that I am inserting what I need to and utilizing proper validation methods.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:57 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03303 seconds
  • Memory Usage 2,231KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (2)post_thanks_box
  • (2)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit_info
  • (2)postbit
  • (2)postbit_onlinestatus
  • (2)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete