MyBB Community Forums

I decided to take on a challenge. If I can get this code here downpat, I should be able to make the rest of it work.

I have a Windows Form, trying to log in to a MyBB powered forum with it. This is the processing code I have:

        public void login(string username, string password)
        {
            byte[] buffer = Encoding.ASCII.GetBytes("username=" + username + "&password=" + password + "&action=do_login");
            HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create("http://example.com/member.php");
            request.Method = "POST";
            request.ContentLength = buffer.Length;
            request.AllowAutoRedirect = true;

            using (Stream reqStream = request.GetRequestStream())
            {
                reqStream.Write(buffer, 0, buffer.Length);
                reqStream.Close();
            }
            HttpWebResponse response = (HttpWebResponse)request.GetResponse();

            using (Stream respStream = response.GetResponseStream())
            {
                using (StreamReader sr = new StreamReader(respStream))
                {
                    string s = sr.ReadToEnd();
                    string[] res = new string[]
                    {
                        s
                    };

                    File.WriteAllLines(@"C:\Users\*****\Desktop\response.txt", res);
                }
            }
        }

The long and short of it is, the file being written returns the contents of an un-logged-in webpage. Any clues what is going wrong? I've tried pointing the form to member.php?action=do_login, no dice. I know the username and password I am using are correct.

Hi Seabody, try code from:
http://stackoverflow.com/questions/93080...ia-program

"PHP logins use PHPSESSID cookie. You'll need to capture this and pass it back in the CookieContainer. This is how the server will recognise you as an authenticated user." ref. http://stackoverflow.com/questions/85026...-in-c?rq=1

(2013-06-10, 11:39 AM)thebobo1 Wrote: [ -> ]Hi Seabody, try code from:
http://stackoverflow.com/questions/93080...ia-program

"PHP logins use PHPSESSID cookie. You'll need to capture this and pass it back in the CookieContainer. This is how the server will recognise you as an authenticated user." ref. http://stackoverflow.com/questions/85026...-in-c?rq=1

MyBB doesn't use PHP sessions.

Seabody, try having "action" be a POST parameter as well, instead of POSTing it to member.php?action=login.

You will need to capture the mybbuser cookie and store it somewhere so it's passed to subsequent pages.

I am POSTing the action as well now, no difference. I think I have captured the mybbuser cookie, but until I manage to actually log in, I don't think I'll be able to test that.

---

OK, scratch that, I think I'm being logged in. Still no sign of the mybbuser cookie though (am showing an alert box if it's captured right before the file is written, nothing).

---

OK, definitely being logged in, but I'm not capturing the cookie.

This is the code that is (trying) to capture it:

            if (response.Cookies["mybbuser"] != null)
            {
                string cookie = response.Cookies["mybbuser"].Value;

                MessageBox.Show(cookie);

                Properties.Settings.Default.mybbuser = cookie;
                Properties.Settings.Default.Save();
            }

OK, I managed to work it out and I'm now confident I'm being logged in and capturing the mybbuser cookie. Thanks Paul and thebobo1.

Sorry for the rebump, but how does MyBB check who the user is doing an action?

If I'm posting a thread, for example, will MyBB check my uid or my mybbuser cookie? Or both?

---

Ah, I needed $mybb->post_code in the script.