MyBB Community Forums

MyBB Community Forums > Resources > Third Party Integration > Posting thread from outside script (python with discord)
Full Version: Posting thread from outside script (python with discord)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

johanssen

2017-10-21, 01:50 AM
UPDATE:
See my comment below to see how I did it.

I am writing a bot that integrates with Discord (just for context) and was wondering how the posthash is generated?

 I see based on some snooping and testing that the data sent during a reply (specifically a quick reply) is as follows:

(This is the POST data)
my_post_key: <KEY>
subject: <SUBJECT>
action: do_newreply
posthash: <POST HASH>
quoted_ids: <INT>
lastpid: <INT>
from_page: <INT>
tid: <INT>
method: quickreply
message: <MESSAGE CONTENT>

Based on some testing, my_post_key is a constant value for each user, so I have that, but I am wondering if there is a way for me to generate the posthash? I was able to generate the logoutkey by running the loginkey through an md5 encryption. But I am unsure how to do the same with the post hash. 

Is it related to the lastpid or pid (ie. the md5 encryption of the pid or something to that effect?) Also, how would I set the lastpid, do I even need to define it?

I've already been able to make the script login and sustain and login, as well as log out. My next step is to get it to post to a specific thread based on input from the user (that is where discord is coming in, when triggered from discord it will post the specified text. But I've got the discord portion complete)


EDIT:


Based on some more searching I found the line in newreply.php that generates the posthash:
$mybb->input['posthash'] = md5($thread['tid'].$mybb->user['uid'].random_str());

If I am reading this right, all its doing is running a random string through the md5 hash and using that? So I should be able to do a similar thing in python, generate a random string and run it through the md5 hash.

johanssen

2017-10-22, 04:59 PM
UPDATE:

After some more testing and reaching out to the great people on the MyBB discord, I was able to get the posting working!

For anyone who is trying to do this in python in the future, the process for logging in, sustaining a session and logging out is as follows (as well as doing stuff while logged in):



Part 1:

Import the required libraries and generate the logout key, this is key is just the users login key run through the MD5 hash.

import requests
import sys
import hashlib
import time
import string
from random import randint

loginKey = "USER_LOGIN_KEY - Get from MyBB database"
m = hashlib.md5()
m.update(loginKey.encode('utf-8'))
logoutKey = m.hexdigest()


Part 2:

Define the data for both logging into the forums and logging out, I did this by putting the respective data into two easily callable lists. Note that the only data required for logging out is the logout key (generated earlier).

LOGIN = {
"url": "http://example.com/index.php",
"action": "do_login",
"submit": "Login",
"quick_login": "1",
"quick_username": "FORUM_USERNAME",
"quick_password": "PASSWORD",
}

LOGOUT = {
"url": "http://example.com/index.php",
"action": "logout",
"logoutkey": logoutKey
}


Part 3:

Here I generate a post hash, a random MD5 string based off of an int between 0 and 100000, this can be any random generator, the post hash is used for attaching files to a post/reply. I used a random int as the forums uses a random string so there is no chance of them producing the same string. 

I then login to the forums using a requests.Session, this stores the cookies required for posting and all other relevant data for the duration of the session. I then define the post data and finally use the requests.post function, I post my reply to the forums! Then log out

def post_reply(message_string):
    
    rand_int = randint(0,1000000)
    random_string = str(rand_int)
    n = hashlib.md5()
    n.update(random_string.encode('utf-8'))
    posthash = n.hexdigest()
    
    s = requests.Session()
        
    s.post("http://example.com/member.php", data=LOGIN)
    print("Logged in")

    POST_DATA = {
    "my_post_key": "USER_POST_KEY - Get this by watching the network in Chrome",
    "subject": "RE: TITLE NAME",
    "action": "do_newreply",
    "posthash": posthash,
    "quoted_ids": "",   
    "lastpid": "INT - This number just has to be less then the last post id, I use 100",
    "from_page": "INT",
    "tid": "INT",
    "method": "quickreply",
    "message": message_string,
    "postoptions[signature]": "0"
    }
    
    r = s.post("http://example.com/newreply.php", data=POST_DATA)

    time.sleep(1)
    
    s.post("http://example.com/member.php", data=LOGOUT)
    print("Logged out")
    print("Done")


Some notes:
  • My example is posting a reply to a thread, not creating a new thread (though I imagine doing that would not be too difficult)
  • Get the tid from the thread you want to post in
  • The reason I put the actual posting inside a function was to let me simply call the function from my discord bot (further down in the program) and just pass it the string I wanted to post.
MyBB Community Forums > Resources > Third Party Integration > Posting thread from outside script (python with discord)