MyBB Community Forums

MyBB Community Forums > Resources > Third Party Integration > Any tips for turning "Register" into an API?
Full Version: Any tips for turning "Register" into an API?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Myusername69

2020-09-29, 08:33 PM
I'd like to disable users being able to register on the forum

And only allow my other server to make a registration request

Any tips on what parts of member.php I need to trim and what parts I need to keep, in order to make a brand new user? 

I'm unsure about the "email activation" part, is there a way to disable that or mark it as already activated when the user is made?
Is this all i need? (post #2)

https://community.mybb.com/thread-226176...pid1342284

noob1337

2020-09-29, 10:04 PM
So I tried copy/pasting some stuff into a new .php file:

// Set up user handler.
require_once MYBB_ROOT."inc/datahandlers/user.php";
$userhandler = new UserDataHandler("insert");

// Set the data for the new user.
$user = array(
	"username" => 'username123',
	"password" => 'password123',
	"password2" => 'password123',
	"email" => '[email protected]',
	"email2" => '[email protected]',
	"usergroup" => 2,
	"referrer" => '',
	"timezone" => '0',
	"regcheck1" => '',
	"regcheck2" => 'true',
	"registration" => true
);

$user['options'] = array(
	"allownotices" => 1,
	"hideemail" => 1,
	"subscriptionmethod" => 2,
	"receivepms" => 1,
	"pmnotice" => 1,
	"pmnotify" => 1,
	"invisible" => 0,
	"dstcorrection" => 0
);

$userhandler->set_data($user);
$errors = array();

if(!$userhandler->validate_user())
{
	$errors = $userhandler->get_friendly_errors();
}

$userhandler->insert_user(); // didn't rly handle $errors here

http_response_code(200);
echo json_encode($errors);

But I don't get anything in the mybb_users table... :\
Seems I was debugging this wrong.. also I was missing something from this to get MYBB_ROOT
define("IN_MYBB", 1);
define("IGNORE_CLEAN_VARS", "sid");
define('THIS_SCRIPT', 'member.php');
define("ALLOWABLE_PAGE", "register,do_register,login,do_login,logout,lostpw,do_lostpw,activate,resendactivation,do_resendactivation,resetpassword,viewnotes");
require_once "./global.php";

I'm getting the error "The user is not valid."
Ok I got it working (I hope, stuff is showing up in the users table)

This was the final code... nothing really changed from above, and there's some junk in there but I'm taking a break lol
define("IN_MYBB", 1);
define("IGNORE_CLEAN_VARS", "sid");
define('THIS_SCRIPT', 'member.php');
define("ALLOWABLE_PAGE", "register,do_register,login,do_login,logout,lostpw,do_lostpw,activate,resendactivation,do_resendactivation,resetpassword,viewnotes");
require_once "./global.php";
// Set up user handler.
require_once MYBB_ROOT."inc/datahandlers/user.php";
$userhandler = new UserDataHandler("insert");

// Set the data for the new user.
$user = array(
	"username" => 'username1234',
	"password" => 'password123',
	"password2" => 'password123',
	"email" => '[email protected]',
	"email2" => '[email protected]',
	"usergroup" => 2,
	"referrer" => '',
	"timezone" => '0',
	"regcheck1" => '',
	"regcheck2" => 'true',
	"registration" => true
);

$user['options'] = array(
	"allownotices" => 1,
	"hideemail" => 1,
	"subscriptionmethod" => 2,
	"receivepms" => 1,
	"pmnotice" => 1,
	"pmnotify" => 1,
	"invisible" => 0,
	"dstcorrection" => 0
);

$userhandler->set_data($user);
$errors = array();

if(!$userhandler->validate_user())
{
	$errors = $userhandler->get_errors();
}
error_log("~".print_r($errors,TRUE),0);
$userhandler->insert_user(); // didn't rly handle $errors here

http_response_code(200);
$out = array_values($errors);
echo json_encode($errors);

Myusername69

2020-09-29, 10:28 PM
Yea solution is done

noob1337

2020-09-30, 01:39 PM
Can someone help me with hacking the "Login" part now?

	require_once MYBB_ROOT."inc/datahandlers/login.php";

	$user = array(
		'username' => 'myusername123'//,
		//'password' => '',
		//'remember' => '',
		//'imagestring' => ''
	);

	$loginhandler = new LoginDataHandler("get");

	$loginhandler->set_data($user);
	$validated = $loginhandler->validate_login();
	$loginhandler->complete_login();

Returns a "You are either not logged in or do not have permission to view this page." HTML page... but it also returned a cookie but I haven't tried the cookie to see if it works (not sure how to do that yet lol)

I think it might be working actually.... brb
IT WORKED!!!!

Myusername69

2020-09-30, 02:11 PM
So I can
1. Register
2. Login

Now I just need
3. Logout
4. Intercept a timed-out cookie, ping my server whether it's valid, and if it is then refresh it
5. Receive a ping from my server if a cookie is valid/active

noob1337

2020-09-30, 04:41 PM
I think for Logout, this code would work:

$cookieHeaderValue = $_SERVER['HTTP_COOKIE'] // Cookie: "mybbuser=<uid>_<loginkey>"

$uid = (explode("_", $cookieHeaderValue, 1))[0];

my_unsetcookie("mybbuser"); // idk if this does anything useful
my_unsetcookie("sid");      // idk if this does anything useful

$time = TIME_NOW;
$db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='$uid'");
$db->delete_query("sessions", "uid = '$uid'");

Myusername69

2020-09-30, 05:58 PM
Now it's saying $db isn't a variable...

Anyone can help me understand why?
MyBB Community Forums > Resources > Third Party Integration > Any tips for turning "Register" into an API?