MyBB Community Forums

I'm writing a cURL class to login to MyBB and send PMs and the like. I can log a user in and then make it move around the forums using a couple of functions, but I'm stumped as to how to get it to logout. When I call the logout_main() function and echo the contents it returns, I get the error below:

MyBB Wrote:Your user ID could not be verified to log you out. This may have been because a malicious Javascript was attempting to log you out automatically. If you intended to log out, please click the Log Out button at the top menu.

I have been appending the logoutkey to the URL, and have opened up member.php to try and figure out why it won't work - but I don't see any other checks performed. I also tried playing with the referrer value to no avail. Here's the function source if that helps:

		function logout_main() {
			// Logs the bot user out of MyBB, has to get the logoutkey first though
			$this->curl_handle = curl_init();
			curl_setopt($this->curl_handle, CURLOPT_CONNECTTIMEOUT, $this->curl_connection_timeout);
			curl_setopt($this->curl_handle, CURLOPT_RETURNTRANSFER, true);
			curl_setopt($this->curl_handle, CURLOPT_SSL_VERIFYPEER, false);
			curl_setopt($this->curl_handle, CURLOPT_USERAGENT, 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)');
			curl_setopt($this->curl_handle, CURLOPT_URL, $this->board_url .'/index.php');
			curl_setopt($this->curl_handle, CURLOPT_AUTOREFERER, true);
			curl_setopt($this->curl_handle, CURLOPT_FOLLOWLOCATION, true);
			curl_setopt($this->curl_handle, CURLOPT_COOKIEFILE, $this->curl_cookie_directory .'/current.txt');
			$this->curl_result = curl_exec($this->curl_handle);
			$logout_key_start = strpos($this->curl_result, 'logoutkey=');
			$logout_key = substr($this->curl_result, $logout_key_start + 10, 32);
			curl_setopt($this->curl_handle, CURLOPT_REFERER, 'http://jdforums.co.cc/index.php');
			curl_setopt($this->curl_handle, CURLOPT_URL, $this->board_url .'/member.php?action=logout&logoutkey='. $logout_key);
			$this->curl_result = curl_exec($this->curl_handle);
			return $this->curl_result;
		}

Any ideas? Kind of new to using cURL so examples might be useful

I can't see where exactly you're pulling the logout key out of the database...?... I haven't used cURL in ages though, so tell me if I'm wrong.

The key is stored in the (table_prefix)_users table - would it not be easier to actually pull it out and put it onto the end of the string?

I'm not pulling the key out of the database - I'm using strpos() and substr() to pull it from the index page. The whole point in this class is that I don't have to touch the database .

Whatever happened to simple and elegance...

Lol, then why not define a variable in PHP in global.php, or even better, use the $mybb class that already exists? You should be able to use them better than strpos and substr.

Because the bot is a much better way to handle the project I'm working on. I thought about using MyBB's own classes and plugin system to achieve this and didn't like the idea - it just wouldn't work. I didn't post here without thinking about other ways to do it.

As for defining a global variable, that's not what I'm after. I don't want to make any more source edits to MyBB, the board is modded heavily enough for now and upgrading to new versions is hellish enough.

Does anyone actually know if this is possible and, if it is, how to achieve it?

Sorry to have to bump this, but anyone?

It's probably just easier to delete cookies - after all, that's all the logout features of practically any web authentication system does.

But anyway:

            curl_setopt($this->curl_handle, CURLOPT_URL, $this->board_url .'/member.php?action=logout&logoutkey='. $logout_key);

I think your mistake is sticking in the & - it's not being displayed as HTML...

Thanks Yumi - I knew it'd be something stupid. That's from where I copied the URL from the source of the MyBB index - I forgot to replace the ampersand with its unencoded counterpart.

Thanks again!