Any tips for turning "Register" into an API?
#1
I'd like to disable users being able to register on the forum

And only allow my other server to make a registration request

Any tips on what parts of member.php I need to trim and what parts I need to keep, in order to make a brand new user? 

I'm unsure about the "email activation" part, is there a way to disable that or mark it as already activated when the user is made?

Is this all i need? (post #2)

https://community.mybb.com/thread-226176...pid1342284
Reply
#2
So I tried copy/pasting some stuff into a new .php file:

// Set up user handler.
require_once MYBB_ROOT."inc/datahandlers/user.php";
$userhandler = new UserDataHandler("insert");

// Set the data for the new user.
$user = array(
	"username" => 'username123',
	"password" => 'password123',
	"password2" => 'password123',
	"email" => '[email protected]',
	"email2" => '[email protected]',
	"usergroup" => 2,
	"referrer" => '',
	"timezone" => '0',
	"regcheck1" => '',
	"regcheck2" => 'true',
	"registration" => true
);

$user['options'] = array(
	"allownotices" => 1,
	"hideemail" => 1,
	"subscriptionmethod" => 2,
	"receivepms" => 1,
	"pmnotice" => 1,
	"pmnotify" => 1,
	"invisible" => 0,
	"dstcorrection" => 0
);

$userhandler->set_data($user);
$errors = array();

if(!$userhandler->validate_user())
{
	$errors = $userhandler->get_friendly_errors();
}

$userhandler->insert_user(); // didn't rly handle $errors here

http_response_code(200);
echo json_encode($errors);

But I don't get anything in the mybb_users table... :\

Seems I was debugging this wrong.. also I was missing something from this to get MYBB_ROOT
define("IN_MYBB", 1);
define("IGNORE_CLEAN_VARS", "sid");
define('THIS_SCRIPT', 'member.php');
define("ALLOWABLE_PAGE", "register,do_register,login,do_login,logout,lostpw,do_lostpw,activate,resendactivation,do_resendactivation,resetpassword,viewnotes");
require_once "./global.php";

I'm getting the error "The user is not valid."

Ok I got it working (I hope, stuff is showing up in the users table)

This was the final code... nothing really changed from above, and there's some junk in there but I'm taking a break lol
define("IN_MYBB", 1);
define("IGNORE_CLEAN_VARS", "sid");
define('THIS_SCRIPT', 'member.php');
define("ALLOWABLE_PAGE", "register,do_register,login,do_login,logout,lostpw,do_lostpw,activate,resendactivation,do_resendactivation,resetpassword,viewnotes");
require_once "./global.php";
// Set up user handler.
require_once MYBB_ROOT."inc/datahandlers/user.php";
$userhandler = new UserDataHandler("insert");

// Set the data for the new user.
$user = array(
	"username" => 'username1234',
	"password" => 'password123',
	"password2" => 'password123',
	"email" => '[email protected]',
	"email2" => '[email protected]',
	"usergroup" => 2,
	"referrer" => '',
	"timezone" => '0',
	"regcheck1" => '',
	"regcheck2" => 'true',
	"registration" => true
);

$user['options'] = array(
	"allownotices" => 1,
	"hideemail" => 1,
	"subscriptionmethod" => 2,
	"receivepms" => 1,
	"pmnotice" => 1,
	"pmnotify" => 1,
	"invisible" => 0,
	"dstcorrection" => 0
);

$userhandler->set_data($user);
$errors = array();

if(!$userhandler->validate_user())
{
	$errors = $userhandler->get_errors();
}
error_log("~".print_r($errors,TRUE),0);
$userhandler->insert_user(); // didn't rly handle $errors here

http_response_code(200);
$out = array_values($errors);
echo json_encode($errors);
Reply
#3
Yea solution is done
Reply
#4
Can someone help me with hacking the "Login" part now?

	require_once MYBB_ROOT."inc/datahandlers/login.php";

	$user = array(
		'username' => 'myusername123'//,
		//'password' => '',
		//'remember' => '',
		//'imagestring' => ''
	);

	$loginhandler = new LoginDataHandler("get");

	$loginhandler->set_data($user);
	$validated = $loginhandler->validate_login();
	$loginhandler->complete_login();

Returns a "You are either not logged in or do not have permission to view this page." HTML page... but it also returned a cookie but I haven't tried the cookie to see if it works (not sure how to do that yet lol)

I think it might be working actually.... brb

IT WORKED!!!!
Reply
#5
So I can
1. Register
2. Login

Now I just need
3. Logout
4. Intercept a timed-out cookie, ping my server whether it's valid, and if it is then refresh it
5. Receive a ping from my server if a cookie is valid/active
Reply
#6
I think for Logout, this code would work:

$cookieHeaderValue = $_SERVER['HTTP_COOKIE'] // Cookie: "mybbuser=<uid>_<loginkey>"

$uid = (explode("_", $cookieHeaderValue, 1))[0];

my_unsetcookie("mybbuser"); // idk if this does anything useful
my_unsetcookie("sid");      // idk if this does anything useful

$time = TIME_NOW;
$db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='$uid'");
$db->delete_query("sessions", "uid = '$uid'");
Reply
#7
Now it's saying $db isn't a variable...

Anyone can help me understand why?
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)