View Single Post
Old 05 Sep 2019, 11:21
shka shka is offline
Join Date: Mar 2016
Originally Posted by doc55 View Post
Thank you for your reply.
I managed to figure out how to search the database to prevent duplicate username entry by using vB::getDbAssertor()->getRow.

What is the API that I could use instead of vB::getDbAssertor()->update which will be more secure? Can you please advise?

Is it ok to use vB::getDbAssertor()->getRow in an if statement to search for the data?
That isn't what delicjous means. With vB::getDbAssertor() you are working directly in db structure (like you edit table in phpmyadmin). Yes you can, of course. And you can change in some tables some things.

But a forum is a complex build with some particularly important elements (e.g. users with conventions for name length or password security). If you edit this directly you have to implement the same logic (checks, validations, needed following changes in other tables or cache refresh ...) in your code.

So you should use exposed api calls who implement the logic for you. As a starting point and for this case

I haven't done such a user update so I can't give you code. But I would go this way or start there.

And could be useful for final update.

And as a general note - if you find a possible useful api call (the description sounds good) and find no examples for that (parameters, more lines example) use the vB source code.
A search for checkUsername shows 5 relevant code lines
5600,18: public function checkUsername($candidate)

67,38: $check = vB_Api::instance('user')->checkUsername($username);

285,24: public function actionCheckUsername()
297,36: $result = $api->callApi('user', 'checkUsername', array('candidate' => $_REQUEST['username']));

11,2351: ...

First is api implementation, last I think not relevant here. But the others - try to unterstand the methods and the logic there

Last edited by shka; 05 Sep 2019 at 11:49.
Reply With Quote