Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #16  
Old 05 Sep 2019, 11:21
shka shka is offline
 
Join Date: Mar 2016
Originally Posted by doc55 View Post
Thank you for your reply.
I managed to figure out how to search the database to prevent duplicate username entry by using vB::getDbAssertor()->getRow.

What is the API that I could use instead of vB::getDbAssertor()->update which will be more secure? Can you please advise?

Is it ok to use vB::getDbAssertor()->getRow in an if statement to search for the data?
That isn't what delicjous means. With vB::getDbAssertor() you are working directly in db structure (like you edit table in phpmyadmin). Yes you can, of course. And you can change in some tables some things.

But a forum is a complex build with some particularly important elements (e.g. users with conventions for name length or password security). If you edit this directly you have to implement the same logic (checks, validations, needed following changes in other tables or cache refresh ...) in your code.

So you should use exposed api calls who implement the logic for you. As a starting point http://vb5support.com/resources/api/ and for this case http://vb5support.com/resources/api/..._checkUsername.

I haven't done such a user update so I can't give you code. But I would go this way or start there.

And http://vb5support.com/resources/api/...ml#method_save could be useful for final update.

And as a general note - if you find a possible useful api call (the description sounds good) and find no examples for that (parameters, more lines example) use the vB source code.
A search for checkUsername shows 5 relevant code lines
\forum\core\vb\api\user.php
5600,18: public function checkUsername($candidate)

\forum\core\vb\api\vb4\register.php
67,38: $check = vB_Api::instance('user')->checkUsername($username);

\forum\includes\vb5\frontend\controller\registration.php
285,24: public function actionCheckUsername()
297,36: $result = $api->callApi('user', 'checkUsername', array('candidate' => $_REQUEST['username']));

\forum\js\signup.js
11,2351: ...

First is api implementation, last I think not relevant here. But the others - try to unterstand the methods and the logic there

Last edited by shka; 05 Sep 2019 at 11:49.
Reply With Quote
  #17  
Old 05 Sep 2019, 11:47
doc55 doc55 is offline
 
Join Date: Aug 2019
shka,
Thank you for your helpful post. I am just starting to use vBulletin and I'm gathering as much information as I can, so your comments are much appreciated.
I checked the cherusername api and I will be using it in my code.
However, the user save method, is not updating the username, that's why I'm using the database update.
When I checked the default profile edit page on vB, there is no option for users to change their username. So I think vB by default, doesn't allow this (except from the AdminCP) and therefore the save function doesn't updat the username. Unless I'm missing something.
Reply With Quote
  #18  
Old 05 Sep 2019, 12:13
shka shka is offline
 
Join Date: Mar 2016
http://vb5support.com/resources/api/...ager_User.html with update_username and verify_username ?
Reply With Quote
  #19  
Old 05 Sep 2019, 13:22
delicjous's Avatar
delicjous delicjous is offline
 
Join Date: Nov 2014
As Wayne mentioned anywhere you should use the mobile-API including an API-Key!

API=> user -> saveEmailPassword

For security reasons you should not use your scripts on any live forum.
Not that I will say it is unsafe, but changing an email by give users the ability to write anything to the user->email field (even non email-strings) is not the best idea!
__________________
vBulletin-Forum.de closed!
Reply With Quote
  #20  
Old 05 Sep 2019, 13:36
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Real name: Kris
Originally Posted by delicjous View Post
As Wayne mentioned anywhere you should use the mobile-API including an API-Key!

API=> user -> saveEmailPassword

For security reasons you should not use your scripts on any live forum.
Not that I will say it is unsafe, but changing an email by give users the ability to write anything to the user->email field (even non email-strings) is not the best idea!
Giving anyone other than a trusted administrator the ability to write anything to the database is asking for trouble. One typo from a well-intentioned user can cause an unmitigated disaster.
Reply With Quote
  #21  
Old 05 Sep 2019, 13:40
doc55 doc55 is offline
 
Join Date: Aug 2019
Originally Posted by delicjous View Post
As Wayne mentioned anywhere you should use the mobile-API including an API-Key!

API=> user -> saveEmailPassword

For security reasons you should not use your scripts on any live forum.
Not that I will say it is unsafe, but changing an email by give users the ability to write anything to the user->email field (even non email-strings) is not the best idea!
Thank you for your reply.
So, what's the difference between using API => user -> saveEmailPassword that you recommended and the API => user -> Save that I have in my script?
I have disabled the feature that users can edit their own profile on vBulletin frontend via AdminCP. That's why I think the saveEmailPassword my not work with that function being disabled.
Reply With Quote
Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Profile Enhancements Profile Update - MySpace Profile Rewrite Hex_legend vBulletin 3.7 Add-ons 81 24 Feb 2009 17:36



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 20:56.

Layout Options | Width: Wide Color: