[shka]

Originally Posted by doc55

Thank you for your reply.
I managed to figure out how to search the database to prevent duplicate username entry by using vB::getDbAssertor()->getRow.

What is the API that I could use instead of vB::getDbAssertor()->update which will be more secure? Can you please advise?

Is it ok to use vB::getDbAssertor()->getRow in an if statement to search for the data?

That isn't what delicjous means. With vB::getDbAssertor() you are working directly in db structure (like you edit table in phpmyadmin). Yes you can, of course. And you can change in some tables some things.

But a forum is a complex build with some particularly important elements (e.g. users with conventions for name length or password security). If you edit this directly you have to implement the same logic (checks, validations, needed following changes in other tables or cache refresh ...) in your code.

So you should use exposed api calls who implement the logic for you. As a starting point http://vb5support.com/resources/api/ and for this case http://vb5support.com/resources/api/..._checkUsername.

I haven't done such a user update so I can't give you code. But I would go this way or start there.

And http://vb5support.com/resources/api/...ml#method_save could be useful for final update.

And as a general note - if you find a possible useful api call (the description sounds good) and find no examples for that (parameters, more lines example) use the vB source code.
A search for checkUsername shows 5 relevant code lines
\forum\core\vb\api\user.php
5600,18: public function checkUsername($candidate)

\forum\core\vb\api\vb4\register.php
67,38: $check = vB_Api::instance('user')->checkUsername($username);

\forum\includes\vb5\frontend\controller\registration.php
285,24: public function actionCheckUsername()
297,36: $result = $api->callApi('user', 'checkUsername', array('candidate' => $_REQUEST['username']));

\forum\js\signup.js
11,2351: ...

First is api implementation, last I think not relevant here. But the others - try to unterstand the methods and the logic there

[doc55]

shka,
Thank you for your helpful post. I am just starting to use vBulletin and I'm gathering as much information as I can, so your comments are much appreciated.
I checked the cherusername api and I will be using it in my code.
However, the user save method, is not updating the username, that's why I'm using the database update.
When I checked the default profile edit page on vB, there is no option for users to change their username. So I think vB by default, doesn't allow this (except from the AdminCP) and therefore the save function doesn't updat the username. Unless I'm missing something.

[shka]

http://vb5support.com/resources/api/...ager_User.html with update_username and verify_username ?

[delicjous]

As Wayne mentioned anywhere you should use the mobile-API including an API-Key!

API=> user -> saveEmailPassword

For security reasons you should not use your scripts on any live forum.
Not that I will say it is unsafe, but changing an email by give users the ability to write anything to the user->email field (even non email-strings) is not the best idea!

[In Omnibus]

Originally Posted by delicjous

As Wayne mentioned anywhere you should use the mobile-API including an API-Key!

API=> user -> saveEmailPassword

For security reasons you should not use your scripts on any live forum.
Not that I will say it is unsafe, but changing an email by give users the ability to write anything to the user->email field (even non email-strings) is not the best idea!

Giving anyone other than a trusted administrator the ability to write anything to the database is asking for trouble. One typo from a well-intentioned user can cause an unmitigated disaster.

[doc55]

Originally Posted by delicjous

As Wayne mentioned anywhere you should use the mobile-API including an API-Key!

API=> user -> saveEmailPassword

For security reasons you should not use your scripts on any live forum.
Not that I will say it is unsafe, but changing an email by give users the ability to write anything to the user->email field (even non email-strings) is not the best idea!

Thank you for your reply.
So, what's the difference between using API => user -> saveEmailPassword that you recommended and the API => user -> Save that I have in my script?
I have disabled the feature that users can edit their own profile on vBulletin frontend via AdminCP. That's why I think the saveEmailPassword my not work with that function being disabled.