1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Private Message Sender Script For vBulletin Forums!

Discussion in 'BlackHat Lounge' started by varundbest, Jan 19, 2010.

  1. varundbest

    varundbest Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 15, 2009
    Messages:
    763
    Likes Received:
    495
    Well i was searching on google and found this -
    Code:
    function vbulletin_send_pm(
    	$site, $sender_username, $sender_password, 
    	$recipient, $title = '', $message = '', $iconid = '0'
    ){
    	$cookiefile = tempnam("/tmp", "cookies"); 
    	/* create a temporary file to store cookies.
       this should work on most systems and is more
       flexible than specifying path explicitly */
     
    	$ch = curl_init();
    	//General options
    	//curl_setopt($ch, CURLOPT_HEADER, true); //For debugging
    	//Masquerade as Firefox
    	curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3');
    	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
    	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); //Follow redirects
    	curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiefile);
    	curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiefile);
    	//PHP >= 5.1.0
    	curl_setopt($ch, CURLOPT_AUTOREFERER, true);
     
    	/** *************************************************
    	 		Log In
    	****************************************************/
     
    	curl_setopt($ch, CURLOPT_URL, $site.'login.php?do=login');
    	curl_setopt($ch, CURLOPT_POST, true); 
    	curl_setopt($ch, CURLOPT_REFERER, $site.'index.php'); 
     
    	/* The fields of the login form.*/
    	$postfields = array(
    		'vb_login_username'	=> $sender_username,
    		'vb_login_password' => '', //Interestingly enough, this doesn't need to be set.
    		//'cookieuser' => '1', //"Remember me"
    		's' => '',
    		'securitytoken' => 'guest',
    		'do' => 'login',
    		'vb_login_md5password' => md5($sender_password), //hash the password
    		'vb_login_md5password_utf' => md5($sender_password), //UTF? Looks the same to me.
    	 );
     
    	$postfields = http_build_query($postfields, '', '&'); //PHP >= 5.1.2
    	curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields); 
     
    	$result = curl_exec ($ch);
    	//There will be a redirection link if the login was successful
    	if (preg_match('/index.php\?s=(\w{32})/', $result, $matches)){
    		$s_key = $matches[1]; //not used 
    	} else {
    		return false;
    	}
     
    	/** *************************************************
    	 	Retrieve the PM page to get the security token 
    	****************************************************/
    	curl_setopt($ch, CURLOPT_URL, $site.'private.php?do=newpm');
    	curl_setopt($ch, CURLOPT_POST, false);
    	$html = curl_exec($ch);
    	if (preg_match('/<input\s+type="hidden"\s+name="securitytoken"\s+value="([\w\-]+)"\s*\/?>/i', $html, $matches)){
    		$security_token = $matches[1];
    	} else {
    		return false;
    	}
     
    	/** *************************************************
    	 		Send the PM
    	****************************************************/
    	curl_setopt($ch, CURLOPT_URL, $site.'private.php?do=insertpm');
    	curl_setopt($ch, CURLOPT_POST, true);
    	//curl_setopt($ch, CURLOPT_REFERER, $site.'private.php?do=newpm');
     
    	/* PM form fields */
    	$postfields = array(
    		'recipients' => $recipient,
    		'bccrecipients' => '',
    		'title' => $title,
    		'message' => $message,
    		'wysiwyg' => '0',
    		'iconid' => $iconid,
    		's' => '', //might need to use $s_key here
    		'securitytoken' => $security_token,
    		'do' => 'insertpm',
    		'pmid' => '',
    		'forward' => '',
    		'button' => 'Submit Message',
    		'savecopy' => '1', //save the message in "Sent" folder
    		'parseurl' => '1', //automatically parse URLs in the message
    	 );
     
    	$postfields = http_build_query($postfields, '', '&');
    	curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
     
    	$result = curl_exec ($ch);
    	//Note : I don't verify if the message was actually sent.  
    	//If everything went well so far it probably was.
     
    	/** ****************************************************
    	   Done. Close connections and kill the cookie-file.
    	********************************************************/
    	curl_close ($ch); 
    	unlink($cookiefile);
    	return true;
    }
    And here's an example of how to use this function :
    Code:
    if (vbulletin_send_pm("http://domain.com/vbulletin/", "username", "password", 
     	"recipient_username", "PM Title", "PM Body")
    ) echo "OK, PM sent.";

    Source -
    Code:
    http://w-shadow.com/blog/2008/10/09/private-message-sender-script-for-vbulletin-forums-php/
    Does anyone knows how to use it?

    Its not my website, i found it on google while doping this search -
    Code:
    http://www.google.co.in/search?client=opera&rls=en&q=vbulletin+pm+sender&sourceid=opera&ie=utf-8&oe=utf-8