Private Message Sender Script For vBulletin Forums (PHP)

Random script time!

Here’s a PHP function that can send messages to any user on a vBulletin forum. I wrote it because somebody asked me if I could help with their code and I figured it would be easier to write it from scratch. Also, I predict it will be useful to more than one sentient.

Copy & paste the below function into your script. Then take a look at the usage example. Note that you will need a valid username & password for this forum to use the script.

function vbulletin_send_pm(
	$site, $sender_username, $sender_password, 
	$recipient, $title = '', $message = '', $iconid = '0'
){
	$cookiefile = tempnam("/tmp", "cookies"); 
	/* create a temporary file to store cookies.
   this should work on most systems and is more
   flexible than specifying path explicitly */
	
	$ch = curl_init();
	//General options
	//curl_setopt($ch, CURLOPT_HEADER, true); //For debugging
	//Masquerade as Firefox
	curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3');
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); //Follow redirects
	curl_setopt($ch, CURLOPT_COOKIEFILE, $cookiefile);
	curl_setopt($ch, CURLOPT_COOKIEJAR, $cookiefile);
	//PHP >= 5.1.0
	curl_setopt($ch, CURLOPT_AUTOREFERER, true);
	
	/** *************************************************
	 		Log In
	****************************************************/
	
	curl_setopt($ch, CURLOPT_URL, $site.'login.php?do=login');
	curl_setopt($ch, CURLOPT_POST, true); 
	curl_setopt($ch, CURLOPT_REFERER, $site.'index.php'); 
	
	/* The fields of the login form.*/
	$postfields = array(
		'vb_login_username'	=> $sender_username,
		'vb_login_password' => '', //Interestingly enough, this doesn't need to be set.
		//'cookieuser' => '1', //"Remember me"
		's' => '',
		'securitytoken' => 'guest',
		'do' => 'login',
		'vb_login_md5password' => md5($sender_password), //hash the password
		'vb_login_md5password_utf' => md5($sender_password), //UTF? Looks the same to me.
	 );
	 
	$postfields = http_build_query($postfields, '', '&'); //PHP >= 5.1.2
	curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields); 
	
	$result = curl_exec ($ch);
	//There will be a redirection link if the login was successful
	if (preg_match('/index.php\?s=(\w{32})/', $result, $matches)){
		$s_key = $matches[1]; //not used 
	} else {
		return false;
	}
	
	/** *************************************************
	 	Retrieve the PM page to get the security token 
	****************************************************/
	curl_setopt($ch, CURLOPT_URL, $site.'private.php?do=newpm');
	curl_setopt($ch, CURLOPT_POST, false);
	$html = curl_exec($ch);
	if (preg_match('/<input\s+type="hidden"\s+name="securitytoken"\s+value="([\w\-]+)"\s*\/?>/i', $html, $matches)){
		$security_token = $matches[1];
	} else {
		return false;
	}

	/** *************************************************
	 		Send the PM
	****************************************************/
	curl_setopt($ch, CURLOPT_URL, $site.'private.php?do=insertpm');
	curl_setopt($ch, CURLOPT_POST, true);
	//curl_setopt($ch, CURLOPT_REFERER, $site.'private.php?do=newpm');
	
	/* PM form fields */
	$postfields = array(
		'recipients' => $recipient,
		'bccrecipients' => '',
		'title' => $title,
		'message' => $message,
		'wysiwyg' => '0',
		'iconid' => $iconid,
		's' => '', //might need to use $s_key here
		'securitytoken' => $security_token,
		'do' => 'insertpm',
		'pmid' => '',
		'forward' => '',
		'button' => 'Submit Message',
		'savecopy' => '1', //save the message in "Sent" folder
		'parseurl' => '1', //automatically parse URLs in the message
	 );
	 
	$postfields = http_build_query($postfields, '', '&');
	curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
	
	$result = curl_exec ($ch);
	//Note : I don't verify if the message was actually sent.  
	//If everything went well so far it probably was.
	
	/** ****************************************************
	   Done. Close connections and kill the cookie-file.
	********************************************************/
	curl_close ($ch); 
	unlink($cookiefile);
	return true;
}

And here’s an example of how to use this function :

if (vbulletin_send_pm("http://domain.com/vbulletin/", "username", "password", 
 	"recipient_username", "PM Title", "PM Body")
) echo "OK, PM sent.";

Notes

  • Tested with a plain install of vBulletin 3.7.2 and I have no idea if it’ll work with other versions or addons. Also, PHP 5.1.2 or later is required to run the script (because I’m lazy).
  • In many situations a “real” vBulletin mod that uses the forum’s API would work better than this script. The API documentation is a bit sparse, but you wouldn’t have to worry about authentication issues and other problems associated with hacks like this.
  • Please don’t use this script to spam forums. Yes, I know you won’t listen to me :P
Related posts :

17 Responses to “Private Message Sender Script For vBulletin Forums (PHP)”

  1. Dan says:

    hi janis, i’ve recently discovered the world of submitting forms via curl and my idea was to auto-post threads across vb forums… so it’s very similar ot what you’ve done here and i’m sure your article will be very useful in case i get stuck when trying to write my script. i’ve already learnt a thing or two from it.

  2. White Shadow says:

    Glad I could help.

  3. Spiderman says:

    Thanks again for doing this… Unfortunately it’s not working for me. If I display the contents of $result, I see a page that shows me as not being logged in, and an error message that my IP has been banned (it’s not really banned, but that’s the message). Any other ideas?

  4. White Shadow says:

    I’m guessing you have some security scripts/addons running that block this script. You’ll have to find a way around that by yourself – I have literally zero experience with vBulletin, so understandably I’m not enthusiastic about my chances to circumvent some custom forum spam filter.

  5. ted says:

    nice script

    i have been working on a curl script that automaticly posts to vb forums, and i have completed it to run on both vb site with sercurity tokens and without, it works good now

    thanks for the info, i have fixed a few errors i ran into using some pointers from your script

    great work this could be a very good script in itself

  6. Suresh says:

    @ted – Hi ted, Could please give me the script for automatic posts to vb forums.

    I tried but not able to make it work.

  7. James says:

    This is great work, I modified it slightly to post new threads but it works great.

    Thanks again

  8. INVALID says:

    Doesn’t works on 3.7.4

  9. [...] in Europe, decided to stay for parties.Cheap Airfare To Puerto Rico. Related links: Ticket Cheap Last Minute Airline Ticket Cheapest Airfare Last Minute Discount Airfare Bangkok Cheap Plane Ticket Airline Discount [...]

  10. Andrew Peng says:

    Thanks for the script, I have a modified version where I just added the following to check if the script sent the PM correctly.

    // Here we do a quick and dirty check to see
    // if any errors were encounted while sending the PM
    if (strpos($result,”following errors”))
    {
    return false;
    }

  11. BlueHornet says:

    What’s up, is there anybody else here?
    If there’s anyone else here, let me know.
    Oh, and yes I’m a real person LOL.

    See ya,

  12. MarkVick says:

    Hi how do you guys plan to start the new year?

  13. Ken says:

    This is great. You saved me a lot of time! If you are ever in town, dinner and drinks are on me.

    Thanks!

    Ken

  14. smartkios says:

    its work like a charm, like me threat you a beer ..

  15. Simona says:

    Suppose I have a username and password to the forum, what I need to do to this code to work and sent messages?

  16. Jānis Elsts says:

    You will need a basic understanding of PHP and HTTP, as well as a system that has PHP with the cURL extension installed. Once you have all that, using the script should be fairly straightforward.

Leave a Reply