Added files to version control
3 files changed, 158 insertions(+), 0 deletions(-)

A => product-mandrill.xml
A => readme.txt
A => upload/mandrill_webhook.php
A => product-mandrill.xml +15 -0
@@ 0,0 1,15 @@ 
+<?xml version="1.0" encoding="iso-8859-1"?>
+<plugins>
+	<plugin active="1" executionorder="5" product="vbulletin">
+		<title>Mandrill fix</title>
+		<hookname>mail_send</hookname>
+		<phpcode>
+			<![CDATA[// If you use sub-accounts, uncomment the next line and set your sub-account name
+// $headers .= 'X-MC-Subaccount: SUBACCOUNTNAME'.$delimiter;
+
+// Fix "Contact Us" form by always sending from the webmaster email address
+$headers = str_replace('From: "','Reply-to: "',$headers);
+$headers .= 'From: '.$mailfromname.' <'. $vbulletin->options['webmasteremail'].'>'.$delimiter;]]>
+</phpcode>
+	</plugin>
+</plugins>

          
A => readme.txt +53 -0
@@ 0,0 1,53 @@ 
+Mandrill support for vBulletin v1.0
+========================================
+by GHDpro
+
+Mandrill.com is email distribution platform which makes it easy to see if mail is delivered or not. Integration with vBulletin is fairly easy, I've written a plugin and a small PHP file to make it work better.
+
+At this time this mod is fairly simple, it adds one plugin (to the default "vBulletin" product) and a PHP file you will have to edit to make it work.
+
+Both the plugin and the PHP file seem to work fine under both vBulletin 3 and 4 (latest version).
+
+Basic Setup
+----------------------------------------
+
+Using Mandrill is fairly easy, sign up for an account, create an Mandrill API key (in Settings) and enter the required information in vBulletin Options in the "Email Options" section. *"SMTP Secure Connection"* should be set to TLS.
+
+For security you might want to configure the Mandrill API key to only work from your forum server's IP address and only allow SMTP and nothing else.
+
+To find out the IP for your forum server, send a test mail (from the vBulletin Admin CP: *Maintenance -> Diagnostics*, second option) and then check the "API logs" in Mandrill (in Settings).
+
+To only allow SMTP, edit the API key and tick *"Only allow this key to use certain API calls"* and then tick only the *Send-raw* option out of the list.
+
+Contact Us problem
+----------------------------------------
+
+There is a problem with vBulletin where it will send messages using the "Contact Us" forum on behalf of the user. This will pollute your Mandrill account:
+
+[![Sending Domains](http://i.imgur.com/On7yr2at.png)](http://i.imgur.com/On7yr2a.png) [![Senders List](http://i.imgur.com/QfukbUAt.png)](http://i.imgur.com/QfukbUA.png)
+
+To avoid this problem, the included **product-mandrill.xml** file contains a plugin that will rewrite the *"From:"* field in emails send by vBulletin to always be your webmaster's email address (as you set in vBulletin Options).
+
+*If you use Mandrill sub-accounts, you can also set the sub-account name by editing the plugin.*
+
+Webhook
+----------------------------------------
+
+The webhook is probably the best demonstration how Mandrill can be useful. It completely automates handling of bounced mail.
+
+What the webhook does is, if Mandrill detects a bounce/rejected mail, it will post information to the webhook PHP script. The script will then look up the email address supplied by Mandrill in the vBulletin user list and move the account to the *"Users Awaiting Email Confirmation"* group (usergroupid: 3). To avoid admins/mods getting moved (and demoted) it will only do this for users in the "Registered Users" group (usergroupid: 2).
+
+You add the webhook in Mandrill (in Settings -> Webhooks) by specifying the complete URL to the file and enable the *"Message is Bounced / Marked as Spam / Rejected"* (3x) event triggers.
+
+Then edit the PHP file (be sure to upload it again after you are done) and set the exact webhook URL and key into the variables at the top. Make sure there are no extra spaces or it will not work.
+
+If you want to see if it is working also set the `$webhook_logfile` variable to a file that must be writable by the webserver (by setting the right file and/or directory permissions).
+
+What you can then do is add a notice in the Notice manager to display a warning to those in the *"Users Awaiting Email Confirmation"* group to update their email address:
+
+    <span style="color:red;font-weight:bolder;">Hello {username}, your forum account needs to be activated.</span>
+    <p style="margin-top: 0.5em">
+    You will not be able to post or upload a custom avatar until you activate your account. To activate your account, follow the instructions in the activation email.<br /><br />
+    If you've just joined the forum, the email has already been sent and you should receive it shortly. If you have not received it, you can <a href="register.php?do=requestemail">request it again</a>.<br /><br />
+    If you have been registered for a while your email address might be incorrect. If we detect too many emails to your email address bouncing (meaning it comes back to us with an error) we will mark your account for reactivation. You should check the <a href="profile.php?do=editpassword">email address set in your profile</a>.<br /><br />
+    <b>Note:</b> Some email providers incorrectly mark activation emails as spam. Make sure you check your spam/junk folder before contacting us for assistance.</p>

          
A => upload/mandrill_webhook.php +90 -0
@@ 0,0 1,90 @@ 
+<?php
+
+// Mandrill Webhook v1.0
+
+$mandrill_webhook_key = ''; // Set your _exact_ Mandrill webhook key here
+$mandrill_webhook_url = ''; // Set your _exact_ url for this file on your server here
+$process_events = array('hard_bounce', 'reject', 'spam');
+$member_usergroups = array(2);
+$email_confirmation_group = 3;
+$webhook_logfile = ''; // Needs to be writable by the webserver. leave empty (unchanged) to disable.
+
+/**
+ * Authenticate Mandrill request
+ */
+if (isset($_SERVER['HTTP_X_MANDRILL_SIGNATURE']))
+{
+    $signature = MandrillSignature($mandrill_webhook_key, $mandrill_webhook_url, $_POST);
+    if ($_SERVER['HTTP_X_MANDRILL_SIGNATURE'] != $signature)
+    {
+        WebhookLog('Mandrill signature authentication failed');
+        http_response_code(400);
+        exit('Bad Request');
+    }
+}
+else
+{
+    WebhookLog('Mandrill signature missing');
+    // Return white screen (can't return 403/404 as that will cause problems when adding the webhook in Mandrill's control panel)
+    exit();
+}
+
+require_once('./global.php');
+
+/**
+ * Process Mandrill events
+ */ 
+if (isset($_POST['mandrill_events']))
+{
+    $events = json_decode($_POST['mandrill_events']);
+    foreach ($events as $event)
+    {
+        if (in_array($event->event, $process_events))
+        {
+            $sql = 'SELECT userid, usergroupid FROM '.TABLE_PREFIX."user WHERE email = '".$vbulletin->db->escape_string($event->msg->email)."' LIMIT 0,1";
+            $result = $vbulletin->db->query($sql);
+            if ($result && ($result->num_rows > 0))
+            {
+                $row = $vbulletin->db->fetch_array($result);
+                if (in_array(intval($row['usergroupid']), $member_usergroups))
+                {
+                    $sql = 'UPDATE '.TABLE_PREFIX.'user SET usergroupid = '.intval($email_confirmation_group).' WHERE userid = '.intval($row['userid']);
+                    $result = $vbulletin->db->query($sql);
+                    WebhookLog('Moved account '.intval($row['userid']).' ('.$event->msg->email.') to the "Users Awaiting Email Confirmation" usergroup');
+                }
+                elseif (intval($row['usergroupid']) == intval($email_confirmation_group))
+                    WebhookLog('Account '.intval($row['userid']).' ('.$event->msg->email.') is already in the "Users Awaiting Email Confirmation" usergroup');
+                else
+                    WebhookLog('Account '.intval($row['userid']).' ('.$event->msg->email.') has invalid usergroup: '.intval($row['usergroupid']));
+            }
+            else
+                WebhookLog('Email address not found: '.$event->msg->email);
+        }
+        else
+            WebhookLog('Invalid event: '.$event->event);
+    }
+}
+
+function MandrillSignature($webhook_key, $url, $params)
+{
+    $signed_data = $url;
+    ksort($params);
+    foreach ($params as $key => $value)
+    {
+        $signed_data .= $key;
+        $signed_data .= $value;
+    }
+    return base64_encode(hash_hmac('sha1', $signed_data, $webhook_key, true));
+}
+
+function WebhookLog($message)
+{
+    global $webhook_logfile;
+    if (!empty($webhook_logfile))
+    {
+        $fp = fopen($webhook_logfile, 'a');
+        $ip = (isset($_SERVER['REMOTE_ADDR']) ? ' ('.$_SERVER['REMOTE_ADDR'].')' : '');
+        fwrite($fp, '['.date('Y-m-d H:i:s').'] '.$message.$ip."\n");
+        fclose($fp);
+    }
+}