smf 2.0 api

Started by Andre N, June 30, 2011, 01:43:51 PM

Previous topic - Next topic

Andre N

This doesn't have a function to create posts, but I made another version of the API that will create posts, and it works cross-domain :)
http://www.simplemachines.org/community/index.php?topic=458832.0
"Every generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?"

A Future Pilot

Sorry to bump an old thread, but I'm trying to use this API and it's working except it won't send an activation email. Has anyone encountered this issue before?

Arantor

Are you certain that SMF is working properly? Does it send emails under other circumstances for example?

uxello

Quote from: emanuele on November 20, 2011, 12:30:58 PM
Quote from: andre nickatina on November 17, 2011, 11:51:20 AM
I agree completely that it would be bad news to pass $_POST data into that function. These weren't intended for user input or POST data really

If I had to use POST'd data I would typecast it before passing it into the function. If I am expecting a member id to be posted:

(int)$member_id = $_POST['test'];
smfapi_getUserData($member_id);


Yep, but the point is the same, see the second part of my example: anything that resemble a number is treated as number AND string by php.
And most likely when you POST something is the member name, not the ID. ;)
So you will have the (numeric) name treated as an ID instead of a name as it should be.

I would do something like:
function smfapi_getUserData($username='', $treat_as_id = false)
{
if (empty($username))
return false;

$user_data = array();

// we'll try id || email, then username
if (is_numeric($username) && $treat_as_id)
// number is most likely a member id
$user_data = smfapi_getUserById($username);
else
// the email can't be an int
$user_data = smfapi_getUserByEmail($username);

if (!$user_data && !$treat_as_id)
$user_data = smfapi_getUserByUsername($username);

return $user_data;
}


So if you want to pass an id you have to explicitly state so when you call the function.

And the same discussion can be valid for username and email: I can register using an email address as username (okay, most likely I would use my own email) and then you could potentially get the wrong data from that function. ;)


I agree with emanuele on this. I have a bridge system in place where usernames can be numeric with leading zeros. These were incorrectly interpreted as id and not username.

Advertisement: