New tools to help integrating SMF with something else

Started by Andre N, September 19, 2011, 01:35:36 PM

Previous topic - Next topic

Kindred

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."


MrMorph

Firstly thanks very much for this, after some tinkering around I managed to get this working with a file browser I wanted to use in my SMF.

I was just wondering what (if anything) else needs to be done security wise ?

I'm not clued up on this kind of thing yet, but the REST version uses a secret key.  Is it necessary to protect any of the files in this API in a similar way. And should the folder with the settings txt be protected for any reason ?

Or am I good to go ?

Many thanks :)

MrMorph

Also one other thing that I might need later on...if I use :

global $user_info;

And print that array out, it does not list permissions - what am I doing wrong there please ?

Kindred

what sort of permissions?

permissions are handled by GROUP, not by USER....

so, the user_info array DOES tell you what groups the user belongs to - and then the groups determine the permissions
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

MrMorph

OK so have you got an example of how to get what permissions a user has then please ?

Also, any thoughts on my other question ?

Thanks for your reply. :)

Kindred

there is no view of what an individual USER has for permissions.

All permissions are handled by GROUP.

If a user belongs to the GROUP that has pemrission X, then the user can do whatever the permission covers.




If you are using some sort of file system, then you potentially have a HUGE security gap...    and that is not something that can be handled from within SMF.   That is something that whatever file system you use will have to handle...   (and I have yet to find any decent Open Source file handlers that I would dare to put on an open network.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

MrMorph

#147
It's not going to be an open system, it's only for my use. Obviously I am aware of the security issues, hence my other question...

Kindred

then you either give permission to anyone in the admin group, or base it off of user ID.

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

MrMorph


Kindred

then you can just use a standard
if(allowedTo('admin_forum'))
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

MrMorph

You can't use that function, so I just used :

global $user_info;

if ($user_info['is_admin'])
...do stuff

MrMorph

#152
I ran into a slight problem in IE 10.

When I test my admin checking code is connecting okay like this :

require_once ('/../../api/smf_2_api.php');
global $user_info;
print_r($user_info);


$user_info is empty; the structure is there but the fields are all empty. And I get :

Notice: Undefined variable: cookieData in F:\Programs\xampp\htdocs\articlesmod\api\smf_2_api.php on line 1909

What is strange is that it works fine in Chrome.

Any thoughts ? Thanks :)

EDIT: currently I am working on localhost, if that would make a difference to cookie handling in IE I am not sure :/

le.mag.cinema

Looking for s sample to start my script ...

My need is to auto-generate posts from an external rss file.
I will have to choose the url for my rss file, parse it and only retain some information.
Transform it to one or several posts
Post them to a dedicated topic.

This script would have to be called by cron or by a button or link inside SMF.

Could someone help me by providing a sample script that does what is required on the smf side (I suppose calling a login method, calling a post method, calling a logout method, is that all ?)
I had a quick view on the API itself, and read this thread, but I need help, I wasn't able to guess :
1/ whether this API (or its REST version) is the right tool of choice to do what I want - I found some smf mods that dont't work at all and seems to be not safe at all
2/ whteher this APi is fully compatible with SMF 2.0.6 and is usable with anti-spam features like password protection, captcha
3/ what functions I have to call, in what order
4/ if I really need to login from my script or if I could call a script thanks to a button from inside SMF once logged in and therefore not have to care about login.
5/ whether the API is secured enough (will I have to write my password clear on my script ?)


I am more comfortable with java code writing than PHP, and therefore was thinking of calling the php REST API from outside, but as further steps, my first step would be to start with the need I described here.

PLEASE any sample script to start in the right way using this API !!!!




kouser

It took me an hour to figure out that you have to be registered and logged into this SMF website in order to see the download-able packages mentioned in the very first post of this thread.

What is the sense of letting you see the initial post of this thread, and all 8 pages of posted replies, referring to the "attached" files, without actually showing the attached files until you login?

If withholding the attached files is supposed to encourage people to register on this site, at least tell them so somewhere. I must have read that first post 10 times word by word looking for the links to the files.


TheLoneWolf

Could someone help me with this API Stuff, I have an IRC Channel that my IRC Bot connects to, I want my IRC Bot to put a link in the chat when ever someone makes a new post/topic. The link will take the person that clicked it to the new post/topic

CristianOspina

This is just too good!.
I had a project that required the integration of a forum. I tried vB, and there's nothing to talk about, poor documentation, support, etc..
And then, there is the SMF SSI, and this wonderful API that Andre made, really a very good job and help, works better than I expected.

I Modify it to have it as a class, ideal for OOP and for use on some PHP Framework. I had some problems at the start but everything perfect I guess, have not tried all the features, but what I needed (sessions), works great!

I hope that there is still support for this code in the following versions.

Thanks a lot!  :D

Dromo

Real novice here.  I have a PHP/MySQL app which manages a membership database. I'm trying to add functionality so that when users are added to the system, they are also added as members to an SMF forum.

My problem is that including the API in my PHP script :

require_once "scripts/constants.php";
require_once 'scripts/functions.php';
require_once 'scripts/database_connection.php';
require_once 'smf_2_api.php';
include('Mail.php');
session_start();
etc. etc.

generates a message which says

No database selected

What am I doing wrong?



Kindred

that sounds like an error from your other piece of software....
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Dromo

You're right, a bit of research has shown that the message itself is coming from my own application. However what seems to be happening is that the API is interfering in some way with my code. If I place my database connection script after the API call, the problem goes away. However, I then get errors in a second PHP script which seems to have lost track of a session variable. 

Perhaps it would be better if I try to explain what I'm trying to do.

Currently the application looks like this:

A script called 'signup.php' displays a membership form which the prospective member fills in. The data is validated and a record is created in an SQL database (which is on the same server as the SMF forum). The script then passes control to a second script called 'showuser.php' which displays the membership data back to the new user.

All I'm trying to do is to add to the existing code the feature that whenever a user is created, a user is also created in our related SMF Forum. (Ultimately, I want to add similar functionality for whenever a user is deleted but that's for later).

As instructed, I have inserted the include statement for the SMF API at the beginning of 'signup.php'. Originally, it was before the include which makes my own SQL database connection and in that place it generated the error mentioned in my original post.

Switching these two include statements around allows the new user record to be added to the database but I then get errors in 'showuser.php' which state that it has lost the session variable which tells the script which user data to display (i.e. the unique user id. assigned by MySQL when adding the new record and which is passed as a session variable from the signup.php to showuser.php).

The application was working correctly until I tried to add the SMF functionality, and if I remove the include statement for the API, there is no problem.

Any clues that you can provide to help me solve this problem will be greatly appreciated.





Advertisement: