sha1 in smf_api.php

[maarten]

Hi,
I tried to make a login on another page with the following code:

Code Select Expand

$password=$_POST["password"];
$user=$_POST["user"];
require_once('forum/smf_api.php');
smf_setLoginCookie( 3153600, '$user', '$password', false );
smf_authenticateUser();
smf_loadSession();


but i couldn't login...
So i started looking for the error, and i found it to be in the following line:

Code Select Expand

$ID_MEMBER = smf_md5_hmac($smf_user_info['passwd'], 'ys') != $password || empty($smf_user_info['is_activated']) ? 0 : $smf_user_info['ID_MEMBER'];


The $smf_user_info['passwd'] is made using a very complicated script in logInOut.php, using sha1() to encrypt. But smf_api uses md5() :

Code Select Expand

$key = str_pad(strlen($key) <= 64 ? $key : pack('H*', md5($key)), 64, chr(0x00));
return md5(($key ^ str_repeat(chr(0x5c), 64)) . pack('H*', md5(($key ^ str_repeat(chr(0x36), 64)). $data)));


Is this the error? Or am i totally wrong?
Anyway, when I printed out the hash of every type, they keep on being different...

Please, help me

edit: Oh yes, I forgot: I'm using 1.1 beta 3

[[Unknown]]

You'll want this version.

-[Unknown]

[maarten]

thanks, I'll check it out...
edit: it worked like a charm, of course Thanks a lot !


another question: should i install the 1.1 beta version or the 1.0 version?

[[Unknown]]

Up to you.  I'm not sure what you mean exactly, but the smf_api.php I attached is for 1.1.

-[Unknown]

[maarten]

no i was just wondering... I'm installing a new forum and album - coppermine- (older ones were phpbb and spgm), and I'm trying to integrate them in one total site.... with difficulty.
So if I install the beta version now, will I be required to constantly update and modify the code because both systems update all the time? Or is the beta version stable enough to install, and create the entire combined site ?

edit 1: Another problem is, that now when I login using the smf_api on my homepage, I am also logged in on the forum, but not on coppermine.
On the other hand, If i log in on the forum, I am logged in on both.
Could this be a cookie problem, since smf_api registers the cookie on hxxp:www.mysite.be [nonactive], while the forum itself registers on .mysite.be ??

edit 2: I fixed it, though rather shabby. I just edited the following lines:

Code Select Expand

if (isset($_COOKIE[$smf_settings['cookiename']]))
{
$array = @unserialize($_COOKIE[$smf_settings['cookiename']]);

if (isset($array[3]) && $array[3] != $cookie_state)
{
$cookie_url = smf_cookie_url($array[3] & 1 > 0, $array[3] & 2 > 0);
setcookie($smf_settings['cookiename'], serialize(array(0, '', 0)), time() - 3600, $parsed_url['path'] . '/', $parsed_url['host'], 0);
}
}

// Get the data and path to set it on.
$data = serialize(empty($id) ? array(0, '', 0) : array($id, $password, time() + $cookie_length));
$parsed_url = smf_cookie_url(!empty($smf_settings['localCookies']), !empty($smf_settings['globalCookies']));

// Set the cookie, $_COOKIE, and session variable.
setcookie($smf_settings['cookiename'], $data, time() + $cookie_length, $parsed_url['path'] . '/', $parsed_url['host'], 0);


... and put my domain-name as .mysite.be in stead of $parsed_url['host']. But isn't there another, and better, way to deal with this.
Anyway, thanks for the help, and perhaps you can change this domain problem in the final version. Just get rid of the 'www' alltogether...

[[Unknown]]

You want to use subdomain independent cookies in Admin -> Features and Options.

-[Unknown]

[luc7v]

Hello,

Where is smf_api.php for SMF 1.1x? I can't find it and I really need it.

Thank you,
Lucian

[Nugman]

To prevent others from searching for an recent smf_api.php for two days (as I did): Register with this board and you'll be able to download the attachment posted above.

[swiss2007]

You'll want this version.
Hi i download the script but its not working for me can u please help me with this issue
-[Unknown]

[H]

Welcome to SMF, swiss2007.

You can probably find an updated version of this script on the tools page. I believe someone also posted a modified version a few months ago which improved some things.

If it doesn't work you should be able to do everything with SSI.php with some other SMF functions included. For documentation on the functions see the Function DB