SMF API - smfapi_login() doesn't work for me

[Phoenix_IV]

Hi,

I am using SMF 2.0.5 and the smf_2_api.php

This is my problem:

Simple speaking: smfapi_login() sets some sessions, but I am not logged into the forum when visiting the page.

Using smfapi_login($user_id) will set the following PHP sessions:

Code Select Expand


<?php var_dump($_SESSION); ?>

Result:
array(7) {
  ["someCustomData"]=>
  string(17) "someCustomContent"
  ["USER_AGENT"]=>
  string(72) "-- Removed -- Info about Browser & OS --"
  ["session_value"]=>
  string(32) "-- Removed -- A string containing lower case letters and numbers --"
  ["session_var"]=>
  string(7) "-- Removed -- A string containing lower case letters and numbers --"
  ["mc"]=>
  array(1) {
    ["time"]=>
    int(0)
  }
  ["login_SMFCookie396"]=>
  string(95) "a:4:{i:0;s:1:"4";i:1;s:40:"-- Removed --";i:2;i:-- Removed --;i:3;i:1;}"
}


However, when visiting the forum (e.g. index.php), I am NOT logged in PLUS all session data is removed. Even the "someCustomData".
As "someCustomData" was removed as well I assumed that some security function in the forum code destroyed the session (Uh, oh. Bad habit @SMF!). I found a session_destroy() in Subs-Auth.php -> setLoginCoockie() (line 166).

Does anybody have an idea why this happens and what I have to do? 

[Kindred]

two things may be happening.

1- do you have SMF set to use database sessions and Subdomain Indpendent cookies (turn OFF Local cookies)?
2- perhaps your other script is overwriting the SMF session?

[Phoenix_IV]

Previous settings:
Local storage of cookies: On
Subdomain independent cookies: Off
Database driven sessions: On

This is what I have tried now:

1. Turn off local cookies
Result: The sessions are not destroyed anymore ("someCustomData" still exists). I am not logged into the forum.

2. Disable database driven sessions
Result: More data is stored in the session. However I am still not logged into the forum.

3. Enable subdomain independent cookies
Result: Nothing changed

4. Re-Enable database driven sessions
Result: Nothing changed (except less data stored in the session).


About you second guess (Me overwriting SMF cookies):
The smfapi_login() call is the very last thing before the script is stopped. Sessions are only manipulated before.


Edit:
I forgot: Thank you for trying to help me.

[Kindred]

just checking - did you clear your cookies between (or change the SMF cookie name)

I have previously gotten the API working with Database driven sessions ON, local cookies OFF, and subdomain independent cookies ON.

The reason for the last one should be obvious, but I'll clarify - if the smf cookie is set to the forum subdomain or root directory then it may have issues setting for the root domain if this is not turned ON (which forces the cookie set and check to be at the root domain level)

[Phoenix_IV]

I found the reason and was able to solve the problem.

The user I wanted to log in via smfapi_login() was previously registered using smfapi_registerMember(). The manual registration was deactivated in the administration panel and because of this (I guess) the "is_activated" field in the SMF MySQL DB, table "members", contained the value '3' (int). Setting this value to '1' fixed the problem for me. Visiting the users profile page (admin view) also shows that the "Account is not approved". Approving it will set the value to '1'.

Read more:
Topic: is_activated values (Simple Machines Forum) (No official thread / resource)


Tip for others - this will activate the user directly on registration:

Code (php) Select Expand


// Code not complete!
$regOptions['require'] = 'nothing';
smfapi_registerMember($regOptions);



My Cookie settings are now:
Local storage of cookies: Off
Subdomain independent cookies: Off
Database driven sessions: On


- - - - - - - -

@SMF API authors: Maybe smfapi_login() should return false in such a case. (?)

[Arantor]

Yeah, is_activated = 3 is for account pending approval. The API follows the settings indicated by the normal registration settings, so that suggests registration is generally set to 'admin approval'

[Phoenix_IV]

Uhm, that was fast. I was hoping I will be able to edit my post before anyone reads it. Notice this one:

@SMF API authors: Maybe smfapi_login() should return false in such a case. (?)

Or does that belong in the API's thread?

[Arantor]

That's an interesting question. I'd hand that to the API author in his thread to see what he would suggest; I'm not particularly familiar with the API personally.