I have been using a custom made program to interface into SMF and provide downloads to users in specific groups on teh forum. After upgrading the forum software to 1.1.2 this doesn't work and I can't figure out without picking apart SMF. I've used smf_api.php to log users in and out and also check their member group.
How has SMF changed in the recent upgrade to "break" the user autehtication using the API?
James
no ideas?
I am new to SMF and was trying to get the api to authenticate users with no luck. With a lot of digging around I found that SMF has changed from using md5 to SHA1 passwords, however the api has not been updated.
to make the smf_authenticateUser function to work you need to replace line 310 with this:
$ID_MEMBER = sha1($smf_user_info['passwd'] . $smf_user_info['passwordSalt']) != $password || empty($smf_user_info['is_activated']) ? 0 : $smf_user_info['ID_MEMBER'];
also for the record this is the code for doing checking the user against the session
<?php
if(!require_once('smf_api.php'))
die('Could not load the SMF API!');
smf_loadSession(); //if using database sessions
if (smf_authenticateUser()){
echo "Authenticated";
} else {
echo "Problem Authenticating";
}
echo "smf_user_info<br>";
print_r($smf_user_info);
?>
Note that the smf_setLoginCookie function needs fixing too. however I did find that this hack worked:
<?php smf_setLoginCookie(500, 'username', sha1('username'.'password'), true); ?>
As far as I can tell, you're using the SMF 1.0 version of the API. Due to the change in hashing algorithm (from MD5-HMAC to salted SHA1), you'll need to use the SMF 1.1 version. I've attached the latest version I could find to the topic at http://www.simplemachines.org/community/index.php?topic=158082.