Simple Machines Community Forum

As posted previously, I'm trying to integrate SMF into our company's CMS. I haven't gotten much help here, but I have been asking rather broad questions. Now that I've had a couple of weeks to play around with various scripts, I'm getting closer. Here's my question:

If I have a user joe existing in the SMF user database and my own CMS, how do I log joe into SMF with my own PHP script?

Our CMS has a token and some other stuff so I can write my own PHP to make sure the user is still logged in. I just somehow want to do something to the effect of sending the username and password to SMF to log them in and them forward them to the forum index.

Can someone please help me out?

Can someone please help me out here!?

I looked at the php for some of the login functions for SMF but I'm not exactly sure what to do with it. I included one page and displayed a function but it just made a handful of empty text boxes and a label-less button.

Maybe some code from one of the bridges could help, but can someone at least point me in the right direction?

QuoteIf I have a user joe existing in the SMF user database and my own CMS, how do I log joe into SMF with my own PHP script?

QuoteMaybe some code from one of the bridges could help, but can someone at least point me in the right direction?

The bridges use SMF's login to log you into the CMS.  Without using that, you can probably use the setLoginCookie function:

setLoginCookie($cookie_length, $ID_MEMBER, sha1($password.$salt));

Thank you! I'm feeling like I can start to move on this.

My plainest attempt to log in didn't work. I used phpMyAdmin to look at the database...
ID_MEMBER = 2
passwd = b18e3bce5bdd7ecf69d9d81dce129ddab444e540, which is 'Test!234' ran through sha1 I guess, and
passwordSalt = 63fa

I found the function setLoginCookie in Sources/Subs-Auth.php. Here's my plain, but broken, PHP...
<?php
require("/var/www/html/smf/Sources/Subs-Auth.php");

setLoginCookie(60, 2, 'b18e3bce5bdd7ecf69d9d81dce129ddab444e54063fa');

?>
<a href="../smf/index.php">SMF</a>
Here are the variants I tried of setLoginCookie, that didn't work...
setLoginCookie(60, 2, 'b18e3bce5bdd7ecf69d9d81dce129ddab444e54063fa');
setLoginCookie(60, 2, 'b18e3bce5bdd7ecf69d9d81dce129ddab444e540'.'63fa');
setLoginCookie(60, 2, sha1('b18e3bce5bdd7ecf69d9d81dce129ddab444e540'.'63fa'));
setLoginCookie(60, 2, sha1('b18e3bce5bdd7ecf69d9d81dce129ddab444e54063fa'));
setLoginCookie(60, 2, sha1('Test!234'.'63fa'));
setLoginCookie(60, 2, sha1('Test!23463fa'));


What should my final argument be? Am I not including enough Source php files? Perhaps my first argument, 60, is not in the right format?

Thanks in advance for the help! I'm excited to move forward with this.

You're probably best just to include SSI.php, and let it handle the rest of the includes.

Subs-Auth.php has a bit of code at the beginning that will keep it from working that way:

if (!defined('SMF'))
die('Hacking attempt...');

I commented out those two lines that would detect a hacking attempt.

If I include SSI.php, which format do I use to set the password? I used 7 different versions and since none worked I don't know which one is right.

I really hope I can get this to work. If I can't manually set the cookie I'm going to have to try another forum, which I don't want to because SMF is awesome.

Thanks!

ok i read this post, reverse engineer'ed the way smf does it, and figured this out :

 
$query = "select ID_MEMBER,passwd,passwordSalt FROM forum_members where memberName = '".$_SESSION['user']['name']."'";
  $results = $db->query($query);
  $results = $results[0];
  setLoginCookie(60 * 3153600, $results['ID_MEMBER'], sha1($results['passwd'].$results['passwordSalt']));


this works for me 100%. 

Looks perfect.  Good job.  :)

Which SMF files did you include????

I'll give it a shot when I get back to work on Tuesday.

Thank you!!

Which files did you include? Thanks!

All you need to include is SSI.php.  SSI.php will include all the other relevant SMF files for you, so you don't need to worry about including any others.

If I only include SSI.php, the page breaks when I call setLoginCookie(). If I add Sources/Subs-Auth.php (with the die thing commented out), the page will load but the cookie doesn't set. How did you get it to work, acidjazz?

What do you mean by "the page breaks"?  Can you describe how it breaks?

It doesn't load. I don't know how to debug PHP but I just get the white screen. I had some text typed up so I could tell if the page loads successfully or not but it won't load one bit.

And there is nothing in your error log?

Sorry for being noob-ish, but where's the error log?

I'm sorry for not being timely with this thread. Work has been pretty busy lately and this is a side-project among my other tasks.

Nevermind the error-log, I just enabled display errors in php.ini.

Using phpMyAdmin, I pulled the following information
ID_MEMBER=2
passwd=a47fad6950efd628113376fd9448f216bbdbc964
passwordSalt=42e0

Rather than run a Sql statement, I want to manually get it working and then build up.

Apparently including SSI.php is not enough. If the following is my code...
<?php
require('SSI.php');
setLoginCookie(60 * 3153600, 2, sha1(a47fad6950efd628113376fd9448f216bbdbc96442e0));
?>
<a href="index.php">SMF</a>
<br><br><br>
<?php ssi_latestMember(); ?>

... I get the following error...

QuoteFatal error: Call to undefined function setLoginCookie() in /var/www/html/smf/test.php on line 3

I commented out the hacking attempt lines in Sources/Subs-Auth.php, since that's where the setLoginCookie() function appears and updated my code. The code is now...
<?php
require('SSI.php');
require('Sources/Subs-Auth.php');
setLoginCookie(60 * 3153600, 2, sha1(a47fad6950efd628113376fd9448f216bbdbc96442e0));
?>
<a href="index.php">SMF</a>
<br><br><br>
<?php ssi_latestMember(); ?>
...and my output is now...

QuoteNotice: Use of undefined constant a47fad6950efd628113376fd9448f216bbdbc96442e0 - assumed 'a47fad6950efd628113376fd9448f216bbdbc96442e0' in /var/www/html/smf/test.php on line 4
SMF (http://index.php)


Please welcome joeuser (http://index.php?action=profile;u=2), our newest member.

So SSI.php is working, but something still isn't right with the way I'm calling the function. I guess I'll try the SQL statements but I honestly don't see how it can change this error. Undefined constant? I'm not calling a $variable or $constant- it's letters and numbers- a string!

I so desperately want this to work. We're taking this project to SR sometime next week. Please help! Thanks

Nevermind, I got it to work!!! The value in the sha1 function needed single quotes... boy do i feel silly...

Thanks for everyone who helped out on this! I'm sure I'll be asking other questions as time goes on but I tackled this particular problem and can retire this post  :D

Hello i have the same problem!?!?!
Can you pleas help me?

My Code:
<?php
define("SMF", null);

require('SSI.php');
require('Sources/Subs-Auth.php');
include("Sources/Load.php");
include("Sources/Subs.php");
include("Sources/LogInOut.php");
setLoginCookie(60 * 3153600, 2, sha1('8946c007f7194ae1a8970fa1bba6df4b'));
?>
<a href="index.php">SMF</a>
<br><br><br>
<?php ssi_latestMember(); ?>

I have tried all things in that thread, but it wont work... *grrr*

Database Information:
ID_MEMBER    memberName    passwd                                                  passwordSalt
2                  chrisonline       8946c007f7194ae1a8970fa1bba6df4b    

Please help me....
The user isnt logged in after that script....

Thanks


I use SMF 1.0.9

1.0.9 uses md5_hmac() instead of sha1(), you should only need:

setLoginCookie(3153600, 2, '8946c007f7194ae1a8970fa1bba6df4b');

I've tried it.. no success...

this is the 1.0.9 code:

// Actually set the login cookie...
function setLoginCookie($cookie_length, $id, $password = '')
{
global $cookiename;

// Get the data and path to set it on.
$data = serialize(empty($id) ? array(0, '', 0) : array($id, md5_hmac($password, 'ys'), time() + $cookie_length));
$cookie_url = url_parts();

// Set the cookie, $_COOKIE, and session variable.
setcookie($cookiename, $data, time() + $cookie_length, $cookie_url[1], $cookie_url[0], 0);


And thats my script:
<?php
define("SMF", null);

require('SSI.php');
require('Sources/Subs-Auth.php');
include("Sources/Load.php");
include("Sources/Subs.php");
include("Sources/LogInOut.php");
$pass = "chrisonline";
$pwd = "xxx";
$pwd_sal = "";
setLoginCookie(3153600, 2, '8946c007f7194ae1a8970fa1bba6df4b');
//setLoginCookie(60 * 3153600, 2, sha1($pwd . $pwd_salt));
?>
<a href="index.php">SMF</a>

:'(

Yes because you need to hash your plain text password first like this:

$id=2;
$username="chrisonline"
$password ="chrisonline";
$converged_pass=md5_hmac($password, strtolower($username));

setLoginCookie(3153600, $id, $converged_pass);

This is something I've been playing with, it should work without any requires:
<?php

$id=2; // users member ID
$pass="testing"; // Plain text Password
$user="SomeUser"; // Username in both upper & lower case
$cookie_length=189216000; // 6 years

// Create the hashed password with the plain text password
// and the lower case Username.
$password=md5_hmac($pass, strtolower($user));

// Call the set cookie function
set_test_cookie($id, $password, $user, $cookie_length);


// Function to take our test data above and add into a cookie called 'TestCookie'
function set_test_cookie($id="", $password, $user, $cookie_length) {

$data = serialize(empty($id) ? array(0, '', 0) : array($id, md5_hmac($password, 'ys'), time() + $cookie_length));

// Set the cookie
setcookie('TestCookie', $data, time()+$cookie_length, '/');

}

// md5_hmac Password hashing function from SMF
function md5_hmac($data, $key)
   {
       if (strlen($key) > 64)
           $key = pack('H*', md5($key));
       $key  = str_pad($key, 64, chr(0x00));

       $k_ipad = $key ^ str_repeat(chr(0x36), 64);
       $k_opad = $key ^ str_repeat(chr(0x5c), 64);

       return md5($k_opad . pack('H*', md5($k_ipad . $data)));
   }

?>

I've been trying to do the same thing with SMF 1.1 RC3 as I'd like to use the most current version, after playing about for a bit I've finally cracked it and I can now create SMF accounts at signup time via the other software using the plain text password in the $_POST and then when they log in I can also set a cookie to log them into SMF too. :D

Here is my test code if anyone wants to use it:
<?php

require_once('settings.php');
require_once('SSI.php');
require_once('Sources/Subs-Auth.php');

$id=1;
$username="SomeUsername";
$plainpass="s0mepa55w0rd";
$sha_passwd = sha1(strtolower($username) . $plainpass);
$salt="5al7";
$converged_pass=sha1($sha_passwd . $salt);

setLoginCookie(60 * 3153600, $id, $converged_pass);

echo "Cookie set for $username";

?>

I'll be getting the data from $_POST and db queries from here on out but maybe someone will find this useful. ;)

Thanks the script is running :-)

I have 1.0.9 and the code:

<?php
define("SMF", null);

require('SSI.php');
require('Settings.php');
require('Sources/Subs-Auth.php');
include("Sources/Load.php");
setLoginCookie(3153600, 2, '8946c007f7194ae1a8970fa1bba6df4b');
?>
<a href="index.php">SMF</a>