The purpose of this tool is to facilitate easy integration of SMF into other scripts and software. Previously, this was done with SSI.php, but that pulls in most of SMF and can become very bloated for general usage inside another large software. It also meant the possibility of naming conflicts, the two softwares fighting over output buffering, and many other problems. Even past that, there have been licensing problems.
This tool is not yet complete, but it has been developed to ease all of these problems. It is a single file, separate from SMF's code. It may also be available under alternative licenses - please reply here or contact me, Jeff Lewis, or another team member for additional details.
It is available here:
http://www.simplemachines.org/download.php?converters
If you have any concerns or problems with it, or believe anything should be added to it (remembering that it is meant to be lightweight!) please don't hesitate to comment.
Thanks,
-[Unknown]
I've just updated it once more with something rather critical: session support ;).
-[Unknown]
Hey cant wait to play with this tonight :)
Thanks!!
Tony,
well features over the SSI other than u sited,fighting over output buffering
what can we do with this???
We can integrating eg. SMF or any other php application :)
http://coppermine.sourceforge.net/board/index.php?topic=9934.0
cheers
Ok...
I have integrate this code at the first part of smf.inc.php of coppermine gallery
require_once('../forum/smf_api.php');
smf_authenticateUser();
smf_loadSession();
smf_logOnline('coppermine');
The logout run correctly, but i have some error on the page
Notice: Constant ¨Òë 6 already defined in /home/httpd/vhosts/gothic-culture.net/httpdocs/gallery/bridge/smf.inc.php on line 85
Notice: A session had already been started - ignoring session_start() in /home/httpd/vhosts/gothic-culture.net/httpdocs/gallery/bridge/smf.inc.php on line 154
Fatal error: Call to undefined function: db_affected_rows() in /home/httpd/vhosts/gothic-culture.net/httpdocs/forum/smf_api.php on line 591
Warning: Unknown(): A session is active. You cannot change the session module's ini settings at this time. in Unknown on line 0
and the gallery not run correctly... Only the logout now run -_-
I replied on the coppermine forum - however, I might note that there was a typo in the download (serves me right for updating it at something like 2 am) and so I updated it once more.
-[Unknown]
I've installed SMF just yesterday and am trying to connect to it using smf_api.php. So far so good :)
I've also fixed that I can login, so that works as well.
Now I'm trying to log out of SMF through smf_api.php. Imho this would work by destroying the session using smf_sessionDestroy( string session_id ). So I get the session_id from $smf_user_info and pass it through to the function, but somehow it doesn't seem to work. The error I get is:
Fatal error: Call to undefined function: db_query() in /home/aize/www/syn-3/forum/smf_api.php on line 609
The name of the function sounded familliar to me, because I have a similar function with the same name in my own system. So I've renamed that function.
So I've looked up this function and it seems that the session is deleted from the database here. 'Not to worry', I think and stopped using the DB for my sessions. But that doesn't help either ...
What am I doing wrong?
I used this to logout.
smf_setLoginCookie(-3600, $userid, $userpassword);
No, session destroy is not what you want. What Leah posted should work.
-[Unknown]
That does the trick, thanks guys :-*
Next problem ... can I use smf_query for inserts?
When I try to it returns nothing, but there is no error in the log, although there should be ... returning the mysql_error() lets me know there is a problem freeing the resultset. Wich is the logical thing with an insert, because there is no resultset.
So no error in the log and no new data in the database :(
How do I insert sth into the DB or is inserting prohibited? It doesn't say so in the comments.
From smf_api.php:
smf_query("
INSERT IGNORE INTO $smf_settings[db_prefix]log_online
(session, ID_MEMBER, ip, url)
VALUES ('ip$_SERVER[REMOTE_ADDR]', 0, IFNULL(INET_ATON('$_SERVER[REMOTE_ADDR]'), 0), '$serialized')", __FILE__, __LINE__);
So, yes, you can insert.
If nothing happens, it probably means no connection could be made to the database. Try outputting the mysql_error() at various stages.
-[Unknown]
I've been testing some things and I think the problems was in the fact that I have two DB-connections open and I didn't specify the databasename in the query.
As soon as I did sepcify the db-name, it worked :)
Is the smf_api compatible with SMF 1.0? I've upgraded and it doesn't seem to work :(
It should be. Try downloading the latest one from the download page.
We use it for some tools on this site (and they still work.)
-[Unknown]
Ah ... somehow registering users does work, butt logging on and off doesn't.
I'll try upgrading first.
[update]
Upgraded, now I don't get any response form AuthenticateUser(). Not true and no false ...
In the session only [login_SMFCookie10] is set, that used to be different, wasn't it?
Somehow smf_authenticateUser doesn't give feedback anymore. So instead of using it in an if-statement I placed it outside of the statement. Still not logged on.
Turned off database-driven sessions and that did the trick!
So tried putting smf_authenticateUser back in the if-statement, but that gave me an error again, so I just decided to skip the if-statement.
[update]
After some more testing I found out that the authenticateUser-function still doesn't work :( Going to the forum, you're not logged on. As soon as you refresh the page though ... you are ???
/me is getting a little frustrated ::)
AH! Yes, this could also be the cause of an issue with the "who's online" module for the Mambo-SMF bridge...
Quote from: Shedman on January 11, 2005, 08:14:08 AM
After some more testing I found out that the authenticateUser-function still doesn't work :( Going to the forum, you're not logged on. As soon as you refresh the page though ... you are ???
/me is getting a little frustrated ::)
Make sure:
- you're using smf_loadSession().
- you've got "subdomain independent cookies" enabled and "local cookies" disabled.
- the cookie is being sent properly.
-[Unknown]
Quote from: [Unknown] on January 11, 2005, 07:33:58 PM
[...]
Make sure:
- you're using smf_loadSession().
- you've got "subdomain independent cookies" enabled and "local cookies" disabled.
- the cookie is being sent properly.
-[Unknown]
To login to SMF I use:
Step 1: smf_setLoginCookie( 10000000000, $_SESSION[ 'userid' ], $password, false ) )
Step 2: smf_authenticateUser();
Step 3: smf_loadSession();
Subdomain independent cookies are on, local cookies are off.
The cookie seems to be set properly, but still it doesn't work most of the time ...
Somehow it looks like the session isn't loaded properly, but that could be because the user isn't authenticated properly?
Hmm... try loadSession before authenticateUser?
-[Unknown]
Nope, no luck with that either :(
Just upgraded to 1.0.1. Problem solved :)
Hmmm ... it seems my conclusion was too soon. Had some complaints about loggin on in my e-mail this morning.
So upgraded to the last version of the api and started testing again. Somehow smf_AuthenticateUser is not processed correctly. It should return true or false, but I don't get any feedback (which probably signals it to be false ...)
Try this with error_reporting at E_ALL:
function smf_authenticateUser()
{
global $smf_connection, $smf_settings, $smf_user_info;
// No connection, no authentication!
if (!$smf_connection)
{
trigger_error('No database connection', E_USER_WARNING);
return false;
}
// Check first the cookie, then the session.
if (isset($_COOKIE[$smf_settings['cookiename']]))
{
$_COOKIE[$smf_settings['cookiename']] = stripslashes($_COOKIE[$smf_settings['cookiename']]);
// Fix a security hole in PHP 4.3.9 and below...
if (preg_match('~^a:3:\{i:0;(i:\d{1,6}|s:[1-6]:"\d{1,6}");i:1;s:(0|32):"([a-fA-F0-9]{32})?";i:2;i:\d{1,12};\}$~', $_COOKIE[$smf_settings['cookiename']]) == 1)
{
list ($ID_MEMBER, $password) = @unserialize($_COOKIE[$smf_settings['cookiename']]);
$ID_MEMBER = !empty($ID_MEMBER) ? (int) $ID_MEMBER : 0;
}
else
{
$ID_MEMBER = 0;
trigger_error('Invalid cookie', E_USER_WARNING);
}
}
elseif (isset($_SESSION['login_' . $smf_settings['cookiename']]))
{
list ($ID_MEMBER, $password, $login_span) = @unserialize(stripslashes($_SESSION['login_' . $smf_settings['cookiename']]));
$ID_MEMBER = !empty($ID_MEMBER) && $login_span > time() ? (int) $ID_MEMBER : 0;
}
else
{
trigger_error('No cookie found', E_USER_NOTICE);
$ID_MEMBER = 0;
}
// Don't even bother if they have no authentication data.
if (!empty($ID_MEMBER))
{
$request = smf_query("
SELECT *
FROM $smf_settings[db_prefix]members
WHERE ID_MEMBER = $ID_MEMBER
LIMIT 1", __FILE__, __LINE__);
// Did we find 'im? If not, junk it.
if (mysql_num_rows($request) != 0)
{
// The base settings array.
$smf_user_info = mysql_fetch_assoc($request);
// Wrong password or not activated - either way, you're going nowhere.
$ID_MEMBER = smf_md5_hmac($smf_user_info['passwd'], 'ys') != $password || $smf_user_info['is_activated'] != 1 ? 0 : $smf_user_info['ID_MEMBER'];
if (empty($ID_MEMBER))
trigger_error('Password incorrect', E_USER_WARNING);
}
else
{
$ID_MEMBER = 0;
trigger_error('Member not found', E_USER_WARNING);
}
mysql_free_result($request);
}
if (empty($ID_MEMBER))
$smf_user_info = array('groups' => array(-1));
else
{
if (empty($smf_user_info['additionalGroups']))
$smf_user_info['groups'] = array($smf_user_info['ID_GROUP'], $smf_user_info['ID_POST_GROUP']);
else
$smf_user_info['groups'] = array_merge(
array($smf_user_info['ID_GROUP'], $smf_user_info['ID_POST_GROUP']),
explode(',', $smf_user_info['additionalGroups'])
);
}
// A few things to make life easier...
$smf_user_info['id'] = &$smf_user_info['ID_MEMBER'];
$smf_user_info['username'] = &$smf_user_info['memberName'];
$smf_user_info['name'] = &$smf_user_info['realName'];
$smf_user_info['email'] = &$smf_user_info['emailAddress'];
$smf_user_info['messages'] = &$smf_user_info['instantMessages'];
$smf_user_info['unread_messages'] = &$smf_user_info['unreadMessages'];
$smf_user_info['language'] = empty($smf_user_info['lngfile']) || empty($smf_settings['userLanguage']) ? $smf_settings['language'] : $smf_user_info['lngfile'];
$smf_user_info['is_guest'] = $ID_MEMBER == 0;
$smf_user_info['is_admin'] = in_array(1, $smf_user_info['groups']);
// This might be set to "forum default"...
if (empty($smf_user_info['timeFormat']))
$smf_user_info['timeFormat'] = $smf_settings['time_format'];
return !$smf_user_info['is_guest'];
}
It should generate notices and warnings.
-[Unknown]
Tried that: no errors ???
Okay, let's try this. Are you certain you've got E_ALL, with notices though? Just in case that's it... this one's gonna be much more verbose, though.
function smf_authenticateUser()
{
global $smf_connection, $smf_settings, $smf_user_info;
// No connection, no authentication!
if (!$smf_connection)
{
trigger_error('No database connection', E_USER_WARNING);
return false;
}
// Check first the cookie, then the session.
if (isset($_COOKIE[$smf_settings['cookiename']]))
{
$_COOKIE[$smf_settings['cookiename']] = stripslashes($_COOKIE[$smf_settings['cookiename']]);
// Fix a security hole in PHP 4.3.9 and below...
if (preg_match('~^a:3:\{i:0;(i:\d{1,6}|s:[1-6]:"\d{1,6}");i:1;s:(0|32):"([a-fA-F0-9]{32})?";i:2;i:\d{1,12};\}$~', $_COOKIE[$smf_settings['cookiename']]) == 1)
{
list ($ID_MEMBER, $password) = @unserialize($_COOKIE[$smf_settings['cookiename']]);
$ID_MEMBER = !empty($ID_MEMBER) ? (int) $ID_MEMBER : 0;
trigger_error('Cookie indicates ID_MEMBER of ' . $ID_MEMBER, E_USER_NOTICE);
}
else
{
$ID_MEMBER = 0;
trigger_error('Invalid cookie', E_USER_WARNING);
}
}
elseif (isset($_SESSION['login_' . $smf_settings['cookiename']]))
{
list ($ID_MEMBER, $password, $login_span) = @unserialize(stripslashes($_SESSION['login_' . $smf_settings['cookiename']]));
$ID_MEMBER = !empty($ID_MEMBER) && $login_span > time() ? (int) $ID_MEMBER : 0;
trigger_error('Session indicates ID_MEMBER of ' . $ID_MEMBER, E_USER_NOTICE);
}
else
{
trigger_error('No cookie found', E_USER_NOTICE);
$ID_MEMBER = 0;
}
// Don't even bother if they have no authentication data.
if (!empty($ID_MEMBER))
{
$request = smf_query("
SELECT *
FROM $smf_settings[db_prefix]members
WHERE ID_MEMBER = $ID_MEMBER
LIMIT 1", __FILE__, __LINE__);
// Did we find 'im? If not, junk it.
if (mysql_num_rows($request) != 0)
{
// The base settings array.
$smf_user_info = mysql_fetch_assoc($request);
// Wrong password or not activated - either way, you're going nowhere.
$ID_MEMBER = smf_md5_hmac($smf_user_info['passwd'], 'ys') != $password || $smf_user_info['is_activated'] != 1 ? 0 : $smf_user_info['ID_MEMBER'];
if (empty($ID_MEMBER))
trigger_error('Password incorrect', E_USER_WARNING);
else
trigger_error('Correct password', E_USER_NOTICE);
}
else
{
$ID_MEMBER = 0;
trigger_error('Member not found', E_USER_WARNING);
}
mysql_free_result($request);
}
if (empty($ID_MEMBER))
$smf_user_info = array('groups' => array(-1));
else
{
if (empty($smf_user_info['additionalGroups']))
$smf_user_info['groups'] = array($smf_user_info['ID_GROUP'], $smf_user_info['ID_POST_GROUP']);
else
$smf_user_info['groups'] = array_merge(
array($smf_user_info['ID_GROUP'], $smf_user_info['ID_POST_GROUP']),
explode(',', $smf_user_info['additionalGroups'])
);
}
// A few things to make life easier...
$smf_user_info['id'] = &$smf_user_info['ID_MEMBER'];
$smf_user_info['username'] = &$smf_user_info['memberName'];
$smf_user_info['name'] = &$smf_user_info['realName'];
$smf_user_info['email'] = &$smf_user_info['emailAddress'];
$smf_user_info['messages'] = &$smf_user_info['instantMessages'];
$smf_user_info['unread_messages'] = &$smf_user_info['unreadMessages'];
$smf_user_info['language'] = empty($smf_user_info['lngfile']) || empty($smf_settings['userLanguage']) ? $smf_settings['language'] : $smf_user_info['lngfile'];
$smf_user_info['is_guest'] = $ID_MEMBER == 0;
$smf_user_info['is_admin'] = in_array(1, $smf_user_info['groups']);
// This might be set to "forum default"...
if (empty($smf_user_info['timeFormat']))
$smf_user_info['timeFormat'] = $smf_settings['time_format'];
return !$smf_user_info['is_guest'];
}
This should definitely generate something no matter what.
-[Unknown]
Hmmm ... something weird going on with Apache/PHP, but with error reporting turned on at runtime I get:
Warning: Cannot modify header information - headers already sent by (output started at /home/webuser/htdocs/syn-3.datux.nl/inloggen.php:17) in /home/webuser/htdocs/syn-3.datux.nl/forum/smf_api.php on line 258
Warning: Invalid cookie in /home/webuser/htdocs/syn-3.datux.nl/forum/smf_api.php on line 378
So sth is wrong with the cookie ...
Make sure you turn on output buffering before calling smf_api.php functions after output... e.g.:
ob_start();
Hmm... maybe...
print_r($_COOKIE[$GLOBALS['smf_settings']['cookiename']]);
-[Unknown]
Placed ob_start(); at the top of smf_api.php, which solves the first problem.
Output of the print_r is:
a:3:{i:0;i:1;i:1;s:32:"d6effa00e8531fc6344725bc87184c1b";i:2;d:11105965895;}
echo preg_match('~^a:3:\{i:0;(i:\d{1,6}|s:[1-6]:"\d{1,6}");i:1;s:(0|32):"([a-fA-F0-9]{32})?";i:2;i:\d{1,12};\}$~', $_COOKIE[$GLOBALS['smf_settings']['cookiename']]);
-[Unknown]
Output: 0
Quote from: [Unknown] on January 17, 2005, 07:57:51 AM
echo preg_match('~^a:3:\{i:0;(i:\d{1,6}|s:[1-6]:"\d{1,6}");i:1;s:(0|32):"([a-fA-F0-9]{32})?";i:2;i:\d{1,12};\}$~', $_COOKIE[$GLOBALS['smf_settings']['cookiename']]);
-[Unknown]
I don't get that. Wait, I see it. d.
smf_setLoginCookie( 10000000000, $_SESSION[ 'userid' ], $password, false ) )
That number is too high. I'll fix it in 1.1 so it's okay, though.
-[Unknown]
So how do I set it to 'forever'? 0?
3153600.
-[Unknown]
Is that simply the maximum value or really forever?
It's about 6 years.
-[Unknown]
That should be long enouogh :D
Thanks for the help...
I am starting to test it out right now and see if I like it better than the SSI.php file. Eventually I want to intergrate SMF with my own CMS that I am building and so I think this might be the tool I'm looking for. However I'm wondering if what you mean by it may be available under alternate licensing?
Just that we're willing to license this file under different licenses (GPL, LGPL, BSD, etc.) such that it can be distributed with other programs.
-[Unknown]
Ahh that would be nice. I had thought that it would be a charter membership type thing. Well that is good news and I'll continue my working with it and see what I can create ;)
Just wanted to make sure before I go ahead and start messing things, is this tool for smf/cpg logout issue. that is when I try to logout from cpg I get 'Session verification failed' error.
SMF 1.0.1
CPG 1.3.2
Login: 'test'
Pass: 'pastest'
(https://www.simplemachines.org/community/proxy.php?request=http%3A%2F%2Fwebpages.charter.net%2Fosipof%2Fcpg%2Flogout.jpg&hash=e0823cb0118cdbaa615d71541c78fdaa2a4d9080)
Thank you
That issue was one of the purposes of this tool. However, this is not drop-in and the current bridge will not automatically use it.
-[Unknown]
Thanks for the reply, now what do I need to do to fix this issue.
QuoteSession verification failed. Please try logging out and back in again, and then try again.
Well, again, that's a bug in the bridge. Regardless, in most cases it helps to turn off database-driven sessions.
-[Unknown]
hi,
i have this when i tried the smf_api.php
QuoteNotice: A session had already been started - ignoring session_start() in C:\apachefriends\xampp\htdocs\gallery\bridge\smf.inc.php on line 150
Please turn off session.auto_start in your php.ini.
-[Unknown]
Error logging does not work, because there isn't 'smf_modSettings'.
Quote from: elfinit on July 14, 2005, 09:40:26 AM
Error logging does not work, because there isn't 'smf_modSettings'.
That's been fixed in the 1.1 version, which is pending.
-[Unknown]
I need to check tis out later too sounds interesting.
Quotestring smf_md5_hmac(string data, string key)
- implements the encryption used for the passwords in SMF.
I was going to use that function in a sort of bridge with efiction because it uses just standard MD5, but SMF1.1 uses SHA-1, so is the SHA-1 function available as the 1.1 API as you said is pending. Or is there another way to do it, or should I just wait?
Please pardon my ignorance but i wish to use this with my copy of MAMBO i am currently running the bridge and am unsure how to run this?PLease i would be very appreciative if you could provide me with instructions on using it.
Thanks in advance ;D
You should probably use SSI.php in Mambo, since it is already used there for the bridge.
-[Unknown]
First I'd like to thank unknown, this api is superb. I have a question regarding the order of events. I am trying to add smf to a current site. I'm not exactly sure what order some of these functions should be called in. So lets try this example:
I am using the login form from SSI to log the user in. Now, when I user comes to one of the main site pages [not a forum page] I belive I should be using some combination of these three functions, but I'm not exactly sure which order they should appear in
smf_loadSession();
smf_setLoginCookie(60, addslashes(), , false);
smf_authenticateUser();
Note that a user may be a guest or a member when entering the main site depending on weither or not they have logged in, either from the forum or from the main site.
Can you shed some light on the proper use of these functions?
Thanks,
Andrew
It's not a good idea to use this and SSI.php at the same time, I'm afraid.
The order you have listed is fine, though.
-[Unknown]
Any news on when the release of smf_api.php 1.1 is? (or is it already out there somewhere?) Been having trouble getting the login to work.. It sets the cookie, it authenticates, it even sets up the session, but for some reason I'm not logged in when I go over to the board. I have local cookies off and sub whatever cookies on. If I am already loged into the board, it actually logs me out by going to the page that uses smf_api... I am guessing these issues will be resolved with the new version?
Thanks,
-Jon
I have Coppermine installed and running well with SMF. My question is: can I use smf_api.php to show in action=who peoples who are on the gallery? If not, is there any other way to do that?
Okay, I've read several threads (including this one) here referring to intergrating two sites, but it's not clicking for me. I'm abit of a newbie to smf but I do like it so far. My issue is I need to somehow get smf to use the username/password details from another site on a different server. This other existing site is not a CMS site, but a BT tracker site. I'm going to use the smf forum as a help and general discussion area for the tracker site. I just can't figure out the best way to get smf to use the user details from the tracker.
Is the smf api the way to go?
Could anyone here take some time to point me in the right direction to achieving this? I love messing around with these scripts and have learned alot in the process but with this task I'm stumped.
Kev
Hi there,
I have just installed SMF (1-0-7) on my website and before using it online I tried the smf_api.php to login and logout users from other pages of my site. I use the classic functions:
require_once('smf_api.php');
smf_setLoginCookie( 3600, $user, $passwd, false );
smf_authenticateUser();
smf_loadSession();
smf_logOnline();
That works perfectly when I try it locally (with a local replicate of my site) but I can't manage to make it working online, the cookie is just not sent. But my username appear on the forum page as if I were logged in. I can't figure out what is going wrong????????
Any idea would be welcome!!!
Thanks,
louis
Sorry for digging up an old topic but is this tool still updated / supported?
I'm having trouble using it with my 1.1.5 SMF install, Ive searched a lot and found a couple of versions of this file around and not sure which one I should be using, if any.
I am also wonder what I should be using. I have SMF 1.1.7 and need to be able to log users in and out from my own custom site.
I just switched from IPB to SMF.. IPB had an amazing API (though it was 3rd party). My site needs to be able to tell if a user is logged in, what user group they are in, how many private messages they have, how many members and guests are online, the member count, post count, newest member, current bdays, etc.
Any suggestions?
The problem with this API is that after I set the cookie it logs me out of the forum. So I log out back into the forum but then it logs me out of the custom site. The cookies must be different and won't authenticate. I am not under a subdomain or anything.
Here is my test script (the *entire* thing):
<?
require_once("/var/www/vhosts/my-site.com/httpdocs/smf/smf_api.php");
if (smf_authenticateUser() === false) {
echo "<p>Not logged in. Setting login cookie. Reload page to authenticate cookie and login.</p>\n";
if (smf_setLoginCookie(3600, "rewen", "06646c1e194ac42a0b30c94f2b648a9a2967c9f9", true) === false) {
echo "<p>Setting of cookie failed</p>\n";
}
} else {
smf_loadSession();
smf_logOnline("Logged in from test script");
echo "<p>Cookie found and authenticated. Logged in</p>\n";
print_r ($smf_user_info);
}
?>
Although the API is still valid for 1.1, I suggest you look into using the integration hooks (check the bridges board) and SSI.php. You can get all the user info by including SSI.php.