Simple Machines Community Forum

I'm writing an api for 2.0, because I can't find one anywhere. It doesn't seem too difficult; I basically took the SSI and stripped out the functions to write my own. Besides the obvious ones (login, logout, register, and the others from the 1.x api) what functions would be nice to have?

Done. See below post for more info.

Edit: Attachment removed
DOWNLOAD THE NEWEST VERSION FROM THIS THREAD :)
http://www.simplemachines.org/community/index.php?topic=453008.0

Here it is. I've tested (briefly) all the functions and they work. Questions, comments, suggestions? Let me know.

How to use:
Put it on the same server your SMF forum is installed and use require_once to include it like:

require_once($_SERVER['DOCUMENT_ROOT'] . '/your/path/to/this/file/smf_2_api.php');


Then you can use the functions  :)

Here is the function list:

Quotearray  smfapi_getUserByEmail(string $email)
        - returns all user info from the db in an array

    array  smfapi_getUserById(int $id)
        - returns all user info from the db in an array

    array  smfapi_getUserByUsername(string $username)
        - returns all user info from the db in an array

    array  smfapi_getUserData(mixed $identifier)
        - returns all user info from the db in an array
        - will accept email address, username or member id

    bool   smfapi_login(mixed $identifier, int $cookieLength)
        - sets cookie and session for user specified
        - will accept email address, username or member id
        - does no authentication; do that before calling this

    bool   smfapi_authenticate(mixed $username, string $password, bool $encrypted)
        - authenticates a username/password combo
        - will accept email address, username or member id

    bool   smfapi_logout(string $username)
        - logs the specified user out
        - will accept email address, username or member id

    bool   smfapi_deleteMembers(int || int array $users)
        - deletes member(s) by their int member id
        - will return true unless $users empty
        - will accept email address, username or member id or a mixed array

    int    smfapi_registerMember(array $regOptions)
        - register a member
        - $regOptions will contain the variables from the db
        - dump out the results of smfapi_getUserData($user) to see them all
        - required variables are: 'member_name' (unique), 'email' (unique), 'password'

    bool   smfapi_logError(string $error_message, string $error_type, string $file, int $line)
        - logs an error message to the smf error log
        - $error_type will be one of the following: 'general', 'critical', 'database', 'undefined_vars', 'user', 'template' or 'debug'
        - just use __FILE__ and __LINE__ as $file and $line unless you have other ambitions

    true   smfapi_reloadSettings()
        - loads the $modSettings array
        - adds the following functions to the $smcFunc array:
             'entity_fix', 'htmlspecialchars', 'htmltrim', 'strlen', 'strpos', 'substr', 'strtolower', strtoupper', 'truncate', 'ucfirst' and 'ucwords'

    true   smfapi_loadUserSettings(mixed $identifier)
        - loads the $user_info array for user or guest
        - will accept email address, username or member id
        - if member data not found, will try cookie then session

    true   smfapi_loadSession()
        - starts the session

    *Session functions*
    true   smfapi_sessionOpen()
    true   smfapi_sessionClose()
    bool   smfapi_sessionRead()
    bool   smfapi_sessionWrite()
    bool   smfapi_sessionDestroy()
    mixed  smfapi_sessionGC()

    bool   smfapi_loadDatabase()
        - loads the db connection
        - adds the following fuctions to the $smcFunc array:
            'db_query', 'db_quote', 'db_fetch_assoc', 'db_fetch_row', 'db_free_result', 'db_insert', 'db_insert_id', 'db_num_rows',
            'db_data_seek', 'db_num_fields', 'db_escape_string', 'db_unescape_string', 'db_server_info', 'db_affected_rows',
            'db_transaction', 'db_error', 'db_select_db', 'db_title', 'db_sybase', 'db_case_sensitive' and 'db_escape_wildcard_string'

    void   smfapi_cachePutData(string $key, mixed $value, int $ttl)
        - puts data in the cache

    mixed  smfapi_cacheGetData(string $key, int $ttl)
        - gets data from the cache

    bool   smfapi_updateMemberData(mixed $member, array $data)
        - change member data (email, password, name, etc.)
        - will accept email address, username or member id
        - data will be an associative array ('email_address' => '[email protected]') etc.

    true   smfapi_smfSeedGenerator()
        - generates random seed

    bool   smfapi_updateSettings(array $changeArray, bool $update)
        - updates settings in $modSettings array and puts them in db
        - called from smfapi_updateStats(), smfapi_deleteMessages() and smfapi_smfSeedGenerator()

    true   smfapi_setLoginCookie(int $cookie_length, int $id, string $password)
        - called by smfapi_login() to set the cookie

    array  smfapi_urlParts(bool $local, bool $global)
        - called by smfapi_setLoginCookie() to parse the url

    bool   smfapi_updateStats(string $type, int $parameter1, string $parameter2)
        - update forum member stats
        - called when registering or deleting a member

    string smfapi_unHtmlspecialchars(string $string)
        - fixes strings with special characters
        - called when encrypting the password for checking

    bool   smfapi_deleteMessages(array $personal_messages, string $folder, int || array $owner)
        - called by smfapi_deleteMembers()

    string smfapi_generateValidationCode()
        - used to generate a 10 char alpha validation code during registration

    bool   smfapi_isOnline(mixed $username)
        - check if a user is online
        - will accept email address, username or member id

    bool   smfapi_logOnline(mixed $username)
        - log a user online

    array  smfapi_getMatchingFile(array $files, string $search)
        - find a file from an array
        - used to find Settings.php in case this script is not with it

    array  smfapi_getDirectoryContents(string $directory, array $exempt, array $files)
        - gets the contents of a directory and all subdirectories
        - called by smfapi_getMatchingFile

Edit: attachment removed
DOWNLOAD THE NEWEST VERSION FROM THIS THREAD :)
http://www.simplemachines.org/community/index.php?topic=453008.0

Thanks for doing this, it looks really useful, but I am getting an error:

Notice: Undefined index: BAN_CHECK_IP in C:\wamp\www\forum\smf_2_api.php on line 1959

It's smfapi_loadUserSettings that's the problem. I'm not even calling any functions at the moment, just using require_once on the file. Any ideas what the problem is?

It loaded your settings and ip2 isn't defined for your account.

Just change this line:
'ip2' => $_SERVER['BAN_CHECK_IP'],
to this:
'ip2' => isset($_SERVER['BAN_CHECK_IP'])?$_SERVER['BAN_CHECK_IP']:'',

and it will check if it is defined first :)

That works perfectly, thank you!

It's really wanted tool.

Thanks, so much.

Thanks for this - it is EXACTLY what I needed (and really, really, really didn't want to have to write)!!!

Well done.

Thanks. You have done the big work.

SSI is not working for me.  How would I use this API to replicate the ssi_login() feature (authenticate if the user is logged on, if not, display login and etc.)

Also, do we have to install this as the same directory as SMF or just the same server?

Same server is fine.

require_once the api file. The first time you load it, it will find the path to your forum and save the path in a settings file, so the first load might take a few seconds.

you authenticate with something like:

$authenicated = smfapi_authenticate($username, $password);


Or you can authenticate the user in your other system if that is easier for you.

You log them in like this:

smfapi_login($identifier)

Where identifier can be their email address, username or member id. As long as the user exists, they will be logged in

:)

 smfapi_logout(string $username) - is not working for me.

Hi,
what path are you calling it from and what path are your smf cookies set for?
Your smf cookie path needs to be '/'

include('/home/host1212596/site/htdocs/www/forum/api.php');

$name = 2;
$logout = smfapi_logout($name);
var_dump($logout);


function smfapi_logout($username='')
{
    global $sourcedir, $user_info, $user_settings, $context, $modSettings, $smcFunc;


       print_r($user_info);
}


return array

Array ( [groups] => Array ( [0] => -1 ) [possibly_robot] => [id] => 0 [username] => [name] => [email] => [passwd] => [language] => russian [is_guest] => 1 [is_admin] => [theme] => 0 [last_login] => 0 [ip] => 178.120.45.90 [ip2] => [posts] => 0 [time_format] => %B %d, %Y, %H:%M:%S [time_offset] => 0 [avatar] => Array ( [url] => [filename] => [custom_dir] => [id_attach] => 0 ) [smiley_set] => [messages] => 0 [unread_messages] => 0 [total_time_logged_in] => 0 [buddies] => Array ( ) [ignoreboards] => Array ( ) [ignoreusers] => Array ( ) [warning] => 0 [permissions] => Array ( ) ) NULL

But at a forum I am authorized.

Way to a site /home/host1212596/site/htdocs/www/
Way to a forum /home/host1212596/site/htdocs/www/forum/

cookie path '/'

Help!

The problem is most likely your cookie not being unset by the api logout call. Why is not being unset? Because it's probably not being found by the script.

Go to you forum, where you are still logged in, and open firecookie and check the path of you smf cookie. If your cookie is being set on /site/forum/ and your script is not on that path it won't find your cookie, it won't be able to unset your cookie, and the session will persist.

When you execute the script that makes the api call, use firecookie to check if you can see your smf cookie, you should be able to.

In SMF admin settings there is an option for sessions and cookies to 'use subdomain independent cookies'. Also make sure the option to 'store cookies locally' isn't selected. Delete the cookie manually and login again and check it. Make sure the path is right :)

The session is stored in the db too, but if the api had trouble connecting with your db, chances are good your forum would too, so you gotta check your cookie and make the path correct and I think you will be happy. Let me know otherwise ;)

(https://www.simplemachines.org/community/proxy.php?request=http%3A%2F%2Fpix.am%2FzS05.png&hash=563089d0b7efff971d20c4a8d271a8c105481c17)

My Cookie after relog. All is OK.

Option to 'store cookies locally' isn't selected
(https://www.simplemachines.org/community/proxy.php?request=http%3A%2F%2Fpix.am%2FkRg0.png&hash=92b813c2ab126d17165807c2cfab18f01f3dbdf0)

_http://scrap.by/forum/info.php - function not working.

function smfapi_logout($username=''){
    global $sourcedir, $user_info, $user_settings, $context, $modSettings, $smcFunc;
    print_r($user_info);
}

info.php
<?php
   include('/home/host1212596/site/htdocs/www/forum/md5apis.php');
      $name = 2;
      smfapi_logout($name);
?>

is there a session already started before you call the api?
when you call the logout are you specifying the username to logout?

edit: also, is the function returning true or false?

what do you get when you do:

echo $_COOKIE[$cookiename];

?
If your script can see the cookie, try this:

list ($id_member, $hash) = @unserialize($_COOKIE[$cookiename]);
smfapi_logout($id_member);


Quote from: ike turner on August 04, 2011, 01:08:03 PM
what do you get when you do:

Code Select Expand


echo $_COOKIE[$cookiename];

?
If your script can see the cookie, try this:

Code Select Expand


list ($id_member, $hash) = @unserialize($_COOKIE[$cookiename]);
smfapi_logout($id_member);


There's one interesting issue might be to give access to try? I am familiar with PHP for over 2 years. But that's not dancing with a tambourine ... help me with this problem.
echo $_COOKIE[$cookiename]; it work.

Return serialize string
a:4:{i:0;s:1:\"1\";i:1;s:40:\"8f25b79eff6d984c2f657326fd3984ee2938c80f\";i:2;i:1501702094;i:3;i:2;}

list ($id_member, $hash) = @unserialize($_COOKIE[$cookiename]); Not Working! hell hell hell

echo $id_member or echo $hash - Neither give nor any of the results! HELL HELL HELL

if you have the data from the cookie you should be able to unserialize it :)
what version of php are you using?
try smfapi_logout(1);
and see if it logs you out. If that works you just need to figure out why you can't unserialize the cookie data

Quote from: ike turner on August 04, 2011, 06:23:19 PM
if you have the data from the cookie you should be able to unserialize it :)
what version of php are you using?
try smfapi_logout(1);
and see if it logs you out. If that works you just need to figure out why you can't unserialize the cookie data

If i do list ($id_member, $hash) = @unserialize($_COOKIE[$cookiename]); in file index.template.php it is WORKS.

In a array brought id & hash.

If i do list in new file (info.php)
<?php

require_once('md5apis.php');


list ($id_member, $hash) = unserialize($_COOKIE[SMFCookie11]);
echo $id_member;

?>

Not WORK!

I do not know even already what to do

I was wondering about if you got this fixed.

What is md5apis? is that the api file?

If it's not working from another location, the odds are very very good that the other location can't see your smf cookie.

From the place you want to use the api:

1. include (require_once) the api file

2. make sure you can get the cookie data. Try

$cookie = $_COOKIE[$GLOBALS['cookiename']];
echo $cookie;

make sure you get some output, which should be an array with the member id and password hash serialized

3. If you don't get anything, check the path your cookie is set on. Make sure it is set on '/'. Check your settings to make sure you are using subdomain independent cookies, and store cookie locally is unchecked. Delete the cookie because it might be using the old settings. Log in again. Then retry. Use firecookie to see the cookie data.

4. Get the member id from the cookie and use that by sending it to the functions.

looking at this code:

list ($id_member, $hash) = unserialize($_COOKIE[SMFCookie11]);
echo $id_member;

SMFCookie11 is not a constant, use ['SMFCookie11']. better yet would be to use $GLOBALS[$cookiename] after you include the api.

If you still have issues with this pm me an ftp login, a test smf login and where exactly you are trying to use this code and I'll check it out for you :)

Send PM.

Update: to anyone with a similar issue as above, the serialized data had quotes that had been escaped '\', probably because of magic_quotes_gpc in the server configuration. The slashes had to be removed for the data to unserialize properly. You can manually use stripslashes or str_replace on the data before you unserialize it, or fix your server configuration and let the api do the work for you :)
So to sum it up, if you are able to get the cookie data, but not loading any user info this could be the cause

Can I use this to register a user (Silently without email activation)? I Mean a customer buys a product using Download Guard(DLG) and DLG will output the user name and password ( I got this part) and then automatically Creates a user on the SMF Database with the details user name and password or possibly even email like DLG outputs.

DLG Outputs Details ----> Homemade Script to Create a user on SMF(using API) = Single login.

So this eliminates the process of having to login in to DLG and then SMF because I protect the SMF forum using DLG (so this is a single login). Makes sense?

There are a lot of People Wanting this Function but when somebody asked this they are always slapped with Documentation that really never is a solution. Because it is the other way around. SMF will be an add in on the Main Site not the other way around so it is so important to have a way to create a user using the Main sites registration process.

Yes, you can use this to do exactly that :)

require_once #path to the api file

$regOptions = array('member_name' => $name, 'email' => $email, 'password' => $password);

smfapi_registerMember($regOptions);


There are a lot more registration options you can specify, but those are the only required ones

Wow thanks. I'll try that one.  :)

Ok. I tried it like this :

DLG-SMF-bridge.php

<?php
require_once($_SERVER['DOCUMENT_ROOT'] . '/forum/smf_2_api.php');

$name = "AKM-name";
$email = "[email protected]";
$password = "0054321";

$regOptions = array('member_name' => $name, 'email' => $email, 'password' => $password);

smfapi_registerMember($regOptions);
?>

and in browser - http://auctionkeywordmaster.com/forum/DLG-SMF-bridge.php

I thought nothing happened. Page only turned Blank White
and I looked at member list and realized I have set the registration setting to "member approval". After approving member it worked fine.

Thank you very much.

Another question, how can I give a created user a member group? example: I want the member that purchased a DLG product to have rights to view the VIP boards. So I need a way to assign them the VIP member group on user creation. Makes Sense?

Hi, what you're saying makes perfect sense. There is a plethora of other variables you can add to the $regOptions array to register new members however you want. For setting the membergroup you would use $regOptions['memberGroup']. So when you're setting up the $regOptions array just add

'memberGroup' => (int group code),

or if you've already set up the $regOptions array

$regOptions['memberGroup'] = (int)your group code;


As for the registration settings for confirmation required and approval, the variable is called $regOptions['require']. There are 3 settings for this. 'nothing' will register the user and nothing else is required, (no confirmation, no approval). 'activation' means the account requires activation. Anything other than those two strings will result in activation necessary for the account. So, for example if you want the newly registered accounts to be ready to use you would set

$regOptions['require'] = 'nothing';

and if you wanted them to be user activated by their confirmation code you would use

$regOptions['require'] = 'activation';

and if you didn't specify anything the account would require admin approval.

If you go through the smfapi_registerMember() function, there are lots of other account details you could add, depending on how much information you want/need to share between smf and the other system :)

You're God sent. THank you very much.

I made a mistake by using this before---> on the array 'membergroup' instead of the correct one 'memberGroup' this broke it but I realized the mistake and made the changes. Now it works. All I've got to do now is get the POST output from DLG and all will be fine.

Thank you Again.

Now Another question. I need to know how to make a single login work on DLG and SMF since they will have the same user data because of the DLG-SMF-registration.

So When they login on DLG they will also automatically be logon on SMF. and Also same is true with Logout.

I'm not 100% sure what you're asking but it sounds like you want to log users in and out from DLG (whatever that is). The API has functions for login and logout too, and they're much easier to use than registration :D

    bool   smfapi_login(mixed $identifier, int $cookieLength)
        - sets cookie and session for user specified
        - will accept email address, username or member id
        - does no authentication; do that before calling this

    bool   smfapi_authenticate(mixed $username, string $password, bool $encrypted)
        - authenticates a username/password combo
        - will accept email address, username or member id

    bool   smfapi_logout(string $username)
        - logs the specified user out
        - will accept email address, username or member id


so you could use

smfapi_login($email);
or
smfapi_login($smfMemberId);
or
smfapi_login($smfUserName);

If you care how long the cookie is set for, set it using the second variable to match your other system.
For logout, same thing :)
Don't forget to require_once the API file before you call the API functions, and remember that the login function will do absolutely no authentication whatsoever, it will just log that user in. So make sure you authenticate them in DLG first, or use the authenticate function first

I don't really know how cookies work. I haven't gotten that far on php.

This is the senario. As I login to DLG site i get logged in but I also want to be able to logged in on SMF silently using your API. But how do I extract the $_post data from the DLG form and send it silently to the Homemade Login Script and then passing that to API? CURL? I read about this but do not have any knowledge about this. Can't it be done using php? I know how forms work but this is something I haven't done before passing it to another PHP file silently after it logs in on DLG.

So this will basically be a single log-in/log-out system with DLG and SMF integrated.

Can you give example.   ;D

I tried this and works and logs me in on SMF but, Doesn't want me to logged in on DLG.

<?php if (is_page('members') || is_page('download-akm') || is_page('bonuses') || is_page('training-videos') || is_page('create-license')) { 
  $pathToDLG = "dlg2a/";
  $dlgMemberGroup = "1";
  include ($pathToDLG."members/dlgmembers.php");
  include ($_SERVER['DOCUMENT_ROOT'] . '/Jay-DLG-SMF-Bridge/cookieview.php');
  
 } ?>


The added line to login on SMF using cookieview.php--> include ($_SERVER['DOCUMENT_ROOT'] . '/Jay-DLG-SMF-Bridge/cookieview.php');

DLG works without the above line.

Cookieview.php Contents :

<?php require_once($_SERVER['DOCUMENT_ROOT'] . '/Jay-DLG-SMF-Bridge/smf_2_api.php');

    if (isset($_SESSION['username'])){
    echo "User : ".$_SESSION['username'];

$email = $_SESSION['username'];
smfapi_login($email);
exit();
    } 


?>

This is what it looks before:

<?php if (is_page('members') || is_page('download-akm') || is_page('bonuses') || is_page('training-videos') || is_page('create-license')) { 
  $pathToDLG = "dlg2a/";
  $dlgMemberGroup = "1";
  include ($pathToDLG."members/dlgmembers.php");
 } ?>

I haven't authenticated yet. Is it really important? Can I skip it?

You can skip authentication if you've already authenticated the login in DLG.

Try using this api file attached. I have modified it a little to not screw with the sessions of other systems; it won't even try to start a session if one is going. That might help. I also fixed a few things in it. Would love to upload this version if I ever get it approved :p

You need to find the location in your code where DLG has already authenticated the user and is ready to log them in, and use the login function then. Most likely just before DLG logs them in because it will probably redirect after. I don't know where that would be, but you could find it easily enough by looking for the file that the login form posts to. The API login function will just log the (valid) user in if you pass it the email. It will put the session info in the db and set the SMF cookie. It won't check anything.

As for the cookie settings, that value is the cookie length, or time to set the cookie for. How long do you want the cookie to hold the session as active? It would be ideal to match that with DLG. When they login, do you want them logged in forever? For 1 hour? If you don't know you can safely ignore it

It still won't work.

This what works in DLG and enables me to login on DLG -->

<?php
 if (is_page('members') || is_page('download-akm') || is_page('bonuses') || is_page('training-videos') || is_page('create-license')) { 
  $pathToDLG = "dlg2a/";
  $dlgMemberGroup = "1";
  include ($pathToDLG."members/dlgmembers.php");
   
 } ?>

Now I include ---> include ($_SERVER['DOCUMENT_ROOT'] . '/Jay-DLG-SMF-Bridge/cookieview.php'); as in --->

<?php
 if (is_page('members') || is_page('download-akm') || is_page('bonuses') || is_page('training-videos') || is_page('create-license')) { 
  $pathToDLG = "dlg2a/";
  $dlgMemberGroup = "1";
  include ($pathToDLG."members/dlgmembers.php");
  include ($_SERVER['DOCUMENT_ROOT'] . '/Jay-DLG-SMF-Bridge/cookieview.php'); // this is the one added. Code to get session username of DLG and pass it to SMF API to login.

 } ?>

Because I want to get DLG session 'username' which is the email(username is email) and pass it to API using smfapi_login($email)

But when I do this DLG won't login anymore and just shows me the login form and looking at forum I refresh it and shows that I am successfully logged in.

http://www.Mysite.com --> main site --> mainlogin using DLG
http://www.Mysite.com/forum  ---> SMF ---> my script (cookieview.php) rides on DLG login via include

Yes I was thinking it might be the session is interfering with DLG because the API will start another session when I looked at API code.

The updated API you sent still won't work. I cannot modify or do anything on the DLG side. It is a paid script that protects a webpage by showing a login form to anyone who access the page and unlocking it if you buy membership on it. DLG just outputs username and password and secret key when a customer buys thus I used that to register a new member also on SMF by using API function smfapi_registerMember($regOptions);

This coding stuff gives me headaches haha  ;D

Why are you including cookieview.php? That might be preventing the login functionality of DLG rather than the API...
Can you post the code on the page your login form submits to? Won't it contain the email address in the $_POST data?

Cookieview Contents:

<?php require_once($_SERVER['DOCUMENT_ROOT'] . '/Jay-DLG-SMF-Bridge/smf_2_api.php');

    if (isset($_SESSION['username'])){
  
$email = $_SESSION['username'];
smfapi_login($email);
exit();
    } 


?>

Cookieview.php gets the username(email is DLG username) from DLG session andthen just past it to API with the function smfapi_login($email);

Don't confuse the name of cookieview. I forgot to change it to something else. So it doesn't view any cookies. Yes that's what I was thinking but why does it prevents DLG to login, it's just a simple code to get session username for the API to use it.

Maybe I can just extract $username and just directly pass it silently to API without using that session thing. Can this be done? How? I mean If I use <form></form> It will not pass the data silently to the php file that contains  smfapi_login($email); that then passses to API? How to extract username when logging in to DLG? That's why I used that $email = $_SESSION['username']; to get the username. Am I coding it all wrong?

The login form is built in to dlg. DLG is a protection script that protects a page. You protect a page by including DLG script like <?php include(path/DLG.php); ?> so I thought I can just include my script after DLG script like:


<?php include(path/DLG.php);
include(path/cookieview.php); ?>

cookieview.php content are just requiring the API like require(path/smf_api_2.php);
then getting the username on DLG by username:

$email = $_session[username]; //$email is used because DLG usernames are the email address
and calling function smfapi_login($email); to pass $email to API and call SMF to login.

So I was thinking that since DLG is the first to get login then after that is the SMF login code. I am thinking that SMF API might interrupting the DLG session login and then logging in to SMF.

But since you just fixed the API it is out of the question and it is not the culprit. I don't really now if i'm doing this right.

DLG is a commercial script so it cannot be modified. I got the registration fixed because once a customer buys in DLG - DLG has a setting to place a IPN script to call and post user details when a successful buy has been made. So I made the IPN using your API to create a user on SMF and is successful but login is another story.

That's great idea.

Ok I found what's happening.

I tried logging to DLG FIRST not using the SINGLE LOGIN SYSTEM/SCRIPT and then logging to SMF FOrum. THis is what I found out, I went back to DLG and found out I was automatically logged out after i login on SMF.

bug on SMF 2.0?

Can you confirm this?

Quote from: dreison27 on September 18, 2011, 01:33:38 AM
Ok I found what's happening.

I tried logging to DLG FIRST not using the SINGLE LOGIN SYSTEM/SCRIPT and then logging to SMF FOrum. THis is what I found out, I went back to DLG and found out I was automatically logged out after i login on SMF.

bug on SMF 2.0?

Can you confirm this?

How is DLG managing it's session?

You did a great work here andre! :D

I have a doubt about the smfapi_getUserData function: I feel that there are situations where this function could not retrieve the data it should, for example if a user uses as name a number and this number is by chance the id on another user (I admit I haven't done any test yet) then this user is taken instead of the intended one.
Additionally, always related to that function, I was thinking would be worth extending it to retrieve the data of more than one member at a time? And maybe save the data in an array like $user_data[id_user] so that if the function is called more than once in the same script for the same user the data can be sort of cached?

Thanks :)

smfapi_getUserData() really just calls getUserById, getUserByEmail or getUserByUsername
if the variable passed to it is numeric, it will go to getUserById first and if it is not an int it will return false. If it's not numeric, it will try getUserByEmail since an email address can't be numeric anyways. Then if neither of those had a result it will try the variable as a username with getUserByUsername.

If you had a member A with id 233423 and another member B with username 233423, you should get A's info by passing id 233423 as an int to getUserData, and you'd get B's info by passing username 233423 as a string into getUserData.

That's the theory anyways, and I could be wrong :D

Yep, but (/me is a "but man" :P) the difference is rather thin.

echo '<form method="post" action="">
<input name="test" type="text" />
<input type="submit" />
</form>';

echo "POST is:<br />";
if (isset($_POST['test']))
{
if(is_string($_POST['test']))
echo "is string<br />";
if(is_numeric($_POST['test']))
echo "is number<br />";
}

echo "<br />a variable is:<br />";
$a = '1';
$a = (string) $a;
if(is_string($a))
echo "is string<br />";
if(is_numeric($a))
echo "is number<br />";

On my (xampp) test server, those evaluate all to both number and string.

I agree completely that it would be bad news to pass $_POST data into that function. These weren't intended for user input or POST data really

If I had to use POST'd data I would typecast it before passing it into the function. If I am expecting a member id to be posted:

(int)$member_id = $_POST['test'];
smfapi_getUserData($member_id);


I need login example smfapi_authenticate. Can anyone write simple example..
I use this code.
<html>
<body>
<form action="" method="POST">
<input type="text" name="1" />
<input type="text" name="2" />
<input type="submit" value="tamam girdim" />
</form>
</body>
</html>
<?
include("C:\\xampp\\htdocs\\forum\\smf_2_api.php");
$user=$_POST["1"];
$pass=$_POST["2"];
$y=smfapi_authenticate($username='$user', $password='$pass', $encrypted=true);
if($y==TRUE)
{
    echo "OK";
}
else
{
    echo "Not OK";
}

?>       
But return is not return..

Quote from: andre nickatina on November 17, 2011, 11:51:20 AM
I agree completely that it would be bad news to pass $_POST data into that function. These weren't intended for user input or POST data really

If I had to use POST'd data I would typecast it before passing it into the function. If I am expecting a member id to be posted:

Code Select Expand


(int)$member_id = $_POST['test'];
smfapi_getUserData($member_id);


Yep, but the point is the same, see the second part of my example: anything that resemble a number is treated as number AND string by php.
And most likely when you POST something is the member name, not the ID. ;)
So you will have the (numeric) name treated as an ID instead of a name as it should be.

I would do something like:
function smfapi_getUserData($username='', $treat_as_id = false)
{
if (empty($username))
return false;

$user_data = array();

// we'll try id || email, then username
if (is_numeric($username) && $treat_as_id)
// number is most likely a member id
$user_data = smfapi_getUserById($username);
else
// the email can't be an int
$user_data = smfapi_getUserByEmail($username);

if (!$user_data && !$treat_as_id)
$user_data = smfapi_getUserByUsername($username);

return $user_data;
}

So if you want to pass an id you have to explicitly state so when you call the function.

And the same discussion can be valid for username and email: I can register using an email address as username (okay, most likely I would use my own email) and then you could potentially get the wrong data from that function. ;)


TeHLiqE I think you should use:

$y=smfapi_authenticate($user, $pass, false);


Hi, Im really new to this so please bare with me:
I downloaded smf_2_api.php I know I have to upload it to my server, do I have to configure anything in that file?in which file do I put the require once code?
Thanks

Quote from: dan000 on November 27, 2011, 05:43:35 AM
Hi, Im really new to this so please bare with me:
I downloaded smf_2_api.php I know I have to upload it to my server, do I have to configure anything in that file?in which file do I put the require once code?
Thanks

Open it and manually add the path to your Settings.php file. If you don't, it will try to find it for you but on some servers that don't have enough memory, or have too many files it will exhaust the memory and fail.

Put the require_once code wherever you want to use the functions in the API. Probably in your website somewhere outside of SMF

Thank you!

Hi....great work...I downloaded api file ...set the require_once option...in a test file I tried the smfapi_login() function..I doesn't show any error but doesn't work either...where could i get wrong? Thanx for help in advance...

You have to be more specific than "it doesn't work"

HOW does it not work?
do it not display at all?
does it display, but not log in when you click login?

Also, you setup is important to list...  are you trying this additional file in the same subdomain and directory as SMF itself?

Quote from: shrutisengupta on December 21, 2011, 08:26:25 AM
Hi....great work...I downloaded api file ...set the require_once option...in a test file I tried the smfapi_login() function..I doesn't show any error but doesn't work either...where could i get wrong? Thanx for help in advance...

Did you pass a valid username, email or member id into the login function?

smfapi_login($email);


Is your SMF cookie visible from the location of the API? Make sure the path of your SMF cookie is set on '/' (subdomain independent cookies on in admin config).

Check those things first and let me know :)

hey thanks....working great now.....really nice work i must say....  :D :D :D :D :D :D :D

one more problem...my session variables get reset once I use the api login function ....any solutions?


$data = $_SESSION;

smfapi_login($user);

$_SESSION = $data;


you could do that if there's something you need to preserve

Thank you for the great work, andre :)

Question:
How to check whether the user is currently logged in on the forum or not?
Need something like:

<?php
if (!logged_in) {die();}
// rest of the page here
?>


Quote from: Rioshi on February 03, 2012, 05:42:53 PM
Thank you for the great work, andre :)

Question:
How to check whether the user is currently logged in on the forum or not?
Need something like:

Code Select Expand


<?php
if (!logged_in) {die();}
// rest of the page here
?>


I can't quite recall, been so long since I was deep in the code, but I know you can at least use $user_info['is_guest'] for that. Maybe there's a good function, but I believe that works fine. It's boolean, 1 if true (guest / logged out) and not set/false/null whatever if logged in (you should then have a username you could verify then too)

Thaks for reply.

Now, on the basis of the foregoing, the question arises: Is this safe to do something like that?

<?php
require_once('smf_2_api.php');

if (isset($_COOKIE[$cookiename]))
{
$smfcook = @unserialize(stripslashes($_COOKIE[$cookiename]));
smfapi_loadUserSettings($smfcook[0]); // loads settings for user id, whitch taken from smf cookie
if (!$user_info['is_guest']) { $user = $user_info['username']; }
else { $user = 'guest'; }
}
else { $user = 'guest'; }

// here we take permissions for given $user from separate site database
// and give him appropriate controls in the rest of this page
?>

May be it will make sense if I start an additional session there to secure the forms and other controls on the page?

I'm sorry for maybe a bit stupid questions. I don't have enough experience in that :-[

You could do that, but there is no reason to as the function smfapi_loadUserSettings() is executed when the script is loaded and does that for you.
You don't need to call the function explicitly, or pass a variable into it unless you have special need to.


require_once($_SERVER['DOCUMENT_ROOT'] . '/path/to/smf_2_api.php');

global $user_info;

if ($user_info['is_guest']) {
    //do something here for guests
} else {
    //do something here for members
}


as for the session, start your other session first and the api will leave it alone ;)

This is really nice.

How do I use this api to create topic, add reply, etc?

Quote from: andre nickatina on June 30, 2011, 01:43:51 PM
I'm writing an api for 2.0, because I can't find one anywhere. It doesn't seem too difficult; I basically took the SSI and stripped out the functions to write my own. Besides the obvious ones (login, logout, register, and the others from the 1.x api) what functions would be nice to have?

Done. See below post for more info.

How do I get this on the Downloads page?

This doesn't have a function to create posts, but I made another version of the API that will create posts, and it works cross-domain :)
http://www.simplemachines.org/community/index.php?topic=458832.0

Sorry to bump an old thread, but I'm trying to use this API and it's working except it won't send an activation email. Has anyone encountered this issue before?

Are you certain that SMF is working properly? Does it send emails under other circumstances for example?

Quote from: emanuele on November 20, 2011, 12:30:58 PM

Quote from: andre nickatina on November 17, 2011, 11:51:20 AM
I agree completely that it would be bad news to pass $_POST data into that function. These weren't intended for user input or POST data really

If I had to use POST'd data I would typecast it before passing it into the function. If I am expecting a member id to be posted:

Code Select Expand


(int)$member_id = $_POST['test'];
smfapi_getUserData($member_id);


Yep, but the point is the same, see the second part of my example: anything that resemble a number is treated as number AND string by php.
And most likely when you POST something is the member name, not the ID. ;)
So you will have the (numeric) name treated as an ID instead of a name as it should be.

I would do something like:

Code Select Expand

function smfapi_getUserData($username='', $treat_as_id = false)
{
if (empty($username))
return false;

$user_data = array();

// we'll try id || email, then username
if (is_numeric($username) && $treat_as_id)
// number is most likely a member id
$user_data = smfapi_getUserById($username);
else
// the email can't be an int
$user_data = smfapi_getUserByEmail($username);

if (!$user_data && !$treat_as_id)
$user_data = smfapi_getUserByUsername($username);

return $user_data;
}

So if you want to pass an id you have to explicitly state so when you call the function.

And the same discussion can be valid for username and email: I can register using an email address as username (okay, most likely I would use my own email) and then you could potentially get the wrong data from that function. ;)

I agree with emanuele on this. I have a bridge system in place where usernames can be numeric with leading zeros. These were incorrectly interpreted as id and not username.