SMF 1.1.2 - Custom integration and use of smf_api.php

[Gastovski]

I have been using a custom made program to interface into SMF and provide downloads to users in specific groups on teh forum. After upgrading the forum software to 1.1.2 this doesn't work and I can't figure out without picking apart SMF. I've used smf_api.php to log users in and out and also check their member group.

How has SMF changed in the recent upgrade to "break" the user autehtication using the API?

James

[Gastovski]

no ideas?

[aaron1234nz]

I am new to SMF and was trying to get the api to authenticate users with no luck.  With a lot of digging around I found that SMF has changed from using md5 to SHA1 passwords, however the api has not been updated.

to make the smf_authenticateUser function to work you need to replace line 310 with this:
$ID_MEMBER =  sha1($smf_user_info['passwd'] . $smf_user_info['passwordSalt']) != $password || empty($smf_user_info['is_activated']) ? 0 : $smf_user_info['ID_MEMBER'];

also for the record this is the code for doing checking the user against the session
<?php
if(!require_once('smf_api.php'))
   die('Could not load the SMF API!');

smf_loadSession();      //if using database sessions

if (smf_authenticateUser()){
   echo "Authenticated";
} else {
   echo "Problem Authenticating";
}

echo "smf_user_info<br>";
print_r($smf_user_info);

?>

Note that the smf_setLoginCookie function needs fixing too.  however I did find that this hack worked:
<?php smf_setLoginCookie(500, 'username', sha1('username'.'password'), true); ?>

[Daniel15]

As far as I can tell, you're using the SMF 1.0 version of the API. Due to the change in hashing algorithm (from MD5-HMAC to salted SHA1), you'll need to use the SMF 1.1 version. I've attached the latest version I could find to the topic at http://www.simplemachines.org/community/index.php?topic=158082.