Writing a bridge - hook interface incorrect?

[Jarudin]

I figured I'd put my query here since this seems to be most related forum.

I just installed SMF 1.1.4 and everything works fine.
Now I'm trying to build a bridge, as the first step I'd like to modify the $_SESSION when I log in, but SMF is being a pain.

I made a login function that's called on the integrate_login hook. The function is indeed called when I login but I can't modify the $_SESSION. I suspect SMF cleans up the session when it logs in, this makes the hook totally pointless. How am I supposed to use this hook?

There's more. I thought the cause may be a missing integrate_validate_login hook so I wrote a function that simply always returns true. Now when I tried to log in I got the 'retry' message, return false work but I'm also logged in!

There's even more. I didn't test this for integrate_validate_login but the second argument of integrate_login, supposedly the password, is empty, it has no value (NULL).

So to sum it up, my problems are:
- I can't modify the session on login
- second argument of the login hook is empty
- returning true on validate login gives the retry message
- returning false on validate login doesn't cancel the login

Are 'you' aware of these issues and do you possible know a solution?

-------------------------

While you're reading this, I've tried looking but it's kinda hard to find any good documentation on SMF (the code isn't much help either as there is zero structure and the use of globals and global functions is horrifying, so is the lack clear function interfaces).
Are there more hooks or more ways to interface with SMF? I'm looking for functions that can add a user, add/edit/delete a topic, add/edit/delete a post. I have written these functions myself and they work but I have no idea wether I'm updating all the correct information such as post counters etc. (it's really hard to reverse engineer this by looking at the code alone).

Also, in regard to the future, will these hooks still exist in SMF2.0? If at all possible I'd like to view the code of the SMF2.0 beta because I will most likely upgrade the forum once it's out and I'd like to be prepared.

--Jarudin--

[Orstio]

Have you read this yet?

http://www.simplemachines.org/community/index.php?topic=173483.0

Modifying the session on login is futile, you are correct there.  The SMF session and cookie are set after the integrate_login hook has returned, so anything you do to the SMF session before that is erased.  Does your integration rely solely on sessions, or will it also accept cookies?

I had this problem with Xoops, actually, and I think I have a solution in using the integrate_verify_user hook as an alternative.  The hook function will check to see if a Xoops user is logged in, and then log in the appropriate SMF user.

You are also correct that the password is empty in most cases.  The only time there is a password available is on the retry event.  What happens is that SMF hashes the password with javascript and passes the hashed password in another input field instead of the plain text password.  This is all done in the browser before the form is submitted.  That way, the unhashed password is never passed beyond your own computer, so is more secure.

For some reason, your PHP is seeing true == 'retry'.  I'm not sure why that is, but in that specific case, you would be best to return either false or 'retry' for the integrate_validate_login hook.

I think you are confused about the nature of the integrate_validate_login hook.  It is not there for the same purpose as the integrate_login hook.

These hooks, and a few more, will be in SMF 2.0.

[Jarudin]

Yes, I have read the integration topic.

I will try fidling with cookies.

Thanks,

Edit: Using hxxp:nl.php.net/manual/en/function.setcookie.php [nonactive] works, using $_COOKIE or $HTTP_COOKIE_VARS does not work for me.
Edit2: Is the hook also called when SMF recovers a login from a cookie?

--Jarudin--

[Orstio]

Edit2: Is the hook also called when SMF recovers a login from a cookie?

No.  Only on the event of logging in.