smf_api.php usage

[ms_ukyankee]

I haven't added form validation yet, and this is working on a basic php page, but am I doing anything stupid here:

Code Select Expand

require ("/home/path/to/smf_api.php");

   $both = @unserialize(stripslashes($_COOKIE[$smf_settings['cookiename']]));
   $userid = $both[0];
   $userpassword = addslashes($both[1]);

function api_loginForm()
{
echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post">
<table border="0" cellspacing="1" cellpadding="0">
<tr>
<td align="right"><label for="user">User:</label>&nbsp;</td>
<td><input type="text" id="user" name="user" size="9" value="" /></td>
</tr><tr>
<td align="right"><label for="passwrd">Pass:</label>&nbsp;</td>
<td><input type="password" name="passwrd" id="passwrd" size="9" /></td>
</tr><tr>
<td><input type="hidden" name="log" value="in" /></td>
<td><input type="hidden" name="length" value="3600" /></td>
<td align="left"><input type="submit" value="Login" /></td>
</tr>
</table>
</form>';
}

if ($_GET['log'] == 'out'){
smf_setLoginCookie(-3600, $userid, $userpassword);
}

elseif ($_POST['log'] =='in'){
$user = addslashes($user);
smf_setLoginCookie($length, $user, $passwrd, false);
smf_authenticateUser();
smf_loadSession();
}

else {
smf_authenticateUser();
}


if ($smf_user_info['name']=='') $ukyuser="Guest";
else $ukyuser = $smf_user_info['name'];
smf_logOnline('cookbook');


Also, how can I redirect to an url without the logout query string appearing, or using a meta refresh (an example would be sweet, or link to example)?

Thanks.

[[Unknown]]

You might want to load the session even if they didn't just log in .

Without the logout query string appearing?

-[Unknown]

[ms_ukyankee]

Forgive my stupidity here, shouldn't the cookie also be set each time the page loads?

Without the logout query string appearing?

When you logout of smf, the url is index?action=logout;sesc=xxxx, but instead of ending up with that in the address bar when you have logged out, you have index.php. I know this is done with redirectexit() and I have looked at that in LogInOut, but not sure how to do this outside of smf, .....

php manual has this:

Code Select Expand

header("Location: http://" . $_SERVER['HTTP_HOST']
                     . dirname($_SERVER['PHP_SELF'])
                     . "/" . $relative_url);

Will that remove the query string, how can I strip off the action=logout from the url to redirect to, I want them to remain on the same page when they logout? It's not a big deal, would just be nice.

Thanks.

[ms_ukyankee]

Ne'er mind on the redirect, I figured it out. Question on the cookie still stands though.

[[Unknown]]

Forgive my stupidity here, shouldn't the cookie also be set each time the page loads?

Hmm... why?  Once should be enough... if it's set, it's set.

-[Unknown]

[ms_ukyankee]

Okay, I didn't know.

Attached example file. Thanks for your help.

[scottnath]

Hi,

I've tried downloading your script here and it didn't work for me. Is this login functional as is? I have the proper path to smf_api btw and the script is just giving me a 'login failed' for sign-ins which I know are correct.

The reason I'm asking is that I have an existing database/site login and I'm trying to figure out how to have my members login anywhere in the site (not just on smf) and it logs them in not only t our site, but to smf as well. Been at it all day...baffled.

Thanks anyone for any help here,
Scott

[[Unknown]]

Do you have subdomain independent cookies on?

Have you looked at this topic?

http://www.simplemachines.org/community/index.php?topic=16572.0

-[Unknown]

[scottnath]

Thanks for the response.

I do have ind. cookies turned on and I did read that topic.

I did a clean install of smf_api and the script found on this page. The login now works, but it's not actually logging me in to the board.

For instance, I use the basic login form and then it says I'm logged in on the simple script page as my username. When I go to the board (same browser, different tab - Firefox), then it says that username is logged in, but it still shows the login form at the top. Also, it appears it's not writing the "SMFCookie10" cookie.

Any suggestions?

Thanks for any help,
Scott

[[Unknown]]

What are you using for the setLoginCookie() call?

-[Unknown]

[scottnath]

The one which was in the file:

smf_setLoginCookie($cookie_length, $user, $passwrd, false);

I did figure out a way to make this work, but I don't know why it wasn't.

In smf_api.php, around line 260, below these three lines:

setcookie($smf_settings['cookiename'], $data, time() + $cookie_length, $parsed_url['path'] . '/', $parsed_url['host'], 0);
   $_COOKIE[$smf_settings['cookiename']] = $data;
   $_SESSION['login_' . $smf_settings['cookiename']] = $data;
   

I added these lines:

setcookie($smf_settings['cookiename'], "$data", NULL, '/', 'MyDomain.org');
      if ($_GET['log'] == 'out'){
      setcookie($smf_settings['cookiename'], "", time()-300, '/', 'MyDomain.org');
      }

This set the cookie right and made it so I could log in and out of the board using the file "smf_loginlogout.php" that this topic is about. Obviously, I'm having some sort of problem with the "$parsed_url['path'] . '/', $parsed_url['host'], 0);" part of the original cookie maker. I don't know what though.

[[Unknown]]

That makes it sound like you either have local cookies on or you don't have global (subdomain independent) cookies on.

-[Unknown]

[scottnath]

nope.

Use subdomain independent cookies - checked
Enable local storage of cookies - unchecked