News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

A new tool is available for download. (smf_api.php)

Started by [Unknown], September 12, 2004, 07:39:35 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4
User actions

Shedman

#20
January 12, 2005, 03:53:09 AM Last Edit: January 12, 2005, 03:57:55 AM by Shedman
Quote from: [Unknown] on January 11, 2005, 07:33:58 PM
[...]

Make sure:
- you're using smf_loadSession().
- you've got "subdomain independent cookies" enabled and "local cookies" disabled.
- the cookie is being sent properly.

-[Unknown]

To login to SMF I use:
Step 1: smf_setLoginCookie( 10000000000, $_SESSION[ 'userid' ], $password, false ) )
Step 2: smf_authenticateUser();
Step 3: smf_loadSession();

Subdomain independent cookies are on, local cookies are off.

The cookie seems to be set properly, but still it doesn't work most of the time ...
Somehow it looks like the session isn't loaded properly, but that could be because the user isn't authenticated properly?
If you can't join 'em, beat 'em ...

[Unknown]

#21
January 12, 2005, 04:31:19 AM
Hmm... try loadSession before authenticateUser?

-[Unknown]

Shedman

#22
January 12, 2005, 10:38:59 AM
Nope, no luck with that either :(
If you can't join 'em, beat 'em ...

Shedman

#23
January 14, 2005, 02:59:40 AM
Just upgraded to 1.0.1. Problem solved :)
If you can't join 'em, beat 'em ...

Shedman

#24
January 17, 2005, 04:14:33 AM
Hmmm ... it seems my conclusion was too soon. Had some complaints about loggin on in my e-mail this morning.

So upgraded to the last version of the api and started testing again. Somehow smf_AuthenticateUser is not processed correctly. It should return true or false, but I don't get any feedback (which probably signals it to be false ...)
If you can't join 'em, beat 'em ...

[Unknown]

#25
January 17, 2005, 05:55:10 AM
Try this with error_reporting at E_ALL:

Code Select
function smf_authenticateUser()
{
global $smf_connection, $smf_settings, $smf_user_info;

// No connection, no authentication!
if (!$smf_connection)
{
trigger_error('No database connection', E_USER_WARNING);
return false;
}

// Check first the cookie, then the session.
if (isset($_COOKIE[$smf_settings['cookiename']]))
{
$_COOKIE[$smf_settings['cookiename']] = stripslashes($_COOKIE[$smf_settings['cookiename']]);

// Fix a security hole in PHP 4.3.9 and below...
if (preg_match('~^a:3:\{i:0;(i:\d{1,6}|s:[1-6]:"\d{1,6}");i:1;s:(0|32):"([a-fA-F0-9]{32})?";i:2;i:\d{1,12};\}$~', $_COOKIE[$smf_settings['cookiename']]) == 1)
{
list ($ID_MEMBER, $password) = @unserialize($_COOKIE[$smf_settings['cookiename']]);
$ID_MEMBER = !empty($ID_MEMBER) ? (int) $ID_MEMBER : 0;
}
else
{
$ID_MEMBER = 0;
trigger_error('Invalid cookie', E_USER_WARNING);
}
}
elseif (isset($_SESSION['login_' . $smf_settings['cookiename']]))
{
list ($ID_MEMBER, $password, $login_span) = @unserialize(stripslashes($_SESSION['login_' . $smf_settings['cookiename']]));
$ID_MEMBER = !empty($ID_MEMBER) && $login_span > time() ? (int) $ID_MEMBER : 0;
}
else
{
trigger_error('No cookie found', E_USER_NOTICE);
$ID_MEMBER = 0;
}

// Don't even bother if they have no authentication data.
if (!empty($ID_MEMBER))
{
$request = smf_query("
SELECT *
FROM $smf_settings[db_prefix]members
WHERE ID_MEMBER = $ID_MEMBER
LIMIT 1", __FILE__, __LINE__);
// Did we find 'im?  If not, junk it.
if (mysql_num_rows($request) != 0)
{
// The base settings array.
$smf_user_info = mysql_fetch_assoc($request);

// Wrong password or not activated - either way, you're going nowhere.
$ID_MEMBER = smf_md5_hmac($smf_user_info['passwd'], 'ys') != $password || $smf_user_info['is_activated'] != 1 ? 0 : $smf_user_info['ID_MEMBER'];

if (empty($ID_MEMBER))
trigger_error('Password incorrect', E_USER_WARNING);
}
else
{
$ID_MEMBER = 0;
trigger_error('Member not found', E_USER_WARNING);
}
mysql_free_result($request);
}

if (empty($ID_MEMBER))
$smf_user_info = array('groups' => array(-1));
else
{
if (empty($smf_user_info['additionalGroups']))
$smf_user_info['groups'] = array($smf_user_info['ID_GROUP'], $smf_user_info['ID_POST_GROUP']);
else
$smf_user_info['groups'] = array_merge(
array($smf_user_info['ID_GROUP'], $smf_user_info['ID_POST_GROUP']),
explode(',', $smf_user_info['additionalGroups'])
);
}

// A few things to make life easier...
$smf_user_info['id'] = &$smf_user_info['ID_MEMBER'];
$smf_user_info['username'] = &$smf_user_info['memberName'];
$smf_user_info['name'] = &$smf_user_info['realName'];
$smf_user_info['email'] = &$smf_user_info['emailAddress'];
$smf_user_info['messages'] = &$smf_user_info['instantMessages'];
$smf_user_info['unread_messages'] = &$smf_user_info['unreadMessages'];
$smf_user_info['language'] = empty($smf_user_info['lngfile']) || empty($smf_settings['userLanguage']) ? $smf_settings['language'] : $smf_user_info['lngfile'];
$smf_user_info['is_guest'] = $ID_MEMBER == 0;
$smf_user_info['is_admin'] = in_array(1, $smf_user_info['groups']);

// This might be set to "forum default"...
if (empty($smf_user_info['timeFormat']))
$smf_user_info['timeFormat'] = $smf_settings['time_format'];

return !$smf_user_info['is_guest'];
}

It should generate notices and warnings.

-[Unknown]

Shedman

#26
January 17, 2005, 06:12:43 AM
Tried that: no errors ???
If you can't join 'em, beat 'em ...

[Unknown]

#27
January 17, 2005, 06:26:13 AM
Okay, let's try this.  Are you certain you've got E_ALL, with notices though?  Just in case that's it... this one's gonna be much more verbose, though.

Code Select
function smf_authenticateUser()
{
global $smf_connection, $smf_settings, $smf_user_info;

// No connection, no authentication!
if (!$smf_connection)
{
trigger_error('No database connection', E_USER_WARNING);
return false;
}

// Check first the cookie, then the session.
if (isset($_COOKIE[$smf_settings['cookiename']]))
{
$_COOKIE[$smf_settings['cookiename']] = stripslashes($_COOKIE[$smf_settings['cookiename']]);

// Fix a security hole in PHP 4.3.9 and below...
if (preg_match('~^a:3:\{i:0;(i:\d{1,6}|s:[1-6]:"\d{1,6}");i:1;s:(0|32):"([a-fA-F0-9]{32})?";i:2;i:\d{1,12};\}$~', $_COOKIE[$smf_settings['cookiename']]) == 1)
{
list ($ID_MEMBER, $password) = @unserialize($_COOKIE[$smf_settings['cookiename']]);
$ID_MEMBER = !empty($ID_MEMBER) ? (int) $ID_MEMBER : 0;
trigger_error('Cookie indicates ID_MEMBER of ' . $ID_MEMBER, E_USER_NOTICE);
}
else
{
$ID_MEMBER = 0;
trigger_error('Invalid cookie', E_USER_WARNING);
}
}
elseif (isset($_SESSION['login_' . $smf_settings['cookiename']]))
{
list ($ID_MEMBER, $password, $login_span) = @unserialize(stripslashes($_SESSION['login_' . $smf_settings['cookiename']]));
$ID_MEMBER = !empty($ID_MEMBER) && $login_span > time() ? (int) $ID_MEMBER : 0;
trigger_error('Session indicates ID_MEMBER of ' . $ID_MEMBER, E_USER_NOTICE);
}
else
{
trigger_error('No cookie found', E_USER_NOTICE);
$ID_MEMBER = 0;
}

// Don't even bother if they have no authentication data.
if (!empty($ID_MEMBER))
{
$request = smf_query("
SELECT *
FROM $smf_settings[db_prefix]members
WHERE ID_MEMBER = $ID_MEMBER
LIMIT 1", __FILE__, __LINE__);
// Did we find 'im?  If not, junk it.
if (mysql_num_rows($request) != 0)
{
// The base settings array.
$smf_user_info = mysql_fetch_assoc($request);

// Wrong password or not activated - either way, you're going nowhere.
$ID_MEMBER = smf_md5_hmac($smf_user_info['passwd'], 'ys') != $password || $smf_user_info['is_activated'] != 1 ? 0 : $smf_user_info['ID_MEMBER'];

if (empty($ID_MEMBER))
trigger_error('Password incorrect', E_USER_WARNING);
else
trigger_error('Correct password', E_USER_NOTICE);
}
else
{
$ID_MEMBER = 0;
trigger_error('Member not found', E_USER_WARNING);
}
mysql_free_result($request);
}

if (empty($ID_MEMBER))
$smf_user_info = array('groups' => array(-1));
else
{
if (empty($smf_user_info['additionalGroups']))
$smf_user_info['groups'] = array($smf_user_info['ID_GROUP'], $smf_user_info['ID_POST_GROUP']);
else
$smf_user_info['groups'] = array_merge(
array($smf_user_info['ID_GROUP'], $smf_user_info['ID_POST_GROUP']),
explode(',', $smf_user_info['additionalGroups'])
);
}

// A few things to make life easier...
$smf_user_info['id'] = &$smf_user_info['ID_MEMBER'];
$smf_user_info['username'] = &$smf_user_info['memberName'];
$smf_user_info['name'] = &$smf_user_info['realName'];
$smf_user_info['email'] = &$smf_user_info['emailAddress'];
$smf_user_info['messages'] = &$smf_user_info['instantMessages'];
$smf_user_info['unread_messages'] = &$smf_user_info['unreadMessages'];
$smf_user_info['language'] = empty($smf_user_info['lngfile']) || empty($smf_settings['userLanguage']) ? $smf_settings['language'] : $smf_user_info['lngfile'];
$smf_user_info['is_guest'] = $ID_MEMBER == 0;
$smf_user_info['is_admin'] = in_array(1, $smf_user_info['groups']);

// This might be set to "forum default"...
if (empty($smf_user_info['timeFormat']))
$smf_user_info['timeFormat'] = $smf_settings['time_format'];

return !$smf_user_info['is_guest'];
}

This should definitely generate something no matter what.

-[Unknown]

Shedman

#28
January 17, 2005, 07:33:23 AM
Hmmm ... something weird going on with Apache/PHP, but with error reporting turned on at runtime I get:

Warning: Cannot modify header information - headers already sent by (output started at /home/webuser/htdocs/syn-3.datux.nl/inloggen.php:17) in /home/webuser/htdocs/syn-3.datux.nl/forum/smf_api.php on line 258

Warning: Invalid cookie in /home/webuser/htdocs/syn-3.datux.nl/forum/smf_api.php on line 378

So sth is wrong with the cookie ...
If you can't join 'em, beat 'em ...

[Unknown]

#29
January 17, 2005, 07:38:04 AM
Make sure you turn on output buffering before calling smf_api.php functions after output... e.g.:

ob_start();

Hmm... maybe...

print_r($_COOKIE[$GLOBALS['smf_settings']['cookiename']]);

-[Unknown]

Shedman

#30
January 17, 2005, 07:45:57 AM
Placed ob_start(); at the top of smf_api.php, which solves the first problem.

Output of the print_r is:
a:3:{i:0;i:1;i:1;s:32:"d6effa00e8531fc6344725bc87184c1b";i:2;d:11105965895;}
If you can't join 'em, beat 'em ...

[Unknown]

#31
January 17, 2005, 07:57:51 AM
echo preg_match('~^a:3:\{i:0;(i:\d{1,6}|s:[1-6]:"\d{1,6}");i:1;s:(0|32):"([a-fA-F0-9]{32})?";i:2;i:\d{1,12};\}$~', $_COOKIE[$GLOBALS['smf_settings']['cookiename']]);

-[Unknown]

Shedman

#32
January 17, 2005, 08:00:01 AM
Output: 0
If you can't join 'em, beat 'em ...

[Unknown]

#33
January 17, 2005, 08:18:09 AM
Quote from: [Unknown] on January 17, 2005, 07:57:51 AM
echo preg_match('~^a:3:\{i:0;(i:\d{1,6}|s:[1-6]:"\d{1,6}");i:1;s:(0|32):"([a-fA-F0-9]{32})?";i:2;i:\d{1,12};\}$~', $_COOKIE[$GLOBALS['smf_settings']['cookiename']]);

-[Unknown]

I don't get that.  Wait, I see it.  d.

smf_setLoginCookie( 10000000000, $_SESSION[ 'userid' ], $password, false ) )

That number is too high.  I'll fix it in 1.1 so it's okay, though.

-[Unknown]

Shedman

#34
January 17, 2005, 08:30:01 AM Last Edit: January 17, 2005, 08:41:28 AM by Shedman
So how do I set it to 'forever'? 0?
If you can't join 'em, beat 'em ...

[Unknown]

#35
January 17, 2005, 09:14:32 AM
3153600.

-[Unknown]

Shedman

#36
January 17, 2005, 09:16:03 AM
Is that simply the maximum value or really forever?
If you can't join 'em, beat 'em ...

[Unknown]

#37
January 17, 2005, 09:20:06 AM
It's about 6 years.

-[Unknown]

Shedman

#38
January 17, 2005, 09:22:04 AM
That should be long enouogh :D

Thanks for the help...
If you can't join 'em, beat 'em ...

JRSofty

#39
January 18, 2005, 11:02:34 AM
I am starting to test it out right now and see if I like it better than the SSI.php file. Eventually I want to intergrate SMF with my own CMS that I am building and so I think this might be the tool I'm looking for. However I'm wondering if what you mean by it may be available under alternate licensing?
Rebooting the SMF AI Bot see Project link below for details

http://jrsofty1.stinkbugonline.com
http://www.galahtech.org

SMF Bot Project
Print
Go Up Pages 1 2 3 4
User actions
Advertisement: