smf 2.0 api

[emanuele]

You did a great work here andre!

I have a doubt about the smfapi_getUserData function: I feel that there are situations where this function could not retrieve the data it should, for example if a user uses as name a number and this number is by chance the id on another user (I admit I haven't done any test yet) then this user is taken instead of the intended one.
Additionally, always related to that function, I was thinking would be worth extending it to retrieve the data of more than one member at a time? And maybe save the data in an array like $user_data[id_user] so that if the function is called more than once in the same script for the same user the data can be sort of cached?

[Andre N]

Thanks

smfapi_getUserData() really just calls getUserById, getUserByEmail or getUserByUsername
if the variable passed to it is numeric, it will go to getUserById first and if it is not an int it will return false. If it's not numeric, it will try getUserByEmail since an email address can't be numeric anyways. Then if neither of those had a result it will try the variable as a username with getUserByUsername.

If you had a member A with id 233423 and another member B with username 233423, you should get A's info by passing id 233423 as an int to getUserData, and you'd get B's info by passing username 233423 as a string into getUserData.

That's the theory anyways, and I could be wrong

[emanuele]

Yep, but (/me is a "but man" ) the difference is rather thin.

Code Select Expand

echo '<form method="post" action="">
<input name="test" type="text" />
<input type="submit" />
</form>';

echo "POST is:<br />";
if (isset($_POST['test']))
{
if(is_string($_POST['test']))
echo "is string<br />";
if(is_numeric($_POST['test']))
echo "is number<br />";
}

echo "<br />a variable is:<br />";
$a = '1';
$a = (string) $a;
if(is_string($a))
echo "is string<br />";
if(is_numeric($a))
echo "is number<br />";

On my (xampp) test server, those evaluate all to both number and string.

[Andre N]

I agree completely that it would be bad news to pass $_POST data into that function. These weren't intended for user input or POST data really

If I had to use POST'd data I would typecast it before passing it into the function. If I am expecting a member id to be posted:

Code Select Expand


(int)$member_id = $_POST['test'];
smfapi_getUserData($member_id);


[TeHLiqE]

I need login example smfapi_authenticate. Can anyone write simple example..
I use this code.

Code Select Expand

<html>
<body>
<form action="" method="POST">
<input type="text" name="1" />
<input type="text" name="2" />
<input type="submit" value="tamam girdim" />
</form>
</body>
</html>
<?
include("C:\\xampp\\htdocs\\forum\\smf_2_api.php");
$user=$_POST["1"];
$pass=$_POST["2"];
$y=smfapi_authenticate($username='$user', $password='$pass', $encrypted=true);
if($y==TRUE)
{
    echo "OK";
}
else
{
    echo "Not OK";
}

?>       
But return is not return..

[emanuele]

I agree completely that it would be bad news to pass $_POST data into that function. These weren't intended for user input or POST data really

If I had to use POST'd data I would typecast it before passing it into the function. If I am expecting a member id to be posted:

Code Select Expand


(int)$member_id = $_POST['test'];
smfapi_getUserData($member_id);


Yep, but the point is the same, see the second part of my example: anything that resemble a number is treated as number AND string by php.
And most likely when you POST something is the member name, not the ID.
So you will have the (numeric) name treated as an ID instead of a name as it should be.

I would do something like:

Code Select Expand

function smfapi_getUserData($username='', $treat_as_id = false)
{
if (empty($username))
return false;

$user_data = array();

// we'll try id || email, then username
if (is_numeric($username) && $treat_as_id)
// number is most likely a member id
$user_data = smfapi_getUserById($username);
else
// the email can't be an int
$user_data = smfapi_getUserByEmail($username);

if (!$user_data && !$treat_as_id)
$user_data = smfapi_getUserByUsername($username);

return $user_data;
}

So if you want to pass an id you have to explicitly state so when you call the function.

And the same discussion can be valid for username and email: I can register using an email address as username (okay, most likely I would use my own email) and then you could potentially get the wrong data from that function.


TeHLiqE I think you should use:

Code Select Expand


$y=smfapi_authenticate($user, $pass, false);


[dan000]

Hi, Im really new to this so please bare with me:
I downloaded smf_2_api.php I know I have to upload it to my server, do I have to configure anything in that file?in which file do I put the require once code?
Thanks

[Andre N]

Hi, Im really new to this so please bare with me:
I downloaded smf_2_api.php I know I have to upload it to my server, do I have to configure anything in that file?in which file do I put the require once code?
Thanks

Open it and manually add the path to your Settings.php file. If you don't, it will try to find it for you but on some servers that don't have enough memory, or have too many files it will exhaust the memory and fail.

Put the require_once code wherever you want to use the functions in the API. Probably in your website somewhere outside of SMF

[dan000]

Thank you!

[shrutisengupta]

Hi....great work...I downloaded api file ...set the require_once option...in a test file I tried the smfapi_login() function..I doesn't show any error but doesn't work either...where could i get wrong? Thanx for help in advance...

[Kindred]

You have to be more specific than "it doesn't work"

HOW does it not work?
do it not display at all?
does it display, but not log in when you click login?

Also, you setup is important to list...  are you trying this additional file in the same subdomain and directory as SMF itself?

[Andre N]

Hi....great work...I downloaded api file ...set the require_once option...in a test file I tried the smfapi_login() function..I doesn't show any error but doesn't work either...where could i get wrong? Thanx for help in advance...

Did you pass a valid username, email or member id into the login function?

Code Select Expand


smfapi_login($email);


Is your SMF cookie visible from the location of the API? Make sure the path of your SMF cookie is set on '/' (subdomain independent cookies on in admin config).

Check those things first and let me know

[shrutisengupta]

hey thanks....working great now.....really nice work i must say.... 

[shrutisengupta]

one more problem...my session variables get reset once I use the api login function ....any solutions?

[Andre N]

Code Select Expand


$data = $_SESSION;

smfapi_login($user);

$_SESSION = $data;


you could do that if there's something you need to preserve

[Rioshi]

Thank you for the great work, andre

Question:
How to check whether the user is currently logged in on the forum or not?
Need something like:

Code Select Expand


<?php
if (!logged_in) {die();}
// rest of the page here
?>


[Meriadoc]

Thank you for the great work, andre

Question:
How to check whether the user is currently logged in on the forum or not?
Need something like:

Code Select Expand


<?php
if (!logged_in) {die();}
// rest of the page here
?>


I can't quite recall, been so long since I was deep in the code, but I know you can at least use $user_info['is_guest'] for that. Maybe there's a good function, but I believe that works fine. It's boolean, 1 if true (guest / logged out) and not set/false/null whatever if logged in (you should then have a username you could verify then too)

[Rioshi]

Thaks for reply.

Now, on the basis of the foregoing, the question arises: Is this safe to do something like that?

Code Select Expand


<?php
require_once('smf_2_api.php');

if (isset($_COOKIE[$cookiename]))
{
$smfcook = @unserialize(stripslashes($_COOKIE[$cookiename]));
smfapi_loadUserSettings($smfcook[0]); // loads settings for user id, whitch taken from smf cookie
if (!$user_info['is_guest']) { $user = $user_info['username']; }
else { $user = 'guest'; }
}
else { $user = 'guest'; }

// here we take permissions for given $user from separate site database
// and give him appropriate controls in the rest of this page
?>

May be it will make sense if I start an additional session there to secure the forms and other controls on the page?

I'm sorry for maybe a bit stupid questions. I don't have enough experience in that

[Andre N]

You could do that, but there is no reason to as the function smfapi_loadUserSettings() is executed when the script is loaded and does that for you.
You don't need to call the function explicitly, or pass a variable into it unless you have special need to.

Code Select Expand


require_once($_SERVER['DOCUMENT_ROOT'] . '/path/to/smf_2_api.php');

global $user_info;

if ($user_info['is_guest']) {
    //do something here for guests
} else {
    //do something here for members
}


as for the session, start your other session first and the api will leave it alone

[gotnew]

This is really nice.

How do I use this api to create topic, add reply, etc?

I'm writing an api for 2.0, because I can't find one anywhere. It doesn't seem too difficult; I basically took the SSI and stripped out the functions to write my own. Besides the obvious ones (login, logout, register, and the others from the 1.x api) what functions would be nice to have?

Done. See below post for more info.

How do I get this on the Downloads page?