New tools to help integrating SMF with something else

Started by Andre N, September 19, 2011, 01:35:36 PM

Previous topic - Next topic

Kindred

it may have been one spot where the API author neglected to update from the older 1.1 API
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Nic_G

Well I don't get it.

The API I downloaded from SMF website is 1.1. There is nothing more recent I think.

And the whole API 1.1 is with Camel case. So it fails at every hurdle of course.

Has nobody rewritten the API to make it work with Camel? It would be a shame to do it again, right?

Thanks.

Illori

are you not using the attachments to the first post in this topic?

Nic_G

Congrats! You found the issue.

I can't believe it. I was downloading the API from the main SMF website. That was the most natural place for me to look for it: http://download.simplemachines.org/?tools

I certainly saw the mention of attachments but as I had already downloaded the latest file from the download/tools section...

So again two suggestions:

1) Edit the initial post (if possible) to make it more readable (I think the explanation of API vs Hook is very nice but lacks a "however" or in contrast in between. I would also use some bold characters to make sections clearer).

2) can someone tell the right person to upload the latest API file on the tools page? Or point me to that person?

Thanks again! You saved my day!

Kindred

well, that post should actually be unstickied, since the content is more clearly listed in the wiki/manual now
http://wiki.simplemachines.org/smf/SMF_API

as for adding it to the tools...   since this API was not written by and is not supported by the SMF team - we can't very well have it on our tools menu.
I do understand your confusion though...
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Nic_G

You are right. There is this wiki page too which is very similar to the post.

I don't understand the logics regarding the tools section. I very well understand if they don't support it, but then they should not show any (outdated) version then. If they don't want to add API 2.0 then at least they should get rid of the other ones too.


Kindred

Ah, but you see...  that is the problem when we support multiple versions of the software

the API v1.1 is for use with SMF 1.1.x

API v2.0 is for use with SMF 2.0.x

neither one will work with the other version...  there are several reasons... for one - the change from camelCase to underscore variable and database table names.

So, the 1.1 version is still useful for people who continue to use SMF v1.1.x (despite many warnings about it being at end of life)
once 1.1.x officially goes dead, the 1.1 API will be moved to the archive page
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Nic_G

OK. I see. You are right.

Because of all my issues. I had figured out that the API number (version number) was not related to the SMF number (version number). It turned out to be wrong. API 1.1 is for SMF 1.1.

OK. Many thanks! Very much appreciated.

Nic_G

I am about to use the smfapi_updateMemberData() function but I am not sure about the comment saying that data must be html_special_chared...

Isn't it rather mysql_real_escape_string()? Because the data is going to be sent via SQL? Or am I missing something?



* Update member data
*
* Update member data such as 'passwd' (hash), 'email_address', 'is_activated'
* 'password_salt', 'member_name' or any other user info in the db
*
* @param  int $member member id (will also work with string username or email)
* @param  associative array $data the data to be updated (htmlspecialchar'd)
* @return bool whether update was successful or not
* @since  0.1.0
*/
function smfapi_updateMemberData($member='', $data='')

Nic_G

Well it seems that the info is stored htmlspecialchared in the database and no need to preformat the data when using the API update function...

norristh

#210
Since updating SMF to 2.0.14, at least two places I'm using the API no longer seem to work.  I haven't yet done thorough testing, or tried to debug exactly what's happening.  I assume the change in accessing MySQL has broken the API, but I don't know how badly, or how hard it'll be to fix...

Is anyone else experiencing problems?  Is there any discussion elsewhere that I missed in trying to search for solutions?

ETA: I'm using PHP7, which was a big motivation for upgrading SMF.

Kindred

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

MrManager

Is this still being maintained?

I just had a look through the source code and I think there may be a major bug in the smfapi_loadUserSettings() function. It seems to read the user ID and password from the SMF cookie (just like the normal loadUserSettings() from SMF) but it is missing the part where that password is actually checked! So I think it would be possible to impersonate any user, simply by editing the user ID in the cookie.

Or am I understanding something wrong here?

Kindred

I do not believe that the password is stored in the cookie anyway...
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

MrManager

I'm pretty sure it is!

Here are the lines from Load.php:

if (empty($id_member) && isset($_COOKIE[$cookiename]))
{
// Fix a security hole in PHP 4.3.9 and below...
if (preg_match('~^a:[34]:\{i:0;(i:\d{1,6}|s:[1-8]:"\d{1,8}");i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\d{1,14};(i:3;i:\d;)?\}$~i', $_COOKIE[$cookiename]) == 1)
{
list ($id_member, $password) = safe_unserialize($_COOKIE[$cookiename]);
$id_member = !empty($id_member) && strlen($password) > 0 ? (int) $id_member : 0;
}
else
$id_member = 0;
}


And then later:

// As much as the password should be right, we can assume the integration set things up.
if (!empty($already_verified) && $already_verified === true)
$check = true;
// SHA-1 passwords should be 40 characters long.
elseif (strlen($password) == 40)
$check = sha1($user_settings['passwd'] . $user_settings['password_salt']) == $password;
else
$check = false;

// Wrong password or not activated - either way, you're going nowhere.
$id_member = $check && ($user_settings['is_activated'] == 1 || $user_settings['is_activated'] == 11) ? $user_settings['id_member'] : 0;

refx

Quote from: nearlyepic on March 03, 2015, 11:04:11 PM
Hi, I seem to be having the same problem that BigOHenry was having. Even a simple bit of code, such as:
...


Notice: Undefined variable: cookieData in /var/www/smfapi/smf_2_api.php on line 1909


It appears that it only happens when I am logged out from SMF.

I don't know and don't have time to search the real cause of the problem, but I make the script silent by patching it:
(change the line 1909)

$success=false;
if (isset($cookieData)) $success = funserialize($cookieData, $unserializedData);

it works perfectly if a search engine comes and check your page without SMF login. No warnings produced anymore.

pablitoclavito

Very good information, although I'm a bit confused with the code but I'll solve it, thank you very much. :)

MamaTea

Hey there!  I have been through this entire topic and I have not seen anything on this-

I would just like to know if anyone has already made something which will show only the replies to a topic on a different page outside of the forum. (same domain)

I am pretty new to coding so learning and challenge is a good thing for me, it is time that's never on my side when it comes to teaching this stuff to myself.

I have the API text and have gone through about half of it.  It seems like what I want to do should be pretty simple- it is just that weeding through all of the information I do not need and applying what I do need in the right manner seems as though it will be time consuming.


That is why I am here.  ;D

Your code is certainly welcome.
If you haven't coded this already though have a helpful hint right at the edge of your sleeve, I would sure appreciate it!



Thanks!

Kindred



hmmm.... to get the original post from a board with the number of replies listed, you can use SSI.

e.g.
ssi_boardNews($board = 5.0, $limit = 5, $start = null, $length = 250, $output_method = 'echo');
https://wiki.simplemachines.org/smf/SSI_FAQ_Advanced



However, I've never seen a request to just pull the replies to a thread for display...   so - no, afaik, it's never been specifically coded.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

MamaTea

Quote from: Kindred on June 18, 2018, 09:04:17 AM


hmmm.... to get the original post from a board with the number of replies listed, you can use SSI.

e.g.
ssi_boardNews($board = 5.0, $limit = 5, $start = null, $length = 250, $output_method = 'echo');
https://wiki.simplemachines.org/smf/SSI_FAQ_Advanced





However, I've never seen a request to just pull the replies to a thread for display...   so - no, afaik, it's never been specifically coded.




Thanks Kindred!

I was sort of thinking that might be the case.  I appreciate it.

Advertisement: