Advertisement:

Author Topic: New tools to help integrating SMF with something else  (Read 201823 times)

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 54,686
  • Gender: Male
    • Kindred-999 on GitHub
Re: New tools to help integrating SMF with something else
« Reply #200 on: January 15, 2016, 09:20:06 AM »
it may have been one spot where the API author neglected to update from the older 1.1 API
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Nic_G

  • Semi-Newbie
  • *
  • Posts: 16
Re: New tools to help integrating SMF with something else
« Reply #201 on: January 15, 2016, 12:19:07 PM »
Well I don't get it.

The API I downloaded from SMF website is 1.1. There is nothing more recent I think.

And the whole API 1.1 is with Camel case. So it fails at every hurdle of course.

Has nobody rewritten the API to make it work with Camel? It would be a shame to do it again, right?

Thanks.

Offline Illori

  • Project Manager
  • SMF Master
  • *
  • Posts: 47,168
Re: New tools to help integrating SMF with something else
« Reply #202 on: January 15, 2016, 12:22:29 PM »
are you not using the attachments to the first post in this topic?

Offline Nic_G

  • Semi-Newbie
  • *
  • Posts: 16
Re: New tools to help integrating SMF with something else
« Reply #203 on: January 15, 2016, 12:40:09 PM »
Congrats! You found the issue.

I can't believe it. I was downloading the API from the main SMF website. That was the most natural place for me to look for it: http://download.simplemachines.org/?tools

I certainly saw the mention of attachments but as I had already downloaded the latest file from the download/tools section...

So again two suggestions:

1) Edit the initial post (if possible) to make it more readable (I think the explanation of API vs Hook is very nice but lacks a "however" or in contrast in between. I would also use some bold characters to make sections clearer).

2) can someone tell the right person to upload the latest API file on the tools page? Or point me to that person?

Thanks again! You saved my day!

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 54,686
  • Gender: Male
    • Kindred-999 on GitHub
Re: New tools to help integrating SMF with something else
« Reply #204 on: January 15, 2016, 01:19:24 PM »
well, that post should actually be unstickied, since the content is more clearly listed in the wiki/manual now
http://wiki.simplemachines.org/smf/SMF_API

as for adding it to the tools...   since this API was not written by and is not supported by the SMF team - we can't very well have it on our tools menu.
I do understand your confusion though...
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Nic_G

  • Semi-Newbie
  • *
  • Posts: 16
Re: New tools to help integrating SMF with something else
« Reply #205 on: January 15, 2016, 01:37:09 PM »
You are right. There is this wiki page too which is very similar to the post.

I don't understand the logics regarding the tools section. I very well understand if they don't support it, but then they should not show any (outdated) version then. If they don't want to add API 2.0 then at least they should get rid of the other ones too.


Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 54,686
  • Gender: Male
    • Kindred-999 on GitHub
Re: New tools to help integrating SMF with something else
« Reply #206 on: January 15, 2016, 01:43:54 PM »
Ah, but you see...  that is the problem when we support multiple versions of the software

the API v1.1 is for use with SMF 1.1.x

API v2.0 is for use with SMF 2.0.x

neither one will work with the other version...  there are several reasons... for one - the change from camelCase to underscore variable and database table names.

So, the 1.1 version is still useful for people who continue to use SMF v1.1.x (despite many warnings about it being at end of life)
once 1.1.x officially goes dead, the 1.1 API will be moved to the archive page
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Nic_G

  • Semi-Newbie
  • *
  • Posts: 16
Re: New tools to help integrating SMF with something else
« Reply #207 on: January 15, 2016, 02:12:11 PM »
OK. I see. You are right.

Because of all my issues. I had figured out that the API number (version number) was not related to the SMF number (version number). It turned out to be wrong. API 1.1 is for SMF 1.1.

OK. Many thanks! Very much appreciated.

Offline Nic_G

  • Semi-Newbie
  • *
  • Posts: 16
Re: New tools to help integrating SMF with something else
« Reply #208 on: January 20, 2016, 04:48:14 PM »
I am about to use the smfapi_updateMemberData() function but I am not sure about the comment saying that data must be html_special_chared...

Isn't it rather mysql_real_escape_string()? Because the data is going to be sent via SQL? Or am I missing something?



 * Update member data
 *
 * Update member data such as 'passwd' (hash), 'email_address', 'is_activated'
 * 'password_salt', 'member_name' or any other user info in the db
 *
 * @param  int $member member id (will also work with string username or email)
 * @param  associative array $data the data to be updated (htmlspecialchar'd)
 * @return bool whether update was successful or not
 * @since  0.1.0
 */
function smfapi_updateMemberData($member='', $data='')

Offline Nic_G

  • Semi-Newbie
  • *
  • Posts: 16
Re: New tools to help integrating SMF with something else
« Reply #209 on: January 20, 2016, 05:37:04 PM »
Well it seems that the info is stored htmlspecialchared in the database and no need to preformat the data when using the API update function...

Offline norristh

  • Newbie
  • *
  • Posts: 5
Re: New tools to help integrating SMF with something else
« Reply #210 on: July 03, 2017, 04:02:16 PM »
Since updating SMF to 2.0.14, at least two places I'm using the API no longer seem to work.  I haven't yet done thorough testing, or tried to debug exactly what's happening.  I assume the change in accessing MySQL has broken the API, but I don't know how badly, or how hard it'll be to fix...

Is anyone else experiencing problems?  Is there any discussion elsewhere that I missed in trying to search for solutions?

ETA: I'm using PHP7, which was a big motivation for upgrading SMF.
« Last Edit: July 03, 2017, 04:36:00 PM by norristh »

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 54,686
  • Gender: Male
    • Kindred-999 on GitHub
Re: New tools to help integrating SMF with something else
« Reply #211 on: July 03, 2017, 11:28:15 PM »
I suspect that the API does not support php7
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline MrManager

  • Semi-Newbie
  • *
  • Posts: 32
Re: New tools to help integrating SMF with something else
« Reply #212 on: July 22, 2017, 11:55:37 AM »
Is this still being maintained?

I just had a look through the source code and I think there may be a major bug in the smfapi_loadUserSettings() function. It seems to read the user ID and password from the SMF cookie (just like the normal loadUserSettings() from SMF) but it is missing the part where that password is actually checked! So I think it would be possible to impersonate any user, simply by editing the user ID in the cookie.

Or am I understanding something wrong here?

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 54,686
  • Gender: Male
    • Kindred-999 on GitHub
Re: New tools to help integrating SMF with something else
« Reply #213 on: July 22, 2017, 05:46:58 PM »
I do not believe that the password is stored in the cookie anyway...
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline MrManager

  • Semi-Newbie
  • *
  • Posts: 32
Re: New tools to help integrating SMF with something else
« Reply #214 on: July 22, 2017, 07:10:53 PM »
I'm pretty sure it is!

Here are the lines from Load.php:

Code: [Select]
if (empty($id_member) && isset($_COOKIE[$cookiename]))
{
// Fix a security hole in PHP 4.3.9 and below...
if (preg_match('~^a:[34]:\{i:0;(i:\d{1,6}|s:[1-8]:"\d{1,8}");i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\d{1,14};(i:3;i:\d;)?\}$~i', $_COOKIE[$cookiename]) == 1)
{
list ($id_member, $password) = safe_unserialize($_COOKIE[$cookiename]);
$id_member = !empty($id_member) && strlen($password) > 0 ? (int) $id_member : 0;
}
else
$id_member = 0;
}

And then later:

Code: [Select]
// As much as the password should be right, we can assume the integration set things up.
if (!empty($already_verified) && $already_verified === true)
$check = true;
// SHA-1 passwords should be 40 characters long.
elseif (strlen($password) == 40)
$check = sha1($user_settings['passwd'] . $user_settings['password_salt']) == $password;
else
$check = false;

// Wrong password or not activated - either way, you're going nowhere.
$id_member = $check && ($user_settings['is_activated'] == 1 || $user_settings['is_activated'] == 11) ? $user_settings['id_member'] : 0;