need help writing a small external api mod.

Discussion forum for MOD Writers regarding MOD Development.
Locked
Hans Henrik
Registered User
Posts: 28
Joined: Tue Jan 06, 2009 4:22 pm

need help writing a small external api mod.

Post by Hans Henrik » Wed Nov 28, 2012 6:51 am

i need a small "externally accessible api" for my forum, basically need something like

api.php?username_exist=BobDyllan
api.php?is_email_in_use=member@hotmail.com

etc
and make it return only a small, easily pare-able response (JSON or 0/1/ would be good), none of that forum HTML/UI/etc from rest of the board, i guess first question is:
is there already a mod that does something like this?

and how should i get started? have written some mods for PhpBB before, but that was years ago, 2007-8 i think, i guess its a good idea to
include("config.php") , and since i think im gonna need "function validate_username", include("includes/functions_user.php") (ty igorw)
and iirc (and a quick check of the file confirms) i had to do define('IN_PHPBB',true);
the code i have thus far is:

Code: Select all

<?php
define('IN_PHPBB',true);
require_once('config.php');
require_once('includes/functions_user.php');
var_dump(validate_username("lol"));
which gives:
Fatal error: Call to undefined function utf8_clean_string()

so.. any idea what im missing?
and i think, if i found a small (working) mod's source code that i could examine, or some basic modding tutorial, that'd probably help me allot :) any suggestions?

User avatar
Erik Frèrejean
Former Team Member
Posts: 9899
Joined: Tue Oct 09, 2007 9:09 am
Location: The Netherlands, 3.0.x Support Forum
Name: Erik Frèrejean
Contact:

Re: need help writing a small external api mod.

Post by Erik Frèrejean » Wed Nov 28, 2012 10:27 am

You'll have to include common.php which will load the basic API.

Code: Select all

<?php
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx); 
After that you can add your own code.

Code: Select all

require_once("{$phpbb_root_path}includes/functions_user.{$phpEx}");
var_dump(validate_username("lol")); 
Support Toolkit | Support Request Template | Knowledge Base | phpBB 3.0.x documentation
I don't give support via PM or IM! (all unsolicited pms will be trashed!)

Hans Henrik
Registered User
Posts: 28
Joined: Tue Jan 06, 2009 4:22 pm

Re: need help writing a small external api mod.

Post by Hans Henrik » Wed Nov 28, 2012 4:41 pm

thanks! got it working

now next problem, the validate_username() function in includes/functions_user.php

validates crazy names like "hans henrik^" "&hans henrik^" "&lol &^&this is a valid username^", etc, while i know the built-in register page does not allow such names :p
any idea why? or what other function i can use to check if a username is valid?

Hans Henrik
Registered User
Posts: 28
Joined: Tue Jan 06, 2009 4:22 pm

Re: need help writing a small external api mod.

Post by Hans Henrik » Wed Nov 28, 2012 4:56 pm

this is really strange.. afaik, when it returns false, the username is valid.

validate_username("&^blablaNotAnValidUsername!!",true) =>false (expects INVALID_CHARS ? )
validate_username("&^blablaNotAnValidUsername!!",false) =>false (expects INVALID_CHARS ? )
validate_username("Hans Henrik",false)=> 'USERNAME_TAKEN' (as expected :) )
validate_username("uifsdjfidsjfsdfopdjodfjgbkbjfdjgfdgjdfbfdibjifdgjdkjk",false) =>false (expects some error about "username too long")
validate_username("",false) =>false (expects some error about "username too short")
validate_username("a",false) =>false (expects some error about "username too short")

is there something very wrong with the validate_username on my board? (the forum was bought from som1 else that had modded it quite abit before the purchase, i dont know if its been edited or not)

Code: Select all

function validate_username($username, $allowed_username = false)
{
    global $config, $db, $user, $cache;

    $clean_username = utf8_clean_string($username);
    $allowed_username = ($allowed_username === false) ? $user->data['username_clean'] : utf8_clean_string($allowed_username);

    if ($allowed_username == $clean_username)
    {
        return false;
    }

    // ... fast checks first.
    if (strpos($username, '"') !== false || strpos($username, '"') !== false || empty($clean_username))
    {
        return 'INVALID_CHARS';
    }

    $mbstring = $pcre = false;

    // generic UTF-8 character types supported?
    if ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false)
    {
        $pcre = true;
    }
    else if (function_exists('mb_ereg_match'))
    {
        mb_regex_encoding('UTF-8');
        $mbstring = true;
    }

    switch ($config['allow_name_chars'])
    {
        case 'USERNAME_CHARS_ANY':
            $pcre = true;
            $regex = '.+';
        break;

        case 'USERNAME_ALPHA_ONLY':
            $pcre = true;
            $regex = '[A-Za-z0-9]+';
        break;

        case 'USERNAME_ALPHA_SPACERS':
            $pcre = true;
            $regex = '[A-Za-z0-9-[\]_+ ]+';
        break;

        case 'USERNAME_LETTER_NUM':
            if ($pcre)
            {
                $regex = '[\p{Lu}\p{Ll}\p{N}]+';
            }
            else if ($mbstring)
            {
                $regex = '[[:upper:][:lower:][:digit:]]+';
            }
            else
            {
                $pcre = true;
                $regex = '[a-zA-Z0-9]+';
            }
        break;

        case 'USERNAME_LETTER_NUM_SPACERS':
            if ($pcre)
            {
                $regex = '[-\]_+ [\p{Lu}\p{Ll}\p{N}]+';
            }
            else if ($mbstring)
            {
                $regex = '[-\]_+ \[[:upper:][:lower:][:digit:]]+';
            }
            else
            {
                $pcre = true;
                $regex = '[-\]_+ [a-zA-Z0-9]+';
            }
        break;

        case 'USERNAME_ASCII':
        default:
            $pcre = true;
            $regex = '[\x01-\x7F]+';
        break;
    }

    if ($pcre)
    {
        if (!preg_match('#^' . $regex . '$#u', $username))
        {
            return 'INVALID_CHARS';
        }
    }
    else if ($mbstring)
    {
        mb_ereg_search_init($username, '^' . $regex . '$');
        if (!mb_ereg_search())
        {
            return 'INVALID_CHARS';
        }
    }

    $sql = 'SELECT username
        FROM ' . USERS_TABLE . "
        WHERE username_clean = '" . $db->sql_escape($clean_username) . "'";
    $result = $db->sql_query($sql);
    $row = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);

    if ($row)
    {
        return 'USERNAME_TAKEN';
    }

    $sql = 'SELECT group_name
        FROM ' . GROUPS_TABLE . "
        WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($username)) . "'";
    $result = $db->sql_query($sql);
    $row = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);

    if ($row)
    {
        return 'USERNAME_TAKEN';
    }

    $bad_usernames = $cache->obtain_disallowed_usernames();

    foreach ($bad_usernames as $bad_username)
    {
        if (preg_match('#^' . $bad_username . '$#', $clean_username))
        {
            return 'USERNAME_DISALLOWED';
        }
    }

    return false;
}

 

User avatar
Brf
Support Team Member
Support Team Member
Posts: 51834
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: need help writing a small external api mod.

Post by Brf » Wed Nov 28, 2012 5:13 pm

validate_username() does not check the length. The length would already have been checked by validate_data() during input.

Locked

Return to “[3.0.x] MOD Writers Discussion”