vb.org Archive - no_permission when creating user through mobile API

Yepp, api docs are really bad. Solution is the security token getting by login call.
Following example works in my local xammp dev enviroment. I've used loginSpecificUser but also login2 is possible. After login fetchCurrentUserinfo and get username (to check if correct login) and securitytoken.

After that an example for adding an post and adding a user.

You need to change apikey, urlapibase, userid and password for userid

PHP Code:


		
			
<?php



$requestparams = array(

'api_m' => 'api.init',

'clientname' => 'Muschebuhbuh',

'clientversion' => '1.0',

'platformname' => 'Muschebuhbuh',

'platformversion' => '1.0',

'uniqueid' => 'test123'

);



$urlapibase = 'http://localhost/forum/api.php'; //replace with your url, but don't use .../core/api.php



// cURL

$url = $urlapibase;

$ch = curl_init($url);

curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($requestparams));

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$curl_response = curl_exec($ch);

curl_close($ch);



$curl_response_array = json_decode($curl_response, true);

// API

$apiaccesstoken = $curl_response_array['apiaccesstoken'];

$apiclientid = $curl_response_array['apiclientid'];

$apisecret = $curl_response_array['secret'];

$apiversion = $curl_response_array['apiversion'];



$apikey = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'; //replace with your generated api key from admincp

echo '-------------- first init -----------------';

echo 'apiaccesstoken : ';

var_dump($apiaccesstoken);

//echo 'curl_response_array : ';

//var_dump($curl_response_array2);





// you can use also user.login or user.login2, but with other params

$requestparams = array(

    'api_m' => 'user.loginSpecificUser',

    'userid' => 1,                      // change userid for login

    'passwords' => array(

        'password' => 'xxxxxxx',       // password for userid

        'md5password' => md5('xxxxx'),  //same password

        'md5password_utf' => ''

    ),

    'extraAuthInfo' => array(

        'mfa_authcode' => ""

    ),

    'logintype' => 'cplogin'

);

ksort($requestparams);

$requestparams_string = http_build_query($requestparams);

$url = $urlapibase.'?'.$requestparams_string;

$apisignature = md5($requestparams_string.$apiaccesstoken.$apiclientid.$apisecret.$apikey);



$requestparams['api_s'] = $apiaccesstoken;

$requestparams['api_sig'] = $apisignature;

$requestparams['api_v'] = $apiversion;

$requestparams['api_c'] = $apiclientid;



// cURL

define("COOKIE_FILE", "cookie.txt");



$ch = curl_init($url);

curl_setopt($ch, CURLOPT_COOKIEJAR, COOKIE_FILE);

curl_setopt($ch, CURLOPT_COOKIEFILE, COOKIE_FILE);

curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($requestparams));

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$curl_response = curl_exec($ch);

$curl_response_array = json_decode($curl_response, true);

curl_close($ch);





$remember_me = $curl_response_array['password'];

$sessionhash = $curl_response_array['sessionhash'];

$cpsession = $curl_response_array['cpsession'];



echo '-------------- login user -----------------';

echo 'curl_response_array : ';

var_dump($curl_response_array);

// echo 'remember_me : ';

// var_dump($remember_me);

// echo 'sessionhash : ';

// var_dump($sessionhash);

// echo 'cpsession : ';

// var_dump($cpsession);







// fetch User Info

$requestparams = array(

    'api_m' => 'user.fetchCurrentUserinfo'

);

ksort($requestparams);

$url =  $urlapibase.'?'.http_build_query($requestparams);

$requestparams_string = http_build_query($requestparams);

$apisignature = md5($requestparams_string.$apiaccesstoken.$apiclientid.$apisecret.$apikey);



$requestparams['api_s'] = $apiaccesstoken;

$requestparams['api_sig'] = $apisignature;

$requestparams['api_v'] = $apiversion;

$requestparams['api_c'] = $apiclientid;





// cURL

$ch = curl_init($url);

curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($requestparams));

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

curl_setopt($ch, CURLINFO_HEADER_OUT, true);

$curl_response = curl_exec($ch);

$information = curl_getinfo($ch);

curl_close($ch);



$curl_response_array = json_decode($curl_response, true);

echo '--------------- fetch user info ----------------';

//echo 'header information : ';

//var_dump($information);

//echo 'curl_response_array : ';

//var_dump($curl_response_array);

echo 'username : (should be the logged in username)';

var_dump($curl_response_array['username']);

echo 'securitytoken : ';

var_dump($curl_response_array['securitytoken']);



$securitytoken = $curl_response_array['securitytoken'];







// Content add

$requestparams = array(

    'api_m' => 'content_text.add',

    'data' => array(

        'rawtext' => "Content for Content_Title 14",

        'title' => "Content_Title 14",

        'parentid' => 3,

        'userid' => 1

    ),

    'options' => array()

);



ksort($requestparams);

$url =  $urlapibase.'?'.http_build_query($requestparams);

$requestparams_string = http_build_query($requestparams);

$apisignature = md5($requestparams_string.$apiaccesstoken.$apiclientid.$apisecret.$apikey);



$requestparams['api_s'] = $apiaccesstoken;

$requestparams['api_sig'] = $apisignature;

$requestparams['api_v'] = $apiversion;

$requestparams['api_c'] = $apiclientid;

$requestparams['securitytoken'] = $securitytoken;



// cURL

$ch = curl_init($url);

curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($requestparams));

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

curl_setopt($ch, CURLINFO_HEADER_OUT, true);

$curl_response = curl_exec($ch);

$information = curl_getinfo($ch);

curl_close($ch);



$curl_response_array = json_decode($curl_response, true);

echo '------------ content add -------------------';

//echo 'header information : ';

//var_dump($information);

echo 'curl_response_array : ';

var_dump($curl_response_array);







// User

$user = array(

    'username' => "Test4",

    'email' => "test4@test.com",

    'usergroupid' => "2"

);



ksort($user);

$requestparams = array(

    'api_m' => 'user.save',

    'userid' => '0',

    'password' => '123',

    'user' => $user,

    'options' => '',

    'adminoptions' => '',

    'userfield' => ''

);

ksort($requestparams);

$url =  $urlapibase.'?'.http_build_query($requestparams);

$requestparams_string = http_build_query($requestparams);

$apisignature = md5($requestparams_string.$apiaccesstoken.$apiclientid.$apisecret.$apikey);



$requestparams['api_s'] = $apiaccesstoken;

$requestparams['api_sig'] = $apisignature;

$requestparams['api_v'] = $apiversion;

$requestparams['api_c'] = $apiclientid;

$requestparams['securitytoken'] = $securitytoken;



// cURL

$ch = curl_init($url);

curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($requestparams));

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

curl_setopt($ch, CURLINFO_HEADER_OUT, true);

$curl_response = curl_exec($ch);

$information = curl_getinfo($ch);

curl_close($ch);



$curl_response_array = json_decode($curl_response, true);

echo '------------ add user -------------------';

//echo 'header information : ';

//var_dump($information);

echo 'curl_response_array : ';

var_dump($curl_response_array);

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01148 seconds Memory Usage 1,868KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_html_printable (3)bbcode_php_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (5)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: