Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions
  #1  
Old 01-14-2012, 04:47 PM
PleaseHelp PleaseHelp is offline
 
Join Date: Jan 2012
Posts: 27
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default How to keep a user logged in using the API?

Hello,

We've been trying to use the vBulletin API and have spent hours attempting to successfully keep a user logged in to no avail This is very frustrating because the documentation on and vBulletin support regarding the API is very limited.

We have managed to successfully login users via the API and receive (for example) the following information back:
Code:
[session] => Array
(
[dbsessionhash] => 9e0df97bb21240fc014418ede5e6c1bd
[userid] => 1
So we are able to successfully login a user. However, we do not know and have not been able to figure out how to KEEP the user logged in for each subsequent API call / request for that user.

Specifically, we are referring to this (very vague) part of the vBulletin API documentation help (found here: https://www.vbulletin.com/forum/cont...s-Mobile-API):
Quote:
"So after this API call (login_login), client should call api_init (get new session as well as new common $show variables) or api_getsecuritytoken to get the new securitytoken. Once the client gains both the new sessionhash and the securitytoken, please save them in application session vars. After this the login process is done. You need to pass the new sessionhash to the API and use the new securitytoken to sign the requests in future API method calls."
Could anyone please be kind enough to dissect this paragraph for us and explain it in step-by-step detail so we can get this to work properly?

We are completely stuck at this point and it's so frustrating because we've gotten everything else to work perfectly with the API.

Please let us know and thank you so much! We really appreciate it!
Reply With Quote
  #2  
Old 01-14-2012, 05:02 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I don't have any experience with the api, but if you look at this page: https://www.vbulletin.com/forum/cont...334-mobile-api the section titled "Request/Result Verification" seems to show some code for signing a request.
Reply With Quote
  #3  
Old 01-14-2012, 07:04 PM
PleaseHelp PleaseHelp is offline
 
Join Date: Jan 2012
Posts: 27
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by kh99 View Post
I don't have any experience with the api, but if you look at this page: https://www.vbulletin.com/forum/cont...334-mobile-api the section titled "Request/Result Verification" seems to show some code for signing a request.
Thanks, but we are already able to sign any and all API requests, we just don't know what we need to do to keep the user signed in for all subsequent requests and that paragraph we quoted in our OP is incredibly vague with no examples provided.

Anyone else?
Reply With Quote
  #4  
Old 01-15-2012, 01:24 AM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

When you call api_init, you get given an access token.

Code:
array (
  'apiversion' => 4,
  'apiaccesstoken' => '31e6c1ea1ae6eca7a538057781234567',
  'bbtitle' => 'Test Forum',
  'bburl' => 'http://www.xxxxxxx.org/vb/40a',
  'bbactive' => 1,
  'forumhome' => 'index',
  'vbulletinversion' => '4.1.10',

You pass this in all other calls as 'api_s', this is the sessionhash for your user.

Code:
api_c = 2
api_m = private_messagelist
api_v = 4
api_s = 31e6c1ea1ae6eca7a538057781234567
api_sig = dab14537fd1bf42119a359ee6265fa0a
folderid=-1
Reply With Quote
  #5  
Old 01-15-2012, 12:14 PM
PleaseHelp PleaseHelp is offline
 
Join Date: Jan 2012
Posts: 27
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Paul M View Post
When you call api_init, you get given an access token.

Code:
array (
  'apiversion' => 4,
  'apiaccesstoken' => '31e6c1ea1ae6eca7a538057781234567',
  'bbtitle' => 'Test Forum',
  'bburl' => 'http://www.xxxxxxx.org/vb/40a',
  'bbactive' => 1,
  'forumhome' => 'index',
  'vbulletinversion' => '4.1.10',

You pass this in all other calls as 'api_s', this is the sessionhash for your user.

Code:
api_c = 2
api_m = private_messagelist
api_v = 4
api_s = 31e6c1ea1ae6eca7a538057781234567
api_sig = dab14537fd1bf42119a359ee6265fa0a
folderid=-1


Thanks for your assistance, Paul. However, we are already doing what you have outlined above. That's simply how to sign and execute any method with the API. We've already gotten that to work a long time ago, that isn't the problem here.

The problem is how to keep a user logged in AFTER you've run the login_login method. Specifically, this:
Quote:
"So after this API call (login_login), client should call api_init (get new session as well as new common $show variables) or api_getsecuritytoken to get the new securitytoken. Once the client gains both the new sessionhash and the securitytoken, please save them in application session vars. After this the login process is done. You need to pass the new sessionhash to the API and use the new securitytoken to sign the requests in future API method calls."

How do we do that?
Reply With Quote
  #6  
Old 01-15-2012, 02:21 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by PleaseHelp View Post
That's simply how to sign and execute any method with the API. We've already gotten that to work a long time ago, that isn't the problem here.

The problem is how to keep a user logged in AFTER you've run the login_login method. Specifically, this:

How do we do that?
What I have told you is how its done.

When you create a session with api_init, and get the (session) accesstoken, the userid in the session table at that point is 0. Once you login correctly using the login_login method, that session userid is changed to x (your userid), so any future requests with that access token will run as userid x.

FYI, those details were taken direct from a sucessful session, where I logged in, and then checked the PM folder.
Reply With Quote
  #7  
Old 01-15-2012, 02:59 PM
PleaseHelp PleaseHelp is offline
 
Join Date: Jan 2012
Posts: 27
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Paul M View Post
What I have told you is how its done.

When you create a session with api_init, and get the (session) accesstoken, the userid in the session table at that point is 0. Once you login correctly using the login_login method, that session userid is changed to x (your userid), so any future requests with that access token will run as userid x.



FYI, those details were taken direct from a sucessful session, where I logged in, and then checked the PM folder.

OK, let's dissect the paragraph we pasted earlier because something doesn't make sense to us.

Here is the paragraph:
Quote:
"So after this API call (login_login), client should call api_init (get new session as well as new common $show variables) or api_getsecuritytoken to get the new securitytoken. Once the client gains both the new sessionhash and the securitytoken, please save them in application session vars. After this the login process is done. You need to pass the new sessionhash to the API and use the new securitytoken to sign the requests in future API method calls."


Now let's dissect it one-by-one:
Quote:
So after this API call (login_login), client should call api_init (get new session as well as new common $show variables) or api_getsecuritytoken to get the new securitytoken.
Do we need to do anything different with this new call to api_init once we have the "dbsessionhash" from method login_login? How does this new call to api_init know the user is logged in unless we pass something new to it (e.g. the "dbsessionhash" from login_login) ?



Quote:
Once the client gains both the new sessionhash and the securitytoken, please save them in application session vars.
Which "sessionhash" and "securitytoken" is it referring to specifically? Is "sessionhash" referring to the "dbsessionhash" we get from the login_login method or is it referring to something from api_init (if so, what specifically) ? What about the "securitytoken", is it referring to the "apiaccesstoken" we get from calling api_init again or something else (if so, what specifically) ?



Quote:
After this the login process is done. You need to pass the new sessionhash to the API and use the new securitytoken to sign the requests in future API method calls.
How do we add this new "sessionhash" and "securitytoken" to a future API method call? Do we add them to the parameter array that already includes ("api_m" => [method name]) ? If so, what do we name the keys?



Please be as clear and specific as you can, and please provide examples where possible. This is very confusing but we are relieved to hear you actually got it to work! Thanks again for your assistance with this, we greatly appreciate it.
Reply With Quote
  #8  
Old 03-19-2014, 11:07 AM
thyshiva thyshiva is offline
 
Join Date: Jun 2013
Posts: 13
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi,

I am facing similar problem. Did you get answer to this? Please help.
Once logged in using api when i am redirecting to activity.php url with s=sessionid, still it asks me to enter username and password. I expect it to land me in logged in page.

Regards
Reply With Quote
  #9  
Old 07-29-2016, 05:53 AM
hasan1aj hasan1aj is offline
 
Join Date: Jun 2016
Posts: 5
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Was anyone able to fix this? I am facing the exact same thing
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 09:57 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04654 seconds
  • Memory Usage 2,253KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (5)bbcode_code
  • (10)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete