Web Wiz Forums - member API

Print Page | Close Window

member API

Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=25035
Printed Date: 29 March 2026 at 6:09am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com

Topic: member API

Posted By: ghena
Subject: member API
Date Posted: 19 December 2007 at 12:25pm

Hi,

I'm trying to use the member api to sincronyze registration in mywebsite and in the forum.

It works well during the first access... then, if i do a logout, and I try to access through mywebsite... the login access is not automatic.

I did this in the function_member_API.asp:

Session("USER") = Request.Cookies("mysite")("nome")
Session("PASSWORD") = Request.Cookies("mysite")("pwd")
Session("EMAIL") = Request.Cookies("mysite")("email")

Const blnMemberAPI = True

Const blnMemberAPIDisableAccountControl = True

Const strMemberAPIRegistrationURL = " http://mysite/registrazione.asp - http://mysite/registrazione.asp "

Const strMemberAPILogoutURL = " http://mysite/logout.asp - http://mysite/logout.asp "

What i must to change to get an automatic login using the API ?

Thanks in advance.

Replies:

Posted By: WebWiz-Bruce
Date Posted: 20 December 2007 at 11:35am

You have set this up wrong, you should be creating session variable in your own login pages and NOT passing the data across in a cookie.

You should never place username and password data in a cookie, this is a massive security risk as it allows anyone to get your users username and passwords.

You need to go back to the original member API file and follow the instructions, as at the moment it is not setup correctly.

What you should have done is edit your own login page to add in the following:-

Session("USER") = Member_Username
Session("PASSWORD") = Member_Password
Session("EMAIL") = Member_Email

Replacing the parts in red with the user login details, this can then be picked up by the forum from the ASP session.

You also need to remove the following lines that you have placed in the member API file:-

Session("USER") = Request.Cookies("mysite")("nome")
Session("PASSWORD") = Request.Cookies("mysite")("pwd")
Session("EMAIL") = Request.Cookies("mysite")("email")

If you are using a cookie to pass around your users usernames and passwords then you should look at redeveloping your login system as this is totally insecure as you are literally giving out your users usernames and passwords to anyone who cares to look for them.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: ghena
Date Posted: 20 December 2007 at 11:45am

Hi,

thanks for the replay...
My care was not about security but about the autologin system...

I can put the pwd in a session or in a variable , but the autologin doesnt work.

Posted By: WebWiz-Bruce
Date Posted: 20 December 2007 at 12:16pm

I think you are missing the point, you have setup the member API incorrectly. You need to go back and start again, setting it up correctly by setting the session variables in your own login system, not with the member API file.

Many people use this API without problems, but you need to set it up correctly to start with, if you start messing around trying to get it to work in a way it was not built to you will have problems.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: ghena
Date Posted: 20 December 2007 at 12:31pm

I believe is clear now...

I must change the function_member_API.asp

and then i must create 3 session variables as the following:

Session("USER") = "myuser"
Session("PASSWORD") = "mypwd"
Session("EMAIL") = "myemail"

during the login.

So when the user call the page /forum/default.asp

the system is able to check if it exist or jump the user to the login ?

Posted By: WebWiz-Bruce
Date Posted: 20 December 2007 at 1:30pm

Not quite, no.

Having the session variables set in your own login is correct.

However, if the user is not logged into your site in the current session and they browse to the forum they will be shown as a guest, they would not be loged into the forum.

If you configure the member API with a link to your sites own login system, when the user clicks the login link in Web Wiz Forums they will be directed to your own sites login.

They then log into your own site login which sets the session variables required by Web Wiz Forums member API, when they then go back to the forum they will be logged into the forum.

Once the session variables are set by your sites login Web Wiz Forums member API can read in these variables, if the user exists they are logged in as that member, if not a member record is created for them in the database.

You also need to remember session variables only last for 20 minutes after the user has left your site before they are destroyed. They are also destroyed when you close your browser.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: jamie.townsend
Date Posted: 20 December 2007 at 1:31pm

nono -

Remove the sessions from the function_member_api.asp

In your login script "for your website" you set the sessions.

Then when you navigate to the forum it will pick up those sessions and then log the user in.