Perhaps an API could be developed (not an immediate need) for Kirupa/the Forums for various services. For example, the ability to "login" externally (check your login, more than likely) to submit something to a site attached to your kF username (on the lines of that kBlogsNetwork idea thing). Similar to facebook, you'd have IPs and Domains attached to the API such that no other IP/Domain (server) can connect the API to promote security. API usage would be granted to select users on a trust basis.

It's kind of a stupid idea, but I can see a ton of uses with access to some of the database elemnts of the site.

nice idea, and I would like it BUT, who would make it?

That idea sucks. Why would we need this?

^Exactly what i was thinking. No one in their right mind would use it.

Psh *looks around* I'm in my right mind, right?

Oh well. Sure. It was worth a try.

nice try... :)

i actually think it's a decent idea. but there are a few problems:
1) it won't actually be used
2) it would be better coming from vbulletin than kirupa

I've got some free time. Maybe I'll check out what a vBulletin database looks like and see if I can code some PHP backend stuff to handle requests. :D Here's what I'm thinking the first version would do:

- Allow external login.
- External posting and reading. (RSS/XML?)
- Do some type of User CP feature.

We'd need to use some type of encryption though. :puzzle:

I think its a fairly good idea. But... How many people would actually use it? 2? 3?

You never know. There's always a chance that everyone would love it and we, the creators, would be ultra-cool because we made it. Or it may be a waste of our time. It's your decision, if you want to participate or not. ;)

The stuff you mentioned, Esherido, seems pretty abusable/spammable.

I'm not suggesting it on the whim that 100's of apps would spring up.. but merely on the idea that some of us have ideas to expand Kirupa.

Nokrev and someone have been working on regex's to strip some tutorials and such from Kirupa. If stuff like this was integrated into an API (with select access to prevent abuse).. then certain little utilities that will make kirupa more fun and a bit more productive (granting a bit more experience in certain languages and communicating with APIs?) could be made.

lol @ this thread

however, we could use thread-delete buttons for trusted users, man I would tidy the hell out of this place

starting with all of esheridos posts :lol:

:lol:... thanks reef, I think. Well, I'm off to make another crappy suggestion, keep a watch for it!

I don't get how you think it could be abused, spammed. Please explain what you mean. If this is only for trusted users, (Like me.) why would there be a spamming problem?

REEF: You're gonna pay for that!

REEF speaks truth ...

We've had a rogue mod or two in our past.

With the API I'm thinking of there isn't much you could do. It would just be a way to post or browse on kForum without having to go to kirupa.com/forum. But if you're talking about giving trusted users some more power, but not mod power, then yeah, there is the possibility of abuse. It's the same gamble as giving someone mod power.

Like bwh mentions, it is probably better if these features came integrated or extended with vBulletin itself. There are major security issues associated with having 3rd parties access the forum database since the forums are not designed with the goal of having non-admin users extend the functionality on a remote site.

:cap:

I know we definitely don't want any "3rd party accessing the database." What I was thinking is some program for kForum users that would send and recieve data to/from the forum via a PHP page on kirupa.com that would handle all the request from the program. Of course there would be security features and stuff to keep any tampering from going on and you would be able to strip the sent data of MySQL queries to prevent query injection attacks.

If this is only for trusted users, (Like me.) why would there be a spamming problem?You're a truster user?!

:lol: :P I knew you would say that!

:lol: Didn't see that one. Don't worry Esh, we're laughing with you, I think. Maybe.

getUser( id, name, postCount, avatar, location, title, sig, homePage )
getThread( id, name, creatorID, date, lastPostID )
getPost( id, name, creatorID, date, lastEdited )

^if it did exist, i think it would only SELECT data that is available to non-members.

Yeah. That seems plausible. Additionally authentication to confirm you are the actual user could be done by inputting your username on the site, and then actually cominf to Kirupa to confirm your identity.

Amazing. This is actually starting to sound plausible. :P

It never sounded implausible? To me atleast..

Yeah. That seems plausible. Additionally authentication to confirm you are the actual user could be done by inputting your username on the site, and then actually cominf to Kirupa to confirm your identity.you mean an API key? i don't really see a need to forward anyone to the main site (kirupa) for authentication because all of the data is publicly accessible anyhow.

Understandably, however for Kirupa-only services and those that revolve around your username, you're going to want to verify that you are the user, right?

I'm not talking about an API key, I'm talking about for the common user who uses the site being powered by the API.

I don't see how logging in on kirupa.com would change the API. I think the best way would be for you to log in through the API. Then your password would be hashed by the API for security reasons and then your username, hashed password, and some other data would be sent to kirupa.com by the API. If kirupa.com verifies all of that the API would log you in. :D

What's unsafe about this? The fact that the API user could be logging passwords unhashed. The fact that if the API user starts storing passwords, vulnerablilities in the code can become serious, especially when a moderator or Kirupa himself uses it and gives his password to the database ;)

Oh and, a person might be the kind of guy to do this.. normally a power hungry one.. let's take you for an example esh ;)

let's take you for an example esh
Meanie. :sad:

The reason for the API to hash the passwords before sending them to the kirupa.com server is to keep anyone between your computer and the kirupa.com server from being able to tamper in and see your password. No offense, but that's pretty basic cryptography. ;)

Trust me, I know plenty more about hashes than you. You don't realize, however that the "trusted" user can easily put the passwords.. unhashed, into a database, sent to an email, or whatever else he/she wants.

Yeah of course they could. That's why this should be a group project, so that everyone will be looking at what everyone else has done. So if one member puts in some evil code to steal people's passwords, other users would notice it.

yeah, harish is right. a user would need to visit kirupa.com to authenticate himself. then they would be redirected back to the site using the API. in the case of stealing passwords b/c authentication occurs remotely, the only person who would know is the person doing the stealing.

esherido's suggestion of a "neighborhood watch" type system is an example of soft controls, which are almost always less effective than hard controls. to protect the user and the main site, you need hard controls like not allowing the user to authenticate remotely via a 3rd party.

I'm really starting to get confused by what everyone is saying. Could someone please explain what we're trying to do here? Are we trying to make an application that would be exactly like using the forum, except you don't have to open your web-browser? Or are we trying to do something else?

i more envision it as being something that you could use to access publicly available information that is normally published on kirupa.com. so for instance, if you wanted to post some of your kirupa information on esherido.com, you could do something like:


$user = new Kirupa( 'user' );
$user->setID( 42090 );
echo 'Kirupa username: '.$user->getUsername.'<br />';
echo 'Post Count: '.$user->getPostCount().'<br />';
echo 'Homepage: '.$user->getHomepage().'<br />';
//...

$thread = new Kirupa( 'thread' );
$thread->setID( 241453 );
echo 'Title: '.$thread->getTitle().'<br />';
echo 'Posts: '.$thread->getPostcount().'<br />';
//...

That's ugly OOP, :P

I would do something like this (rough Python, easily changed to PHP):


class KirupaPost:
def __init__(self, post_id):
try:
self.post_id = int(post_id)
except Exception, e:
# Really unnecessary, but shown for sake of example; it'll be
# thrown up anyways (albeit a slightly different description)
raise ValueError('Must give integer user id.')

def get_author(self):
"""Returns KirupaUser object who posted this."""
pass

def get_thread(self):
"""Returns thread in which this was posted."""
pass

def __str__(self):
# Like PHP's toString() method, will return contents
pass

class KirupaUser:
def __init__(self, user_id):
try:
self.user_id = int(user_id)
except Exception, e:
# Again, really unnecessary, but shown for sake of example
raise ValueError('Must give integer user id.')

def get_username(self):
pass

def get_post_count(self):
"""Returns integer post count for user."""
pass

def get_homepage(self):
"""Returns URI of user homepage."""
pass

class KirupaThread():
"""Object mapped to specific thread on Kirupa."""
def __init__(self, thread_id):
try:
self.thread_id = int(thread_id)
except Exception, e:
# Once more, really unnecessary, but shown for sake of example
raise ValueError('Must give integer user id.')

def get_title(self):
"""Returns thread title of self.thread_id"""
pass

def get_length(self):
"""Returns length of thread."""
pass

def get_posts(self):
"""Returns group of posts in thread self.thread_id."""
pass

if __name__ == '__main__':
KirupaUser(user_id=34)

yeah yeah yeah. i wasn't trying to code the class. just a simple example on how to use the methods.

Yeah, but why only one class? That's just bad!

Esh, look up "API"

Yeah, but why only one class? That's just bad!i don't really view this as a "kirupa" thing. more a vbulletin thing. so i was thinking it would be easier for the site admin to just rename one class than to rename multiple classes. i didn't really put to much thought into it. i agree though that it should be multiple.

@nokrev: i'm thinking about learning python. where do you think i should start?

diveintopython.org

Best guide ever.

sweet. thanks dude.

I think a single class would be much better. And sometimes I get mixed up about API's. Sometimes I think of them as programming environments, other time I think of them as interfaces. :sen: I think a single class would be better, especially if we want it to work the bwh2 is doing. The data could be retrieved from a PHP page on kirupa.com that would accept a GET request for the user_ID and then return the data in an XML element or something. ;)


nokrev, I've wanted to learn Python for a while, so thanks for the site, and thanks to bwh2 for bringing it up! :D

There is no reason to have one class. It's just ugly.

esherido, i did that for simplicity at the time. i think it should be multiple classes as i hinted in post 23 (http://kirupa.com/forum/showpost.php?p=2005200&postcount=23).

Esh, look up API again.. maybe you'll get it right on your third search.

Ok. I just read the whole wikipedia article on it. Let me see if I got this right: We're trying to build a library of functions for kirupians to use on their sites that retrieve data from/send data to kirupa.com? :puzzle:

Ok. I just read the whole wikipedia article on it. Let me see if I got this right: We're trying to build a library of functions for kirupians to use on their sites that retrieve data from/send data to kirupa.com? :puzzle:

LINGO!

I'm honestly not seeing a good reason for. Not to mention the drama. someuser: "How could i not be a trusted user!!?!?!?!".

from my perspective, it's not about being a trusted vs. untrusted user as long as there are no set methods accessible.

I'm not seeing how this could be so damaging if an untrusted user got to it. All would be able to access was data from the forum, if they tried to submit a MySQL injection attack, we would filter it out and report the user to kirupa. :D

It'd be easier to crash the server.

It'd be easier to crash the server.the system would track and limit the number of requests per hour. and kill queries that exceed a certain time.

the larger security issue comes from INSERT, UPDATE, DELETE, and DROP statements. so that's why i suggested SELECT only functionality with the API user only having SELECT access to the db as well.

It's just ugly.
Now now. There is no need to talk about Esherido like that Jeff..(-:

darkmotion, are you my official bully now? :sad:

bwh2: I don't even think we should allow the user to even have access to SQL queries, why not just setup some functions that send variables to a PHP page on kirupa.com that processes the variables and performs the query, then it would send the necessary data back to the API.

That's what he's talking about. The functions though would have to use SQL.

^ word.

What if we use JS to send the requests to a PHP page on kirupa.com? :q:

There's at least four people in this thead that are easily capable of making an API. It's pretty much A) getting permission from the K-man and B) knowing what we can and can't do with it.

Thanks for clearing up 4 pages of shouting, disagreement, misunderstanding, and overall shnipiness. :thumb:

I still don't see the need for such a feature :asleep:

We just
got pwnt

What if we use JS to send the requests to a PHP page on kirupa.com? :q:

That's dumb and idiotic.


I still don't see the need for such a feature :asleep:

I still agree.

yeah. i was never banking on this actually happening unless it came from vbulletin.

Yeah, I actually kind of agree that there's no present need for such a feature.. at least not RIGHT NOW.

We just
got pwntAre you referring to HLs footer when you use GOT PWNT like that?

The correct term would be "an allusion", and yes, I was making an allusion to HL's footer.

No, an allusion is a reference to a literary piece. Therefore, reference (or, referring) would be a better term, as his footer is not a published piece, but can be referenced.

No, an allusion is a reference to a literary piece. Therefore, reference (or, referring) would be a better term, as his footer is not a published piece, but can be referenced.

Not really true, but considering your target it's acceptable.

Esh, you try too hard.

Now THATS "pwnt".

Not really true, but considering your target it's acceptable.

How so?

How so?
Because you can allude to anything you want. But it will usually fail when the audience doesn't know what the hell you are talking about - which is why people usually allude to famous literary works or historical figures/events.

However, Esherido's "got pwnt?" comment wasn't an allusion what so ever since he just said "got pwnt?" without any context.

And now this thread goes down the drain.

Ha, indeed you are correct. I know better now. :)

This thread reminds me of that usergroup thread from a while back. People just won't take no for an answer, even when it's not their website:lol:

Actually, almost everyone agreed that it was a bad idea.

Yes we agreed it was a bad and poorly developed idea, we just kept discussing it :)

The hating and disrespect of Esherido grows...

It ended. I think you refueled it.

define respect

wow I was looking for a kirupa API cause i wanted to learn some stuff and it seems from the previous post this situation is similar to the NYC kirupa meet up

wha! holy old thread aquaman!

hah I am on roll for resurrections today

can you do it before sunday?

ooooh religious pun