Create discussion with API

Tikey

Hello everybody

Problem: Discussion is created as wrong user

I have a website in laravel and forum with flarum. By clicking a button on the website, the user should be able to automatically create a new discussion in the forum. I read $_COOKIE['flarum_session'] and get the userid and so on from the /sessions directory.

Now I have the following php code which run curl with the Master Token and Postdata.

$header = [
			"Content-Type: application/vnd.api+json",
			"Authorization: Token XX5oLkXXXXpgzw0ZdccYE3bIXXXm9SweXXXXlKX",
		];

curl_setopt($ch, CURLOPT_URL, $server . "/api/discussions");
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,
	json_encode(
			'data' => [
				'type' => "discussions",
				'attributes' => [
					'title' => $title,
					'content' => $message,
					'user_id' => $user_id,
				],
				'relationships' => [
					'tags' => [
						'data' => [
							0 => [
								'id' => $tag_id,
								'type' => "tags",
							]
						]
					]
				]
			],
	)
);

My problem is: Although I set the user_id as attribute, the discussion and post is create by the root user. I also send the cookie from the user: "Cookie: flarum_session=" . $_COOKIE['flarum_session'];

Do you have any idea what to do?

askvortsov

Tikey the author is obtained from the authentication credentials, ie, the user you're sending the request as. I don't believe that you can set an author for discussions through HTTP requests: then, anyone could post a discussion as anyone else.