XF 2.2 API Question for pull requests

Chernabog

Well-known member
I have a guy working on a way to send new user registrations from the forum over to our game server. He's able to get everything we need so far, but is having trouble with pulling the password.

Is there a particular "name" or "call" (I have no idea what the proper word is) that I can tell him to use to grab the password?? That's the last piece to our puzzle.

Thanks for any help!

J
 
No. XenForo does not store user passwords (doing that would be extraordinarily dangerous).

Well it's in the database.. probably hashed but there. Hmm would likely need an add-on written that pulls the data and makes it available....
 
Well, you asked how to get the password via API, not how to get the password hash - that's quite a different question and I would have given a different answer if this was asked for instead.

Of coure the hash is stored in the DB (table xf_user_authenticate, eg. entitiy XF:User Authenticate.
There is no API endpoint to get this though so this would have to be implemented via an Add-on.
I would advise against implementing such an endpoint due to security considerations.
 
Well, you asked how to get the password via API, not how to get the password hash - that's quite a different question and I would have given a different answer if this was asked for instead.

Of coure the hash is stored in the DB (table xf_user_authenticate, eg. entitiy XF:User Authenticate.
There is no API endpoint to get this though so this would have to be implemented via an Add-on.
I would advise against implementing such an endpoint due to security considerations.


Appreciate the reply. I was more thinking out loud in my reply... Working with an add-on developer now to accomplish our end goal.... so looking forward to seeing our idea/solution come to fruition.

What kind of hash does XF use?? I know there are a few different types out there... is that something that is known??
 
Your best solution would be to create a connection to "Log In with your XenForo Account" through an OAuth handshake. There is no safe or clean way to get the users base password and create an external account.

HOWEVER, you could extend the forum registration process and log in process to pass that information over. Please note, this is a potential security risk and not a path I would recommend someone to go down unless they have a decent background in security protocols handling this type of sensitive information.
 
Back
Top Bottom