Alexandre Góes
Member
Hi all,
I'm trying to create my first addon after reading the Creating Addon post by Lawrence.
My goal is implement a way to authenticate users without hashing the passwords... I know it is not a good practice, there are many security concerns, etc. But I'm doing it as an exercise and to learn about creating addons and authenticating in xenForo.
Everything I did:
Created the Add-on on CP, created an event listener:
Listen to Event: load_class
Event Hint: XenForo_Authentication_Core12
Execute Callback: PlainPassword_Listener_LoadClass::loadClassListener
In library folder, I have created the folder/files:
/PlainPassword/Listener/LoadClass.php
/PlainPassword/Authentication/PlainPassword.php
LoadClass.php:
PlainPassword.php:
Everything went nearly ok... I can save a new password and authenticate properly. In "data" field of the XF_USER_AUTHENTICATE table I can see the password unhashed. But after authenticating, the "scheme_class" field changes from "XenForo_Authentication_Core12" to "PlainPassword_Authentication_PlainPassword" and I cannot authenticate anymore. If I manually change the "scheme_class" field back to "XenForo_Authentication_Core12", I can authenticate one more time, and the field changes again. When I try to change my password (with the changed scheme), I get this error:
Server Error
Cannot load class using XFCP. Load the class using the correct loader first.
Why it is writing the "scheme name" everytime I try to autenticate? And why it is writting the "scheme name" of the extension class as it can't be instantiated directly? I found in the XenForo_DataWriter_User::setPassword function a $this->set('scheme_class', $auth->getClassName()) call... Is it writting the extension class name instead of the original class name? And why it's being called during common authentication?
Sorry about my poor english... I'm Brazillian and, so, my native language is portuguese. And also sorry about so many questions... It's my first addon and I'm a kind of lost.
If you guys can give me any advice about what I'm doing wrong, and what should be the right path to code it properly I would be very glad to know!
Thanks in advance!
I'm trying to create my first addon after reading the Creating Addon post by Lawrence.
My goal is implement a way to authenticate users without hashing the passwords... I know it is not a good practice, there are many security concerns, etc. But I'm doing it as an exercise and to learn about creating addons and authenticating in xenForo.
Everything I did:
Created the Add-on on CP, created an event listener:
Listen to Event: load_class
Event Hint: XenForo_Authentication_Core12
Execute Callback: PlainPassword_Listener_LoadClass::loadClassListener
In library folder, I have created the folder/files:
/PlainPassword/Listener/LoadClass.php
/PlainPassword/Authentication/PlainPassword.php
LoadClass.php:
Code:
<?php
class PlainPassword_Listener_LoadClass
{
public static function loadClassListener($class, array &$extend)
{
if ($class == 'XenForo_Authentication_Core12')
{
$extend[] = 'PlainPassword_Authentication_PlainPassword';
}
}
}
PlainPassword.php:
Code:
<?php
class PlainPassword_Authentication_PlainPassword extends XFCP_PlainPassword_Authentication_PlainPassword
{
public function generate($password)
{
$output = array('hash' => $password);
return serialize($output);
}
public function authenticate($userId, $password)
{
if (!is_string($password) || $password === '' || empty($this->_data))
{
return false;
}
return ($password == $this->_data['hash']);
}
}
Everything went nearly ok... I can save a new password and authenticate properly. In "data" field of the XF_USER_AUTHENTICATE table I can see the password unhashed. But after authenticating, the "scheme_class" field changes from "XenForo_Authentication_Core12" to "PlainPassword_Authentication_PlainPassword" and I cannot authenticate anymore. If I manually change the "scheme_class" field back to "XenForo_Authentication_Core12", I can authenticate one more time, and the field changes again. When I try to change my password (with the changed scheme), I get this error:
Server Error
Cannot load class using XFCP. Load the class using the correct loader first.
- XenForo_Autoloader->autoload()
- spl_autoload_call() in H:/XF/library/PlainPassword/Authentication/PlainPassword.php at line 4
- include() in H:/XF/library/XenForo/Autoloader.php at line 119
- XenForo_Autoloader->autoload() in H:/XF/library/XenForo/Application.php at line 1011
- XenForo_Application::autoload() in H:/XF/library/XenForo/Application.php at line 457
- XenForo_Application::resolveDynamicClass() in H:/XF/library/XenForo/Authentication/Abstract.php at line 116
- XenForo_Authentication_Abstract::create() in H:/XF/library/XenForo/Model/User.php at line 1270
- XenForo_Model_User->getUserAuthenticationObjectByUserId() in H:/XF/library/XenForo/ControllerPublic/Account.php at line 1042
- XenForo_ControllerPublic_Account->actionSecurity() in H:/XF/library/XenForo/FrontController.php at line 347
- XenForo_FrontController->dispatch() in H:/XF/library/XenForo/FrontController.php at line 134
- XenForo_FrontController->run() in H:/XF/index.php at line 13
Why it is writing the "scheme name" everytime I try to autenticate? And why it is writting the "scheme name" of the extension class as it can't be instantiated directly? I found in the XenForo_DataWriter_User::setPassword function a $this->set('scheme_class', $auth->getClassName()) call... Is it writting the extension class name instead of the original class name? And why it's being called during common authentication?
Sorry about my poor english... I'm Brazillian and, so, my native language is portuguese. And also sorry about so many questions... It's my first addon and I'm a kind of lost.
If you guys can give me any advice about what I'm doing wrong, and what should be the right path to code it properly I would be very glad to know!
Thanks in advance!