XF 2.2 API Question for pull requests

Chernabog

Chernabog

Well-known member
I have a guy working on a way to send new user registrations from the forum over to our game server. He's able to get everything we need so far, but is having trouble with pulling the password.

Is there a particular "name" or "call" (I have no idea what the proper word is) that I can tell him to use to grab the password?? That's the last piece to our puzzle.

Thanks for any help!

J
 
Kirby said:
No. XenForo does not store user passwords (doing that would be extraordinarily dangerous).
Click to expand...

Well it's in the database.. probably hashed but there. Hmm would likely need an add-on written that pulls the data and makes it available....
 
Well, you asked how to get the password via API, not how to get the password hash - that's quite a different question and I would have given a different answer if this was asked for instead.

Of coure the hash is stored in the DB (table xf_user_authenticate, eg. entitiy XF:User Authenticate.
There is no API endpoint to get this though so this would have to be implemented via an Add-on.
I would advise against implementing such an endpoint due to security considerations.
 
Kirby said:
Well, you asked how to get the password via API, not how to get the password hash - that's quite a different question and I would have given a different answer if this was asked for instead.

Of coure the hash is stored in the DB (table xf_user_authenticate, eg. entitiy XF:User Authenticate.
There is no API endpoint to get this though so this would have to be implemented via an Add-on.
I would advise against implementing such an endpoint due to security considerations.
Click to expand...


Appreciate the reply. I was more thinking out loud in my reply... Working with an add-on developer now to accomplish our end goal.... so looking forward to seeing our idea/solution come to fruition.

What kind of hash does XF use?? I know there are a few different types out there... is that something that is known??
 
Your best solution would be to create a connection to "Log In with your XenForo Account" through an OAuth handshake. There is no safe or clean way to get the users base password and create an external account.

HOWEVER, you could extend the forum registration process and log in process to pass that information over. Please note, this is a potential security risk and not a path I would recommend someone to go down unless they have a decent background in security protocols handling this type of sensitive information.
 
You must log in or register to reply here.

Similar threads

mattrogowski
Fixed Forum type filters not applied to API thread requests
Replies
1
Views
723
XF Bug Bot
XF Bug Bot
Chernabog
XF 2.2 XF API to send user id and password for each new registration
Replies
4
Views
523
Chernabog
Chernabog
B
[Urgent] Need for custom addon request for gaming community
Replies
2
Views
453
ForumCube
ForumCube
J
  • Question Question
GDPR - first ever request
6 7 8
Replies
142
Views
13K
FTL
FTL
Zambfd
XF 2.1 Check for XF-Forwarded-For for api calls or let XF\Http\Request run through the class proxy
Replies
8
Views
1K
Zambfd
Zambfd
Top Bottom