1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.2 Authentication for XF 1.2.0 Beta 3

Discussion in 'XenForo Questions and Support' started by LuckyRiver, Jun 28, 2013.

  1. LuckyRiver

    LuckyRiver Active Member


    Playing around with XF 1.2.0 Beta 3, knowing it's an unsupported version so I went ahead to test it with my board service module and found out it no longer works. Thus, I just wonder if authentication algorithm has changed with the new version. If yes, how the hashing algorithm works now so I can update the game code to support authentication to XF on the new version as I plan to release the new version of board service soon to the community to run Cubeia's poker game.

    Any help is appreciated!

  2. Mike

    Mike XenForo Developer Staff Member

    Yes, it has changed. It now essentially uses bcrypt. You'll need to look at XenForo_Authentication_Core12.
  3. LuckyRiver

    LuckyRiver Active Member

    Thanks Mike!

    Wow, I see. It is much more complex than before. I believe phpBB3 uses this framework but you guys modify a bit and apply php crypt as well. Looks like I will have fun porting the new authentication code to Java! :)

    One more question, where are those below variables get configured? Are they hardcoded ones?

  4. Mike

    Mike XenForo Developer Staff Member

    Iterations are definable in the config (and will probably change over time).

    The others are PHP defines.

    You'd probably do best with an API to let XF do the auth and pass a result back.
    Brandon Sheley likes this.
  5. LuckyRiver

    LuckyRiver Active Member

    Thanks Mike. The problem is there is no such API yet which allows me to call from Java.

    Took me a while to get it working. Now that password is perfectly matched using the stored salt created by XF, I can get the demo going!

    Password hashing was already strong before and much stronger now using blowfish.

    The php crypt() does all the magic even for reverify the matched password but has it perform the same in Java requires some painful hit and miss trials.

    No problem for the configuration of iterations. I've read the value from a config file so if it ever changes, the new value will be used.
  6. xfrocks

    xfrocks Well-Known Member

  7. LuckyRiver

    LuckyRiver Active Member

    Test it against Beta 4. Working like a charm.

    Demo here: http://holdemfever.net

    Sign up a free test account and log on to the game at below url using the same credentials as when you register with Xenforo


    While you are signed in, you may want to play some poker hands, I launched a batch of bots so you may want to test it!

    I gonna release the game soon as it is getting pretty stable now.


Share This Page