1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Check account/login from external php application

Discussion in 'XenForo Development Discussions' started by PyroM, Oct 5, 2013.

  1. PyroM

    PyroM Active Member

    There are several threads regarding word press login and similar., but I need something much more simple and did not found it, when searching:

    Parallel to my current vB3 I have few own php applications / functions, which use the user accounts from vBulletin.
    For this, users have to login within these applications. The login causes a call of a simple user.php and afterwards of a salt.php to verify the login against the vB database. Returned result is just "true" or "false", so the external application accepts the user as logged in or refuses him. If the check was successful, the application opens its own session for the user.

    My question: is there something similar within XF core to check a login with xf-username/password or is there an addon for this functionality? Thanks for any input!
  2. Jeremy

    Jeremy XenForo Moderator Staff Member

    XenForo_Authentication has the functionality. You'll need to initialize XenForo tho.
    PyroM likes this.
  3. PyroM

    PyroM Active Member

    Thanks Jeremy for hinting.
    I now searched your posting history, furthermore all the forums and resources and help for "XenForo_Authentication", but I do not find a solution. I do have to guide my programmer (not xenforo but for my external php applications) to the solution on how to implement that user verification (checking username + password if its a valid combination -> grant access to external application), but I would not know how to guide him.

    These threads is all I've found:

    That one sounds good, but its open ended as far as I understood:

    Could someone please guide me to the usage of that class and how to access it from outside php to check a user login against the xenforo user database, please?

    Thanks a lot in advance,
    kelimekatili likes this.
  4. PyroM

    PyroM Active Member

    I would be willing to pay for implementing this as "addon"...
  5. tyteen4a03

    tyteen4a03 Well-Known Member

    Can the external program access the XenForo files internally (i.e include())?
  6. PyroM

    PyroM Active Member

    Actually those applications are on 2 different domains on 2 different physical servers. I would like to keep that for safety and performance reasons (the best server just for the forums, everything else external). If there is no, no, no way out I could put all on the best server, but still with different domains.

    Does this info help, @tyteen4a03
  7. tyteen4a03

    tyteen4a03 Well-Known Member

    In your case, your best bet is to implement OpenID or OAuth2 on your wordpress sites and set the XenForo forum as the master, instead of reinventing the wheel.
    PyroM likes this.
  8. PyroM

    PyroM Active Member

    Mmmmmh, that is bad news.
    Its not regarding wordpress but own other php applications, but I think that does not matter. But as I do not know about what we are talking, its difficult to imagine.

    Just to be clear:
    the external applications do check at some occasions, if an user is a valid forums user. This has to be "hidden and convenient" for the users, so no third party login or similar is possible. The users just browse through the external php application and sometimes, here and there for special functions and interactions, the application checks if the user is valid and let him proceed - or not, if the return value of the username/passwort check is "false".

    I understand that the solution probably should include() xf class and/or configuration files for using the XenForo_Authentication class within the forums domain. I do not understand what Jeremy've ment with "You'll need to initialize XenForo tho."

    So, there should be a possibility to implement a small bridge (yes, probably reinventing the wheel) in one or few php files, located on the xf server and use XenForo_Authentication. Then allow a foreign domain/server to use those php files (for safety reasons these php files/functions should check the referer and allow only the known domain/IP, not foreign servers)

    I think that is a way of the usercheck- and salt-php files, which check against the vBulletin user database. I am pretty sure this would work for xf too.

    But how exactly, please?
    And who would be willing to transparently implement such functions for me? I would be willing to pay.
  9. tyteen4a03

    tyteen4a03 Well-Known Member

    What he meant is include() xf classes and set up XenForo_Application (and other classes).

    OpenID and/or OAuth2 would still be your best bet. Check out [bd] API or XenAPI for OAuth, and Waindigo's Single Sign On addon for OpenID.
    PyroM likes this.
  10. ManOnDaMoon

    ManOnDaMoon Well-Known Member

    PyroM likes this.

Share This Page