• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.4 Cometchat IOS and Android App

#1
At first I had a few issues with cometchat after installation but followed the tips from the below thread and got cometchat working on my site with memcache.
https://xenforo.com/community/threads/xf-memcached-cometchat-works-now.59430/

However, the IOS and Android app does not work. Keeps giving me “Username and password do not match”. I know cometchat is not supported here but I just wanted to know if any other xenforo users encountered this issue. I have submitted a ticket with cometchat support and all they stated was this.

https://www.example.com/community/c...e=test&password=12345678&callbackfn=mobileapp

Please configure code in /cometchat/chatlogin.php file such that the above URL should return id of the user. Please get back to us after configuring so that we can look into the issue.
I am totally confused lol. My chatlogin.php contains.... Any help would be greatly appreciated. Thanks!

PHP:
<?php

include_once(dirname(__FILE__).DIRECTORY_SEPARATOR."cometchat_init.php");

$userName=$_REQUEST['uname'];
$password=$_REQUEST['pwd'];
      
    $userid = 0;
    if (filter_var($userName, FILTER_VALIDATE_EMAIL)) {
        $sql = ("SELECT * FROM `".TABLE_PREFIX.DB_USERTABLE."` WHERE email ='".$userName."'");
    } else {
        $sql = ("SELECT * FROM `".TABLE_PREFIX.DB_USERTABLE."` WHERE user_name ='".$userName."'");
    }
    $result = mysqli_query($GLOBALS['dbh'],$sql);
    $row = mysqli_fetch_assoc($result);
    $database_password = $row['password'];
    $hash = hash_hmac("sha256", $password, $row['salt']);

    if($hash == $database_password) {   //please encrypt the $password to copmare with the encrypted password in database
        $userid=$row['user_id'];
    }
    echo $userid;
?>
 

Mike

XenForo developer
Staff member
#2
You'll need to direct any questions to CometChat.

Also please don't use the code you showed here in production. There are some really clear vulnerabilities with it (SQL injection).
 
#3
You'll need to direct any questions to CometChat.

Also please don't use the code you showed here in production. There are some really clear vulnerabilities with it (SQL injection).
Thanks Mike! I know that I would need to direct any questions to CometChat but I just wanted to know if any fellow xenforo users experienced this issue and hopefully they could chime in.