XF 2.2 custom functions

dbsDev

New member
We are in the process of changing from phpBB 3.3 to XF 2.2. Importing and converting of the BB data into XF has gone "fairly well", although there is a rather large difference in the user accounts tables between the 2 forums. Anyway, with that said, we currently run 3 custom functions in the BB side. Our gaming data is in the same database as the XF data, which should make things a lot simpler (compared to reading some of the developer docs for making a new function).

We use the forum software to populate our gaming table when a new user signs up. I need access to the user name and the unencrypted password they used, to insert a new record in our gaming table. The other 2 functions are when a user changes their password, or when an admin changes a users password. In those cases, we just update the data in our gaming tables...

Are there any examples of this simple function? Thanks kindly in advance.

Gary :)
 

Mike

XenForo developer
Staff member
If you have the option, I'd probably say using the REST API is going to be a better approach than trying to replicate the changes you're proposing.

You could create a super user key (which you store internally/server side; it can't be shown to clients) and then you can call auth/ with the username and password they provide: https://xenforo.com/community/pages/api-endpoints/#route_post_auth_

If successful, this will return a user record and you can use that to potentially create the user in your gaming table (or update it if it already exists).

This way you're not trying to replicate password changes or things like that. (There are a handful a ways that passwords can be changed. It would potentially be possible to get access to the unhashed password but it's certainly more complex as we don't keep it around for that long. Using the API eliminates this need to maintains the security of the hashing algorithm used by XF which makes brute forcing a password harder.)
 

dbsDev

New member
From what I can tell, I don't think the API will work. The big issue is with the user password. I need it being "clean" so that I can encrypt it to the methods we use, which of course, are way different than what you folks use. Not an informed user of XF at this point, and I am guessing that other than at signup, only an admin and the user themselves, could change their password. I need to hook into these 3 places, after the "work" has been completed but still having access to the unencrypted password so that I can update our gaming data.

:)
 

Mike

XenForo developer
Staff member
If you don't have the ability to change the authentication system, then correct the REST API won't work. If you can change the code to authenticate via XF and then store user data (without a password) in your local table, then I would recommend that approach.

Otherwise, you are going to have to get into a full XF add-on that extends the User entity to handle inserts (and potentially deletes) and then also the UserAuth entity to handle password changes. You'll probably need to extend the setPassword method there to temporarily store (in memory) the raw password until the save actually goes through and then you can handle your actions in _postSave.

There isn't likely to be a simple example of what you're trying to build, so you're going to need to get into the various XF add-on concepts. The best places to start are likely to be our dev docs and Kier's new video series:


 
Top