XF 2.0 External password & username

[Moretti]

I would like to link my XenForo 2 installation with a game server. My server is C# and currently I am creating new accounts. I would like to be able to allow a user to login with their forum username and password and also pull any ID's etc from this.

How are the passwords hashed so I can verify? If anyone has any tips would be best. I currently am using BCrypt

 

[Chris D]

Luckily, XF2 uses BCrypt by default so you shouldn't have much trouble taking a password and comparing it against the hash in XF's xf_user_authenticate table.

Though there are a couple of exceptions.

The data field when the scheme class is XF:Core12 (the default from XF 1.2 and above) is PHP serialized so it will first need to be unserialized to access the hash.

I found this, which may help:

https://gist.github.com/xiangwan/1225981

Once you've gotten the hash from that now unserialized data, you should be able to compare the user supplied password with that hash for authentication.

The other exceptions are if you migrated from another forum platform (indicated by a value in the scheme_class field which is anything other than XF:Core12).

These will not be BCrypt hashes. If this applies to you, then you will either a) need to ask the users to log in to the forum first (where their hash will be updated to BCrypt) or b) handle the different hashes in your code.

 

[Moretti]

Thanks for your quick reply. Would you know the best way to read a BLOB file from the database using SQL commands in C#?

 

[Chris D]

I found this, which may help:

https://gist.github.com/xiangwan/1225981

Query the database as usual, then run that column's blob contents through this, as far as I can tell. I'm not a C/C++/C# developer so unfortunately that's about as far as I can go with it