1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Add-on Integrating 3rd Party Application

Discussion in 'Custom Service/Development Requests' started by theJay, Jun 8, 2015.

  1. theJay

    theJay Member

    Hello,

    We're looking for someone to help us develop a custom add-on for our XenForo community. Here are the details below:

    Code:
    We'd like for this to hook into the xenForo registration process and have the information inserted into the 3rd party database at the same time. We'd also like to have the password updated in both if the 
    user decides to do so.
    
    User registers ----> information is sent to xF database and $app's database.
    User activates via -----> $value in $table is updated to activate account
    User changes password -----> information is updated in xF database and $app's database.
    
    We need to access the plaintext password, as this program uses a different hashing method. Here are the columns from the external db that we're working with.
    
    $username (xenforo username, varchar 32)
    $password (hashed password, varchar 255)
    $id (randomly generated, int 10)
    $active (is the account active? 1 is default, meaning yes, tinyint 1)
    $salt (randomly generated salt used to hash password, varchar 32)
    
    $secret (variable set by us, used in password hashing)
    
    Our program will hash the user's plaintext password as such ---> ($secret + $rawpassword + $salt) using SHA256.
    
    --
    
    So if all goes well, when the user registers, xenForo will take the person's $username, generate random 10 digit interger $id, generate random 32 digit varchar $salt and
    hash the password combo ($secret + $rawpassword + $salt).
    
    Then, as it inserts information into xF's datrabase, also insert the $username, $password, $id, $active (set to 0) and $salt into the 3rd party database.
    
    Once the user activates their account, it should change the $active value to 1, thus enabling their account.
    
    If the user wants to update their password, it should run through that same hashing process and insert the necessary ($password and $salt) info into the third party database.

    Thank you!
     
  2. Aayush

    Aayush Well-Known Member

    Assuming you have some development experience. You could start by taking a look at the file "library/XenForo/ControllerPublic/Register.php". You could override to actionIndex method to extract the user password in plaintext and probably use some sort of API to store it in the other database using your required hashing algorithm.

    Hope this help.
     
    theJay likes this.
  3. theJay

    theJay Member

    Thanks, I will look in to that file when I get home so that I can get a better idea of where we cen get started
     
  4. Jeremy

    Jeremy XenForo Moderator Staff Member

    As a side note, XenForo has the ability to store passwords in different hashing methods, thus, allowing you to not store passwords in plaintext. (checkout XenForo_Authentication)
     

Share This Page