XF 1.2 Login, Logout, Register from outside XenForo

[feldon30]

I created a thread in the Addons Discussion forum but received no response, so I'm posting here. I've looked at XenAPI, but it seems to miss this crucial functionality. I've found a few people getting help with this topic, but never a concrete example.

I need to write either a standalone script, or a plugin for XenForo which lets me fire off the Login, Logout, and Register functions from an outside script.

I see a few possible ways to go:

• Override/extend Xenforo's existing Login, Logout, Register functions to not require a password
• Create a XenForo plugin that takes some kind of encrypted key from our third party script that says "login user X".
• Keep passwords synced between my 3rd party script and XenForo.

If I can get this working, I will be purchasing another XenForo license.

 

[Liam W]

The easiest way would be to sync the passwords, then when someone logs in outside xenForo, the server sends a POST request to the xenForo install with the relevant data, to get a session id.

This session id would then be set in a cookie from your page, useable by the xenForo installation.

Liam

 

[MrCheck]

Hi there,

I'm working with Feldon30 on this. The following would work as a solution for our problem:

A php file that we can include in our own php file using require_once('filename.php')

Functions within that php file that can be called to Register, Login, and Logout of XenForo.

We can send whatever info is needed by XenForo to the Register, Login, and Logout functions.

We have exactly this with another sub-optimal forum product which is free but would much rather purchase another license of XenForo and use it instead.

Thanks in advance for any help on this.

Check

 

[Liam W]

You could probably easily make a quick addon for xenForo that returns the sessionID when a CURL POST is sent, then create a script to use cURL to send the login details to the xenForo install, and set the xenForo cookie.

 

[feldon30]

Liam,

Thanks for your suggestions. The part I am not getting is, we hash the password on the client side (yes, in the browser), so we never have the plaintext password. What do we pass to XenForo?

 

[Liam W]

Liam,

Thanks for your suggestions. The part I am not getting is, we hash the password on the client side (yes, in the browser), so we never have the plaintext password. What do we pass to XenForo?

You would have to program a system into xenForo to use the same hashing system.

However, if the hashed password is used to register, then it shouldn't make much difference.

 

[MrCheck]

I've managed to write scripts that use XenForo's own system calls to login, logout, and register a user with the info from our 3rd party system without doing any direct database calls.

The only issue I've got left is admins need to re-enter their passwords to get to the admin panel and their password is currently a fairly long hashed version of their password. Working on options to work around that last little issue.

Thanks for the advice.

Check

 

[feldon30]

I am a fan of XenForo. I think that much is clear. However, if anyone ever tells you that it is easy to integrate XenForo with a third party app's login system, they are overstating.

The integration of EQ2U with XenForo has been quite a challenge (pronounced "pain in the ass"). Here are the things that needed to be handled.

• User not logged in to EQ2U, Clicking Login on XenForo
• User Logged in to EQ2U, Clicking Login on XenForo
• User Logged in to EQ2U, Clicking Forums on EQ2U
• User not logged in to EQ2U, Clicking Forums on EQ2U
• User not logged in, EQ2U user, Non-XenForo user, clicking Login on XenForo
• User logged in, EQ2U user, Non-XenForo user, clicking Login on XenForo
• EQ2U user changing password on EQ2U
• EQ2U user uses forgot password feature on EQ2U
• XenForo user clicking Admin or a link that requires admin permissions
• User clicks Logout on XenForo
• User clicks Logout on EQ2U
• Non-EQ2U User, clicking Login on XenForo

This required 30 hours of development time and still, we have a rather nasty kludge in place to deal with the Admin CP "Login for this function" interstitial. Currently, to login to the AdminCP, we have a made up page that is prepopulated with your login and the hashed password is provided in the pw field. It's quite ugly, but it's what we could get working.

My programmer is in the fetal position after writing all this, and I certainly understand his pain. XenForo integration with 3rd party scripts can't just SAY it's easy. It has to BE easy. Or it has to be documented.


By the way, if you are wondering how other forum software handles this type of thing, SMF has an unofficial "bridge" script. It's a self-contained PHP file that includes encapsulated versions all of the useful functions of SMF with all dependencies removed so that this 1 file can log a user into and out of the forum, create/register a user, delete a user, update a user's profile, etc. It's all in 1 self-contained file that does not require spinning up the whole 'framework' of the forum. You just fire 1 function to login a user, 1 function to logout that user, 1 function to create a user.
http://www.simplemachines.org/community/index.php?topic=453008.0

We had SMF integration with our site up and running in about 4 hours, but we felt that SMF was too primitive features-wise to grow our community, so we bought a XenForo license and put in the time to get integration working. And no, having our site just use XenForo's login system is unacceptable. Our site has been operational for 2 years.