XF 2.1 Login to XF2 On Different SubDomian Via PHP

dazamate

Member
Hi guys.

I am upgrading to Xenforo 2 and I need to be able to remotely log into XF2 from another subdomain

my login form is on form.mywebsite.com and xf2 is on forums.mywebsite.com

As suggested I am using the Auth rest API

When I pass the login credentials, I do get a success response back...

Code:
Array
(
    [success] => 1
    [user] => Array
        (
            [about] =>
            [activity_visible] => 1
            [alert_optout] => Array
                (
                )

            [allow_post_profile] => members
            [allow_receive_news_feed] => everyone
            [allow_send_personal_conversation] => members
            [allow_view_identities] => everyone
            [allow_view_profile] => everyone
            [avatar_urls] => Array
                (...

I imagine to have a persistent login, some auth cookies would need to be set. I did a cookie clear and the only cookie being set on the api request is this one...

Code:
[__cfduid] => d17392b36af1...


I also tried logging in by directly interfacing with the xf classes based off some posts here.. Here is what I had (but didn't work)

PHP:
public function loginUser(string $login, string $password): bool {
       
        // Check credentials
        $ip = $this->_xf->request->getIp();
        $loginService = $this->_xf->service('XF:User\Login', $login, $ip);
        $error = '';

        $xfUser = $loginService->validate($password, $error) ?? false;

        // No user returned, credentials failed
        if( empty($xfUser) ) { return false; }

        // Log the user in
        $this->_xf->session->changeUser($xfUser);
        \XF::setVisitor($xfUser);

        $class = \XF::app()->extendClass('XF\Session\Session');
       
        /** @var \XF\Session\Session $session */
        $session = new $class(\XF::app()->container('session.public.storage'), [
           'cookie' => 'session'
        ]);

        $session->start(\XF::app()->request());
        $session->changeUser($xfUser);
        $cookieVal = $session->getSessionId();

        $rememberRepo = $this->_xf->repository('XF:UserRemember');
        $key = $rememberRepo->createRememberRecord($xfUser->user_id);
        $value = $rememberRepo->getCookieValue($xfUser->user_id, $key);

        $session->save();

        setcookie('xf_session', $cookieVal, time() + (365 * 86400), '/');
        setcookie('xf_user', $value, time() + (365 * 86400), '/');

        return true;

    }
However when I refresh the forums.mywebsite.com, it still has 'login' in the header.

To make sure cookies are readable between the subdomains, I put this in my xenforo/src/config.php file

PHP:
$config['cookie']['prefix'] = 'xf_';
$config['cookie']['path'] = '/';
$config['cookie']['domain'] = '.mywebsite.com';

I am very very new to the xenforo API. I just need to be able to login a user from one subdomain, so when the forum subdomain loads, the user is logged in ready to go.

Please help, thank you!
 

Lukas W.

Well-known member
You can't log users in via the REST API. XenForos REST API doesn't have any form of authentication, but even if it would, APIs are built stateless vs. normal applications being session-based, so the REST API couldn't initiate a session for you. What you want to do is launch the XenForo Application on your custom domain and project (file snippets for that are around plenty), and use that to log the user in.
 

dazamate

Member
You can't log users in via the REST API. XenForos REST API doesn't have any form of authentication, but even if it would, APIs are built stateless vs. normal applications being session-based, so the REST API couldn't initiate a session for you.

Yes this was my belief too, but all the responses looking around on the forum kept pushing people to the rest api, so I just tried it because possible magic.


What you want to do is launch the XenForo Application on your custom domain and project (file snippets for that are around plenty), and use that to log the user in.

Can you please direct me to one that you know works? As you can see above I tried coming up with something based on code snippets that I could find on the server but it doesn't work.
 

Tom McIntyre

Active member
I have been trying to understand a variant of this process where we have a login and security service that provides login support for our iMIS membership system and our WordPress system.

Our users are authenticated and have initiated sessions on the other systems when they arrive on the XenForo site. The login link on the XenForo site is actually a link to the iMIS site.

It seemed to me this was exactly the same as the Connected Accounts interface to Facebook or LinkedIn.

That led me to examine connected_account.php. I may be being naive, but it looks like I can make another variant on connected_account.php with most of the overhead removed and navigate to that from the login service on my iMIS system. The goal of our integration is that the iMIS System, the WordPress system and our Xenforo system look like a single site to the user. There will be small differences depending on context and we do not currently intend to disguise the base URLs that differ for the three sites (www.nawcc.org, net.nawcc.org and mb.nawcc.org).

Additional information source sites (little or no interaction) are managed as iframes by the WP site.

I would welcome any comments on this approach.

The system will actually have Oauth 2 service for FaceBook and LinkedIn that duplicate the connected account service on XenForo provided by iMIS.

I figured it out. I needed to pass an extra parameter to the setcookie() function and specify the main domain, so the cookie is shared across subdomains.
We have been using domain cookies since we set up the first version of this system with vBulletin and Joomla a little over 12 years ago. We have not had time to fix all this until we decided to upgrade both our main web site to WP and our Forums to xF2.
 
Last edited:
Top