1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mobile App Extention - Ajax Calls

Discussion in 'XenForo Development Discussions' started by Tris10, Apr 15, 2015.

  1. Tris10

    Tris10 Member


    This is kinda an advanced question, so bare with me as i try to explain it.

    We currently have our site built around vbulletin and switching to xenforo. I built a custom mobile app using phonegap. In the app there is a login process. I pass the entered login and password to my server, server checks it and if its good , returns user information, sets a few cookies and good to go.

    Now when the app requests data from the server for the logged in user, it does a simple jquery ajax call and that will automatically include the set cookies that the login call has set, Thus getting me authenticated calls (for the most part).

    So for Xenforo, i build the login request page, i pass the login and password, and i then do this:

    $userModel = $this->getModelFromCache('XenForo_Model_User');
                        $userId = $userModel->validateAuthentication($_POST['lgusername'], $_POST['lgpassword'], $error);
                        if (!$userId) {
                        else {
                            $visitor = XenForo_Visitor::setup($userId);
                            XenForo_Application::getSession()->userLogin($userId, $visitor['password_date']);
    Pretty basic, if the l/p is good , log him in and set cookies (as well as pass other vars from my "mobile_login" call.

    Now when i do ajax calls from my custom ajax wrapper in the app, i get an authentication error.


    I assume in my ajax call from the mobile app, i need some type of token passed from the login script, and then to pass that? Can I get a list of what i need to keep and pass in my mobile apps ajax calls please?

    I know there is a native ajax caller from https://xenforo.com/community/threads/xenforo-ajax-tutorial.8091/ , but i dont want to include any more then i have to in my app and hope to simply create my own ajax called.

    Any help @Mike ? Thanks
  2. Jeremy

    Jeremy XenForo Moderator Staff Member

    You need the csrf token in your AJAX requests.
    Tris10 likes this.
  3. Tris10

    Tris10 Member

    Thanks Jeremy, is it as simple as passing "$visitor['csrf_token_page']"

    Also in my ajax call, do i pass it as "csrf_token_page" name? And how so, in a GET/POST/Header?

  4. Jeremy

    Jeremy XenForo Moderator Staff Member

    AJAX requests should be POST requests. Without having access to code myself right now, I don't know the name. But it's just a parameter of your submission.
    Tris10 likes this.
  5. Tris10

    Tris10 Member

    Thanks, i did some reverse code lookup and got it working :)

    For anyone who comes across this

    Get a visitors token by:

    $visitor = XenForo_Visitor::setup($userId);

    Then pass it back in ajax as either a GET/POST with the key name "_xfToken"

Share This Page