1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mobile App Extention - Ajax Calls

Discussion in 'XenForo Development Discussions' started by Tris10, Apr 15, 2015.

  1. Tris10

    Tris10 Member


    This is kinda an advanced question, so bare with me as i try to explain it.

    We currently have our site built around vbulletin and switching to xenforo. I built a custom mobile app using phonegap. In the app there is a login process. I pass the entered login and password to my server, server checks it and if its good , returns user information, sets a few cookies and good to go.

    Now when the app requests data from the server for the logged in user, it does a simple jquery ajax call and that will automatically include the set cookies that the login call has set, Thus getting me authenticated calls (for the most part).

    So for Xenforo, i build the login request page, i pass the login and password, and i then do this:

    $userModel = $this->getModelFromCache('XenForo_Model_User');
                        $userId = $userModel->validateAuthentication($_POST['lgusername'], $_POST['lgpassword'], $error);
                        if (!$userId) {
                        else {
                            $visitor = XenForo_Visitor::setup($userId);
                            XenForo_Application::getSession()->userLogin($userId, $visitor['password_date']);
    Pretty basic, if the l/p is good , log him in and set cookies (as well as pass other vars from my "mobile_login" call.

    Now when i do ajax calls from my custom ajax wrapper in the app, i get an authentication error.


    I assume in my ajax call from the mobile app, i need some type of token passed from the login script, and then to pass that? Can I get a list of what i need to keep and pass in my mobile apps ajax calls please?

    I know there is a native ajax caller from https://xenforo.com/community/threads/xenforo-ajax-tutorial.8091/ , but i dont want to include any more then i have to in my app and hope to simply create my own ajax called.

    Any help @Mike ? Thanks
  2. Jeremy

    Jeremy Well-Known Member

    You need the csrf token in your AJAX requests.
    Tris10 likes this.
  3. Tris10

    Tris10 Member

    Thanks Jeremy, is it as simple as passing "$visitor['csrf_token_page']"

    Also in my ajax call, do i pass it as "csrf_token_page" name? And how so, in a GET/POST/Header?

  4. Jeremy

    Jeremy Well-Known Member

    AJAX requests should be POST requests. Without having access to code myself right now, I don't know the name. But it's just a parameter of your submission.
    Tris10 likes this.
  5. Tris10

    Tris10 Member

    Thanks, i did some reverse code lookup and got it working :)

    For anyone who comes across this

    Get a visitors token by:

    $visitor = XenForo_Visitor::setup($userId);

    Then pass it back in ajax as either a GET/POST with the key name "_xfToken"

Share This Page