• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Mobile App Extention - Ajax Calls

#1
Hello,

This is kinda an advanced question, so bare with me as i try to explain it.

We currently have our site built around vbulletin and switching to xenforo. I built a custom mobile app using phonegap. In the app there is a login process. I pass the entered login and password to my server, server checks it and if its good , returns user information, sets a few cookies and good to go.

Now when the app requests data from the server for the logged in user, it does a simple jquery ajax call and that will automatically include the set cookies that the login call has set, Thus getting me authenticated calls (for the most part).

So for Xenforo, i build the login request page, i pass the login and password, and i then do this:

Code:
$userModel = $this->getModelFromCache('XenForo_Model_User');
                    $userId = $userModel->validateAuthentication($_POST['lgusername'], $_POST['lgpassword'], $error);
                    if (!$userId) {
                        $json['result']=false;
                        $json['error']=$error;
                    }
                    else {
                        $userModel->setUserRememberCookie($userId);
                        $visitor = XenForo_Visitor::setup($userId);
                        XenForo_Application::getSession()->userLogin($userId, $visitor['password_date']);
                        $json=$mobile->mobile_login($userId);
                    }
Pretty basic, if the l/p is good , log him in and set cookies (as well as pass other vars from my "mobile_login" call.

Now when i do ajax calls from my custom ajax wrapper in the app, i get an authentication error.



I assume in my ajax call from the mobile app, i need some type of token passed from the login script, and then to pass that? Can I get a list of what i need to keep and pass in my mobile apps ajax calls please?

I know there is a native ajax caller from https://xenforo.com/community/threads/xenforo-ajax-tutorial.8091/ , but i dont want to include any more then i have to in my app and hope to simply create my own ajax called.

Any help @Mike ? Thanks
 
#3
Thanks Jeremy, is it as simple as passing "$visitor['csrf_token_page']"

Also in my ajax call, do i pass it as "csrf_token_page" name? And how so, in a GET/POST/Header?

Thanks
 

Jeremy

Well-known member
#4
AJAX requests should be POST requests. Without having access to code myself right now, I don't know the name. But it's just a parameter of your submission.
 
#5
AJAX requests should be POST requests. Without having access to code myself right now, I don't know the name. But it's just a parameter of your submission.
Thanks, i did some reverse code lookup and got it working :)

For anyone who comes across this

Get a visitors token by:

$visitor = XenForo_Visitor::setup($userId);
$visitor['csrf_token_page']

Then pass it back in ajax as either a GET/POST with the key name "_xfToken"