I was going to make a 3rd-party login system for a site I'm helping with and was wondering what the password formula is to check if the password is correct.
Unless I'm mistaken, the hashing algorithm for XenForo is either sha1 or sha256 (depending on whether it's installed), with a salt appended to it, then re-hashed using either sha1 or sha256 (again).
Examples, SHA1:
PHP:
$password = sha1(sha1($password).$salt)
SHA256 (not actual PHP code, just for illustrative purposes):
PHP:
$password = sha256(sha356($password).$salt)
You can authenticate a password using XenForo_Authentication_Abstract::authenticate()