XF 2 Please—Need Immediate Help with API Setup

[Gene Steinberg]

So here's the deal.

I've been using third-party API solutions in order to set up a login scheme for upgraded members to access an RSS feed for the file downloads in the upgrade area (using Resource Manager).

Most recently, I have worked with [bd] AP add-on from xFrocks. Prior to that, I used the XenAPI.

However, when moving to a new, super fast Plesk Obsidian server (with NVMe drives), I find the login scheme is no longer functional.

I'd like to use the home-grown XenForo version, but the directions are above my pay grade.

Here's the current script I use with the above add-on (with ID and secret credentials blocked out).

Can someone help me modify the script and set up the XF API to use it, please?

My budget for this is zero, but whoever helps gets a free lifetime membership to the upgraded area (where you get access to the ad-free version of my syndicated radio show, and a second show). I hope that's a bit of an incentive.

I'm also willing to help with some of the work with proper guidance and such.

<?php

define('API_SCRIPT_ROOT', 'https://theparacast.com/forum/api');
define('API_SCRIPT_CLIENT_ID', '----------');
define('API_SCRIPT_CLIENT_SECRET', '----------E');

/* API SCRIPT FUNCTIONS START */

function apiScriptGetAccessToken($username, $password, $cookieName = null)
{
    foreach ([
                 'API_SCRIPT_ROOT',
                 'API_SCRIPT_CLIENT_ID',
                 'API_SCRIPT_CLIENT_SECRET'
             ] as $apiScriptConstant) {
        if (!defined($apiScriptConstant)) {
            throw new Exception(sprintf('%s must be defined!', $apiScriptConstant));
        }
    }

    if ($cookieName === null) {
        $cookieName = API_SCRIPT_CLIENT_ID . 'AccessToken';
    }
    if (is_string($cookieName) && isset($_COOKIE[$cookieName])) {
        return $_COOKIE[$cookieName];
    }

    $token = apiScriptPostOauthToken($username, $password);

    if (is_string($cookieName) && strlen($cookieName) > 0) {
        setcookie($cookieName, $token['access_token'], time() + $token['expires_in']);
    }

    return $token['access_token'];
}

function apiScriptGetUserMe($accessToken)
{
    $result = @file_get_contents(API_SCRIPT_ROOT . '/index.php?users/me&oauth_token=' . $accessToken);
    if (!is_string($result)) {
        return null;
    }

    $json = @json_decode($result, true);
    if (!is_array($json) || !isset($json['user'])) {
        return null;
    }

    return $json['user'];
}

function apiScriptPostOauthToken($username, $password)
{
    $fields = [
        'grant_type' => 'password',
        'username' => $username,
        'password' => $password,
        'client_id' => API_SCRIPT_CLIENT_ID,
        'client_secret' => API_SCRIPT_CLIENT_SECRET
    ];

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_URL, API_SCRIPT_ROOT . '/index.php?oauth/token');
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
    $result = @curl_exec($ch);
    curl_close($ch);

    $json = @json_decode($result, true);
    if (!is_array($json) || !isset($json['access_token'])) {
        return null;
    }

    return $json;
}

function apiScriptTestUserGroups(array $user, $groupIdsList)
{
    if (!is_string($groupIdsList)) {
        return false;
    }

    $groupIds = preg_split('/[^0-9]/', $groupIdsList, -1, PREG_SPLIT_NO_EMPTY);
    $groupIds = array_map('intval', $groupIds);
    if (count($groupIds) === 0) {
        return true;
    }

    if (!isset($user['user_groups'])) {
        return false;
    }

    foreach ($user['user_groups'] as $userGroup) {
        if (in_array($userGroup['user_group_id'], $groupIds, true)) {
            return true;
        }
    }

    return false;
}

/* API SCRIPT FUNCTIONS END */

if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && strpos($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 'Basic ') === 0) {
    list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
}

if (empty($_SERVER['PHP_AUTH_USER']) ||
    empty($_SERVER['PHP_AUTH_PW']) ||
    !($accessToken = apiScriptGetAccessToken($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))
) {
    header('WWW-Authenticate: Basic realm="The Paracast+"');
    header('HTTP/1.1 401 Unauthorized');
    die('Please authenticate with your Paracast Forum username and password.');
}

if (!($user = apiScriptGetUserMe($accessToken)) ||
    !apiScriptTestUserGroups($user, '3,4,5,8,9,10,11')
) {
    header('HTTP/1.1 403 Forbidden');
    die('Your account has not been upgraded to access The Paracast+.');
}

header('Content-Type: application/xml; charset=utf-8');        
$doc = new DOMDocument();
$doc->load('288h7su1ksh9.xml');
echo $doc->saveXML();

 

[Gene Steinberg]

No ideas?

 

[Gene Steinberg]

I got a solution with the existing add-on and the above script. Things changed in the move from WHM/cPanel to Plesk. Inserting "www" in the "ROOT" fixed it. That's all it needed.

I had actually hoped people might advise me here, but I have never actually gotten much useful advice from these forums.

 

[Deleted member 91401]

I got a solution with the existing add-on and the above script. Things changed in the move from WHM/cPanel to Plesk. Inserting "www" in the "ROOT" fixed it. That's all it needed.

I had actually hoped people might advise me here, but I have never actually gotten much useful advice from these forums.

Perhaps you can help me? I'm trying to get the xfrocks bd api working but struggling

 

[Gene Steinberg]

I only use it for one purpose: To allow encrypted logins for an RSS feed to access multimedia content in a member upgrade area on my forum. Xfrocks helped to set up the script for it.

I have not used it for any other purpose, and find the documentation for this and the official XenForo alternative to be essentially useless.