XF 2.2 Plugin and Custom Project Integration Concerns

pupu

pupu

Member
Hello everyone,

I have some questions regarding XenForo permissions.
I am planning a forum plugin.
Suppose my domain is google.com.
XenForo is deployed in the main directory of the website, so the forum address is google.com.
Then, I have my own project deployed in a subdirectory, such as /test, making the project URL google.com/test.
I would like to know if the PHP and ASP programs located in the /test directory can interact with the PHP programs in the forum plugin directory.
Would there be any permissions or security issues with doing this?

Since I cannot fully integrate my project into the XenForo framework, mutual interaction would be the best solution.
 
There's no firm boundary I suppose, though it really depends what you're trying to do. You may wish to use the REST API to allow your project to communicate with XenForo.
 
pupu said:
XenForo is deployed in the main directory of the website, so the forum address is google.com.
Then, I have my own project deployed in a subdirectory, such as /test, making the project URL google.com/test.
Click to expand...

Sorry, this won't work.

If you have other applications on the site (unrelated to XenForo) and they are on the same domain (not subdomains), then you can not install XenForo in the domain root, but must install it in a subdirectory.

So you'd have:

google.com/ = home page
google.com/forum = forums
google.com/test = another app

... either that, or use subdomains
 
I'm not sure I'd recommend it personally, but I think it's technically possible to install something else in a subdirectory so long as it doesn't conflict with an XF route.
 
Jeremy P said:
I'm not sure I'd recommend it personally, but I think it's technically possible to install something else in a subdirectory so long as it doesn't conflict with an XF route.
Click to expand...
Detailed Explanation:

I have developed a Minecraft plugin management system and I want to write a XenForo plugin to interface with this management system, for example, for VIP activation, purchases, and synchronizing banned accounts.
Additionally, when a user registers an account on XF, the account information will be synchronized with my management system.

The effect I want to achieve is that if a user tries to cheat or perform other illegal actions in the game, my system will ban their account and notify the XF plugin I wrote, which will then ban the user in the XF system and update the ban list on the forum.

To achieve this, my PHP or ASP programs in the management system need to be able to exchange information or interact with the XF plugin system.

Are there any permission issues with such interaction? Or does XF allow its plugins to communicate with PHP or ASP programs in other subdirectories under the same domain?
 
pupu said:
Are there any permission issues with such interaction? Or does XF allow its plugins to communicate with PHP or ASP programs in other subdirectories under the same domain?
Click to expand...
It depends how you implement it, really. Neither XF or PHP explicitly forbid making calls into the framework from an external script, but there is no built-in isolation that would prevent them from interfering with each other either.

Your safest bet is almost certainly using the REST API for communication between processes.
 
Jeremy P said:
I'm not sure I'd recommend it personally, but I think it's technically possible to install something else in a subdirectory so long as it doesn't conflict with an XF route.
Click to expand...
I had a xenforo install in /root and wordpress install actually within a subdirectory and even put / to Wordpress with heavy web server magic. Working great together, xenforo and wordpress. Not sure I would recommend it.
 
Jeremy P said:
It depends how you implement it, really. Neither XF or PHP explicitly forbid making calls into the framework from an external script, but there is no built-in isolation that would prevent them from interfering with each other either.

Your safest bet is almost certainly using the REST API for communication between processes.
Click to expand...
For some operations on the forum, REST API can be used (such as banning accounts, adding user group permissions, etc.). But what if the forum plugin needs to communicate with the ASP programs in my project to obtain information? (For example, VIP expiration dates, etc.)

Without using an API, can the forum plugin directly communicate with the ASP programs in the ASP directory to get results without causing any permission issues?
(I don't want to use an API because, with debugging tools, the API request code can be seen in the XF forum frontend, which would require additional security measures for the ASP project.)
 
pupu said:
I don't want to use an API because, with debugging tools, the API request code can be seen in the XF forum frontend, which would require additional security measures for the ASP project.
Click to expand...
I'm not sure what you mean by this. You can invoke an HTTP request from PHP (we ship Guzzle and even provide a built-in HTTP client), which takes place entirely on the server and does not provide any visibility to the browser. The ASP server wouldn't even have to bind to a public interface assuming you only need serve requests locally.

In any case, I'm not very familiar with ASP or what APIs/options it exposes for inbound communications from other programs.
 
You must log in or register to reply here.

Similar threads

pupu
  • Question Question
XF 2.2 Questions About XenForo Permissions and Security
Replies
0
Views
30
pupu
pupu
Back
Top Bottom