Python XenForo Module

[SteveMcGrath]

Hi everyone,

I have been working on developing a application that needs to link to a XenForo forum. What I needed to do was send a PM to a user to validate they are who they said they are. As a result of which I have written the following python module. If there are any questions please feel free to ask

https://github.com/SteveMcGrath/pyxenforo

[UPDATED: Removed the old wording as this now works \o/]

 

[SteveMcGrath]

bump. If there is a moderator, can they move this to the proper forum? I am unfortunately not allowed to post anywhere but here.

 

[Paul B]

If I move it to one of the customer forums you won't be able to reply.

 

[SteveMcGrath]

gah! I'm sure my current problem is that the right people aren't viewing this thread. probably why it's sat.

 

[SteveMcGrath]

*bump*

 

[Paul B]

Presumably you have access to the XenForo source code?

In which case are you writing this application for a XenForo customer?
If so, ask them to add your forum account to their customer account and you will then have access to the customer forums.

 

[SteveMcGrath]

I do not have access to the code. I am not writing this for a XenForo customer. I am simply trying to write a script that will PM a form user by mimicking the post/get requests needed to send a message. this is being done in order to validate that a user is who they say they are from the bukkit forums so that the repository system I am writing (http://bukget.org) doesnt get spammed with fake plugins.

 

[Paul B]

Oh I see, so it has nothing to do with XenForo at all.
I misunderstood the "I am trying to write an application external to XenForo" as it would interface with XenForo.

I see what you're doing now.

 

[SteveMcGrath]

Brogan: Yeah. honestly if I could just get some direction as to what XenForo is doing to handle these requests I could automate this process quite easily. All of my code will be sitting on a different server in a different location so trying to pull directly from the DB is a bad idea. I am using a legit user to perform the actions, its just a matter of walking through the steps.

 

[SteveMcGrath]

*bump*

 

[Mike]

We use an anti-CSRF token that basically prevents what you're trying to do. You can make requests and scrape it out; you can't generate it. For the most part, you should be able to watch the requests that are made in each step and reproduce them, modifying the bits that change.

 

[SteveMcGrath]

Mike,

interesting. I'm assuming this is being done in xenforo.js.

Also I have been looking at the POSTs and GETs and in my examples, _xfToken is always ''. If there is another way to handle this that would be great.

 

[Mike]

The token is generated server side and is different on every page view. You will have a token as a registered user.

 

[SteveMcGrath]

I did see that xfToken has a value after I login, however if there is no token when I am trying to login, why am I not getting a f_user cookie set. I do get a IDstack and f_session.

https://github.com/SteveMcGrath/bukget/blob/master/forum_link_test.py

 

[Mike]

I did see that xfToken has a value after I login, however if there is no token when I am trying to login, why am I not getting a f_user cookie set. I do get a IDstack and f_session

You don't need the user cookie; you just need the session. But you don't get the user cookie without clicking the "remember me" button.

 

[SteveMcGrath]

figured out for this usage, I needed to set remember to True.

https://github.com/SteveMcGrath/pyxenforo

 

[SteveMcGrath]

Can the thread topic be changed to: Python XenForo Module.

 

[Lawrence]

Can the thread topic be changed to: Python XenForo Module.

As requested,

 

[SteveMcGrath]

ty Lawrence!