XF 2.2 Use XF session to verify via curl


Hello all.

I'm attempting to verify that the user is logged into their xenforo account via cURL and a C++ application.
I would like to avoid using the API due to the insecure nature of an API key in a compiled file which will be sent to forum members.
So far I've been able to verify the user is logged in when I access this php via the browser I'm logged into.
$app = XF::setupApp('XF\Pub\App');

if (!$user->user_id)
    exit(json_encode(["result" => "Please log in."]));
I'm not a web-developer but from my understanding this is using a session which is stored in the browser.

Knowing this, the cURL request will always fail the user_id check.
std::string response{};

curl_easy_setopt(curl, CURLOPT_URL, "https://site.com/test.php");
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response);
CURLcode result = curl_easy_perform(curl);
MessageBoxA(NULL, response.c_str(), "Response", MB_OK);

// I promise the actual implementation has way more to it, but that's beyond the scope.
// Just know this always responds with "Please log in"

I'd imagine I would somehow have to acquire the user's session from the browser, but frankly that sounds incredibly unsafe.

Any suggestions are greatly appreciated.
Top Bottom