Tohru
Member
Hello all.
I'm attempting to verify that the user is logged into their xenforo account via cURL and a C++ application.
I would like to avoid using the API due to the insecure nature of an API key in a compiled file which will be sent to forum members.
So far I've been able to verify the user is logged in when I access this php via the browser I'm logged into.
I'm not a web-developer but from my understanding this is using a session which is stored in the browser.
Knowing this, the cURL request will always fail the user_id check.
I'd imagine I would somehow have to acquire the user's session from the browser, but frankly that sounds incredibly unsafe.
Any suggestions are greatly appreciated.
I'm attempting to verify that the user is logged into their xenforo account via cURL and a C++ application.
I would like to avoid using the API due to the insecure nature of an API key in a compiled file which will be sent to forum members.
So far I've been able to verify the user is logged in when I access this php via the browser I'm logged into.
PHP:
XF::start($fileDir);
$app = XF::setupApp('XF\Pub\App');
$app->start();
$user=XF::visitor();
if (!$user->user_id)
{
exit(json_encode(["result" => "Please log in."]));
}Knowing this, the cURL request will always fail the user_id check.
C++:
std::string response{};
curl_easy_setopt(curl, CURLOPT_URL, "https://site.com/test.php");
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response);
CURLcode result = curl_easy_perform(curl);
MessageBoxA(NULL, response.c_str(), "Response", MB_OK);
// I promise the actual implementation has way more to it, but that's beyond the scope.
// Just know this always responds with "Please log in"I'd imagine I would somehow have to acquire the user's session from the browser, but frankly that sounds incredibly unsafe.
Any suggestions are greatly appreciated.
