XenAPI - XenForo PHP REST API 1.4.2

[tafreehm]

• The hash code should only regenerate if the user updates his/her password (or user information). I have to look into this as I haven't experienced it to regenerate before, so in short: it should not expire unless the user updates the password.

• Make sure you store the hash securely, I have average experience with security in JavaScript so I wouldn't be able to help you with that.

• You can make the user authenticate again if they lose the hash.

Thanks for the reply.

It is fine if it regenerates. My only concern is to how to make it secure? One way I can think of is to edit the api.php file and remove all other services except getAlert because that is the one I am using. But still if user is on shared computer then he/she may lose the hash key and it will become trouble.

 

[Contex]

Hello, when I use XenAPI Object for login an account, XenApi return TRUE but I am not connected on my forum when I refresh the page.

$response = $xenAPI->login($username, 'secret', $ip_address);
// Return True but account not online.

With XenAPI class, it's possible to call all action inside the documentation ? I see only login/createAlert/authenticate and getActions (without arguments), how I can use other methode from XenApi class please ? And what is the difference beetwen "login" and "authenticate" please ?

And I have a suggestion, add logout from API, on Drupal 8 if my user click on "logout" button, I would like disconnecte all accounts (site and forum)

Thanks.

I'll check it out next week, do you run the external website on the same domain/server?
The wrapper class is unfinished, you'll have to add additional actions yourself as I haven't had time to add them all.
Add a feature request for "logout" to the GitHub issue page, that way I can follow the progress and requests there.

Thanks for the reply.

It is fine if it regenerates. My only concern is to how to make it secure? One way I can think of is to edit the api.php file and remove all other services except getAlert because that is the one I am using. But still if user is on shared computer then he/she may lose the hash key and it will become trouble.

I can't help you with that, you'll have to define what you see as secure and do what's necessarily to secure your application.
Losing the hash key isn't a problem, just make them reauthenticate if they "lose" their hash key.

 

[Deleted member 10469]

I'll check it out next week, do you run the external website on the same domain/server?

I have try in localhost with linux and with custom domain name inside my host/virtualhost :
theming.dev (my local drupal installation)
xenforo.dev (my local xenforo installation)

I don't use www inside this urls.

Add a feature request for "logout" to the GitHub issue page, that way I can follow the progress and requests there.

Done.

 

[Deleted member 10469]

XenApi need a plain password for registration or it's possible with a specific key or other please ? It's a work in progress ? I see ToDo inside the API.

If you push the next update on github, maybe I can help you with Pull Request.
If you need help for test/try some code, you can contact me

 

[Contex]

I have try in localhost with linux and with custom domain name inside my host/virtualhost :
theming.dev (my local drupal installation)
xenforo.dev (my local xenforo installation)

I don't use www inside this urls.



Done.

Interesting, it worked fine when I tested it on two seperate domains. I'll take a look when I get the time (most likely sometime next week).

XenApi need a plain password for registration or it's possible with a specific key or other please ? It's a work in progress ? I see ToDo inside the API.

If you push the next update on github, maybe I can help you with Pull Request.
If you need help for test/try some code, you can contact me

I could add a method for sending the password encrypted (via mcrypt or openssl), but that would mean you would have to have the mcrypt or openssl module installed and enabled on both the host and the external site.
Would that be something that you'd like? I don't see another way of encrypting and decrypting the password.

If you're interested in that, please submit a feature request for that as well.

 

[Deleted member 10469]

I have open a new issue on github for a suggestion :
Generate a hashed password from a plaintext password with XenApi.

Example:

FROM DRUPAL OR OTHER...

$xenApi->encryptPassword('MySecretPassword'); // return a xenforo hashed password (can use XenForo_PasswordHash class I think)

After inside Drupal 8, I can push the $hashedPassword inside the database.

If an user use Drupal login form, I can use $xenApi->encryptPassword() for get a hashed code and compare this hashed code with the user hashed code inside the database.

It's the best solution for external website I think, use the Xenforo encryption.

 

[Deleted member 10469]

I confirm, login don't work:

    function xenAPI() {
        return new XenAPI('xenforo.dev/api.php', 'API_KEY');
    }
    try {
      $xenAPI = xenAPI();
      $contents = $xenAPI->login('Kyna', 'MY_XENFORO_PASSWORD', \Drupal::request()->getClientIp());
    } catch (Exception $e) { displayException($e); }

    var_dump($contents);

return:

boolean true

xen_api.php return true but I don't have the cookie, and why return $true without the xenforo user informations ?

I have custom your code for add var_dump() :

        $response = $this->execute();

        var_dump($response);

        $success = setcookie(
            $response['cookie_name'],
            $response['cookie_id'],
            $response['cookie_expiration'],
            $response['cookie_path'],
            $response['cookie_domain'],
            $response['cookie_secure'],
            TRUE
        );

Return:

array (size=7)
  'hash' => string 'JDJhJDEwJDkxbnh6Um43S0xvMTQ0dEEzU3p6c2VNV2wuZXRLWjUvSlpjdFZYMWpocXJSajNhSk1RYVQu' (length=80)
  'cookie_name' => string 'xf_session' (length=10)
  'cookie_id' => string '6d3b3e4e1a965df0ad9679bd60eb59b8' (length=32)
  'cookie_path' => string '/' (length=1)
  'cookie_domain' => string 'xenforo.dev' (length=11)
  'cookie_expiration' => int 0
  'cookie_secure' => boolean false

I have try with and without FRENDLY URL, I don't have the cookie.
I have try on Firefox and Chrome on Linux.

 

[rhodes]

Can I also perform a search with xenapi, @Contex ? That would be great. I had a look at the documentation but I did not find this feature.

 

[Deleted member 10469]

Can I also perform a search with xenapi, @Contex ? That would be great. I had a look at the documentation but I did not find this feature.

You have this code inside XenApi:

public function search($keywords, $order = 'asc', $type = NULL) {

For $type, you can try : "thread_title" this value is inside the method.

 

[Deleted member 10469]

@Contex, from StackOverflow:

Browsers respect the same-origin policy, which prevents a website from setting cookies on other domain names.

But I have the same problem when I use a subdomain name.

 

[Contex]

Can I also perform a search with xenapi, @Contex ? That would be great. I had a look at the documentation but I did not find this feature.

Yes. I replied to your previous post, see post #179.

@Contex, from StackOverflow:

But I have the same problem when I use a subdomain name.

You're absolutely right, I'll see if I can work on a workaround, would you be able to test when I have something ready for testing?

 

[Contex]

@Zephyr I got it working, but I'm not entirely satisfied with this method.

See commit 66200c01f14bff2dd0aa5796dba0cea110102b29.

You are free to test it out, just re-download the PHP wrapper class, PHP example and api.php from the 1.4 dev branch.

Here's how to make it work:

1. Edit api.php (remove the # and replace REPLACE_THIS_WITH_A_SALT with a salt):

/*
* To enable encryption/decryption with login/authenticate:
* Uncomment the line below (remove the #).
* Change the salt, replace the REPLACE_THIS_WITH_A_SALT with your desired salt (random generated characters).
*/
#$restAPI->setSalt('REPLACE_THIS_WITH_A_SALT');

Example:

/*
* To enable encryption/decryption with login/authenticate:
* Uncomment the line below (remove the #).
* Change the salt, replace the REPLACE_THIS_WITH_A_SALT with your desired salt (random generated characters).
*/
$restAPI->setSalt('f88b8c66df68716d225e0ebe102b7357');

2. Edit example.php

$xenAPI = new XenAPI('http://xenapi.net/api.php', 'REPLACE_THIS_WITH_AN_API_KEY', 'REPLACE_THIS_WITH_A_SALT');

Example:

$xenAPI = new XenAPI('http://xenapi.net/api.php', 'REPLACE_THIS_WITH_AN_API_KEY', 'f88b8c66df68716d225e0ebe102b7357');

3. Edit example.php again, this time you replace the URL (http://google.com/) with the URL the that the script is running on, in your case this would be theming.dev.

$xenAPI->login('Contex', 'Password', 'http://google.com');

Example:

$xenAPI->login('Contex', 'Password', 'http://theming.dev');

Like I mentioned, I'm not satisfied with this method but it's the best I could do in a couple of hours. I will do a bit of research and see if there's a better way (without requiring any additional database tables in XenForo).

 

[Xon]

@Contex Thanks for this great project.

I needed a way to automate grabbing a couple million posts to test post render times (as I'm tweaking the XF bbcode parser for another addon).

Issues I've noticed:

• GetPost blows up if the hash is empty (and thus the user object is empty)
• You are using 'newXenForo_BbCode_Parser' rather than 'XenForo_BbCode_Parser::create' (pull request to fix this).

 

[Deleted member 10469]

xen_api.php line 36 and 54 you have a little error :
$this->getSalt();,

$xenAPI->login don't work:

$xenAPI->login('Kyna', 'secret_password', 'http://theming.dev');

Double headers sent by the server
Error: ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION.

 

[Deleted member 10469]

If I call this url directly with firefox, login and redirect work !

http://xenforo.dev/api.php?action=login&login_hash=SECRET_HASH_HERE

BUT, if I call the same url with file_get_contents(), don't work (loading time very very very slow, and no login, a infinite loop or header problem maybe ?).



Else, you have forget this line inside login() in xen_api.php no ?

return $this->execute();

I have test an another script (don't work with 1.4), but it use :

    public function login($user, $remember=false) {
        $userModel = XenForo_Model::create('XenForo_Model_User');

        // Set cookie if needed
        if($remember) {
            $userModel->setUserRememberCookie($user);
        }

        // Log IP
        XenForo_Model_Ip::log($user, 'user', $user, 'login');

        // delete current session
        $userModel->deleteSessionActivity(0, $_SERVER['REMOTE_ADDR']);

        $this->getSession()->changeUserId($user);
        $this->getVisitor()->setup($user);

        return $user;
    }

It's Xenforo SDK, have you try a similar method for login ?

 

[Contex]

@Contex Thanks for this great project.

I needed a way to automate grabbing a couple million posts to test post render times (as I'm tweaking the XF bbcode parser for another addon).

Issues I've noticed:

• GetPost blows up if the hash is empty (and thus the user object is empty)
• You are using 'newXenForo_BbCode_Parser' rather than 'XenForo_BbCode_Parser::create' (pull request to fix this).

Glad you liked it and found a useful way to use it!

Thanks for reporting that, I've fixed it for 1.4.2 (same issue for getThread). See commit 86b4ad2de213c57f5ae346366782c9a1f611aa2b.
Regarding the PR, could you resubmit it to the dev-1.4 branch instead? Thanks!

xen_api.php line 36 and 54 you have a little error :
$this->getSalt();,

$xenAPI->login don't work:

$xenAPI->login('Kyna', 'secret_password', 'http://theming.dev');

Double headers sent by the server
Error: ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION.

Fixed the first issue (misplaced semicolon).

Regarding the second error: I'm not having that issue, at all. It's logging in and redirecting my browser just fine here.
What browser are you using and what version of that browser?
In addition, what web server are you using? Apache by any chance? Do you have the modsecurity module enabled?

 

[Deleted member 10469]

Apache yes, a simple installation (dev - not prod - config for php.ini with reccomanded values), I have try with Firefox (35.0) and Chrome (39.0.2171.99 (64-bit)) on Linux.
The error with header is displayed only during drupal-login (drupal create/use a header I think) on Drupal 8.

I don't have modsecurity, you can see my complete local phpinfo() here :

PHP Version 5.5.20-1+deb.sury.org~trusty+1

System Linux axel-linux 3.13.0-24-generic #47-Ubuntu SMP Fri May 2 23:30:00 UTC 2014 x86_64
Build Date Dec 21 2014 19:55:20
Server API Apache 2.0 Handler
Virtual Directory Support disabled
Configuration File (php.ini) Path /etc/php5/apache2
Loaded Configuration File /etc/php5/apache2/php.ini
Scan this dir for additional .ini files /etc/php5/apache2/conf.d
Additional .ini files parsed /etc/php5/apache2/conf.d/05-opcache.ini, /etc/php5/apache2/conf.d/10-pdo.ini, /etc/php5/apache2/conf.d/20-curl.ini, /etc/php5/apache2/conf.d/20-gd.ini, /etc/php5/apache2/conf.d/20-json.ini, /etc/php5/apache2/conf.d/20-mcrypt.ini, /etc/php5/apache2/conf.d/20-mysql.ini, /etc/php5/apache2/conf.d/20-mysqli.ini, /etc/php5/apache2/conf.d/20-pdo_mysql.ini
PHP API 20121113
PHP Extension 20121212
Zend Extension 220121212
Zend Extension Build API220121212,NTS
PHP Extension Build API20121212,NTS
Debug Build no
Thread Safety disabled
Zend Signal Handling disabled
Zend Memory Manager enabled
Zend Multibyte Support provided by mbstring
IPv6 Support enabled
DTrace Support enabled
Registered PHP Streams https, ftps, compress.zlib, compress.bzip2, php, file, glob, data, http, ftp, phar, zip
Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, tls
Registered Stream Filters zlib.*, bzip2.*, convert.iconv.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk, mcrypt.*, mdecrypt.*

This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies
with Xdebug v2.2.6, Copyright (c) 2002-2014, by Derick Rethans
with Zend OPcache v7.0.4-dev, Copyright (c) 1999-2014, by Zend Technologies
Configuration
apache2handler
Apache Version Apache/2.4.10 (Ubuntu)
Apache API Version 20120211
Server Administrator webmaster@localhost
Hostnameort localhost:0
User/Group www-data(33)/33
Max Requests Per Child: 0 - Keep Alive: on - Max Per Connection: 100
Timeouts Connection: 300 - Keep-Alive: 5
Virtual Server Yes
Server Root /etc/apache2
Loaded Modules core mod_so mod_watchdog http_core mod_log_config mod_logio mod_version mod_unixd mod_access_compat mod_alias mod_auth_basic mod_authn_core mod_authn_file mod_authz_core mod_authz_host mod_authz_user mod_autoindex mod_deflate mod_dir mod_env mod_filter mod_mime prefork mod_negotiation mod_php5 mod_rewrite mod_setenvif mod_status

Directive Local Value Master Value
engine 1 1
last_modified 0 0
xbithack 0 0

Apache Environment
Variable Value
HTTP_HOST localhost
HTTP_USER_AGENT Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
HTTP_ACCEPT text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_LANGUAGE fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
HTTP_ACCEPT_ENCODING gzip, deflate
HTTP_CONNECTION keep-alive
PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
SERVER_SIGNATURE <address>Apache/2.4.10 (Ubuntu) Server at localhost Port 80</address>
SERVER_SOFTWARE Apache/2.4.10 (Ubuntu)
SERVER_NAME localhost
SERVER_ADDR 127.0.0.1
SERVER_PORT 80
REMOTE_ADDR 127.0.0.1
DOCUMENT_ROOT /var/www
REQUEST_SCHEME http
CONTEXT_PREFIX no value
CONTEXT_DOCUMENT_ROOT /var/www
SERVER_ADMIN webmaster@localhost
SCRIPT_FILENAME /var/www/index.php
REMOTE_PORT 46443
GATEWAY_INTERFACE CGI/1.1
SERVER_PROTOCOL HTTP/1.1
REQUEST_METHOD GET
QUERY_STRING no value
REQUEST_URI /
SCRIPT_NAME /index.php

HTTP Headers Information
HTTP Request Headers
HTTP Request GET / HTTP/1.1
Host localhost
User-Agent Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding gzip, deflate
Connection keep-alive
HTTP Response Headers
X-Powered-By PHP/5.5.20-1+deb.sury.org~trusty+1

bcmath
BCMath support enabled

Directive Local Value Master Value
bcmath.scale 0 0

bz2
BZip2 Support Enabled
Stream Wrapper support compress.bzip2://
Stream Filter support bzip2.decompress, bzip2.compress
BZip2 Version 1.0.6, 6-Sept-2010

calendar
Calendar support enabled

Core
PHP Version 5.5.20-1+deb.sury.org~trusty+1

Directive Local Value Master Value
allow_url_fopen On On
allow_url_include Off Off
always_populate_raw_post_data Off Off
arg_separator.input & &
arg_separator.output & &
asp_tags Off Off
auto_append_file no value no value
auto_globals_jit On On
auto_prepend_file no value no value
browscap no value no value
default_charset no value no value
default_mimetype text/html text/html
disable_classes no value no value
disable_functions pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority, pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
display_errors On On
display_startup_errors On On
doc_root no value no value
docref_ext no value no value
docref_root no value no value
enable_dl Off Off
enable_post_data_reading On On
error_append_string no value no value
error_log no value no value
error_prepend_string no value no value
error_reporting 32767 32767
exit_on_timeout Off Off
expose_php On On
extension_dir /usr/lib/php5/20121212 /usr/lib/php5/20121212
file_uploads On On
highlight.comment #FF8000 #FF8000
highlight.default #0000BB #0000BB
highlight.html #000000 #000000
highlight.keyword #007700 #007700
highlight.string #DD0000 #DD0000
html_errors On On
ignore_repeated_errors Off Off
ignore_repeated_source Off Off
ignore_user_abort Off Off
implicit_flush Off Off
include_path .:/usr/share/php:/usr/share/pear .:/usr/share/php:/usr/share/pear
log_errors On On
log_errors_max_len 1024 1024
mail.add_x_header On On
mail.force_extra_parameters no value no value
mail.log no value no value
max_execution_time 30 30
max_file_uploads 20 20
max_input_nesting_level 64 64
max_input_time 120 120
max_input_vars 1000 1000
memory_limit 250M 250M
open_basedir no value no value
output_buffering 4096 4096
output_handler no value no value
post_max_size 8M 8M
precision 14 14
realpath_cache_size 16K 16K
realpath_cache_ttl 120 120
register_argc_argv Off Off
report_memleaks On On
report_zend_debug On On
request_order GP GP
sendmail_from no value no value
sendmail_path /usr/sbin/sendmail -t -i /usr/sbin/sendmail -t -i
serialize_precision 17 17
short_open_tag Off Off
SMTP localhost localhost
smtp_port 25 25
sql.safe_mode Off Off
sys_temp_dir no value no value
track_errors On On
unserialize_callback_func no value no value
upload_max_filesize 2M 2M
upload_tmp_dir no value no value
user_dir no value no value
user_ini.cache_ttl 300 300
user_ini.filename .user.ini .user.ini
variables_order GPCS GPCS
xmlrpc_error_number 0 0
xmlrpc_errors Off Off
zend.detect_unicode On On
zend.enable_gc On On
zend.multibyte Off Off
zend.script_encoding no value no value

ctype
ctype functions enabled

curl
cURL support enabled
cURL Information 7.35.0
Age 3
Features
AsynchDNS Yes
CharConv No
Debug No
GSS-Negotiate Yes
IDN Yes
IPv6 Yes
krb4 No
Largefile Yes
libz Yes
NTLM Yes
NTLMWB Yes
SPNEGO No
SSL Yes
SSPI No
TLS-SRP Yes
Protocols dict, file, ftp, ftps, gopher, http, https, imap, imaps, ldap, ldaps, pop3, pop3s, rtmp, rtsp, smtp, smtps, telnet, tftp
Host x86_64-pc-linux-gnu
SSL Version OpenSSL/1.0.1f
ZLib Version 1.2.8

date
date/time support enabled
"Olson" Timezone Database Version 0.system
Timezone Database internal
Default timezone Europe/Berlin

Directive Local Value Master Value
date.default_latitude 31.7667 31.7667
date.default_longitude 35.2333 35.2333
date.sunrise_zenith 90.583333 90.583333
date.sunset_zenith 90.583333 90.583333
date.timezone no value no value

dba
DBA support enabled
Supported handlers cdb cdb_make db4 inifile flatfile qdbm

Directive Local Value Master Value
dba.default_handler flatfile flatfile

dom
DOM/XML enabled
DOM/XML API Version 20031129
libxml Version 2.9.1
HTML Support enabled
XPath Support enabled
XPointer Support enabled
Schema Support enabled
RelaxNG Support enabled

ereg
Regex Library Bundled library enabled

exif
EXIF Support enabled
EXIF Version 1.4 $Id: 637ebf9289b40d157fdf8edcdddeb3d907b28d9b $
Supported EXIF Version 0220
Supported filetypes JPEG,TIFF

Directive Local Value Master Value
exif.decode_jis_intel JIS JIS
exif.decode_jis_motorola JIS JIS
exif.decode_unicode_intel UCS-2LE UCS-2LE
exif.decode_unicode_motorola UCS-2BE UCS-2BE
exif.encode_jis no value no value
exif.encode_unicode ISO-8859-15 ISO-8859-15

fileinfo
fileinfo support enabled
version 1.0.5

filter
Input Validation and Filtering enabled
Revision $Id: 4d3899e089e6e45b157975ceef2ac7deb6e9d762 $

Directive Local Value Master Value
filter.default unsafe_raw unsafe_raw
filter.default_flags no value no value

ftp
FTP support enabled

gd
GD Support enabled
GD Version 2.1.1-dev
FreeType Support enabled
FreeType Linkage with freetype
FreeType Version 2.5.2
GIF Read Support enabled
GIF Create Support enabled
JPEG Support enabled
libJPEG Version 8
PNG Support enabled
libPNG Version 1.2.50
WBMP Support enabled
XPM Support enabled
libXpm Version 30411
XBM Support enabled
WebP Support enabled

Directive Local Value Master Value
gd.jpeg_ignore_warning 0 0

gettext
GetText Support enabled

hash
hash support enabled
Hashing Engines md2 md4 md5 sha1 sha224 sha256 sha384 sha512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru snefru256 gost adler32 crc32 crc32b fnv132 fnv164 joaat haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5

iconv
iconv support enabled
iconv implementation glibc
iconv library version 2.19

Directive Local Value Master Value
iconv.input_encoding ISO-8859-1 ISO-8859-1
iconv.internal_encoding ISO-8859-1 ISO-8859-1
iconv.output_encoding ISO-8859-1 ISO-8859-1

json
json support enabled
json version 1.3.6
JSON-C headers version 0.11.99
JSON-C library version 0.11.99

libxml
libXML support active
libXML Compiled Version 2.9.1
libXML Loaded Version 20901
libXML streams enabled

mbstring
Multibyte Support enabled
Multibyte string engine libmbfl
HTTP input encoding translation disabled
libmbfl version 1.3.2

mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.

Multibyte (japanese) regex support enabled
Multibyte regex (oniguruma) version 5.9.1

Directive Local Value Master Value
mbstring.detect_order no value no value
mbstring.encoding_translation Off Off
mbstring.func_overload 0 0
mbstring.http_input pass pass
mbstring.http_output pass pass
mbstring.http_output_conv_mimetypes ^(text/|application/xhtml\+xml) ^(text/|application/xhtml\+xml)
mbstring.internal_encoding no value no value
mbstring.language neutral neutral
mbstring.strict_detection Off Off
mbstring.substitute_character no value no value

mcrypt
mcrypt support enabled
mcrypt_filter support enabled
Version 2.5.8
Api No 20021217
Supported ciphers cast-128 gost rijndael-128 twofish arcfour cast-256 loki97 rijndael-192 saferplus wake blowfish-compat des rijndael-256 serpent xtea blowfish enigma rc2 tripledes
Supported modes cbc cfb ctr ecb ncfb nofb ofb stream

Directive Local Value Master Value
mcrypt.algorithms_dir no value no value
mcrypt.modes_dir no value no value

mhash
MHASH support Enabled
MHASH API Version Emulated Support

mysql
MySQL Support enabled
Active Persistent Links 0
Active Links 0
Client API version 5.5.40
MYSQL_MODULE_TYPE external
MYSQL_SOCKET /var/run/mysqld/mysqld.sock
MYSQL_INCLUDE -I/usr/include/mysql
MYSQL_LIBS -L/usr/lib/x86_64-linux-gnu -lmysqlclient_r

Directive Local Value Master Value
mysql.allow_local_infile On On
mysql.allow_persistent On On
mysql.connect_timeout 60 60
mysql.default_host no value no value
mysql.default_password no value no value
mysql.default_port no value no value
mysql.default_socket /var/run/mysqld/mysqld.sock /var/run/mysqld/mysqld.sock
mysql.default_user no value no value
mysql.max_links Unlimited Unlimited
mysql.max_persistent Unlimited Unlimited
mysql.trace_mode Off Off

mysqli
MysqlI Support enabled
Client API library version 5.5.40
Active Persistent Links 0
Inactive Persistent Links 0
Active Links 0
Client API header version 5.5.40
MYSQLI_SOCKET /var/run/mysqld/mysqld.sock

Directive Local Value Master Value
mysqli.allow_local_infile On On
mysqli.allow_persistent On On
mysqli.default_host no value no value
mysqli.default_port 3306 3306
mysqli.default_pw no value no value
mysqli.default_socket /var/run/mysqld/mysqld.sock /var/run/mysqld/mysqld.sock
mysqli.default_user no value no value
mysqli.max_links Unlimited Unlimited
mysqli.max_persistent Unlimited Unlimited
mysqli.reconnect Off Off

openssl
OpenSSL support enabled
OpenSSL Library Version OpenSSL 1.0.1f 6 Jan 2014
OpenSSL Header Version OpenSSL 1.0.1f 6 Jan 2014

pcre
PCRE (Perl Compatible Regular Expressions) Support enabled
PCRE Library Version 8.31 2012-07-06

Directive Local Value Master Value
pcre.backtrack_limit 1000000 1000000
pcre.recursion_limit 100000 100000

PDO
PDO support enabled
PDO drivers mysql

pdo_mysql
PDO Driver for MySQL enabled
Client API version 5.5.40

Directive Local Value Master Value
pdo_mysql.default_socket /var/run/mysqld/mysqld.sock /var/run/mysqld/mysqld.sock

Phar
Phar: PHP Archive support enabled
Phar EXT version 2.0.2
Phar API version 1.1.1
SVN revision $Id: cc0fad28eb9ea42466f756c3b5fc22c764e32690 $
Phar-based phar archives enabled
Tar-based phar archives enabled
ZIP-based phar archives enabled
gzip compression enabled
bzip2 compression enabled
OpenSSL support enabled

Phar based on pear/PHP_Archive, original concept by Davey Shafik.
Phar fully realized by Gregory Beaver and Marcus Boerger.
Portions of tar implementation Copyright (c) 2003-2009 Tim Kientzle.

Directive Local Value Master Value
phar.cache_list no value no value
phar.readonly On On
phar.require_hash On On

posix
Revision $Id: 1dfa9997ed76804e53c91e0ce862f3707617b6ed $

Reflection
Reflection enabled
Version $Id: 95b780d3f0d017feba96a5c35cca9541186114ad $

session
Session Support enabled
Registered save handlers files user
Registered serializer handlers php_serialize php php_binary wddx

Directive Local Value Master Value
session.auto_start Off Off
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file /dev/urandom /dev/urandom
session.entropy_length 32 32
session.gc_divisor 1000 1000
session.gc_maxlifetime 1440 1440
session.gc_probability 0 0
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /var/lib/php5/sessions /var/lib/php5/sessions
session.serialize_handler php php
session.upload_progress.cleanup On On
session.upload_progress.enabled On On
session.upload_progress.freq 1% 1%
session.upload_progress.min_freq 1 1
session.upload_progress.name PHP_SESSION_UPLOAD_PROGRESS PHP_SESSION_UPLOAD_PROGRESS
session.upload_progress.prefix upload_progress_ upload_progress_
session.use_cookies On On
session.use_only_cookies On On
session.use_strict_mode Off Off
session.use_trans_sid 0 0

shmop
shmop support enabled

SimpleXML
Simplexml support enabled
Revision $Id: a915862ec47f9589309acc4996ca8f6179788746 $
Schema support enabled

soap
Soap Client enabled
Soap Server enabled

Directive Local Value Master Value
soap.wsdl_cache 1 1
soap.wsdl_cache_dir /tmp /tmp
soap.wsdl_cache_enabled 1 1
soap.wsdl_cache_limit 5 5
soap.wsdl_cache_ttl 86400 86400

sockets
Sockets Support enabled

SPL
SPL support enabled
Interfaces Countable, OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject
Classes AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, CallbackFilterIterator, DirectoryIterator, DomainException, EmptyIterator, FilesystemIterator, FilterIterator, GlobIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, MultipleIterator, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveCallbackFilterIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RecursiveTreeIterator, RegexIterator, RuntimeException, SplDoublyLinkedList, SplFileInfo, SplFileObject, SplFixedArray, SplHeap, SplMinHeap, SplMaxHeap, SplObjectStorage, SplPriorityQueue, SplQueue, SplStack, SplTempFileObject, UnderflowException, UnexpectedValueException

standard
Dynamic Library Support enabled
Path to sendmail /usr/sbin/sendmail -t -i

Directive Local Value Master Value
assert.active 1 1
assert.bail 0 0
assert.callback no value no value
assert.quiet_eval 0 0
assert.warning 1 1
auto_detect_line_endings 0 0
default_socket_timeout 60 60
from no value no value
url_rewriter.tags a=href,area=href,frame=src,input=src,form=fakeentry a=href,area=href,frame=src,input=src,form=fakeentry
user_agent no value no value

sysvmsg
sysvmsg support enabled
Revision $Id: adf1d2d6be849c46eed3c3ee6f1cbebd1448d6e5 $

tokenizer
Tokenizer Support enabled

wddx
WDDX Support enabled
WDDX Session Serializer enabled

xdebug
xdebug support enabled
Version 2.2.6
IDE Key no value

Supported protocols Revision
DBGp - Common DeBuGger Protocol $Revision: 1.145 $

Directive Local Value Master Value
xdebug.auto_trace Off Off
xdebug.cli_color 0 0
xdebug.collect_assignments Off Off
xdebug.collect_includes On On
xdebug.collect_params 0 0
xdebug.collect_return Off Off
xdebug.collect_vars Off Off
xdebug.coverage_enable On On
xdebug.default_enable On On
xdebug.dump.COOKIE no value no value
xdebug.dump.ENV no value no value
xdebug.dump.FILES no value no value
xdebug.dump.GET no value no value
xdebug.dump.POST no value no value
xdebug.dump.REQUEST no value no value
xdebug.dump.SERVER no value no value
xdebug.dump.SESSION no value no value
xdebug.dump_globals On On
xdebug.dump_once On On
xdebug.dump_undefined Off Off
xdebug.extended_info On On
xdebug.file_link_format no value no value
xdebug.idekey no value no value
xdebug.max_nesting_level 100 100
xdebug.overload_var_dump On On
xdebug.profiler_aggregate Off Off
xdebug.profiler_append Off Off
xdebug.profiler_enable Off Off
xdebug.profiler_enable_trigger Off Off
xdebug.profiler_output_dir /tmp /tmp
xdebug.profiler_output_name cachegrind.out.%p cachegrind.out.%p
xdebug.remote_autostart Off Off
xdebug.remote_connect_back Off Off
xdebug.remote_cookie_expire_time 3600 3600
xdebug.remote_enable Off Off
xdebug.remote_handler dbgp dbgp
xdebug.remote_host localhost localhost
xdebug.remote_log no value no value
xdebug.remote_mode req req
xdebug.remote_port 9000 9000
xdebug.scream Off Off
xdebug.show_exception_trace Off Off
xdebug.show_local_vars Off Off
xdebug.show_mem_delta Off Off
xdebug.trace_enable_trigger Off Off
xdebug.trace_format 0 0
xdebug.trace_options 0 0
xdebug.trace_output_dir /tmp /tmp
xdebug.trace_output_name trace.%c trace.%c
xdebug.var_display_max_children 128 128
xdebug.var_display_max_data 512 512
xdebug.var_display_max_depth 3 3

xml
XML Support active
XML Namespace Support active
libxml2 Version 2.9.1

xmlreader
XMLReader enabled

xmlwriter
XMLWriter enabled

Zend OPcache
Opcode Caching Up and Running
Optimization Enabled
Startup OK
Shared memory model mmap
Cache hits 0
Cache misses 1
Used memory 5465944
Free memory 61642920
Wasted memory 0
Interned Strings Used memory 415232
Interned Strings Free memory 3779072
Cached scripts 1
Cached keys 1
Max keys 3907
OOM restarts 0
Hash keys restarts 0
Manual restarts 0

Directive Local Value Master Value
opcache.blacklist_filename no value no value
opcache.consistency_checks 0 0
opcache.dups_fix Off Off
opcache.enable On On
opcache.enable_cli Off Off
opcache.enable_file_override Off Off
opcache.error_log no value no value
opcache.fast_shutdown 0 0
opcache.file_update_protection 2 2
opcache.force_restart_timeout 180 180
opcache.inherited_hack On On
opcache.interned_strings_buffer 4 4
opcache.load_comments 1 1
opcache.log_verbosity_level 1 1
opcache.max_accelerated_files 2000 2000
opcache.max_file_size 0 0
opcache.max_wasted_percentage 5 5
opcache.memory_consumption 64 64
opcache.optimization_level 0xFFFFFFFF 0xFFFFFFFF
opcache.preferred_memory_model no value no value
opcache.protect_memory 0 0
opcache.restrict_api no value no value
opcache.revalidate_freq 2 2
opcache.revalidate_path Off Off
opcache.save_comments 1 1
opcache.use_cwd On On
opcache.validate_timestamps On On

zip
Zip enabled
Extension Version $Id: 05dd1ecc211075107543b0ef8cee488dd229fccf $
Zip version 1.11.0
Libzip version 0.10.1

zlib
ZLib Support enabled
Stream Wrapper compress.zlib://
Stream Filter zlib.inflate, zlib.deflate
Compiled Version 1.2.8
Linked Version 1.2.8

Directive Local Value Master Value
zlib.output_compression Off Off
zlib.output_compression_level -1 -1
zlib.output_handler no value no value

Additional Modules
Module Name
sysvsem
sysvshm

Environment
Variable Value
APACHE_RUN_DIR /var/run/apache2
APACHE_PID_FILE /var/run/apache2/apache2.pid
PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
APACHE_LOCK_DIR /var/lock/apache2
LANG C
APACHE_RUN_USER www-data
APACHE_RUN_GROUP www-data
APACHE_LOG_DIR /var/log/apache2
PWD /

PHP Variables
Variable Value
_SERVER["HTTP_HOST"] localhost
_SERVER["HTTP_USER_AGENT"] Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
_SERVER["HTTP_ACCEPT"] text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
_SERVER["HTTP_ACCEPT_LANGUAGE"] fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
_SERVER["HTTP_ACCEPT_ENCODING"] gzip, deflate
_SERVER["HTTP_CONNECTION"] keep-alive
_SERVER["PATH"] /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
_SERVER["SERVER_SIGNATURE"] <address>Apache/2.4.10 (Ubuntu) Server at localhost Port 80</address>
_SERVER["SERVER_SOFTWARE"] Apache/2.4.10 (Ubuntu)
_SERVER["SERVER_NAME"] localhost
_SERVER["SERVER_ADDR"] 127.0.0.1
_SERVER["SERVER_PORT"] 80
_SERVER["REMOTE_ADDR"] 127.0.0.1
_SERVER["DOCUMENT_ROOT"] /var/www
_SERVER["REQUEST_SCHEME"] http
_SERVER["CONTEXT_PREFIX"] no value
_SERVER["CONTEXT_DOCUMENT_ROOT"] /var/www
_SERVER["SERVER_ADMIN"] webmaster@localhost
_SERVER["SCRIPT_FILENAME"] /var/www/index.php
_SERVER["REMOTE_PORT"] 46443
_SERVER["GATEWAY_INTERFACE"] CGI/1.1
_SERVER["SERVER_PROTOCOL"] HTTP/1.1
_SERVER["REQUEST_METHOD"] GET
_SERVER["QUERY_STRING"] no value
_SERVER["REQUEST_URI"] /
_SERVER["SCRIPT_NAME"] /index.php
_SERVER["PHP_SELF"] /index.php
_SERVER["REQUEST_TIME_FLOAT"] 1422405195.032
_SERVER["REQUEST_TIME"] 1422405195

Note: The error of header is displayed by firefox/chrome browser, not by the server/site.

 

[Deleted member 10469]

I follow the 1.4 branch now.
I have the problem of header during drupal-login, and on a basic page I don't have a problem of header, but the code bellow return null :

    header('Content-type: text/plain');
    require_once 'xen_api.php';

    // ...

    $xenAPI = new XenAPI('http://xenforo.dev/api.php', 'MY_API_KEY', 'MY_API_KEYSALT');

    try {
      $result = $xenAPI->login('Kyna', 'my_secret_password', 'http://theming.dev');
      var_dump($result);
    }
    catch (Exception $e) {
      if ($e->getCode() == 400) {
        $error = json_decode($e->getMessage(), TRUE);
        die('API call failed: API ERROR CODE=' . $error['error'] . ' & API ERROR MESSAGE=' . $error['message']);
      }
      else {
        die('API call failed: HTTP RESPONSE=' . $e->getMessage() . ' & HTTP STATUS CODE=' . $e->getCode());
      }
    }

var_dump($result); return null, my login and password is good, and I don't have an error.

 

[Contex]

I follow the 1.4 branch now.
I have the problem of header during drupal-login, and on a basic page I don't have a problem of header, but the code bellow return null :

    header('Content-type: text/plain');
    require_once 'xen_api.php';

    // ...

    $xenAPI = new XenAPI('http://xenforo.dev/api.php', 'MY_API_KEY', 'MY_API_KEYSALT');

    try {
      $result = $xenAPI->login('Kyna', 'my_secret_password', 'http://theming.dev');
      var_dump($result);
    }
    catch (Exception $e) {
      if ($e->getCode() == 400) {
        $error = json_decode($e->getMessage(), TRUE);
        die('API call failed: API ERROR CODE=' . $error['error'] . ' & API ERROR MESSAGE=' . $error['message']);
      }
      else {
        die('API call failed: HTTP RESPONSE=' . $e->getMessage() . ' & HTTP STATUS CODE=' . $e->getCode());
      }
    }

var_dump($result); return null, my login and password is good, and I don't have an error.

It will always return null as it doesn't return anything. The login function redirects the browser to the api.php with a login hash.

I'll setup a testing environment sometime this week and see if I can figure out what Drupal is doing. Although I'm not that familiar with the Drupal codebase so the crawling might take a bit.

Edit: I'm curious, if you only use the example.php and redirect to google.com instead. Does that work for you?

 

[Deleted member 10469]

It's OK if I try example.php without Drupal 8 (login and redirection working).
The problem is xen_api with Drupal 8, I use xen_api inside a hook, I don't have an error, but I don't are logged on Xenforo.

If you want install Drupal 8, I can share my module with you for tests.