XenAPI - XenForo PHP REST API 1.4.2
- Thread starter Contex
- Start date
azurevn
Member
Thank you for awesome API!
But I have one question: How can I set user online in forum after check login with authenticate?
But I have one question: How can I set user online in forum after check login with authenticate?
playajames
Member
Ive gone through most of the posts here on this thread now looking for a solution to my problem. I cant seem to figure out a way to check if a user is logged in or not? I have a feeling its not that simple but if someone could point me in the right direction it would be greatly appreciated.
Nathan Soares
New member
you can send a getUser with the hash of authenticate
playajames
Member
Thank you very much.
Helladen
Member
PHP7 is broke cause break; lines, just remove these each time you get the line error this happens when you throw an error. I went ahead and removed all break; that come after throwError in the entire file. Basically, replace your api.php with this one and update the RestAPI key with your own. I edited mine back to the default one that comes with it.
Here's the pull request author. :O https://github.com/Contex/XenAPI/pull/61
Here's the pull request author. :O https://github.com/Contex/XenAPI/pull/61
Last edited:
Krasen Vachev
Member
My question is is there any way I could validate if "authenticate hash" is correct with some external software, like I get the hash in my C# app and check if it's correct
Helladen
Member
Krasen Vachev
Member
My goal is after I get the hash, to check if it's correct. Like if someone tries to redirect the link to the api and fakes a hash, how can I check that the hash I get as a response from the api is a valid one?
Helladen
Member
The API returns a hash when you authenticate a user. You don't want to login using a hash. You want to have them input a username/password then you can verify if it works or not.
This is the code I use to authenticate a user.
Code:
sAddress = "https://hitsparkinteractive.com/api.php"
addrParams = "action=authenticate"
addrParams = addrParams & "&username=" & Username
addrParams = addrParams & "&password=" & Password
Set HTTP = New WinHttpRequest
HTTP.Open "GET", sAddress & "?" & addrParams, False
HTTP.SetTimeouts 250, 250, 250, 3000
HTTP.SendThis is the code after I received the hash.
Code:
sAddress = "https://hitsparkinteractive.com/api.php"
addrParams = "action=getUser"
addrParams = addrParams & "&hash=" & Username & ":" & TempPlayer(index).Hash
Set HTTP = New WinHttpRequest
HTTP.Open "GET", sAddress & "?" & addrParams, False
HTTP.SetTimeouts 250, 250, 250, 1000
HTTP.Send
retJSON = HTTP.ResponseText
Set HTTP = NothingI run a legacy server that uses VB6, but C# is pretty easy to do the same thing.
Krasen Vachev
Member
You seem to not understanding me. I require username and pass and I successfully get the hash. My problem is checking if the hash is correct.
Helladen
Member
You don't do that. You are the one not understanding this API. You use actions like I showed above. You don't need to authentication or check again. The HASH is checked for each action automatically. The HASH is unique and not something you need to verify.
Krasen Vachev
Member
The HASH is unique and not something you need to verify.
That's what I needed. I'm aware that I don't need additional checks of the hash, but let's say someone manages to reroute the api address to somewhere else that returns a random hash. That's why I need an additional check
That's what I needed. I'm aware that I don't need additional checks of the hash, but let's say someone manages to reroute the api address to somewhere else that returns a random hash. That's why I need an additional check
Helladen
Member
I see. There's API passwords that you can use. There's a unique password in the file (API.php), I believe this is secure. If it isn't, then you probably need to use that password along with the HASH to secure it using the API.php. I am not sure on this though, sorry.
Krasen Vachev
Member
Is there a way to check how many days are remaining of an user's upgrade?
