XenForo is good idea for custom user database and

[hasanmerkit]

I wrote a simple membership system with my own vanilla PHP and it still works.

For security;

• I encrypted the passwords with BCRYPT.
• I used PDO.
• I used solutions like htmlspecialchars() function to fix XSS vulnerabilities.
• In the login page I created, IP addresses can make certain attempts within a certain time frame. (It was effective against brute force attacks.)

Here is what I am wondering:

• Can I redirect the XenForo membership database to my own database table?
• Can I continue using BCRPYT?
• Can I disable the XenForo registration and login system and have my page do this?
• Is knowing vanilla PHP enough for me to develop plugins?

Due to financial difficulties in the budget, I will only buy the software for now. I think I am experienced in pure PHP. For example, I designed my own membership system and worked on language detection and browser detection. Also, please pay attention to Windows 11 for browser detection. I shared how it can be done. (For Turkish developers, here is Turkish article.)

I am currently publishing my website with Flarum software, which I forked and adapted to my own membership system. However, I may switch to XenForo.

My website will be a source of information for the products I develop. I plan to remove the technology news on the homepage and publish only about the Linux operating system I developed.

 

[stromb0li]

I'd strongly consider looking at extending your login system to become an Identity Provider via OAuth and let XenForo redirect auth to it; or consider migrating away from your implementation to XenForo. As hard as it to walk away from previous work, XenForo is likely a much more flexible and secure system than your implementation; given how extensively it's been battletested and its alignment to standards. XenForo registration / login has been battletested by millions; allowing you to indirectly benefit from the learnings of others.

Could you spend 10s or 100s of hours rewriting XenForo to use your registration system? Yes.
Would it be a worthwhile investment or put you in a sustainable and supported state? No.

 

[hasanmerkit]

I'd strongly consider looking at extending your login system to become an Identity Provider via OAuth and let XenForo redirect auth to it; or consider migrating away from your implementation to XenForo. As hard as it to walk away from previous work, XenForo is likely a much more flexible and secure system than your implementation; given how extensively it's been battletested and its alignment to standards. XenForo registration / login has been battletested by millions; allowing you to indirectly benefit from the learnings of others.

Could you spend 10s or 100s of hours rewriting XenForo to use your registration system? Yes.
Would it be a worthwhile investment or put you in a sustainable and supported state? No.

I can't give up my own membership system. I coded it in a way that is completely compatible with the Linux distribution I am developing.

What scares me is that XenForo has a more complex Plugin structure than I expected.

 

[smallwheels]

Here is what I am wondering:

• Can I redirect the XenForo membership database to my own database table?
• Can I continue using BCRPYT?
• Can I disable the XenForo registration and login system and have my page do this?

Everything is doable: XenForo is software, it is neither compiled nor encrypted and it is using PHP, a language that is easy in comparison. So why should this not be doable? The two relevant questions are:
• is it a good idea?
• is it worth the effort?

I agree with @stromb0li here: It is neither a good idea nor worth the effort. For exactly the reasons he outlined. And I also agree with the solution he provided: Modify your login system to act as an OAuth-provider - problem solved w/o needing to modify the XF-codebase.

You did not give any reason why you would need to use your system instead of the one built in other than "I want it" (which is slightly different from "need"). This

I can't give up my own membership system. I coded it in a way that is completely compatible with the Linux distribution I am developing.

sounds a bit weird. XF is a webbased application (including the authentification). As such it runs on basically any web environment and thus is also "compatible" with any Linux distribution. Also, I don't see why a login system for a forum should need to be part of an operating system. Sure, one can do that (again: it's software) - but why? When it comes to compatibility we are in the area of standards and this points (again) to oauth, as this is one of the compatibility standards in this field.

What scares me is that XenForo has a more complex Plugin structure than I expected.

I'm not a developer but what one can read here in the forums is that developing plugins for XF seems to be very much straight forward and well organized - rather the opposite of complex.

 

[hasanmerkit]

As such it runs on basically any web environment and thus is also "compatible" with any Linux distribution.

Because our Linux distribution should not require an account again for the store application and settings sync feature that we will develop in the future. And these accounts should be usable outside the forum/community pages.

 

[Forsaken]

Because our Linux distribution should not require an account again for the store application and settings sync feature that we will develop in the future. And these accounts should be usable outside the forum/community pages.

...Which is why you should be using OAuth, as it is literally the system that every major operating system uses for account integrations (Android especially).