1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XenForo Login API for Third-Party Scripts

Discussion in 'XenForo Suggestions' started by feldon30, Jan 31, 2014.

  1. feldon30

    feldon30 Well-Known Member

    There is currently no elegant way for a third-party script to trigger (remote control) standard functions within XenForo such as Login, Logout, Register User, Change E-mail/Password/etc., or Delete User.

    I looked at XenAPI and other add-ons and none seemed to enable third-party scripts to remotely control XenForo to the degree we needed. Rewriting our web application to use XenForo's login routines was not an option.

    I investigated the Login/Logout functions present in XenForo, but they require the hashed password, which is not something a third-party script would (or should) have access to. After 30 hours developing a rather kludgy integration (as you can read about here) there is still no elegant solution for the AdminCP extra login security popup. I also fear that our integration may be "fragile" and be affected by future changes in XenForo. Including such an API out-of-the-box would eliminate this fear.

    My suggestion is either:
    • Provide a standalone API file like xenforo_api.php which contains fully encapsulated versions of major XenForo functions, and which can be included into a third-party script by passing an encrypted key to perform these functions without the user's password hash:
    1. Login (creates session, cookies, etc. as needed to fully log a user, mod, or administrator in)
    2. Logout (ibid.)
    3. Register User (provide any and all profile fields, including UserID of the user to be created)
    4. Update User (change the e-mail or password of a user)
    5. Delete User
    6. Create Thread
    7. Create Post
    • Provide documentation for third-party integration, and provide a version of the Login function that will accept a 64-bit encrypted "API key" in lieu of the user's hashed password. Also, provide a way to disable the AdminCP extra security login procedure for users that login through the API.
    HWS, Dan Allen, semprot and 10 others like this.
  2. radu

    radu Member

  3. Kintaro

    Kintaro Well-Known Member

  4. Dan Allen

    Dan Allen Active Member

    II must be missing something I downloaded the sdk, and once I figured out how to get into the right directory, it looks to me like it supports everything I need.
  5. feldon30

    feldon30 Well-Known Member

    Never heard of XenSDK til now. It was released a week after my post. It has 172 downloads and only 2 pages of discussion. Odd how little demand there is to integrate XenForo with other established websites.
    Dan Allen likes this.
  6. Jake B.

    Jake B. Well-Known Member

    Dan Allen and Kintaro like this.
  7. Dan Allen

    Dan Allen Active Member

    At this point, the SDK is kind of old. And when I installed the upgrade to 1.5.4 it killed the login I had working with the SDK.

    It looks to me that there is demand for quality, current addon for logging in and the other functions you mentioned. I am curious why none has become prominent.

    I would several days to do it, because I understand so little about how to work with XF's objects. I can tinker, but I am not setup with a library of all the recent XF objects configured for general purpose development. To be good, it would need an easy way to stay current as XF updates the same objects you'd need to include with some variations in the system I am envisioning. I bet someone who programs with XF on a regular basis could have a working demo in a few hours that would be good enough that I could adapt it for what I need. That same task is going to take me weeks or at least several days, before I really understand how this stuff works.

    People are being gracious enough to provide clues, but they are not specific enough. "Look at how XF does login and use that" is the type of help coming forward. Well, duh, I know to do that but the problem for me I don't know how to send login data to the part of the object structure that is going to process it and when it does, I don't want to be redirected to a XF screen, I need an XF session and cookie that will get me in when I next navigate to the forum. I don't understand how to make my program interact with this onel
    Last edited: Dec 16, 2015
  8. Dan Allen

    Dan Allen Active Member

    Oh yea, the other crucial tip I got was, "it's easy... use these three lines of code, assuming you are in a controller."

    So, I asked the weird question: "got any starter code I can use to be in one of those controllers?" No response. It's easy if you already know how and if you don't already know, you are not qualified to ask questions.

    The trick is going to be setting up an XF environment that you can adapt.
    otto and feldon30 like this.
  9. 0ptima

    0ptima Well-Known Member

    Dan Allen likes this.
  10. Dan Allen

    Dan Allen Active Member

    Ok, I am going to take that road.

    I was thinking there might be a spec, guide or sample named something like "This is how to Make a XenForo add_on."

    Do you know if any of those tutorial include logging into XF from an other app?
  11. Dan Allen

    Dan Allen Active Member

    OpenID is one of the strangest things I ever saw. Idea sounds great. Go to their website. http://openid.net/ No way to signup. No way to get an openID there.

    That is weird. It is like going to the Dog Lover's club and finding that none of the members have dogs

    Their blog reads like it is from the United Nations. That much makes sense, because the UN never does anything either
  12. Jake B.

    Jake B. Well-Known Member

    You don't 'get an openid' you run an openid provider that an openid client can login with. Just think the 'login with Facebook / twitter /Google / whatever buttons
    Dan Allen and feldon30 like this.
  13. wang

    wang Well-Known Member

    There is a well documentated tutorial on how to create add ons. It has helped me a lot. You can find it here.


    There are also a few guides on how to include logging into XF from an other application. Please see this link for one of them. I hope that they will be of help to you.

  14. Dan Allen

    Dan Allen Active Member

    wang, You are my XenForo Hero of the day, December 20, 2015.

    Thank you.

    I appreciate you taking time to explain this. Two comments:
    1. I have been thinking it would be cool to have buttons that said, "login with Facebook / twitter / Google / Dan's Software" I understand that it might awhile (forever/never) before someone besides me includes the button for Dan's Software, but it would be cool to be able to offer a button like that and to use it on my site.
    2. You don't think that it is weird that the openid website does not have a prominent OpenID login and a way to obtain an id that can be used with open id? To me, what you did was explain why the Dog Lover's club members do not own dogs. I can hear that you are explaining something that makes sense, but I am not really getting a clue why none of the dog lovers have dogs or why open id's website does not run openid at least as a demo.
    Last edited: Dec 20, 2015
    wang likes this.
  15. Dan Allen

    Dan Allen Active Member

    Feldon, thanks to wang, I have solid material that appears to be leading toward having a reasonable way to put together what you are describing here. If it starts coming together, I'll let you check it out. What you are describing sounds reasonable and you would make a good critic of anything I can put together. For the price of letting me know what you think, you can have it for use on anything that is yours. My goal is to make something you think is usable, and if it gets that far make it good enough so that I can not be embarrassed about it.

    If I get stuck, I will let you know that. Setting up this self-assigned accountability helps me sustain focus on the work.

    I will keep you posted.
  16. wang

    wang Well-Known Member

    You are welcome sir :)
    Dan Allen likes this.
  17. Dan Allen

    Dan Allen Active Member

    This is a picture of what I think I am looking for the login to XF from an external app. I hope someone will let me know if I have the basic ideas wrong


Share This Page