Implemented XenForo Login API for Third-Party Scripts

feldon30

Well-known member
There is currently no elegant way for a third-party script to trigger (remote control) standard functions within XenForo such as Login, Logout, Register User, Change E-mail/Password/etc., or Delete User.

I looked at XenAPI and other add-ons and none seemed to enable third-party scripts to remotely control XenForo to the degree we needed. Rewriting our web application to use XenForo's login routines was not an option.

I investigated the Login/Logout functions present in XenForo, but they require the hashed password, which is not something a third-party script would (or should) have access to. After 30 hours developing a rather kludgy integration (as you can read about here) there is still no elegant solution for the AdminCP extra login security popup. I also fear that our integration may be "fragile" and be affected by future changes in XenForo. Including such an API out-of-the-box would eliminate this fear.

My suggestion is either:
  • Provide a standalone API file like xenforo_api.php which contains fully encapsulated versions of major XenForo functions, and which can be included into a third-party script by passing an encrypted key to perform these functions without the user's password hash:
  1. Login (creates session, cookies, etc. as needed to fully log a user, mod, or administrator in)
  2. Logout (ibid.)
  3. Register User (provide any and all profile fields, including UserID of the user to be created)
  4. Update User (change the e-mail or password of a user)
  5. Delete User
  6. Create Thread
  7. Create Post
or:
  • Provide documentation for third-party integration, and provide a version of the Login function that will accept a 64-bit encrypted "API key" in lieu of the user's hashed password. Also, provide a way to disable the AdminCP extra security login procedure for users that login through the API.
 
Upvote 15
This suggestion has been implemented. Votes are no longer accepted.
II must be missing something I downloaded the sdk, and once I figured out how to get into the right directory, it looks to me like it supports everything I need.
  • Login (creates session, cookies, etc. as needed to fully log a user, mod, or administrator in)

    yes
  • Logout (ibid.)
    yes
  • Register User (provide any and all profile fields, including UserID of the user to be created)
    yes
  • Update User (change the e-mail or password of a user)
    no
  • Delete User
    no
  • Create Thread
    no
  • Create Post
    no
ok, not all those functions are built, but a bunch are, and those must give huge clues for how the rest can be added

Have you had a chance to evaluate the sdk?
 
II must be missing something I downloaded the sdk, and once I figured out how to get into the right directory, it looks to me like it supports everything I need.
Never heard of XenSDK til now. It was released a week after my post. It has 172 downloads and only 2 pages of discussion. Odd how little demand there is to integrate XenForo with other established websites.
 
Never heard of XenSDK til now. It was released a week after my post. It has 172 downloads and only 2 pages of discussion. Odd how little demand there is to integrate XenForo with other established websites.
At this point, the SDK is kind of old. And when I installed the upgrade to 1.5.4 it killed the login I had working with the SDK.

It looks to me that there is demand for quality, current addon for logging in and the other functions you mentioned. I am curious why none has become prominent.

I would several days to do it, because I understand so little about how to work with XF's objects. I can tinker, but I am not setup with a library of all the recent XF objects configured for general purpose development. To be good, it would need an easy way to stay current as XF updates the same objects you'd need to include with some variations in the system I am envisioning. I bet someone who programs with XF on a regular basis could have a working demo in a few hours that would be good enough that I could adapt it for what I need. That same task is going to take me weeks or at least several days, before I really understand how this stuff works.

People are being gracious enough to provide clues, but they are not specific enough. "Look at how XF does login and use that" is the type of help coming forward. Well, duh, I know to do that but the problem for me I don't know how to send login data to the part of the object structure that is going to process it and when it does, I don't want to be redirected to a XF screen, I need an XF session and cookie that will get me in when I next navigate to the forum. I don't understand how to make my program interact with this onel
 
Last edited:
Oh yea, the other crucial tip I got was, "it's easy... use these three lines of code, assuming you are in a controller."

So, I asked the weird question: "got any starter code I can use to be in one of those controllers?" No response. It's easy if you already know how and if you don't already know, you are not qualified to ask questions.

The trick is going to be setting up an XF environment that you can adapt.
 
Start off by setting up a dev environment that allows you to debug your code by stepping through it line by line.
I use Wampserver and do the debugging with the built in debugger in PHPed. Wampserver is free and PHPed often goes on sale.

Next, go through the tutorials here
https://xenforo.com/community/resources/categories/development-tutorials.36/
Ok, I am going to take that road.

I was thinking there might be a spec, guide or sample named something like "This is how to Make a XenForo add_on."

Do you know if any of those tutorial include logging into XF from an other app?
 
I like this idea, however I think it'd be good to use something like OpenID: http://wiki.openid.net/w/page/12995226/Run your own identity server so you can more easily throw a "login with XXXX" on any other site you own with an OpenID handler :)
OpenID is one of the strangest things I ever saw. Idea sounds great. Go to their website. http://openid.net/ No way to signup. No way to get an openID there.

That is weird. It is like going to the Dog Lover's club and finding that none of the members have dogs

Their blog reads like it is from the United Nations. That much makes sense, because the UN never does anything either
 
OpenID is one of the strangest things I ever saw. Idea sounds great. Go to their website. http://openid.net/ No way to signup. No way to get an openID there.

That is weird. It is like going to the Dog Lover's club and finding that none of the members have dogs

Their blog reads like it is from the United Nations. That much makes sense, because the UN never does anything either

You don't 'get an openid' you run an openid provider that an openid client can login with. Just think the 'login with Facebook / twitter /Google / whatever buttons
 
I was thinking there might be a spec, guide or sample named something like "This is how to Make a XenForo add_on."

Do you know if any of those tutorial include logging into XF from an other app?

There is a well documentated tutorial on how to create add ons. It has helped me a lot. You can find it here.

https://xenforo.com/community/threads/creating-an-addon.5416/

There are also a few guides on how to include logging into XF from an other application. Please see this link for one of them. I hope that they will be of help to you.

https://xenforo.com/community/threads/login-logout-on-external-page.95362/
 
There is a well documentated tutorial on how to create add ons. It has helped me a lot. You can find it here.

https://xenforo.com/community/threads/creating-an-addon.5416/

There are also a few guides on how to include logging into XF from an other application. Please see this link for one of them. I hope that they will be of help to you.

https://xenforo.com/community/threads/login-logout-on-external-page.95362/

wang, You are my XenForo Hero of the day, December 20, 2015.

Thank you.

You don't 'get an openid' you run an openid provider that an openid client can login with. Just think the 'login with Facebook / twitter /Google / whatever buttons

I appreciate you taking time to explain this. Two comments:
  1. I have been thinking it would be cool to have buttons that said, "login with Facebook / twitter / Google / Dan's Software" I understand that it might awhile (forever/never) before someone besides me includes the button for Dan's Software, but it would be cool to be able to offer a button like that and to use it on my site.
  2. You don't think that it is weird that the openid website does not have a prominent OpenID login and a way to obtain an id that can be used with open id? To me, what you did was explain why the Dog Lover's club members do not own dogs. I can hear that you are explaining something that makes sense, but I am not really getting a clue why none of the dog lovers have dogs or why open id's website does not run openid at least as a demo.
 
Last edited:
There is currently no elegant way for a third-party script to trigger (remote control) standard functions within XenForo such as Login, Logout, Register User, Change E-mail/Password/etc., or Delete User.
Feldon, thanks to wang, I have solid material that appears to be leading toward having a reasonable way to put together what you are describing here. If it starts coming together, I'll let you check it out. What you are describing sounds reasonable and you would make a good critic of anything I can put together. For the price of letting me know what you think, you can have it for use on anything that is yours. My goal is to make something you think is usable, and if it gets that far make it good enough so that I can not be embarrassed about it.

If I get stuck, I will let you know that. Setting up this self-assigned accountability helps me sustain focus on the work.

I will keep you posted.
 
This is a picture of what I think I am looking for the login to XF from an external app. I hope someone will let me know if I have the basic ideas wrong

upload_2015-12-22_11-44-47.webp
 
Top Bottom