XenForo login

Hi guys!

I recently bought XenForo (a friend recommended me this forum software) and I am verry hapy with it! I really like the software :)

I've only got one question though, I want forum users to be able to login onto my website with their forum credentials aswell (so not on the forum itself). I came up with this because it would be weird if you ask users to make 2 accounts. Since a forum account is required i thought it would be smart to just use that account for other stuff aswell on the same website.

I looked trough some tables and found the user table (xf_user) so I have found the username and the userID. The only thing I am now looking for is the password table (can't find that). I dont want to decrypt the passwords, but what I want to do is encrypt the passwords the same way (so I can match the input of the user with the password in the table) and I think I can find that awnser in the passwords table :)

I hope you guys can point me towards the right direction :D

- Commander

Edit found a piece of code wich probably wil help a lot :)
Anyone know where I can look up the crypt id?
$startTime = microtime(true);
XenForo_Application::set('page_start_time', $startTime);
//Crypt code you set for your login, if you dont have it, then just comment $crypt out, but this is VERY useful agaisnt brute forces.
/*$crypt = $_POST['crypt'];*/
//Checks if username is set, password is set, and if the crypt ID is the same as you set in your server class.
if (isset($_POST['username']) && isset($_POST['password']) && $crypt === 911895326) {
    //Username you're posting from server.
    $username = $_POST['username'];
    //Password you're posting from server.
    $password = $_POST['password'];
    $db = XenForo_Application::getDb();
    $data = $db->fetchOne('
    FROM xf_user_authenticate AS auth
    INNER JOIN xf_user AS user ON
    (user.user_id = auth.user_id)
    WHERE user.username = ?
    ', $username);
    $auth = XenForo_Authentication_Abstract::createDefault();

    //Checks if equal through the hash
    $check = $auth->authenticate($username, $password);
    //dump for testing (true/false)
        //Checks if login details are equal to the ones that are in the database.
        if ($check) {
            //Prints "Success" string, so you can check in java if the printed string is that, if yes, then create login.
            echo 'Success';
        } else {
            echo 'Failed';
Last edited:

Liam W

Well-known member
The xf_user_authenticate table (or a similar name) is what you're after.

In pretty sure the data is stored in a binary field though.
Ah found it, yea its stored in a binary field :/
The code I found is it good btw or is it outdated?

(What I basically want is that people will be able to log in onto my PHP Application using their XenForo forum account wich is on the same site)

This API looks interesting aswell:

But to use a whole API to only login on a external web application is a bit weird imo XD
Last edited: