Xenoforo API Question

Codealt

New member
So I am trying to figure out which forum to use for my forum, it is between this, myBB or Vbulletin. I am going to build my front end using React, I looked through some of the API documentation here and it looks like you got a good api, but does it send out as json? I am wanting to know how hard it is going to be to grab my api with axios and print the latest posts and certain users to my front page. Thank you for your time.
 
Yes, all responses are returned in JSON format.

Yeah I looked at the documentation, my wonder is how hard is it? I see you can create a key, but take vbuleltin after you create the key you got to do some weird stuff to use it, on the demo I see you can create a key, but what do you do with the key after you create it? Do you got to create an add-on to use it? Trying to get the forum part to be smooth and easy so I can make most of my time and work go to my front end lol. So what ever I buy I need it to be simple, or simpler than the others.
 
Yeah I looked at the documentation, my wonder is how hard is it? I see you can create a key, but take vbuleltin after you create the key you got to do some weird stuff to use it, on the demo I see you can create a key, but what do you do with the key after you create it? Do you got to create an add-on to use it? Trying to get the forum part to be smooth and easy so I can make most of my time and work go to my front end lol. So what ever I buy I need it to be simple, or simpler than the others.
It just needs to be submitted with the header when the frontend makes the API call. It's very standard REST API. With axios you would just be adding custom headers to a const and submitting that with the axios call.
 
So here's the deal.

I've been using third-party API solutions in order to set up a login scheme for upgraded members to access an RSS feed for the file downloads in the upgrade area (using Resource Manager).


Most recently, I have worked with [bd] AP add-on from xFrocks. Prior to that, I used the XenAPI.

However, when moving to a new, super fast Plesk Obsidian server (with NVMe drives), I find the login scheme is no longer functional.

I'd like to use the home-grown XenForo version, but the directions are above my pay grade.

Here's the current script I use with the above add-on (with ID and secret credentials blocked out).

Can someone help me modify the script and set up the XF API to use it, please?

Code:
<?php

define('API_SCRIPT_ROOT', 'https://theparacast.com/forum/api');
define('API_SCRIPT_CLIENT_ID', '----------');
define('API_SCRIPT_CLIENT_SECRET', '----------E');

/* API SCRIPT FUNCTIONS START */

function apiScriptGetAccessToken($username, $password, $cookieName = null)
{
    foreach ([
                 'API_SCRIPT_ROOT',
                 'API_SCRIPT_CLIENT_ID',
                 'API_SCRIPT_CLIENT_SECRET'
             ] as $apiScriptConstant) {
        if (!defined($apiScriptConstant)) {
            throw new Exception(sprintf('%s must be defined!', $apiScriptConstant));
        }
    }

    if ($cookieName === null) {
        $cookieName = API_SCRIPT_CLIENT_ID . 'AccessToken';
    }
    if (is_string($cookieName) && isset($_COOKIE[$cookieName])) {
        return $_COOKIE[$cookieName];
    }

    $token = apiScriptPostOauthToken($username, $password);

    if (is_string($cookieName) && strlen($cookieName) > 0) {
        setcookie($cookieName, $token['access_token'], time() + $token['expires_in']);
    }

    return $token['access_token'];
}

function apiScriptGetUserMe($accessToken)
{
    $result = @file_get_contents(API_SCRIPT_ROOT . '/index.php?users/me&oauth_token=' . $accessToken);
    if (!is_string($result)) {
        return null;
    }

    $json = @json_decode($result, true);
    if (!is_array($json) || !isset($json['user'])) {
        return null;
    }

    return $json['user'];
}

function apiScriptPostOauthToken($username, $password)
{
    $fields = [
        'grant_type' => 'password',
        'username' => $username,
        'password' => $password,
        'client_id' => API_SCRIPT_CLIENT_ID,
        'client_secret' => API_SCRIPT_CLIENT_SECRET
    ];

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_URL, API_SCRIPT_ROOT . '/index.php?oauth/token');
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
    $result = @curl_exec($ch);
    curl_close($ch);

    $json = @json_decode($result, true);
    if (!is_array($json) || !isset($json['access_token'])) {
        return null;
    }

    return $json;
}

function apiScriptTestUserGroups(array $user, $groupIdsList)
{
    if (!is_string($groupIdsList)) {
        return false;
    }

    $groupIds = preg_split('/[^0-9]/', $groupIdsList, -1, PREG_SPLIT_NO_EMPTY);
    $groupIds = array_map('intval', $groupIds);
    if (count($groupIds) === 0) {
        return true;
    }

    if (!isset($user['user_groups'])) {
        return false;
    }

    foreach ($user['user_groups'] as $userGroup) {
        if (in_array($userGroup['user_group_id'], $groupIds, true)) {
            return true;
        }
    }

    return false;
}

/* API SCRIPT FUNCTIONS END */

if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && strpos($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 'Basic ') === 0) {
    list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
}

if (empty($_SERVER['PHP_AUTH_USER']) ||
    empty($_SERVER['PHP_AUTH_PW']) ||
    !($accessToken = apiScriptGetAccessToken($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']))
) {
    header('WWW-Authenticate: Basic realm="The Paracast+"');
    header('HTTP/1.1 401 Unauthorized');
    die('Please authenticate with your Paracast Forum username and password.');
}

if (!($user = apiScriptGetUserMe($accessToken)) ||
    !apiScriptTestUserGroups($user, '3,4,5,8,9,10,11')
) {
    header('HTTP/1.1 403 Forbidden');
    die('Your account has not been upgraded to access The Paracast+.');
}

header('Content-Type: application/xml; charset=utf-8');          
$doc = new DOMDocument();
$doc->load('288h7su1ksh9.xml');
echo $doc->saveXML();
 
Whoops!

Anyway, I'm not terribly hopeful, since my development budget is zero more or less. But maybe I can offer a few incentives.

Then again, someone who knows this stuff may be able to help me set it up in 5 min. or so, hoping. :)

Thanks always.
 
Sorry 'bout that.

Meantime, if there were clear directions on setting this up for what I want, I wouldn't have to request help.

All I want is a way to allow for logins via member name/password to access content for those in specific user group.
 
Top Bottom