Thread: [Kronos] How to integrate Xenforo Web Auth + World List

Results 1 to 9 of 9
  1. #1 [Kronos] How to integrate Xenforo Web Auth + World List 
    Extreme Donator

    Patrity's Avatar
    Join Date
    Jul 2008
    Age
    28
    Posts
    927
    Thanks given
    163
    Thanks received
    270
    Rep Power
    822
    PLEASE FOR THE LOVE OF ALL THAT IS HOLY.. CHANGE THE API KEYS.

    This guide is only for my Kronos release located here: [Only registered and activated users can see links. ]
    This will not work on your ruse server, however.. feel free to take a look at how we handled the server side. XenForo's API is super easy to integrate with and synced forum accounts are a good thing in 2020

    Authentication
    For this to function correctly, you will need to have purchased a XenForo license.
    If you prefer IPB, "Brandito" has provided a script to do so here:
    Spoiler for IPB Integration:

    I have not personally tested this and much prefer XenForo's API so YMMV!
    IPB Docs: [Only registered and activated users can see links. ]

    Setup a new page and pageblock via the ACP and use the following script:
    Code:
    if (isset(\IPS\Request::i()->token)) {
        $FIND_TOKEN = 'WRITE A CUSTOM TOKEN HERE FOR ADDED SECURITY! e.g ab442ae66ff03eea56f9a994bb9f22fa346f';
        $providedToken = \IPS\Request::i()->token;
    
        if ($FIND_TOKEN === $providedToken) {
            if (isset(\IPS\Request::i()->login) and isset(\IPS\Request::i()->password)) {
                $login = new \IPS\Login();
                $loginHandler = \IPS\Login\Handler::findMethod('IPS\Login\Handler\Standard');
                $loginname = \IPS\Request::i()->login;
                if (!ctype_alnum($loginname))
                    die(json_encode(array("errorMessage" => "Username contained disallowed words.")));
                try {
                    $member = $loginHandler->authenticateUsernamePassword($login, $loginname, \IPS\Request::i()->protect('password'));
    
                    echo json_encode(
                        array(
                            "user_id" => $member->member_id,
                            "username" => $member->name,
                            "user_group_id" => $member->member_group_id,
                            "secondary_group_ids" => array(2) //REGISTERED GROUP
                        )
                    );
                } catch (\IPS\Login\Exception $ex) {
                    if ($ex->getMessage() == 'login_err_bad_password') {
                        echo json_encode(array("errorMessage" => "Incorrect password. Please try again."));
                    } else {
                        echo json_encode(array("errorMessage" => "Unregistered account."));
                    }
                }
            } else {
                  echo json_encode(array("errorMessage" => "Something went wrong. An account could not be found."));
        }
        } else {
            echo json_encode(array("errorMessage" => "Invalid token."));
        }
    } else {
        echo json_encode(array("errorMessage" => "A query parameter was missing."));
    }


    Log in to your ACP on your xenforo install and head to the API Keys Section, create a new API Key



    Set the title to whatever you'd like but be descriptive, just as best practices.
    You also need to select the Super User perm in order to use the auth scope.

    Now - in general, never give more permission than what is needed for API keys.
    For this, all you need is auth. If you select other things and your key is leaked, people could delete your forum or other malicious things. Use common sense.


    Copy this key, using the button, so that you're sure it's exact.



    Now - Let's head into your IDE and open up `XenforoUtils` class located within the Central Server module.
    You'll want to adjust the forums URL and the Auth key variables. Do not adjust anything else unless you know what you're doing.



    That's it. Auth done.


    World List
    Now in order to setup the world list, you will need to download a small php script --> [Only registered and activated users can see links. ]<--

    Simply place this on your web service somewhere.

    Open `world_updater.php`and modify this API key.
    I recomend using something like LastPass in order to generate a secure 32 character api key.


    Now go back to your IDE and open `WorldList` within the Central Server module.

    First, place the same auth key you just generated, on line 16.



    Second, go to line 59 and modify your url to where your newly uploaded php script is.
    Example: [Only registered and activated users can see links. ]
    LEAVE THE "?k=" This is where the auth token will be placed in the request.


    And done. Now, the central server will automatically update the "worlds.ws" file whenever a new world is registered so that you can load more than one world.

    A note about security best practices.
    I'll be the first to admit, we did not do everything properly at Kronos. You should never hard code API keys, so please, load these keys elsewhere like from a json or properties file. Also, API security is extremely important. You are potentially opening up your entire service to outside influence if you do not have secure API keys. PLEASE DO NOT SHORTCUT THIS!
    Last edited by Patrity; 12-31-2020 at 02:17 AM. Reason: IPB Script Added
    Free map releases: [Only registered and activated users can see links. ]



    [Only registered and activated users can see links. ]
    Reply With Quote  
     


  2. #2  
    Registered Member
    Join Date
    Nov 2020
    Posts
    10
    Thanks given
    0
    Thanks received
    0
    Rep Power
    11
    Do you think it's possible for you to share the integration for CC and FC to work !
    Reply With Quote  
     

  3. #3  
    Registered Member
    Join Date
    Mar 2015
    Posts
    131
    Thanks given
    0
    Thanks received
    4
    Rep Power
    14
    Let the runite leeeches begin!
    Reply With Quote  
     

  4. #4  
    Extreme Donator

    Patrity's Avatar
    Join Date
    Jul 2008
    Age
    28
    Posts
    927
    Thanks given
    163
    Thanks received
    270
    Rep Power
    822
    Quote Originally Posted by King Cobraa View Post
    Let the runite leeeches begin!
    Better a runite leech than a ruse leech.

    If you prefer IPB, "Brandito" has provided a script to do so.
    I have not personally tested this and much prefer XenForo's API so YMMV!

    I have added a spoiler on the main post.
    Free map releases: [Only registered and activated users can see links. ]



    [Only registered and activated users can see links. ]
    Reply With Quote  
     

  5. Thankful user:


  6. #5  
    Extreme Donator

    Patrity's Avatar
    Join Date
    Jul 2008
    Age
    28
    Posts
    927
    Thanks given
    163
    Thanks received
    270
    Rep Power
    822
    Quote Originally Posted by Badouscape View Post
    Do you think it's possible for you to share the integration for CC and FC to work !
    Your PMs and CC is probably not working because your central server is not connecting to the world updater which is the second part of this tutorial.
    Let me know if that helps out!
    Free map releases: [Only registered and activated users can see links. ]



    [Only registered and activated users can see links. ]
    Reply With Quote  
     

  7. #6  
    BoomScape #1
    BoomScape's Avatar
    Join Date
    May 2013
    Posts
    2,089
    Thanks given
    221
    Thanks received
    172
    Rep Power
    44
    Quote Originally Posted by Patrity View Post
    PLEASE FOR THE LOVE OF ALL THAT IS HOLY.. CHANGE THE API KEYS.

    This guide is only for my Kronos release located here: [Only registered and activated users can see links. ]
    This will not work on your ruse server, however.. feel free to take a look at how we handled the server side. XenForo's API is super easy to integrate with and synced forum accounts are a good thing in 2020

    Authentication
    For this to function correctly, you will need to have purchased a XenForo license.
    If you prefer IPB, "Brandito" has provided a script to do so here:
    Spoiler for IPB Integration:

    I have not personally tested this and much prefer XenForo's API so YMMV!
    IPB Docs: [Only registered and activated users can see links. ]

    Setup a new page and pageblock via the ACP and use the following script:
    Code:
    if (isset(\IPS\Request::i()->token)) {
        $FIND_TOKEN = 'WRITE A CUSTOM TOKEN HERE FOR ADDED SECURITY! e.g ab442ae66ff03eea56f9a994bb9f22fa346f';
        $providedToken = \IPS\Request::i()->token;
    
        if ($FIND_TOKEN === $providedToken) {
            if (isset(\IPS\Request::i()->login) and isset(\IPS\Request::i()->password)) {
                $login = new \IPS\Login();
                $loginHandler = \IPS\Login\Handler::findMethod('IPS\Login\Handler\Standard');
                $loginname = \IPS\Request::i()->login;
                if (!ctype_alnum($loginname))
                    die(json_encode(array("errorMessage" => "Username contained disallowed words.")));
                try {
                    $member = $loginHandler->authenticateUsernamePassword($login, $loginname, \IPS\Request::i()->protect('password'));
    
                    echo json_encode(
                        array(
                            "user_id" => $member->member_id,
                            "username" => $member->name,
                            "user_group_id" => $member->member_group_id,
                            "secondary_group_ids" => array(2) //REGISTERED GROUP
                        )
                    );
                } catch (\IPS\Login\Exception $ex) {
                    if ($ex->getMessage() == 'login_err_bad_password') {
                        echo json_encode(array("errorMessage" => "Incorrect password. Please try again."));
                    } else {
                        echo json_encode(array("errorMessage" => "Unregistered account."));
                    }
                }
            } else {
                  echo json_encode(array("errorMessage" => "Something went wrong. An account could not be found."));
        }
        } else {
            echo json_encode(array("errorMessage" => "Invalid token."));
        }
    } else {
        echo json_encode(array("errorMessage" => "A query parameter was missing."));
    }


    Log in to your ACP on your xenforo install and head to the API Keys Section, create a new API Key



    Set the title to whatever you'd like but be descriptive, just as best practices.
    You also need to select the Super User perm in order to use the auth scope.

    Now - in general, never give more permission than what is needed for API keys.
    For this, all you need is auth. If you select other things and your key is leaked, people could delete your forum or other malicious things. Use common sense.


    Copy this key, using the button, so that you're sure it's exact.



    Now - Let's head into your IDE and open up `XenforoUtils` class located within the Central Server module.
    You'll want to adjust the forums URL and the Auth key variables. Do not adjust anything else unless you know what you're doing.



    That's it. Auth done.


    World List
    Now in order to setup the world list, you will need to download a small php script --> [Only registered and activated users can see links. ]<--

    Simply place this on your web service somewhere.

    Open `world_updater.php`and modify this API key.
    I recomend using something like LastPass in order to generate a secure 32 character api key.


    Now go back to your IDE and open `WorldList` within the Central Server module.

    First, place the same auth key you just generated, on line 16.



    Second, go to line 59 and modify your url to where your newly uploaded php script is.
    Example: [Only registered and activated users can see links. ]
    LEAVE THE "?k=" This is where the auth token will be placed in the request.


    And done. Now, the central server will automatically update the "worlds.ws" file whenever a new world is registered so that you can load more than one world.

    A note about security best practices.
    I'll be the first to admit, we did not do everything properly at Kronos. You should never hard code API keys, so please, load these keys elsewhere like from a json or properties file. Also, API security is extremely important. You are potentially opening up your entire service to outside influence if you do not have secure API keys. PLEASE DO NOT SHORTCUT THIS!
    With the IPB connection if you have any idea, when setting up the link i put in the URL of where the page with that code is located and put my own auth key codes into both, but when attempting to login I get the following error

    Code:
    james attempting to login.
    org.json.JSONException: A JSONObject text must begin with '{' at 1 [character 2 line 1]
    	at org.json.JSONTokener.syntaxError(JSONTokener.java:507)
    	at org.json.JSONObject.<init>(JSONObject.java:222)
    	at org.json.JSONObject.<init>(JSONObject.java:406)
    	at io.ruin.central.utility.XenforoUtils.login(XenforoUtils.java:77)
    	at io.ruin.central.utility.XenforoUtils.attemptLogin(XenforoUtils.java:21)
    	at io.ruin.central.model.world.WorldLogin.lambda$new$0(WorldLogin.java:37)
    	at java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1640)
    	at java.util.concurrent.CompletableFuture$AsyncRun.exec(CompletableFuture.java:1632)
    	at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
    	at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1067)
    	at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1703)
    	at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:172)
    Any clue on this one?
    Reply With Quote  
     

  8. #7  
    Extreme Donator

    Patrity's Avatar
    Join Date
    Jul 2008
    Age
    28
    Posts
    927
    Thanks given
    163
    Thanks received
    270
    Rep Power
    822
    Quote Originally Posted by BoomScape View Post
    With the IPB connection if you have any idea, when setting up the link i put in the URL of where the page with that code is located and put my own auth key codes into both, but when attempting to login I get the following error

    Code:
    james attempting to login.
    org.json.JSONException: A JSONObject text must begin with '{' at 1 [character 2 line 1]
    	at org.json.JSONTokener.syntaxError(JSONTokener.java:507)
    	at org.json.JSONObject.<init>(JSONObject.java:222)
    	at org.json.JSONObject.<init>(JSONObject.java:406)
    	at io.ruin.central.utility.XenforoUtils.login(XenforoUtils.java:77)
    	at io.ruin.central.utility.XenforoUtils.attemptLogin(XenforoUtils.java:21)
    	at io.ruin.central.model.world.WorldLogin.lambda$new$0(WorldLogin.java:37)
    	at java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1640)
    	at java.util.concurrent.CompletableFuture$AsyncRun.exec(CompletableFuture.java:1632)
    	at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
    	at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1067)
    	at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1703)
    	at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:172)
    Any clue on this one?
    Looks like the response is not as expected. As I said, I have not tested the IPB integration, however you could run some test requests using Postman: [Only registered and activated users can see links. ]
    Free map releases: [Only registered and activated users can see links. ]



    [Only registered and activated users can see links. ]
    Reply With Quote  
     

  9. #8  
    BoomScape #1
    BoomScape's Avatar
    Join Date
    May 2013
    Posts
    2,089
    Thanks given
    221
    Thanks received
    172
    Rep Power
    44
    Quote Originally Posted by Patrity View Post
    Your PMs and CC is probably not working because your central server is not connecting to the world updater which is the second part of this tutorial.
    Let me know if that helps out!
    Also got the same error as that guy with friends/cc not working with this configured

    It looks like it's related to the file 'XenPost' but unsure on the auth for that system?

    Reply With Quote  
     

  10. #9  
    Extreme Donator

    Patrity's Avatar
    Join Date
    Jul 2008
    Age
    28
    Posts
    927
    Thanks given
    163
    Thanks received
    270
    Rep Power
    822
    Quote Originally Posted by BoomScape View Post
    Also got the same error as that guy with friends/cc not working with this configured

    It looks like it's related to the file 'XenPost' but unsure on the auth for that system?

    Users would need to bypass any use of that post method. I will not release that integration script that was originally released with Runite because it is a massive security concern.
    Nothing is secure about the way it is created.
    Free map releases: [Only registered and activated users can see links. ]



    [Only registered and activated users can see links. ]
    Reply With Quote  
     


Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. Replies: 2
    Last Post: 02-04-2013, 09:52 PM
  2. [VB] How to make a web browser [VB]
    By .net in forum Tutorials
    Replies: 0
    Last Post: 04-01-2012, 02:13 PM
  3. How to add support for multiple worlds without needing a database.
    By thiefmn6092 in forum Informative Threads
    Replies: 79
    Last Post: 10-07-2011, 05:43 AM
  4. How To Create A Web Server!
    By Cronicman1 in forum Tutorials
    Replies: 12
    Last Post: 11-13-2010, 11:08 PM
  5. How To Make A Web Launcher
    By Eleclion in forum Website Development
    Replies: 1
    Last Post: 09-01-2008, 09:20 PM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •