Thread: [Kronos] How to integrate Xenforo Web Auth + World List

Page 1 of 3 123 LastLast
Results 1 to 10 of 22
  1. #1 [Kronos] How to integrate Xenforo Web Auth + World List 
    Extreme Donator


    Join Date
    Jul 2008
    Age
    31
    Posts
    956
    Thanks given
    186
    Thanks received
    344
    Rep Power
    1060
    PLEASE FOR THE LOVE OF ALL THAT IS HOLY.. CHANGE THE API KEYS.

    This guide is only for my Kronos release located here: https://www.rune-server.ee/runescape...ort-184-a.html
    This will not work on your ruse server, however.. feel free to take a look at how we handled the server side. XenForo's API is super easy to integrate with and synced forum accounts are a good thing in 2020

    Authentication
    For this to function correctly, you will need to have purchased a XenForo license.
    If you prefer IPB, "Brandito" has provided a script to do so here:
    Spoiler for IPB Integration:

    I have not personally tested this and much prefer XenForo's API so YMMV!
    IPB Docs: https://invisioncommunity.com/develo...-handler-r174/

    Setup a new page and pageblock via the ACP and use the following script:
    Code:
    if (isset(\IPS\Request::i()->token)) {
        $FIND_TOKEN = 'WRITE A CUSTOM TOKEN HERE FOR ADDED SECURITY! e.g ab442ae66ff03eea56f9a994bb9f22fa346f';
        $providedToken = \IPS\Request::i()->token;
    
        if ($FIND_TOKEN === $providedToken) {
            if (isset(\IPS\Request::i()->login) and isset(\IPS\Request::i()->password)) {
                $login = new \IPS\Login();
                $loginHandler = \IPS\Login\Handler::findMethod('IPS\Login\Handler\Standard');
                $loginname = \IPS\Request::i()->login;
                if (!ctype_alnum($loginname))
                    die(json_encode(array("errorMessage" => "Username contained disallowed words.")));
                try {
                    $member = $loginHandler->authenticateUsernamePassword($login, $loginname, \IPS\Request::i()->protect('password'));
    
                    echo json_encode(
                        array(
                            "user_id" => $member->member_id,
                            "username" => $member->name,
                            "user_group_id" => $member->member_group_id,
                            "secondary_group_ids" => array(2) //REGISTERED GROUP
                        )
                    );
                } catch (\IPS\Login\Exception $ex) {
                    if ($ex->getMessage() == 'login_err_bad_password') {
                        echo json_encode(array("errorMessage" => "Incorrect password. Please try again."));
                    } else {
                        echo json_encode(array("errorMessage" => "Unregistered account."));
                    }
                }
            } else {
                  echo json_encode(array("errorMessage" => "Something went wrong. An account could not be found."));
        }
        } else {
            echo json_encode(array("errorMessage" => "Invalid token."));
        }
    } else {
        echo json_encode(array("errorMessage" => "A query parameter was missing."));
    }


    Log in to your ACP on your xenforo install and head to the API Keys Section, create a new API Key
    Attached image


    Set the title to whatever you'd like but be descriptive, just as best practices.
    You also need to select the Super User perm in order to use the auth scope.

    Now - in general, never give more permission than what is needed for API keys.
    For this, all you need is auth. If you select other things and your key is leaked, people could delete your forum or other malicious things. Use common sense.
    Attached image

    Copy this key, using the button, so that you're sure it's exact.
    Attached image


    Now - Let's head into your IDE and open up `XenforoUtils` class located within the Central Server module.
    You'll want to adjust the forums URL and the Auth key variables. Do not adjust anything else unless you know what you're doing.
    Attached image


    That's it. Auth done.


    World List
    Now in order to setup the world list, you will need to download a small php script --> HERE <--

    Simply place this on your web service somewhere.

    Open `world_updater.php`and modify this API key.
    I recomend using something like LastPass in order to generate a secure 32 character api key.
    Attached image

    Now go back to your IDE and open `WorldList` within the Central Server module.

    First, place the same auth key you just generated, on line 16.
    Attached image


    Second, go to line 59 and modify your url to where your newly uploaded php script is.
    Example: https://example.com/someFolder/world_updater.php?k=
    LEAVE THE "?k=" This is where the auth token will be placed in the request.
    Attached image

    And done. Now, the central server will automatically update the "worlds.ws" file whenever a new world is registered so that you can load more than one world.

    A note about security best practices.
    I'll be the first to admit, we did not do everything properly at Kronos. You should never hard code API keys, so please, load these keys elsewhere like from a json or properties file. Also, API security is extremely important. You are potentially opening up your entire service to outside influence if you do not have secure API keys. PLEASE DO NOT SHORTCUT THIS!
    Last edited by Patrity; 12-31-2020 at 02:17 AM. Reason: IPB Script Added
    Reply With Quote  
     


  2. #2  
    Registered Member
    Join Date
    Nov 2020
    Posts
    10
    Thanks given
    0
    Thanks received
    1
    Rep Power
    36
    Do you think it's possible for you to share the integration for CC and FC to work !
    Reply With Quote  
     

  3. #3  
    Donator
    Pretty_Stinky's Avatar
    Join Date
    Mar 2015
    Posts
    154
    Thanks given
    1
    Thanks received
    11
    Rep Power
    0
    Let the runite leeeches begin!
    Reply With Quote  
     

  4. #4  
    Extreme Donator


    Join Date
    Jul 2008
    Age
    31
    Posts
    956
    Thanks given
    186
    Thanks received
    344
    Rep Power
    1060
    Quote Originally Posted by King Cobraa View Post
    Let the runite leeeches begin!
    Better a runite leech than a ruse leech.

    If you prefer IPB, "Brandito" has provided a script to do so.
    I have not personally tested this and much prefer XenForo's API so YMMV!

    I have added a spoiler on the main post.
    Reply With Quote  
     

  5. Thankful user:


  6. #5  
    Extreme Donator


    Join Date
    Jul 2008
    Age
    31
    Posts
    956
    Thanks given
    186
    Thanks received
    344
    Rep Power
    1060
    Quote Originally Posted by Badouscape View Post
    Do you think it's possible for you to share the integration for CC and FC to work !
    Your PMs and CC is probably not working because your central server is not connecting to the world updater which is the second part of this tutorial.
    Let me know if that helps out!
    Reply With Quote  
     

  7. #6  
    BoomScape #1
    BoomScape's Avatar
    Join Date
    May 2013
    Posts
    2,422
    Thanks given
    289
    Thanks received
    234
    Rep Power
    48
    Quote Originally Posted by Patrity View Post
    PLEASE FOR THE LOVE OF ALL THAT IS HOLY.. CHANGE THE API KEYS.

    This guide is only for my Kronos release located here: https://www.rune-server.ee/runescape...ort-184-a.html
    This will not work on your ruse server, however.. feel free to take a look at how we handled the server side. XenForo's API is super easy to integrate with and synced forum accounts are a good thing in 2020

    Authentication
    For this to function correctly, you will need to have purchased a XenForo license.
    If you prefer IPB, "Brandito" has provided a script to do so here:
    Spoiler for IPB Integration:

    I have not personally tested this and much prefer XenForo's API so YMMV!
    IPB Docs: https://invisioncommunity.com/develo...-handler-r174/

    Setup a new page and pageblock via the ACP and use the following script:
    Code:
    if (isset(\IPS\Request::i()->token)) {
        $FIND_TOKEN = 'WRITE A CUSTOM TOKEN HERE FOR ADDED SECURITY! e.g ab442ae66ff03eea56f9a994bb9f22fa346f';
        $providedToken = \IPS\Request::i()->token;
    
        if ($FIND_TOKEN === $providedToken) {
            if (isset(\IPS\Request::i()->login) and isset(\IPS\Request::i()->password)) {
                $login = new \IPS\Login();
                $loginHandler = \IPS\Login\Handler::findMethod('IPS\Login\Handler\Standard');
                $loginname = \IPS\Request::i()->login;
                if (!ctype_alnum($loginname))
                    die(json_encode(array("errorMessage" => "Username contained disallowed words.")));
                try {
                    $member = $loginHandler->authenticateUsernamePassword($login, $loginname, \IPS\Request::i()->protect('password'));
    
                    echo json_encode(
                        array(
                            "user_id" => $member->member_id,
                            "username" => $member->name,
                            "user_group_id" => $member->member_group_id,
                            "secondary_group_ids" => array(2) //REGISTERED GROUP
                        )
                    );
                } catch (\IPS\Login\Exception $ex) {
                    if ($ex->getMessage() == 'login_err_bad_password') {
                        echo json_encode(array("errorMessage" => "Incorrect password. Please try again."));
                    } else {
                        echo json_encode(array("errorMessage" => "Unregistered account."));
                    }
                }
            } else {
                  echo json_encode(array("errorMessage" => "Something went wrong. An account could not be found."));
        }
        } else {
            echo json_encode(array("errorMessage" => "Invalid token."));
        }
    } else {
        echo json_encode(array("errorMessage" => "A query parameter was missing."));
    }


    Log in to your ACP on your xenforo install and head to the API Keys Section, create a new API Key
    Attached image


    Set the title to whatever you'd like but be descriptive, just as best practices.
    You also need to select the Super User perm in order to use the auth scope.

    Now - in general, never give more permission than what is needed for API keys.
    For this, all you need is auth. If you select other things and your key is leaked, people could delete your forum or other malicious things. Use common sense.
    Attached image

    Copy this key, using the button, so that you're sure it's exact.
    Attached image


    Now - Let's head into your IDE and open up `XenforoUtils` class located within the Central Server module.
    You'll want to adjust the forums URL and the Auth key variables. Do not adjust anything else unless you know what you're doing.
    Attached image


    That's it. Auth done.


    World List
    Now in order to setup the world list, you will need to download a small php script --> HERE <--

    Simply place this on your web service somewhere.

    Open `world_updater.php`and modify this API key.
    I recomend using something like LastPass in order to generate a secure 32 character api key.
    Attached image

    Now go back to your IDE and open `WorldList` within the Central Server module.

    First, place the same auth key you just generated, on line 16.
    Attached image


    Second, go to line 59 and modify your url to where your newly uploaded php script is.
    Example: https://example.com/someFolder/world_updater.php?k=
    LEAVE THE "?k=" This is where the auth token will be placed in the request.
    Attached image

    And done. Now, the central server will automatically update the "worlds.ws" file whenever a new world is registered so that you can load more than one world.

    A note about security best practices.
    I'll be the first to admit, we did not do everything properly at Kronos. You should never hard code API keys, so please, load these keys elsewhere like from a json or properties file. Also, API security is extremely important. You are potentially opening up your entire service to outside influence if you do not have secure API keys. PLEASE DO NOT SHORTCUT THIS!
    With the IPB connection if you have any idea, when setting up the link i put in the URL of where the page with that code is located and put my own auth key codes into both, but when attempting to login I get the following error

    Code:
    james attempting to login.
    org.json.JSONException: A JSONObject text must begin with '{' at 1 [character 2 line 1]
    	at org.json.JSONTokener.syntaxError(JSONTokener.java:507)
    	at org.json.JSONObject.<init>(JSONObject.java:222)
    	at org.json.JSONObject.<init>(JSONObject.java:406)
    	at io.ruin.central.utility.XenforoUtils.login(XenforoUtils.java:77)
    	at io.ruin.central.utility.XenforoUtils.attemptLogin(XenforoUtils.java:21)
    	at io.ruin.central.model.world.WorldLogin.lambda$new$0(WorldLogin.java:37)
    	at java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1640)
    	at java.util.concurrent.CompletableFuture$AsyncRun.exec(CompletableFuture.java:1632)
    	at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
    	at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1067)
    	at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1703)
    	at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:172)
    Any clue on this one?
    Attached image
    Reply With Quote  
     

  8. #7  
    Extreme Donator


    Join Date
    Jul 2008
    Age
    31
    Posts
    956
    Thanks given
    186
    Thanks received
    344
    Rep Power
    1060
    Quote Originally Posted by BoomScape View Post
    With the IPB connection if you have any idea, when setting up the link i put in the URL of where the page with that code is located and put my own auth key codes into both, but when attempting to login I get the following error

    Code:
    james attempting to login.
    org.json.JSONException: A JSONObject text must begin with '{' at 1 [character 2 line 1]
    	at org.json.JSONTokener.syntaxError(JSONTokener.java:507)
    	at org.json.JSONObject.<init>(JSONObject.java:222)
    	at org.json.JSONObject.<init>(JSONObject.java:406)
    	at io.ruin.central.utility.XenforoUtils.login(XenforoUtils.java:77)
    	at io.ruin.central.utility.XenforoUtils.attemptLogin(XenforoUtils.java:21)
    	at io.ruin.central.model.world.WorldLogin.lambda$new$0(WorldLogin.java:37)
    	at java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1640)
    	at java.util.concurrent.CompletableFuture$AsyncRun.exec(CompletableFuture.java:1632)
    	at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
    	at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1067)
    	at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1703)
    	at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:172)
    Any clue on this one?
    Looks like the response is not as expected. As I said, I have not tested the IPB integration, however you could run some test requests using Postman: https://www.postman.com/
    Reply With Quote  
     

  9. #8  
    BoomScape #1
    BoomScape's Avatar
    Join Date
    May 2013
    Posts
    2,422
    Thanks given
    289
    Thanks received
    234
    Rep Power
    48
    Quote Originally Posted by Patrity View Post
    Your PMs and CC is probably not working because your central server is not connecting to the world updater which is the second part of this tutorial.
    Let me know if that helps out!
    Also got the same error as that guy with friends/cc not working with this configured

    It looks like it's related to the file 'XenPost' but unsure on the auth for that system?

    Attached image
    Attached image
    Reply With Quote  
     

  10. #9  
    Extreme Donator


    Join Date
    Jul 2008
    Age
    31
    Posts
    956
    Thanks given
    186
    Thanks received
    344
    Rep Power
    1060
    Quote Originally Posted by BoomScape View Post
    Also got the same error as that guy with friends/cc not working with this configured

    It looks like it's related to the file 'XenPost' but unsure on the auth for that system?

    Attached image
    Users would need to bypass any use of that post method. I will not release that integration script that was originally released with Runite because it is a massive security concern.
    Nothing is secure about the way it is created.
    Reply With Quote  
     

  11. #10  
    Registered Member
    Join Date
    Aug 2012
    Posts
    190
    Thanks given
    12
    Thanks received
    13
    Rep Power
    29
    Quote Originally Posted by Patrity View Post
    Looks like the response is not as expected. As I said, I have not tested the IPB integration, however you could run some test requests using Postman: https://www.postman.com/
    I get that same error with the Xenforo Intergration don't wana use the runite one xD
    Reply With Quote  
     

Page 1 of 3 123 LastLast

Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Similar Threads

  1. Replies: 2
    Last Post: 02-04-2013, 09:52 PM
  2. [VB] How to make a web browser [VB]
    By .net in forum Application Development
    Replies: 0
    Last Post: 04-01-2012, 02:13 PM
  3. How to add support for multiple worlds without needing a database.
    By thiefmn6092 in forum Informative Threads
    Replies: 79
    Last Post: 10-07-2011, 05:43 AM
  4. How To Create A Web Server!
    By Cronicman1 in forum Tutorials
    Replies: 12
    Last Post: 11-13-2010, 11:08 PM
  5. How To Make A Web Launcher
    By Eleclion in forum Website Development
    Replies: 1
    Last Post: 09-01-2008, 09:20 PM
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •