radie1230/xf_auth.php

## xf_auth.php
<?php
/*
Script for XenForo 1.X
Tested with: 1.2.4
Created by: #SG# Sharkiller
Forked by: radie1230
Verison: 0.2.1
*/

###############
## Variables ##
###############

# Reject all connections exept this IP.
$secret = "changeme"; //Password needed to use this script
# Database info
$db_server = 'localhost';
$db_user = '';
$db_passwd = '';
$db_name = '';
# Name of the custom field of XenForo where the Minecraft nicknames are stored.
// Here Sharkiller had the option to add the players in-game username as an alias in the profile information.
// But my for my server, the usernames of the players on the forums match those in-game so it became irrelevant.
// The MySQL lookup has been changed for this too, you might want to go back and adopt his method if that is what you require.
#$field = 'username';
# Minecraft nicks ignored from successful message
$ignore = array("admin1","admin2"); // Admin nicknames ignored from broadcast message on login.

##############
## Messages ##
##############

$msg = array(
	"login_successful" => "§8%s §7has logged in. Forum account: §8%s",
	"user_not_exist" => "§6§kasdasd§4 Does the user exist? §6§kasdasd",
	"player_not_exist" => "§4§kasdas§6 Nick not associated in forum. §4§kasdas",
	"user_banned" => "§6§kasdasd§4 The user is banned. §6§kasdasd",
	"wrong_data" => "§6Failed to read the user data. Contact an admin!",
	"wrong_password" => "§4Wrong password! §6 Use §a/login forum-password"
);

////////////////////////////////////////////////
// Don't change bellow this if you don't know //
////////////////////////////////////////////////

####################
## Security check ##
####################

//Restrict access to localhost
//Removing Restrictions

###############
## FUNCTIONS ##
###############

$nickname = $_POST['user'];
$password = $_POST['pass'];
$action = $_POST['action'];

# Response message
function done($msg, $template = "ERROR\n%s"){
	global $mysqli;
	printf($template, $msg);
	$mysqli->close();
	exit;
}

# Ignore users from successfull message.
function ignore($nick){
	global $ignore;
	if(in_array($nick, $ignore))
		return true;
	else
		return false;
}

################################
## Only support login for now ##
################################

# login, register, online, offline
//Removing Restrictions


###############
## Code here ##
###############

# Init MySQL connection
$mysqli = new mysqli($db_server, $db_user, $db_passwd, $db_name);

# Obtain user data (UserID, DataBlob) from Minecraft Nickname.
$stmt = $mysqli->prepare("SELECT `data`, `user_id`  FROM `xf_user_authenticate` WHERE `user_id` = (SELECT `user_id` FROM `xf_user` WHERE `username` = '$nickname') LIMIT 1") or done('MySQL Error 1');
$stmt->execute();
$stmt->bind_result($data, $user_id);
$success = $stmt->fetch();
$stmt->close();

# Check if a user have the nickname associated in the forum
if(!$success)
    done($msg["player_not_exist"]);

# Obtain user data (Username, Ban Status) from UserID.
$stmt = $mysqli->prepare("SELECT `username`, `is_banned` FROM `xf_user` WHERE `user_id` = $user_id LIMIT 1") or done('MySQL Error 2');
$stmt->execute();
$stmt->bind_result($username, $is_banned);
$success = $stmt->fetch();
$stmt->close();

# Check if user exist
if(!$success)
    done($msg["user_not_exist"]);

# Check if banned
if($is_banned == 1)
    done($msg["user_banned"]);

# Check password
//
// The next part sends a HTTP POST to the remote forum website for authentication of the credentials passed along.
// As if signing in through login form from browser.

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL,"http://yourwebsite.com/index.php?login/login");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,
          http_build_query(array('login' => $nickname, 'password' => $password)));

// receive server response ...
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec ($ch);
curl_close ($ch);
# Login Failed
// Will only receive response if there is an error with the credentials
if($response)
	done($msg["wrong_password"]);
# Login Successful
// As no response is received, the server is trying to pass you through, here it can be assumed the credentials have been verified
if (!$response)
	$message = sprintf($msg["login_successful"], $nickname, $username);

done($message, "YES\n%s");

?>
	<?php
	/*
	Script for XenForo 1.X
	Tested with: 1.2.4
	Created by: #SG# Sharkiller
	Forked by: radie1230
	Verison: 0.2.1
	*/

	###############
	## Variables ##
	###############

	# Reject all connections exept this IP.
	$secret = "changeme"; //Password needed to use this script
	# Database info
	$db_server = 'localhost';
	$db_user = '';
	$db_passwd = '';
	$db_name = '';
	# Name of the custom field of XenForo where the Minecraft nicknames are stored.
	// Here Sharkiller had the option to add the players in-game username as an alias in the profile information.
	// But my for my server, the usernames of the players on the forums match those in-game so it became irrelevant.
	// The MySQL lookup has been changed for this too, you might want to go back and adopt his method if that is what you require.
	#$field = 'username';
	# Minecraft nicks ignored from successful message
	$ignore = array("admin1","admin2"); // Admin nicknames ignored from broadcast message on login.

	##############
	## Messages ##
	##############

	$msg = array(
	"login_successful" => "§8%s §7has logged in. Forum account: §8%s",
	"user_not_exist" => "§6§kasdasd§4 Does the user exist? §6§kasdasd",
	"player_not_exist" => "§4§kasdas§6 Nick not associated in forum. §4§kasdas",
	"user_banned" => "§6§kasdasd§4 The user is banned. §6§kasdasd",
	"wrong_data" => "§6Failed to read the user data. Contact an admin!",
	"wrong_password" => "§4Wrong password! §6 Use §a/login forum-password"
	);

	////////////////////////////////////////////////
	// Don't change bellow this if you don't know //
	////////////////////////////////////////////////

	####################
	## Security check ##
	####################

	//Restrict access to localhost
	//Removing Restrictions

	###############
	## FUNCTIONS ##
	###############

	$nickname = $_POST['user'];
	$password = $_POST['pass'];
	$action = $_POST['action'];

	# Response message
	function done($msg, $template = "ERROR\n%s"){
	global $mysqli;
	printf($template, $msg);
	$mysqli->close();
	exit;
	}

	# Ignore users from successfull message.
	function ignore($nick){
	global $ignore;
	if(in_array($nick, $ignore))
	return true;
	else
	return false;
	}

	################################
	## Only support login for now ##
	################################

	# login, register, online, offline
	//Removing Restrictions


	###############
	## Code here ##
	###############

	# Init MySQL connection
	$mysqli = new mysqli($db_server, $db_user, $db_passwd, $db_name);

	# Obtain user data (UserID, DataBlob) from Minecraft Nickname.
	$stmt = $mysqli->prepare("SELECT `data`, `user_id` FROM `xf_user_authenticate` WHERE `user_id` = (SELECT `user_id` FROM `xf_user` WHERE `username` = '$nickname') LIMIT 1") or done('MySQL Error 1');
	$stmt->execute();
	$stmt->bind_result($data, $user_id);
	$success = $stmt->fetch();
	$stmt->close();

	# Check if a user have the nickname associated in the forum
	if(!$success)
	done($msg["player_not_exist"]);

	# Obtain user data (Username, Ban Status) from UserID.
	$stmt = $mysqli->prepare("SELECT `username`, `is_banned` FROM `xf_user` WHERE `user_id` = $user_id LIMIT 1") or done('MySQL Error 2');
	$stmt->execute();
	$stmt->bind_result($username, $is_banned);
	$success = $stmt->fetch();
	$stmt->close();

	# Check if user exist
	if(!$success)
	done($msg["user_not_exist"]);

	# Check if banned
	if($is_banned == 1)
	done($msg["user_banned"]);

	# Check password
	//
	// The next part sends a HTTP POST to the remote forum website for authentication of the credentials passed along.
	// As if signing in through login form from browser.

	$ch = curl_init();

	curl_setopt($ch, CURLOPT_URL,"http://yourwebsite.com/index.php?login/login");
	curl_setopt($ch, CURLOPT_POST, 1);
	curl_setopt($ch, CURLOPT_POSTFIELDS,
	http_build_query(array('login' => $nickname, 'password' => $password)));

	// receive server response ...
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

	$response = curl_exec ($ch);
	curl_close ($ch);
	# Login Failed
	// Will only receive response if there is an error with the credentials
	if($response)
	done($msg["wrong_password"]);
	# Login Successful
	// As no response is received, the server is trying to pass you through, here it can be assumed the credentials have been verified
	if (!$response)
	$message = sprintf($msg["login_successful"], $nickname, $username);

	done($message, "YES\n%s");

	?>