dongye9453 2017-06-21 09:22
浏览 49
已采纳

从joomla中验证登录凭据! 核心结构

I am developing a plug-in for joomla! but considering the complexity of the script I designed it out of the core structure.

Now the only problem I am having is to let users login just once as administrators and following my plug-in folder, which is misplaced, only if they have permission.

my plug-in is in:( path[dot]com/test) folder everything works fine in there but is available to the public.

So far i have tried from the (test/index.php) this code :

// Load Joomla! configuration file
require_once('../configuration.php');
// Create a JConfig object
$config = new JConfig();
//import variables
$dbhostname     = $config->host;
$dbusername     = $config->user; 
$dbpassword     = $config->password;
$dbdatabase     = $config->db;
$dbprefix       = $config->dbprefix;
$secret         = $config->secret;

// Get these from your form...

   $username_for_check = 'admin'; // this username should be in your database = change it

   $password_for_check = 'passw'; //this password should be in your database encrypted = change it

//connect to db
   $mysqli = new mysqli($dbhostname,$dbusername,$dbpassword,$dbdatabase);

   if ($result = $mysqli->query('SELECT j.username,j.password FROM '.$dbprefix.'users j WHERE j.username="'.$username_for_check.'" LIMIT 1;')) {

      if ($result->num_rows == 0){
         echo 'Username does not exist.';
      }
      else{
         while ($row = $result->fetch_object()) {

            //Grab username and password from table #__users
            $joomla_user = $row->username;
            $joomla_pass = $row->password;


            $pass_array = explode(':',$row->password);// <== Here not sure!!
            //but it should be the magic behind it.. for me doesn't work  in joomla 3.5 and above apparently as encryption method changed
            //my password does not have a colon in between

            //\\===\ Those are just echos to visually check if the password was matched /==//\\

            echo '[USER:] '.$joomla_user.'<br>';

            echo '[PASS:] '.$joomla_pass.'<br>';

            echo '[HASH:] '.$joomla_hash = $pass_array[0].'<br>';

            echo '[SALT:] '.$joomla_salt = $pass_array[1].'<br>';

            echo '[SECRET:] '.$secret.'<br>'; //secret maybe of help, just put it ready for testing

            echo '[CHECK:] '.md5($password_for_check.$joomla_salt).'<br>';
            //=======================================================================//
         }

         if($joomla_hash == md5($password_for_check.$joomla_salt)){ //Old approch for validating according to various prehistoric posts

            echo 'Username and password combination validated.';

         }
         else{
            echo 'Invalid password for username.';
         }

      }

   }
   else {
     echo 'LOGIN VALIDATION: MySQL Error - '.$mysqli->error;
   }
   //close db
   $mysqli->close();

Trying to return a match and verify registered users before continuing.

I hope someone have a solution for this on 3.5 and above.

thanks in advance

  • 写回答

1条回答 默认 最新

  • dopgl80062 2017-06-21 19:51
    关注

    Found out the best way to do it is like this hope it would help someone:

    <?php
    // Load Joomla! configuration file
    require_once('../configuration.php');
    // Create a JConfig object
    $config = new JConfig();
    //import variables
    $dbhostname     = $config->host;
    $dbusername     = $config->user;  
    $dbpassword     = $config->password;
    $dbdatabase     = $config->db;
    $dbprefix       = $config->dbprefix;
    
    // Get these from your form...
        $username_for_check = 'admin'; // this username should be in your database = change it
        $password_for_check = '1234'; //this password should be in your database encrypted = change it
    
        //Something like that from your form
        //$username_for_check = $_POST['access_login']; 
        //$password_for_check = $_POST['access_password']; 
    //connect to db
        $mysqli = new mysqli($dbhostname,$dbusername,$dbpassword,$dbdatabase);
        if ($result = $mysqli->query('SELECT j.username,j.password FROM '.$dbprefix.'users j WHERE j.username="'.$username_for_check.'" LIMIT 1;')) {
            if ($result->num_rows == 0){
                echo 'Username does not exist.';
            }
            else{
                while ($row = $result->fetch_object()) {
                    //Grab username and password from table #__users
                    $joomla_user = $row->username;
                    $joomla_pass = $row->password;
                }
                if(password_verify($password_for_check , $joomla_pass)){ 
                    echo 'Username and password combination validated.';
                }
                else{
                    echo 'Invalid password for username.';
                }
            }
        } 
        else {
          echo 'LOGIN VALIDATION: MySQL Error - '.$mysqli->error;
        }
        //close db
        $mysqli->close();
    ?>
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥200 求能开发抖音自动回复卡片的软件
  • ¥15 关于freesurfer使用freeview可视化的问题
  • ¥100 谁能在荣耀自带系统MagicOS版本下,隐藏手机桌面图标?
  • ¥15 求SC-LIWC词典!
  • ¥20 有关esp8266连接阿里云
  • ¥15 C# 调用Bartender打印机打印
  • ¥15 我这个代码哪里有问题 acm 平台上显示错误 90%,我自己运行好像没什么问题
  • ¥50 C#编程中使用printDocument类实现文字排版打印问题
  • ¥15 找会编程的帅哥美女 可以用MATLAB里面的simulink编程,用Keil5编也可以。
  • ¥15 已知隐函数其中一个变量τ的具体值,求另一个变量