I am developing a plug-in for joomla! but considering the complexity of the script I designed it out of the core structure.
Now the only problem I am having is to let users login just once as administrators and following my plug-in folder, which is misplaced, only if they have permission.
my plug-in is in:( path[dot]com/test) folder everything works fine in there but is available to the public.
So far i have tried from the (test/index.php) this code :
// Load Joomla! configuration file
require_once('../configuration.php');
// Create a JConfig object
$config = new JConfig();
//import variables
$dbhostname = $config->host;
$dbusername = $config->user;
$dbpassword = $config->password;
$dbdatabase = $config->db;
$dbprefix = $config->dbprefix;
$secret = $config->secret;
// Get these from your form...
$username_for_check = 'admin'; // this username should be in your database = change it
$password_for_check = 'passw'; //this password should be in your database encrypted = change it
//connect to db
$mysqli = new mysqli($dbhostname,$dbusername,$dbpassword,$dbdatabase);
if ($result = $mysqli->query('SELECT j.username,j.password FROM '.$dbprefix.'users j WHERE j.username="'.$username_for_check.'" LIMIT 1;')) {
if ($result->num_rows == 0){
echo 'Username does not exist.';
}
else{
while ($row = $result->fetch_object()) {
//Grab username and password from table #__users
$joomla_user = $row->username;
$joomla_pass = $row->password;
$pass_array = explode(':',$row->password);// <== Here not sure!!
//but it should be the magic behind it.. for me doesn't work in joomla 3.5 and above apparently as encryption method changed
//my password does not have a colon in between
//\\===\ Those are just echos to visually check if the password was matched /==//\\
echo '[USER:] '.$joomla_user.'<br>';
echo '[PASS:] '.$joomla_pass.'<br>';
echo '[HASH:] '.$joomla_hash = $pass_array[0].'<br>';
echo '[SALT:] '.$joomla_salt = $pass_array[1].'<br>';
echo '[SECRET:] '.$secret.'<br>'; //secret maybe of help, just put it ready for testing
echo '[CHECK:] '.md5($password_for_check.$joomla_salt).'<br>';
//=======================================================================//
}
if($joomla_hash == md5($password_for_check.$joomla_salt)){ //Old approch for validating according to various prehistoric posts
echo 'Username and password combination validated.';
}
else{
echo 'Invalid password for username.';
}
}
}
else {
echo 'LOGIN VALIDATION: MySQL Error - '.$mysqli->error;
}
//close db
$mysqli->close();
Trying to return a match and verify registered users before continuing.
I hope someone have a solution for this on 3.5 and above.
thanks in advance