1. 技术文章
  2. How to log into joomla through an external script?

How to log into joomla through an external script?

霸气de小男生 提交于 2019-11-26 19:55:13

问题


We have a standalone script on our site that sits adjacent to a Joomla 1.5 installation. We are using Joomla authentication to restrict access to our script. At this point we are redirecting any unauthorized users to the Joomla site to log in. We want to add a login capability within our script, though. Does anyone know how to log into joomla from an external script using a username/password? Thanks!


回答1:


<?php
//http://domain.com/script/script.php?username=username&passwd=password

define( '_JEXEC', 1 );
define('JPATH_BASE', '../' );
define( 'DS', DIRECTORY_SEPARATOR );
require_once('../configuration.php');
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
require_once ( JPATH_BASE .DS.'libraries'.DS.'joomla'.DS.'factory.php' );

/* Create the Application */
$mainframe =& JFactory::getApplication('site');
jimport('joomla.plugin.helper');

$credentials = array();
$credentials['username'] = JRequest::getVar('username', '', 'method', 'username');
$credentials['password'] = JRequest::getVar('passwd', '', 'method', 'passwd');

//perform the login action
$error = $mainframe->login($credentials);
$user = JFactory::getUser();
//now you are logged in

$mainframe->logout();
//now you are logged out



回答2:


For Joomla 3.x below is more clean and helpful. Below codes will does verify hard-coded username and password. If user is existing, it will be redirected to the index.php page.

<?php
/**
 * Joomla! External authentication script
 *
 * @author vdespa
 * Version 1.0
 *
 * Code adapted from /index.php
 *
 * @package    Joomla.Site
 *
 * @copyright  Copyright (C) 2005 - 2014 Open Source Matters, Inc. All rights reserved.
 * @license    GNU General Public License version 2 or later; see LICENSE.txt
 */

if (version_compare(PHP_VERSION, '5.3.1', '<'))
{
    die('Your host needs to use PHP 5.3.1 or higher to run this version of Joomla!');
}

/**
 * Constant that is checked in included files to prevent direct access.
 * define() is used in the installation folder rather than "const" to not error for PHP 5.2 and lower
 */
define('_JEXEC', 1);

if (file_exists(__DIR__ . '/defines.php'))
{
    include_once __DIR__ . '/defines.php';
}

if (!defined('_JDEFINES'))
{
    define('JPATH_BASE', __DIR__);
    require_once JPATH_BASE . '/includes/defines.php';
}

require_once JPATH_BASE . '/includes/framework.php';

// Instantiate the application.
$app = JFactory::getApplication('site');
jimport('joomla.plugin.helper');

// JFactory
require_once (JPATH_BASE .'/libraries/joomla/factory.php');


// Hardcoded for now
$credentials['username'] = 'admin';
$credentials['password'] = 'admin';


// Get a database object
$db    = JFactory::getDbo();
$query = $db->getQuery(true)
    ->select('id, password')
    ->from('#__users')
    ->where('username=' . $db->quote($credentials['username']));

$db->setQuery($query);
$result = $db->loadObject();

if ($result)
{
    $match = JUserHelper::verifyPassword($credentials['password'], $result->password, $result->id);

    if ($match === true)
    {
        // Bring this in line with the rest of the system
        $user = JUser::getInstance($result->id);

        echo 'Joomla! Authentication was successful!' . '<br>';
        echo 'Joomla! Token is:' . JHTML::_( 'form.token' );

    //perform the login action
    $error = $app->login($credentials);
    $logged_user = JFactory::getUser();
    var_dump($logged_user );
    //redirect logged in user
    $app->redirect('index.php');
    }
    else
    {
        // Invalid password
        // Prmitive error handling
        echo 'Joomla! Token is:' . JHTML::_( 'form.token' ) . '<br>';
        die('Invalid password');
    }
} else {
    // Invalid user
    // Prmitive error handling
    die('Cound not find user in the database');
}



回答3:


I would suggest one of the following solutions:

  • Write a login plugin specific to your script.
  • Using CURL in your script to do a POST-Request on the normal login form (CURL can cope cookies, too.)
  • (Simplest): Do not authenticate by Joomla!, but by .htaccess.



回答4:


I have done this and its working just fine. Assuming your custom login script is login.php

-Go to Joomla installation directory
-Copy PasswordHash.php from this directory /root/libraries/phpass/ to your external script's folder 
-Include the PasswordHash.php in login.php 
-Create an instance of PasswordHash like this:

Here is the php code snippet

$phpass = new PasswordHash(10, true);
$password= "unhashed user password";
$db_password = 'Your hashed password in the database'; 
$ok= $phpass->CheckPassword( $password, $db_password );

?>

And there you are --- check password will return true if the two passwords match. NB: You need to write a query to automatically check from the database.



来源:https://stackoverflow.com/questions/2075335/how-to-log-into-joomla-through-an-external-script

标签
php
Joomla
joomla1.5
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!