How to log into joomla through an external script?

南笙酒味 提交于 2019-11-27 19:31:41
<?php
//http://domain.com/script/script.php?username=username&passwd=password

define( '_JEXEC', 1 );
define('JPATH_BASE', '../' );
define( 'DS', DIRECTORY_SEPARATOR );
require_once('../configuration.php');
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
require_once ( JPATH_BASE .DS.'libraries'.DS.'joomla'.DS.'factory.php' );

/* Create the Application */
$mainframe =& JFactory::getApplication('site');
jimport('joomla.plugin.helper');

$credentials = array();
$credentials['username'] = JRequest::getVar('username', '', 'method', 'username');
$credentials['password'] = JRequest::getVar('passwd', '', 'method', 'passwd');

//perform the login action
$error = $mainframe->login($credentials);
$user = JFactory::getUser();
//now you are logged in

$mainframe->logout();
//now you are logged out

For Joomla 3.x below is more clean and helpful. Below codes will does verify hard-coded username and password. If user is existing, it will be redirected to the index.php page.

<?php
/**
 * Joomla! External authentication script
 *
 * @author vdespa
 * Version 1.0
 *
 * Code adapted from /index.php
 *
 * @package    Joomla.Site
 *
 * @copyright  Copyright (C) 2005 - 2014 Open Source Matters, Inc. All rights reserved.
 * @license    GNU General Public License version 2 or later; see LICENSE.txt
 */

if (version_compare(PHP_VERSION, '5.3.1', '<'))
{
    die('Your host needs to use PHP 5.3.1 or higher to run this version of Joomla!');
}

/**
 * Constant that is checked in included files to prevent direct access.
 * define() is used in the installation folder rather than "const" to not error for PHP 5.2 and lower
 */
define('_JEXEC', 1);

if (file_exists(__DIR__ . '/defines.php'))
{
    include_once __DIR__ . '/defines.php';
}

if (!defined('_JDEFINES'))
{
    define('JPATH_BASE', __DIR__);
    require_once JPATH_BASE . '/includes/defines.php';
}

require_once JPATH_BASE . '/includes/framework.php';

// Instantiate the application.
$app = JFactory::getApplication('site');
jimport('joomla.plugin.helper');

// JFactory
require_once (JPATH_BASE .'/libraries/joomla/factory.php');


// Hardcoded for now
$credentials['username'] = 'admin';
$credentials['password'] = 'admin';


// Get a database object
$db    = JFactory::getDbo();
$query = $db->getQuery(true)
    ->select('id, password')
    ->from('#__users')
    ->where('username=' . $db->quote($credentials['username']));

$db->setQuery($query);
$result = $db->loadObject();

if ($result)
{
    $match = JUserHelper::verifyPassword($credentials['password'], $result->password, $result->id);

    if ($match === true)
    {
        // Bring this in line with the rest of the system
        $user = JUser::getInstance($result->id);

        echo 'Joomla! Authentication was successful!' . '<br>';
        echo 'Joomla! Token is:' . JHTML::_( 'form.token' );

    //perform the login action
    $error = $app->login($credentials);
    $logged_user = JFactory::getUser();
    var_dump($logged_user );
    //redirect logged in user
    $app->redirect('index.php');
    }
    else
    {
        // Invalid password
        // Prmitive error handling
        echo 'Joomla! Token is:' . JHTML::_( 'form.token' ) . '<br>';
        die('Invalid password');
    }
} else {
    // Invalid user
    // Prmitive error handling
    die('Cound not find user in the database');
}

I would suggest one of the following solutions:

  • Write a login plugin specific to your script.
  • Using CURL in your script to do a POST-Request on the normal login form (CURL can cope cookies, too.)
  • (Simplest): Do not authenticate by Joomla!, but by .htaccess.

I have done this and its working just fine. Assuming your custom login script is login.php

-Go to Joomla installation directory
-Copy PasswordHash.php from this directory /root/libraries/phpass/ to your external script's folder 
-Include the PasswordHash.php in login.php 
-Create an instance of PasswordHash like this:

Here is the php code snippet

$phpass = new PasswordHash(10, true);
$password= "unhashed user password";
$db_password = 'Your hashed password in the database'; 
$ok= $phpass->CheckPassword( $password, $db_password );

?>

And there you are --- check password will return true if the two passwords match. NB: You need to write a query to automatically check from the database.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!