我的第一个问题是:如何以编程方式为Joomla 3.2.1注册用户 在以前版本的Joomla MD5中使用加密:
$username="John";
$password="pass";
$password=md5($password);
$ukaz="INSERT INTO joomla_users (username,password,email) VALUES ('".$username."','".$password."','".$email."')";
mysqli_query($con,$ukaz);
但是在joomla 3.2.1中使用了bcrypt加密,它也使用“salt”,每次都会改变。这是我不明白的事情。
为了检查以前版本的joomla中的用户凭据,我会使用:
$username="John";
$password="pass";
$password=md5($password);
$result = mysqli_query($con,"SELECT * FROM joomla_users WHERE username LIKE '".$username."' AND password LIKE '".$password."'");
$output;
$suma = $result->num_rows;
if($suma==0)
{
$result2 = mysqli_query($con,"SELECT * FROM joomla_users WHERE username LIKE '".$username."'");
$suma2 = $result2->num_rows;
if($suma2==1)
{
$output="WRONG_PASSWORD";
}
else
{
$output="USER_DOES_NOT_EXISTS";
}
}
else
{
$output="OK";
}
请帮我解决这个问题。
答案 0 :(得分:2)
感谢各位的回答,我设法解决了这个问题。
但我还有一个问题:如何向用户发送激活电子邮件?
这是注册码:
<?php
define( '_JEXEC', 1 );
define('JPATH_BASE', "/home/gddregop/public_html" );//this is when we are in the root
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();
ini_set('default_charset', 'utf-8');
include('database_settings.php');
$username=$_POST["username"];
$password=$_POST["password"];
$email=$_POST["email"];
$salt = JUserHelper::genRandomPassword(32);
$crypt = md5($password.$salt);
$password = $crypt.':'.$salt;
$con=mysqli_connect("localhost",$username_baza_joomla,$password_baza_joomla,$database_baza_joomla);
mysqli_set_charset($con,"utf8");
$SQL1 = "SELECT * FROM joomla_users WHERE username LIKE ?";
if ($stmt = $con->prepare($SQL1)) {
$stmt->bind_param("s", $username);
$stmt->execute();
$stmt->store_result();
$vsota = $stmt->num_rows;
}
$vrnjeno;
if($vsota==0)
{
$SQL2 = "SELECT * FROM joomla_users WHERE email LIKE ?";
if ($stmt2 = $con->prepare($SQL2)) {
$stmt2->bind_param("s", $email);
$stmt2->execute();
$stmt2->store_result();
$vsota2 = $stmt2->num_rows;
}
if($vsota2==0)
{
$vrnjeno="OK";
}
else
{
$vrnjeno="EMAIL_EXISTS";
}
}
else
{
$vrnjeno="USERNAME_EXISTS";
}
echo $vrnjeno;
if($vrnjeno=="OK")
{
$data = array(
'name'=>'name',
'username'=>$username,
'password'=>$password,
'email'=>$email,
'sendEmail'=>1,
"groups"=>array("2"),
'block'=>1,);
$user = new JUser;
try{
$user->bind($data);
$user->save();
}catch(Exception $e){
var_dump($e->getMessage());
}
}
mysqli_close($con);
?>
这是登录代码(检查用户凭据):
<?php
define( '_JEXEC', 1 );
define('JPATH_BASE', "/home/grdddegap/public_html" );//this is when we are not in the root
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();
$username=$_POST["username"];
$password=$_POST["password"];
ini_set('default_charset', 'utf-8');
include('nastavitve.php');
if (!empty($username))
{
$con=mysqli_connect("localhost",$username_baza_joomla,$password_baza_joomla,$database_baza_joomla);
mysqli_set_charset($con,"utf8");
$SQL = "SELECT name,email,password,block FROM joomla_users WHERE username LIKE ?";
if ($stmt = $con->prepare($SQL)) {
$stmt->bind_param("s", $username);
$stmt->execute();
$stmt->store_result();
$vsota = $stmt->num_rows;
if($vsota==1)
{
$stmt->bind_result($name, $email, $password_baza,$block);
$stmt->fetch();
if((JUserHelper::verifyPassword($password, $password_baza, $user_id = 0)==1))
{
if($block==1)
{
$vrnjeno="EMAIL_VALIDATION";
}
else
{
$vrnjeno="OK";
}
}
else
{
$vrnjeno="WRONG_PASSWORD";
}
}
else
{
$vrnjeno="USER_DOES_NOT_EXISTS";
}
echo $vrnjeno;
}
else
{
echo "SQL INJECTION";
}
}
else
{
echo "STOP THIS YOU HECKER";
}
$mainframe->close();
mysqli_close($con);
?>
答案 1 :(得分:0)
试试这个:
$password = 'password';
$salt = JUserHelper::genRandomPassword(32);
$crypted = JUserHelper::getCryptedPassword($password, $salt);
$cpassword = $crypted.':'.$salt;
$data = array(
'name'=>'name',
'username'=>'username',
'password'=>$cpassword,
'email'=>'email@email.com',
'block'=>0,);
$user = new JUser;
try{
$user->bind($data);
$user->save();
}catch(Exception $e){
var_dump($e->getMessage());
}
答案 2 :(得分:0)
现在我再次阅读您的代码,我认为您的脚本与joomla框架无关。 如果是这种情况,你可以试试这个:
<?php
include 'libraries/phpass/PasswordHash.php';
$phpass = new PasswordHash(10, true);
$passwordHash = $phpass->HashPassword($password);
那应该给你一个哈希密码,但你需要访问joomla phpass lib。
此外,您正在做的事情让您对 SQL INJECTIONS 持开放态度。请尝试花时间阅读有关mysqli和准备好的陈述。此外,如果您需要验证用户登录,您需要使用该用户名查询用户,如果存在行,则获取它并使用此命令:
<?php
<?php
include 'libraries/phpass/PasswordHash.php';
$phpass = new PasswordHash(10, true);
if($phpass->VerifyPassword($userInputPassword, $hashFromDb)){
// Password ok
}else{
// Wrong password
}
答案 3 :(得分:0)
当你以编程方式表达时,你的意思是使用外部用户来源,或者你的意思是你想在用户注册自己的cms中这样做?问题是如果您不在当前会话中,JUser有很多依赖项。 您可以尝试我为批量导入编写的CLI应用程序YMMV。它并不像它可能的那样完美,但它确实有效。
https://github.com/elinw/AddUsersFromTable
我真的不建议直接搞乱加密。我在这里做的唯一问题是你需要提供明文密码,否则你需要让每个人都重置密码,否则你需要运行一个脚本来自动完成并发送重置电子邮件。
答案 4 :(得分:0)
在我的工作中,我们开发并且有时我们使用相同的用户(joomla one)来访问我们的系统。升级后,旧的验证系统无法运行,因此我们使用下面显示的checkpassword函数解决了此问题:
<?php
/* ==============================================================================
==== Fichero: mtote.php ==
==== Descripción: Ejemplo de como validar usuarios en instalaciones ==
==== de joomla 2.5.x (nuevo encriptado usando hash+md5 ==
==== Programado por: Ing. Marvin JOsué Aguilar Romero y ==
==== José Luis Rodríguez García ==
==== Fecha: Jueves 18 de Junio de 2014, 11:00 (GMT -6) ==
==== Contacto: drkmarvin@gmail.com, tote.ote@gmail.com ==
==== Informacíón adicional: fué necesario el presente código debido a ==
==== que en nuestro trabajo hay sistemas que usan las credenciales ==
==== de joomla para su acceso. ==
==============================================================================
*/
//Obtaining configuration info for database conection using config.php
//Obtenemos los datos de configfuración de php para la conexipón a la base de datos
require_once('./configuration.php');
//Pedimos el uso de la librería para encriptación
//ASk for use of crypt library
require_once('./libraries/phpass/PasswordHash.php');
$user1 = "usuario_a_verificar"; //The user who password wanna check
$jconf = new JConfig; //Instanciamos un objeto jconf / Initialize a jconf object
$conexion = @mysql_connect($jconf->host,$jconf->user,$jconf->password,false,0);
@mysql_select_db($jconf->db); //elegir base de datos /choose database
$sql = sprintf("SELECT * FROM %susers WHERE %susers.username='%s' LIMIT 1;",$jconf->dbprefix,$jconf->dbprefix, $user1); //Seleccionamos todos los usuarios de la tabla usuario
//selecting user from database
$request = @mysql_query($sql); //Ejecutamos las consultas previas /Execute the previous sql statments
//Si hemos encontrado coincidencia ingresamos al ciclo
//If we find a match we enter in this cycle
if (mysql_num_rows($request) == 1)
{
//obtenemos un arreglo con el usuario y sus datos
//Store the user info on an array
$user = array('User' => mysql_fetch_assoc($request));
//Obtenemos en una variable el password en la base de datos
//We store on a variable the hash password from database
$par = $user['User']['password'];
//ALmacenamos el password que queremos verificar si de verdad existe para el usuario
//NOw store on a variable the password that we wanna check for the user
$userInputPassword = 'password_que_Creemos_pertenece_al_usuario';
//Instanciar el objeto phpass
//Initialice an ohoass object
$phpass = new PasswordHash(32, true);
//LLamamos a la función checkpassword que recibe por parametros la ocntarseña que queremos verificar seguida de la real (en la bd)
//Now we call the checkpassword function with two parameters 1. The password who we get and wanna verify and the hash password atcually stored on the database
if($phpass->CheckPassword($userInputPassword, $par)){echo "El usuario existe y es esa su contraseña// The user exists and that´s his password";}
else{ echo "El usuario existe pero la contraseña no es válida//the user exist but that isn´t his password"; }
}
?>