在这里使用来自simular问题的代码我试图将用户从游戏登录到Joomla。 我的问题是我没有得到正面的密码验证。
由于我很难将我原来的脚本转换为joomla 3.2以前给出类似问题的解决方案,所以我制作了这个测试脚本。
我使用密码'test'创建了名为'test'的用户,并将加密的pw从phpMyAmdin复制到脚本中。 根据我在Joomla和本网站上可以找到的所有信息,我的密码验证应该是成功的,但它失败了。 我错过了什么或这里发生了什么?
<?php
define( '_JEXEC', 1 );
define('JPATH_BASE', "../public_html" );
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( "instellingen.php" );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();
// created a test username with test as password in joomla
$username = "test";
$password = "test";
$dbPW = "$P$DxdrgIwlYqFE23mQjYvgvTNO3zoVN40"; // copied from phpMyAdmin
$id = JUserHelper::getUserId($username);
echo "$id"; //<-- matches value shown in phpMyAdmin
if(JUserHelper::verifyPassword($password, $dbPW, $id))
{
echo "succesfull Login!";
}
else
{
echo "failed Login!";
}
?>
答案 0 :(得分:4)
有些general PHP knowledge about strings variables and quotes并且development system properly configured当然可以帮助您克服这类问题。
我希望你现在发现了你的错误。
以下是适合您的解决方案:
<?php
/**
* Joomla! External authentication script
*
* @author vdespa
* Version 1.0
*
* Code adapted from /index.php
*
* @package Joomla.Site
*
* @copyright Copyright (C) 2005 - 2014 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
if (version_compare(PHP_VERSION, '5.3.1', '<'))
{
die('Your host needs to use PHP 5.3.1 or higher to run this version of Joomla!');
}
/**
* Constant that is checked in included files to prevent direct access.
* define() is used in the installation folder rather than "const" to not error for PHP 5.2 and lower
*/
define('_JEXEC', 1);
if (file_exists(__DIR__ . '/defines.php'))
{
include_once __DIR__ . '/defines.php';
}
if (!defined('_JDEFINES'))
{
define('JPATH_BASE', __DIR__);
require_once JPATH_BASE . '/includes/defines.php';
}
require_once JPATH_BASE . '/includes/framework.php';
// Instantiate the application.
$app = JFactory::getApplication('site');
// JFactory
require_once (JPATH_BASE .'/libraries/joomla/factory.php');
// Hardcoded for now
$credentials['username'] = 'admin';
$credentials['password'] = 'admin';
/**
* Code adapted from plugins/authentication/joomla/joomla.php
*
* @package Joomla.Plugin
* @subpackage Authentication.joomla
*
* @copyright Copyright (C) 2005 - 2014 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
// Get a database object
$db = JFactory::getDbo();
$query = $db->getQuery(true)
->select('id, password')
->from('#__users')
->where('username=' . $db->quote($credentials['username']));
$db->setQuery($query);
$result = $db->loadObject();
if ($result)
{
$match = JUserHelper::verifyPassword($credentials['password'], $result->password, $result->id);
if ($match === true)
{
// Bring this in line with the rest of the system
$user = JUser::getInstance($result->id);
var_dump($user);
echo 'Joomla! Authentication was successful!';
}
else
{
// Invalid password
// Prmitive error handling
die('Invalid password');
}
} else {
// Invalid user
// Prmitive error handling
die('Cound not find user in the database');
}
答案 1 :(得分:1)
如果这对您有帮助,我认为Joomla
有一个加密算法,其工作原理如下:
您创建了一个用户$user
您为其指定了密码$password
的Joomla!创建一个从A到Z a到z和0到9的32个字符的伪随机数组,并调用此数组$salt
的Joomla!创建另一个名为$hash
的变量,将变量用户与salt连接起来,从所有变量中获取md5,如下所示...... $hash = md5($user.$salt)
的Joomla!保存一个密码,这个密码再次是哈希的串联,然后是2点,然后是盐,这种格式.... $hash.":".$salt
这就是为什么当您检查数据库时,您的密码如下所示:
3977807f631949e190966ae148a073ee:8z2Geal1qzizkhSTN6hP4fMrnnRxXbrj
我尝试将我的Joomla网站与我的php网站连接,所以我尝试进入Joomla! db,但拆分变量使其工作,我会为任何想要它的人发布代码......
注意:login.php
文件仅对joomla的db中已存在的密码进行比较,并且不加密,我将尝试使用明天的附加文件编辑此注释因为我必须去,我也将翻译西班牙语部分,对不起我来自墨西哥xD
conectar();
$myusername=$_POST['username'];
$mypassword=$_POST['password'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($contrasena);
if (isset($_POST['username']))
{
$pass="SELECT * FROM users WHERE username='$myusername'";
$result=mysql_query($pass);
$count=mysql_num_rows($result);
$row=mysql_fetch_array($result);
$pass=$row["password"];
list($hash,$salt) = explode(":",$pass); //split the bd password
$cripto = md5($mypassword.$salt); //md5 into pass+salt
if (($hash==$cripto) && ($count==1))
{
echo "true";
session_start();
$_SESSION['idUsuario'] = $row['idUser'];
$_SESSION['username'] = $myusername;
$_SESSION['password'] = $pass;
$_SESSION['rolUser'] = $row['rol'];
//header("location:login_success.php");
}
else
{
echo "false";
}
}
else
{
echo "false";
}
desconectar();
?>
此外,我还会向您显示我的conectar()
代码,该代码仅执行与db的连接
<?php
function conectar(){
$db_host="localhost";
$db_usuario="root";
$db_password="";
$db_nombre="joomla";
$conexion = @mysql_connect($db_host, $db_usuario, $db_password) or die(mysql_error());
if (!$conexion) {
die('Error in connection: ' . mysql_error());
}
else{
//echo "<div class='success'> Conectado satisfactoriamente </div>";
$db = @mysql_select_db($db_nombre, $conexion) or die(mysql_error());
}
}
function desconectar()
{
@mysql_close($conexion);
}
?>
最后,管子,它将是这样的:
<?php
function pseudoRandom($values)
{
$values = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890";
$chainNumber=$values;
$originalPassword = "";
for($i=0;$i<$chainNumber;$i++)
{
$originalPassword .= substr($values,rand(0,strlen($values)),1);
}
return $originalPassword;
}
$originalPassword = ’caca’;
$salt=pseudoRandom(32);
$hash=md5($cadena.$salt);
$finalPassword=$hash.”:”.$salt;
?>
答案 2 :(得分:0)
在libraries / joomla / crypt / password / simple.php
中使用此JCryptPasswordSimple->verify($postpassword,$dbpasswordhash)
答案 3 :(得分:0)
对于更新版本的joomla(3.x),您可以使用以下代码段
jimport('joomla.user.helper');
// Hardcoded for now
$credentials['username'] = 'admin';
$credentials['password'] = 'admin';
//create a new password or load it from the database using the user, you might need to change the encryption method
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword($credentials['password'] , $salt, 'md5-hex');
$password = $crypt.':'.$salt;
$match = JUserHelper::verifyPassword($credentials['password'], $password);
if ($match === true){
echo 'Joomla! Authentication was successful!';
}else{
// Invalid password
// Prmitive error handling
die('Invalid password');
}
答案 4 :(得分:0)
我做了一个来自Joomla外面的登录页面,(我使用的是Joomla 2.5,如果你使用的是更高版本,你可以把它作为参考)
<?php
//this xxx.php is outside of Joomla root
//and Joomla root is in ./login folder
define( '_JEXEC', 1 );
define( 'JPATH_BASE', './login' );
// Required Files
require_once (JPATH_BASE . '/includes/defines.php');
require_once (JPATH_BASE . '/includes/framework.php');
// To use Joomla's Database Class
require_once (JPATH_BASE .'/libraries/joomla/factory.php');
/********* POST login data from some where *********/
if(isset($_POST['uname']) && isset($_POST['psw'])) {
$credentials['username'] = trim($_POST['uname']);
$credentials['password'] = trim($_POST['psw']);
if(class_exists(JFactory)) {
$app = JFactory::getApplication('site');
// Get a database object
$db = JFactory::getDbo();
$query = $db->getQuery(true);
$query->select('id, password');
$query->from('#__users');
$query->where('username=' . $db->quote($credentials['username']));
$db->setQuery($query);
$result = $db->loadObject();
if ($result)
{
$match = JUserHelper::verifyPassword($credentials['password'], $result->password, $result->id);
if ($match === true)
{
$user = JUser::getInstance($result->id); // Bring this in line with the rest of the system
$app->login($credentials);
echo ("This user is logged in and Joomla also logged in! ");
}
else
{
echo ("User name and password not match! ");
}
}
else
{
echo ("THE USER IS NOT REGISTERED! ");
}
}
}
?>