我想存储和检查用户登录的密码哈希并注册与joomla(2.5)相同,
这里的例子:
目前我将此代码作为登录信息:
<?php
$page_title = 'Login';
include ('template/header.php');
require_once ('inc/db.php');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Validate the email address:
if (!empty($_POST['email'])) {
$e = mysqli_real_escape_string ($dbc, $_POST['email']);
} else {
$e = FALSE;
echo '<div class="alert alert-danger" id="alerta1">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>No ingresaste tu email</p></center>
</div>';
}
// Validate the password:
if (!empty($_POST['password'])) {
$p = mysqli_real_escape_string ($dbc, $_POST['password']);
} else {
$p = FALSE;
echo '<div class="alert alert-danger" id="alerta2">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>No ingresaste tu contraseña</p></center>
</div>';
}
if ($e && $p) { // If everything's OK.
// Query the database:
$q = "SELECT user_id, nombre, user_level FROM users WHERE (email='$e' AND password=md5('$p')) AND active = 1";
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
if (@mysqli_num_rows($r) == 1) { // A match was made.
// Register the values:
$_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC);
mysqli_free_result($r);
mysqli_close($dbc);
// Redirect the user:
//$url = BASE_URL . 'index.php'; // Define the URL.
ob_end_clean(); // Delete the buffer.
header("Location: ads.php?welcome");
exit();
} else { // No match was made.
echo '<div class="alert alert-danger" id="alerta3">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>Tu email y contraseña no figuran en sistema o tu cuenta aun no esta activada</p></center>
</div>';
}
} else { // If everything wasn't OK.
echo '<div class="alert alert-danger" id="alerta4">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>Por favor intentalo nuevamente</p></center>
</div>';
}
mysqli_close($dbc);
}
并注册:
if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form.
// Need the database connection:
require ('inc/db.php');
// Trim all the incoming data:
$trimmed = array_map('trim', $_POST);
// Assume invalid values:
$no = $ap = $e = $p = FALSE;
// Check for a first name:
if (preg_match ('/^[A-Z \'.-]{2,20}$/i', $trimmed['nombre'])) {
$no = mysqli_real_escape_string ($dbc, $trimmed['nombre']);
} else {
echo '<div class="alert alert-danger" id="alerta1">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>Por favor, ingresa tu nombre</p></center>
</div>';
}
// Check for a last name:
if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $trimmed['apellido'])) {
$ap = mysqli_real_escape_string ($dbc, $trimmed['apellido']);
} else {
echo '<div class="alert alert-danger" id="alerta2">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>Por favor, ingresa tu apellido</p></center>
</div>';
}
// Check for an email address:
if (filter_var($trimmed['email'], FILTER_VALIDATE_EMAIL)) {
$e = mysqli_real_escape_string ($dbc, $trimmed['email']);
} else {
echo '<div class="alert alert-danger" id="alerta3">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>Por favor, ingresa una direccion valida de email</p></center>
</div>';
}
// Check for a password and match against the confirmed password:
if (preg_match ('/^\w{4,20}$/', $trimmed['pass1']) ) {
if ($trimmed['pass1'] == $trimmed['pass2']) {
$p = mysqli_real_escape_string ($dbc, $trimmed['pass1']);
} else {
echo '<div class="alert alert-danger" id="alerta4">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>Las contraseñas no coinciden</p></center>
</div>';
}
} else {
echo '<div class="alert alert-danger" id="alerta5">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>Ingresar contraseña válida</p></center>
</div>';
}
if ($no && $ap && $e && $p) { // If everything's OK...
// Make sure the email address is available:
$q = "SELECT user_id FROM users WHERE email='$e'";
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
if (mysqli_num_rows($r) == 0) { // Available.
// Create the activation code:
$a = md5(uniqid(rand(), true));
// Add the user to the database:
$q = "INSERT INTO users (email, password, nombre, apellido, active, fecha_registro) VALUES ('$e', md5('$p'), '$no', '$ap', '$a', NOW() )";
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.
// Send the email:
include ('template/mail_registro.php');
// Finish the page:
header("Location: registro_ok.php");
exit(); // Quit the script.
} else { // If it did not run OK.
echo '<div class="alert alert-danger" id="alerta6">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>No has podido registrarte debido a un error en nuestro sistema. En breve lo solucionaremos</p></center>
</div>';
}
} else { // The email address is not available.
echo '<div class="alert alert-danger" id="alerta7">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>La direccion de email ya se encuentra registrada. Olvidaste tu contraseña?</p></center>
</div>';
}
} else { // If one of the data tests failed.
echo '<div class="alert alert-danger" id="alerta8">
<button type="button" class="close" data-dismiss="alert">×</button>
<center><p>Intentalo nuevamente</p></center>
</div>';
}
mysqli_close($dbc);
} // End of the main Submit conditional.
答案 0 :(得分:0)
您必须使用JUser Class和JUserHelper。 在JUserHelper中,您可以找到类似
的方法hashPassword(string $ password) - &gt;使用当前加密来哈希密码。
verifyPassword(string $ password,string $ hash,integer $ user_id) - &gt;使用当前加密格式化密码。
getCryptedPassword(string $ plaintext,string $ salt =&#39;&#39;,string $ encryption =&#39; md5-hex&#39;,boolean $ show_encrypt = false) - &gt;使用当前加密格式化密码。
要创建一个新用户,我可以这样做:
$user = new JUser();
# create a new random password
$pass = 'your_password';
$data = array(
'name' => 'name',
'email' => 'email',
'groups' => ['group1'],
'username' => 'username',
'password' => $pass,
'password2' => $pass )
if (!$user->bind($data)) {
$msg = "Error ...";
$msg .= $user->getError();
}
# Store the data.
// $user->save();
if (!$user->save()) {
$msg = "Erorr saving user";
$msg .= $user->getError();
}
检查joomla文档以获取详细信息 http://doc.joomladev.eu/api25/Joomla-Platform/User/JUser.html