我正在为joomla开发一个插件!但考虑到脚本的复杂性,我是从核心结构中设计出来的。
现在我遇到的唯一问题是让用户只需要作为管理员登录一次,并且只有在他们有权限的情况下才能使用错误放置的插件文件夹。
我的插件位于:(路径[dot] com / test)文件夹一切正常,但公众可以使用。
到目前为止,我已尝试从(test / index.php)这段代码:
// Load Joomla! configuration file
require_once('../configuration.php');
// Create a JConfig object
$config = new JConfig();
//import variables
$dbhostname = $config->host;
$dbusername = $config->user;
$dbpassword = $config->password;
$dbdatabase = $config->db;
$dbprefix = $config->dbprefix;
$secret = $config->secret;
// Get these from your form...
$username_for_check = 'admin'; // this username should be in your database = change it
$password_for_check = 'passw'; //this password should be in your database encrypted = change it
//connect to db
$mysqli = new mysqli($dbhostname,$dbusername,$dbpassword,$dbdatabase);
if ($result = $mysqli->query('SELECT j.username,j.password FROM '.$dbprefix.'users j WHERE j.username="'.$username_for_check.'" LIMIT 1;')) {
if ($result->num_rows == 0){
echo 'Username does not exist.';
}
else{
while ($row = $result->fetch_object()) {
//Grab username and password from table #__users
$joomla_user = $row->username;
$joomla_pass = $row->password;
$pass_array = explode(':',$row->password);// <== Here not sure!!
//but it should be the magic behind it.. for me doesn't work in joomla 3.5 and above apparently as encryption method changed
//my password does not have a colon in between
//\\===\ Those are just echos to visually check if the password was matched /==//\\
echo '[USER:] '.$joomla_user.'<br>';
echo '[PASS:] '.$joomla_pass.'<br>';
echo '[HASH:] '.$joomla_hash = $pass_array[0].'<br>';
echo '[SALT:] '.$joomla_salt = $pass_array[1].'<br>';
echo '[SECRET:] '.$secret.'<br>'; //secret maybe of help, just put it ready for testing
echo '[CHECK:] '.md5($password_for_check.$joomla_salt).'<br>';
//=======================================================================//
}
if($joomla_hash == md5($password_for_check.$joomla_salt)){ //Old approch for validating according to various prehistoric posts
echo 'Username and password combination validated.';
}
else{
echo 'Invalid password for username.';
}
}
}
else {
echo 'LOGIN VALIDATION: MySQL Error - '.$mysqli->error;
}
//close db
$mysqli->close();
在继续之前尝试返回匹配并验证注册用户。
我希望有人在3.5及以上版本上有解决方案。
提前致谢
答案 0 :(得分:0)
找到最好的方法就是希望它可以帮到某人:
<?php
// Load Joomla! configuration file
require_once('../configuration.php');
// Create a JConfig object
$config = new JConfig();
//import variables
$dbhostname = $config->host;
$dbusername = $config->user;
$dbpassword = $config->password;
$dbdatabase = $config->db;
$dbprefix = $config->dbprefix;
// Get these from your form...
$username_for_check = 'admin'; // this username should be in your database = change it
$password_for_check = '1234'; //this password should be in your database encrypted = change it
//Something like that from your form
//$username_for_check = $_POST['access_login'];
//$password_for_check = $_POST['access_password'];
//connect to db
$mysqli = new mysqli($dbhostname,$dbusername,$dbpassword,$dbdatabase);
if ($result = $mysqli->query('SELECT j.username,j.password FROM '.$dbprefix.'users j WHERE j.username="'.$username_for_check.'" LIMIT 1;')) {
if ($result->num_rows == 0){
echo 'Username does not exist.';
}
else{
while ($row = $result->fetch_object()) {
//Grab username and password from table #__users
$joomla_user = $row->username;
$joomla_pass = $row->password;
}
if(password_verify($password_for_check , $joomla_pass)){
echo 'Username and password combination validated.';
}
else{
echo 'Invalid password for username.';
}
}
}
else {
echo 'LOGIN VALIDATION: MySQL Error - '.$mysqli->error;
}
//close db
$mysqli->close();
?>