我发现这个非常有用的脚本来检查Joomla中的身份验证。
Joomla 3 External authentication script
<?php
/**
* Joomla! External authentication script
*
* @author vdespa
* Version 1.0
*
* Code adapted from /index.php
*
* @package Joomla.Site
*
* @copyright Copyright (C) 2005 - 2014 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
if (version_compare(PHP_VERSION, '5.3.1', '<'))
{
die('Your host needs to use PHP 5.3.1 or higher to run this version of Joomla!');
}
/**
* Constant that is checked in included files to prevent direct access.
* define() is used in the installation folder rather than "const" to not error for PHP 5.2 and lower
*/
define('_JEXEC', 1);
if (file_exists(__DIR__ . '/defines.php'))
{
include_once __DIR__ . '/defines.php';
}
if (!defined('_JDEFINES'))
{
define('JPATH_BASE', __DIR__);
require_once JPATH_BASE . '/includes/defines.php';
}
require_once JPATH_BASE . '/includes/framework.php';
// Instantiate the application.
$app = JFactory::getApplication('site');
// JFactory
require_once (JPATH_BASE .'/libraries/joomla/factory.php');
// Hardcoded for now
$credentials['username'] = 'adam';
$credentials['password'] = 'adam';
/**
* Code adapted from plugins/authentication/joomla/joomla.php
*
* @package Joomla.Plugin
* @subpackage Authentication.joomla
*
* @copyright Copyright (C) 2005 - 2014 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
// Get a database object
$db = JFactory::getDbo();
$query = $db->getQuery(true)
->select('id, password')
->from('#__users')
->where('username=' . $db->quote($credentials['username']));
$db->setQuery($query);
$result = $db->loadObject();
if ($result)
{
$match = JUserHelper::verifyPassword($credentials['password'], $result->password, $result->id);
if ($match === true)
{
// Bring this in line with the rest of the system
$user = JUser::getInstance($result->id);
echo 'Joomla! Authentication was successful!';
}
else
{
// Invalid password
// Prmitive error handling
die('Invalid password');
}
} else {
// Invalid user
// Prmitive error handling
die('Cound not find user in the database');
}
?>
我想使用它来将我的joomla网站(domain_name / index.php)上的用户身份验证转换为我正在编码的PHP应用程序(domain_name / app / index.php) 它工作得很好,但是编码部分是一个问题,我不知道如何根据用户动态获取这些变量:
// Hardcoded for now
$credentials['username'] = 'adam';
$credentials['password'] = 'adam';
有没有人有关于如何做到这一点的提示或解决方案? 提前谢谢!
答案 0 :(得分:1)
有很多方法可以做到这一点! :-)
例如,您可以使用此代码创建class,并使用方法使用硬编码用户信息的参数调用它。
但我认为有更好的方法可以做到这一点。你不需要加载整个Joomla!用于验证用户名和密码的框架。的Joomla!使用默认的PHP函数password_hash和password_verify。你能做的是:
$_POST左右SELECT username, password FROM #__users WHERE username = '...' password_verify($_POST['password'], $data['password'])。如果正确,则用户登录成功,否则返回消息。有关更多信息,请参阅:
您可能想要问自己的另一件事是:我真的需要一个使用与Joomla!相同凭据的独立应用程序。如果应用程序是您可以集成在Joomla中的东西!您也可以创建自己的组件。在某些情况下,这样做会更好。
编辑:我忘记了一个重要的注意事项。这仅在使用passsword_hash生成密码时才有效。因此,如果网站由于旧的PHP版本(更新你的东西!!!)而无法使用它,则使用md5和salt作为后备。在这种情况下,password_verify无法工作。
答案 1 :(得分:1)
最后,我可以得到我想要的东西。 我保留了剧本的前半部分:
<?php
/**
* Joomla! External authentication script
*
* @author vdespa
* Version 1.0
*
* Code adapted from /index.php
*
* @package Joomla.Site
*
* @copyright Copyright (C) 2005 - 2014 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
if (version_compare(PHP_VERSION, '5.3.1', '<'))
{
die('Your host needs to use PHP 5.3.1 or higher to run this version of Joomla!');
}
/**
* Constant that is checked in included files to prevent direct access.
* define() is used in the installation folder rather than "const" to not error for PHP 5.2 and lower
*/
define('_JEXEC', 1);
if (file_exists(__DIR__ . '/defines.php'))
{
include_once __DIR__ . '/defines.php';
}
if (!defined('_JDEFINES'))
{
define('JPATH_BASE', __DIR__);
require_once JPATH_BASE . '/includes/defines.php';
}
require_once JPATH_BASE . '/includes/framework.php';
// Instantiate the application.
$app = JFactory::getApplication('site');
?>
并在我的应用中恢复用户ID JFactory::getUser()->id。然后我只需要从这个ID $_userID = JFactory::getUser()->id创建我的变量。