用于注册Joomla 3.2.1用户并将其登录的PHP代码
我的第一个问题是:如何以编程方式为Joomla 3.2.1注册用户 在Joomla MD5的早期版本中,使用了加密:用于注册Joomla 3.2.1用户并将其登录的PHP代码,php,encryption,joomla,login,registration,Php,Encryption,Joomla,Login,Registration,我的第一个问题是:如何以编程方式为Joomla 3.2.1注册用户 在Joomla MD5的早期版本中,使用了加密: $username="John"; $password="pass"; $password=md5($password); $ukaz="INSERT INTO joomla_users (username,password,email) VALUES ('".$username."','".$password."','".$email."')"; mysqli_query($c
$username="John";
$password="pass";
$password=md5($password);
$ukaz="INSERT INTO joomla_users (username,password,email) VALUES ('".$username."','".$password."','".$email."')";
mysqli_query($con,$ukaz);
但是在joomla 3.2.1中使用了bcrypt加密,它也使用“salt”,每次都会更改。这是我不明白的事情
为了检查joomla以前版本中的用户凭据,我将使用:
$username="John";
$password="pass";
$password=md5($password);
$result = mysqli_query($con,"SELECT * FROM joomla_users WHERE username LIKE '".$username."' AND password LIKE '".$password."'");
$output;
$suma = $result->num_rows;
if($suma==0)
{
$result2 = mysqli_query($con,"SELECT * FROM joomla_users WHERE username LIKE '".$username."'");
$suma2 = $result2->num_rows;
if($suma2==1)
{
$output="WRONG_PASSWORD";
}
else
{
$output="USER_DOES_NOT_EXISTS";
}
}
else
{
$output="OK";
}
请帮我解决这个问题。试试这个:
$password = 'password';
$salt = JUserHelper::genRandomPassword(32);
$crypted = JUserHelper::getCryptedPassword($password, $salt);
$cpassword = $crypted.':'.$salt;
$data = array(
'name'=>'name',
'username'=>'username',
'password'=>$cpassword,
'email'=>'email@email.com',
'block'=>0,);
$user = new JUser;
try{
$user->bind($data);
$user->save();
}catch(Exception $e){
var_dump($e->getMessage());
}
试试这个:
$password = 'password';
$salt = JUserHelper::genRandomPassword(32);
$crypted = JUserHelper::getCryptedPassword($password, $salt);
$cpassword = $crypted.':'.$salt;
$data = array(
'name'=>'name',
'username'=>'username',
'password'=>$cpassword,
'email'=>'email@email.com',
'block'=>0,);
$user = new JUser;
try{
$user->bind($data);
$user->save();
}catch(Exception $e){
var_dump($e->getMessage());
}
现在我再次阅读了您的代码,我认为您的脚本没有与joomla框架连接。 如果是这种情况,您可以尝试以下方法:
<?php
include 'libraries/phpass/PasswordHash.php';
$phpass = new PasswordHash(10, true);
$passwordHash = $phpass->HashPassword($password);
现在我再次阅读了您的代码,我认为您的脚本没有与joomla框架连接。
如果是这种情况,您可以尝试以下方法:
<?php
include 'libraries/phpass/PasswordHash.php';
$phpass = new PasswordHash(10, true);
$passwordHash = $phpass->HashPassword($password);
当你说程序化时,你是指使用外部用户源,还是指你想在cms中使用用户注册?问题是,如果您不在当前会话中,JUser有很多依赖项。
您可以尝试我为批量导入编写的这个CLI应用程序,YMMV。虽然没有打磨得那么好,但效果很好
我真的不建议直接乱搞加密。我在这里所做的唯一问题是,你需要给它输入明文密码,或者你需要让每个人都重置密码,或者你需要运行一个脚本来自动重置密码并发送重置电子邮件。当你以编程方式说,你是指使用外部用户源,还是指你想在有用户自己注册的cms?问题是,如果您不在当前会话中,JUser有很多依赖项。
您可以尝试我为批量导入编写的这个CLI应用程序,YMMV。虽然没有打磨得那么好,但效果很好
我真的不建议直接乱搞加密。我在这里做的唯一问题是,你需要给它输入明文密码,或者你需要让每个人都重置密码,或者你需要运行一个脚本来自动重置密码并发送重置电子邮件。多亏了大家的回答,我设法解决了这个问题
但我还有一个问题:如何向用户发送激活电子邮件
这是注册码:
<?php
define( '_JEXEC', 1 );
define('JPATH_BASE', "/home/gddregop/public_html" );//this is when we are in the root
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();
ini_set('default_charset', 'utf-8');
include('database_settings.php');
$username=$_POST["username"];
$password=$_POST["password"];
$email=$_POST["email"];
$salt = JUserHelper::genRandomPassword(32);
$crypt = md5($password.$salt);
$password = $crypt.':'.$salt;
$con=mysqli_connect("localhost",$username_baza_joomla,$password_baza_joomla,$database_baza_joomla);
mysqli_set_charset($con,"utf8");
$SQL1 = "SELECT * FROM joomla_users WHERE username LIKE ?";
if ($stmt = $con->prepare($SQL1)) {
$stmt->bind_param("s", $username);
$stmt->execute();
$stmt->store_result();
$vsota = $stmt->num_rows;
}
$vrnjeno;
if($vsota==0)
{
$SQL2 = "SELECT * FROM joomla_users WHERE email LIKE ?";
if ($stmt2 = $con->prepare($SQL2)) {
$stmt2->bind_param("s", $email);
$stmt2->execute();
$stmt2->store_result();
$vsota2 = $stmt2->num_rows;
}
if($vsota2==0)
{
$vrnjeno="OK";
}
else
{
$vrnjeno="EMAIL_EXISTS";
}
}
else
{
$vrnjeno="USERNAME_EXISTS";
}
echo $vrnjeno;
if($vrnjeno=="OK")
{
$data = array(
'name'=>'name',
'username'=>$username,
'password'=>$password,
'email'=>$email,
'sendEmail'=>1,
"groups"=>array("2"),
'block'=>1,);
$user = new JUser;
try{
$user->bind($data);
$user->save();
}catch(Exception $e){
var_dump($e->getMessage());
}
}
mysqli_close($con);
?>
这是登录代码(检查用户凭据):
多亏了大家的回答,我终于解决了这个问题
但我还有一个问题:如何向用户发送激活电子邮件
这是注册码:
<?php
define( '_JEXEC', 1 );
define('JPATH_BASE', "/home/gddregop/public_html" );//this is when we are in the root
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();
ini_set('default_charset', 'utf-8');
include('database_settings.php');
$username=$_POST["username"];
$password=$_POST["password"];
$email=$_POST["email"];
$salt = JUserHelper::genRandomPassword(32);
$crypt = md5($password.$salt);
$password = $crypt.':'.$salt;
$con=mysqli_connect("localhost",$username_baza_joomla,$password_baza_joomla,$database_baza_joomla);
mysqli_set_charset($con,"utf8");
$SQL1 = "SELECT * FROM joomla_users WHERE username LIKE ?";
if ($stmt = $con->prepare($SQL1)) {
$stmt->bind_param("s", $username);
$stmt->execute();
$stmt->store_result();
$vsota = $stmt->num_rows;
}
$vrnjeno;
if($vsota==0)
{
$SQL2 = "SELECT * FROM joomla_users WHERE email LIKE ?";
if ($stmt2 = $con->prepare($SQL2)) {
$stmt2->bind_param("s", $email);
$stmt2->execute();
$stmt2->store_result();
$vsota2 = $stmt2->num_rows;
}
if($vsota2==0)
{
$vrnjeno="OK";
}
else
{
$vrnjeno="EMAIL_EXISTS";
}
}
else
{
$vrnjeno="USERNAME_EXISTS";
}
echo $vrnjeno;
if($vrnjeno=="OK")
{
$data = array(
'name'=>'name',
'username'=>$username,
'password'=>$password,
'email'=>$email,
'sendEmail'=>1,
"groups"=>array("2"),
'block'=>1,);
$user = new JUser;
try{
$user->bind($data);
$user->save();
}catch(Exception $e){
var_dump($e->getMessage());
}
}
mysqli_close($con);
?>
这是登录代码(检查用户凭据):
在我的工作中,我们开发了,有时我们使用同一个用户(joomla one)访问我们的系统。升级后,旧的验证系统无法工作,因此我们使用checkpassword
功能解决了此问题,如下所示:
<?php
/* ==============================================================================
==== Fichero: mtote.php ==
==== Descripción: Ejemplo de como validar usuarios en instalaciones ==
==== de joomla 2.5.x (nuevo encriptado usando hash+md5 ==
==== Programado por: Ing. Marvin JOsué Aguilar Romero y ==
==== José Luis Rodríguez García ==
==== Fecha: Jueves 18 de Junio de 2014, 11:00 (GMT -6) ==
==== Contacto: drkmarvin@gmail.com, tote.ote@gmail.com ==
==== Informacíón adicional: fué necesario el presente código debido a ==
==== que en nuestro trabajo hay sistemas que usan las credenciales ==
==== de joomla para su acceso. ==
==============================================================================
*/
//Obtaining configuration info for database conection using config.php
//Obtenemos los datos de configfuración de php para la conexipón a la base de datos
require_once('./configuration.php');
//Pedimos el uso de la librería para encriptación
//ASk for use of crypt library
require_once('./libraries/phpass/PasswordHash.php');
$user1 = "usuario_a_verificar"; //The user who password wanna check
$jconf = new JConfig; //Instanciamos un objeto jconf / Initialize a jconf object
$conexion = @mysql_connect($jconf->host,$jconf->user,$jconf->password,false,0);
@mysql_select_db($jconf->db); //elegir base de datos /choose database
$sql = sprintf("SELECT * FROM %susers WHERE %susers.username='%s' LIMIT 1;",$jconf->dbprefix,$jconf->dbprefix, $user1); //Seleccionamos todos los usuarios de la tabla usuario
//selecting user from database
$request = @mysql_query($sql); //Ejecutamos las consultas previas /Execute the previous sql statments
//Si hemos encontrado coincidencia ingresamos al ciclo
//If we find a match we enter in this cycle
if (mysql_num_rows($request) == 1)
{
//obtenemos un arreglo con el usuario y sus datos
//Store the user info on an array
$user = array('User' => mysql_fetch_assoc($request));
//Obtenemos en una variable el password en la base de datos
//We store on a variable the hash password from database
$par = $user['User']['password'];
//ALmacenamos el password que queremos verificar si de verdad existe para el usuario
//NOw store on a variable the password that we wanna check for the user
$userInputPassword = 'password_que_Creemos_pertenece_al_usuario';
//Instanciar el objeto phpass
//Initialice an ohoass object
$phpass = new PasswordHash(32, true);
//LLamamos a la función checkpassword que recibe por parametros la ocntarseña que queremos verificar seguida de la real (en la bd)
//Now we call the checkpassword function with two parameters 1. The password who we get and wanna verify and the hash password atcually stored on the database
if($phpass->CheckPassword($userInputPassword, $par)){echo "El usuario existe y es esa su contraseña// The user exists and that´s his password";}
else{ echo "El usuario existe pero la contraseña no es válida//the user exist but that isn´t his password"; }
}
?>
在我的工作中,我们开发并有时使用同一个用户(joomla one)访问我们的系统。升级后,旧的验证系统无法工作,因此我们使用checkpassword
功能解决了此问题,如下所示:
<?php
/* ==============================================================================
==== Fichero: mtote.php ==
==== Descripción: Ejemplo de como validar usuarios en instalaciones ==
==== de joomla 2.5.x (nuevo encriptado usando hash+md5 ==
==== Programado por: Ing. Marvin JOsué Aguilar Romero y ==
==== José Luis Rodríguez García ==
==== Fecha: Jueves 18 de Junio de 2014, 11:00 (GMT -6) ==
==== Contacto: drkmarvin@gmail.com, tote.ote@gmail.com ==
==== Informacíón adicional: fué necesario el presente código debido a ==
==== que en nuestro trabajo hay sistemas que usan las credenciales ==
==== de joomla para su acceso. ==
==============================================================================
*/
//Obtaining configuration info for database conection using config.php
//Obtenemos los datos de configfuración de php para la conexipón a la base de datos
require_once('./configuration.php');
//Pedimos el uso de la librería para encriptación
//ASk for use of crypt library
require_once('./libraries/phpass/PasswordHash.php');
$user1 = "usuario_a_verificar"; //The user who password wanna check
$jconf = new JConfig; //Instanciamos un objeto jconf / Initialize a jconf object
$conexion = @mysql_connect($jconf->host,$jconf->user,$jconf->password,false,0);
@mysql_select_db($jconf->db); //elegir base de datos /choose database
$sql = sprintf("SELECT * FROM %susers WHERE %susers.username='%s' LIMIT 1;",$jconf->dbprefix,$jconf->dbprefix, $user1); //Seleccionamos todos los usuarios de la tabla usuario
//selecting user from database
$request = @mysql_query($sql); //Ejecutamos las consultas previas /Execute the previous sql statments
//Si hemos encontrado coincidencia ingresamos al ciclo
//If we find a match we enter in this cycle
if (mysql_num_rows($request) == 1)
{
//obtenemos un arreglo con el usuario y sus datos
//Store the user info on an array
$user = array('User' => mysql_fetch_assoc($request));
//Obtenemos en una variable el password en la base de datos
//We store on a variable the hash password from database
$par = $user['User']['password'];
//ALmacenamos el password que queremos verificar si de verdad existe para el usuario
//NOw store on a variable the password that we wanna check for the user
$userInputPassword = 'password_que_Creemos_pertenece_al_usuario';
//Instanciar el objeto phpass
//Initialice an ohoass object
$phpass = new PasswordHash(32, true);
//LLamamos a la función checkpassword que recibe por parametros la ocntarseña que queremos verificar seguida de la real (en la bd)
//Now we call the checkpassword function with two parameters 1. The password who we get and wanna verify and the hash password atcually stored on the database
if($phpass->CheckPassword($userInputPassword, $par)){echo "El usuario existe y es esa su contraseña// The user exists and that´s his password";}
else{ echo "El usuario existe pero la contraseña no es válida//the user exist but that isn´t his password"; }
}
?>
您是否尝试过寻找joomla库如何在那里散列密码?$hash=JUserHelper::hashPassword(“mypassword”)代码>不知道这是否有效,但值得一试你是否正在尝试编写自己的插件?检查这一点你是说你希望他们注册然后立即登录?你是否尝试过寻找joomla库如何在那里散列密码?$hash=JUserHelper::hashPassword(“mypassword”)代码>不知道这是否有效但值得一试你是否正在尝试编写自己的插件?检查这一点你是说你希望他们注册然后立即登录?与其导入单个文件,不如导入Joomla框架,然后进行验证并执行安全的数据库查询;)我真的建议使用API,而不是把这些都搞乱。感谢Jompper提供的有关SQL注入的提示。我修复了代码。与其导入单个文件,不如导入Joomla框架,然后进行验证并执行安全的数据库查询;)我真的建议使用API,而不是把这些都搞乱。感谢Jompper提供的有关SQL注入的提示。我修复了代码。您好,我已经注册了新用户,然后使用php脚本检查登录凭据。但当我从Joomla Administration CMS创建新用户时,它不会以相同的形式创建密码(哈希“:”.salt),请参阅更多。我可以看到注册是如何工作的。您好,我已经注册了新用户,然后使用php脚本检查登录凭据。但当我从Joomla Administration CMS创建新用户时,它不会以相同的形式创建密码(哈希“:”.salt),请参阅更多。我可以看到注册是如何工作的。请用英语提供代码中的注释。完成,请原谅我的enslih不是我的母语。无需担心,但用英语发布时,其他人更可能会帮助:-)请用英语提供代码中的注释。完成,请原谅我的enslih不是我的母语,但在用英语发帖时,更有可能是其他人会提供帮助:-)