Php 从joomla验证登录凭证!核心结构
我正在为joomla开发一个插件!但是考虑到脚本的复杂性,我从核心结构中设计了它 现在我唯一的问题是让用户只以管理员身份登录一次,并跟随我的插件文件夹,这是错误的,只有在他们有权限的情况下 我的插件在:path[dot]com/test文件夹中,在那里一切正常,但对公众可用 到目前为止,我已经在test/index.php中尝试了以下代码:Php 从joomla验证登录凭证!核心结构,php,joomla,Php,Joomla,我正在为joomla开发一个插件!但是考虑到脚本的复杂性,我从核心结构中设计了它 现在我唯一的问题是让用户只以管理员身份登录一次,并跟随我的插件文件夹,这是错误的,只有在他们有权限的情况下 我的插件在:path[dot]com/test文件夹中,在那里一切正常,但对公众可用 到目前为止,我已经在test/index.php中尝试了以下代码: // Load Joomla! configuration file require_once('../configuration.php'); // Cr
// Load Joomla! configuration file
require_once('../configuration.php');
// Create a JConfig object
$config = new JConfig();
//import variables
$dbhostname = $config->host;
$dbusername = $config->user;
$dbpassword = $config->password;
$dbdatabase = $config->db;
$dbprefix = $config->dbprefix;
$secret = $config->secret;
// Get these from your form...
$username_for_check = 'admin'; // this username should be in your database = change it
$password_for_check = 'passw'; //this password should be in your database encrypted = change it
//connect to db
$mysqli = new mysqli($dbhostname,$dbusername,$dbpassword,$dbdatabase);
if ($result = $mysqli->query('SELECT j.username,j.password FROM '.$dbprefix.'users j WHERE j.username="'.$username_for_check.'" LIMIT 1;')) {
if ($result->num_rows == 0){
echo 'Username does not exist.';
}
else{
while ($row = $result->fetch_object()) {
//Grab username and password from table #__users
$joomla_user = $row->username;
$joomla_pass = $row->password;
$pass_array = explode(':',$row->password);// <== Here not sure!!
//but it should be the magic behind it.. for me doesn't work in joomla 3.5 and above apparently as encryption method changed
//my password does not have a colon in between
//\\===\ Those are just echos to visually check if the password was matched /==//\\
echo '[USER:] '.$joomla_user.'<br>';
echo '[PASS:] '.$joomla_pass.'<br>';
echo '[HASH:] '.$joomla_hash = $pass_array[0].'<br>';
echo '[SALT:] '.$joomla_salt = $pass_array[1].'<br>';
echo '[SECRET:] '.$secret.'<br>'; //secret maybe of help, just put it ready for testing
echo '[CHECK:] '.md5($password_for_check.$joomla_salt).'<br>';
//=======================================================================//
}
if($joomla_hash == md5($password_for_check.$joomla_salt)){ //Old approch for validating according to various prehistoric posts
echo 'Username and password combination validated.';
}
else{
echo 'Invalid password for username.';
}
}
}
else {
echo 'LOGIN VALIDATION: MySQL Error - '.$mysqli->error;
}
//close db
$mysqli->close();
提前感谢找到做这件事的最好方法是这样希望它能帮助某人:
<?php
// Load Joomla! configuration file
require_once('../configuration.php');
// Create a JConfig object
$config = new JConfig();
//import variables
$dbhostname = $config->host;
$dbusername = $config->user;
$dbpassword = $config->password;
$dbdatabase = $config->db;
$dbprefix = $config->dbprefix;
// Get these from your form...
$username_for_check = 'admin'; // this username should be in your database = change it
$password_for_check = '1234'; //this password should be in your database encrypted = change it
//Something like that from your form
//$username_for_check = $_POST['access_login'];
//$password_for_check = $_POST['access_password'];
//connect to db
$mysqli = new mysqli($dbhostname,$dbusername,$dbpassword,$dbdatabase);
if ($result = $mysqli->query('SELECT j.username,j.password FROM '.$dbprefix.'users j WHERE j.username="'.$username_for_check.'" LIMIT 1;')) {
if ($result->num_rows == 0){
echo 'Username does not exist.';
}
else{
while ($row = $result->fetch_object()) {
//Grab username and password from table #__users
$joomla_user = $row->username;
$joomla_pass = $row->password;
}
if(password_verify($password_for_check , $joomla_pass)){
echo 'Username and password combination validated.';
}
else{
echo 'Invalid password for username.';
}
}
}
else {
echo 'LOGIN VALIDATION: MySQL Error - '.$mysqli->error;
}
//close db
$mysqli->close();
?>