Login Credentials to target web page?

Discussion regarding Joomla! security issues.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
JR97
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Fri Jan 13, 2006 10:13 pm

Login Credentials to target web page?

Post by JR97 » Fri Jan 13, 2006 11:37 pm

I have a subscriber section in my site that has links to subscriber only pages.   The pages are new windows.  But I would like to make it possible so that someone couldn't just type in the url for the target pages and bypass the joomla login.  Is this possible?  Either have the target page request a login or make it so the target page opens from a referring source only?  Thanks.
Last edited by JR97 on Tue Jan 17, 2006 6:53 am, edited 1 time in total.

 
User avatar
Tonie
Joomla! Master
Joomla! Master
Posts: 16584
Joined: Thu Aug 18, 2005 7:13 am

Re: Login Credentials to target web page?

Post by Tonie » Sat Jan 14, 2006 10:46 am

Are those new windows part of your Joomla install, or are the pages that are hosted elsewhere?

JR97
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Fri Jan 13, 2006 10:13 pm

Re: Login Credentials to target web page?

Post by JR97 » Sat Jan 14, 2006 3:26 pm

Technically they're not part of the Joomla insall, but theyr'e on my server.  The only other option was to use the wrapper, but that doesn't work for what I'm doing.  I need to have the links open in new windows. 

Is there a way I can have the linked pages look at the cookie or whatever the Joomla log in uses?  If you want a quick look, the site is located  at http://www.4xmadehard.roxr.com.&nbsp;   User: invited password: invited.    In the User menu, there are 2 links... EURUSD PTS and EURUSD 4xMH.  Those are the pages I'm trying to protect. 

I've looked at using the server http refferer method with php, but that's not a complete solution.  Thanks for any help. 

 

User avatar
Tonie
Joomla! Master
Joomla! Master
Posts: 16584
Joined: Thu Aug 18, 2005 7:13 am

Re: Login Credentials to target web page?

Post by Tonie » Sat Jan 14, 2006 3:30 pm

I am no expert on sessions and the like, but if those two pages are no part of the Joomla install, you would need to script your way out of this. I can't be of any more help here.

JR97
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Fri Jan 13, 2006 10:13 pm

Re: Login Credentials to target web page?

Post by JR97 » Tue Jan 17, 2006 6:51 am

I think I found something that will work.  Referring to $mainframe and $my->id.  Ended up looking like:

Code: Select all

<?php

define( '_VALID_MOS', 1 );

include_once('../globals.php' );
require_once('../configuration.php' );
require_once('../includes/joomla.php' );

$mainframe = new mosMainFrame( $database, $_REQUEST['option'], '.' );
$mainframe->initSession();

$my = $mainframe->getUser();
if ($my->id){
echo "do some stuff here if the id exists";
}
?>

There may be some un-needed code in there but it works and took me 2 days to get it to work right so I'm not messing with it.  :-\ :-[

magsglass
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Fri Sep 30, 2005 10:19 pm

Re: Login Credentials to target web page?

Post by magsglass » Tue Jan 17, 2006 3:23 pm

JR97 wrote: I think I found something that will work.  Referring to $mainframe and $my->id.  Ended up looking like:
~snipped~
JR97,
Glad to know this worked!  Could you please elaborate a bit on where you placed this code?
Thank you!
~Mag

JR97
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Fri Jan 13, 2006 10:13 pm

Re: Login Credentials to target web page?

Post by JR97 » Fri Jan 20, 2006 9:57 am

The code goes at the top of the page.  Then stick all of your HTML content into the section that says echo "do some stuff here if id exists".  My pages are php pages, so I quoted the HTML with the Herdota method. 

nickers
Joomla! Apprentice
Joomla! Apprentice
Posts: 25
Joined: Fri Feb 10, 2006 3:58 pm

Re: Login Credentials to target web page?

Post by nickers » Wed Mar 29, 2006 3:59 am

This does seem to work quite well. I'm surprised it took me hours and hours to find this. The only part of your code that seems can be eliminated is: include_once('../globals.php' );

I took that out and it still worked fine. If you know of a specific reason why that needs to be there, please let me know.

Also, all you Joomla Hero's out there. What do you think of this method?  Is there any way to simplify it, optimize it?

How about creating a new com_wrapper that includes this feature? People would love this! It seems very simple and would avoid having to edit every php script you want to wrap.

Opinions would be welcome! :)

Thanks,
nickers

breadnbutter
Joomla! Apprentice
Joomla! Apprentice
Posts: 35
Joined: Sat Mar 04, 2006 8:28 pm

Re: Login Credentials to target web page?

Post by breadnbutter » Mon Apr 10, 2006 10:35 am

Yeah, this would be a very handy feature indeed.

I couldn't get this script to work, any ideas what is going wrong? it seems to print the echo whether loigged into joomla or not.

I've messed around with php a little and a bespoke app I would normally have a file that the php would use to check if the user is valid and has the permissions level to view. anyway of seting something like this you'd just add one line of script to the external files then.

Would be great to have this inbuilt to the wrapper component, will make joomla even more flexible.

 

Locked

Return to “Security - 1.0.x”