Joomla login and sessions from external php

For Joomla! 3.x Coding related discussions, please use: http://groups.google.com/group/joomla-dev-general

Moderator: ooffick

Forum rules
Please use the mailing list here: http://groups.google.com/group/joomla-dev-general rather than this forum.
Post Reply
Si_php
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Tue Jul 31, 2018 8:03 pm

Joomla login and sessions from external php

Post by Si_php » Tue Jul 31, 2018 8:18 pm

Hi,

We have parts of our page that now need to be external from the Joomla workflow. I'm trying to get my head around the joomla login and sessions.

1 - where do I find the version of Joomla installed. I can't see anything in the Admin back end or in the configuration.php file in the root. SOLVED Joomla! 3.7.5 Stable

I'm using the below to connect and have no problem with with user name and password but fails at making a session. Any help would be great.

Code: Select all

<?php
	define( '_JEXEC', 1 );
	define( 'DS', '/' );

	define( 'JPATH_BASE', $_SERVER['DOCUMENT_ROOT']);
	require_once ( JPATH_BASE .DS. 'includes' .DS. 'defines.php' );
	require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
	
	$app = JFactory::getApplication('site');
	jimport('joomla.plugin.helper');

	require_once (JPATH_BASE .'/libraries/joomla/factory.php');
	
	// Hardcoded for now
	$credentials['username'] = 'username';
	$credentials['password'] = 'password';

	// Get a database object
	$db    = JFactory::getDbo();
	$query = $db->getQuery(true)->select('id, password')->from('#__users')->where('username=' . $db->quote($credentials['username']));

	$db->setQuery($query);
	$result = $db->loadObject();

	if ($result){
		$match = JUserHelper::verifyPassword($credentials['password'], $result->password, $result->id);
		if ($match === true){
			$user = JUser::getInstance($result->id);
			echo 'Joomla! Authentication was successful!' . '<br>';
			echo 'Joomla! Token is:' . JHTML::_( 'form.token' ) . '<br>';
			echo "" . '<br>';
			//perform the login action
			$error = $app->login($credentials);
			$logged_user = JFactory::getUser();
			var_dump($logged_user );
			
			//redirect logged in user
			$app->redirect('index.php');
		}
		else{
			// Invalid password
			echo 'Joomla! Token is:' . JHTML::_( 'form.token' ) . '<br>';
			die('Invalid password');
		}
	}
	else{
		echo "No";
	}
?>
Thanks for any help or incite into this.
Si
Last edited by toivo on Tue Jul 31, 2018 9:18 pm, edited 2 times in total.
Reason: mod note: moved, not related to 3.x Security

Si_php
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Tue Jul 31, 2018 8:03 pm

Re: Joomla login and sessions from external php

Post by Si_php » Fri Aug 10, 2018 3:08 pm

So, I have made a little progress in my free time. I really looking for constructive criticism or other ideas. I have tested it and looks to be working fine.

Every page does include the jsession.php

Code: Select all

<?php 
	include('jsession.php');	
?>
index.php - this is my login page and if not session you get dumped here

Code: Select all

<?php
	define( '_JEXEC', 1 );
	define( 'DS', '/' );

	define( 'JPATH_BASE', $_SERVER['DOCUMENT_ROOT']);
	require_once ( JPATH_BASE .DS. 'includes' .DS. 'defines.php' );
	require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
	require_once (JPATH_BASE .'/libraries/joomla/factory.php');

	jimport('joomla.plugin.helper');
	jimport('joomla.session.session');
	jimport('joomla.user.user');
	$mainframe 	= &JFactory::getApplication('site');
	$session 	= JFactory::getSession();
	
	$Message = 'Please enter your credentials to login.';
	$error = '';
	 
	if($session->get('name') != '' && $session->get('id') != ''){
		header('location: home.php');
	}
	if (isset($_POST['submit'])){
		if (empty($_POST['username']) || empty($_POST['password'])){
			$error = '<i class="fas fa-exclamation-circle"> </i> You must enter Username and Password!';
			$Message = '';
		}
		else{
			if(some data I need to be true"){
				$credentials['username'] = $_POST['username'];
				$credentials['password'] = $_POST['password'];

				$db    = JFactory::getDbo();
				$query = $db->getQuery(true)->select('id, name, password, email')->from('#__users')->where('username=' . $db->quote($credentials['username']));
				
				$db->setQuery($query);
				$result = $db->loadObject();
				if ($result){
					$match = JUserHelper::verifyPassword($credentials['password'], $result->password, $result->id);

					if ($match === true){
						$session->set('name', $result->name);
						$session->set('id', $result->id);
						$session->set('email', $result->email);
						header('location: home.php');

					}
					else{
						$error = '<i class="fas fa-exclamation-circle"> </i> Username or Password is invalid ';
						$Message = '';
					}
				}
				else{
					$error = '<i class="fas fa-exclamation-circle"> </i> Username or Password is invalid ';
					$Message = '';
				}
			}
			else{
				$error = '<i class="fas fa-exclamation-circle"> </i> You Have No Access To Admin Area';
				$Message = '';
			}
		}
	}
?>
jsession.php - this is the file that get loaded on every page to check session

Code: Select all

<?php 
	define( '_JEXEC', 1 );
	define( 'DS', '/' );

	define( 'JPATH_BASE', $_SERVER['DOCUMENT_ROOT']);
	require_once ( JPATH_BASE .DS. 'includes' .DS. 'defines.php' );
	require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
	require_once (JPATH_BASE .'/libraries/joomla/factory.php');
	
	$app = JFactory::getApplication('site');

	jimport('joomla.plugin.helper');
	jimport('joomla.session.session');
	jimport('joomla.user.user');
	
	$session = JFactory::getSession();
	$UserLoggedin = $session->get('name');
	$IdLoggedin = $session->get('id');

	$con = mysqli_connect("localhost", "****", "****", "****");
	if (mysqli_connect_errno()) {
		printf("Connect failed: %s\n", mysqli_connect_error());
		exit();
	}
	$query = mysqli_query($con, "SELECT * FROM `MYUSERSTABLE` WHERE `id` = $IdLoggedin AND `name` = '$UserLoggedin'");
	$Session_Count = (mysqli_num_rows($query));
	mysqli_close($con);
	if($Session_Count < 1){
		$session->set('name', '');
		$session->set('id', '');
		header('location: index.php');
	}
?>
logout.php to kill session

Code: Select all

<?php
	define( '_JEXEC', 1 );
	define( 'DS', '/' );

	define( 'JPATH_BASE', $_SERVER['DOCUMENT_ROOT']);
	require_once ( JPATH_BASE .DS. 'includes' .DS. 'defines.php' );
	require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
	require_once (JPATH_BASE .'/libraries/joomla/factory.php');

	jimport('joomla.plugin.helper');
	jimport('joomla.session.session');
	jimport('joomla.user.user');
	$mainframe 	= &JFactory::getApplication('site');
	$session 	= JFactory::getSession();
	
	$session->set('name', '');
	$session->set('id', '');
	$session->set('email', '');
	header('location: home.php');
?>
Any holes you think are problems?

Thanks
Si


Post Reply

Return to “Joomla! 3.x Coding”