0
我正在开发joomla的插件!但考虑到我从剧本结构中设计出来的剧本的复杂性。从joomla验证登录凭证!核心结构
现在我遇到的唯一问题是让用户只能以管理员身份登录一次,并且只能在拥有权限的情况下跟随我的插件文件夹错误放置。
我的插件是在:(路径[点] COM /测试)文件夹中的一切工作正常,但可用于公众。
到目前为止,我已经从(测试/的index.php)尝试这种代码:
// Load Joomla! configuration file
require_once('../configuration.php');
// Create a JConfig object
$config = new JConfig();
//import variables
$dbhostname = $config->host;
$dbusername = $config->user;
$dbpassword = $config->password;
$dbdatabase = $config->db;
$dbprefix = $config->dbprefix;
$secret = $config->secret;
// Get these from your form...
$username_for_check = 'admin'; // this username should be in your database = change it
$password_for_check = 'passw'; //this password should be in your database encrypted = change it
//connect to db
$mysqli = new mysqli($dbhostname,$dbusername,$dbpassword,$dbdatabase);
if ($result = $mysqli->query('SELECT j.username,j.password FROM '.$dbprefix.'users j WHERE j.username="'.$username_for_check.'" LIMIT 1;')) {
if ($result->num_rows == 0){
echo 'Username does not exist.';
}
else{
while ($row = $result->fetch_object()) {
//Grab username and password from table #__users
$joomla_user = $row->username;
$joomla_pass = $row->password;
$pass_array = explode(':',$row->password);// <== Here not sure!!
//but it should be the magic behind it.. for me doesn't work in joomla 3.5 and above apparently as encryption method changed
//my password does not have a colon in between
//\\===\ Those are just echos to visually check if the password was matched /==//\\
echo '[USER:] '.$joomla_user.'<br>';
echo '[PASS:] '.$joomla_pass.'<br>';
echo '[HASH:] '.$joomla_hash = $pass_array[0].'<br>';
echo '[SALT:] '.$joomla_salt = $pass_array[1].'<br>';
echo '[SECRET:] '.$secret.'<br>'; //secret maybe of help, just put it ready for testing
echo '[CHECK:] '.md5($password_for_check.$joomla_salt).'<br>';
//=======================================================================//
}
if($joomla_hash == md5($password_for_check.$joomla_salt)){ //Old approch for validating according to various prehistoric posts
echo 'Username and password combination validated.';
}
else{
echo 'Invalid password for username.';
}
}
}
else {
echo 'LOGIN VALIDATION: MySQL Error - '.$mysqli->error;
}
//close db
$mysqli->close();
试图返回匹配并继续之前验证注册用户。
我希望有人在3.5及以上版本有这个解决方案。
在此先感谢