从joomla验证登录凭证！核心结构

Question

我正在开发joomla的插件！但考虑到我从剧本结构中设计出来的剧本的复杂性。

现在我遇到的唯一问题是让用户只能以管理员身份登录一次，并且只能在拥有权限的情况下跟随我的插件文件夹错误放置。

我的插件是在:(路径[点] COM /测试）文件夹中的一切工作正常，但可用于公众。

到目前为止，我已经从（测试/的index.php）尝试这种代码：

// Load Joomla! configuration file 
require_once('../configuration.php'); 
// Create a JConfig object 
$config = new JConfig(); 
//import variables 
$dbhostname  = $config->host; 
$dbusername  = $config->user; 
$dbpassword  = $config->password; 
$dbdatabase  = $config->db; 
$dbprefix  = $config->dbprefix; 
$secret   = $config->secret; 

// Get these from your form... 

    $username_for_check = 'admin'; // this username should be in your database = change it 

    $password_for_check = 'passw'; //this password should be in your database encrypted = change it 

//connect to db 
    $mysqli = new mysqli($dbhostname,$dbusername,$dbpassword,$dbdatabase); 

    if ($result = $mysqli->query('SELECT j.username,j.password FROM '.$dbprefix.'users j WHERE j.username="'.$username_for_check.'" LIMIT 1;')) { 

     if ($result->num_rows == 0){ 
     echo 'Username does not exist.'; 
     } 
     else{ 
     while ($row = $result->fetch_object()) { 

      //Grab username and password from table #__users 
      $joomla_user = $row->username; 
      $joomla_pass = $row->password; 


      $pass_array = explode(':',$row->password);// <== Here not sure!! 
      //but it should be the magic behind it.. for me doesn't work in joomla 3.5 and above apparently as encryption method changed 
      //my password does not have a colon in between 

      //\\===\ Those are just echos to visually check if the password was matched /==//\\ 

      echo '[USER:] '.$joomla_user.'<br>'; 

      echo '[PASS:] '.$joomla_pass.'<br>'; 

      echo '[HASH:] '.$joomla_hash = $pass_array[0].'<br>'; 

      echo '[SALT:] '.$joomla_salt = $pass_array[1].'<br>'; 

      echo '[SECRET:] '.$secret.'<br>'; //secret maybe of help, just put it ready for testing 

      echo '[CHECK:] '.md5($password_for_check.$joomla_salt).'<br>'; 
      //=======================================================================// 
     } 

     if($joomla_hash == md5($password_for_check.$joomla_salt)){ //Old approch for validating according to various prehistoric posts 

      echo 'Username and password combination validated.'; 

     } 
     else{ 
      echo 'Invalid password for username.'; 
     } 

     } 

    } 
    else { 
    echo 'LOGIN VALIDATION: MySQL Error - '.$mysqli->error; 
    } 
    //close db 
    $mysqli->close(); 

试图返回匹配并继续之前验证注册用户。

我希望有人在3.5及以上版本有这个解决方案。

在此先感谢

Answer 1

发现做出来的最好的方式是这样的，希望它会帮助别人：

<?php 
// Load Joomla! configuration file 
require_once('../configuration.php'); 
// Create a JConfig object 
$config = new JConfig(); 
//import variables 
$dbhostname  = $config->host; 
$dbusername  = $config->user; 
$dbpassword  = $config->password; 
$dbdatabase  = $config->db; 
$dbprefix  = $config->dbprefix; 

// Get these from your form... 
    $username_for_check = 'admin'; // this username should be in your database = change it 
    $password_for_check = '1234'; //this password should be in your database encrypted = change it 

    //Something like that from your form 
    //$username_for_check = $_POST['access_login']; 
    //$password_for_check = $_POST['access_password']; 
//connect to db 
    $mysqli = new mysqli($dbhostname,$dbusername,$dbpassword,$dbdatabase); 
    if ($result = $mysqli->query('SELECT j.username,j.password FROM '.$dbprefix.'users j WHERE j.username="'.$username_for_check.'" LIMIT 1;')) { 
     if ($result->num_rows == 0){ 
      echo 'Username does not exist.'; 
     } 
     else{ 
      while ($row = $result->fetch_object()) { 
       //Grab username and password from table #__users 
       $joomla_user = $row->username; 
       $joomla_pass = $row->password; 
      } 
      if(password_verify($password_for_check , $joomla_pass)){ 
       echo 'Username and password combination validated.'; 
      } 
      else{ 
       echo 'Invalid password for username.'; 
      } 
     } 
    } 
    else { 
     echo 'LOGIN VALIDATION: MySQL Error - '.$mysqli->error; 
    } 
    //close db 
    $mysqli->close(); 
?>