I need to check that a Joomla username and password is valid from my external application. It is not necessary that the user is logged into the system just that their account exists. How do I do this?
A:
Your external app should be able to access the database of the joomla app to check in the database whether or not user exists/ is valid. To check it, you got to run some query in your external app to check the existence of the user something like this:
$query = "select user_id from your_table where user_id = id_here";
// and more code afterwords.
Sarfraz
2010-02-01 12:40:16
but Joomla does weird hashing of passwords, I could try to deconstruct the hash but I would rather just use one of the internal Jclass functions if possible.
jax
2010-02-01 13:03:40
yes you will have to use that and figure out how it implements the hashing.
Sarfraz
2010-02-01 13:17:24
Yes, I decided to go that route already. Working now.
jax
2010-02-02 03:16:28
@jax: that is good to listen :)
Sarfraz
2010-02-02 05:03:14
+1
A:
I'm supposing your external application will have access to Joomla's database and is written in php as well.
I've already answered a similar question about creating a user outside joomla, you could use the same approach, but instead of calling the save method from JUser, you could use bind to check if the password is correct.
Or something better: simply copy and paste Joomla's own authentication mechanism after creating an "environment" outside Joomla! Check JOOMLA_PATH/plugins/authentication/joomla.php:
function onAuthenticate( $credentials, $options, &$response ){
jimport('joomla.user.helper');
// Joomla does not like blank passwords
if (empty($credentials['password'])){
$response->status = JAUTHENTICATE_STATUS_FAILURE;
$response->error_message = 'Empty password not allowed';
return false;
}
// Initialize variables
$conditions = '';
// Get a database object
$db =& JFactory::getDBO();
$query = 'SELECT `id`, `password`, `gid`'
. ' FROM `#__users`'
. ' WHERE username=' . $db->Quote( $credentials['username'] )
;
$db->setQuery( $query );
$result = $db->loadObject();
if($result){
$parts = explode( ':', $result->password );
$crypt = $parts[0];
$salt = @$parts[1];
$testcrypt = JUserHelper::getCryptedPassword($credentials['password'], $salt);
if ($crypt == $testcrypt) {
$user = JUser::getInstance($result->id); // Bring this in line with the rest of the system
$response->email = $user->email;
$response->fullname = $user->name;
$response->status = JAUTHENTICATE_STATUS_SUCCESS;
$response->error_message = '';
} else {
$response->status = JAUTHENTICATE_STATUS_FAILURE;
$response->error_message = 'Invalid password';
}
}
else{
$response->status = JAUTHENTICATE_STATUS_FAILURE;
$response->error_message = 'User does not exist';
}
}
GmonC
2010-02-03 00:55:17