很遗憾,我无法找到与此Joomla相关的主题!版。在尝试了几个代码后,我决定打开一个新主题,在这里问你的专家。 :)
我们正在使用带有基本身份验证检查的脚本。我们更新到Joomla后! 2.5.19,旧的md5方法不再有效。 PHP脚本如下:
session_start();
$db = mysql_connect("localhost", "root", "");
mysql_select_db("sql1",$db);
//Joomla user and pass check start
$sql = "SELECT * FROM j25_users WHERE username='".$_POST['user']."'";
$result = mysql_query($sql,$db);
$userdata = mysql_fetch_array($result);
list ($md5pass, $saltpass) = split (":", $userdata['password']);
$POSTPW = crypt ( 'xxgu952rjyiL', 'Xh2loHgxxi5ijuNbGI' );
echo "<br><br>";
$joomlapw=$userdata[password];
echo "POST PW= $POSTPW
<br>
Joomla - PW = $joomlapw
<br>
salt = $saltpass
<br>
";
if(((md5($_POST['pa'].$saltpass))==$md5pass) and ($userdata['usertype']=="Super Administrator" or $userdata['usertype']=="Editor"))
{
echo "success!";
$jommlapruefung="success";
}
echo "<br>$_POST[user] und $_POST[pa]";
//Joomla user and pass check complete
$dom =str_replace("lager.","",$_SERVER["HTTP_HOST"]);
$_GET['getdir']=str_replace(chr(92),"",$_GET['getdir']);
$_GET['getdir']=str_replace("//","/",$_GET['getdir']);
$_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']);
$_GET['getdir']=str_replace(".","_",$_GET['getdir']);
if ($_GET['getdir']==NULL) $_GET['getdir']="/";
if ( ($_GET['getdir']=="") || ($_GET['getdir']=="/") )
{
if ($jommlapruefung!="success" & $_SESSION['best']!='gogo')
{
die("<FORM ACTION=index.php METHOD=POST>
Username: <INPUT TYPE=text NAME=user LENGTH=25 SIZE=25>
Password: <INPUT TYPE=password NAME=pa LENGTH=25 SIZE=25>
<input type='submit' name='submit' value='Submit'><br>
</FORM>");
}
}
if ($jommlapruefung="success")
{
$_SESSION['best'] = 'gogo';
}
if($_SESSION['best']='gogo')
{
// HERE COMES THE SCRIPT AFTER LOGIN!!
// ...
}
?>
此代码已有几年历史,并非由我创建。一些细节已被清除。 您知道如何将此脚本从md5更新为bcrypt身份验证吗?我感谢你帮助我! :)
答案 0 :(得分:0)
我不确定我的问题是否完整。但是,如果您尝试使用其他网站上的表单登录joomla,则可以在joomla的根目录下创建一个脚本,例如joomlalogin.php,如下所示:
第一部分启动joomla接口:
// START: Initialize Joomla framework
define( '_JEXEC', 1 );
define( 'DS', DIRECTORY_SEPARATOR );
define('JPATH_BASE', dirname(__FILE__) );
// Including Required Files
require_once ( JPATH_BASE.DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE.DS.'includes'.DS.'framework.php' );
// Create the Application
$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();
$user =& JFactory::getUser();
// END: Initialize Joomla framework
然后验证并登录用户:
$app = JFactory::getApplication();
// Populate the data array:
$data = array();
$data['return'] = base64_decode(JRequest::getVar('return', '', 'POST', 'BASE64')); //Page user is returned to after a successfull login
$data['username'] = JRequest::getVar('username', '', 'method', 'username');
$data['password'] = JRequest::getString('password', '', 'post', JREQUEST_ALLOWRAW);
// Set the return URL if empty.
if (empty($data['return'])) {
$data['return'] = 'index.php'; //If return page not set... set one.
}
// Set the return URL in the user state to allow modification by plugins
$app->setUserState('users.login.form.return', $data['return']);
// Get the log in options.
$options = array();
$options['remember'] = JRequest::getBool('remember', false);
$options['return'] = $data['return'];
// Get the log in credentials.
$credentials = array();
$credentials['username'] = $data['username'];
$credentials['password'] = $data['password'];
// Perform the log in.
if (true === $app->login($credentials, $options)) {
// Success
$app->setUserState('users.login.form.data', array());
$app->redirect(JRoute::_($app->getUserState('users.login.form.return'), false));
} else {
// Login failed !
$data['remember'] = (int)$options['remember'];
$app->setUserState('users.login.form.data', $data);
$app->redirect('index.php', false));
}
我没有测试过这段代码。我只是为您使用现有网站。如果您遇到问题或者我应该改进/修复我的答案,请告诉我。
您无法解密joomla数据库中的密码。但您可以使用此方法验证它。这将创建sesssion cookie登录用户到joomla安装在同一域的joomla。