Joomla 3 support

[GoogleCodeExporter]

Login bindings with joomla 3

Original issue reported on code.google.com by game...@gmail.com on 12 May 2013 at 10:38

[GoogleCodeExporter]

from my understanding for basic access to "user" function is easy

$joomlaBase = dirname(__FILE__);

define( ‘_JEXEC’, 1 );
define(‘JPATH_BASE’, $joomlaBase);
require_once ( JPATH_BASE .’/includes/defines.php’ );
require_once ( JPATH_BASE .’/includes/framework.php’ );

$mainframe =& JFactory::getApplication(‘administrator’);
$mainframe->initialise();

if  (JFactory::getUser()->id == 0) {
// this means user is not logged in
}

im guessing the "user id" is all you need. ill be happy to test or help with 
anything you may need (keep in mind im only 'mid' level when it comes to php)

Original comment by game...@gmail.com on 12 May 2013 at 3:03

[GoogleCodeExporter]

So the bulletin board plugin (if you're using any) does use standard users?
In that case the code is close to what I need, but not sufficient by how the 
raidplaner handles external users.

Anyway - I'll have a look at their source and see what I can do.

Original comment by arne.cl...@gmail.com on 12 May 2013 at 3:42

• Changed state: Accepted
• Added labels: FixScheduledFor-0.9.8

[GoogleCodeExporter]

from what i can tell just from the quick looks at your code. you verify/work 
via sql, not via modules/function (from plugin point of view). this may save 
you a few hr's then. here's a example of how you can verify u/p via sql

<?php
$host="localhost"; // Host name
$username="db_username"; // Mysql username
$password="dbpassword"; // Mysql password
$db_name="dbname"; // Database name
$tbl_name="jos_users"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT name,username,password FROM $tbl_name WHERE 
username='$myusername'";
$result=mysql_query($sql);
$row = mysql_fetch_array($result, MYSQL_NUM);
//get array parts
$joom_name = $row[0];
$joom_user = $row[1];
$joom_pass = $row[2];
//explode pass  on colon
$parts = explode( ':', $joom_pass );
$pass = @$parts[0];
$salt = @$parts[1];
// make up the new md5 password using the user submitted password and salt from 
above
$genpassword = md5($mypassword . $salt) . ":" . $salt;

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername, table row must be 1 row
if($count!=1){
echo "<font color='#FF0000' size='5'>Wrong Username Entered!</font><p>
The incorrect username you entered is: <font color='#FF0000' 
size='4'>$myusername</font><p>";
return;
}
//if passwords match set session vars and redirect to new page
if ($genpassword == $joom_pass){
session_start();
$_SESSION['entered_username'] = $myusername;
$_SESSION['entered_password'] = $mypassword;
$_SESSION['joom_name'] = $joom_name;
$_SESSION['joom_user'] = $joom_user;
$_SESSION['joom_pass'] = $joom_pass;
$_SESSION['pass'] = $pass;
$_SESSION['salt'] = $salt;
$_SESSION['gen_pass'] = $genpassword;
header("location:login_success.php");
}
else {
echo "<font color='#FF0000' size='5'>Wrong Password Entered!</font><p>
The incorrect password you entered is: <font color='#FF0000' 
size='4'>$mypassword</font><p>";

?>

Original comment by game...@gmail.com on 12 May 2013 at 4:04

[GoogleCodeExporter]

Yes, this actually saves some time as I don't have to search that myself (which 
is actually the most annoying part when writing a connector).

Original comment by arne.cl...@gmail.com on 12 May 2013 at 6:51

• Changed title: Joomla 3 support

[GoogleCodeExporter]

Implemented in 0.9.8 development branch.

I also simplified the way plugins are registered for 0.9.8, so it will be 
easier to write new ones.
The downside of this is, that 0.9.8 plugins would have to be down-ported to 
0.9.7 which is doable but takes some time (and testing). As of this I'm not 
including a 0.9.7 compatible plugin in this report.

If you cannot wait, I suggest you to pull the 0.9.8 branch, but be aware that 
a) this branch is not fully tested and  b) there might be some extra work when 
upgrading to the final 0.9.8 version.

Original comment by arne.cl...@gmail.com on 12 May 2013 at 8:45

• Changed state: Done

[GoogleCodeExporter]

man you good, works like a charm. will be sure to buy you a few beers on my 
next pay check.

Original comment by game...@gmail.com on 13 May 2013 at 9:11

[GoogleCodeExporter]

Found one... bug? seeing a joomla is a CMS. the best way to integrate your 
script in it, is to change the theme to "portal_integration" and embed it in to 
a module via a frameless iframe. That work fine right out the box (minus small 
css tweaks, see integrate.jpg).

The problem happens when the use logs in or out of joomla, its not syncing with 
raidplanner. If you logout of joomla you still logged in raidplanner and via 
versa.
the problem with trying to sync with joomla is that joomla encrypteing user 
session/cookie data, so only way to check that is via joomla function. the good 
news is that you want have to rewrite everything to get that to work (at least 
from what i can tell).

From what i can tell... the way you loggin via plugin is that you search the 
joomla user data for a user that match the u/p combo. if one is found it pulls 
the "user id" and compares that to raidplanner database. if it finds a user 
with that "user id" it pull its info/settting if not it create the user. 

if thats the case then something like this would work.....

private checkLoginStatus()
{
$joomlaBase = "/"; // would have to ask the user what the base location of 
joomla and use that

define( ‘_JEXEC’, 1 );
define(‘JPATH_BASE’, $joomlaBase);
require_once ( JPATH_BASE .’/includes/defines.php’ );
require_once ( JPATH_BASE .’/includes/framework.php’ );
$mainframe =& JFactory::getApplication(‘site’);
$mainframe->initialise();
return JFactory::getUser()->id;
}

if the function return "0" you no the user is NOT logged, if it return anything 
but "0" you now have the "user id" to continue with the script/program. I hope 
im not to way off.

Also on a side not you can ask the user (during setup) if he would like to sync 
login /out and only use that if the user wants to....

just my 2 cents (go easy on me XD)

Original comment by game...@gmail.com on 13 May 2013 at 12:15

Attachments:

• integrate.jpg

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

i was able to pull it with some what of a hack job. here's the 2 files that i 
changed to get it to work, i comment the changes. hope they understandable, if 
you have any question fill free to ask.

P.S. almost forgot, the first time you login (account not made in raidplanner 
yet). you have to login via raidplanner but after that if will auto log you in 
and out ^^

Original comment by game...@gmail.com on 14 May 2013 at 12:33

Attachments:

• joomla3.php
• userproxy.class.php

[GoogleCodeExporter]

Checking on the "currently logged in external user" is not implemented with any 
of the login bindings.
The raidplaner was originally build a separate tool next to e.g. forum. The 
whole portal integration thing came up just recently so it's not a very clean 
experience, yet.

Using an already logged in external user will require some extra work as this 
feature would have to be added to all bindings across the board. This does 
require some extra thinking on my side to avoid security holes and other side 
effects. I'll schedule that request for 1.1 as it fits quite nicely with the 
other automation tasks.

Original comment by arne.cl...@gmail.com on 14 May 2013 at 2:26

[GoogleCodeExporter]

Original comment by arne.cl...@gmail.com on 26 May 2013 at 9:41

• Changed state: Fixed