Joomla Login Authentication from external app

jax picture jax · Feb 1, 2010 · Viewed 17.6k times · Source

I need to check that a Joomla username and password is valid from my external application. It is not necessary that the user is logged into the system just that their account exists. How do I do this?

Answer

GmonC picture GmonC · Feb 3, 2010

I'm supposing your external application will have access to Joomla's database and is written in php as well.

I've already answered a similar question about creating a user outside joomla, you could use the same approach, but instead of calling the save method from JUser, you could use bind to check if the password is correct.

Or something better: simply copy and paste Joomla's own authentication mechanism after creating an "environment" outside Joomla! Check JOOMLA_PATH/plugins/authentication/joomla.php:

 function onAuthenticate( $credentials, $options, &$response ){
  jimport('joomla.user.helper');
  // Joomla does not like blank passwords
  if (empty($credentials['password'])){
   $response->status = JAUTHENTICATE_STATUS_FAILURE;
   $response->error_message = 'Empty password not allowed';
   return false;
  }

  // Initialize variables
  $conditions = '';

  // Get a database object
  $db =& JFactory::getDBO();

  $query = 'SELECT `id`, `password`, `gid`'
   . ' FROM `#__users`'
   . ' WHERE username=' . $db->Quote( $credentials['username'] )
   ;
  $db->setQuery( $query );
  $result = $db->loadObject();

  if($result){
   $parts = explode( ':', $result->password );
   $crypt = $parts[0];
   $salt = @$parts[1];
   $testcrypt = JUserHelper::getCryptedPassword($credentials['password'], $salt);

   if ($crypt == $testcrypt) {
    $user = JUser::getInstance($result->id); // Bring this in line with the rest of the system
    $response->email = $user->email;
    $response->fullname = $user->name;
    $response->status = JAUTHENTICATE_STATUS_SUCCESS;
    $response->error_message = '';
   } else {
    $response->status = JAUTHENTICATE_STATUS_FAILURE;
    $response->error_message = 'Invalid password';
   }
  }
  else{
   $response->status = JAUTHENTICATE_STATUS_FAILURE;
   $response->error_message = 'User does not exist';
  }
 }