mattpiercey
asked on
urgent joomla 1.0.5 SQL query code . . .
Hi experts, I just fantastico-installed joomla 1.0.5, and everything works great, but I am modifying a few lines of PHP and need some help.
I am working with the mod_login module found at [http://joomla.org.in/doc/modules/mod_login.php.source.html]
text only version at :[http://joomla.org.in/doc/modules/mod_login.php.source.txt]
As you can see by that file, it is simple SQL authentication. The index.php file calls it and then the mod_login module searches the database for credentials and displays appropriate HTML based on results. What I am trying to do is automatically log a user in just based on an external link. The link will call the joomla index.php file, and the mod_login module will determine if [based on the variables passed in the link], the user will be logged in or simply presented with an option to register.
Currently, if you just call the index.php? file, it presents the user with the option to login or register [found at line 73]. I want to be able to have the user authenticated automatically via the link that comes from an OUTSIDE SITE, for example, if a partner website has a link to our site like, http://www.educationforliberty.com/altapps/index.php?username=registered_user_username&passwd=example&autologin=yes
I know that others will be able to see username/password combinations, but all it means for us in this situation is that we control the access that is granted based on inbound external links.
I am looking for a solution that will fall right around line 73 and search the SQL database for credentials, and redirect the window if the proper credentials are given. If they are not given, then the user is presented with the default login/register form found after line 73.
I have attempted to do this at line 73 with
__________________________
// autologin if a user
if ( $autologin == yes) {
$location = 'http://www.educationforliberty.com/altapps/index.php?option=com_content&task=view&id=12&Itemid=27&data=final_destination_for_authenticated_link';
print "<script language=\"javascript\">\n
print "document.location.href=\"
print "</script>";
}
else {
//load default html to offer registration for user
// open else statement found in original
?>
__________________________
but there is no authentication aspect in SQL
I am working with the mod_login module found at [http://joomla.org.in/doc/modules/mod_login.php.source.html]
text only version at :[http://joomla.org.in/doc/modules/mod_login.php.source.txt]
As you can see by that file, it is simple SQL authentication. The index.php file calls it and then the mod_login module searches the database for credentials and displays appropriate HTML based on results. What I am trying to do is automatically log a user in just based on an external link. The link will call the joomla index.php file, and the mod_login module will determine if [based on the variables passed in the link], the user will be logged in or simply presented with an option to register.
Currently, if you just call the index.php? file, it presents the user with the option to login or register [found at line 73]. I want to be able to have the user authenticated automatically via the link that comes from an OUTSIDE SITE, for example, if a partner website has a link to our site like, http://www.educationforliberty.com/altapps/index.php?username=registered_user_username&passwd=example&autologin=yes
I know that others will be able to see username/password combinations, but all it means for us in this situation is that we control the access that is granted based on inbound external links.
I am looking for a solution that will fall right around line 73 and search the SQL database for credentials, and redirect the window if the proper credentials are given. If they are not given, then the user is presented with the default login/register form found after line 73.
I have attempted to do this at line 73 with
__________________________
// autologin if a user
if ( $autologin == yes) {
$location = 'http://www.educationforliberty.com/altapps/index.php?option=com_content&task=view&id=12&Itemid=27&data=final_destination_for_authenticated_link';
print "<script language=\"javascript\">\n
print "document.location.href=\"
print "</script>";
}
else {
//load default html to offer registration for user
// open else statement found in original
?>
__________________________
but there is no authentication aspect in SQL
Try this as a Debug. I want to see what comes out. Adding the debug is NOT a fix.
Instead of ...
if ( $autologin == yes) {
Try ...
if (isset($_GET['autologin'])
print_r($_GET); // Show the entire GET array. Hopefully all the data is here.
Instead of ...
if ( $autologin == yes) {
Try ...
if (isset($_GET['autologin'])
print_r($_GET); // Show the entire GET array. Hopefully all the data is here.
ASKER
calling this page in your browser:
http://www.educationforliberty.com/altapps/index.php?
produces the default login box.[GOOD]
calling this page in your browser:
http://www.educationforliberty.com/altapps/index.php?username=registered_user_username&passwd=example&autologin=yes
with your code:
____________________
// autologin if a user
if (isset($_GET['autologin'])
print_r($_GET); // Show the entire GET array. Hopefully all the data is here.
____________________
This error is produced:
Parse error: syntax error, unexpected '{' in /educationforliberty/altap
V
But, with this code - I put a parentheses after the yes in ($_GET['autologin'], 'yes')),
^
____________________
} else {
// Login output
// ie HTML when not logged in and trying to login
?>
<?php
// autologin if a user
if (isset($_GET['autologin'])
print_r($_GET); // Show the entire GET array. Hopefully all the data is here.
}
else {
//load default html to offer registration for user
// open else statement found in original
?>
<form action="<?php echo sefRelToAbs( 'index.php' ); ?>" method="post" name="login" >
____________________
The script outputs
Login Form
Array ( [username] => registered_user_username [passwd] => example [autologin] => yes )
I removed the window location redirection because we need to actually log the user in.
Thank you for your support in this question. Many other Joomla websites have had HUNDREDS of programmers attempt to solve this problem, so whoever solves it will get major eprops.
http://www.educationforliberty.com/altapps/index.php?
produces the default login box.[GOOD]
calling this page in your browser:
http://www.educationforliberty.com/altapps/index.php?username=registered_user_username&passwd=example&autologin=yes
with your code:
____________________
// autologin if a user
if (isset($_GET['autologin'])
print_r($_GET); // Show the entire GET array. Hopefully all the data is here.
____________________
This error is produced:
Parse error: syntax error, unexpected '{' in /educationforliberty/altap
V
But, with this code - I put a parentheses after the yes in ($_GET['autologin'], 'yes')),
^
____________________
} else {
// Login output
// ie HTML when not logged in and trying to login
?>
<?php
// autologin if a user
if (isset($_GET['autologin'])
print_r($_GET); // Show the entire GET array. Hopefully all the data is here.
}
else {
//load default html to offer registration for user
// open else statement found in original
?>
<form action="<?php echo sefRelToAbs( 'index.php' ); ?>" method="post" name="login" >
____________________
The script outputs
Login Form
Array ( [username] => registered_user_username [passwd] => example [autologin] => yes )
I removed the window location redirection because we need to actually log the user in.
Thank you for your support in this question. Many other Joomla websites have had HUNDREDS of programmers attempt to solve this problem, so whoever solves it will get major eprops.
<?php
if (isset($_GET['autologin'])
{
print_r($_GET); // Show the entire GET array. Hopefully all the data is here.
exit;
}
?>
And this shows the correct data.
OK.
Can you tell me what is the handler for the login form and what the login form looks like?
if (isset($_GET['autologin'])
{
print_r($_GET); // Show the entire GET array. Hopefully all the data is here.
exit;
}
?>
And this shows the correct data.
OK.
Can you tell me what is the handler for the login form and what the login form looks like?
ASKER
Sure, the handler for the login form is found at [http://joomla.org.in/doc/modules/mod_login.php.source.html]
text only version at :[http://joomla.org.in/doc/modules/mod_login.php.source.txt]
The Login form is live and can be found at [http://www.educationforliberty.com/altapps/index.php]
The index.php file calls the handler [mod_login.php] and then the mod_login module searches the database for credentials and displays appropriate HTML based on results.
text only version at :[http://joomla.org.in/doc/modules/mod_login.php.source.txt]
The Login form is live and can be found at [http://www.educationforliberty.com/altapps/index.php]
The index.php file calls the handler [mod_login.php] and then the mod_login module searches the database for credentials and displays appropriate HTML based on results.
Ok. This is sort of guess work.
As you are using $_GET for the username and ___PASSWORD___ (very very bad idea - but we'll go with it), you shouldn't be too worried about the $_POST array.
So populate it with the values you get from a normal login form.
<?php
$_POST = array
(
'username' => $_GET['username'],
'password' => $_GET['password'],
'remember' => 'yes',
'option' => 'login',
'submit' => _BUTTON_LOGIN, // I assume this is a constant defined in your code somewhere.
);
?>
So. This is like having filled in the data by the form and submitted.
Now all you need to do is call the login module as index.php does.
I assume it looks for $_POST['option'] and makes the appropriate call from there.
I would need to see index.php.
As you are using $_GET for the username and ___PASSWORD___ (very very bad idea - but we'll go with it), you shouldn't be too worried about the $_POST array.
So populate it with the values you get from a normal login form.
<?php
$_POST = array
(
'username' => $_GET['username'],
'password' => $_GET['password'],
'remember' => 'yes',
'option' => 'login',
'submit' => _BUTTON_LOGIN, // I assume this is a constant defined in your code somewhere.
);
?>
So. This is like having filled in the data by the form and submitted.
Now all you need to do is call the login module as index.php does.
I assume it looks for $_POST['option'] and makes the appropriate call from there.
I would need to see index.php.
ASKER
The source for the index.php is found at [http://joomla.org.in/doc/index.php.source.html]
with this code:
_________________
// Login output
// ie HTML when not logged in and trying to login
?>
<?php
// autologin if a user
if (isset($_GET['autologin'])
$_POST = array
(
'username' => $_GET['username'],
'password' => $_GET['password'],
'remember' => 'yes',
'option' => 'login',
'submit' => _BUTTON_LOGIN, // This is a constant defined in the code.
);
}
else {
//load default html to offer registration for user
// open else statement found in original
_________________
It looks like it is trying to log the user in, but does not do any authentication, and does not actually log a person in.
Click on this link:
[http://www.educationforliberty.com/altapps/index.php?username=registered_user_username&passwd=example&autologin=yes]
and you will see what I mean. The login form completely dissapears in HTML.
with this code:
_________________
// Login output
// ie HTML when not logged in and trying to login
?>
<?php
// autologin if a user
if (isset($_GET['autologin'])
$_POST = array
(
'username' => $_GET['username'],
'password' => $_GET['password'],
'remember' => 'yes',
'option' => 'login',
'submit' => _BUTTON_LOGIN, // This is a constant defined in the code.
);
}
else {
//load default html to offer registration for user
// open else statement found in original
_________________
It looks like it is trying to log the user in, but does not do any authentication, and does not actually log a person in.
Click on this link:
[http://www.educationforliberty.com/altapps/index.php?username=registered_user_username&passwd=example&autologin=yes]
and you will see what I mean. The login form completely dissapears in HTML.
ASKER
Normally if a user attempts to log in with incorrect credentials an alert pops up.
And if a user is correctly logged in, an alert does pop up that says, "you have sucessfully logged in."
This tells me that we are not authenticating.
And if a user is correctly logged in, an alert does pop up that says, "you have sucessfully logged in."
This tells me that we are not authenticating.
We haven't got that far yet.
What I'm wanting to make sure is that the data I fill in in a form is the same as I am going to send programatically.
In your index.php, just before line 53 ...
if (isset($_GET['autologin'])
{
$_POST = array
(
'username' => $_GET['username'],
'password' => $_GET['password'],
'remember' => 'yes',
'option' => 'login',
'submit' => _BUTTON_LOGIN, // This is a constant defined in the code.
);
$_GET['option'] = 'login';
}
What I'm wanting to make sure is that the data I fill in in a form is the same as I am going to send programatically.
In your index.php, just before line 53 ...
if (isset($_GET['autologin'])
{
$_POST = array
(
'username' => $_GET['username'],
'password' => $_GET['password'],
'remember' => 'yes',
'option' => 'login',
'submit' => _BUTTON_LOGIN, // This is a constant defined in the code.
);
$_GET['option'] = 'login';
}
ASKER
What I'm wanting to make sure is that the data I fill in in a form is the same as I am going to send programatically.
Good, we are on the same track, that is exactly what I am trying to do:]
I placed the above code into the index.php file just before line 53, and left that code in the mod_login.php file.
Good, we are on the same track, that is exactly what I am trying to do:]
I placed the above code into the index.php file just before line 53, and left that code in the mod_login.php file.
ASKER
I have attempted to do this with the javascript onLoad submit form function, but for some reason, the page needs to be manually refreshed before the automatic login is complete. It VERY slow and bulky - and not the completely automatic solution I was looking for.
Note that this is quite a dirry solution
Personally I would just drop this whole code at the very top of the index.php:
if (isset($_GET['autologin'])
$_POST = $_REQUEST = $_GET = array
(
'username' => $_GET['username'],
'password' => $_GET['password'],
'remember' => 'yes',
'option' => 'login',
'submit' => _BUTTON_LOGIN, // This is a constant defined in the code.
);
$_SERVER['REQUEST_METHOD']
}
-r-
Personally I would just drop this whole code at the very top of the index.php:
if (isset($_GET['autologin'])
$_POST = $_REQUEST = $_GET = array
(
'username' => $_GET['username'],
'password' => $_GET['password'],
'remember' => 'yes',
'option' => 'login',
'submit' => _BUTTON_LOGIN, // This is a constant defined in the code.
);
$_SERVER['REQUEST_METHOD']
}
-r-
ASKER
I placed the above code into the index.php file at the very top, removed it from line 53, and left RQuadling's code in the mod_login.php file.
It looks like it is trying to log the user in, but does not do any authentication, and does not actually log a person in.
Click on this link:
[http://www.educationforliberty.com/altapps/index.php?username=registered_user_username&passwd=example&autologin=yes]
and you will see what I mean. The login form completely dissapears in HTML.Normally if a user attempts to log in with incorrect credentials an alert pops up. And if a user is correctly logged in, an alert does pop up that says, "you have sucessfully logged in."
This tells me that we are not authenticating.
It looks like it is trying to log the user in, but does not do any authentication, and does not actually log a person in.
Click on this link:
[http://www.educationforliberty.com/altapps/index.php?username=registered_user_username&passwd=example&autologin=yes]
and you will see what I mean. The login form completely dissapears in HTML.Normally if a user attempts to log in with incorrect credentials an alert pops up. And if a user is correctly logged in, an alert does pop up that says, "you have sucessfully logged in."
This tells me that we are not authenticating.
The user login is handled somewhere else, as the alertboxes are not inside the code you reference.
As mentioned, I'm no yoomla specialist, and other than browsing through includes/yoomla.php there is little I can do.
-r-
As mentioned, I'm no yoomla specialist, and other than browsing through includes/yoomla.php there is little I can do.
-r-
ASKER
The user login altertboxes are handled on the index.php page. The authentication displays a defined message [aka constant].
see:
http://joomla.org.in/doc/_constants/_LOGIN_SUCCESS.html
so to answer your question, the login is handled on the index.php page and the original SQL lookup is found near the top of the mod_login.php page.
see:
http://joomla.org.in/doc/_constants/_LOGIN_SUCCESS.html
so to answer your question, the login is handled on the index.php page and the original SQL lookup is found near the top of the mod_login.php page.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ARGH!!!
ASKER
It seems to have authenticated, but now it is redirecting. Hold on while I check a few server settings. . .
ASKER
That worked RQuadling! Thank you SO much - you are amazing. I wish I could give you more points. I spent a week and a half trying to get this to work and you did it!
Actually, you didn't give me ANY points!
ASKER
i just sent you an email at spam_free_life acct about some free ice cream. . .
Ah. Whilst I have a spam_free_life Yahoo ID, I don't actually have a Yahoo email account. my EE id here @GMail.com
(Always like free stuff - free tvs, free money, free cars, etc).
(Always like free stuff - free tvs, free money, free cars, etc).
ASKER