Solved

Restricting access to PHP/CGI scripts to only registered users in Joomla

Posted on 2009-07-04
2
481 Views
Last Modified: 2012-05-07
I run Joomla CMS on my Apache server (WAMP) with User Registration feature enabled. This means visitors can register and have accounts on the web site. I can restrict access to specific articles/sections from Joomla itself. Using the "Custom HTML" module, I added an HTML form to the web site; this HTML form sends its parameters to a PHP file (I created) located in the server.

The customized HTML form is restricted to only registered users. However, that does not prevent non-registered users from running my PHP file (If they knew its name).

How can I restrict access to my own PHP/CGI files to only registered users? Does Joomla provide such feature?
0
Comment
Question by:ISDCCC
2 Comments
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
I am not sure if Joomla can do what you want all by itself, but it should be fairly easy to protect your action script.  Use a CAPTCHA image.  That way you will be able to know that anyone who access your PHP file came through your form and was human-enough to enter the CAPTCHA information correctly.

A good place to start is with ReCaptcha:
http://lmgtfy.com?q=ReCaptcha

Best regards, ~Ray
0
 
LVL 4

Accepted Solution

by:
stevepicks earned 500 total points
Comment Utility

<body>
<?php //cortecy of lleo for joomla 1.5
$user =& JFactory::getUser();?>
<?php if ($user->id > 1) : ?>

<!-- user IS logged in so deliver normal template
     Your normal template HTML here -->

<?php else : ?>
<!--  Visitor is NOT logged in so deliver the login page -->

<jdoc:include type="modules" name="user9" />

    <?php if ($option == 'com_user') : ?>
         <jdoc:include type="component" />
    <?php endif; ?>
<?php endif; ?>

</body>
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now