How to Log into Joomla Through an External Script

How to log into joomla through an external script?

<?php
//http://domain.com/script/script.php?username=username&passwd=password

define( '_JEXEC', 1 );
define('JPATH_BASE', '../' );
define( 'DS', DIRECTORY_SEPARATOR );
require_once('../configuration.php');
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
require_once ( JPATH_BASE .DS.'libraries'.DS.'joomla'.DS.'factory.php' );

/* Create the Application */
$mainframe =& JFactory::getApplication('site');
jimport('joomla.plugin.helper');

$credentials = array();
$credentials['username'] = JRequest::getVar('username', '', 'method', 'username');
$credentials['password'] = JRequest::getVar('passwd', '', 'method', 'passwd');

//perform the login action
$error = $mainframe->login($credentials);
$user = JFactory::getUser();
//now you are logged in

$mainframe->logout();
//now you are logged out

logging in to Joomla from external script

I ended up using the AutoLogin-extension which did the job. Not as "elegant" as I wanted it to be (because it requires installation of that plugin), but hey, it works! :-)

How to get current Joomla user with external PHP script

While I don't see anything in the code that's unsafe, it's best to make your AJAX/JSON calls to a standard Joomla component. There's a good article on how to do this here: http://blog.syncleon.com/2009/05/ajax-ify-your-joomla-website.html I've also written about JavaScript, Joomla, and asynchronous requests in my book http://www.packtpub.com/files/learning-joomla-1-5-extension-development-sample-chapter-8-using-javascript-effects.pdf (skip down to page 168).

Essentially, what you do is create a view for the output of your AJAX call, then create a view.xml.php (or view.json.php) file instead of a view.html.php. When you add &format=xml to the end of your request URL, it will pull from view.xml.php instead of view.html.php.

Joomla 3 authentication to get access to external app in PHP

Finally I could get what I wanted.
I kept the first half of the script :

<?php
/**
 * Joomla! External authentication script
 *
 * @author vdespa
 * Version 1.0
 *
 * Code adapted from /index.php
 *
 * @package    Joomla.Site
 *
 * @copyright  Copyright (C) 2005 - 2014 Open Source Matters, Inc. All rights reserved.
 * @license    GNU General Public License version 2 or later; see LICENSE.txt
 */
if (version_compare(PHP_VERSION, '5.3.1', '<'))
{
    die('Your host needs to use PHP 5.3.1 or higher to run this version of Joomla!');
}
/**
 * Constant that is checked in included files to prevent direct access.
 * define() is used in the installation folder rather than "const" to not error for PHP 5.2 and lower
 */
define('_JEXEC', 1);
if (file_exists(__DIR__ . '/defines.php'))
{
    include_once __DIR__ . '/defines.php';
}
if (!defined('_JDEFINES'))
{
    define('JPATH_BASE', __DIR__);
    require_once JPATH_BASE . '/includes/defines.php';
}
require_once JPATH_BASE . '/includes/framework.php';
// Instantiate the application.
$app = JFactory::getApplication('site');
?>

and recover the user ID JFactory::getUser()->id in my app. Then I just had to create my variables from this ID $_userID = JFactory::getUser()->id.

Logging In To Joomla 1.5 Using External Form (not within joomla folder, but on same server)

Ok, in order for this to work here is what needs to be done -

1. Create a new session and get the associated token
2. Pass the username, password, and token to create a logged in session
3. Get the new cookie values for logged in session
4. Transfer cookie to the browser

Here is the code needed to accomplish all of this:

<?php
$uname = $_POST['username'];
$upswd = $_POST['password'];
$url = "http://joomla website.com";

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url );
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE );
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE );
curl_setopt($ch, CURLOPT_COOKIESESSION, TRUE );
curl_setopt($ch, CURLOPT_COOKIEJAR, realpath('./cookie.txt'));
curl_setopt($ch, CURLOPT_COOKIEFILE, realpath('./cookie.txt'));
curl_setopt($ch, CURLOPT_HEADER, TRUE );
$ret = curl_exec($ch);
if (!preg_match('/name="([a-zA-z0-9]{32})"/', $ret, $spoof)) {
    preg_match("/name='([a-zA-z0-9]{32})'/", $ret, $spoof);
}

// POST fields
$postfields = array();
$postfields['username'] = urlencode($uname);
$postfields['passwd'] = urlencode($upswd);
$postfields['option'] = 'com_user';
$postfields['task'] = 'login';
$postfields[$spoof[1]] = '1';
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
$ret = curl_exec($ch);

// Get logged in cookie and pass it to the browser
preg_match('/^Set-Cookie: (.*?);/m', $ret, $m);
$cookie=explode('=',$m[1]);
setcookie($cookie[0], $cookie[1]);
?>

This should work on any Joomla website as long as the URL used in the script has a login form on the page. Once you run this script you should then be able to access the website and be logged in.

Joomla 2.5 Get User Data from External Script

Taken from
http://docs.joomla.org/How_to_access_session_variables_set_by_an_external_script

Solution: Replace session_start(); in your external script with

define( '_JEXEC', 1 );
define( 'JPATH_BASE', realpath(dirname(__FILE__).'/../..' ));
define( 'DS', DIRECTORY_SEPARATOR );

require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();

Be sure to change JPATH_BASE to suit your directory structure.

Replace the $_SESSION[ 'name' ] = "value"; in your external script with

$session =& JFactory::getSession();
$session->set('name', "value");
Now you can retrieve this session variable using:

$session =& JFactory::getSession();
echo $session->get('name');

---

Related Topics