如何获得外部PHP脚本当前用户的Joomla [英] How to get current Joomla user with external PHP script

问题描述

我已经使用AJAX查询了几个PHP脚本，但我希望他们能够的Joomla的认证系统的框架下运作。是下面的安全吗？是否有任何不必要的行？

的Joomla-auth.php（位于同一目录的Joomla的的index.php）：

 ＆LT; PHP定义（'_JEXEC'，1）;
定义（'JPATH_BASE'，目录名（__ FILE__））;
定义（DS，DIRECTORY_SEPARATOR）;
require_once（JPATH_BASE .DS.'includes'.DS.'defines.php'）;
require_once（JPATH_BASE .DS.'includes'.DS.'framework.php'）;/ *创建应用程序* /
$主机=安培; JFactory :: getApplication（'网站'）;/ *确保我们在所有登录。 * /
如果（JFactory ::的getUser（） - 和SEQ ID == 0）
    死（拒绝访问：需要登录。）;？＆GT;
 

test.php的：

 ＆LT; PHP包括'的Joomla-auth.php';回声登录身份是'JFactory ::的getUser（） - 方式＆gt;。用户名'';/ *然后，我们进行访问的东西只有用户
   该名称的访问。 * /
？＆GT;
 

解决方案

虽然我没有看到在code这是不安全的事情，最好让你的AJAX / JSON调用一个标准的Joomla组件。有一个关于如何做到这一点这里的好文章： HTTP： //blog.syncleon.com/2009/05/ajax-ify-your-joomla-website.html 我也写关于JavaScript的是，Joomla，并在我的书的异步请求<一个href=\"http://www.packtpub.com/files/learning-joomla-1-5-extension-development-sample-chapter-8-using-javascript-effects.pdf\" rel=\"nofollow\">http://www.packtpub.com/files/learning-joomla-1-5-extension-development-sample-chapter-8-using-javascript-effects.pdf （请跳到第168页）。

从本质上讲，你做的是为您的AJAX调用的输出视图，然后创建一个view.xml.php（或view.json.php）文件，而不是一个view.html.php。当您添加＆放大器;格式= XML 您的请求URL的末尾，它将从view.xml.php而不是view.html.php

I have a couple PHP scripts used for AJAX queries, but I want them to be able to operate under the umbrella of Joomla's authentication system. Is the following safe? Are there any unnecessary lines?

joomla-auth.php (located in the same directory as Joomla's index.php):

<?php

define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(__FILE__));
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );

/* Create the Application */
$mainframe =& JFactory::getApplication('site');

/* Make sure we are logged in at all. */
if (JFactory::getUser()->id == 0)
    die("Access denied: login required.");

?>

test.php:

<?php

include 'joomla-auth.php';

echo 'Logged in as "' . JFactory::getUser()->username . '"';

/* We then proceed to access things only the user
   of that name has access to. */
?>

解决方案

While I don't see anything in the code that's unsafe, it's best to make your AJAX/JSON calls to a standard Joomla component. There's a good article on how to do this here: http://blog.syncleon.com/2009/05/ajax-ify-your-joomla-website.html I've also written about JavaScript, Joomla, and asynchronous requests in my book http://www.packtpub.com/files/learning-joomla-1-5-extension-development-sample-chapter-8-using-javascript-effects.pdf (skip down to page 168).

Essentially, what you do is create a view for the output of your AJAX call, then create a view.xml.php (or view.json.php) file instead of a view.html.php. When you add &format=xml to the end of your request URL, it will pull from view.xml.php instead of view.html.php.

这篇关于如何获得外部PHP脚本当前用户的Joomla的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！