Autologin from within Joomla

This topic is locked

Autologin from within Joomla	5/8/2009 5:26:11 PM
PHPRunner Tips and Tricks
rsawchuk author I run several websites for health professionals using Joomla for core information management. I create other components using PHPRunner. In order the use the Joomla websites, all users need to be registered (by their organizations) and be logged in to access and use most of the components. For the last 3 years or so, I have been looking for a way to have users that are logged in to Joomla to be automatically logged in when they go to the PHPRunner component. I have tried numerous times (with the assistance of these and the Joomla forums) to find a solution but haven't been successful. Users have to login again to use the PHPRunner created programs. Today, I believe I finally found a solution! On the Joomla side, I use this code to pass on the (login) variables to PHPRunner: `<?php // No direct access defined('_VALID_MOS') or die('Restricted access'); global $mainframe, $my; $username = $my->username; $userid = $my->id; print "<a href='http://www.websitename.com/daplans4/login.php?username=$username&userid=$userid'>Click Here to get your Learning Plan</a>"; ?>` You cannot enter PHP code directly in Joomla so I use a mambot called RD ADD PHP to create a link to the above file which I upload to the website. On the receiving end, I use this code that is entered in the PHPRunner program at Global Events -->Login Page -->Login Page: Before Process //******** Custom code ********** // put your custom code here global $conn; if (@$_REQUEST["username"] && @$_REQUEST["userid"]) { $rs = db_query("select * from jos_session where username='".$_REQUEST["username"]."' and userid='".$_REQUEST["userid"]."'",$conn); if ($data = db_fetch_array($rs)) { //fill session variables here and redirect to the list page $_SESSION["UserID"] = $_REQUEST["username"]; $_SESSION["AccessLevel"] = ACCESS_LEVEL_USER; $_SESSION["_das_plans_OwnerID"] = $_REQUEST["username"]; header("Location: das_plans_list.php"); exit(); } } Replace "das_plans" with your table name. Notice that I use jos_session table instead of jos_users; I believe that this is more secure since the person has to be logged into Joomla for this to work. The userid is just for extra security since it is unlikely anyone would know what it is. I spent hours trying to use password or session_id, but was NOT able to get this to work. The session variables are set so that members can only see and edit their own data. I am using Joomla 1.0 so am not sure whether this should work with 1.5 although I don't see why not. It works for me so hopefully this will save others some time in implementing autologins from Joomla to PHPRunner developed programs. Russ

Mark as Solved Mark as not solved

6 replies


	Sergey Kornilov admin 5/9/2009
	Russ, thank you for sharing! Could you clarify what you trying to do with Joomla passwords? According to the following threads Joomla password system is quite straightforward. Joomla 1.0.x http://forum.joomla.org/viewtopic.php?f=267&t=284787 Joomla 1.5.x http://forum.joomla.org/viewtopic.php?f=47&t=285115


	rsawchuk author 5/14/2009
	Sergey, What I was trying to do initially was to pass on the username and password through an url link from Joomla to the PHPRunner login script. I can get the login to work if I hardcode the username and MD5 password. However, no matter what I tried, I could NOT figure out how to get Joomla to read the password and pass it on via the link. I always got username=12345&password= After searching the Joomla forums, I couldn't find anyone else who was successful in passing on username and password to another script. The suggested solutions were to use some sort of token system. I surmise that the problem is related to two factors: 1) security features in Joomla as it is NOT recommended to pass on passwords via links; 2) the encryption features regarding the Joomla password. My solution works for me, and I like it because the autologin only works if you are already logged into Joomla. I discovered that if I knew the username and password (encrypted), I could access anyone's records by just typing in the url into the browser. Although the actual risk is small, I feel my approach is a little more secure. I currently have a dozen applications that where I need to incorporate the autologin from Joomla to PHPRunner. However, if there are simpler, more effective solutions, I would certainly like to hear about them. Russ


K	kenlyle 6/12/2009
	Could you clarify what you trying to do with Joomla passwords? According to the following threads Joomla password system is quite straightforward. Joomla 1.0.x http://forum.joomla.org/viewtopic.php?f=267&t=284787 Joomla 1.5.x http://forum.joomla.org/viewtopic.php?f=47&t=285115 Sergey, It's not trivial apparently, to unravel the encryption that Joomla puts on passwords, which is a good thing. I had a programmer write me a solution like Russ's which allowed login using Joomla accounts to a simple PHPR application that ran against the CiviCRM database tables, for the purpose of coordinating activity of political activists trying to influence legislation. My impression was that it took some doing, but I am not a coder... It also just occurred to me that Joomla has extensions for OpenID, etc., so that might, effectively, give the PHPR application access to OpenID, LDAP, etc. for authentication. When you ask "what you trying to do with Joomla passwords?", it's very relevant for people who run Joomla! sites to be able to build PHP applications which appear to be part of the same site, and sharing a login is a big step in the right direction. I am imagining that it would be very helpful to Content Management System and PHPR users to have a series of "adapters" for presenting and coordinating PHPR applications in Joomla, Drupal, etc. I am looking forward to checking out Russ's work. Best, K


	rsawchuk author 6/12/2009
	A further update (yes, it can be done) ... Here is the code to pass on the username from within Joomla 1.5: `<?php $user =& JFactory::getUser(); $username = $user->username; echo "<a href='http://www.mydomain.org/anxtests/login.php?username=$username'>Polar Bear Suppression Inventory</a>"; ?>` Of course you need to use your own domain name, directory and text. You will also need an addon such as Jumi to insert this code into your Joomla pages and to prevent the editor from stripping out the code. I hope this will save someone some time and money. Russ


	rsawchuk author 8/16/2012
	I needed to update a bunch of Joomla 1.0 sites to the latest Joomla 2.5.6. Each of these sites have two critical PHPRunner applications which also had to be updated to PHPR 6.1. Once the user is logged into Joomla, they need to be automatically logged into the PHPR application when they click a link. Here is the code to get the auto login from Joomla 2.5.6 to work with PHPRunner 6.1. First enter the following into the Joomla page where you want to create the link to the PHPR application. You normally cannot add PHP code directly on a Joomla page. However, if you install the DirectPHP plugin, then you can just paste the code into any Joomla page. `<?php $user =& JFactory::getUser(); $username = $user->username; $userid = $user->id; echo "<a href='http://www.mydomain.com/xltplans/login.php?username=$username&userid=$userid'>My Learning Plans</a>"; ?>` This gets the username and userid from the registered user and passes it along to the PHPRunner application. In order for the PHPRunner application to receive the variables and get the right records, add the following script using Events on the Login page: Before process global $conn; if (@$_REQUEST["username"] && @$_REQUEST["userid"]) { $rs = db_query("select * from xray_session where username='".$_REQUEST["username"]."' and userid='".$_REQUEST["userid"]."'",$conn); if ($data = db_fetch_array($rs)) { //fill session variables here and redirect to the list page $_SESSION["UserID"] = $data["username"]; $_SESSION["UserName"] = $_SESSION["UserID"]; $_SESSION["AccessLevel"] = ACCESS_LEVEL_USER; $_SESSION["_acxt_plans_OwnerID"] = $_REQUEST["username"]; header("Location: acxt_plans_list.php"); exit(); } } Change "xray-session" to your correct database prefix; change "_acxt_plans_OwerID" and "acxt_plans_list.php" to suit your application. I wasted several days to get this to work (mostly due to my own carelessness). Thanks to Sergey to helping me fix it. Hopefully, this will save you some time if you wish to auto login into PHPRunner 6.1 from within Joomla 2.5.6 Russ


	Sergey Kornilov admin 8/17/2012
	Russ, just wanted to add that passing username and userid via URL may not be secure enough. Someone can guess username and userid and find a working combination. You may want to switch to passing Joomla session ID via URL. The original post shows both how to find Joomla's session ID and how to validate it in PHPRunner event.

6 replies

Mark as Solved Reply