[SOLVED] Passing username and password

This topic is locked

[SOLVED] Â Passing username and password	9/12/2005 4:46:36 PM
PHPRunner General questions
author I have able to develop my application using PHPRunner very quickly and efficiently. Great program! Now for the fine tuning. I am using PHPRunner to develop some Learning Plans for health professionals. These MySQL forms are part of a larger competency management site that uses Mambo/Joomla. My question is how do I pass on the username and password used by Mambo to enable seamless access (i.e., not having to enter these again) when they access their learning plan. I have figured out how to do it with a hardcoded username and password -- In login.php, replace all occurences of $_POST with $_REQUEST Then use http://...login.php?btnSubmit=Login&username=$user&password=$pass where $user and $pass are your actual username and password. I would assume that instead of using the actual username and password, you would use the appropriate variable names?? Also, what setting would I use in my security settings .... get user from database or ....? Again thanks for a great program! Russ

Mark as Solved Mark as not solved

16 replies


	admin 9/15/2005
	Hi, the recipe you found fits for both hardcoded and stored in database usernames and passwords. To integrate your PHPRunner app with Mambo server please do the following. On Securitytab in PHPRunner select Username and password from database. Select a table where Mambo stores passwords ( mos_users by default), username field - usernameand password field - password. Build the pages. Modify login.php file in PHPRunner outout folder this way: Find this snippet : `if(NeedQuotes(db_fieldtype($rstemp,$cPasswordField))) $strPassword="'".db_addslashes($strPassword)."'"; else $strPassword=(0+$strPassword); $strSQL = "select * from ".AddTableWrappers($cLoginTable)." where ".AddFieldWrappers($cUserNameField). "=".$strUsername." and ".AddFieldWrappers($cPasswordField). "=".$strPassword; $rs=db_query($strSQL,$conn);` and replace it with `if(NeedQuotes(db_fieldtype($rstemp,$cPasswordField))) $strPassword="'".db_addslashes(md5($strPassword))."'"; else $strPassword=(0+$strPassword); $strSQL = "select * from ".AddTableWrappers($cLoginTable)." where ".AddFieldWrappers($cUserNameField). "=".$strUsername." and ".AddFieldWrappers($cPasswordField). "=".$strPassword; $rs=db_query($strSQL,$conn);` After making this you should be able to login PHPRunner generated pages using Mambo usernames and passwords. Also you should be able to pass login and password directly to login.php using a workaround you found.


	501255 9/15/2005
	Thanks Sergey for the great program and wonderful support! Russ


W	wkorving01 11/3/2006
	Hi, Can anyone confirm that adding the md5 value to the login screen still works with version 3.1? I've changed my login screen but the translation of the password field isn't picked-up from the login screen. When I add the password string from the joomla database table ....users into the password field on the login screen I can login <img src='https://asprunner.com/forums/file.php?topicimage=1&fieldname=reply&id=12465&image=1&table=forumreplies' class='bbc_emoticon' alt=':(' /> Very strange, should I alter another value? Greetz, Wim


J	Jane 11/3/2006
	Hi, encryption password works in the PHPRinner 3.1. To encrypt password check on this option on the User login settings dialog on the Security tab. Please give me more detailed description of what you're doing and I'll help you.


W	wkorving01 11/4/2006
	Jane, Yep, it really works. <img src='https://asprunner.com/forums/file.php?topicimage=1&fieldname=reply&id=12501&image=1&table=forumreplies' class='bbc_emoticon' alt=':o' /> I tried to edit the login pages..... Thanks for your support. Wim.


K	kenlyle 4/25/2007
	Sorry, but I can't find the lines mentioned in login.php in 4.0 Beta. Have they changed or moved somewhere else? Is there some other trick for getting the md5 in the right place? Thanks, Ken


	rsawchuk 4/25/2007
	Ken, In the last few versions, you can do an MD5 encryption of passwords without having to alter the code. Simply go to the Security Page, Click on User Login Settings and then Check the Encrypt Password box. That is all there is to it. I use it all the time to get encrypted passwords from my Joomla databases. Hope this helps, Russ


K	kenlyle 4/25/2007
	Wow, right. I knew I'd seen that somewhere. Perfectly delivered and timely input. I very much appreciate it. Ken


	pplaut 5/28/2007
	Hi, I just need some clarification.... With PHP Runner 4.0 you do not need to modify the login script. You just need to check the Encryption box on the security tab? Is this correct? Also, it looks like there is still not a way to get users to NOT have to log in twice? Is this also correct? Thanks Peer


	pplaut 5/28/2007
	Hey, it seems to me that in the login.php you could set $strUsername = $(whatever the joomla id variable is) I think it is $username you could set $strPassword = $(whatever the joomla password variable is) possibly $password While this might not get rid of the login button, you could leverage this to your advantage by have a terms of agreement. Click Login to accept the terms of the agreement. Peer


K	kenlyle 1/14/2008
	I have Login working with Joomla 1.0.13 encrypted logins. The only downer seems to be that it breaks existing passwords somehow, unless I did something wacky, and the user has to use password recovery to get in to the PHPR app, then use Change to set it back: http://www.asprunner.com/forums/index.php?showtopic=3536 This may be because there were some kind of security changes in Joomla 1.0.13 Thanks, Ken


	rsawchuk 1/16/2008
	Ken, There were changes to the password system to Joomla 1.0.13 which affected third party programs. Here is a summary from the Joomla site: Improved Password Storage System Encryption and hashing technologies are constantly evolving as new processes become known and more time and energy is invested in breaking old systems. The unforunate result of this continuous evolution is that the md5 hashing system is showing its age and has become easier to break with the introduction and rapid development of high-quality rainbow tables. To combat this problem, Joomla! 1.0.13 now features salted hashes which will automatically pad a password string with 16 randomly generated characters to make the hash exponentially more difficult to reverse-engineer or guess. As users login to your Joomla! powered website, their passwords will be automatically converted from the old password storage system, to the new system. The transition should be completely transparent to both you and your users. However, there is no way to reverse this process so it is important that you take all precautions when performing this upgrade and make sure you have a complete database backup before beginning. Russ


K	kenlyle 1/19/2008
	Wow, Thanks! THATS why I am seeing what I am seeing....every time the user does a Change Password in the PHPR app, I can go to Joomla and Login just fine, but after I login to Joomla, the "16 randomly generated digits' or whatever. I am feeling kind of stuck. I guess I could create a nosalt_password field in jos_users, and move all of the MD5 (unsalted) <img src='https://asprunner.com/forums/file.php?topicimage=1&fieldname=reply&id=25007&image=1&table=forumreplies' class='bbc_emoticon' alt=':)' /> passwords there, then point the PHPR program to that? Do you have a better plan? I am using CiviCRM, and have generated an external interface to some of the backend tables to make them available to my PHPR frontend, which is working great, except for this password issue. So, if I can trim off the artificial 16 bits of the hash, can I use that as the password? Thanks! Ken P.S. I found that $strPassword=md5(left($strPassword,strlen($strPassword)-16)); for line 63 or so in login.php doesn't seem to work...


	rsawchuk 1/20/2008
	Ken, Nope, sorry I don't have a solution. For those Joomla sites where I want to use a common username and password, I did NOT upgrade from 1.0.12. I use Joomla 1.0.13 on sites where it does not require linking to other components. Russ


T	tparkiDevClub member 4/14/2008
	Ken, Nope, sorry I don't have a solution. For those Joomla sites where I want to use a common username and password, I did NOT upgrade from 1.0.12. I use Joomla 1.0.13 on sites where it does not require linking to other components. Russ Russ I'm looking for a strategy to link phpR and Joomla 1.5 and taking into account this thread I plan to encourage my users to have the same user id in both. Then once they are set up to have Joomla pass the id and phpR to fetch its version of the password from its table. Do you think this is workable? Tim


	rsawchuk 4/17/2008
	Tim, I'm sure that it is doable ... it is just a matter of getting the right coding in place. However, I don't have the knowledge or skills to do it easily. I am also ready to install several Joomla 1.5 sites. If I figure out anything, I will post it here. I hope others will do the same. Best of success, Russ

16 replies

Mark as Solved Reply