注册Joomla 3.2.1用户并将其登录的PHP代码

Question

我的第一个问题是:如何以编程方式注册Joomla 3.2.1以前版本的Joomla MD5加密的用户：

$username="John";
$password="pass";
$password=md5($password);
$ukaz="INSERT INTO joomla_users (username,password,email) VALUES ('".$username."','".$password."','".$email."')";
mysqli_query($con,$ukaz);

但在joomla 3.2.1中，使用了bcrypt加密，这也使用了"salt"，每次都会更改。这就是我不明白的事。

为了在joomla的早期版本中检查用户凭据，我将使用：

$username="John";
$password="pass";
$password=md5($password);
$result = mysqli_query($con,"SELECT * FROM joomla_users WHERE username LIKE '".$username."' AND password LIKE '".$password."'");


$output;
$suma = $result->num_rows; 

if($suma==0)
{
$result2 = mysqli_query($con,"SELECT * FROM joomla_users WHERE username LIKE '".$username."'");
$suma2 = $result2->num_rows; 

  if($suma2==1)
  {
   $output="WRONG_PASSWORD";
  }
  else
  {
  $output="USER_DOES_NOT_EXISTS";
  }
}
 else
{
$output="OK";
}

请帮我解决这个问题。

Answer 1

多亏了你们大家的回答，我终于解决了这个问题。

但我还有一个问题:如何向用户发送激活电子邮件？

这是注册代码：

<?php
define( '_JEXEC', 1 );
define('JPATH_BASE', "/home/gddregop/public_html" );//this is when we are in the root
define( 'DS', DIRECTORY_SEPARATOR );

require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );

$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();   
ini_set('default_charset', 'utf-8');
include('database_settings.php');

$username=$_POST["username"];
$password=$_POST["password"];
$email=$_POST["email"];    

$salt = JUserHelper::genRandomPassword(32);
$crypt = md5($password.$salt);
$password = $crypt.':'.$salt;
$con=mysqli_connect("localhost",$username_baza_joomla,$password_baza_joomla,$database_baza_joomla);
mysqli_set_charset($con,"utf8");

$SQL1 = "SELECT * FROM joomla_users WHERE username LIKE ?";

if ($stmt = $con->prepare($SQL1)) {

$stmt->bind_param("s", $username);
$stmt->execute();    
$stmt->store_result();     
$vsota = $stmt->num_rows;
}  

 $vrnjeno;


if($vsota==0)
{
$SQL2 = "SELECT * FROM joomla_users WHERE email LIKE ?";
   if ($stmt2 = $con->prepare($SQL2)) {

$stmt2->bind_param("s", $email);
$stmt2->execute();    
$stmt2->store_result();     
$vsota2 = $stmt2->num_rows;
}            

  if($vsota2==0)
  {
   $vrnjeno="OK";
  }
  else
  {
  $vrnjeno="EMAIL_EXISTS";
  }
 }
else
{
$vrnjeno="USERNAME_EXISTS";
}
echo $vrnjeno;
if($vrnjeno=="OK")
{
$data = array(
'name'=>'name',
'username'=>$username,
'password'=>$password,
'email'=>$email,
'sendEmail'=>1,  
"groups"=>array("2"),
'block'=>1,);

 $user = new JUser;

try{
$user->bind($data);
$user->save();
}catch(Exception $e){
var_dump($e->getMessage());
}

}
mysqli_close($con);    

?>

这是登录代码(检查用户凭据)：

<?php
define( '_JEXEC', 1 );
define('JPATH_BASE', "/home/grdddegap/public_html" );//this is when we are not in the root
define( 'DS', DIRECTORY_SEPARATOR );

require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );

$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();        

$username=$_POST["username"];
$password=$_POST["password"];
ini_set('default_charset', 'utf-8');
include('nastavitve.php');
if (!empty($username))
{
 $con=mysqli_connect("localhost",$username_baza_joomla,$password_baza_joomla,$database_baza_joomla);
mysqli_set_charset($con,"utf8");

$SQL = "SELECT name,email,password,block FROM joomla_users WHERE username LIKE ?";

if ($stmt = $con->prepare($SQL)) {

$stmt->bind_param("s", $username);
$stmt->execute();    
$stmt->store_result();     
$vsota = $stmt->num_rows;

  if($vsota==1)
  {

    $stmt->bind_result($name, $email, $password_baza,$block); 
   $stmt->fetch();

    if((JUserHelper::verifyPassword($password, $password_baza, $user_id = 0)==1))
     {

        if($block==1)
        {
        $vrnjeno="EMAIL_VALIDATION";          
        }
        else
        {
        $vrnjeno="OK";
        }
     }
     else
     {
     $vrnjeno="WRONG_PASSWORD";
     }  


     }

  else
  {
  $vrnjeno="USER_DOES_NOT_EXISTS";
  }


echo $vrnjeno;
}
else
{
echo "SQL INJECTION";
}
}
else
{
echo "STOP THIS YOU HECKER";
}
$mainframe->close();   
mysqli_close($con); 

?>

Answer 2

试试这个：

$password = 'password';
$salt   = JUserHelper::genRandomPassword(32);
$crypted  = JUserHelper::getCryptedPassword($password, $salt);
$cpassword = $crypted.':'.$salt;

$data = array(
'name'=>'name',
'username'=>'username',
'password'=>$cpassword,
'email'=>'email@email.com',
'block'=>0,);

$user = new JUser;

try{
  $user->bind($data);
  $user->save();
}catch(Exception $e){
    var_dump($e->getMessage());
}

Answer 3

现在，我再次阅读了您的代码，我认为您的脚本与joomla框架没有连接。如果是这样的话，您可以尝试如下：

<?php
include 'libraries/phpass/PasswordHash.php';
$phpass = new PasswordHash(10, true);
$passwordHash = $phpass->HashPassword($password);

这将为您提供一个散列密码，但您需要访问joomla phpass lib。

此外，您在那里所做的工作也让您对SQL注入开放，。请试着花时间阅读有关mysqli和准备好的声明。此外，如果需要验证用户登录，则需要使用该用户名查询用户，如果存在行，请获取并使用以下内容：

<?php 
<?php
include 'libraries/phpass/PasswordHash.php';
$phpass = new PasswordHash(10, true);
if($phpass->VerifyPassword($userInputPassword, $hashFromDb)){
    // Password ok
}else{
    // Wrong password
}