Authenticating Against the Joomla Users Table[Permalink]
Note: This article applies to Joomla! 2.5.17 and earlier. For version 2.5.18 and higher, see this note
Xataface is able to use the joomla users table to authenticate against so that, you can allow your users to log into your Xataface application using the same credentials as they use to access your joomla website. Achieving this level of integration requires 2 simple steps : 1 - Set up the [_auth] section of your conf.ini file to reference the joomla users table and the correct username and password columns. 2 - Create a delegate class for the joomla users table to be able to decrypt the password set in the table. Configure the conf.ini fileJoomla users table is named jos_users. So you have to declare this table in the conf.ini file.
Note that username_column and password_column are very simple...
Create a delegate class for your users tableNow we have to create a delegate class for the users table to decrypt the passwords set in joomla. Joomla uses a custom md5 encryption.Joomla encryptionWhen a user is setting a password in joomla, the system does several things : 1 - generate a random key containing alphanumeric characters example :
2 - concate the clear entered password with the random key example :
3 - doing a md5 encryption on the result string example :
4 - concate the md5 string with the random key separated by ":" example :
So it's a great encryption but xataface doesn't know how to do that. Here is the utility of the delegate class. We will define a function inside which could compare the entered password in xataface with the joomla stored password.
Creating the delegate class1 - Add a jos_users directory in your directory table 2 - Create a jos_users.php file inside this new directoryCreating the decrypt password functionBefore posting this code, I would like to thank fantomasdm who created this function. So here is the code of the function to paste directly in the jos_users delegate class :
Save your file and test the result. Enjoy ! ;-) Edit: Joomla 2.5.18 and higherAnyone using Joomla ver 2.5 and the Joomla users table for authentication in to their Xataface app needs to be aware that the Joomla password hashing changed as of version 2.5.18. This also brought 2.5.x in line with the latest Joomla version 3.x (so the following also applies for version 3.x). Essentially, Joomla now uses PHPass to replace the bespoke hashing routine used before. This means the routine above is probably redundant for you if you've installed all the recommended (security) updates. One problem you may encounter is that existing users' passwords are converted upon logging-in, however if you have users that access your Xataface app directly, they may not have had their password converted whereas others will. This means that you need a routine that handles both old and new formats. Thankfully, the new routine uses a prefixed identifier to flag it as a PHPass hash. The following is a sample users table delegate class that should work with a Joomla! Users table and deal both types of password hash. Adapted from https://groups.google.com/d/msg/xataface/8DlkolDYkR4/RCuZxX91qFwJ?
blog comments powered by Disqus
|