1
很抱歉,我无法找到与此Joomla相关的主题!版。在尝试了几个代码之后,我决定打开一个新的话题来问问你的专家。 :)Joomla! 2.5.19外部用户登录
我们正在使用基本身份验证检查脚本。在我们更新到Joomla后! 2.5.19,旧的md5方法不再有效。 PHP脚本如下:
session_start();
$db = mysql_connect("localhost", "root", "");
mysql_select_db("sql1",$db);
//Joomla user and pass check start
$sql = "SELECT * FROM j25_users WHERE username='".$_POST['user']."'";
$result = mysql_query($sql,$db);
$userdata = mysql_fetch_array($result);
list ($md5pass, $saltpass) = split (":", $userdata['password']);
$POSTPW = crypt ('xxgu952rjyiL', 'Xh2loHgxxi5ijuNbGI');
echo "<br><br>";
$joomlapw=$userdata[password];
echo "POST PW= $POSTPW
<br>
Joomla - PW = $joomlapw
<br>
salt = $saltpass
<br>
";
if(((md5($_POST['pa'].$saltpass))==$md5pass) and ($userdata['usertype']=="Super Administrator" or $userdata['usertype']=="Editor"))
{
echo "success!";
$jommlapruefung="success";
}
echo "<br>$_POST[user] und $_POST[pa]";
//Joomla user and pass check complete
$dom =str_replace("lager.","",$_SERVER["HTTP_HOST"]);
$_GET['getdir']=str_replace(chr(92),"",$_GET['getdir']);
$_GET['getdir']=str_replace("//","/",$_GET['getdir']);
$_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']);
$_GET['getdir']=str_replace(".","_",$_GET['getdir']);
if ($_GET['getdir']==NULL) $_GET['getdir']="/";
if (($_GET['getdir']=="") || ($_GET['getdir']=="/"))
{
if ($jommlapruefung!="success" & $_SESSION['best']!='gogo')
{
die("<FORM ACTION=index.php METHOD=POST>
Username: <INPUT TYPE=text NAME=user LENGTH=25 SIZE=25>
Password: <INPUT TYPE=password NAME=pa LENGTH=25 SIZE=25>
<input type='submit' name='submit' value='Submit'><br>
</FORM>");
}
}
if ($jommlapruefung="success")
{
$_SESSION['best'] = 'gogo';
}
if($_SESSION['best']='gogo')
{
// HERE COMES THE SCRIPT AFTER LOGIN!!
// ...
}
?>
此代码是几年前,并不是由我创建的。一些细节已被清除。 你知道如何将这个脚本从md5更新到bcrypt认证吗?我非常感谢你帮助我! :)
我不确定这个脚本真的在做什么,但你应该重写它!从第一个用POST参数执行sql的查询开始,但没有转义 –
谢谢!那部分将会被更新! – Fabian
你需要使用Joomla API来做到这一点,这种方式时,如果有变化你的代码仍然会工作。看看LDAP身份验证插件是如何工作的并执行类似的操作。 – Elin