1
很抱歉,我無法找到與此Joomla相關的主題!版。在嘗試了幾個代碼之後,我決定打開一個新的話題來問問你的專家。 :)Joomla! 2.5.19外部用戶登錄
我們正在使用基本身份驗證檢查腳本。在我們更新到Joomla後! 2.5.19,舊的md5方法不再有效。 PHP腳本如下:
session_start();
$db = mysql_connect("localhost", "root", "");
mysql_select_db("sql1",$db);
//Joomla user and pass check start
$sql = "SELECT * FROM j25_users WHERE username='".$_POST['user']."'";
$result = mysql_query($sql,$db);
$userdata = mysql_fetch_array($result);
list ($md5pass, $saltpass) = split (":", $userdata['password']);
$POSTPW = crypt ('xxgu952rjyiL', 'Xh2loHgxxi5ijuNbGI');
echo "<br><br>";
$joomlapw=$userdata[password];
echo "POST PW= $POSTPW
<br>
Joomla - PW = $joomlapw
<br>
salt = $saltpass
<br>
";
if(((md5($_POST['pa'].$saltpass))==$md5pass) and ($userdata['usertype']=="Super Administrator" or $userdata['usertype']=="Editor"))
{
echo "success!";
$jommlapruefung="success";
}
echo "<br>$_POST[user] und $_POST[pa]";
//Joomla user and pass check complete
$dom =str_replace("lager.","",$_SERVER["HTTP_HOST"]);
$_GET['getdir']=str_replace(chr(92),"",$_GET['getdir']);
$_GET['getdir']=str_replace("//","/",$_GET['getdir']);
$_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']); $_GET['getdir']=str_replace("//","/",$_GET['getdir']);
$_GET['getdir']=str_replace(".","_",$_GET['getdir']);
if ($_GET['getdir']==NULL) $_GET['getdir']="/";
if (($_GET['getdir']=="") || ($_GET['getdir']=="/"))
{
if ($jommlapruefung!="success" & $_SESSION['best']!='gogo')
{
die("<FORM ACTION=index.php METHOD=POST>
Username: <INPUT TYPE=text NAME=user LENGTH=25 SIZE=25>
Password: <INPUT TYPE=password NAME=pa LENGTH=25 SIZE=25>
<input type='submit' name='submit' value='Submit'><br>
</FORM>");
}
}
if ($jommlapruefung="success")
{
$_SESSION['best'] = 'gogo';
}
if($_SESSION['best']='gogo')
{
// HERE COMES THE SCRIPT AFTER LOGIN!!
// ...
}
?>
此代碼是幾年前,並不是由我創建的。一些細節已被清除。 你知道如何將這個腳本從md5更新到bcrypt認證嗎?我非常感謝你幫助我! :)
我不確定這個腳本真的在做什麼,但你應該重寫它!從第一個用POST參數執行sql的查詢開始,但沒有轉義 –
謝謝!那部分將會被更新! – Fabian
你需要使用Joomla API來做到這一點,這種方式時,如果有變化你的代碼仍然會工作。看看LDAP身份驗證插件是如何工作的並執行類似的操作。 – Elin