Why?
I'm building a Joomla component which is to be compatible with Joomla versions 1.6.x to 2.5.x. Because I use dynamic scripts running in the background (mootools), some of these need to connect to the database but as they sit outside of the MVC structure, we need them to use the existing configuration file in order to retrieve the credentials (ie. username, password, database, etc.). For obvious reasons, these cannot be hardcoded.
What?
Any developer installing my component will do so on a website which uses different login details for their Joomla database. The example below demonstrates how to get these details and extract data from the database.
How?
Based on a script I found on StackOverflow. Not sure what version they were using so I modified it to make this work with my environment (Joomla 2.5.6). This is a cut down version of my download.php script:
bool correctPass = CryptSharp.PhpassCrypter.CheckPassword(passwordPlain, joomlaPassword);
- bool correctPass = CryptSharp.PhpassCrypter.CheckPassword(passwordPlain, joomlaPassword);
Additional
I'm pretty sure you don't need all the require files and my solution may be crude, but this script works perfectly for what I had in mind.
Important!
There are a few concealed features of this script that I haven't made a song and dance about but are noteworthy:
- The only anti-code injection facility in this example is the "mysqli_real_escape_string" function applied to a number. You will need to be more vigilent.
- Variables are all cleared and redefined. To pass a value to this script you have to use the $_GET, $_POST or $_SESSION methods. Or redeclare it after the above.
- MYSQLI_USE_RESULT allows these results to be used once, remove it if you need counts or to use the data later on.
Further Post-Joomla 2.5 aides
- Validating a login was MD5(password+salt) but is expected to be (not tested)
bool correctPass = CryptSharp.PhpassCrypter.CheckPassword(passwordPlain, joomlaPassword);