I am building a form for my module and the final step is to pass a captcha check for security. I have downloaded the latest version of securimage. The captcha displays correctly and new captchas can be generated. However, after the form is posted, the advised technique on checking that the captcha was entered correctly never returns true.
index.php:
<form method="post" action="tmpl/form/contact.php" name="contactform" id="contactform">
<img id="captcha" src="securimage/securimage_show.php" alt="CAPTCHA Image" />
<a style="text-decoration: none; font-size: 10px; margin-top: -10px; " href="#" onclick="document.getElementById('captcha').src = '/securimage/securimage_show.php?' + Math.random(); return false">Refresh</a>
/**input here **/ name="captcha_code"
contact.php:
define( '_JEXEC', 1 )`;
define( 'JPATH_BASE', realpath(dirname(__FILE__))."/../../../..");
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
$mainframe = JFactory::getApplication('site');
$mainframe->initialise();
$user = JFactory::getUser();
$session = JFactory::getSession();
jimport( 'joomla.application.module.helper' );
$db = JFactory::getDBO();
$db->setQuery("SELECT params FROM #__modules WHERE module = 'module'");
$module = $db->loadObject();
$moduleParams = new JRegistry();
$moduleParams->loadString($module->params);
include_once $_SERVER['DOCUMENT_ROOT'] . 'securimage/securimage.php';
$securimage = new Securimage();
if ($securimage->check($_POST['captcha_code']) == false) {
echo '<div class="error_message">' . $errorcaptchainvalid . '</div>';
exit;
}
After searching for what the problem might be, I found this possibility from http://www.phpcaptcha.org/faq/:
If the variable names are the same this may be due to a problem with
the PHP session that is used to keep track of the user and what their
code is. It is possible that the session was not started or more
likely that the session name being used in securimage_show.php differs
from the session name used in the script that does the code
validation. It is common for other software platforms (forums, content
management systems, form processors etc.) to use a session name other
than the PHP default. If this is the case, you must determine what
session name is used by the software and use the same session name in
securimage_show.php and securimage_play.php.
A non-default session name can be passed to Securimage so it can share
a session with another software platform with the following code:
$img->session_name = 'your_session_name';
This would explain why I'm having no luck with my captcha. I have tried editing the above files but I don't know how sessions are set up in Joomla! or how to get around this problem. Is the problem likely to be the session variables?
securimage_show.php:
require_once dirname(__FILE__) . '/securimage.php';
$img = new Securimage();
if (!empty($_GET['namespace'])) $img->setNamespace($_GET['namespace']);
$img->show();
securimage_play.php
require_once dirname(__FILE__) . '/securimage.php';
$options = array(
'use_database' => true,
'database_name' => '',
'database_user' => '',
'database_driver' => Securimage::SI_DRIVER_MYSQL
);
$img = new Securimage();
if (!empty($_GET['namespace'])) $img->setNamespace($_GET['namespace']);
$img->outputAudioFile();
Your halfway there - the problem is the way Joomla handles sessions. Instead of placing the form in an article, try embedding form through an iframe and it should work fine.
Related
** My problem is I cant login with facebook using facebook php sdk v4 to my website through domain but when I try it on my localhost it works perfectly fine. What could be the problem?**
This is my index.php
<?php include'facebook/fbconnect.php';?>
<?php
require 'connection/connect.inc.php';
require 'connection/core.inc.php';
if(isset($_GET['username'])&&isset($_GET['password'])){
$user=$_GET['username'];
$pass=$_GET['password'];
$query="select Acc_Id from account where Acc_Status_Id=1 and BINARY Acc_Domain_Id=4 and Acc_Username='".$user."' and BINARY Acc_Password='".$pass."' and Acc_Type_Id=1";
if($query_run=mysql_query($query)or die(mysql_error())){
$mysql_rows=mysql_num_rows($query_run);
if($mysql_rows==1){
$user_id = mysql_result($query_run, 0, 'Acc_Id');
$_SESSION['acc_id']=$user_id;
header('Location:index.php');
}else{
?>
<script type="text/javascript">
alert("Invalid Data !");
history.back();
</script>
<?php
}
}
}
use Facebook\FacebookSession;
use Facebook\FacebookRedirectLoginHelper;
use Facebook\FacebookRequest;
use Facebook\FacebookResponse;
use Facebook\FacebookSDKException;
use Facebook\FacebookRequestException;
use Facebook\FacebookAuthorizationException;
use Facebook\GraphObject;
use Facebook\GraphUser;
use Facebook\GraphSessionInfo;
use Facebook\FacebookHttpable;
use Facebook\FacebookCurlHttpClient;
use Facebook\FacebookCurl;
if(isset($sess)){
//store the token in the php session
$_SESSION['fb_token']=$sess->getToken();
//create request object,execute and capture response
$request = new FacebookRequest($sess,'GET','/me');
// from response get graph object
$response = $request->execute();
$graph = $response->getGraphObject(GraphUser::classname());
// use graph object methods to get user details
$name = $graph->getName();
$id = $graph->getId();
$image = 'https://graph.facebook.com/'.$id.'/picture?width=300';
$email = $graph->getProperty('email');
//db check for fb.
$query="select Acc_Id from account where Acc_Status_Id=1 and BINARY Acc_Domain_Id=1 and Acc_Username='$id' and Acc_Type_Id=1";
if($query_run1=mysql_query($query)or die(mysql_error())){
$mysql_rows1=mysql_num_rows($query_run1);
if($mysql_rows1==1){
$user_id1 = mysql_result($query_run1, 0, 'Acc_Id');
$_SESSION['acc_id']=$user_id1;
}else{
$ins="insert into account (Acc_Username,Acc_Name,Acc_Email,Acc_Type_Id,Acc_Status_Id,Acc_Domain_Id)values('$id','$name','$email',1,1,1)";
//echo $ins;
mysql_query($ins)or die(mysql_error());
$user_id = mysql_insert_id();
$_SESSION['acc_id']=$user_id;
}
}
include 'home_1.php';
}else{
if(loggedin()){
include 'home_1.php';
}else{
include 'home_1G.php';
}
}
?>
This is my fbconnect.php
<?php
require_once( 'lib/Facebook/FacebookSession.php');
require_once( 'lib/Facebook/FacebookRequest.php' );
require_once( 'lib/Facebook/FacebookResponse.php' );
require_once( 'lib/Facebook/FacebookSDKException.php' );
require_once( 'lib/Facebook/FacebookRequestException.php' );
require_once( 'lib/Facebook/FacebookRedirectLoginHelper.php');
require_once( 'lib/Facebook/FacebookAuthorizationException.php' );
require_once( 'lib/Facebook/GraphObject.php' );
require_once( 'lib/Facebook/GraphUser.php' );
require_once( 'lib/Facebook/GraphSessionInfo.php' );
require_once( 'lib/Facebook/Entities/AccessToken.php');
require_once( 'lib/Facebook/HttpClients/FacebookCurl.php' );
require_once( 'lib/Facebook/HttpClients/FacebookHttpable.php');
require_once( 'lib/Facebook/HttpClients/FacebookCurlHttpClient.php');
/* USE NAMESPACES */
use Facebook\FacebookSession;
use Facebook\FacebookRedirectLoginHelper;
use Facebook\FacebookRequest;
use Facebook\FacebookResponse;
use Facebook\FacebookSDKException;
use Facebook\FacebookRequestException;
use Facebook\FacebookAuthorizationException;
use Facebook\GraphObject;
use Facebook\GraphUser;
use Facebook\GraphSessionInfo;
use Facebook\FacebookHttpable;
use Facebook\FacebookCurlHttpClient;
use Facebook\FacebookCurl;
/PROCESS/
//1.Stat Session
session_start();
//check if users wants to logout
if(isset($_REQUEST['logout'])){
unset($_SESSION['fb_token']);
}
//2.Use app id,secret and redirect url
$app_id = '**';
$app_secret = '**';
$redirect_url='**';
//3.Initialize application, create helper object and get fb sess
FacebookSession::setDefaultApplication($app_id,$app_secret);
$helper = new FacebookRedirectLoginHelper($redirect_url);
$sess = $helper->getSessionFromRedirect();
//check if facebook session exists
if(isset($_SESSION['fb_token'])){
$sess = new FacebookSession($_SESSION['fb_token']);
} ?>
I'm sure I made the app_id secret and even the url right.
We had a similar problem recently. Local and beta servers worked but our production server did not.
The problem, V4 requires PHP version 5.4 or higher.
https://developers.facebook.com/docs/php/gettingstarted/4.0.0
Might not be your problem but sounds really like ours. Hope it helps.
is it possible to render Joomla content from external script? For example I have some html string, which I want to pass to com_content component, to make all content plugin and module features available. I think I should use JDocumentRendererComponent class. Code in my external file:
<?php
require_once ('framework.php'); //loading joomla framework
jimport('joomla.document.html.renderer.component');
$contentHtml = '<p>Some content html</p>';
echo JDocumentRendererComponent::render('com_content',array(),$contentHtml);
?>
What I get is error on the last line:
Fatal error: Class 'JDocumentRendererComponent' not found...
What Im doing wrong? Any ideas?
It's because you haven't included the Joomla framework to the external script. Use the below code. This will ensure that the Joomla! environment is loaded correctly
/* Initialize Joomla framework */
define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(__FILE__) );
define( 'DS', DIRECTORY_SEPARATOR );
/* Required Files */
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
/* To use Joomla's Database Class */
require_once ( JPATH_BASE .DS.'libraries'.DS.'joomla'.DS.'factory.php' );
/**************************************************/
// Your code starts here...
// Remember that the Site application isn't running, so you cannot access $mainframe or any of its methods.
/**************************************************/
JDocumentRendererComponent Class is located in located in /libraries/joomla/document/html/renderer/component.php if you correct load the framework everything should work fine.
I found other solution for my question. The job can be also done by content plugin events (triggers). The piece of code from components/com_content/views/article/view.html.php:
JPluginHelper::importPlugin('content');
$results = $dispatcher->trigger('onContentPrepare', array ('com_content.article', &$item, &$this->params, $offset));
$item->event = new stdClass();
$results = $dispatcher->trigger('onContentAfterTitle', array('com_content.article', &$item, &$this->params, $offset));
$item->event->afterDisplayTitle = trim(implode("\n", $results));
$results = $dispatcher->trigger('onContentBeforeDisplay', array('com_content.article', &$item, &$this->params, $offset));
$item->event->beforeDisplayContent = trim(implode("\n", $results));
$results = $dispatcher->trigger('onContentAfterDisplay', array('com_content.article', &$item, &$this->params, $offset));
$item->event->afterDisplayContent = trim(implode("\n", $results));
So we can actually make an object from our string and pass it to these triggers. As a result we are getting content rendered like an article, with its major functionality.
Some more info about it:
http://www.inmotionhosting.com/support/edu/joomla-25/create-plugin/content-plugin-events
https://groups.google.com/forum/#!msg/joomla-dev-cms/VZVurjiZWIs/9Vr45KS2LTMJ
I need to get the information of the user that's currently logged in to Joomla from a program outside of Joomla itself. I upgraded from 1.5 to 2.5, and what I had before doesn't work anymore.
<?php
define( '_VALID_MOS', 1 );
include_once( 'globals.php' );
require_once( 'configuration.php' );
require_once( 'includes/joomla.php' );
$option="test";
$mainframe = new mosMainFrame( $database, $option, '.' );
$mainframe->initSession();
$my = $mainframe->getUser();
$joomla_name = $my->name;
$joomla_email = $my->email;
$joomla_password = $my->password;
After some research, I've come up with this:
<?php
define( '_JEXEC', 1 );
define( 'JPATH_BASE', dirname(__FILE__) );
define( 'DS', '/' );
require_once ( JPATH_BASE .DS.'configuration.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
require_once ( JPATH_BASE .DS.'libraries'.DS.'joomla'.DS.'factory.php' );
$my =& JFactory::getUser();
$joomla_name = $my->name;
$joomla_email = $my->email;
$joomla_password = $my->password;
$joomla_username = $my->username;
It doesn't produce any errors but seems to work. However, the user object is empty. This script is in the same directory as the Joomla installation. What may be the problem? Thanks!
Sources:
http://www.cmsbloke.com/accessing-joomla-objects-from-an-external-script/
Taken from
http://docs.joomla.org/How_to_access_session_variables_set_by_an_external_script
Solution: Replace session_start(); in your external script with
define( '_JEXEC', 1 );
define( 'JPATH_BASE', realpath(dirname(__FILE__).'/../..' ));
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();
Be sure to change JPATH_BASE to suit your directory structure.
Replace the $_SESSION[ 'name' ] = "value"; in your external script with
$session =& JFactory::getSession();
$session->set('name', "value");
Now you can retrieve this session variable using:
$session =& JFactory::getSession();
echo $session->get('name');
It turns out, I had two problems:
My script was on www.example.com, while I was logged in under example.com, so the different domain was throwing off the session data.
I also wasn't initialising the application, which apparently is necessary.
Here are the results:
<?php
define( '_JEXEC', 1 );
define( 'JPATH_BASE', dirname(__FILE__) );
define( 'DS', '/' );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
JFactory::getApplication('site')->initialise();
$user = JFactory::getUser();
$joomla_name = $user->name;
$joomla_email = $user->email;
$joomla_password = $user->password;
$joomla_username = $user->username;
I think people have had problems with this in Joomla 2.5 as things have changed. I haven't found a solution for the way you have requested but wrote this work around (excluding the password field though) that you may want to use.
define a connection to the database:
<?php
$host="localhost";
$username="DB_USERNAME";
$password="DB_PASSWORD";
$db_name="DB_NAME";
mysql_connect($host,$username,$password)or die(mysql_error());
mysql_select_db($db_name)or die(mysql_error());
?>
Echo create a query and echo the results in a table:
<table style="background:#FFF; color:#000;">
<?php
$query = "SELECT username,name,email FROM j25_users ";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_array($result)) {
echo '<tr><td>',$row["username"],'</td><td>',$row["name"],'</td><td>',$row["email"],'</td></tr>' ;
}
?>
</table>
You will need to change j25_users to the correct prefix of your database tables.
Update: Much better to import the framework to get the user object.
Hope this comes in handy for you. Regards.
If you want to skip using Joomla! functions, you can query the Joomla! database. Join tables js25_session and js25_users with the user id. This way, you can get every currently logged-in user and all guests on the website (and possibly the number of online users).
I run into a problem using session in .php file i attached in jumi
How do i set a session in in that page? when i use :
//this define and require I use from reading the other papers
define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(dirname(__FILE__)));
define( 'DS', DIRECTORY_SEPARATOR );
require_once (JPATH_BASE . DS . 'includes' . DS . 'defines.php');
require_once (JPATH_BASE . DS . 'includes' . DS . 'framework.php');
$mainframe = JFactory::getApplication('site');
$session = &JFactory::getSession();
if(isset($_GET['id'])){
var_dump($id= $_GET['id[i]']);
} else {echo "No session ";}
// code connect to db
// render out the items
//
foreach($rows as $i=>$row){
$id[$i] = $row['rid'];
$name[$i] = $row['rname'];
$view .= '<tr>
<td>'.$id[$i].'</td>
<td>'.$name[$i].'</td>';
?>
}
<p><?php echo $view.'</tr></table>'; ?> </p>
......
It doesn't let me find the sub-page of id=1 that I clicked .
What is the better way to deal with this kind of thing?
thank you.
You have a syntax error try this before you go any further:
</php
//this define and require I use from reading the other papers
define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(dirname(__FILE__)));
define( 'DS', DIRECTORY_SEPARATOR );
require_once (JPATH_BASE . DS . 'includes' . DS . 'defines.php');
require_once (JPATH_BASE . DS . 'includes' . DS . 'framework.php');
$mainframe = JFactory::getApplication('site');
$session = &JFactory::getSession();
if(isset($_GET['id'])){
var_dump($id= $_GET['id[i]']);
} else {
echo "No session ";
}
// code connect to db
// render out the items
//
foreach($rows as $i=>$row){
$id[$i] = $row['rid'];
$name[$i] = $row['rname'];
$view .= '<tr>
<td>'.$id[$i].'</td>
<td>'.$name[$i].'</td>';
}
?>
<p><?php echo $view.'</tr></table>'; ?></p>
Looking at the way Jumi includes PHP files, you should start with:
defined('_JEXEC') or die('Restricted access');
This will prevent the PHP file from being executed via a direct HTTP request (if you look at the example blogger file included with Jumi you will see this line). The define statements you have, initialise globals that Joomla! code uses to make sure a request has entered through the right path.
Apart from that, as mentioned by #travega you close of the PHP with ?> before you close the foreach()
I'm hitting a wall here while trying to access items from Magento on an external page (same server, same domain, etc, etc). I want to see if the user is logged into Magento before showing them certain parts on the site.
Keep in mind that this code exists outside of Magento.
Mage::app("default");
Mage::getSingleton("core/session", array("name" => "frontend"));
if (empty($session))
{
$session = Mage::getSingleton("customer/session");
}
if($session->isLoggedIn())
echo "hi";
$cart = Mage::helper('checkout/cart')->getCart()->getItemsCount();
echo $cart;
$cart returns 0, where I definitely have products in my cart. isLoggedIn() also returns false. What am I doing wrong here? Is there an option in Magento that I need to turn on or off to be able to access this information outside of Magento?
Using the code above, I created a php file in the Magento folder. From there, added the number of items in the cart and whether you were logged in or not to an array and encoded it as json. I used some jquery on my external page to grab the file and pull the data I needed.
Not quite the ideal situation, but it works for now.
Are you including Mage.php (which defines getSingleton)?
require_once ($_SERVER['DOCUMENT_ROOT'] . '/app/Mage.php');
What does $session have in it after the getSingleton() call?
print_r ($session);
EDIT: I tried this on my end and was not able to get accurate isLoggedIn() or getItemsCount() data. When I dumped out $session its showing all the fields as 'protected.'
I'm not interested in requiring the user to log in...I merely want to access data from the already logged in session.
Anyone else have any thoughts on this? All the examples out there seem to be pre 1.4.x.
require_once "app/Mage.php";
umask(0);
Mage::app();
// require_once $_SERVER['DOCUMENT_ROOT'] . "/mage1/app/Mage.php";
// Customer Information
$firstname = "krishana";
$lastname = "singh";
$email = "krish.bhati#gmail.com";
$password = "myverysecretpassword";
// Website and Store details
$websiteId = Mage::app()->getWebsite()->getId();
$store = Mage::app()->getStore();
$customer = Mage::getModel("customer/customer");
$customer->website_id = $websiteId;
$customer->setStore($store);
$mageRunCode = isset ( $_SERVER ['MAGE_RUN_CODE'] ) ? $_SERVER ['MAGE_RUN_CODE'] : '';
$mageRunType = isset ( $_SERVER ['MAGE_RUN_TYPE'] ) ? $_SERVER ['MAGE_RUN_TYPE'] : 'store';
$app = Mage::app ( $mageRunCode, $mageRunType );
Mage::getSingleton('core/session', array('name' => 'frontend'));
$session = Mage::getSingleton('customer/session');
$session->start();
$customer->loadByEmail($email);
$customer_id= $customer->getId();
if($customer_id){
Mage_Core_Model_Session_Abstract_Varien::start();
$session->login($email, $password);
$session->setCustomerAsLoggedIn($session->getCustomer());
echo $session->isLoggedIn() ? $session->getCustomer()->getName().' is online!' : 'not logged in';
}