I have followed this tutorial to create a component in Joomla 2.5.19. I have modified the code a bit to suit my needs. I have changed
$response = $auth->authenticate($credentials, $options);
to
JFactory::getApplication()->logout(null, $options);
$authorized = JFactory::getApplication()->login($credentials, $options);
But this call to login changes user's password. Does any one have any clue, why it is behaving like this.
Note: I have also installed latest version of JomSocial.
Thanks,
The password itself is not changing, what is happening is that the method hashing of the password prior to storing in the the database has changed. Users with existing passwords with the old hashing have their hashing changed when they login. If you use the JUser API with your authentication system this will work seamlessly, you would only know that it happens if you look in the database.
I only briefly reviewed the link you posted with the tutorial, and from first glance this is not the correct way to achieve external authentication in Joomla. You should write an authentication plugin which hooks into core events and seamlessly integrated with the framework.
Although you could most definitely make this approach "work," in the long run, by working against the framework; maintaining the code could become more and more difficult.
The link below is for Joomla 3.2, but the concepts apply. I would recommend reverse engineering existing core authentication plugins.
If you choose to continue with the component approach check out the com_users login controller and model for his they handle login posts. Both should have relevant methods.
http://docs.joomla.org/J3.2:Creating_an_Authentication_Plugin_for_Joomla
I figured it out with the help of Elin...
Turned out to be a rehash... In Joomla 2.5.19, (libraries/joomla/user/helper.php) JUserHelper::verifyPassword() is actually rehashing and updating the password in database.
Thank you #Elin. Can you submit you comment as answer so I can accept it :)
Related
I have a multi-tenant wagtail set up and we are currently working on getting up to date. We've just recently upgraded to v2.15 which introduced audit logging for all models instead of just page models.
AFAICT from looking through the wagtail code, the changes for a page model are only visible to superusers or admins with can_add_subpage or can_edit permissions which seems to effectively support multi-tenancy.
However, for all the other models there is no limitation put into effect. This means that an admin for Site A is seeing when changes are made to Site B or anytime a user is added or edited. We are using email addresses as usernames so this presents a rather major privacy issue.
This method hasn't been updated in any newer version, AFAICT, so I don't believe that just upgrading will fix this.
Does anyone have any ideas on either any wagtail settings we can change to keep Site and user changes invisible to non superusers or how we might localize BaseLogEntryManager.viewable_by_user so we can override the default wagtail implementation to our needs?
We have previously done something somewhat similar with the search available to admins by creating our own src/app/templates/wagtailadmin/pages/search.html and creating our own local version of https://github.com/wagtail/wagtail/blob/stable/2.13.x/wagtail/admin/views/pages/search.py
I had thought about trying to do something similar here however that doesn't seem like a good thing to do given how different those circumstances are and I think it was only possible using the register_admin_search_area hook.
I run a fairly large multitenanted Wagtail site. I have made public gist of the code we use in Wagtail 2.16 to restrict reports.
One of the main things we had to patch is the filters on the reports page. We do not want users on one site to even know there are other users in the system. This is implemented in the site_specific_get_users_for_filter method.
Although our non-page models all have site_ids, it was not possible to filter ModelLogEntries in site, so we settled for hiding that report from everyone except superusers.
Okay, so I know about middleware hence the "From Controller" specification in the title but basically, the issue I have is this, I have a SaaS app that I'm adding a gifting feature i.e give someone a plan as a gift and so I need to force login on a regular user while allowing either way on one gifting the plan to make it easier. Makes sense? Anyway, for that reason, I cannot use the auth middleware since I have, and want, only 1 checkout page.
So, how can I force login from my Checkout Controller like the way the auth middleware does it on routes?
Since I haven't gotten a suggestion, I'll post the workaround I came up with and the potential solution I simply have no time to study up on at present:
Likely solution:
Use Auth::guard('guard name here') and you can learn more about this here.
My workaround:
I created another route pointing to the same controller function but one is going through middleware('auth') while the other isn't. Practical example below.
Route::get('checkout/summary', [CheckoutController::class, 'summary'])->middleware('auth')->name('summary');
Route::get('checkout/gift-a-sub', [CheckoutController::class, 'summary'])->name('gift-a-sub');
With this, I only require one page to prevent complications while forcing authentication for regular users while those just opting to gift a plan aren't required to do so and all I have to do then is save the data based on a flag created at the Pricing page.
I have the following situation. I'm building a completely new joomla site and community from scratch. The client wants to use community builder for user management, mainly because kunena and in the future jomsocial will be added. Logically, I want al those parts to be connected, and to be maintainable in an easy way.
I wan't to create a class that handles the login information from my own form, preferable using ajax. Unfortunately, I can't find the slightest heads up on how to do that, while it seems to me that, that shouldn't be to hard, right?
Hope someone knows the trick!
Had a little look on Google and found this Login module that supports Community Builder and uses Ajax technologies:
http://extensions.joomla.org/extensions/access-a-security/site-access/authentication/20452
This module is however commercial. I give feedback on this, but I have never used it before. However, I think the ratings and reviews speak for themselves.
I'm not sure why you want to use your own form for the login module as Community Builder allows you to add your own field and so on.
Hope this helps
Has anyone ever tried to replace the default captcha in Tank_Auth with their own customized captcha? The default captcha for Tank_Auth is just too difficult for most users. I want to replace it with Cool Captcha and would like to know if replacing it is a good or bad idea.
I recently did this. I replaced Codeigniter's default catpcha with Cool Captcha. Download a copy of it in my github Tank_Auth fork.
I'm doing this atm. You might want to do some research on captcha first though. A lot of these are even easier to get past if they are easy to read.
Check out this related question:
Most effective form of CAPTCHA?
And these two blog posts dealing with that same question:
http://www.evengrounds.com/developers/alternatives-to-captcha
and
http://www.sitepoint.com/captcha-alternatives/
Of course it all depends what and where you use your captcha.
you can configure tank_auth to use reCaptcha, you have to edit the config file
Follow the below mentioned 2 simple steps.
Go to 'yourprojectname/application/config/tank_auth.php'.
Search for $config['captcha_registration'] = TRUE; make it FALSE
I'm looking to build an integrated login and user management system between Joomla and eGroupware, ideally with Joomla as the driver. That is, users would log in to Joomla and have their credentials passed into eGroupware as well, so that they could follow a link over to eGW and not have to log in again. Also administrators could add new users to Joomla (or update existing user info) and have those changes reflected in eGW as well.
I tried out this component but all I could get it to do was to synchronize passwords between existing users of both systems (matching on their usernames). Documentation is in Portuguese so I might have missed something in translation. Also I've checked out JFusion but it as yet has nothing available for a bridge to eGW.
Any general advice on how to proceed is greatly appreciated. I have some Joomla experience but not much at writing extensions/modules; would it be easier for me to try to adapt JFusion or something like that or to write something myself?
The best approach would be to write two Joomla plugins: one of the authentication type that will create the session in eGW when someone logs into Joomla, then one of the user type that will respond to the onAfterStoreUser event and update the profile in eGW. This way, you won't be hacking either Joomla or eGW. There's a tutorial on creating authentication plugins for Joomla here: http://docs.joomla.org/Tutorial:Creating_an_Authentication_Plugin_for_Joomla_1.5 Creating a user plugin will be a similar process, only you'll be responding to the onAfterStoreUser event.