Custom Joomla authorization - joomla

The situation is quite complicated and why do I need it - do not ask - boss want!
So, immediately after the default authorization i need to run the custom module, which will have an additional test for authorization in another database and depending on its result i need to decide authorize user or not.
Are there any suggestions except for source corrections?

If you are using Joomla's built-in 'Login Menu', you can set 'Login Redirect' parameter to another page and if you are using Joomla's native login module, you can set redirect parameter to any page of your site that you want.
In your case I would recommend to create a simple component (not a module) that authorizes your user for second time, and redirects them again to any other page that you want (if second login was successful) or kick the user (if second login was unsuccessful). If you do that, you'll be able to create a menu for your component and redirect your login panel (either it's a menu or a simple login module) to your component's menu.
Creating components for Joomla is not a big deal if you have a little of knowledge in php programming and there are some tools that may speed up creating your component, like this one: http://www.notwebdesign.com/joomla-component-creator/

Why not make an authentication plugin and use that rather than the core joomla one?
This is for 1.5 but the principles are the same now.
http://docs.joomla.org/Creating_an_Authentication_Plugin_for_Joomla_1.5

Are the Joomla login credentials for a user the same as the other system that you are using? If so, then you can create a plugin that passes those credentials to your other system on a successful Joomla login event.
If not, then it gets a little tricky. Either your users will have to provide both sets of credentials, once for Joomla that then redirects to your other system for the second login, or you will have to extend your user accounts so you can associate the second set of credentials to a user. You can then use a plugin to pass the related credentials to your secondary system after a successful Joomla login event.

Related

login via facebook in Xcart based ecommerce website

I have to integrate facebook login in an e-commerce website made in X-cart 4.7.6. There are no add-ons available for this version and I am not able to bypass login validation, I wanted to log user in just by using fb id. Until now , i have been successful in fetching permissions and data from Facebook when user clicks on fb-login button and check that if the particular user is an existing user or a new user. Based on this the data is entered into existing database.
Now I have been trying to set ($allow_login) true and bypass all visible login validation from all files i guess.But yet it doesn't work. Suggest me some ideas or ways to make it work.
You say that there is no ready-made module, but actually it exists: it is included in X-Cart GoldPlus by default, but if you use a "younger" package called X-Cart Gold, you may purchase this addon separately for $99: https://market.x-cart.com/addons/social-login.html

Single sign on for Joomla admin and frontend

Is it possible to implement single signon for Joomla 1.5 backend and frontend. I find it kind of redundant that when the admin for instance is logged in at the backend and needs to do some user function on the frontend has to login again. Is there a way of implementing a single signon?
Joomla! is implemented as two separate applications the front-end initiated from /index.php and the back-end administration from /administrator/index.php as such they have separate user sessions and states.
The separation is a standard security approach, while you could write your own mod_login to do this I wouldn't advise it unless you're very clear on what you're doing.
Having said that, there are 255 Joomla! extensions in the Access & Security ——> Site Access section dealing with logins. Have you tried looking there?
This joomla extension can do that.
http://www.everlive.net/joomla-extensions/15-joomla-admin-from-frontend.html
Just login to frontend as an admin user. You will be logged-in automatically to backend. Further it gives you useful direct links for various backend operations like article add, edit, publish, unpublish etc. Same kind of links are available for modules and menu items.

Is it possible for an iframe to have a different session?

I am wanting to build an admin tool where I can "impersonate" users of my site, without having to lose my session as an admin.
I would like to be able to open an iframe that will view the website "as the user", without changing the state of the page that opened the iframe.
Is that possible? Is there a better way to do this?
It's possible, but there's a bit "but" :)
Just a couple options to start with:
Use URL-based session tokens (as Java Servlets do when you have cookies disabled)
Use different domains for "normal" site and admin interface
iframe itself won't help you much: it will always share its cookies with the browser. So in order to avoid that, you can use either of the above options—but that does not depend on the iframe.
What language? My answer is based on the assumption that PHP is your chosen language.
Firstly, I would say you have planned your application wrong if session impersonation is the only way you can view your site as another user while still keeping your admin login intact.
One way you could do it, and again this is assuming that you are using PHP as well as the default session management functions within and you do not have a custom session handler would be to load the iframe url with the ?PHPSESSID=sessionidhere parameter.
A better way to do this is to create your site and authenticate users via a user object of sorts and then add some sort of url parameter such as ?userbrowseid=123
Then when you load the page, your code will only check if the parameter exists if you are already logged in as an admin. The page would then overwrite your current user object with the user object of the user with the id 123. Steps should be taken to make sure your session cookies are not overwridden with the impersonated user object. As this would be in an iframe, your site will work as an admin and the iframe will be loaded as the user object.

DotNetNuke: load data in session at login time

I'm using DNN 5. When a user logs in, I want to load some data into the session. Where should I add my code? Should I intervene into the login.aspx's code behind?
The solutions seems to be writing a custom authentication provider.
One option would be to set the page the users sees upon login and add a custom module to that page. That would get you out of writing an authentication provider.

Want to allow Joomla Super Admin to log into other registered accounts - how to do it?

We've created a highly customized Joomla 1.5 based site and want our super administrator to be able to log into registered user accounts so we can provide better phone support and help them configure their accounts remotely.
This will obviously take some coding. Ideally we want a link from the admin side that will take us to the front end and automatically log us in as the registered user. We'll lock it down by IP address and also have some sort of password as well.
Where does the login get processed? It looks like /components/com_user/controller.php calls a function called $mainframe -> login(); Where does that function reside?
Our thought is to send a mock login form along with an additional super-user password field. Then we'll modify the login code to authorize the login if the password is present and the IP address is correct.
Any words of wisdom or caution with this approach?
There is actually a plugin that will do just this:
http://extensions.joomla.org/extensions/access-a-security/authentication/4806
You'll want to build an authentication plugin to handle this. You can enable as many authentication plugins as you like (the core plugin, OpenID, your own plugin, etc...). Joomla will run down the list of enabled plugins until one of them sets the status variable of the $response object to JAUTHENTICATE_STATUS_SUCCESS. The $response object gets passed in to your plugin's onAuthenticate method. Take a look at plugins/authentication/example.php for a clear example. You will probably end up cloning plugins/authentication/joomla.php and repurposing it for your needs.
I would publish your custom plugin after the core Joomla authentication plugin so that normal users will be able to log in faster.
Also, if you do want to go with a form as well, you will need to build a small component so that you can get the username and super-user password into the request.

Resources