0

I am writing a code to authenticate with the datas which are in my mysql database.

My script is "almost" ready but i dont know how to successfully use the password.

$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$shapass=sha1($password);
$query = mysql_query("select * from alw73_users where password='$shapass' AND username='$username'", $connection);

But not working. Does not authenticate successfully. I think Joomla isnt uses sha1 for password coding or maybe i totally doing it wrong. But what should i use insted of?

The end of the script:

$rows = mysql_num_rows($query);
if ($rows == 1) {
$error = "OK";
echo "OK";
} else {
$error = "NOT OK";
echo "BAD!";

}
csib
  • 155
  • 1
  • 9
  • 2
    Please please please **do not** use `mysql_*` functions. They are old and deprecated. Import the Joomla API and use Joomla's database and session features – Lodder Jan 30 '15 at 14:25
  • You are so far off base its difficult to know where to start, but this may help http://stackoverflow.com/questions/2075335/how-to-log-into-joomla-through-an-external-script – RiggsFolly Jan 30 '15 at 14:33
  • Just be sure to only use the accepted answer code if you're using Joomla 2.5. For Joomla 3.x see the other answer: http://stackoverflow.com/a/25498762/1362108 – Lodder Jan 30 '15 at 14:35
  • @Lodder Good point, thanks for the clarification. – RiggsFolly Jan 30 '15 at 14:41
  • I just want to use it to auth, i neednt a real session or something, just an information : OK or not OK. The datas in the mysql and in the scipt are the same or not. In this case i also need answer codes? – csib Jan 30 '15 at 14:47

1 Answers1

0

Here is how I am initializing Joomla Framework variables inside an external script, that might help you.

if ($JEXEC_defined==TRUE) {
    defined('_JEXEC') OR defined('_VALID_MOS') OR die( 'Restricted access' ); //security reason
    $direct_script_access=FALSE;
}

if ($JEXEC_defined==FALSE) {
    define( '_JEXEC', 1 );
    define( 'DS', DIRECTORY_SEPARATOR );
    define('JPATH_BASE', dirname(__FILE__) );
    require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
    require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
    $direct_script_access=TRUE;

    // initialize the application 
    $mainframe =& JFactory::getApplication('site');
    $mainframe->initialise();
}


if ($user->username!="") if ($direct_script_access==TRUE) {
    //PHP code when script is accessed directly
}
ihtus
  • 2,673
  • 13
  • 40
  • 58