[英]How to get current Joomla user with external PHP script
I have a couple PHP scripts used for AJAX queries, but I want them to be able to operate under the umbrella of Joomla's authentication system. 我有一些用于AJAX查询的PHP脚本,但我希望它们能够在Joomla的身份验证系统的保护下运行。 Is the following safe?
以下是安全的吗? Are there any unnecessary lines?
有没有不必要的线路?
<?php
define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(__FILE__));
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
/* Create the Application */
$mainframe =& JFactory::getApplication('site');
/* Make sure we are logged in at all. */
if (JFactory::getUser()->id == 0)
die("Access denied: login required.");
?>
<?php
include 'joomla-auth.php';
echo 'Logged in as "' . JFactory::getUser()->username . '"';
/* We then proceed to access things only the user
of that name has access to. */
?>
While I don't see anything in the code that's unsafe, it's best to make your AJAX/JSON calls to a standard Joomla component. 虽然我在代码中看不到任何不安全的东西,但最好将AJAX / JSON调用到标准的Joomla组件。 There's a good article on how to do this here: http://blog.syncleon.com/2009/05/ajax-ify-your-joomla-website.html I've also written about JavaScript, Joomla, and asynchronous requests in my book http://www.packtpub.com/files/learning-joomla-1-5-extension-development-sample-chapter-8-using-javascript-effects.pdf (skip down to page 168).
这里有一篇关于如何做到这一点的好文章: http : //blog.syncleon.com/2009/05/ajax-ify-your-joomla-website.html我还写了关于JavaScript,Joomla和异步请求的文章我的书http://www.packtpub.com/files/learning-joomla-1-5-extension-development-sample-chapter-8-using-javascript-effects.pdf (跳到第168页)。
Essentially, what you do is create a view for the output of your AJAX call, then create a view.xml.php (or view.json.php) file instead of a view.html.php. 基本上,您要做的是为AJAX调用的输出创建一个视图,然后创建一个view.xml.php(或view.json.php)文件而不是view.html.php。 When you add
&format=xml
to the end of your request URL, it will pull from view.xml.php instead of view.html.php. 当您将
&format=xml
添加到请求URL的末尾时,它将从view.xml.php而不是view.html.php中提取。
sure does work , you need to get session data for users 确实有效,你需要为用户获取会话数据
jimport( 'joomla.session.session' );
$session =& JFactory::getSession();
print the session to see what comes out 打印会话以查看结果
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.