logo
搜索
我的图书馆

发文章

发文工具

其他工具

留言交流
搜索
分享

Using the new Joomla 1.6 security

 sumi2005 2012-02-13
tfertil

Posts: 38
Posted: 02/26/2011, 8:51 AM Quote message
I developed a CCS application integrated to Joomla 1.5 sites, using the jos_users table to establish CCS security.

Now, Joomla 1.6 has an important change because now a user can be part of more than one group at the time.

So, the old group_id field (GID) is no longer present at the jos_users table, but is in the new table jos_user_usergroup_map, which contains the many-to-many relationship between users and users groups.

So, I created this view in my mySQL database so I can have a table with just one record per user and the higher access level for the user:

  
CREATE VIEW pam_joomlausers AS  
SELECT   
jos_users.id,   
jos_users.name,   
jos_users.username,   
jos_users.email,   
jos_users.password,   
jos_users.usertype,   
jos_users.block,   
jos_users.sendEmail,   
jos_users.registerDate,   
jos_users.lastvisitDate,   
jos_users.activation,   
jos_users.params,  
max(jos_user_usergroup_map.group_id) AS group_id  
FROM jos_users  
INNER JOIN jos_user_usergroup_map ON (jos_users.id = jos_user_usergroup_map.user_id)  
GROUP BY  
jos_users.id,   
jos_users.name,   
jos_users.username,   
jos_users.email,   
jos_users.password,   
jos_users.usertype,   
jos_users.block,   
jos_users.sendEmail,   
jos_users.registerDate,   
jos_users.lastvisitDate,   
jos_users.activation,   
jos_users.params

Now I can use this view when using the Builder from CSS.

Hope find this useful.
View profile  Send private message
jokecoat

Posts: 32
Posted: 06/04/2011, 9:11 AM Quote message
Could you please explain how you did integrate ccs in joomla 1.5 or 1.6?
View profile  Send private message
tfertil

Posts: 38
Posted: 06/14/2011, 10:06 AM Quote message
Jokecoat:

Sorry I didn't answer you sooner, was really busy...

My strategy is to include my CCS screens in a wraper inside Joomla, specifically, an iFrame.

I installed a normal joomla site and then create a folder inside it for my CCS application.

Also I create some additional tables and views in the Joomla database to manage security, and obviously, my own system tables.

Note that my applications *normally* doesn't interact with Joomla, nor Joomla with my apps, I'm only using Joomla to embed my app with my clients content.

Detailed steps:

STEP 1
In my CCS application, I don't use joomla user and session tables directly, because there are some differences between version 1.5 and 1.6, and I like this to be "transparent" to my apps.

So I create two views.

JOOMLA 1.5 VERSION OF THE VIEWS
  
CREATE VIEW sec_vw_joomlausers AS  
SELECT   
 jos_users.id  
,jos_users.name  
,jos_users.username  
,jos_users.email  
,jos_users.password  
,jos_users.usertype  
,jos_users.block  
,jos_users.sendEmail  
,jos_users.registerDate  
,jos_users.lastvisitDate  
,jos_users.activation  
,jos_users.params  
,CASE jos_users.gid   
   WHEN 25 THEN 8  
   WHEN 24 THEN 7  
   WHEN 23 THEN 6  
   WHEN 21 THEN 5  
   WHEN 20 THEN 4  
   WHEN 19 THEN 3  
   WHEN 18 THEN 2 END AS group_id   
FROM jos_users;  
  
-- --------------------------------------------------------  
  
CREATE VIEW sec_vw_joomlasession AS  
SELECT  
 jos_session.session_id  
,jos_session.client_id  
,jos_session.guest  
,jos_session.time  
,jos_session.data  
,jos_session.userid  
,jos_session.username  
,jos_session.usertype  
,CASE jos_session.gid  
   WHEN 25 THEN 8  
   WHEN 24 THEN 7  
   WHEN 23 THEN 6  
   WHEN 21 THEN 5  
   WHEN 20 THEN 4  
   WHEN 19 THEN 3  
   WHEN 18 THEN 2 END AS group_id  
FROM jos_session;

JOOMLA 1.6 VERSION OF THE VIEWS
  
CREATE VIEW sec_vw_joomlausers AS  
SELECT   
 jos_users.id  
,jos_users.name  
,jos_users.username  
,jos_users.email  
,jos_users.password  
,jos_users.usertype  
,jos_users.block  
,jos_users.sendEmail  
,jos_users.registerDate  
,jos_users.lastvisitDate  
,jos_users.activation  
,jos_users.params  
,max(jos_user_usergroup_map.group_id) AS group_id   
FROM jos_users  
INNER JOIN jos_user_usergroup_map ON (jos_users.id = jos_user_usergroup_map.user_id)   
group by   
 jos_users.id  
,jos_users.name  
,jos_users.username  
,jos_users.email  
,jos_users.password  
,jos_users.usertype  
,jos_users.block  
,jos_users.sendEmail  
,jos_users.registerDate  
,jos_users.lastvisitDate  
,jos_users.activation  
,jos_users.params;  
  
-- --------------------------------------------------------  
  
CREATE VIEW sec_vw_joomlasession AS  
SELECT  
 jos_session.session_id  
,jos_session.client_id  
,jos_session.guest  
,jos_session.time  
,jos_session.data  
,jos_session.userid  
,jos_session.username  
,jos_session.usertype  
,sec_vw_joomlausers.group_id  
FROM jos_session   
INNER JOIN sec_vw_joomlausers ON jos_session.userid = sec_vw_joomlausers.id

STEP 2
Back in CSS, I set the security table to be my user view.

In order to CCS load the values from the database, I added this code at the end of the common.php file:

  
$conn = new myDBConnection();  
$sessioncookie = CCGetFromGet("sessioncookie", ""); // Get sessionvariable of Joomla-Session over the URL which passes the Joomla-Wrapper to the iframe  
$lang = CCGetFromGet("locale","es");  
  
$josUserID = CCDLookUp("userid","sec_vw_joomlasession","session_id='$sessioncookie'", $conn);  
global $josUserLogin;  
$josUserLogin = CCDLookUp("username","sec_vw_joomlasession","session_id='$sessioncookie'", $conn);  
#$josUserType = CCDLookUp("usertype","sec_vw_joomlasession","session_id='$sessioncookie'", $conn);  
$josGroupID = CCDLookUp("group_id","sec_vw_joomlasession","session_id='$sessioncookie'", $conn);  
  
	CCSetSession("josUserID", $josUserID);  
	CCSetSession("josUserLogin", $josUserLogin);  
	CCSetSession("josGroupID", $josGroupID);  
  
$conn->close();

of course the name of the CCS session vars (josUserID, josUserLogin, josGroupID) must be set at the security properties of your project.

STEP 2
Maybe you noted that I get the joomla session cookie to locate the user's session at the session table. This is passed from joomla to the iFrame where the CSS page is loaded, but I need to make a little adjustement in Joomla.

I add this lines at the beggining of the \components\com_wrapper\views\wrapper\tmpl\default.php file, just AFTER the line defined('JEXEC').
  
#################  
  
$session =& JFactory::getSession();  
$sid = $session->getId();	  
$locale = $_GET[‘locale’];  
  
###################

and down the code of this file I changed the line:

  
src="<?php echo $this->wrapper->url; ?>"

to be

Joomla 1.5

  
src="<?php echo $this->wrapper->url."?sessioncookie=$sid&locale=$lang"; ?>"

Joomla 1.6

  
src="<?php echo $this->escape($this->wrapper->url)."?sessioncookie=$sid&locale=$lang"; ?>"

STEP 3
Back in Joomla Administrator site, I created a menu and some menu items. Each menu item is a wrapper, the url is simply the right path to my CCS subfolder and file, something like \myCCS\myFile.php

In some cases I use my own tables to manage security and left the pages accesible to every REGISTERED user in Joomla, sometimes I use Joomla groups. I left the specifics to you.

Hope this compact explanation helps you out.
View profile  Send private message
jokecoat

Posts: 32
Posted: 06/14/2011, 1:20 PM Quote message
@tfertil: Thanks! This did the trick!
View profile  Send private message

    本站是提供个人知识管理的网络存储空间,所有内容均由用户发布,不代表本站观点。请注意甄别内容中的联系方式、诱导购买等信息,谨防诈骗。如发现有害或侵权内容,请点击一键举报。
    转藏 分享 献花(0

    来自: sumi2005 > 《codecharge studio》

    举报/认领

    0条评论

    发表

    请遵守用户 评论公约

    类似文章 更多