5

I have a couple PHP scripts used for AJAX queries, but I want them to be able to operate under the umbrella of Joomla's authentication system. Is the following safe? Are there any unnecessary lines?

joomla-auth.php (located in the same directory as Joomla's index.php):

<?php

define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(__FILE__));
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );

/* Create the Application */
$mainframe =& JFactory::getApplication('site');

/* Make sure we are logged in at all. */
if (JFactory::getUser()->id == 0)
    die("Access denied: login required.");

?>

test.php:

<?php

include 'joomla-auth.php';

echo 'Logged in as "' . JFactory::getUser()->username . '"';

/* We then proceed to access things only the user
   of that name has access to. */
?>
Improve this question
2
  • It doesn't work if you call that script from a different directory Commented Apr 15, 2012 at 14:29
  • even if the script itself is in the joomla root directory (Joomla 1.7) Commented Apr 15, 2012 at 14:30

2 Answers 2

Reset to default
2

While I don't see anything in the code that's unsafe, it's best to make your AJAX/JSON calls to a standard Joomla component. There's a good article on how to do this here: http://blog.syncleon.com/2009/05/ajax-ify-your-joomla-website.html I've also written about JavaScript, Joomla, and asynchronous requests in my book http://www.packtpub.com/files/learning-joomla-1-5-extension-development-sample-chapter-8-using-javascript-effects.pdf (skip down to page 168).

Essentially, what you do is create a view for the output of your AJAX call, then create a view.xml.php (or view.json.php) file instead of a view.html.php. When you add &format=xml to the end of your request URL, it will pull from view.xml.php instead of view.html.php.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

What's the best practice for modules and not components? Is it possible to create a proxy-module instead of proxy-component?
@Stilero You can't make AJAX calls to modules. You have to have the JavaScript in your module call a component.
0

sure does work , you need to get session data for users

jimport( 'joomla.session.session' );
$session                =& JFactory::getSession();

print the session to see what comes out

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.