0

I want to store and check passwords hash for user login and register to be the same as joomla (2.5),

example here:

joomla password encryption

Currently i have this code as login:

<?php

$page_title = 'Login';
include ('template/header.php');
require_once ('inc/db.php');

if ($_SERVER['REQUEST_METHOD'] == 'POST') {


// Validate the email address:
if (!empty($_POST['email'])) {
    $e = mysqli_real_escape_string ($dbc, $_POST['email']);
} else {
    $e = FALSE;
    echo '<div class="alert alert-danger" id="alerta1">
                <button type="button" class="close" data-dismiss="alert">&times;</button>
                <center><p>No ingresaste tu email</p></center>
                 </div>';
}

// Validate the password:
if (!empty($_POST['password'])) {
    $p = mysqli_real_escape_string ($dbc, $_POST['password']);
} else {
    $p = FALSE;
    echo '<div class="alert alert-danger" id="alerta2">
                <button type="button" class="close" data-dismiss="alert">&times;</button>
                <center><p>No ingresaste tu contraseña</p></center>
                 </div>';
}

if ($e && $p) { // If everything's OK.

    // Query the database:
    $q = "SELECT user_id, nombre, user_level FROM users WHERE (email='$e' AND password=md5('$p'))   AND active = 1";        
    $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

    if (@mysqli_num_rows($r) == 1) { // A match was made.

        // Register the values:
        $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); 
        mysqli_free_result($r);
        mysqli_close($dbc);

        // Redirect the user:
        //$url = BASE_URL . 'index.php'; // Define the URL.
        ob_end_clean(); // Delete the buffer.
        header("Location: ads.php?welcome");
        exit(); 

    } else { // No match was made.
        echo '<div class="alert alert-danger" id="alerta3">
                <button type="button" class="close" data-dismiss="alert">&times;</button>
                <center><p>Tu email y contraseña no figuran en sistema o tu cuenta aun no esta    activada</p></center>
                 </div>';
    }

} else { // If everything wasn't OK.
    echo '<div class="alert alert-danger" id="alerta4">
                <button type="button" class="close" data-dismiss="alert">&times;</button>
                <center><p>Por favor intentalo nuevamente</p></center>
                 </div>';
}

mysqli_close($dbc);

}

And register:

if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form.

// Need the database connection:
require ('inc/db.php');

// Trim all the incoming data:
$trimmed = array_map('trim', $_POST);

// Assume invalid values:
$no = $ap = $e = $p = FALSE;

// Check for a first name:
if (preg_match ('/^[A-Z \'.-]{2,20}$/i', $trimmed['nombre'])) {
    $no = mysqli_real_escape_string ($dbc, $trimmed['nombre']);
} else {
    echo '<div class="alert alert-danger" id="alerta1">
            <button type="button" class="close" data-dismiss="alert">&times;</button>
            <center><p>Por favor, ingresa tu nombre</p></center>
             </div>';
}

// Check for a last name:
if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $trimmed['apellido'])) {
    $ap = mysqli_real_escape_string ($dbc, $trimmed['apellido']);
} else {
    echo '<div class="alert alert-danger" id="alerta2">
            <button type="button" class="close" data-dismiss="alert">&times;</button>
            <center><p>Por favor, ingresa tu apellido</p></center>
             </div>';
}

// Check for an email address:
if (filter_var($trimmed['email'], FILTER_VALIDATE_EMAIL)) {
    $e = mysqli_real_escape_string ($dbc, $trimmed['email']);
} else {
    echo '<div class="alert alert-danger" id="alerta3">
            <button type="button" class="close" data-dismiss="alert">&times;</button>
            <center><p>Por favor, ingresa una direccion valida de email</p></center>
             </div>';
}

// Check for a password and match against the confirmed password:
if (preg_match ('/^\w{4,20}$/', $trimmed['pass1']) ) {
    if ($trimmed['pass1'] == $trimmed['pass2']) {
        $p = mysqli_real_escape_string ($dbc, $trimmed['pass1']);
    } else {
        echo '<div class="alert alert-danger" id="alerta4">
            <button type="button" class="close" data-dismiss="alert">&times;</button>
            <center><p>Las contraseñas no coinciden</p></center>
             </div>';
    }
} else {
    echo '<div class="alert alert-danger" id="alerta5">
            <button type="button" class="close" data-dismiss="alert">&times;</button>
            <center><p>Ingresar contraseña válida</p></center>
             </div>';
}

if ($no && $ap && $e && $p) { // If everything's OK...

    // Make sure the email address is available:
    $q = "SELECT user_id FROM users WHERE email='$e'";
    $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

    if (mysqli_num_rows($r) == 0) { // Available.

        // Create the activation code:
        $a = md5(uniqid(rand(), true));

        // Add the user to the database:
        $q = "INSERT INTO users (email, password, nombre, apellido, active, fecha_registro) VALUES ('$e', md5('$p'), '$no', '$ap', '$a', NOW() )";
        $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));

        if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.

            // Send the email:
            include ('template/mail_registro.php');


            // Finish the page:
            header("Location: registro_ok.php");
            exit(); // Quit the script.

        } else { // If it did not run OK. 
            echo '<div class="alert alert-danger" id="alerta6">
            <button type="button" class="close" data-dismiss="alert">&times;</button>
            <center><p>No has podido registrarte debido a un error en nuestro sistema. En breve lo solucionaremos</p></center>
             </div>';
        }

    } else { // The email address is not available. 
        echo '<div class="alert alert-danger" id="alerta7">
            <button type="button" class="close" data-dismiss="alert">&times;</button>
            <center><p>La direccion de email ya se encuentra registrada. Olvidaste tu contraseña?</p></center>
             </div>';
    }

} else { // If one of the data tests failed. 
    echo '<div class="alert alert-danger" id="alerta8">
            <button type="button" class="close" data-dismiss="alert">&times;</button>
            <center><p>Intentalo nuevamente</p></center>
             </div>';
}

mysqli_close($dbc);

} // End of the main Submit conditional.
Community
  • 1
  • 1
Santiago
  • 21
  • 1
  • 4

1 Answers1

0

You have to use JUser Class and JUserHelper. In JUserHelper you can find methods like

hashPassword(string $password) -> Hashes a password using the current encryption.

verifyPassword(string $password, string $hash, integer $user_id) -> Formats a password using the current encryption.

getCryptedPassword(string $plaintext, string $salt = '', string $encryption = 'md5-hex', boolean $show_encrypt = false) -> Formats a password using the current encryption.

To create a new User i make something like this:

$user = new JUser();

# create a new random password
$pass = 'your_password';

$data = array(
   'name' => 'name',
   'email' => 'email',
   'groups' => ['group1'],
   'username' => 'username',
   'password' => $pass,
   'password2' => $pass )

if (!$user->bind($data)) {
   $msg = "Error ...";
   $msg .= $user->getError();
}

# Store the data.
// $user->save();
if (!$user->save()) {
$msg = "Erorr saving user";
$msg .= $user->getError();
}

Check the joomla docs for details http://doc.joomladev.eu/api25/Joomla-Platform/User/JUser.html

Mat
  • 144
  • 7