Authorization in a wrapper

Have a programming question regarding your component, plug-in, extension or core hacks? Have an interesting tidbit, FAQ or programming tip you’d like to share? This is the place for you.

Moderators: tjay, seadap, Rogue4ngel, matthewhayashida

Forum rules
Post Reply
arosenhave
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Wed Aug 29, 2007 9:01 pm

Authorization in a wrapper

Post by arosenhave » Wed Aug 29, 2007 9:17 pm

Hi all,
Not really sure where to put this question, so here goes:
I have a php application hosted on a difrent server than my joomla site due to the need to use a diffrent database.
To put it out there I have it in a wrapper on my site. Still, I would like to verify that ppl have at least logged into my site (prevent direct access, that is). I tried to get a $_SESSION object going, but it seems to be empty so I guess either joomla login is handelled diffrently or the object is simply not accessible to the wrapper.

Anyone know if there is passed any information to the wrapper that might be useful to me? Any ideas would be appresiated, really ;)

And finally, thx all for a very friendly and useful forum  ;D
Top
User avatar
tjay
Joomla! Intern
Joomla! Intern
Posts: 73
Joined: Thu Aug 18, 2005 1:50 am
Location: New Orleans
Contact:
Contact tjay

Re: Authorization in a wrapper

Post by tjay » Thu Aug 30, 2007 1:04 am

So are you needing write code in order to do this?
Or are you just asking how to restrict access to the wrapped page with the application on it?
This day it is my wish that I helped you to live
Top
arosenhave
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Wed Aug 29, 2007 9:01 pm

Re: Authorization in a wrapper

Post by arosenhave » Thu Aug 30, 2007 5:33 am

I aready have restricted access to the wrapper by making it only available to registered users. But still I would like to write some code into my application to verify that they actually access it through my site. It this was a component I could have in joomla I know I could write something like defined("_JX... something.

In other words I would like to force ppl to go there through the site (and login) and not by accidentally stumbeling upon my application by chance or as someone did; reading the source code and finding out they could just go to http://myappdomain.net/myapp.php rather than logging into the site first.


Thx for all answers guys.
Top
User avatar
seadap
Joomla! Intern
Joomla! Intern
Posts: 95
Joined: Mon Dec 04, 2006 12:22 am
Contact:
Contact seadap

Re: Authorization in a wrapper

Post by seadap » Thu Aug 30, 2007 2:59 pm

Put this:

Code: Select all

defined('_JEXEC') or die('Restricted access');


at the top of your wrapper.  That will kill requests for direct access.
Knowledge is realizing that the street is one-way, wisdom is looking both directions anyway.
Top
arosenhave
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Wed Aug 29, 2007 9:01 pm

Re: Authorization in a wrapper

Post by arosenhave » Fri Aug 31, 2007 5:09 pm

Unfortunately, this didn't do the tric. Gives me the Restricted access message even tho I access it through the wrapper on the site :(
Top
User avatar
moijafcor
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Thu Mar 02, 2006 9:41 am
Location: Santo Domingo, Dominican Republic
Contact:
Contact moijafcor

Re: Authorization in a wrapper

Post by moijafcor » Sat Sep 01, 2007 6:54 pm

You have to use some XSS techniques (-X-Cross Site Scripting) in order to pass variables between both applications; this way you can write some logic to block direct access and construct the wrapper mechanism.

Saludos.
Nicht mehr!
Los acentos en castellano omitidos intencionalmente. | Les accents et les signes en français omis intentionnellement.
http://bio.moisesjafet.com
Top
Post Reply

Return to “Joombie Coding Q/A”