Sandbox

Hi

I have a PHP script which I am using at work for logging student attainment.  The Intranet we use is Joomla currently Joomla 1.0.13 and I hope to move it to Joomla 1.5 RC2.

I'd like the script to call up the usernames and passwords in the Joomla tables for added security.  How do I do this when it runs independently of Joomla?  Additionally with the mda5 password being stored with a salt for added security in 1.0.13 and 1.5 what do I need to do?

cheers

J.

There are a few ways to do this.

The first option would be to develop an XML-RPC plugin that would allow external scripts to contact your Joomla! site to authenticate.  You would then also have to figure out the logic of a RPC client in your external scripts.

The second option would be to query the database directly.  Basically, when a user in an external script tries to authenticate, you take their username and retrieve the password entry that is stored in the database for that user.

Then, you take the password entry and extract the salt from it.  The password is stored in the format : md5Hash:salt.  So, you do:
list( $pass, $salt ) = explode( ":", $storedPassword );

Then you authenticate using:
$authenticated = ($pass == md5( $passwordFromForm . $salt ));

Ian