Runnning our family website on Joomla, I've been looking for a simple way to incorporate my own php programs into the Joomla framework, and ideally using Joomla user autentication to controll acces to programs.

After trying several several modules for integrating own php code using Joomla extension, I had to give up this aproach, and go for inclusion using iframe integration (standard Joomla wrapper option).
This leads to the need in some way to pass Joomla user ID and 'credentials'. Thanks to this article 'CodeCharge goes Joomla', I got on the right track, and finally got it to work.

A litlle background info

I'm using AppGini for developing small php programs for family use, and used to integrate those in a simple intranet. This was externally hosted, and security based on setup in .htaccess file, allowing access only if originating from the IP addsress assigned to us by our ISP.
After converting our website to Joomla, the was growing pressure to integrate the intranet, making it accessible from anywhere - and of course it seemed the easy way just to use the Joomla acces control... It was not!
Just to clarify - I'm by no means a php expert. Most of my coding has been using AppGini generator, and finding ways to modify bits and pieces. The task of writing modules in Joomla is not one I feel ready to take on..

How to do it!

This way to do it is based on
  1. passing the current session-ID from Joomla to the target-web-page in the Joomla Wrapper (iFrame)
  2. in the target-page use the session-ID to retrieve user info from Joomla user file
  3. using Joomla user info to decide on acces to programs
  4. remember to keep passing session-ID!
I'll descibe the steps in details below...

Passing session-ID to target web page

To qoute the article mentioned...
 .. to pass the specific session-variable of Joomla to the iframe ....
The new concept of "Template Overrides" in Joomla 1.5.x makes it easy and there is no hack in the Joomla-core necessary. I assume knowledge about this concept, otherwise there is lot of information on the joomla-websites. You make a file in your joomla-templatey directory which should be: 

your_joomla_template/html/com_wrapper/wrapper/default.php to override the core-wrapper-component.

At the beginning of the source-code - right after the default "no direct access"- lines copy this:
$session =& JFactory::getSession();
$sid = $session->getId();

This passes the current joomla-sessionvariable to the variable $id through joomlaspecific functions. $id must now be added to the url, which calls the iframe in Joomla-framework - to be found a litte bit below:

   src="/joomla/wrapper->url; ?>"
is modified to: 
   src="/joomla/wrapper->url."?sessioncookie=$sid"; ?>"

Passing a sessionvariable to the iframe doesn't work in the Joomla-Framework - I don't know why. I get the error "Notice: Undefined index: sessioncookie in ..... " - sessioncookie as sessionvariable is not recognized by the iframe. url works!
To eleborate just a litle.. You have to copy the standard php file from the Joomla folder, to a new folder in Your template folder! For me that was:
...and then modify the source as described. That completes Joomla modifications! Remember to check future Joomla relases for changes to the wrapper component, and update Your modified copy as needed!
Beware! This change in template might cause problmes if You use wrapper for other purposes - as other pages might take the passes sessioninfo as an error. Should this happen, You'll have to create a second copy of your template, doing the changes to this, and assign it for these specific wrapper pages - thus only passing sessioninfo to pages who need it!

Retrieve user info from Joomla user file

I'm sure You know that allready, but I did not... SO - just to make certain: Joomla keeps track of active users by maintaining records in the table jos_session in the MySQL database.
To get information on the current user, all You have to do is to check if the session ID is still found in the table, and retrieve user details.
I have written a litle php module called jos_info.php to be included in my programs. It looks like this
// this script access Joomla sessidon database: jos_session to verify sessionid, and retrieve user info
// fields: username, time, session_id, guest, userid, usertype, gid, client_id, data  
// must be called from AppGini application

// Set flag that this is a parent file
// define( '_JosAppG', 1 ); // define for later test if module called directly
// OR
// no direct access
defined( '_JosAppG' ) or die( 'Restricted access' );

// DB login information
$jos_username = 'dbuser'; // restrict user to read just this table if possible
$jos_password = 'dbpassword';
$jos_database = 'dbname';
$jos_host     = 'dbserver';
 /****** Connect to MySQL ******/
echo "
ERROR: PHP is not configured to connect to MySQL on this machine. Please see this page for help on how to configure MySQL.

if(!mysql_connect($jos_host, $jos_username, $jos_password)){
echo "
ERROR: can not connect to server.

/****** Connection Charset ********/
@mysql_query("SET NAMES 'utf8'");
/****** Select DB ********/
echo "
ERROR: can not access database.

if(!$result = @mysql_query("select * from jos_session where session_id='".$sessioncookie."'")){
echo "
ERROR: can not find session in database.
$row = mysql_fetch_assoc($result);
$app_user=$row['username']; }

/* echo "  username: ".$app_user; ...handy for testing purposes */
Notice the 'defined( '_JosAppG' ) or die( 'Restricted access' );' This is the standard Joomla way to make sure that individual php modules are not accessed directly, and this is of course adopted here as well.

Using Joomla user info

Now, to actually use the Joomla seesion and user info in Your own php programs, You have to add a few lines of code right in the start of the first php page.
First it is necessary to retrieve the passed sessionid:

   /* echo $sessioncookie; handy for testing puposes */
Then You have to set the flag as this IS the parent file:
   define( '_JosAppG', 1 ); // define for later test if module called directly
And finally You include the php module doing the rest of the job

Comments powered by CComment