Joomla 1.7 Authentication from external app

My aim is to check that a Joomla username and password is valid from my external application. It is not necessary that the user is logged into the system, just that their account exists. I decided to create my own authentication plugin based on the Joomla Authentication (JOOMLA_PATH/plugins/authentication/joomla). I only changed the name:

<?php
/**
 * @version     $Id: joomla.php 21097 2011-04-07 15:38:03Z dextercowley $
 * @copyright   Copyright (C) 2005 - 2011 Open Source Matters, Inc. All rights reserved.
 * @license     GNU General Public License version 2 or later; see LICENSE.txt
 */

// No direct access
defined('_JEXEC') or die;

jimport('joomla.plugin.plugin');

/**
 * Joomla Authentication plugin
 *
 * @package     Joomla.Plugin
 * @subpackage  Authentication.Webservice
 * @since 1.5
 */
class plgAuthenticationWebservice extends JPlugin
{
    /**
     * This method should handle any authentication and report back to the subject
     *
     * @access  public
     * @param   array   Array holding the user credentials
     * @param   array   Array of extra options
     * @param   object  Authentication response object
     * @return  boolean
     * @since 1.5
     */
    function onUserAuthenticate($credentials, $options, &$response)
    {
        jimport('joomla.user.helper');

        $response->type = 'Webservice';
        // Joomla does not like blank passwords
        if (empty($credentials['password'])) {
            $response->status = JAUTHENTICATE_STATUS_FAILURE;
            $response->error_message = JText::_('JGLOBAL_AUTH_EMPTY_PASS_NOT_ALLOWED');
            return false;
        }

        // Initialise variables.
        $conditions = '';

        // Get a database object
        $db     = JFactory::getDbo();
        $query  = $db->getQuery(true);

        $query->select('id, password');
        $query->from('#__users');
        $query->where('username=' . $db->Quote($credentials['username']));

        $db->setQuery($query);
        $result = $db->loadObject();

        if ($result) {
            $parts  = explode(':', $result->password);
            $crypt  = $parts[0];
            $salt   = @$parts[1];
            $testcrypt = JUserHelper::getCryptedPassword($credentials['password'],开发者_Go百科 $salt);

            if ($crypt == $testcrypt) {
                $user = JUser::getInstance($result->id); // Bring this in line with the rest of the system
                $response->email = $user->email;
                $response->fullname = $user->name;
                if (JFactory::getApplication()->isAdmin()) {
                    $response->language = $user->getParam('admin_language');
                }
                else {
                    $response->language = $user->getParam('language');
                }
                $response->status = JAUTHENTICATE_STATUS_SUCCESS;
                $response->error_message = '';
            } else {
                $response->status = JAUTHENTICATE_STATUS_FAILURE;
                $response->error_message = JText::_('JGLOBAL_AUTH_INVALID_PASS');
            }
        } else {
            $response->status = JAUTHENTICATE_STATUS_FAILURE;
            $response->error_message = JText::_('JGLOBAL_AUTH_NO_USER');
        }
    }
}

I added one more file to my plugin to access the authentication, I called it test_auth.php and it goes like this:

<?php
define('_JEXEC', 1 );
define('JPATH_BASE', 'C:\xampp\htdocs\joomla');
define( 'DS', DIRECTORY_SEPARATOR );

require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );

include("Webservice.php"); 

$credentials = array(
    'username' => 'test',
    'password' => 'test');

$options = array();

$response = array();

$auth = new plgAuthenticationWebservice();
$auth->onUserAuthenticate($credentials, $options, &$response);

var_dump($response);

But when I call it, it get these errors:

Warning: Missing argument 1 for JPlugin::__construct(), called in C:\xampp\htdocs\joomla\plugins\authentication\Webservice\test_auth.php on line 25 and defined in C:\xampp\htdocs\joomla\libraries\joomla\plugin\plugin.php on line 57

Fatal error: Call to a member function attach() on a non-object in C:\xampp\htdocs\joomla\libraries\joomla\base\observer.php on line 41

What am I doing wrong? I think I could place all php scripts outside and independent from joomla and work with require_once(JPATH_BASE .DS.'includes'.DS.'defines.php') etc. Or I could write a plugin, install it with the extension manager and won't struggle with an unavailable joomla framework. But in fact it won't work if I leave out defines.php and framework.php.

I think a guide for plugin creation in Joomla 1.7 would be helpful.

OK, i completely dropped my first try.

Instead I use JOOMLA_ROOT/libraries/joomla/user/authentication.php now (insprired by JOOMLA_ROOT/libraries/joomla/application/application.php).

My test_auth.php looks like this now:

<?php

define('_JEXEC', 1 );
define('DS', DIRECTORY_SEPARATOR);
define('JPATH_BASE', dirname(__FILE__) . DS . '..' . DS . '..' . DS . '..'); // assuming we are in the authorisation plugin folder and need to go up 3 steps to get to the Joomla root

require_once (JPATH_BASE .DS. 'includes' .DS. 'defines.php');
require_once (JPATH_BASE .DS. 'includes' .DS. 'framework.php');
require_once (JPATH_BASE .DS. 'libraries' .DS. 'joomla'. DS. 'user' .DS. 'authentication.php');

$mainframe =& JFactory::getApplication('site');
$mainframe->initialise();

$credentials = array(
    'username' => 'test',
    'password' => 'test');

$options = array();

$authenticate = JAuthentication::getInstance();
$response   = $authenticate->authenticate($credentials, $options);

if ($response->status === JAUTHENTICATE_STATUS_SUCCESS) {
    echo('<br />It works<br />');
}
var_dump($response);

For any improvements I would be deeply grateful!

EDIT: I dismissed the plugin installation. It is a simple external script, which wouldn't be called from Joomla itself. I simply moved it to a new folder in the Joomla root.