I am using Joomla 1.5 and I am already aware of some of the difficulties associated with creating Joomla accounts from third party domains and scripts and authenticating with Joomla (logging in) from a third party domain / script.
My understanding is that the difficulty lies in the usage of a secret key to salt the MD5 hashed password for added security, and that this key resides in the configuration.php file.
That once Joomla 1.5 is installed, in configuration.php we already have a secret key in the form of:
var $secret = 'xxxxxxxxxxxxxxxxxxx';
Now assuming that we have access to the jos_users and jos_sessions table, is it not possible to create a simple PHP script (that given the Username, Password, MD5 hashed and salted using the secret key) that we could use to bypass Joomla completely and handle signup, login, logout and session data directly via the MySQL database without the need to touch the Joomla installation at all?
I would like to do this by creating an /api folder as a project and build on this platform.
I have much to learn I know, but I am hoping, logically, a reusable piece of code can be constructed.
If not,I understand that perhaps a simple plugin maybe needed to help facilitate these features using XML-RPC from within the Joomla Framework, however I would prefer to avoid this route.
.
forums.androidcentral.com
No comments:
Post a Comment