Working Code Snippet: username/password validation with new JInput method

P

Peter_S

Member
Since I spent so much time on it and since the original thread got a bit rich, here's a summary of how to do a simple username/password login form with the new JINPUT method suggested by Joomla.org.

Needless to say the entire credit goes to troester for making it work, I'm just writing it up.

The complication is that you need to grab onscreen data and validate other onscreen against it.

This used to be a case for JRequest::getvar() but this is now deprecated and no longer encouraged by the Joomla team it seems.

So if in t1 in MySQL you have two fields `username` and `password` and on the login form (with 2 elements 'your_name' and 'pass_word') you wanted to validate that the user has entered the correct password, you would go:

Code: 
$jinput = JFactory::getApplication()->input;
$us = $jinput->get('t1___your_name');
$db = &JFactory::getDBO();
$db->setQuery(" SELECT `password` FROM `t1`
WHERE `username` = '$us'");
$pass = $db->loadResult();
return $data==$pass;
Where the last line (that I wasn't getting) compares your database pull with '$data' which is the current field's onscreen input.

You could additionally validate that the username exists in the first place and there's another working code snippet here:

http://fabrikar.com/forums/showthread.php?t=29403

of which you would be using the first part. You can figure it out.

Thanks
 
Thanks, for completeness, I'd code it slightly differently though:

PHP: 
$jinput = JFactory::getApplication()->input;

// This will stop jinput from filtering out characters such as '@, /' etc.
$us = $jinput->get('t1___your_name', '', 'string');

// No need to use =& unless you are on php4.
$db = JFactory::getDbo();

// Better to use Joomla's query builder for better database compatibility
$query = $db->getQuery(true);

// IMPORTANT - always use quote() for strings - just using '$us' is not secure.
$query->select('password')->from('t1')->where('username = ' . $db->quote($us));

$db->setQuery($query);
$pass = $db->loadResult();
return $data == $pass;
 
You must log in or register to reply here.

Useful links

  • Create a Fabrik Account (Downloads)
  • Create a Forum Account
  • Fabrik Wiki
  • Fabrik 4 Changelog /Install /Upgrade
    • We are in need of some funding.
    More details.

    Thank you.

    Members online

    No members online now.
    Total: 211 (members: 0, guests: 211)
    Back
    Top