Joomla 2.5 - Log user in without password

3
votes

I'm building a custom joomla component and am looking into ways I can set a login session without using an account password. I already have:

$app = &JFactory::getApplication('site');

$result = $app->login(array(

    'username' => 'james',
    'password' => 'password'

));

Which obviously requires the users password. I have access to the user ID and username so either of these handles can be used. Is there another object or method I can use to log a user in or is there some custom solution I can use e.g manually set all required $_SESSION variables?

Thanks in advance, any help much appreciated :)

2
phploginjoomla
Why would you want to do that? - Mr_Chimp
So in the components admin area you can login as that user and view their account, it's necessary for the project :) - jhukdev
I'm not to familiar with Joomla so I can't answer your question but you're trying to bypass the Joomla login security. I'm guessing the passwords will be hashed before they are stored (if not, they should be!) so you can't extract the password from the database. I expect you would have to hack about with the login module and add some way of bypassing the password check - maybe directly setting the session variables that Joomla sets when a user logs in. I'd be careful how you do it though as you may expose a password-less route into your site for anyone that wants it. Hope that helps. - Mr_Chimp

2 Answers

6
votes

IMPORTANT: Is necesary to add the session Object after // Register the needed session variables

// Register the needed session variables
$session =& JFactory::getSession();
$session->set('user', $jUser);

Excellent, thx

5
votes
//log user in
if(!JFactory::getUser()->id)
{
    $email = (string)$response['linkedin']->{'email-address'};

    $db = JFactory::getDbo();
    $app = JFactory::getApplication();

    $sql = "SELECT * FROM #__users WHERE email = " . $db->quote($email);
    $db->setQuery($sql);
    $result = $db->loadObject();

    if($result->id)
    {
            $jUser = JFactory::getUser($result->id);
            //$userarray = array();
            //$userarray['username'] = $jUser->username;
            //$userarray['password'] = $jUser->password;
            //$app->login($userarray);              

            $instance = $jUser;     
            $instance->set('guest', 0);

            // Register the needed session variables
            $session =& JFactory::getSession();
            $session->set('user',$jUser);


            // Check to see the the session already exists.                        
            $app->checkSession();

            // Update the user related fields for the Joomla sessions table.
            $db->setQuery(
                    'UPDATE '.$db->quoteName('#__session') .
                    ' SET '.$db->quoteName('guest').' = '.$db->quote($instance->get('guest')).',' .
                    '   '.$db->quoteName('username').' = '.$db->quote($instance->get('username')).',' .
                    '   '.$db->quoteName('userid').' = '.(int) $instance->get('id') .
                    ' WHERE '.$db->quoteName('session_id').' = '.$db->quote($session->getId())
            );
            $db->query();

            // Hit the user last visit field
            $instance->setLastVisit();          

            //return true;

            $app->redirect('index.php?option=com_community&view=profile');
    }
    else
    {

            $url = "index.php?option=com_community&view=register";
            $app->redirect($url,'We did not find your email address in our system. Please register.');
            //echo "redirect to registration page";
            //exit();


            //$url = 'index.php?option=com_users&view=registration&name=' . $user_profile['name'] . '&username=' . $user_profile['username'] . '&email=' . $user_profile['email'];
            //$url = JRoute::_($url);
            //$app->redirect($url);
    }

}