|
Written by Kirby
|
|
Sunday, 13 July 2008 20:38 |
|
I recently had to authenticate against an outside server for Registered User content access. This isn't a huge amount of code but hopefully this will help someone save some time.
Create a new plugin by creating 2 files in your plugin/authentication directory. Best way to do this is copy example.php
and example.xml. Edit the new xml file to reflect your project's values. Make sure you add a record to jos_plugins using phpmyadmin or your MySQL GUI of choice. I'm a fan of Navicat. Use the command-line if you have to, but add the record...
Anyway, below is the code you'll want to base your php file on:
// Check to ensure this file is included in Joomla!
defined('_JEXEC') or die();
jimport( 'joomla.plugin.plugin' );
class plgAuthenticationWebservice extends JPlugin
{
/**
* Constructor
*
* For php4 compatability we must not use the __constructor as a constructor for plugins
* because func_get_args ( void ) returns a copy of all passed arguments NOT references.
* This causes problems with cross-referencing necessary for the observer design pattern.
*
* @param object $subject The object to observe
* @param array $config An array that holds the plugin configuration
* @since 1.5
*/
function plgAuthenticationWebservice(& $subject, $config) {
parent::__construct($subject, $config);
}
/**
* This method should handle any authentication and report back to the subject
*
* @access public
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
* @since 1.5
*/
function onAuthenticate( $credentials, $options, &$response )
{
require_once(JPATH_LIBRARIES.DS.'phpxmlrpc'.DS.'xmlrpc.php');
$message = '';
$success = 0;
if (strlen($credentials['password']) && strlen($credentials['username']))
{
$client = new xmlrpc_client("/servlet/XmlRpc", "somemachine.somedomain.com", 80);
// let client give us back php values instead of xmlrpcvals
$client->return_type = 'phpvals';
$xmlrpcmsg = new xmlrpcmsg('some.service',
array(php_xmlrpc_encode($credentials['password'],
php_xmlrpc_encode($credentials['username'])));
$response =$client->send($xmlrpcmsg);
$success = (boolean)$response->value();
}
else {
$message = 'you need to submit a username and passcode!';
}
if ($success)
{
$response->status = JAUTHENTICATE_STATUS_SUCCESS;
$response->error_message = '';
$response->fullname = "some users fullname"; //might not need this
$message = 'Access granted';
}
else
{
$response->status = JAUTHENTICATE_STATUS_FAILURE;
$response->error_message = 'Failed to authenticate: ' . $message;
}
}
}
Of course this assumes you have a webservice that's handing back a boolean. YMMV depending on how your service is set up. Also, the situation above didn't require real security as you'll notice it's running over port 80. You may want to run it over SSL. Not sure whether it would affect this code other than specifying another port number.
|
