CODEWITHSUNDEEP
phpcsvmime-typesjoomla3.0joomla3.1
thecommonthread
thecommonthread

Reputation: 405

Deny access to file separate from Joomla if not logged into Joomla

I'm running Joomla 3.1 and I have an option in a custom component I've created that you can access when logged in to the Joomla admin backend that exports a CSV. It links to a PHP file that exports into a CSV (with a MIME type) and the data is personal and sensitive. Because this linked file is it's own separate entity, is there a way to include some PHP code at the beginning of this PHP file that checks if the user is logged in as an administrator and denies access if not?

Upvotes: 0

Views: 655

Answers (4)

cecilomar
cecilomar

Reputation: 13

This is how I solved this problem. It's pretty much /index.php from a Joomla! 3.1 installation without all the stuff that you don't need for this. You have to look for the group ID that you want to have access to the file. This script can only be used at the root of your Joomla! installation as is.

<?php
/**
 * @package    JoomlaSessionCustomScript.php
 *
 * @copyright  Copyright (C) 2013 Cecilomar Design, Inc. All rights reserved.
 * @license    GNU General Public License version 3 or later; see LICENSE.txt
 */

if (version_compare(PHP_VERSION, '5.3.1', '<'))
{
  die('Your host needs to use PHP 5.3.1 or higher to run this version of Joomla!');
}

/**
 * Constant that is checked in included files to prevent direct access.
 * define() is used in the installation folder rather than "const" to not error for PHP 5.2 and lower
 */
define('_JEXEC', 1);

if (file_exists(__DIR__ . '/defines.php'))
{
    include_once __DIR__ . '/defines.php';
}

if (!defined('_JDEFINES'))
{
    define('JPATH_BASE', __DIR__);
    require_once JPATH_BASE . '/includes/defines.php';
}

require_once JPATH_BASE . '/includes/framework.php';

// Instantiate the application.
JFactory::getApplication('site');

$jusersession = $_SESSION['__default']['user'];

///////////////////////////////////////////////////////////////////////////////////////////////////
// GroupID ////////////////////////////////////////////////////////////////////////////////////////
$groupid = 2; /////////////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////////////////////////


if($jusersession->guest == true){
    echo "Hello guest. You need to login to see the content in this area.";
} else{
    if($jusersession->groups[$groupid] == $groupid){

///////////////////////////////////////////////////////////////////////////////////////////////////
// INCLUDE YOUR CODE OR SCRIPT HERE! ////////////////////////////////////////////////////////////// 
///////////////////////////////////////////////////////////////////////////////////////////////////



    echo "It works!</br><pre>"; 

    // Explore the session variables.
    print_r($jusersession);

    echo "</pre>";



///////////////////////////////////////////////////////////////////////////////////////////////////

    }
}

?>

Upvotes: 1

Aditya
Aditya

Reputation: 1755

Fist get the logged in user object. Get his group id. The group id for super admin in Joomla 2.5+ is 8. So check if the user has group id=8 then allow access to the page.

$checkuser = JFactory::getUser();
$userGroups = $checkuser->get('groups');
if (in_array(8, $userGroups)){
  //allow access
}

Upvotes: 1

Bakual
Bakual

Reputation: 2731

Why don't you include this PHP file into the Joomla framework and let it work like a regular view?

If you want to have a standalone script check if a user is logged in, you would have to manually instantiate the Joomla framework in your file and do the check there. It's probably more work than to include the script into Joomla :-)

Upvotes: 0

Paul Dessert
Paul Dessert

Reputation: 6389

Something like this:

if($admin){
    //allow access
} else {
    //deny access
}

$admin is a placeholder and needs to be replaced

Upvotes: 0

Related Questions