Accessing the current user object

2012-11-30T17:53:49Z

Rannmann: /* External Links */ Updated URL

== Basics ==

For every request in Joomla!, there is one user. Information about this user is readily available through the Joomla! framework in the form of an object. To get this object for the current user, use the following member function of JFactory:

<pre>
$user =& JFactory::getUser();
</pre>

Or, to get information about any other registered user you can call the function with a user 'id', e.g. for user '99'; or a username e.g. 'johnsmith':

<pre>
$user =& JFactory::getUser(99);
$user =& JFactory::getUser('johnsmith');
</pre>

Getting a reference through getUser() ensures that only one user object is created during any one Joomla! request, saving on memory and processing time. Most of the information about the user is available through public member variables of the user object. This code displays the current user's name, email, user name, user type, and group id:

<pre>
echo "Your name is {$user->name}, your email is {$user->email}, and your username is {$user->username}";
echo "Your usertype is {$user->usertype} which has a group id of {$user->gid}.";
</pre>

== Object Member Variables and Parameters ==

These are the relevant member variables automatically generated on a call to getUser():

<ul>
<li>id - The unique, numerical user id. Use this when referencing the user record in other database tables.</li>
<li>name - The name of the user. (e.g. Vint Cerf)</li>
<li>username - The login/screen name of the user. (e.g. shmuffin1979)</li>
<li>email - The email address of the user. (e.g. crashoverride@hackers.com)</li>
<li>password - The encrypted version of the user's password</li>
<li>password_clear - Set to the user's password only when it is being changed. Otherwise, remains blank.</li>
<li>usertype - The role of the user within Joomla!. (Super Administrator, Editor, etc...)</li>
<li>gid - Set to the user's group id, which corresponds to the usertype.</li>
<li>block - Set to '1' when the user is set to 'blocked' in Joomla!.</li>
<li>registerDate - Set to the date when the user was first registered.</li>
<li>lastvisitDate - Set to the date the user last visited the site.</li>
<li>guest - If the user is not logged in, this variable will be set to '1'. The other variables will be unset or default values.</li>
</ul>

In addition to the member variables (which are stored in the database in columns), there are parameters for the user that hold preferences. To get one of these parameters, call the getParam() member function of the user object, passing in the name of the parameter you want along with a default value in case it is blank.

<pre>
$user =& JFactory::getUser();
$language = $user->getParam('language', 'the default');

echo "Your language is set to {$language}.";
</pre>

== Determining Status ==

Frequently, you will just want to make sure the user is logged in before continuing. The 'guest' property will be set to '1' when the current user is not logged in. When the user is authenticated, 'guest' will be set to '0'.

<pre>
$user =& JFactory::getUser();

if ($user->guest) {
echo "You must login to see the content. I want your email address.";
} else {
?>

<h1>Impromptu leftovers salad that goes well with fish</h1>
<ul>
<li>1/2 cup chopped celery</li>
<li>1/4 cup raisins</li>
<li>1 teaspoon Extra Virgin Olive Oil</li>
<li>2 tablespoons of faux Thai lemongrass marinade</li>
<li>1/4 cup shredded fresh basil</li>
<li>Sprinkling of dill weed</li>
<li>Big pinch of kosher salt</li>
<li>Several lettuce leaves</li>
</ul>

Wash the lettuce and basil and place in a salad bowl.
Get out a much smaller bowl and swish around all of the remaining ingredients. Pour this over the greens and toss.
Serves two.
<?php
}
</pre>

== Privileges ==

Not all authenticated users are given equal rights. For instance, a Super Administrator may be able to edit anyone's content, while a Publisher may only be able to edit their own. The authorize() member function can be used to determine if the current user has permission to do a certain task. The first parameter is used to identify which component or function we wish to authenticate against. The second represents the task. The third and fourth are optional; they further break the permissions down into record types and ownership respectively.

In Joomla! 1.5, the rights for all of the core components are stored in libraries/joomla/user/authorization.php. These are available to all extensions wherever authentication is required. If the permission scheme of the Content component suits your extension's needs, you can use code similar to the following to determine what functions to give to a specific user.

<pre>
$user =& JFactory::getUser();

if ($user->authorize('com_content', 'edit', 'content', 'all')) {
echo "You may edit all content.";
} else {
echo "You may not edit all content.";
}

if ($user->authorize('com_content', 'publish', 'content', 'own')) {
echo "You may publish your own content.";
} else {
echo "You may not publish your own content.";
}
</pre>

The permissions for core functions may not be suitable for your extension. If this is the case, you can create your own permissions. You will probably want to add this code in a place where it will always be executed, such as the beginning of the component you are building or in a systemwide plugin. First, you need to get an authorization object using the getACL() member function of JFactory. This works like getUser() in that it only creates one authorization object during any particular Joomla! request. Once you have this object, call the addACL() member function to add permissions. Pass in the name of your component or function, the task name, the string 'users', and the user type (in lowercase) respectively. If you want to also define record sets and ownership, pass those in as an additional two parameters.

Note that in Joomla! 1.5, permissions are not inherited. For example, if you give an Administrator the right to edit content, Super Administrators do not automatically get this right; you must grant it separately.

<pre>
$auth =& JFactory::getACL();

$auth->addACL('com_userinfo15', 'persuade', 'users', 'super administrator');
$auth->addACL('com_userinfo15', 'persuade', 'users', 'administrator');
$auth->addACL('com_userinfo15', 'persuade', 'users', 'manager');

$user =& JFactory::getUser();

if ($user->authorize('com_userinfo15', 'persuade')) {
echo "You may persuade the system to do what you wish.";
} else {
echo "You are not very persuasive.";
}
</pre>

== Summary ==

Information about the current user is readily available in any part of your Joomla! extension. You need only fetch the object and access the member variables. You can authorize the user against the core permissions set, or create your own to suit your needs.

== External Links ==

[http://api.joomla.org/Joomla-Platform/User/JUser.html JUser API documentation] see getInstance.

[[Category:Development]]
[[Category:Tutorials]][[Category:Framework]]
[[Category:Module Development]]
[[Category:Plugin Development]][[Category:Component Development]]

J2.5:LDAP Authentication

2011-12-22T01:31:37Z

Rannmann: Created page with "= LDAP Authentication in 1.7 = LDAP Authentication is disabled by default because it needs to first be configured before enabled. To configure this plug-in, go to the Plug-in Ma..."

= LDAP Authentication in 1.7 =
LDAP Authentication is disabled by default because it needs to first be configured before enabled. To configure this plug-in, go to the Plug-in Manager and search for "Authentication - LDAP".

== Configuration ==
The options should look similar to this:
<pre>
Host: localhost
Port: 389
LDAP V3: No
Negotiate TLS: No
Follow Referrals: No
Authorisation Method: Bind and Search
Base DN:
Search String:
User's DN:
Connect Username:
Connect Password:
Map: Full Name: fullName
Map: email: mail
Map: UserID: uid
</pre>

Assuming everything on your server is setup correctly (and the standard port is used), the only information that needs changed for a Bind and Search method is:
* Host
* LDAP V3
* Base DN
* Search String

=== What these entries mean ===
{| class="wikitable"
|-
! scope="col" width="40" | Option Name
! scope="col" width="400" | Meaning
! scope="col" width="150" | Examples
|-
| Host
| Host name of the LDAP server
| localhost openldap.mycompany.org ldaps://ldap.company.org
|-
| Port
| Port to connect to host
| 389
|-
| LDAP V3
| Whether or not the LDAP server is using LDAP Version 3 or not
| No, Yes
|-
| Negotiate TLS
| Negotiate TLS encryption with the LDAP server (requires all traffic to be encrypted)
| No, Yes
|-
| Follow Referrals
| Sets the value of LDAP_OPT_REFERRALS (Set to "No" for Windows 2003 servers)
| No, Yes
|-
| Authorisation Method
| How to authorize against the LDAP server
| Bind and Search, Bind Directly as User
|-
| Base DN
| The lowest-level Distinguished Name
| dc=company,dc=com, o=company.com, c=us,o=company.com
|-
| Search String
| Only used with Bind and Search - a query string used to search for the user, where [search] is directly replaced by search text from the login field
| uid=[search]
|-
| User's DN
| Only used with Bind Directly as User - a string used to authenticate as a user, where [username] is directly replaced by the username from the login field
| uid=[username],dc=company,dc=com
|-
| Connect Username
| Only used if not an anonymous lookup - administrator username
| admin
|-
| Connect Password
| Only used if not an anonymous lookup - administrator password
| password
|-
| Map: Full Name
| LDAP Attribute which holds the user's full name
| fullName, givenName, name
|-
| Map: email
| LDAP Attribute which holds the user's email address
| mail
|-
| Map: User ID
| LDAP Attribute which holds the user's ID
| uid
|}

=== Example Configuration ===
On an Ubuntu server accessing an external LDAP V3 server, using the "Bind and Search" method with anonymous lookups enabled:
<pre>
Host: ldaps://ldap.us.site
Port: 389
LDAP V3: Yes
Negotiate TLS: No
Follow Referrals: No
Authorisation Method: Bind and Search
Base DN: dc=site
Search String: uid=[search]
User's DN:
Connect Username:
Connect Password:
Map: Full Name: fullName
Map: email: mail
Map: UserID: uid
</pre>

= Errors =
Just because some these aren't documented anywhere else on the web, this seems like the best place to keep track of some common, or uncommon but hard to diagnose errors.
== 500 Error ==
If after enabling this plugin you are receiving 500 errors when attempting to login, make sure that the php5-ldap package is installed (and loaded) on the server.

== Invalid Credentials ==
If you cannot login with credentials you know to be accurate and are using an LDAP server which requires "ldaps://" instead of "ldap://", the protocol prefix must be applied in the "Host" field.

Joomla! Documentation - User contributions [en]

Accessing the current user object

J2.5:LDAP Authentication