0

I have a C# forms application that I would like to leverage my existing Joomla database for authentication permissions handling (user groups), but I cannot get past the authentication stage.

I am aware that I could query the DB directly but I would rather leverage Joomlas framework.

I tried some code I found here c# application login to joomla and while it may work great for Joomla 2.5, it seems to cause issues with 3.x and returns an Invalid Token message.

Any help would be greatly appreciated and thanks in advance.

Community
  • 1
  • 1
Wobbles
  • 3,033
  • 1
  • 25
  • 51
  • A fast solution would be to get rid of the invalid token issue altogether by commenting the responsible code out in the core. Just an idea. The downside of this is that the website will be open to brute force attacks. – itoctopus Jul 18 '14 at 19:54
  • 1
    Yea, unfortunately my site is already been the target of some attacks in the past and my host, HostGator, has a habit of just shutting my site down when it gets hacked. Getting rid of tokens would definitely not be wise. But I dont get it because the code lined supposedly uses session tokens, and putting some traces in shows that it is actually grabbing a valid token, but for some reason when it passes it back it, Joomla, won't accept it. – Wobbles Jul 19 '14 at 01:34
  • Have you looked at doing an authentication plugin? – Elin Jul 29 '14 at 02:47

1 Answers1

0

Are you sure that you're extracting the token correctly?

Looking at the post you point to that regex on my 3.3 installation pulls out multiple hits on the front-end and if I have debug enabled (which I always do) it pulls up lots of other numbers like session counters on the /administrator login screen.

I would try making the regex more specific e.g. 

<input.*?"([a-zA-z0-9]{32})".*?value="1".*>

http://regex101.com/r/bP6zO8/3

Community
  • 1
  • 1
Craig
  • 9,335
  • 2
  • 34
  • 38
  • I have to bookmark that tool, very handy, but still no luck. It does seem like a change that would be a good idea to keep in place anyway. Just to verify I escaped everything correctly; it should read `private const string _REGEXTOKEN = "";` – Wobbles Jul 19 '14 at 01:50
  • That's a shame, the escaping looks ok. The other regex tool, albeit simpler, I like is http://refiddle.com – Craig Jul 19 '14 at 01:58