CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site

This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • Joomla authentication plugin that checks for current CiviCRM membership
Pages: [1] 2

Author Topic: Joomla authentication plugin that checks for current CiviCRM membership  (Read 7798 times)

speleo

  • Ask me questions
  • ****
  • Posts: 396
  • Karma: 28
  • CiviCRM version: 4.3.1
  • CMS version: J! 2.5,9
  • MySQL version: 5.1
  • PHP version: 5.3.24
Joomla authentication plugin that checks for current CiviCRM membership
June 14, 2008, 04:31:20 pm
Want to restrict Joomla 1.5 site logins to users with current CiviCRM memberships?

Following on from from this discussion "Possible? Tie Joomla site registration directly into CiviMember" http://forum.civicrm.org/index.php/topic,3362.0.html I investigated if it was possible to write a Joomla Authentication plugin that would do this:

  • Use the Joomla user table to authenticate against and then
  • check that that user has a current CiviCRM membership record

The result is the attached CiviCRM Authentication Plugin for CiviCRM.

Notes on using this plugin
1. the civicrm_membership_status_calc() function does not handle admin status overrides (is this an oversight?)
2. You may need to modify the $civicrm_is_current variable to  match you installation
3. there are no redirects based on lack of membership
4. not tested with multiple memberships per contact
5. Joomla does not display login failure msgs to the use
6. For Joomla 1.5 only

To use this plug simply install it via the Joomla Extension Install routine. Next goto the Plugin Manager and enable it and disable the Authentication - Joomla plugin.

It is vital that your admin user has a corresponding CiviCRM membership or you will be locked out of your Joomla Admin. If you are locked out then you'll need to go into PMA and toggle the relevant published fields in jos_plugins.


I'm sure that this code could be written cleaner or provide more functionality. One area of interest would be to be able to redirect a user with a lapsed contact record to a CiviContribute membership renewal page.

Enjoy!
« Last Edit: June 14, 2008, 04:33:17 pm by speleo »

speleo

  • Ask me questions
  • ****
  • Posts: 396
  • Karma: 28
  • CiviCRM version: 4.3.1
  • CMS version: J! 2.5,9
  • MySQL version: 5.1
  • PHP version: 5.3.24
Re: Joomla authentication plugin that checks for current CiviCRM membership
June 15, 2008, 03:35:26 am
Found a bug on line 116 when initiating CiviCRM

Code: [Select]
require_once 'administrator/components/com_civicrm/civicrm.settings.php';
When logging in to the administrator backend the statement needs to reference the full path. Need to add the full path to get this working.

Code: [Select]
require_once JPATH_ROOT.'/administrator/components/com_civicrm/civicrm.settings.php';
hmmm
« Last Edit: June 15, 2008, 11:21:33 am by speleo »

Dave Greenberg

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 5760
  • Karma: 226
    • My CiviCRM Blog
Re: Joomla authentication plugin that checks for current CiviCRM membership
June 16, 2008, 03:22:44 pm
Once you've got this where you're happy with it - would be good to post some info / links on the wiki:
http://wiki.civicrm.org/confluence/display/CRMDOC/Third+Party+Modules

... you might also want to post a blog about it at http://civicrm.org/blog :-)
Protect your investment in CiviCRM by  becoming a Member!

speleo

  • Ask me questions
  • ****
  • Posts: 396
  • Karma: 28
  • CiviCRM version: 4.3.1
  • CMS version: J! 2.5,9
  • MySQL version: 5.1
  • PHP version: 5.3.24
Re: Joomla authentication plugin that checks for current CiviCRM membership
June 23, 2008, 04:43:58 pm
Thanks Dave.

I'm planning on putting this into production in the next few weeks and will work on getting it into better shape. For now it appears to meet my requirements but I'd like to make it more flexible for the rest of the community. A good way forward would be to get some params setup so it can be configured from admin rather than hacking the file direct.

From the lack of response I'm a little discouraged by the Joomla CiviCRM community. Personally I'd like to see the integration get stronger along the lines of drupal. 

I keep on hearing that Drupal has better hooks than Joomla and one of my bug bears is when one of my Joomla users changes email. From what I can see Joomla does have tool here and I like to get a better understanding of how Drupal handles a user / contact changing their email address. Assuming this is done in a civicrm profile surely this can get written back to the Joomla user table since we already know who they are through UFMatch.  Wouldn't JUser::save handle this http://api.joomla.org/Joomla-Framework/User/JUser.html#save

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Joomla authentication plugin that checks for current CiviCRM membership
June 23, 2008, 05:43:05 pm

THis has been fixed in 2.1

When a user changes their email address in CiviCRM (via a profile etc), the change also gets saved in the joomla users table

The next thing we need to do is to implement the 'onStore' user hook and mirror a change in the Joomla email record in CiviCRM.

lobo
 
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

speleo

  • Ask me questions
  • ****
  • Posts: 396
  • Karma: 28
  • CiviCRM version: 4.3.1
  • CMS version: J! 2.5,9
  • MySQL version: 5.1
  • PHP version: 5.3.24
Re: Joomla authentication plugin that checks for current CiviCRM membership
June 24, 2008, 04:26:38 am
Excellent! Thanks for the heads up!

rogerco

  • I post occasionally
  • **
  • Posts: 66
  • Karma: 5
Re: Joomla authentication plugin that checks for current CiviCRM membership
July 03, 2008, 05:14:06 am
Quote from: Donald Lobo on June 23, 2008, 05:43:05 pm
THis has been fixed in 2.1
When a user changes their email address in CiviCRM (via a profile etc), the change also gets saved in the joomla users table
The next thing we need to do is to implement the 'onStore' user hook and mirror a change in the Joomla email record in CiviCRM.
lobo
 

Is there any way to hack this back into 2.0.x - details of what the changes were. As speleo says it should be possible to do a call to Juser::save. I suppose I could do this on the exit url from a front-end profile edit form. Bit inflexible, but should work?

Since the site I am working on will be live before 2.1 and once live I will not want to do a version upgrade for at least 10 months I am very keen to solve this (synchronising email changes between J1.5.x and Civi 2.0.x) in the existing stable code.

I need to be able to have Joomla logins who are not CiviCRM contacts so really I need bi-directional saving (and in both cases the user might not exist in the other half - not all Civi individuals will be registered users on the site and vice versa)

RogerCO

speleo

  • Ask me questions
  • ****
  • Posts: 396
  • Karma: 28
  • CiviCRM version: 4.3.1
  • CMS version: J! 2.5,9
  • MySQL version: 5.1
  • PHP version: 5.3.24
Re: Joomla authentication plugin that checks for current CiviCRM membership
July 03, 2008, 05:26:48 am
RogerCo,

I'm sure that lobo could give you a full pointer but this might be the right place...
http://fisheye.civicrm.org/viewrep/CiviCRM/trunk/CRM/Core/BAO/CMSUser.php?r1=13745&r2=14533

http://issues.civicrm.org/jira/browse/CRM-2820

Henry

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Joomla authentication plugin that checks for current CiviCRM membership
July 03, 2008, 12:19:00 pm

roger:

henry has given you the right links :)

Synchronizing the other way in joomla 1.0.x is a bit problematic, since joomla 1.0 does not fire hooks when a use record is created/updated. This has been added in joomla 1.5.x and hence we can have the same behavior as drupal

i.e. all joomla users are civicrm contacts, note that all civicrm contacts are not joomla users

to do that latter in 1.0.x, you'll need to basically run a cron job to create a joomla user for a civi contact who does not have a user associated with it. alternatively, you can also do this by implementing the civicrm contact hook.

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

rogerco

  • I post occasionally
  • **
  • Posts: 66
  • Karma: 5
Re: Joomla authentication plugin that checks for current CiviCRM membership
July 03, 2008, 01:11:52 pm
Thanks lobo,

I'm actually on J1.5 with CiviCRM 2.0.2 (yes I know that is "not supported" but it works just fine so far. J1.0 is really deprecated and all new sites will be using 1.5, I have moved all of my old J1.0 sites to J1.5 now - legacy mode allows most things to work)

In my particular case I certainly don't want all CiviCRM contacts to be Joomla users, and I probably don't want all Joomla users to be CiviCRM contacts. In fact I think it is quite important not to enforce this - imagine you are using CiviCRM to track supporters and members in a particular area. You might want only members to be able to become front-end (J or D) users as you might be exposing other things to front end users in the normal way (eg document libraries, forums, mail list, as well as content pages). So you might not want supporters who are non-members to have access to the logged-in part of the front-end, hence not be J (or D) users. Conversely you might have members in other areas who you want to be able to give access to all of your registered user front-end goodies but not actually to be registered as contacts in the CiviCRM database - another territory might be tracking their membership.

So from my point of view the model you describe (all front-end users have to be CiviCRM contacts) is not good.

As part of my mod to use CiviCRM groups for access control in the Joomla front end I check and warn if the Joomla and CiviCRM primary email addresses are not the same - but again I don't want to enforce this as I am aware that many people these days have 2 or more email addresses - often a 'free' one they use for website signups and a private one which might be in the CiviCRM contact details - enforcing equality after the initial link between the Joomla and CiviCRM user tables would be bad news.

RogerCO

speleo

  • Ask me questions
  • ****
  • Posts: 396
  • Karma: 28
  • CiviCRM version: 4.3.1
  • CMS version: J! 2.5,9
  • MySQL version: 5.1
  • PHP version: 5.3.24
Re: Joomla authentication plugin that checks for current CiviCRM membership
July 03, 2008, 02:33:50 pm
RogerCo,

You've got an interesting access model going on there. You imply that you want to give front end CMS access to CiviCRM (CiviMember ?) users and normal CMS registered users. Could you give us some insight as to how this can be managed.

Henry

rogerco

  • I post occasionally
  • **
  • Posts: 66
  • Karma: 5
Re: Joomla authentication plugin that checks for current CiviCRM membership
July 03, 2008, 03:37:59 pm
Hi Henry
Apologies in advance for a long reply - I'll try and be concise.

The client has several layers and areas of organisation. National, Regional and Local as well as interest groups cutting across these layers. The site is provides resources for members of the organisation which includes using CiviCRM to manage details of members and supporters for one particular region.

Very few people are given access to the backend - essentially only techies - most user access is exposed through the front-end using profiles and access control (in my case using Joomla 1.5 and my mod to use groups for access control - I guess Drupal sites would use the CiviCRM ACL roles)

The home page of the site is of course publicly visible - but mostly consists of links to other public sites belonging to the organisation and a log-in form.

A registered Joomla user once logged in can see the rest of the site - which includes many facilities other than CiviCRM - which may be of interest to members of the organisation from other regions. Thus it is necessary to be able to create Joomla users who are not CiviCRM contacts. Of course you could argue that there would be no harm in automatically creating CiviCRM records for them but there is no need as their membership details are managed elsewhere and the primary focus of this application is activities within this particular region. I would rather not clutter the database with spurious contact records for foreign users.

For members in the region the CiviCRM data is tracking their personal details, roles, activities, membership details, local and other group membership within the organisation. If a member has a Joomla login then they can see (and edit some of) their personal information, and depending on their membership of groups used for access control may be able to see other profiles and lists. Not all members will have or even want a Joomla login (about 25% don't even have an email address)

In the CiviCRM contact data I am also keeping details of supporters in the region who are not members. These CiviCRM contacts (supporters) would never be given Joomla logins - most of the site is for members only. If they wish to see the personal data held about themselves they make a data protection request in the normal way (UK law). Some groups of members will have access to some views edits of the supporters information. So for example the communications member group might have access to the details of all contacts, both members and supporters, who have poster sites available - exposed on the frontend through a profile whose access through the menu is limited to the communications group.

To get a (Joomla) login to the site a user has to request a login by email (or a form on the site) giving their membership details - for members from other regions their details have to be checked elsewhere before they are given their login. In principle I could automate the process for members in the region whose contact details are in CiviCRM - but that would then rely on them using the same email address for their Joomla registration as is held with their membership details - not all will. In addition I find that some members share the same email address so the email address is not unique in the CiviCRM contact details. So adding frontend CMS users is a manual operation after checking that they are genuine members somewhere in the organisation.

New members are at the moment always added as contacts on the backend because the details are passed from another system (national or local level) and it is frankly easier and safer to import a row or rows from a spreadsheet than retyping everything and introducing mistakes. Once held in this system any changes in personal details (made by the user or an authorised membership officer) entered into the system are automatically reported back to national and local level by email.

New supporter details can be added through a front-end profile form or the backend.

So in summary I need to have Joomla users who are not and never will be CiviCRM contacts as well as CiviCRM contacts who never will be Joomla users. I would have thought that this must be not an uncommon requirement so maybe I am missing something obvious, or maybe Drupal is very different.

For access control on the frontend I have modified the Joomla CiviCRM component file so that when creating a menu item to access a CiviCRM profile on the frontend you can not only use the standard Joomla access levels (public/registered/special) to control visibility of the menu item, but you can also use CiviCRM groups to control access to the profile pages. I imagine this does very simply what in Drupal you do using the CiviCRM ACL roles and permissions. There is probably more sophistication in the integral solution, but simple access control using groups works fine for me - we'll have to see how it goes if the number of access groups multiplies.

RogerCO

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Joomla authentication plugin that checks for current CiviCRM membership
July 03, 2008, 04:06:54 pm

roger:

In 2.0, a Joomla user becomes a civicrm contact ONLY when they access a civicrm page or if you synchronize joomla users and civicrm contacts.

When we implement the joolmla 1.5 user plugins, a civicrm contact will be created whenever a joomla user is created/edited. This is the way it works with drupal right now. We have not implemented it as yet, so i dont have too many details on how/when this will happen

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

rogerco

  • I post occasionally
  • **
  • Posts: 66
  • Karma: 5
Re: Joomla authentication plugin that checks for current CiviCRM membership
July 04, 2008, 01:23:23 am
Hi lobo,

Quote from: Donald Lobo on July 03, 2008, 04:06:54 pm
In 2.0, a Joomla user becomes a civicrm contact ONLY when they access a civicrm page ...

Aaargh !! So it does. That's a bit of a nuisance - I don't suppose there is an easy way of disabling this behaviour is there? It'll be ok so long as I don't need to expose any CiviCRM access to CMS registered users who are not contacts, but it would be nice to disable this.

Quote from: Donald Lobo on July 03, 2008, 04:06:54 pm
When we implement the joolmla 1.5 user plugins, a civicrm contact will be created whenever a joomla user is created/edited.

Please please make this behaviour optional. As explained above I do not want to have spurious contact records created whenever a user is registered on the front end. I want this to be optional both ways.

What I am looking for now is a way to add a 'register Joomla user' option on the contact edit form (both on the backend and as a field that can be added to a profile for the front end).

The current 'synchronise users' thing is useless for me as it creates contact records for ALL joomla users who do not have them. One example of why this might be a problem is the case of the member who is using two email addresses - one for his membership record in CiviCRM which is where he wants official communications from the organisation to go, and a different one for the website registration (which might be made visible to other users). As I understand it the current system will create a second contact record for the user with the different email address - not good. In this specific example possibly friggable by messing with the contact matching settings, but better to not use it.

I guess what I am saying is that I don't want tight coupling between website CMS registrations and CiviCRM contacts to be enforced.

Any pointers to adding a CMS register option to backend contact editing and profiles gratefully received...

Thanks for all the help and advice.
RogerCO

speleo

  • Ask me questions
  • ****
  • Posts: 396
  • Karma: 28
  • CiviCRM version: 4.3.1
  • CMS version: J! 2.5,9
  • MySQL version: 5.1
  • PHP version: 5.3.24
Re: Joomla authentication plugin that checks for current CiviCRM membership
July 04, 2008, 01:47:28 am
Roger, I hear where you’re coming from and understand that your usage requirements are probably more diverse than the norm. However the work that the team are doing to bring Joomla integration closer is a good thing. Having the capability to enable or disable the functionality is a route forward but I’d like to be giving the devs a clear message that the Joomla community needs this functionality.

Secondly, you’re matching on firstname + lastname.  How many John Smiths do you know out there? I’m assuming that since you have a manual process of issuing logins that you bypass this issue from a CMS point of view. But how do you sync the UFMatch to pick up the right John Smith if you want to show him some profile? Assuming, as a citizen, I value being a member or associate of your organisation then sharing a single valid email with the org would be acceptable. Especially if you adhere to the Data Protection Act and also publically state that you won’t share / sell details.

In the past I’ve used Community Builder to handle moderated registrations which has worked quite well. I suspect that a level of automation could be built in to redirect applicants depending on their region without too much difficulty.

Ultimately what we really need is for Joomla to deliver a decent ACL. Since getting 1.5 to the streets took well over a year and there is very little discussion / information / movement to 1.6 I don’t have that warm feeling.

Hope this helps!

Henry

Pages: [1] 2
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • Joomla authentication plugin that checks for current CiviCRM membership

This forum was archived on 2017-11-26.