i'm use this PHP code and it's work but i don't know is it good or secure code for joomla or not? or can i use Substitutions in my code?
i know it's not best performance because i'm using "inner join" in my query.
can you guide me more ? i want release this plugin in JED when it's complete.
this is core of my plugin:
Code:
class plgAuthenticationEmail extends JPlugin {
/**
* This method should handle any authentication and report back to the subject
*/
function onUserAuthenticate(&$credentials, $options, &$response) {
// Get a database object
$db = JFactory::getDbo();
$query = $db->getQuery(true);
$query->select('username, password');
$query->from('#__users inner join #__comprofiler ON #__users.id=#__comprofiler.id');
$query->where('cb_FOO LIKE ' . $db->Quote($credentials['username']));
$db->setQuery($query);
$result = $db->loadObject();
if ($result) {
// why mess with re-creating authentication - just use the system.
$credentials['username'] = $result->username;
require_once JPATH_PLUGINS . '/authentication/joomla/joomla.php';
PlgAuthenticationJoomla::onUserAuthenticate($credentials, $options, $response);
} else {
$response->status = JAuthentication::STATUS_FAILURE;
$response->error_message = JText::_('JGLOBAL_AUTH_INVALID_PASS');
}
}
}