cameras in the cloud.

IP camera reviews, news and tips, along with the latest news in home and business video monitoring

Joomla component tutorial - Login authentication from an external app

Posted by on in Web Development

b2ap3_thumbnail_joomla.pngI wanted to give a quick and dirty tutorial on how to create a Joomla 2.5 component. I’m going to show you how to create a very quick Joomla MVC component...hold the M...hold the V. This is not for the MVC purists out there. Hence quick and dirty.

You should really understand the benefits of the MVC and why that exists before you do any Joomla component development. However I want to break the rules a bit. I should also mention before I get started that the Joomla MVC documentation is pretty good. You can stop reading here and get a nice detailed tutorial from start to finish on how to do Joomla component development. If you haven’t looked here already then you are doing yourself a disservice.

For today, I’m going to show you how to create a quick API for authenticating anyone via a query string. What’s the point of this? Let’s say you have an external program that you want to interface with Joomla. It could be anything, a bug tracking system a mobile device or anything that doesn’t exist in the Joomla framework. So what I plan to do is build an API where an external app can communicate via a query string with the username and password. This API would then authenticate the user if the credentials already exist in Joomla.

I’m actually only going to edit one file (yes, only one)  to create this but in actual fact you need many more files to get this right. If you do this properly you can follow the Joomla MVC tutorial, create the files manually and you’ll have a nice component. But remember the quick and dirty part? I’m going to use a tool to generate the templates of everything I need. It is called the Joomla Component Creator.

Sign up for a free account and it creates the template of what you need. It is way, way, way overkill for what we are doing here today, but trust me you will thank me later for the headache you will receive one day when you realize you mispelled the class name of your component. Boy does that blow.

Once you sign up for an account you just need add a new component, fill in the data of name of the component, author, etc. Then on the right hand side there will be a build component button. You don’t need to add a table or anything else. The build component button will generate a zip file with all the files you need.

This builds all template files you would ever need (and then some). Now let’s edit our component. For my case I created a component called com_test. Open up the file site/controller.php:

// No direct access
defined('_JEXEC') or die;

class TestController extends JController


This is simply a class that has been created for you just waiting for you to fill it in. Let’s do that:

class TestController extends JController
   function __construct() {
       // params
       $jinput = JFactory::getApplication()->input;
       $this->username = $jinput->get('username', '', 'STRING');
       $this->password = $jinput->get('password', '', 'STRING');

   private function checkRequiredParameters() {

       if (($this->username == '') ||    ($this->password == ''))
           header('HTTP/1.1 400 Bad Request', true, 400);

   function execute() {

       jimport( 'joomla.user.authentication');
       $auth = & JAuthentication::getInstance();
       $credentials = array( 'username' => $this->username, 'password' => $this->password );
       $options = array();
       $response = $auth->authenticate($credentials, $options);

       if ($response->status != JAUTHENTICATE_STATUS_SUCCESS)
           echo "Oh Snap! Failure!";

           echo "W00t! Success";

Okay, so let me explain. First of all I use the constructor to retrieve the username and password sent via the query string. All the gory details of retrieving data with JInput can be found here. Why the constructor, you ask? No reason for this example as I could have easily put everything in the execute() function but nice if you ever expand on this.

Next we added a function called checkRequiredParameters(). This simply returns a header with a bad request if an empty username or password are provided. Be sure to expand upon this and check all parameters that you want to use with a query string.

Finally we have the execute() function. If you look at one of the template files generated with the Joomla Component Creator you will see that it actually calls this function. In my case the file is called site/test.php.

Inside the execute() function we use the authenticate function of JAuthentication, check the status and Bob’s your uncle. I’m struggling to find my original reference as Joomla just has some outdated documentation for this. But this SO post really helped me on my way and really deserves the credit.

All done. Let’s test it. Zip up the directory site, admin and test.xml then install in the extensions manager.

Now go to your site and type:

Replace with your site and the proper username and password. Did you get the right message?

I’m sure there may be a more efficient and elegant ways but this is quick. I’d like to see how this can be achieved any faster. From start to finish of this tutorial I’d say it should only take you 5 mins. Remember that this code is crazy bloated but it gets you started. I should also note that this is designed and tested with Joomla 2.5 but I've taken into account 3.x (3.1 at that time of this writing) and it should work as well (although untested).

Here at Camcloud we have used this in the past as the basis for mobile devices to communicate with Joomla. Pretty cool, huh? I’m far from an expert so I love to hear your comments and approaches you may have taken yourself.

UPDATE: Thanks to a user comment below it has been verified it works with J!3.x with one slight change to a deprecated API. Replace this line:

if ($response->status != JAUTHENTICATE_STATUS_SUCCESS)
if ($response->status != JAuthentication::STATUS_SUCCESS)

Entrepreneur and Camcloud founder. I'm a 12+ year tech veteran. Former Director of Product Management and Certified Scrum Product Owner (CSPO). I focus on front-end web development with jQuery, HTML5 & cloud infrastructure.

Find me on Twitter


  • Guest
    Andrés Thursday, 16 May 2013

    Hello Alen

    Thanks for mentioning the Component Creator. With your permission, I'm linking your article to our Wiki to share your solution with other users.

    Keep the good work!

  • alen
    alen Thursday, 16 May 2013

    Hi Andrés,

    Of course. I hope to create many more tutorials, and wouldn't think of using anything other than Component Creator. What a fantastic tool!

  • Guest
    sabbir Friday, 24 May 2013

    Thanks for another fantastic post. The place else may just anybody get
    that kind of information in such an ideal way of writing? I have a
    presentation next week, and I am at the look for such info
    windows 7 wallpapers hd

  • Guest
    Jeremy Duke Monday, 10 June 2013

    Hi, this is precisely what I need, but I cannot seem to get it to work... Am I missing something? I have tried it on my test server with Joomla 2.5 and 3.0 separately. I would be deeply appreciative if I could get 15 minutes of your time to get this working!

  • alen
    alen Tuesday, 11 June 2013

    @Jeremy feel free to contact me: alen at camcloud dot com.

  • Guest
    Denis Thursday, 13 June 2013

    Thank for the article, but unfortunately didn't work for me.
    Getting "Oh Snap! Failure!" message. Joomla 3.1.1 package

  • alen
    alen Thursday, 13 June 2013

    @Denis it should work with 3.1.1. Did you see the latest update just yesterday on this? If it still doesn't work, send me an email and we will sort it out. This component is too basic for it not to work.

  • Guest
    francesco Monday, 17 June 2013

    I tried but I get no message and no login.

  • Guest
    francesco Monday, 17 June 2013

    sorry, now works! (on other website). but in the backend i don't see the user connected.

  • alen
    alen Monday, 17 June 2013

    @francesco Remember that the point of this component is to authenticate a user, not log them in.

  • Guest
    Florian Friday, 12 July 2013

    Could you also show how it works to login a user?

  • Guest
    francesco Monday, 17 June 2013

    tnx alen ;-) i partially solved, i write you a mail

  • Guest
    David Wampamba Tuesday, 25 June 2013

    Hey... have you ever worked with rsforms component? It's quite confusing to extend/modify.
    My issue is I want to add more filter form fields at the front-end, I want to enable export to excel at the front-end and enable front-end editing of already submitted data.

    I like your above article so thanks for sharing, also let me know if you can help me solve my problem.

  • Guest
    young Monday, 15 July 2013

    Thansk alot for this solution
    i was really looking for something to work with and this worked perfectly.

  • Guest
    User1 Tuesday, 10 September 2013


  • Guest
    Jibon Saturday, 19 October 2013

    Nice post But I think this will help you little bit to extend your component :

  • Guest
    johnab Monday, 18 November 2013

    Really, it's a informative post. Thanks for sharing the valuable information. Link you provided for joomla component creator is very helpful.

  • Guest
    denis Friday, 14 February 2014

    Is there any way to extend this to check if the user is actually in a specific group as well?
    That would be awesome!

  • alen
    alen Saturday, 15 February 2014

    @denis: I imagine so. Perhaps using something like JUserHelper::getUserGroups would help (remember it returns an array as a user could be in multiple groups). I'm not an expert so check it out:

Leave your comment

Guest Tuesday, 26 May 2015

We take your security and privacy seriously. Be sure to select a strong password for your account. Read our privacy policy for more information.