Login a user into Joomla with the help of user id

Making a user logging into a framework deals with all security and concerns but there are times when an application requires login a user without repeatedly asking for credentials from that user. It could be a very specific but a needful requirement which many developers have come across in different platforms. Here we will discuss about a solution that how you could achieve a user login on to a Joomla platform. Joomla, as you might already know provide full support for add-on(s) in the form of plugins, modules, components and even additional libraries. Here we will discuss a simple piece of code which can be used in any section of your code, without even asking for any additional environment than the core structure of Joomla.

Here I am writing a small function, which my extension will call at any point of time. Mostly it is in the very beginning when on particular request I get to know about which user is trying to interact with my application, and this code simply logins that user. Let say my function name is _forceLogin() which requires $userId as its only parameter. Also as in the beginning we require user id, so it must be available with the request. Retrieving $userId and calling _forceLogin() at particular instance will be like:

/**
 * Webkul Software.
 *
 * @category  Webkul
 * @author    Webkul
 * @copyright Copyright (c) 2010-2018 Webkul Software Private Limited (https://webkul.com)
 * @license   https://store.webkul.com/license.html
 */
$app = JFactory::getApplication();
$jinput = $app->input;
$userId = $jinput->post->get('userId', 0, 'INT');
$userStatus = $this->_forceLogin($userId);
if ($userStatus == 'guest') {
    // user id not exist in sytem
    echo JText::_("COM_WKAPI_ERROR_INAVID_USERID");
} elseif (!$userStatus) {
    // unable to clear previous user session
    echo JText::_("COM_WKAPI_ERROR_UNABLE_SESSION_CLEAR");
} elseif (is_array($userStatus) && $userStatus[0] == false) {
     // user exist but account blocked
     echo JText::_('JERROR_NOLOGIN_BLOCKED');
}

Note: ‘JERROR_NOLOGIN_BLOCKED’ is a predefined Joomla message to represent the present user state.

One of the important thing to be noticed here is the return response of _forceLogin() method as we have to follow and may come across certain conditions, which are:

1. We need to check if the provided user id is a valid user id in Joomla.
2. We need to check if a user is already logged in, and need to log out that first from the current session.
3. There could be a case that the user you want to login is not activated or enabled yet.

The function definition of _forceLogin() will be:

/**
 * Webkul Software.
 *
 * @category  Webkul
 * @author    Webkul
 * @copyright Copyright (c) 2010-2018 Webkul Software Private Limited (https://webkul.com)
 * @license   https://store.webkul.com/license.html
 *
 * @return mixed true on success
 */
private function _forceLogin($userId)
{
    $app = JFactory::getApplication();
    $logoutStatus = $app->logout();
    if ($logoutStatus) {
        $user = JFactory::getUser($userId);
        if ($user->guest) {
            return 'guest';
        } else {
            //Will authorize you as this user.
            JPluginHelper::importPlugin('user');
            $options = array();
            $options['action'] = 'core.login.site';
            $response = new stdClass();
            $response->username = $user->username;
            $response->language = '';
            $response->email = $user->email;
            $response->password_clear = '';
            $response->fullname = '';
            $result = $app->triggerEvent('onUserLogin', array((array)$response, $options));
            return $result;
        }
    } else {
        return false;
    }
}

For any query regarding Joomla plug-ins and add-ons, you can communicate with us by creating a ticket at:
https://webkul.uvdesk.com/en/customer/create-ticket/