如何使用外部 PHP 脚本获取当前的 Joomla 用户

I have a couple PHP scripts used for AJAX queries, but I want them to be able to operate under the umbrella of Joomla's authentication system. Is the following safe? Are there any unnecessary lines?

<?php

define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(__FILE__));
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );

/* Create the Application */
$mainframe =& JFactory::getApplication('site');

/* Make sure we are logged in at all. */
if (JFactory::getUser()->id == 0)
    die("Access denied: login required.");

?>

test.php:

<?php

include 'joomla-auth.php';

echo 'Logged in as "' . JFactory::getUser()->username . '"';

/* We then proceed to access things only the user
   of that name has access to. */
?>

推荐答案

虽然我在代码中没有看到任何不安全的内容，但最好对标准 Joomla 组件进行 AJAX/JSON 调用.这里有一篇关于如何执行此操作的好文章:http://blog.syncleon.com/2009/05/ajax-ify-your-joomla-website.html 我还在我的书 http://www.packtpub.com/files/learning-joomla-1-5-extension-development-sample-chapter-8-using-javascript-effects.pdf(跳至第 168 页).