Trying to log in into Joomla using PHP throws a 403 error

I am using Joomla 2.4, Moodle 2.4 and Joomdle 0.82.

I am trying to implement auto login for users when they activate a new account. I don't want them to have to enter their id and password after they click the account activation link emailed to them.

As part of this, immediately after the user activation is done, I need to log them in for which I am using the following code:

$app = JFactory::getApplication();
$result = $app->login($credentials);

where $credentials is an array containing the username and password.

Since I cannot retrieve the plain text of the encrypted and salted passwords stored in Joomla or Moodle, I am generating a temporary password at the time of above login and storing it in the Joomla and Moodle user tables. Once the user will be logged in, this temporary password will be replaced back in the user tables with the original password chosen by the user while registering.

With this approach, I am able to login the newly activated user into Joomla automatically after activation but I immediately thereafter see a "Error 403 - Forbidden" page with the url of www.sitename.com/moodle/auth/joomdle

When I try to directly login into Moodle using the temporary password, I am able to do so - so the temporary password has got stored in Moodle's user table.

Doesn't calling Joomla's login() function internally fire the Joomdla code to log in the user into Moodle as well? If not, then what approach can I take to initiate the log in process on the Moodle side as well.

My system health check is all green.

Thanks in advance for all your help.

While I don't have a fix for the above, perhaps an alternative approach will give you the same result. But first, your question ... Yes Joomla's login function calls the Joomdle plugin which is how we get SSO going.

The reason you can log into Moodle, at least by the information provided above, is because you are storing the temporary password into the tables. Thus you are in effect changing the password. So I do not see how you are going to change back to the old.

An alternative - not tested in theory or in practice.
- Instead of changing the users password, what about using a Master Password plugin which will allow you to login using any password you want without changing the user's password.
- Technically for greater security, you could assign a "Master Password" to each user and then once logged into remove that password from the plugin's password list.
- An even nicer (more secure) solution would be to adapt the plugin to provide an id / pw matching Master Password.
- This approach in theory should work because you temporarily have two passwords for every user thereby allowing the original / proper password to be untouched.

Thanks for your detailed reply. Its amazing to see the kind of support that you guys provide for a free product like Joomdle. I was able to fix the 403 error and yes, it had nothing to do with Joomdle.

As regards the ideas thrown up by you for handling the auto login, you have set my mind going and I will investigate the possibilities offered by you.

Thanks once again for your dedication and patience.