Difference between revisions of "Accessing the current user object"

From Joomla! Documentation

(Determining Status)
Line 48: Line 48:
Frequently, you will just want to make sure the user is logged in before continuing. The 'guest' member function will be set to '1' when the current user is not logged in. When the user is authenticated, 'guest' will be set to '0'.
Frequently, you will just want to make sure the user is logged in before continuing. The 'guest' property will be set to '1' when the current user is not logged in. When the user is authenticated, 'guest' will be set to '0'.
Line 76: Line 76:
== Privileges ==
== Privileges ==

Revision as of 22:35, 20 January 2008



For every request in Joomla!, there is one user. Information about this user is readily available through the Joomla! framework in the form of an object. To get this object, use the following member function of JFactory:

	$user =& JFactory::getUser();

Getting a reference through getUser() ensures that only one user object is created during any one Joomla! request, saving on memory and processing time. Most of the information about the user is available through public member variables of the user object. This code displays the current user's name, email, user name, user type, and group id:

	echo "<p>Your name is {$user->name}, your email is {$user->email}, and your username is {$user->username}</p>";
	echo "<p>Your usertype is {$user->usertype} which has a group id of {$user->gid}.</p>";

Object Member Variables and Parameters

These are the relevant member variables automatically generated on a call to getUser():

  • id - The unique, numerical user id. Use this when referencing the user record in other database tables.
  • name - The name of the user. (e.g. Vint Cerf)
  • username - The login/screen name of the user. (e.g. shmuffin1979)
  • email - The email address of the user. (e.g.
  • password - The encrypted version of the user's password
  • password_clear - Set to the user's password only when it is being changed. Otherwise, remains blank.
  • usertype - The role of the user within Joomla!. (Super Administrator, Editor, etc...)
  • gid - Set to the user's group id, which corresponds to the usertype.
  • block - Set to '1' when the user is set to 'blocked' in Joomla!.
  • registerDate - Set to the date when the user was first registered.
  • lastvisitDate - Set to the date the user last visited the site.
  • guest - If the user is not logged in, this variable will be set to '1'. The other variables will be unset or default values.

In addition to the member variables (which are stored in the database in columns), there are parameters for the user that hold preferences. To get one of these parameters, call the getParam() member function of the user object, passing in the name of the parameter you want along with a default value in case it is blank.

	$user =& JFactory::getUser();
	$language = $user->getParam('language', 'the default');
	echo "<p>Your language is set to {$language}.</p>";

Determining Status

Frequently, you will just want to make sure the user is logged in before continuing. The 'guest' property will be set to '1' when the current user is not logged in. When the user is authenticated, 'guest' will be set to '0'.

	$user =& JFactory::getUser();
	if ($user->guest) {
		echo "<p>You must login to see the content. I want your email address.</p>";
	} else {
		<h1>Impromptu leftovers salad that goes well with fish</h1>
			<li>1/2 cup chopped celery</li>
			<li>1/4 cup raisins</li>
			<li>1 teaspoon Extra Virgin Olive Oil</li>
			<li>2 tablespoons of faux Thai lemongrass marinade</li>
			<li>1/4 cup shredded fresh basil</li>
			<li>Sprinkling of dill weed</li>
			<li>Big pinch of kosher salt</li>
			<li>Several lettuce leaves</li>
		<p>Wash the lettuce and basil and place in a salad bowl.
Get out a much smaller bowl and swish around all of the remaining ingredients. Pour this over the greens and toss.
Serves two.</p>


Not all authenticated users are given equal rights. For instance, a Super Administrator may be able to edit anyone's content, while a Publisher may only be able to edit their own. The authorize() member function can be used to determine if the current user has permission to do a certain task. The first parameter is used to identify which component or function we wish to authenticate against. The second represents the task. The third and fourth are optional; they further break the permissions down into record types and ownership respectively.

In Joomla! 1.5, the rights for all of the core components are stored in libraries/joomla/user/authorization.php. These are available to all extensions wherever authentication is required. If the permission scheme of the Content component suits your extension's needs, you can use code similar to the following to determine what functions to give to a specific user.

	$user =& JFactory::getUser();
	if ($user->authorize('com_content', 'edit', 'content', 'all')) {
		echo "<p>You may edit all content.</p>";
	} else {
		echo "<p>You may not edit all content.</p>";
	if ($user->authorize('com_content', 'publish', 'content', 'own')) {
		echo "<p>You may publish your own content.</p>";
	} else {
		echo "<p>You may not publish your own content.</p>";

The permissions for core functions may not be suitable for your extension. If this is the case, you can create your own permissions. You will probably want to add this code in a place where it will always be executed, such as the beginning of the component you are building or in a systemwide plugin. First, you need to get an authorization object using the getACL() member function of JFactory. This works like getUser() in that it only creates one authorization object during any particular Joomla! request. Once you have this object, call the addACL() member function to add permissions. Pass in the name of your component or function, the task name, the string 'users', and the user type (in lowercase) respectively. If you want to also define record sets and ownership, pass those in as an additional two parameters.

Note that in Joomla! 1.5, permissions are not inherited. For example, if you give an Administrator the right to edit content, Super Administrators do not automatically get this right; you must grant it separately.

	$auth =& JFactory::getACL();
	$auth->addACL('com_userinfo15', 'persuade', 'users', 'super administrator');
	$auth->addACL('com_userinfo15', 'persuade', 'users', 'administrator');
	$auth->addACL('com_userinfo15', 'persuade', 'users', 'manager');

	$user =& JFactory::getUser();
	if ($user->authorize('com_userinfo15', 'persuade')) {
		echo "<p>You may persuade the system to do what you wish.</p>";
	} else {
		echo "<p>You are not very persuasive.</p>";


Information about the current user is readily available in any part of your Joomla! extension. You need only fetch the object and access the member variables. You can authorize the user against the core permissions set, or create your own to suit your needs.