Accessing User Information in Jooma

Accessing user information (like name, email, username, registered date) is very simple process in Joomla. The getUser() function of the Factory class returns a reference to the global user object.

You can use this information about the current user in any part of your Joomla! extension. You only need to fetch the object and access the member variables.

The user represents the identity of someone who can log on to a Joomla instance, whether on the front end, back end (administrator) or both. Associated with the user is:

  1. Static information such as username and email address, as well as user preferences regarding language, preferred editor.
  2. Dynamic information such as the last logon date or time.
  3. Privileges data, specifying the privileges which each user has, which allow him or her to perform actions on items within the Joomla instance.

The Joomla user APIs allow you to view the user account attributes, modify those attributes, check user privileges, delete user accounts and perform user account management functions.

To get the user object for the currently logged-on user:

use Joomla\CMS\Factory;
$user = Factory::getUser();

If no user is logged on, then the Factory::getUser() returns a "blank" user object, with the id field set to 0 (zero).

To get information about any registered user, you can call the function with a user id or username. for example,

$user = Factory::getUser(235);

Once you have the user object, you can display information about the user.

if (!$user->guest) 
echo 'You are logged in as:<br />';
echo 'User name: ' . $user->username . '<br />';
echo 'Real name: ' . $user->name . '<br />';
echo 'User ID : ' . $user->id . '<br />';

Following member variables automatically generated on a call to the getUser():

  1. guest
  2. id
  3. name
  4. username
  5. email
  6. password
  7. registerDate
  8. lastvisitDate
  9. lastResetTime
  10. resetCount
  11. requireReset
  12. block
  13. groups
  14. sendEmail
  15. activation
  16. params (json string)

The user attributes which are stored in the params field in the database, and which are available via $user->getParam() are:

  1. admin_style: the id of the template on the back end.
  2. admin_language: the language tag of the language on the back end
  3. language: the language tag of the language on the front end
  4. editor: the preferred editor
  5. timezone: the user's selected timezone (one of the standard PHP timezones). The timezone is also available via getTimezone().

How to check user is logged in or not

The guest property ($user->guest) is set to 1 when the current user is not logged in. When the user is authenticated, guest is is set to 0.

if ($user->guest) 
echo "<p>You must login to see the content. </p>";


User Privileges

Not all users are given equal rights. For example, a Super Administrator may be able to edit anyone's content, while a Publisher may only be able to edit their own. Certain articles may be confidential and may be viewed only by users who have permission to view them. There are four method calls in the User API relating to privileges.

1. authorise($action, $assetname = null)

The authorise() member function can be used to determine if the current user has permission to do a certain task. The first parameter is used to identify the task. The second parameter represents the component you wish to retrieve the ACL information from.

if ($user->authorise('core.edit', 'com_content'))
    echo "<p>You may edit all content.</p>";
if ($user->authorise('core.edit.own', 'com_content'))
    echo "<p>You may edit your own content.</p>";

2. getAuthorisedCategories($component, $action)

You call the getAuthorisedCategories() passing in the component and the action you want to perform, and the method returns an array of category ids on which this user can perform the action.

3. getAuthorisedGroups()

The $user->getAuthorisedGroups() returns an array of user group ids which this user is within.

4. getAuthorisedViewLevels()

The $user->getAuthorisedViewLevels() returns an array of viewing access levels ids.

Database Operations

You can use the User API to update user data. The User class uses the Joomla Table class to perform CRUD operations at the database level.

1. load($id)

Use the load() to load the user attributes (identified by id) from the database. The User class code will read the data from the database and will store the attributes in the class properties, including the params field which stores the additional attributes. You can then access these properties directly. For example, $user->name.

What load() does is thus similar to Factory::getUser($id), except that with load() you need to have created the User instance first with new User().

2. bind($data)

Use the bind() if you have an associative array ($data) of property names to property values. For example, array('name' => 'Vint Cerf', 'username' => 'shmuffin1979'). The bind() method will then update the local properties with the values passed in.

You can similarly set the values of the properties directly $user->name = 'Vint Cerf' or the params property via setParams().

3. save($updateOnly = false)

Use the save() to write to the database the updated properties which you have set. The save() code copies the property values into its 'table' structure and calls the Table class bind() and store() methods to write them to the database.

4. Creating New Users

You can use the above mechanism to insert new user records as well. The only difference is that you don't need to load an existing record from the database first.

5. delete()

To delete a user record, first load it from the database then use the delete() method:

$user = Factory::getUser($userid);

Related records in other user tables such as in #__user_usergroup_map and in #__messages are deleted as well. This operation also triggers the events onUserBeforeDelete and onUserAfterDelete so that plugins can also delete any related user data. However, if the user has created articles or is associated with a contact record then the references to the user's id in those records will remain.