Development Blog

New eCommerce Site:

We’re launching a new custom Joomla eCommerce site this week. I’m especially excited about this one, because it’s one of my own ventures, via Mock-Epic LLC. The first retail site is, which sells twisted pens (some of which we make here in-house). We hope to have a total of three retail sites online before this summer. Looking forward to it!

Retrieving Custom Profile Data from Joomla User Account

I’ve been experimenting with modifying a copy of the Joomla “profile” plugin (/plugins/users/profile) and adding custom profile fields to use in other Components. Retrieving those stored profile values required some research, but it turns out it’s pretty straight-forward:

$User = JFactory::getUser();
$Profile = JUserHelper::getProfile(User->id);

From there, it may be easiest to just use the print_r() function to see what properties are available. In my case, they were in the “profile” property of the $Profile object, which was an array. So:

$favorite_goat = $Profile->profile['favorite_goat'];

Joomla 2.5+ Deprecated JRequest::checkToken() Replacement

I’ve become very accustomed to using Joomla’s JRequest class in custom Components. Since that class is now deprecated, I’m having to find new work-arounds, most involving the JInput class. Pretty much ever form had been using JRequest::checkToken() to guard against CSRF attacks, like:

if (!JRequest::checkToken())
$this->setError('Invalid (or expired) request token.');

To get around using JRequest, I’m now using this:

$app = JFactory::getApplication();
$token = JSession::getFormToken();
if (!$token || !$app->input->get($token, null, 'alnum'))
$this->setError('Invalid (or expired) request token.');

…which seems to work in pretty much the same way. In the old JRequest::checkToken() method, it was also redirecting to the login page if no session was detected, which I’m generally skipping.