public function onAfterInitialise()
{
// No remember me for admin
if (!App::isSite()) {
return;
}
if (User::isGuest()) {
$hash = App::hash('JLOGIN_REMEMBER');
if ($str = Request::getString($hash, '', 'cookie', 1 | 2)) {
$credentials = array();
$goodCookie = true;
$filter = JFilterInput::getInstance();
// Create the encryption key, apply extra hardening using the user agent string.
// Since we're decoding, no UA validity check is required.
$privateKey = App::hash(@$_SERVER['HTTP_USER_AGENT']);
$crypt = new \Hubzero\Encryption\Encrypter(new \Hubzero\Encryption\Cipher\Simple(), new \Hubzero\Encryption\Key('simple', $privateKey, $privateKey));
try {
$str = $crypt->decrypt($str);
if (!is_string($str)) {
throw new Exception('Decoded cookie is not a string.');
}
$cookieData = json_decode($str);
if (null === $cookieData) {
throw new Exception('JSON could not be docoded.');
}
if (!is_object($cookieData)) {
throw new Exception('Decoded JSON is not an object.');
}
// json_decoded cookie could be any object structure, so make sure the
// credentials are well structured and only have user and password.
if (isset($cookieData->username) && is_string($cookieData->username)) {
$credentials['username'] = $filter->clean($cookieData->username, 'username');
} else {
throw new Exception('Malformed username.');
}
if (isset($cookieData->password) && is_string($cookieData->password)) {
$credentials['password'] = $filter->clean($cookieData->password, 'string');
} else {
throw new Exception('Malformed password.');
}
// We're only doing this for the site app, so we explicitly set the action here
$return = App::get('auth')->login($credentials, array('silent' => true, 'action' => 'core.login.site'));
if (!$return) {
throw new Exception('Log-in failed.');
}
} catch (Exception $e) {
$cookie_domain = Config::get('cookie_domain', '');
$cookie_path = Config::get('cookie_path', '/');
// Clear the remember me cookie
setcookie(App::hash('JLOGIN_REMEMBER'), false, time() - 86400, $cookie_path, $cookie_domain);
Log::warning('A remember me cookie was unset for the following reason: ' . $e->getMessage());
}
}
}
}
/**
* This method should handle any logout logic and report back to the subject
*
* @param array $user Holds the user data.
* @param array $options Array holding options (client, ...).
* @return object True on success
*/
public function onUserLogout($user, $options = array())
{
if (App::isSite()) {
// Create the cookie
$hash = App::hash('plgSystemLogout');
$cookie_domain = Config::get('config.cookie_domain', '');
$cookie_path = Config::get('config.cookie_path', '/');
setcookie($hash, true, time() + 86400, $cookie_path, $cookie_domain);
}
return true;
}
/**
* Retrieve a cookie
*
* @param (string) $namespace - make sure the cookie name is unique
* @return (object) $cookie data
**/
public static function eat($namespace)
{
$hash = \App::hash(\App::get('client')->name . ':' . $namespace);
$key = \App::hash('');
$crypt = new \Hubzero\Encryption\Encrypter(new \Hubzero\Encryption\Cipher\Simple(), new \Hubzero\Encryption\Key('simple', $key, $key));
if ($str = \App::get('request')->getString($hash, '', 'cookie', JREQUEST_ALLOWRAW | JREQUEST_NOTRIM)) {
$sstr = $crypt->decrypt($str);
$cookie = @unserialize($sstr);
return (object) $cookie;
}
return false;
}
public function createSession($user)
{
if (empty($user)) {
return;
}
try {
Db::begin();
$user->last_login = Db::now();
$user->store();
$session = Orm::collection('Session')->load();
$session->user = $user;
$session->token = App::hash(uniqid(rand(), true));
$session->store();
Db::commit();
} catch (Exception $e) {
Db::rollback();
throw $e;
}
return $session->token;
}
/**
* Send out local password set confirmation token
*
* @return void - redirect to confirm token view
*/
private function sendtoken()
{
// Import helpers/classes
jimport('joomla.mail.helper');
jimport('joomla.user.helper');
// Make sure they're logged in
if ($this->user->get('guest')) {
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode(Route::url('index.php?option=' . $this->option . '&task=myaccount&active=account&action=sendtoken'))), Lang::txt('You must be a logged in to access this area.'), 'warning');
return;
}
// Make sure this is an auth link account (i.e. no password set)
$hzup = \Hubzero\User\Password::getInstance($this->member->get('uidNumber'));
if (!empty($hzup->passhash)) {
App::abort(404, Lang::txt('PLG_MEMBERS_ACCOUNT_NOT_LINKED_ACCOUNT'));
return;
}
// Generate a new random token and hash it
$token = App::hash(JUserHelper::genRandomPassword());
$salt = JUserHelper::getSalt('crypt-md5');
$hashedToken = md5($token . $salt) . ':' . $salt;
// Store the hashed token
$this->setToken($hashedToken);
// Send the email with the token
$this->sendEmail($token);
// Redirect user to confirm token view page
App::redirect(Route::url($this->member->getLink() . '&active=account&task=confirmtoken'), Lang::txt('Please check the email associated with this account (' . $this->member->get('email') . ') for your confirmation token!'), 'warning');
return;
}
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
* HUBzero is a registered trademark of Purdue University.
*
* @package hubzero-cms
* @author Sam Wilson <*****@*****.**>
* @copyright Copyright 2005-2015 HUBzero Foundation, LLC.
* @license http://opensource.org/licenses/MIT MIT
*/
// no direct access
defined('_HZEXEC_') or die;
$hash = App::hash(App::get('client')->name . ':authenticator');
if (($cookie = \Hubzero\Utility\Cookie::eat('authenticator')) && !Request::getInt('reset', false)) {
$primary = $cookie->authenticator;
$user = User::getInstance($cookie->user_id);
$user_img = $cookie->user_img;
Request::setVar('primary', $primary);
}
$usersConfig = Component::params('com_members');
$primary = Request::getWord('primary', false);
// use some reflections to inspect plugins for special behavior (added for shibboleth)
$refl = array();
foreach ($authenticators as $a) {
$refl[$a['name']] = new \ReflectionClass("plgAuthentication{$a['name']}");
}
$current = Hubzero\Utility\Uri::getInstance()->toString();
$current .= strstr($current, '?') ? '&' : '?';
/**
* Method to determine a hash for anti-spoofing variable names
*
* @param boolean $forceNew If true, force a new token to be created
* @return string Hashed var name
*/
public static function getFormToken($forceNew = false)
{
$hash = \App::hash(\User::get('id', 0) . \App::get('session')->getToken($forceNew));
return $hash;
}
public function getUserByCredentials($login, $password)
{
return $this->driver->getUserByCredentials($login, App::hash($password));
}
/**
* This method should handle any login logic and report back to the subject
*
* @param array $user holds the user data
* @param array $options array holding options (remember, autoregister, group)
* @return boolean True on success
*/
public function onLoginUser($user, $options = array())
{
jimport('joomla.user.helper');
$xuser = User::getRoot();
// get user from session (might be tmp_user, can't fetch from db)
if ($xuser->get('guest')) {
// joomla user plugin hasn't run or something went very badly
$plugins = Plugin::byType('user');
$xuser_order = false;
$joomla_order = false;
$i = 0;
foreach ($plugins as $plugin) {
if ($plugin->name == 'xusers') {
$xuser_order = $i;
}
if ($plugin->name == 'joomla') {
$joomla_order = $i;
}
$i++;
}
if ($joomla_order === false) {
return new Exception(Lang::txt('E_JOOMLA_USER_PLUGIN_MISCONFIGURED'), 500);
}
if ($xuser_order <= $joomla_order) {
return new Exception(Lang::txt('E_HUBZERO_USER_PLUGIN_MISCONFIGURED'), 500);
}
return new Exception(Lang::txt('E_JOOMLA_USER_PLUGIN_FAILED'), 500);
}
// log login to auth log
Log::auth($xuser->get('id') . ' [' . $xuser->get('username') . '] ' . $_SERVER['REMOTE_ADDR'] . ' login');
// correct apache log data
apache_note('auth', 'login');
// Log attempt to the database
Hubzero\User\User::oneOrFail($xuser->get('id'))->logger()->auth()->save(['username' => $xuser->get('username'), 'status' => 'success']);
// update session tracking with new data
$session = App::get('session');
$session->set('tracker.user_id', $xuser->get('id'));
$session->set('tracker.username', $xuser->get('username'));
if ($session->get('tracker.sid') == '') {
$session->set('tracker.sid', $session->getId());
}
$session->set('tracker.psid', $session->get('tracker.sid'));
if ($session->get('tracker.rsid') == '') {
$session->set('tracker.rsid', $session->getId());
}
if ($session->get('tracker.user_id') != $xuser->get('id') || $session->get('tracker.ssid') == '') {
$session->set('tracker.ssid', $session->getId());
}
if (empty($user['type'])) {
$session->clear('session.authenticator');
} else {
$session->set('session.authenticator', $user['type']);
}
if (isset($options['silent']) && $options['silent']) {
$session->set('session.source', 'cookie');
} else {
$session->set('session.source', 'user');
}
// update tracking data with changes related to login
jimport('joomla.utilities.utility');
$hash = App::hash(App::get('client')->name . ':tracker');
$key = \App::hash('');
$crypt = new \Hubzero\Encryption\Encrypter(new \Hubzero\Encryption\Cipher\Simple(), new \Hubzero\Encryption\Key('simple', $key, $key));
$tracker = array();
$tracker['user_id'] = $session->get('tracker.user_id');
$tracker['username'] = $session->get('tracker.username');
$tracker['sid'] = $session->getId();
$tracker['rsid'] = $session->get('tracker.rsid', $tracker['sid']);
$tracker['ssid'] = $session->get('tracker.ssid', $tracker['sid']);
$cookie = $crypt->encrypt(serialize($tracker));
$lifetime = time() + 365 * 24 * 60 * 60;
// Determine whether cookie should be 'secure' or not
$secure = false;
$forceSsl = \Config::get('force_ssl', false);
if (\App::isAdmin() && $forceSsl >= 1) {
$secure = true;
} else {
if (\App::isSite() && $forceSsl == 2) {
$secure = true;
}
}
setcookie($hash, $cookie, $lifetime, '/', '', $secure, true);
/* Mark registration as incomplete so it gets checked on next page load */
$username = $xuser->get('username');
if (isset($user['auth_link']) && is_object($user['auth_link'])) {
$hzal = $user['auth_link'];
} else {
$hzal = null;
}
if ($xuser->get('tmp_user')) {
$email = $xuser->get('email');
if ($username[0] == '-') {
$username = trim($username, '-');
if ($hzal) {
$xuser->set('username', 'guest;' . $username);
$xuser->set('email', $hzal->email);
}
}
} else {
if ($username[0] == '-') {
$username = trim($username, '-');
if ($hzal) {
$hzal->user_id = $xuser->get('id');
$hzal->update();
}
}
}
if ($hzal) {
$xuser->set('auth_link_id', $hzal->id);
$session->set('linkaccount', true);
}
$session->set('registration.incomplete', true);
// Check if quota exists for the user
$params = Component::params('com_members');
if ($params->get('manage_quotas', false)) {
require_once PATH_CORE . DS . 'components' . DS . 'com_members' . DS . 'tables' . DS . 'users_quotas.php';
require_once PATH_CORE . DS . 'components' . DS . 'com_members' . DS . 'tables' . DS . 'quotas_classes.php';
$quota = new \Components\Members\Tables\UsersQuotas($this->database);
$quota->load(array('user_id' => $xuser->get('id')));
if (!$quota->id) {
$class = new \Components\Members\Tables\QuotasClasses($this->database);
$class->load(array('alias' => 'default'));
if ($class->id) {
$quota->set('user_id', $xuser->get('id'));
$quota->set('class_id', $class->id);
$quota->set('soft_blocks', $class->soft_blocks);
$quota->set('hard_blocks', $class->hard_blocks);
$quota->set('soft_files', $class->soft_files);
$quota->set('hard_files', $class->hard_files);
$quota->store();
}
} else {
if ($quota->class_id) {
// Here, we're checking to make sure their class matches their actual quota values
$class = new \Components\Members\Tables\QuotasClasses($this->database);
$class->load($quota->class_id);
if ($quota->get('soft_blocks') != $class->get('soft_blocks') || $quota->get('hard_blocks') != $class->get('hard_blocks') || $quota->get('soft_files') != $class->get('soft_files') || $quota->get('hard_files') != $class->get('hard_files')) {
$quota->set('user_id', $xuser->get('id'));
$quota->set('class_id', $class->id);
$quota->set('soft_blocks', $class->soft_blocks);
$quota->set('hard_blocks', $class->hard_blocks);
$quota->set('soft_files', $class->soft_files);
$quota->set('hard_files', $class->hard_files);
$quota->store();
}
}
}
}
return true;
}
foreach ($a as $b) {
if (strstr($b, ':')) {
$b = explode(':', $b);
$bits[] = trim($b[0]) . '="' . trim($b[1]) . '"';
}
}
}
$attributes = implode(' ', $bits);
}
// Formats that can be previewed via Google viewer
$docs = array('pdf', 'doc', 'docx', 'xls', 'xlsx', 'ppt', 'pptx', 'pages', 'ai', 'psd', 'tiff', 'dxf', 'eps', 'ps', 'ttf', 'xps', 'svg');
$html5video = array("mp4", "m4v", "webm", "ogv");
$token = '';
if (!User::isGuest()) {
$session_id = App::get('session')->getId();
$key = App::hash(@$_SERVER['HTTP_USER_AGENT']);
$crypter = new \Hubzero\Encryption\Encrypter(new \Hubzero\Encryption\Cipher\Simple(), new \Hubzero\Encryption\Key('simple', $key, $key));
$token = base64_encode($crypter->encrypt($session_id));
}
$downloadUrl = Route::url('index.php?option=com_publications&id=' . $this->publication->id . '&task=serve&aid=' . $this->aid . '&render=download&token=' . $token);
$viewUrl = Route::url('index.php?option=com_publications&id=' . $this->publication->id . '&task=serve&aid=' . $this->aid . '&render=download&disposition=inline&token=' . $token);
?>
<div class="sample">
<p><?php
echo Lang::txt('COM_PUBLICATIONS_PUBLICATION') . ': <strong>' . $this->publication->title . '</strong>';
?>
<?php
if ($this->primary->role != 1) {
echo ' Supporting Doc: <strong>' . $this->primary->path . '</strong>';
}
?>
/**
* Get the encrypter utility
*
* @return void
*/
protected static function getEncrypter()
{
$key = \App::hash(@$_SERVER['HTTP_USER_AGENT']);
$crypt = new \Hubzero\Encryption\Encrypter(new \Hubzero\Encryption\Cipher\Simple(), new \Hubzero\Encryption\Key('simple', $key, $key));
return $crypt;
}
/**
* Get session id from cookie
*
* [!] This will determine if the user has an active session via browser
*
* @return bool Result of test
*/
public function getSessionIdFromCookie()
{
// get session id key name
$sessionName = md5(\App::hash('site'));
// return session id stored in cookie
return !empty($_COOKIE[$sessionName]) ? $_COOKIE[$sessionName] : null;
}
/**
* Generate a Windows tool invoke URL to redirect to
*
* @param string $option Name of the component
* @return void
*/
public function invoke($option)
{
$no_html = Request::getInt('no_html', 0);
$response = new StdClass();
$response->success = false;
$response->message = Lang::txt('No invoke URL found.');
// Check for an imconing token.
if ($token = Request::getVar('token', '', 'get')) {
$dtoken = base64_decode($token);
$key = App::hash(@$_SERVER['HTTP_USER_AGENT']);
$crypter = new \Hubzero\Encryption\Encrypter(new \Hubzero\Encryption\Cipher\Simple(), new \Hubzero\Encryption\Key('simple', $key, $key));
$session_id = $crypter->decrypt($dtoken);
$session = \Hubzero\Session\Helper::getSession($session_id);
$user = User::getInstance($session->userid);
$user->set('guest', 0);
$user->set('id', $session->userid);
$user->set('username', $session->username);
$ip = $session->ip;
} else {
$user = User::getInstance();
$ip = Request::ip();
}
// Is the user validated?
if ($user->isGuest()) {
$response->message = Lang::txt('Login is required to perform this action.');
} else {
$appid = Request::getVar('appid');
// Generate the URL
$url = $this->generateInvokeUrl($option, $appid, $user, $ip);
if ($url) {
if (!$token) {
$session = App::get('session');
$session_id = $session->getId();
$key = App::hash(@$_SERVER['HTTP_USER_AGENT']);
$crypter = new \Hubzero\Encryption\Encrypter(new \Hubzero\Encryption\Cipher\Simple(), new \Hubzero\Encryption\Key('simple', $key, $key));
$token = base64_encode($crypter->encrypt($session_id));
}
$rurl = rtrim($this->params->get('invoke_url', 'http://wapps.hubzero.org'), '/') . '/v1?';
//standaloneUrl=' . $url;
$params = array();
$params[] = 'token=' . $token;
if ($appid) {
$params[] = 'appid=' . $appid;
}
$params[] = 'standaloneUrl=' . $url;
$rurl .= implode('&', $params);
$response->success = true;
$response->message = $rurl;
if (!$no_html) {
$this->view('invoke', 'display')->set('url', $rurl)->set('rurl', $_SERVER['HTTP_REFERER'])->display();
exit;
App::redirect($url);
}
}
}
if (!$no_html) {
App::abort(404, Lang::txt('No invoke URL found.'));
}
$response = json_encode($response);
if ($callback = Request::getVar('callback')) {
$response = $callback . '(' . $response . ')';
}
echo $response;
exit;
}
/**
* Get the encrypter utility
*
* @return void
*/
protected static function getEncrypter()
{
$key = \App::hash('newletter');
$crypt = new \Hubzero\Encryption\Encrypter(new \Hubzero\Encryption\Cipher\Simple(), new \Hubzero\Encryption\Key('simple', $key, $key));
return $crypt;
}
/**
* Provides a secure hash based on a seed
*
* @param string $seed Seed string.
*
* @return string A secure hash
*
* @since 11.1
*/
public static function getHash($seed)
{
if (class_exists('\\App')) {
return \App::hash($seed);
}
return md5(JFactory::getConfig()->get('secret') . $seed);
}
/**
* Get cookie value
*
* @param string $key name of the cookie
* @return string|false cookie value or false if cookie is invalid or doesn't exists
* @static
*/
public static function getCookie($key)
{
if (!isset($_COOKIE[$key])) {
return false;
}
$cookie_val = $_COOKIE[$key];
if (strpos($cookie_val, '~~') !== false) {
list($cookie_hash, $cookie_val) = explode('~~', $cookie_val);
if (!strlen($cookie_hash) && !strlen($cookie_val)) {
return false;
}
$cookie_secret = Config::getVar('secret_key');
if (!$cookie_secret) {
throw new BakedCarrotException('Cannot set cookie without "secret_key" parameter');
}
if (extension_loaded('mcrypt')) {
$cookie_val = base64_decode($cookie_val);
$iv_size = mcrypt_get_iv_size(self::$mcrypt_cipher, self::$mcrypt_mode);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$cookie_val = mcrypt_decrypt(self::$mcrypt_cipher, Config::getVar('secret_key'), $cookie_val, self::$mcrypt_mode, $iv);
$cookie_val = rtrim($cookie_val, "");
}
$hash_to_test = App::hash($key . $cookie_val . $cookie_secret);
if ($hash_to_test != $cookie_hash) {
self::deleteCookie($key);
$cookie_val = false;
}
}
return $cookie_val;
}
/**
* Add a vote to an option
*/
public function voteTask()
{
// Check for request forgeries
Request::checkToken();
$poll_id = Request::getVar('id', 0, '', 'int');
$option_id = Request::getVar('voteid', 0, 'post', 'int');
$poll = new Poll($this->database);
if (!$poll->load($poll_id) || $poll->published != 1) {
throw new Exception(Lang::txt('JERROR_ALERTNOAUTHOR'), 404);
}
$cookieName = \App::hash(\App::get('client')->name . 'poll' . $poll_id);
// ToDo - may be adding those information to the session?
$voted = Request::getVar($cookieName, '0', 'COOKIE', 'INT');
if ($voted || !$option_id) {
if ($voted) {
$msg = Lang::txt('COM_POLL_ALREADY_VOTED');
}
if (!$option_id) {
$msg = Lang::txt('COM_POLL_WARNSELECT');
}
} else {
// Determine whether cookie should be 'secure' or not
$secure = false;
$forceSsl = \Config::get('force_ssl', false);
if (\App::isAdmin() && $forceSsl >= 1) {
$secure = true;
} else {
if (\App::isSite() && $forceSsl == 2) {
$secure = true;
}
}
setcookie($cookieName, '1', time() + $poll->lag, '/', '', $secure, true);
$poll->vote($poll_id, $option_id);
$msg = Lang::txt('COM_POLL_THANK_YOU');
}
// set Itemid id for links
$menu = \App::get('menu');
$items = $menu->getItems('link', 'index.php?option=com_poll&view=poll');
$itemid = isset($items[0]) ? '&Itemid=' . $items[0]->id : '';
App::redirect(Route::url('index.php?option=com_poll&id=' . $poll_id . ':' . $poll->alias . $itemid, false), $msg);
}
/**
* This method should handle any login logic and report back to the subject
*
* @param array $user Holds the user data
* @param array $options Array holding options (remember, autoregister, group)
*
* @return boolean True on success
* @since 1.5
*/
public function onUserLogin($user, $options = array())
{
$app = JFactory::getApplication();
$menu = App::get('menu');
if (App::isSite() && $this->params->get('automatic_change', 1)) {
// Load associations
$assoc = isset($app->menu_associations) ? $app->menu_associations : 0;
if ($assoc) {
$active = $menu->getActive();
if ($active) {
$associations = MenusHelper::getAssociations($active->id);
}
}
$lang_code = $user['language'];
if (empty($lang_code)) {
$lang_code = self::$default_lang;
}
if ($lang_code != self::$tag) {
// Change language
self::$tag = $lang_code;
// Create a cookie
$cookie_domain = Config::get('cookie_domain', '');
$cookie_path = Config::get('cookie_path', '/');
setcookie(App::hash('language'), $lang_code, $this->getLangCookieTime(), $cookie_path, $cookie_domain);
// Change the language code
Lang::setLanguage($lang_code);
// Change the redirect (language have changed)
if (isset($associations[$lang_code]) && $menu->getItem($associations[$lang_code])) {
$itemid = $associations[$lang_code];
User::setState('users.login.form.return', 'index.php?&Itemid=' . $itemid);
} else {
$itemid = isset(self::$homes[$lang_code]) ? self::$homes[$lang_code]->id : self::$homes['*']->id;
User::setState('users.login.form.return', 'index.php?&Itemid=' . $itemid);
}
}
}
}
/**
* Hook for after app initialization
*
* @return void
*/
public function onAfterInitialise()
{
// Get the session object
$session = App::get('session');
if ($session->isNew()) {
$tracker = array();
// Transfer tracking cookie data to session
jimport('joomla.utilities.utility');
jimport('joomla.user.helper');
$hash = App::hash(App::get('client')->name . ':tracker');
$key = App::hash('');
$crypt = new \Hubzero\Encryption\Encrypter(new \Hubzero\Encryption\Cipher\Simple(), new \Hubzero\Encryption\Key('simple', $key, $key));
if ($str = Request::getString($hash, '', 'cookie', 1 | 2)) {
$sstr = $crypt->decrypt($str);
$tracker = @unserialize($sstr);
if ($tracker === false) {
//Create the encryption key, apply extra hardening using the user agent string
$key = App::hash(@$_SERVER['HTTP_USER_AGENT']);
$crypt = new \Hubzero\Encryption\Encrypter(new \Hubzero\Encryption\Cipher\Simple(), new \Hubzero\Encryption\Key('simple', $key, $key));
$sstr = $crypt->decrypt($str);
$tracker = @unserialize($sstr);
}
}
if (!is_array($tracker)) {
$tracker = array();
}
if (empty($tracker['user_id'])) {
$session->clear('tracker.user_id');
} else {
$session->set('tracker.user_id', $tracker['user_id']);
}
if (empty($tracker['username'])) {
$session->clear('tracker.username');
} else {
$session->set('tracker.username', $tracker['username']);
}
if (empty($tracker['sid'])) {
$session->clear('tracker.psid');
} else {
$session->set('tracker.psid', $tracker['sid']);
}
$session->set('tracker.sid', $session->getId());
if (empty($tracker['ssid'])) {
$session->set('tracker.ssid', $session->getId());
} else {
$session->set('tracker.ssid', $tracker['ssid']);
}
if (empty($tracker['rsid'])) {
$session->set('tracker.rsid', $session->getId());
} else {
$session->set('tracker.rsid', $tracker['rsid']);
}
// log tracking cookie detection to auth log
$username = empty($tracker['username']) ? '-' : $tracker['username'];
$user_id = empty($tracker['user_id']) ? 0 : $tracker['user_id'];
App::get('log')->logger('auth')->info($username . ' ' . (isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '') . ' detect');
// set new tracking cookie with current data
$tracker = array();
$tracker['user_id'] = $session->get('tracker.user_id');
$tracker['username'] = $session->get('tracker.username');
$tracker['sid'] = $session->get('tracker.sid');
$tracker['rsid'] = $session->get('tracker.rsid');
$tracker['ssid'] = $session->get('tracker.ssid');
$cookie = $crypt->encrypt(serialize($tracker));
$lifetime = time() + 365 * 24 * 60 * 60 * 10;
// Determine whether cookie should be 'secure' or not
$secure = false;
$forceSsl = \Config::get('force_ssl', false);
if (\App::isAdmin() && $forceSsl >= 1) {
$secure = true;
} else {
if (\App::isSite() && $forceSsl == 2) {
$secure = true;
}
}
setcookie($hash, $cookie, $lifetime, '/', '', $secure, true);
}
// all page loads set apache log data
if (strpos(php_sapi_name(), 'apache') !== false) {
apache_note('jsession', $session->getId());
if (User::get('id') != 0) {
apache_note('auth', 'session');
apache_note('userid', User::get('id'));
} else {
if (!empty($tracker['user_id'])) {
apache_note('auth', 'cookie');
apache_note('userid', $tracker['user_id']);
apache_note('tracker', $tracker['rsid']);
}
}
}
}
/**
* Method to start the password reset process.
*
* @since 1.6
*/
public function processResetRequest($data)
{
// Get the form.
$form = $this->getForm();
// Check for an error.
if ($form instanceof Exception) {
return $form;
}
// Filter and validate the form data.
$data = $form->filter($data);
$return = $form->validate($data);
// Check for an error.
if ($return instanceof Exception) {
return $return;
}
// Check the validation results.
if ($return === false) {
// Get the validation messages from the form.
foreach ($form->getErrors() as $message) {
$this->setError($message);
}
return false;
}
// Find the user id for the given username
$db = $this->getDbo();
$query = $db->getQuery(true);
$query->select('id');
$query->from($db->quoteName('#__users'));
$query->where($db->quoteName('username') . ' = ' . $db->Quote($data['username']));
// Get the user object.
$db->setQuery((string) $query);
$userId = $db->loadResult();
// Check for an error.
if ($db->getErrorNum()) {
$this->setError(Lang::txt('COM_USERS_DATABASE_ERROR', $db->getErrorMsg()), 500);
return false;
}
// Check for a user.
if (empty($userId)) {
$this->setError(Lang::txt('COM_USERS_INVALID_USERNAME'));
return false;
}
// Get the user object.
$user = JUser::getInstance($userId);
// Make sure the user isn't blocked.
if ($user->block) {
$this->setError(Lang::txt('COM_USERS_USER_BLOCKED'));
return false;
}
// Make sure the user isn't a Super Admin.
if ($user->authorise('core.admin')) {
$this->setError(Lang::txt('COM_USERS_REMIND_SUPERADMIN_ERROR'));
return false;
}
// Make sure the user has not exceeded the reset limit
if (!$this->checkResetLimit($user)) {
$resetLimit = (int) JFactory::getApplication()->getParams()->get('reset_time');
$this->setError(Lang::txts('COM_USERS_REMIND_LIMIT_ERROR_N_HOURS', $resetLimit));
return false;
}
// Set the confirmation token.
$token = App::hash(JUserHelper::genRandomPassword());
$salt = JUserHelper::getSalt('crypt-md5');
$hashedToken = md5($token . $salt) . ':' . $salt;
$user->activation = $hashedToken;
// Save the user to the database.
if (!$user->save(true)) {
return new Exception(Lang::txt('COM_USERS_USER_SAVE_FAILED', $user->getError()), 500);
}
// Assemble the password reset confirmation link.
$mode = Config::get('force_ssl', 0) == 2 ? 1 : -1;
$itemid = UsersHelperRoute::getLoginRoute();
$itemid = $itemid !== null ? '&Itemid=' . $itemid : '';
$link = 'index.php?option=com_users&view=reset&layout=confirm' . $itemid;
// Put together the email template data.
$data = $user->getProperties();
$data['fromname'] = Config::get('fromname');
$data['mailfrom'] = Config::get('mailfrom');
$data['sitename'] = Config::get('sitename');
$data['link_text'] = Route::url($link, false, $mode);
$data['link_html'] = Route::url($link, true, $mode);
$data['token'] = $token;
$subject = Lang::txt('COM_USERS_EMAIL_PASSWORD_RESET_SUBJECT', $data['sitename']);
$body = Lang::txt('COM_USERS_EMAIL_PASSWORD_RESET_BODY', $data['sitename'], $data['token'], $data['link_text']);
// Send the password reset request email.
$return = JFactory::getMailer()->sendMail($data['mailfrom'], $data['fromname'], $user->email, $subject, $body);
// Check for an error.
if ($return !== true) {
return new Exception(Lang::txt('COM_USERS_MAIL_FAILED'), 500);
}
// Push the user data into the session.
$app = JFactory::getApplication();
$app->setUserState('com_users.reset.user', $user->id);
return true;
}
/**
* Method to save the form data.
*
* @param array The form data.
* @return mixed The user id on success, false on failure.
* @since 1.6
*/
public function register($temp)
{
$db = $this->getDbo();
$params = Component::params('com_users');
// Initialise the table with JUser.
$user = new JUser();
$data = (array) $this->getData();
// Merge in the registration data.
foreach ($temp as $k => $v) {
$data[$k] = $v;
}
// Prepare the data for the user object.
$data['email'] = $data['email1'];
$data['password'] = $data['password1'];
$useractivation = $params->get('useractivation');
$sendpassword = $params->get('sendpassword', 1);
// Check if the user needs to activate their account.
if ($useractivation == 1 || $useractivation == 2) {
$data['activation'] = App::hash(JUserHelper::genRandomPassword());
$data['block'] = 1;
}
// Bind the data.
if (!$user->bind($data)) {
$this->setError(Lang::txt('COM_USERS_REGISTRATION_BIND_FAILED', $user->getError()));
return false;
}
// Load the users plugin group.
Plugin::import('user');
// Store the data.
if (!$user->save()) {
$this->setError(Lang::txt('COM_USERS_REGISTRATION_SAVE_FAILED', $user->getError()));
return false;
}
// Compile the notification mail values.
$data = $user->getProperties();
$data['fromname'] = Config::get('fromname');
$data['mailfrom'] = Config::get('mailfrom');
$data['sitename'] = Config::get('sitename');
$data['siteurl'] = Request::root();
// Handle account activation/confirmation emails.
if ($useractivation == 2) {
// Set the link to confirm the user email.
$uri = JURI::getInstance();
$base = $uri->toString(array('scheme', 'user', 'pass', 'host', 'port'));
$data['activate'] = $base . Route::url('index.php?option=com_users&task=registration.activate&token=' . $data['activation'], false);
$emailSubject = Lang::txt('COM_USERS_EMAIL_ACCOUNT_DETAILS', $data['name'], $data['sitename']);
if ($sendpassword) {
$emailBody = Lang::txt('COM_USERS_EMAIL_REGISTERED_WITH_ADMIN_ACTIVATION_BODY', $data['name'], $data['sitename'], $data['activate'], $data['siteurl'], $data['username'], $data['password_clear']);
} else {
$emailBody = Lang::txt('COM_USERS_EMAIL_REGISTERED_WITH_ADMIN_ACTIVATION_BODY_NOPW', $data['name'], $data['sitename'], $data['activate'], $data['siteurl'], $data['username']);
}
} elseif ($useractivation == 1) {
// Set the link to activate the user account.
$uri = JURI::getInstance();
$base = $uri->toString(array('scheme', 'user', 'pass', 'host', 'port'));
$data['activate'] = $base . Route::url('index.php?option=com_users&task=registration.activate&token=' . $data['activation'], false);
$emailSubject = Lang::txt('COM_USERS_EMAIL_ACCOUNT_DETAILS', $data['name'], $data['sitename']);
if ($sendpassword) {
$emailBody = Lang::txt('COM_USERS_EMAIL_REGISTERED_WITH_ACTIVATION_BODY', $data['name'], $data['sitename'], $data['activate'], $data['siteurl'], $data['username'], $data['password_clear']);
} else {
$emailBody = Lang::txt('COM_USERS_EMAIL_REGISTERED_WITH_ACTIVATION_BODY_NOPW', $data['name'], $data['sitename'], $data['activate'], $data['siteurl'], $data['username']);
}
} else {
$emailSubject = Lang::txt('COM_USERS_EMAIL_ACCOUNT_DETAILS', $data['name'], $data['sitename']);
$emailBody = Lang::txt('COM_USERS_EMAIL_REGISTERED_BODY', $data['name'], $data['sitename'], $data['siteurl']);
}
// Send the registration email.
$return = JFactory::getMailer()->sendMail($data['mailfrom'], $data['fromname'], $data['email'], $emailSubject, $emailBody);
//Send Notification mail to administrators
if ($params->get('useractivation') < 2 && $params->get('mail_to_admin') == 1) {
$emailSubject = Lang::txt('COM_USERS_EMAIL_ACCOUNT_DETAILS', $data['name'], $data['sitename']);
$emailBodyAdmin = Lang::txt('COM_USERS_EMAIL_REGISTERED_NOTIFICATION_TO_ADMIN_BODY', $data['name'], $data['username'], $data['siteurl']);
// get all admin users
$query = 'SELECT name, email, sendEmail' . ' FROM #__users' . ' WHERE sendEmail=1';
$db->setQuery($query);
$rows = $db->loadObjectList();
// Send mail to all superadministrators id
foreach ($rows as $row) {
$return = JFactory::getMailer()->sendMail($data['mailfrom'], $data['fromname'], $row->email, $emailSubject, $emailBodyAdmin);
// Check for an error.
if ($return !== true) {
$this->setError(Lang::txt('COM_USERS_REGISTRATION_ACTIVATION_NOTIFY_SEND_MAIL_FAILED'));
return false;
}
}
}
// Check for an error.
if ($return !== true) {
$this->setError(Lang::txt('COM_USERS_REGISTRATION_SEND_MAIL_FAILED'));
// Send a system message to administrators receiving system mails
$db = App::get('db');
$q = "SELECT id\n\t\t\t\tFROM #__users\n\t\t\t\tWHERE block = 0\n\t\t\t\tAND sendEmail = 1";
$db->setQuery($q);
$sendEmail = $db->loadColumn();
if (count($sendEmail) > 0) {
$jdate = new \Hubzero\Utility\Date();
// Build the query to add the messages
$q = "INSERT INTO " . $db->quoteName('#__messages') . " (" . $db->quoteName('user_id_from') . ", " . $db->quoteName('user_id_to') . ", " . $db->quoteName('date_time') . ", " . $db->quoteName('subject') . ", " . $db->quoteName('message') . ") VALUES ";
$messages = array();
foreach ($sendEmail as $userid) {
$messages[] = "(" . $userid . ", " . $userid . ", '" . $jdate->toSql() . "', '" . Lang::txt('COM_USERS_MAIL_SEND_FAILURE_SUBJECT') . "', '" . Lang::txt('COM_USERS_MAIL_SEND_FAILURE_BODY', $return, $data['username']) . "')";
}
$q .= implode(',', $messages);
$db->setQuery($q);
$db->query();
}
return false;
}
if ($useractivation == 1) {
return "useractivate";
} elseif ($useractivation == 2) {
return "adminactivate";
} else {
return $user->id;
}
}
