/**
* Utility method to act on a user after it has been saved.
*
* This method sends a registration email to new users created in the backend.
*
* @param array $user Holds the new user data.
* @param boolean $isnew True if a new user is stored.
* @param boolean $success True if user was succesfully stored in the database.
* @param string $msg Message.
*
* @return void
*
* @since 1.6
*/
public function onUserAfterSave($user, $isnew, $success, $msg)
{
$mail_to_user = $this->params->get('mail_to_user', 1);
if ($isnew) {
// TODO: Suck in the frontend registration emails here as well. Job for a rainy day.
if ($this->app->isAdmin()) {
if ($mail_to_user) {
// Load user_joomla plugin language (not done automatically).
$lang = JFactory::getLanguage();
$lang->load('plg_user_joomla', JPATH_ADMINISTRATOR);
// Compute the mail subject.
$emailSubject = JText::sprintf('PLG_USER_JOOMLA_NEW_USER_EMAIL_SUBJECT', $user['name'], $config = $this->app->get('sitename'));
// Compute the mail body.
$emailBody = JText::sprintf('PLG_USER_JOOMLA_NEW_USER_EMAIL_BODY', $user['name'], $this->app->get('sitename'), JUri::root(), $user['username'], $user['password_clear']);
// Assemble the email data...the sexy way!
$mail = JFactory::getMailer()->setSender(array($this->app->get('mailfrom'), $this->app->get('fromname')))->addRecipient($user['email'])->setSubject($emailSubject)->setBody($emailBody);
if (!$mail->Send()) {
$this->app->enqueueMessage(JText::_('JERROR_SENDING_EMAIL'), 'warning');
}
}
}
} else {
// Existing user - nothing to do...yet.
}
}
/**
* Listener for the `onAfterInitialise` event
*
* @return void
*
* @since 3.5
*/
public function onAfterInitialise()
{
if (!$this->app->isAdmin() || !$this->isAllowedUser()) {
return;
}
if (!$this->isDebugEnabled() && !$this->isUpdateRequired()) {
return;
}
JHtml::_('jquery.framework');
JHtml::script('plg_system_stats/stats.js', false, true, false);
}
public function onUserLogout($options)
{
// No remember me for admin
if ($this->app->isAdmin()) {
return false;
}
$cookieName = JUserHelper::getShortHashedUserAgent();
// Check for the cookie
if ($this->app->input->cookie->get($cookieName)) {
// Make sure authentication group is loaded to process onUserAfterLogout event
JPluginHelper::importPlugin('authentication');
}
}
/**
* Convert links in com_templates to point into Gantry Administrator component.
*/
public function onAfterRender()
{
if (!$this->app->isAdmin()) {
return;
}
$document = JFactory::getDocument();
$type = $document->getType();
$option = $this->app->input->getString('option');
$view = $this->app->input->getString('view', 'styles');
$task = $this->app->input->getString('task');
if (in_array($option, ['com_templates', 'com_advancedtemplates']) && $view == 'styles' && !$task && $type == 'html') {
$this->styles = $this->getStyles();
$body = preg_replace_callback('/(<a\\s[^>]*href=")([^"]*)("[^>]*>)(.*)(<\\/a>)/siU', array($this, 'appendHtml'), $this->app->getBody());
$this->app->setBody($body);
}
}
/**
* Listener for the `onAfterInitialise` event
*
* @return void
*
* @since 3.5
*/
public function onAfterInitialise()
{
if (!$this->app->isAdmin() || !$this->isAllowedUser()) {
return;
}
if (!$this->isDebugEnabled() && !$this->isUpdateRequired()) {
return;
}
if (JUri::getInstance()->getVar("tmpl") === "component") {
return;
}
// Load plugin language files only when needed (ex: they are not needed in site client).
$this->loadLanguage();
JHtml::_('jquery.framework');
JHtml::script('plg_system_stats/stats.js', false, true, false);
}
/**
* This is where we delete any authentication cookie when a user logs out
*
* @param array $options Array holding options (length, timeToExpiration)
*
* @return boolean True on success
*
* @since 3.2
*/
public function onUserAfterLogout($options)
{
// No remember me for admin
if ($this->app->isAdmin()) {
return false;
}
$cookieName = 'joomla_remember_me_' . JUserHelper::getShortHashedUserAgent();
$cookieValue = $this->app->input->cookie->get($cookieName);
// There are no cookies to delete.
if (!$cookieValue) {
return true;
}
$cookieArray = explode('.', $cookieValue);
// Filter series since we're going to use it in the query
$filter = new JFilterInput();
$series = $filter->clean($cookieArray[1], 'ALNUM');
// Remove the record from the database
$query = $this->db->getQuery(true)->delete('#__user_keys')->where($this->db->quoteName('series') . ' = ' . $this->db->quote($series));
try {
$this->db->setQuery($query)->execute();
} catch (RuntimeException $e) {
// We aren't concerned with errors from this query, carry on
}
// Destroy the cookie
$this->app->input->cookie->set($cookieName, false, time() - 42000, $this->app->get('cookie_path', '/'), $this->app->get('cookie_domain'));
return true;
}
/**
* Remember me method to run onAfterInitialise
*
* @return boolean
*
* @since 1.5
* @throws InvalidArgumentException
*/
public function onAfterInitialise()
{
// No remember me for admin
if ($this->app->isAdmin()) {
return false;
}
$user = JFactory::getUser();
$this->app->rememberCookieLifetime = $this->lifetime;
$this->app->rememberCookieSecure = $this->secure;
$this->app->rememberCookieLength = $this->length;
// Check for a cookie
if ($user->get('guest') == 1) {
// Create the cookie name and data
$rememberArray = JUserHelper::getRememberCookieData();
if ($rememberArray !== false) {
if (count($rememberArray) != 3) {
// Destroy the cookie in the browser.
$this->app->input->cookie->set(end($rememberArray), false, time() - 42000, $this->app->get('cookie_path'), $this->app->get('cookie_domain'));
JLog::add('Invalid cookie detected.', JLog::WARNING, 'error');
return false;
}
list($privateKey, $series, $uastring) = $rememberArray;
if (!JUserHelper::clearExpiredTokens($this)) {
JLog::add('Error in deleting expired cookie tokens.', JLog::WARNING, 'error');
}
// Find the matching record if it exists
$query = $this->db->getQuery(true)->select($this->db->quoteName(array('user_id', 'token', 'series', 'time', 'invalid')))->from($this->db->quoteName('#__user_keys'))->where($this->db->quoteName('series') . ' = ' . $this->db->quote(base64_encode($series)))->where($this->db->quoteName('uastring') . ' = ' . $this->db->quote($uastring))->order($this->db->quoteName('time') . ' DESC');
$results = $this->db->setQuery($query)->loadObjectList();
$countResults = count($results);
// We have a user but a cookie that is not in the database, or it is invalid. This is a possible attack, so invalidate everything.
if (($countResults === 0 || $results[0]->invalid != 0) && !empty($results[0]->user_id)) {
JUserHelper::invalidateCookie($results[0]->user_id, $uastring);
JLog::add(JText::sprintf('PLG_SYSTEM_REMEMBER_ERROR_LOG_INVALIDATED_COOKIES', $user->username), JLog::WARNING, 'security');
// Possibly e-mail user and admin here.
return false;
}
// We have a user with one cookie with a valid series and a corresponding record in the database.
if ($countResults === 1) {
if (substr($results[0]->token, 0, 4) === '$2y$') {
if (JCrypt::hasStrongPasswordSupport()) {
$match = password_verify($privateKey, $results[0]->token);
}
} else {
if (JCrypt::timingSafeCompare($results[0]->token, $privateKey)) {
$match = true;
}
}
if (empty($match)) {
JUserHelper::invalidateCookie($results[0]->user_id, $uastring);
JLog::add(JText::sprintf('PLG_SYSTEM_REMEMBER_ERROR_LOG_LOGIN_FAILED', $user->username), JLog::WARNING, 'security');
return false;
}
// Set up the credentials array to pass to onUserAuthenticate
$credentials = array('username' => $results[0]->user_id);
return $this->app->login($credentials, array('silent' => true, 'lifetime' => $this->lifetime, 'secure' => $this->secure, 'length' => $this->length));
}
}
}
return false;
}
/**
* Dispatch the application.
*
* @param JApplicationCms $app
*
* @return string An rendered view from executing the controller.
*/
public function execute()
{
$view = $this->app->input->get('view');
if ($view === null) {
throw new ControllerResolutionException('No view was specified.');
}
$fqcn = __NAMESPACE__ . '\\Controllers\\' . ($this->app->isAdmin() ? 'Admin\\' : '') . ucfirst($view) . 'Controller';
if (!class_exists($fqcn)) {
throw new ControllerResolutionException(sprintf('Controller for view (%s) cannot be found.', $view));
}
/** @var \Framework\Controllers\AbstractBaseController $controller */
$controller = $this->container->buildObject($fqcn);
$controller->setContainer($this->container);
$controller->createDefaultModel();
$controller->createDefaultView();
return $controller->execute();
}
/**
* Execute the controller.
*
* @return mixed A rendered view or true
*
* @since 3.2
*/
public function execute()
{
// Get the document object.
$document = JFactory::getDocument();
$componentFolder = $this->input->getWord('option', 'com_config');
if ($this->app->isAdmin()) {
$viewName = $this->input->getWord('view', 'application');
} else {
$viewName = $this->input->getWord('view', 'config');
}
$viewFormat = $document->getType();
$layoutName = $this->input->getWord('layout', 'default');
// Register the layout paths for the view
$paths = new SplPriorityQueue();
if ($this->app->isAdmin()) {
$paths->insert(JPATH_ADMINISTRATOR . '/components/' . $componentFolder . '/view/' . $viewName . '/tmpl', 1);
} else {
$paths->insert(JPATH_BASE . '/components/' . $componentFolder . '/view/' . $viewName . '/tmpl', 1);
}
$viewClass = $this->prefix . 'View' . ucfirst($viewName) . ucfirst($viewFormat);
$modelClass = $this->prefix . 'Model' . ucfirst($viewName);
if (class_exists($viewClass)) {
$model = new $modelClass();
$component = $model->getState()->get('component.option');
// Access check.
if (!JFactory::getUser()->authorise('core.admin', $component) && !JFactory::getUser()->authorise('core.options', $component)) {
$this->app->enqueueMessage(JText::_('JERROR_ALERTNOAUTHOR'), 'error');
return;
}
$view = new $viewClass($model, $paths);
$view->setLayout($layoutName);
// Push document object into the view.
$view->document = $document;
// Reply for service requests
if ($viewFormat == 'json') {
return $view->render();
}
// Render view.
echo $view->render();
}
return true;
}
/**
* Utility method to act on a user after it has been saved.
*
* This method sends a registration email to new users created in the backend.
*
* @param array $user Holds the new user data.
* @param boolean $isnew True if a new user is stored.
* @param boolean $success True if user was successfully stored in the database.
* @param string $msg Message.
*
* @return void
*
* @since 1.6
*/
public function onUserAfterSave($user, $isnew, $success, $msg)
{
$mail_to_user = $this->params->get('mail_to_user', 1);
if ($isnew) {
// TODO: Suck in the frontend registration emails here as well. Job for a rainy day.
if ($this->app->isAdmin()) {
if ($mail_to_user) {
$lang = JFactory::getLanguage();
$defaultLocale = $lang->getTag();
/**
* Look for user language. Priority:
* 1. User frontend language
* 2. User backend language
*/
$userParams = new JRegistry($user['params']);
$userLocale = $userParams->get('language', $userParams->get('admin_language', $defaultLocale));
if ($userLocale != $defaultLocale) {
$lang->setLanguage($userLocale);
}
$lang->load('plg_user_joomla', JPATH_ADMINISTRATOR);
// Compute the mail subject.
$emailSubject = JText::sprintf('PLG_USER_JOOMLA_NEW_USER_EMAIL_SUBJECT', $user['name'], $config = $this->app->get('sitename'));
// Compute the mail body.
$emailBody = JText::sprintf('PLG_USER_JOOMLA_NEW_USER_EMAIL_BODY', $user['name'], $this->app->get('sitename'), JUri::root(), $user['username'], $user['password_clear']);
// Assemble the email data...the sexy way!
$mail = JFactory::getMailer()->setSender(array($this->app->get('mailfrom'), $this->app->get('fromname')))->addRecipient($user['email'])->setSubject($emailSubject)->setBody($emailBody);
// Set application language back to default if we changed it
if ($userLocale != $defaultLocale) {
$lang->setLanguage($defaultLocale);
}
if (!$mail->Send()) {
$this->app->enqueueMessage(JText::_('JERROR_SENDING_EMAIL'), 'warning');
}
}
}
} else {
// Existing user - nothing to do...yet.
}
}
/**
* Convert links in com_templates to point into Gantry Administrator component.
*/
public function onAfterRender()
{
if (!$this->app->isAdmin()) {
return;
}
$document = JFactory::getDocument();
$type = $document->getType();
$option = $this->app->input->getString('option');
$view = $this->app->input->getString('view', 'g5');
$task = $this->app->input->getString('task');
if (in_array($option, array('com_templates', 'com_advancedtemplates')) && ($view == 'g5' || $view == 'styles') && !$task && $type == 'html') {
$this->styles = $this->getStyles();
$body = preg_replace_callback('/(<a\\s[^>]*href=")([^"]*)("[^>]*>)(.*)(<\\/a>)/siU', array($this, 'appendHtml'), $this->app->getBody());
$this->app->setBody($body);
}
if (($option == 'com_modules' || $option == 'com_advancedmodules') && ($view == 'g5' || $view == 'modules' || empty($view)) && $type == 'html') {
$db = JFactory::getDBO();
$query = $db->getQuery(true);
$query->select('id, title, params');
$query->from('#__modules');
$query->where('module = ' . $db->quote('mod_gantry5_particle'));
$db->setQuery($query);
$data = $db->loadObjectList();
if (sizeof($data) > 0) {
$this->modules = [];
$body = $this->app->getBody();
foreach ($data as $module) {
$params = json_decode($module->params);
$particle = isset($params->particle) ? json_decode($params->particle) : '';
$title = isset($particle->title) ? $particle->title : (isset($particle->particle) ? $particle->particle : '');
$this->modules[$module->id] = $particle;
$body = preg_replace_callback('/(<a\\s[^>]*href=")([^"]*)("[^>]*>)(.*)(<\\/a>)/siU', function ($matches) use($title) {
return $this->appendHtml($matches, $title);
}, $body);
}
$this->app->setBody($body);
}
}
}
/**
* Determine if we use the plugin or not
* both location and event criteria have to be match when form plug-in
*
* @param string $location Location to trigger plugin on
* @param string $event Event to trigger plugin on
*
* @return bool true if we should run the plugin otherwise false
*/
public function canUse($location = null, $event = null)
{
$ok = false;
$model = $this->getModel();
switch ($location) {
case 'front':
if (!$this->app->isAdmin()) {
$ok = true;
}
break;
case 'back':
if ($this->app->isAdmin()) {
$ok = true;
}
break;
case 'both':
$ok = true;
break;
}
if ($ok) {
// $$$ hugh @FIXME - added copyingRow() stuff to form model, need to do it
// for list model as well.
$k = array_key_exists('origRowId', $model) && isset($model->origRowId) ? 'origRowId' : 'rowId';
switch ($event) {
case 'new':
if ($model->{$k} != 0) {
$ok = isset($model->copyingRow) ? $model->copyingRow() : false;
}
break;
case 'edit':
if ($model->{$k} == 0) {
/** $$$ hugh - don't think this is right, as it'll return true when it shouldn't.
* Think if this row is being copied, then by definition it's not being edited, it's new.
* For now, just set $ok to false;
* $ok = $ok = isset($model->copyingRow) ? !$model->copyingRow() : false;
*/
$ok = false;
}
break;
}
}
return $ok;
}
/**
* Determines if the message should be displayed
*
* @return boolean
*
* @since __DEPLOY_VERSION__
*/
private function shouldDisplayMessage()
{
// Only on admin app
if (!$this->app->isAdmin()) {
return false;
}
// Only if authenticated
if (JFactory::getUser()->guest) {
return false;
}
// Only on HTML documents
if ($this->app->getDocument()->getType() !== 'html') {
return false;
}
// Only on full page requests
if ($this->app->input->getCmd('tmpl', 'index') === 'component') {
return false;
}
// Only to com_cpanel
if ($this->app->input->get('option') != 'com_cpanel') {
return false;
}
return true;
}
/**
* Set the List's tab HTML
*
* @return array Tabs
*/
public function loadTabs()
{
$this->tabs = array();
$tabs = $this->getTabCategories();
if (!is_array($tabs) || empty($tabs)) {
return $this->tabs;
}
$package = $this->app->getUserState('com_fabrik.package', 'fabrik');
$listId = $this->getId();
$tabsField = $this->getTabField();
$itemId = FabrikWorker::itemId();
$uri = JURI::getInstance();
$urlBase = $uri->toString(array('path'));
$urlBase .= '?option=com_' . $package . '&';
if ($this->app->isAdmin()) {
$urlBase .= 'task=list.view&';
} else {
$urlBase .= 'view=list&';
}
$urlBase .= 'listid=' . $listId . '&resetfilters=1';
$urlEquals = $urlBase . '&' . $tabsField . '=%s';
$urlRange = $urlBase . '&' . $tabsField . '[value][]=%s&' . $tabsField . '[value][]=%s&' . $tabsField . '[condition]=BETWEEN';
$uri = JURI::getInstance();
$thisUri = rawurldecode($uri->toString(array('path', 'query')));
foreach ($tabs as $i => $tabArray) {
$row = new stdClass();
list($label, $range) = $tabArray;
$row->label = $label;
if (is_null($range)) {
$row->href = $urlBase;
} elseif (!is_array($range)) {
$row->href = sprintf($urlEquals, $range);
} else {
list($low, $high) = $range;
$row->href = sprintf($urlEquals, sprintf($urlRange, $low, $high));
}
if ($itemId) {
$row->href .= '&Itemid=' . $itemId;
}
$row->id = 'list_tabs_' . $this->getId() . '_' . $i;
$row->js = false;
$row->class = $thisUri == $row->href ? 'active' : '';
$this->tabs[] = $row;
}
return $this->tabs;
}
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object &$response Authentication response object
*
* @return boolean
*
* @since 3.2
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
// No remember me for admin
if ($this->app->isAdmin()) {
return false;
}
JLoader::register('JAuthentication', JPATH_LIBRARIES . '/joomla/user/authentication.php');
$response->type = 'Cookie';
// We need to validate the cookie data because there may be no Remember Me plugin to do it.
// Create the cookie name and data.
$rememberArray = JUserHelper::getRememberCookieData();
if ($rememberArray == false) {
return false;
}
list($privateKey, $series, $uastring) = $rememberArray;
// Find the matching record if it exists.
$query = $this->db->getQuery(true)->select($this->db->quoteName(array('user_id', 'token', 'series', 'time', 'invalid')))->from($this->db->quoteName('#__user_keys'))->where($this->db->quoteName('series') . ' = ' . $this->db->quote(base64_encode($series)))->where($this->db->quoteName('uastring') . ' = ' . $this->db->quote($uastring))->order($this->db->quoteName('time') . ' DESC');
$results = $this->db->setQuery($query)->loadObjectList();
$countResults = count($results);
if ($countResults !== 1) {
$response->status = JAuthentication::STATUS_FAILURE;
return;
} else {
if (substr($results[0]->token, 0, 4) === '$2y$') {
if (JCrypt::hasStrongPasswordSupport()) {
$match = password_verify($privateKey, $results[0]->token);
}
} else {
if (JCrypt::timingSafeCompare($results[0]->token, $privateKey)) {
$match = true;
}
}
if (empty($match)) {
JUserHelper::invalidateCookie($results[0]->user_id, $uastring);
JLog::add(JText::sprintf('PLG_SYSTEM_REMEMBER_ERROR_LOG_LOGIN_FAILED', $user->username), JLog::WARNING, 'security');
$response->status = JAuthentication::STATUS_FAILURE;
return false;
}
}
// Set cookie params.
if (!empty($options['lifetime']) && !empty($options['length']) && !empty($options['secure'])) {
$response->lifetime = $options['lifetime'];
$response->length = $options['length'];
$response->secure = $options['secure'];
}
// Make sure there really is a user with this name and get the data for the session.
$query = $this->db->getQuery(true)->select($this->db->quoteName(array('id', 'username', 'password')))->from($this->db->quoteName('#__users'))->where($this->db->quoteName('username') . ' = ' . $this->db->quote($credentials['username']));
$result = $this->db->setQuery($query)->loadObject();
if ($result) {
// Bring this in line with the rest of the system
$user = JUser::getInstance($result->id);
$cookieName = JUserHelper::getShortHashedUserAgent();
// If there is no cookie, bail out
if (!$this->app->input->cookie->get($cookieName)) {
return;
}
// Set response data.
$response->username = $result->username;
$response->email = $user->email;
$response->fullname = $user->name;
$response->password = $result->password;
$response->language = $user->getParam('language');
// Set response status.
$response->status = JAuthentication::STATUS_SUCCESS;
$response->error_message = '';
} else {
$response->status = JAuthentication::STATUS_FAILURE;
$response->error_message = JText::_('JGLOBAL_AUTH_NO_USER');
}
}
/**
* Listener for the `onAfterInitialise` event
*
* @return void
*
* @since 3.5
*/
public function onAfterInitialise()
{
// Only run this in admin
if (!$this->app->isAdmin()) {
return;
}
// Do we need to run? Compare the last run timestamp stored in the plugin's options with the current
// timestamp. If the difference is greater than the cache timeout we shall not execute again.
$now = time();
$last = (int) $this->params->get('lastrun', 0);
// 12 hours - 60*60*12 = 43200
if (!defined('PLG_SYSTEM_STATS_DEBUG') && abs($now - $last) < 43200) {
return;
}
// Update last run status
$this->params->set('lastrun', $now);
$uniqueId = $this->params->get('unique_id', '');
/*
* If the unique ID is empty (because we have never submitted a piece of data before or because the refresh button
* has been used - generate a new ID and store it in the database for future use.
*/
if (empty($uniqueId)) {
$uniqueId = hash('sha1', JUserHelper::genRandomPassword(28) . time());
$this->params->set('unique_id', $uniqueId);
}
$query = $this->db->getQuery(true)->update($this->db->quoteName('#__extensions'))->set($this->db->quoteName('params') . ' = ' . $this->db->quote($this->params->toString('JSON')))->where($this->db->quoteName('type') . ' = ' . $this->db->quote('plugin'))->where($this->db->quoteName('folder') . ' = ' . $this->db->quote('system'))->where($this->db->quoteName('element') . ' = ' . $this->db->quote('stats'));
try {
// Lock the tables to prevent multiple plugin executions causing a race condition
$this->db->lockTable('#__extensions');
} catch (Exception $e) {
// If we can't lock the tables it's too risky to continue execution
return;
}
try {
// Update the plugin parameters
$result = $this->db->setQuery($query)->execute();
$this->clearCacheGroups(array('com_plugins'), array(0, 1));
} catch (Exception $exc) {
// If we failed to execute
$this->db->unlockTables();
$result = false;
}
try {
// Unlock the tables after writing
$this->db->unlockTables();
} catch (Exception $e) {
// If we can't lock the tables assume we have somehow failed
$result = false;
}
// Abort on failure
if (!$result) {
return;
}
$data = array('unique_id' => $uniqueId, 'php_version' => PHP_VERSION, 'db_type' => $this->db->name, 'db_version' => $this->db->getVersion(), 'cms_version' => JVERSION, 'server_os' => php_uname('s') . ' ' . php_uname('r'));
// Don't let the request take longer than 2 seconds to avoid page timeout issues
try {
// Don't let the request take longer than 2 seconds to avoid page timeout issues
JHttpFactory::getHttp()->post($this->params->get('url', 'https://developer.joomla.org/stats/submit'), $data, null, 2);
} catch (UnexpectedValueException $e) {
// There was an error sending stats. Should we do anything?
JLog::add('Could not send site statistics to remote server: ' . $e->getMessage(), JLog::WARNING, 'stats');
} catch (RuntimeException $e) {
// There was an error connecting to the server or in the post request
JLog::add('Could not connect to statistics server: ' . $e->getMessage(), JLog::WARNING, 'stats');
} catch (Exception $e) {
// An unexpected error in processing; don't let this failure kill the site
JLog::add('Unexpected error connecting to statistics server: ' . $e->getMessage(), JLog::WARNING, 'stats');
}
}
