/**
  * Verifies the validity of a username/e-mail address
  * combination and creates a token to verify the request
  * was initiated by the account owner.  The token is
  * sent to the account owner by e-mail
  *
  * @since	1.5
  * @param	string	Username string
  * @param	string	E-mail address
  * @return	bool	True on success/false on failure
  */
 function requestReset($email)
 {
     jimport('joomla.mail.helper');
     jimport('joomla.user.helper');
     $db =& JFactory::getDBO();
     // Make sure the e-mail address is valid
     if (!JMailHelper::isEmailAddress($email)) {
         $this->setError(JText::_('INVALID_EMAIL_ADDRESS'));
         return false;
     }
     // Build a query to find the user
     $query = 'SELECT id FROM #__users' . ' WHERE email = ' . $db->Quote($email) . ' AND block = 0';
     $db->setQuery($query);
     // Check the results
     if (!($id = $db->loadResult())) {
         $this->setError(JText::_('COULD_NOT_FIND_USER'));
         return false;
     }
     // Generate a new token
     $token = JUtility::getHash(JUserHelper::genRandomPassword());
     $salt = JUserHelper::getSalt('crypt-md5');
     $hashedToken = md5($token . $salt) . ':' . $salt;
     $query = 'UPDATE #__users' . ' SET activation = ' . $db->Quote($hashedToken) . ' WHERE id = ' . (int) $id . ' AND block = 0';
     $db->setQuery($query);
     // Save the token
     if (!$db->query()) {
         $this->setError(JText::_('DATABASE_ERROR'));
         return false;
     }
     // Send the token to the user via e-mail
     if (!$this->_sendConfirmationMail($email, $token)) {
         return false;
     }
     return true;
 }
Beispiel #2
0
 /**
  * Automatically sets the activation token for the user.
  *
  * @return LibUsersDomainEntityUser
  */
 public function requiresActivation()
 {
     jimport('joomla.user.helper');
     $token = JUtility::getHash(JUserHelper::genRandomPassword());
     $salt = JUserHelper::getSalt();
     $hashedToken = sha1($token . $salt) . ':' . $salt;
     $this->activation = $hashedToken;
     return $this;
 }
Beispiel #3
0
 /**
  * Formats a password using the current encryption.
  *
  * @param   string   $plaintext     The plaintext password to encrypt.
  * @param   string   $salt          The salt to use to encrypt the password. []
  *                                  If not present, a new salt will be
  *                                  generated.
  * @param   string   $encryption    The kind of password encryption to use.
  *                                  Defaults to md5-hex.
  * @param   boolean  $show_encrypt  Some password systems prepend the kind of
  *                                  encryption to the crypted password ({SHA},
  *                                  etc). Defaults to false.
  *
  * @return  string  The encrypted password.
  *
  * @since   11.1
  *
  * @deprecated  4.0
  */
 public static function getCryptedPassword($plaintext, $salt = '', $encryption = 'md5-hex', $show_encrypt = false)
 {
     // Get the salt to use.
     $salt = JUserHelper::getSalt($encryption, $salt, $plaintext);
     // Encrypt the password.
     switch ($encryption) {
         case 'plain':
             return $plaintext;
         case 'sha':
             $encrypted = base64_encode(mhash(MHASH_SHA1, $plaintext));
             return $show_encrypt ? '{SHA}' . $encrypted : $encrypted;
         case 'crypt':
         case 'crypt-des':
         case 'crypt-md5':
         case 'crypt-blowfish':
             return ($show_encrypt ? '{crypt}' : '') . crypt($plaintext, $salt);
         case 'md5-base64':
             $encrypted = base64_encode(mhash(MHASH_MD5, $plaintext));
             return $show_encrypt ? '{MD5}' . $encrypted : $encrypted;
         case 'ssha':
             $encrypted = base64_encode(mhash(MHASH_SHA1, $plaintext . $salt) . $salt);
             return $show_encrypt ? '{SSHA}' . $encrypted : $encrypted;
         case 'smd5':
             $encrypted = base64_encode(mhash(MHASH_MD5, $plaintext . $salt) . $salt);
             return $show_encrypt ? '{SMD5}' . $encrypted : $encrypted;
         case 'aprmd5':
             $length = strlen($plaintext);
             $context = $plaintext . '$apr1$' . $salt;
             $binary = JUserHelper::_bin(md5($plaintext . $salt . $plaintext));
             for ($i = $length; $i > 0; $i -= 16) {
                 $context .= substr($binary, 0, $i > 16 ? 16 : $i);
             }
             for ($i = $length; $i > 0; $i >>= 1) {
                 $context .= $i & 1 ? chr(0) : $plaintext[0];
             }
             $binary = JUserHelper::_bin(md5($context));
             for ($i = 0; $i < 1000; $i++) {
                 $new = $i & 1 ? $plaintext : substr($binary, 0, 16);
                 if ($i % 3) {
                     $new .= $salt;
                 }
                 if ($i % 7) {
                     $new .= $plaintext;
                 }
                 $new .= $i & 1 ? substr($binary, 0, 16) : $plaintext;
                 $binary = JUserHelper::_bin(md5($new));
             }
             $p = array();
             for ($i = 0; $i < 5; $i++) {
                 $k = $i + 6;
                 $j = $i + 12;
                 if ($j == 16) {
                     $j = 5;
                 }
                 $p[] = JUserHelper::_toAPRMD5(ord($binary[$i]) << 16 | ord($binary[$k]) << 8 | ord($binary[$j]), 5);
             }
             return '$apr1$' . $salt . '$' . implode('', $p) . JUserHelper::_toAPRMD5(ord($binary[11]), 3);
         case 'md5-hex':
         default:
             $encrypted = $salt ? md5($plaintext . $salt) : md5($plaintext);
             return $show_encrypt ? '{MD5}' . $encrypted : $encrypted;
     }
 }
Beispiel #4
0
    /**
     * Method to start the password reset process.
     *
     * @param   array  $data  The data expected for the form.
     *
     * @return  mixed  Exception | JException | boolean
     *
     * @since   1.6
     */
    public function processResetRequest($data)
    {
        $config = JFactory::getConfig();
        // Get the form.
        $form = $this->getForm();
        $data['email'] = JStringPunycode::emailToPunycode($data['email']);
        // Check for an error.
        if ($form instanceof Exception) {
            return $form;
        }
        // Filter and validate the form data.
        $data = $form->filter($data);
        $return = $form->validate($data);
        // Check for an error.
        if ($return instanceof Exception) {
            return $return;
        }
        // Check the validation results.
        if ($return === false) {
            // Get the validation messages from the form.
            foreach ($form->getErrors() as $formError) {
                $this->setError($formError->getMessage());
            }
            return false;
        }
        // Find the user id for the given email address.
        $db = $this->getDbo();
        $query = $db->getQuery(true)->select('id')->from($db->quoteName('#__users'))->where($db->quoteName('email') . ' = ' . $db->quote($data['email']));
        // Get the user object.
        $db->setQuery($query);
        try {
            $userId = $db->loadResult();
        } catch (RuntimeException $e) {
            $this->setError(JText::sprintf('COM_USERS_DATABASE_ERROR', $e->getMessage()), 500);
            return false;
        }
        // Check for a user.
        if (empty($userId)) {
            $this->setError(JText::_('COM_USERS_INVALID_EMAIL'));
            return false;
        }
        // Get the user object.
        $user = JUser::getInstance($userId);
        // Make sure the user isn't blocked.
        if ($user->block) {
            $this->setError(JText::_('COM_USERS_USER_BLOCKED'));
            return false;
        }
        // Make sure the user isn't a Super Admin.
        if ($user->authorise('core.admin')) {
            $this->setError(JText::_('COM_USERS_REMIND_SUPERADMIN_ERROR'));
            return false;
        }
        // Make sure the user has not exceeded the reset limit
        if (!$this->checkResetLimit($user)) {
            $resetLimit = (int) JFactory::getApplication()->getParams()->get('reset_time');
            $this->setError(JText::plural('COM_USERS_REMIND_LIMIT_ERROR_N_HOURS', $resetLimit));
            return false;
        }
        // Set the confirmation token.
        $token = JApplicationHelper::getHash(JUserHelper::genRandomPassword());
        $salt = JUserHelper::getSalt('crypt-md5');
        $hashedToken = md5($token . $salt) . ':' . $salt;
        $user->activation = $hashedToken;
        // Save the user to the database.
        if (!$user->save(true)) {
            return new JException(JText::sprintf('COM_USERS_USER_SAVE_FAILED', $user->getError()), 500);
        }
        // Assemble the password reset confirmation link.
        $mode = $config->get('force_ssl', 0) == 2 ? 1 : -1;
        $itemid = UsersHelperRoute::getLoginRoute();
        $itemid = $itemid !== null ? '&Itemid=' . $itemid : '';
        $link = 'index.php?option=com_users&view=reset&layout=confirm&token=' . $token . $itemid;
        // Put together the email template data.
        $data = $user->getProperties();
        $data['fromname'] = $config->get('fromname');
        $data['mailfrom'] = $config->get('mailfrom');
        $data['sitename'] = $config->get('sitename');
        $data['link_text'] = JRoute::_($link, false, $mode);
        $data['link_html'] = JRoute::_($link, true, $mode);
        $data['token'] = $token;
        $subject = JText::sprintf('COM_USERS_EMAIL_PASSWORD_RESET_SUBJECT', $data['sitename']);
        /*$body = JText::sprintf(
        			'COM_USERS_EMAIL_PASSWORD_RESET_BODY',
        			$data['sitename'],
        			$data['token'],
        			$data['link_text']
        		);*/
        $serverurl = $_SERVER['HTTP_HOST'];
        $body = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="viewport" content="width=device-width; maximum-scale=1.0;">
<title>RAS</title>

<style type="text/css">
 body{ margin:0px; padding:0px;}
@media only screen and (max-width:598px){
table[class="mainWd"]{ width:100% !important; }
.img{ width:100% !important; }
}
@media only screen and (max-width:599px){
table{ float:none !important; }
table[class="mainWd"]{ width:100% !important; }
table[class="table-width"]{ float:left !important}
.img{ width:100% !important; }
@media only screen and (max-width:480px){
td[class="wd660"]{ width:100% !important; float:left !important; text-align:center !important; }
.img1{ display:none !important}
td[class="wd360"]{ width:100% !important; float:left !important; text-align:center; margin-bottom:20px; }	
table[class="full_480"]{ width:220px !important;  text-align:center !important;  float:none !important;  }	
td[class="mob_hide"]{ display:none !important; }
}
 
.img {width:100% !important; }
.img {width:100% !important; }
</style>
</head>

<body style="background:#cccccc;-moz-text-size-adjust:none; -webkit-text-size-adjust:none; -ms-text-size-adjust:none;  ">
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="0" >
<tr><td align="center">
	<table width="650" border="0" align="center" cellpadding="0" cellspacing="0" class="mainWd" >
    
<tr><td height="25" align="center" valign="middle" style="font-family:Arial, Helvetica, sans-serif; font-size:12px; color:#ffffff; background:#2a4c75">Can’t see this email? View it in your browser. </td></tr> 
    

  
  
  <tr>
    <td align="left" valign="top" class="bg" bgcolor="#ffffff">
	<table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">
    
<tr>    <td height="20" align="left" valign="top"> <img src="http://' . $serverurl . '/images/banner123.jpg" alt=" " class="img" border="0" align="left" style="display:block;width:100%"></td>    </tr>
 
    
     
     <tr><td height="20" align="center" valign="top"> </td></tr>
     
     <tr><td   align="center" valign="top">
       <table width="96%" border="0" align="center" cellpadding="0" cellspacing="0">
       <tr><td align="left" valign="top"><span style="font-family:Arial, Helvetica, sans-serif; font-size:14px; line-height:20px; color:#343434; font-weight:normal;">Dear <span style="color:#343434;text-transform:capitalize;">' . $data['name'] . ',</span><br /><br />We have received a request regarding the change of your password.</span>
<br /><br />

<span style="font-family:Arial, Helvetica, sans-serif; font-size:14px; line-height:20px; color:#343434; font-weight:normal;">The verification code is - </span> ' . $data['token'] . ' <br /> <br />
<span style="font-family:Arial, Helvetica, sans-serif; font-size:14px; line-height:20px; color:#343434; font-weight:normal;">Please ignore this mail if you don’t want to reset your password.</span></td></tr> 
<tr><td height="20" align="center" valign="top"> </td></tr>
<tr><td align="left" valign="top">
<span style="font-family:Arial, Helvetica, sans-serif; font-size:14px; line-height:20px; color:#343434; font-weight:normal;">Best regards,<br /> 
Team RAS</span>
 
 </td></tr>

 <tr><td height="20" align="center" valign="top"> </td></tr>
</table>
      </td>   
  </table>


</td>
 
   
	 
 
       <tr> <td align="center" valign="middle" height="37 " bgcolor="#2a4c75" > <span style="font-family:Arial, Helvetica, sans-serif; font-size:12px  ; color:#ffffff;-webkit-text-size-adjust: none;">Copyright © 2015. RAS All rights reserved </span></td>  
         </tr> 
     

  
  
  </table>
  </td>
  </tr>
<tr>
  <td align="center">&nbsp;</td>
</tr>
</table>

</body>
</html>';
        $mailer = JFactory::getMailer();
        $config = JFactory::getConfig();
        $subject = 'Forgot Password Request';
        $from = $config->get('mailfrom');
        $fromname = $config->get('fromname');
        $to = $user->email;
        $sender = array($from, $fromname);
        $mailer->isHTML(true);
        $mailer->setSender($sender);
        $mailer->addRecipient($to);
        $mailer->Encoding = 'base64';
        $mailer->setSubject($subject);
        $mailer->setBody($body);
        $return = $mailer->Send();
        // Check for an error.
        if ($return !== true) {
            return new JException(JText::_('COM_USERS_MAIL_FAILED'), 500);
        }
        return true;
    }
Beispiel #5
0
 /**
  * Processes intial reset password request
  *
  * @return  void
  */
 public function resettingTask()
 {
     // Check the request token
     Session::checkToken('post') or exit(Lang::txt('JINVALID_TOKEN'));
     // Grab the incoming username
     if (!($username = trim(Request::getVar('username', false)))) {
         App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_MISSING_USERNAME'), 'warning');
         return;
     }
     // Make sure it looks like a valid username
     require_once dirname(dirname(__DIR__)) . DS . 'helpers' . DS . 'utility.php';
     // Determine if attempting to log in via username or email address
     if (strpos($username, '@')) {
         $validator = 'validemail';
         $field = 'email';
     } else {
         $validator = 'validlogin';
         $field = 'username';
     }
     if (!\Components\Members\Helpers\Utility::$validator($username)) {
         App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_INVALID_USERNAME'), 'warning');
         return;
     }
     // Find the user for the given username
     $user = \Hubzero\User\User::whereEquals($field, $username)->rows();
     // Make sure we have at least one and not more than one
     if ($user->count() < 1) {
         App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning');
         return;
     } else {
         if ($user->count() > 1) {
             App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_MULTIPLE_RESULTS'), 'warning');
             return;
         }
     }
     // Get the user object
     $user = $user->first();
     // Make sure the user isn't blocked
     if ($user->get('block')) {
         App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning');
         return;
     }
     // Make sure the user isn't a super admin
     if ($user->authorise('core.admin')) {
         App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_IS_SUPER'), 'warning');
         return;
     }
     // Make sure the user has not exceeded the reset limit
     if ($this->hasExceededResetLimit($user)) {
         App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_EXCEEDED_LIMIT'), 'warning');
         return;
     }
     // Set the confirmation token
     $token = App::hash(\JUserHelper::genRandomPassword());
     $salt = \JUserHelper::getSalt('crypt-md5');
     $hashedToken = md5($token . $salt) . ':' . $salt;
     // Save the token
     $user->tokens()->save(['token' => $hashedToken]);
     // Send an email
     $eview = new \Hubzero\Mail\View(array('name' => 'emails', 'layout' => 'reset_plain'));
     $eview->config = Config::getRoot();
     $eview->baseUrl = rtrim(Request::base(), '/');
     $eview->user = $user;
     $eview->token = $token;
     $eview->return = Route::url('index.php?option=' . $this->_option . '&task=verify');
     $plain = $eview->loadTemplate(false);
     $plain = str_replace("\n", "\r\n", $plain);
     $eview->setLayout('reset_html');
     $html = $eview->loadTemplate();
     $html = str_replace("\n", "\r\n", $html);
     // Build message
     $message = new \Hubzero\Mail\Message();
     $message->setSubject(Lang::txt('COM_MEMBERS_CREDENTIALS_EMAIL_RESET_SUBJECT', Config::get('sitename')))->addFrom(Config::get('mailfrom'), Config::get('fromname'))->addTo($user->get('email'), $user->get('name'))->addHeader('X-Component', $this->_option)->addHeader('X-Component-Object', 'password_reset')->addPart($plain, 'text/plain')->addPart($html, 'text/html');
     // Send mail
     if (!$message->send()) {
         Log::error('Members password reset email failed: ' . Lang::txt('Failed to mail %s', $user->get('email')));
         App::redirect(Route::url('index.php?option=' . $this->_option . '&task=remind', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_FIAILED_TO_SEND_MAIL'), 'warning');
         return;
     }
     // Push the user data into the session
     User::setState('com_users.reset.user', $user->get('id'));
     // Everything went well...go to the token verification page
     App::redirect(Route::url('index.php?option=' . $this->_option . '&task=verify', false), Lang::txt('COM_MEMBERS_CREDENTIALS_EMAIL_SENT'), 'passed');
 }
Beispiel #6
0
 /**
  * Method to start the password reset process.
  *
  * @since	1.6
  */
 public function processResetRequest($data)
 {
     $config = JFactory::getConfig();
     // Get the form.
     $form = $this->getForm();
     // Check for an error.
     if ($form instanceof Exception) {
         return $form;
     }
     // Filter and validate the form data.
     $data = $form->filter($data);
     $return = $form->validate($data);
     // Check for an error.
     if ($return instanceof Exception) {
         return $return;
     }
     // Check the validation results.
     if ($return === false) {
         // Get the validation messages from the form.
         foreach ($form->getErrors() as $message) {
             $this->setError($message);
         }
         return false;
     }
     // Find the user id for the given email address.
     $db = $this->getDbo();
     $query = $db->getQuery(true);
     $query->select('id');
     $query->from($db->quoteName('#__users'));
     $query->where($db->quoteName('email') . ' = ' . $db->q($data['email']));
     // Get the user object.
     $db->setQuery((string) $query);
     $userId = $db->loadResult();
     // Check for an error.
     if ($db->getErrorNum()) {
         $this->setError(JText::sprintf('COM_USERS_DATABASE_ERROR', $db->getErrorMsg()), 500);
         return false;
     }
     // Check for a user.
     if (empty($userId)) {
         $this->setError(JText::_('COM_USERS_INVALID_EMAIL'));
         return false;
     }
     // Get the user object.
     $user = JUser::getInstance($userId);
     // Make sure the user isn't blocked.
     if ($user->block) {
         $this->setError(JText::_('COM_USERS_USER_BLOCKED'));
         return false;
     }
     // Make sure the user isn't a Super Admin.
     if ($user->authorise('core.admin')) {
         $this->setError(JText::_('COM_USERS_REMIND_SUPERADMIN_ERROR'));
         return false;
     }
     // Make sure the user has not exceeded the reset limit
     if (!$this->checkResetLimit($user)) {
         $resetLimit = (int) JFactory::getApplication()->getParams()->get('reset_time');
         $this->setError(JText::plural('COM_USERS_REMIND_LIMIT_ERROR_N_HOURS', $resetLimit));
         return false;
     }
     // Set the confirmation token.
     $token = JApplication::getHash(JUserHelper::genRandomPassword());
     $salt = JUserHelper::getSalt('crypt-md5');
     $hashedToken = md5($token . $salt) . ':' . $salt;
     $user->activation = $hashedToken;
     // Save the user to the database.
     if (!$user->save(true)) {
         return new JException(JText::sprintf('COM_USERS_USER_SAVE_FAILED', $user->getError()), 500);
     }
     // Assemble the password reset confirmation link.
     $mode = $config->get('force_ssl', 0) == 2 ? 1 : -1;
     $itemid = UsersHelperRoute::getLoginRoute();
     $itemid = $itemid !== null ? '&Itemid=' . $itemid : '';
     $link = 'index.php?option=com_users&view=reset&layout=confirm' . $itemid;
     // Put together the email template data.
     $data = $user->getProperties();
     $data['fromname'] = $config->get('fromname');
     $data['mailfrom'] = $config->get('mailfrom');
     $data['sitename'] = $config->get('sitename');
     $data['link_text'] = JRoute::_($link, false, $mode);
     $data['link_html'] = JRoute::_($link, true, $mode);
     $data['token'] = $token;
     $subject = JText::sprintf('COM_USERS_EMAIL_PASSWORD_RESET_SUBJECT', $data['sitename']);
     $body = JText::sprintf('COM_USERS_EMAIL_PASSWORD_RESET_BODY', $data['sitename'], $data['token'], $data['link_text']);
     // Send the password reset request email.
     $return = JFactory::getMailer()->sendMail($data['mailfrom'], $data['fromname'], $user->email, $subject, $body);
     // Check for an error.
     if ($return !== true) {
         return new JException(JText::_('COM_USERS_MAIL_FAILED'), 500);
     }
     return true;
 }
Beispiel #7
0
    private static function _checkCreateKeyFile($date)
    {
        vmSetStartTime('check');
        static $existingKeys = false;
        $keyPath = self::_getEncryptSafepath();
        if (!$existingKeys) {
            $dir = opendir($keyPath);
            if (is_resource($dir)) {
                $existingKeys = array();
                while (false !== ($file = readdir($dir))) {
                    if ($file != '.' && $file != '..') {
                        if (!is_dir($keyPath . DS . $file)) {
                            $ext = Jfile::getExt($file);
                            if ($ext == 'ini' and file_exists($keyPath . DS . $file)) {
                                $content = parse_ini_file($keyPath . DS . $file);
                                if ($content and is_array($content) and isset($content['unixtime'])) {
                                    $key = $content['unixtime'];
                                    unset($content['unixtime']);
                                    $existingKeys[$key] = $content;
                                    //vmdebug('Reading '.$keyPath .DS. $file,$content);
                                }
                            } else {
                                vmdebug('Resource says there is file, but does not exists? ' . $keyPath . DS . $file);
                            }
                        } else {
                            //vmdebug('Directory in they keyfolder?  '.$keyPath .DS. $file);
                        }
                    } else {
                        //vmdebug('Directory in the keyfolder '.$keyPath .DS. $file);
                    }
                }
            } else {
                static $warn = false;
                if (!$warn) {
                    vmWarn('Key folder in safepath unaccessible ' . $keyPath);
                }
                $warn = true;
            }
        }
        if ($existingKeys and is_array($existingKeys) and count($existingKeys) > 0) {
            ksort($existingKeys);
            if (!empty($date)) {
                $key = '';
                foreach ($existingKeys as $unixDate => $values) {
                    if ($unixDate - 30 >= $date) {
                        vmdebug('$unixDate ' . $unixDate . ' >= $date ' . $date);
                        continue;
                    }
                    vmdebug('$unixDate < $date');
                    //$usedKey = $values;
                    $key = $values['key'];
                }
                vmdebug('Use key file ', $key);
                //include($keyPath .DS. $usedKey.'.php');
            } else {
                $usedKey = end($existingKeys);
                $key = $usedKey['key'];
            }
            vmTime('my time', 'check');
            return $key;
        } else {
            $usedKey = date("ymd");
            $filename = $keyPath . DS . $usedKey . '.ini';
            if (!JFile::exists($filename)) {
                if (JVM_VERSION < 3) {
                    $token = JUtility::getHash(JUserHelper::genRandomPassword());
                } else {
                    $token = JApplication::getHash(JUserHelper::genRandomPassword());
                }
                $salt = JUserHelper::getSalt('crypt-md5');
                $hashedToken = md5($token . $salt);
                $key = base64_encode($hashedToken);
                //$options = array('costs'=>VmConfig::get('cryptCost',8));
                /*if(!function_exists('password_hash')){
                					require(JPATH_VM_ADMINISTRATOR . DS . 'helpers' . DS . 'password_compat.php');
                				}
                
                				if(function_exists('password_hash')){
                					$key = password_hash($key, PASSWORD_BCRYPT, $options);
                				}*/
                $date = JFactory::getDate();
                $today = $date->toUnix();
                //$key = pack('H*',$key);
                $content = ';<?php die(); */
						[keys]
						key = "' . $key . '"
						unixtime = "' . $today . '"
						date = "' . date("Y-m-d H:i:s") . '"
						; */ ?>';
                $result = JFile::write($filename, $content);
                vmTime('my time', 'check');
                return $key;
            }
        }
        vmTime('my time', 'check');
        //return pack('H*',$key);
    }
Beispiel #8
0
 /**
  * Helper wrapper method for getSalt
  *
  * @param   string  $encryption  The kind of password encryption to use.
  *                               Defaults to md5-hex.
  * @param   string  $seed        The seed to get the salt from (probably a
  *                               previously generated password). Defaults to
  *                               generating a new seed.
  * @param   string  $plaintext   The plaintext password that we're generating
  *                               a salt for. Defaults to none.
  *
  * @return  string  The generated or extracted salt.
  *
  * @see     JUserHelper::getSalt()
  * @since   3.4
  * @deprecated  4.0
  */
 public function getSalt($encryption = 'md5-hex', $seed = '', $plaintext = '')
 {
     return JUserHelper::getSalt($encryption, $seed, $plaintext);
 }
Beispiel #9
0
 /**
  * Send out local password set confirmation token
  *
  * @return void - redirect to confirm token view
  */
 private function sendtoken()
 {
     // Import helpers/classes
     jimport('joomla.mail.helper');
     jimport('joomla.user.helper');
     // Make sure they're logged in
     if ($this->user->get('guest')) {
         App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode(Route::url('index.php?option=' . $this->option . '&task=myaccount&active=account&action=sendtoken'))), Lang::txt('You must be a logged in to access this area.'), 'warning');
         return;
     }
     // Make sure this is an auth link account (i.e. no password set)
     $hzup = \Hubzero\User\Password::getInstance($this->member->get('uidNumber'));
     if (!empty($hzup->passhash)) {
         App::abort(404, Lang::txt('PLG_MEMBERS_ACCOUNT_NOT_LINKED_ACCOUNT'));
         return;
     }
     // Generate a new random token and hash it
     $token = App::hash(JUserHelper::genRandomPassword());
     $salt = JUserHelper::getSalt('crypt-md5');
     $hashedToken = md5($token . $salt) . ':' . $salt;
     // Store the hashed token
     $this->setToken($hashedToken);
     // Send the email with the token
     $this->sendEmail($token);
     // Redirect user to confirm token view page
     App::redirect(Route::url($this->member->getLink() . '&active=account&task=confirmtoken'), Lang::txt('Please check the email associated with this account (' . $this->member->get('email') . ') for your confirmation token!'), 'warning');
     return;
 }
Beispiel #10
0
 /**
  * Remind password
  *
  * @since	1.0
  * @access	public
  * @param	string	The email address of the user.
  * @return
  */
 public function remindPassword($email)
 {
     // Load backend language file.
     FD::language()->loadAdmin();
     $id = $this->getUserId('email', $email);
     if (!$id) {
         $this->setError(JText::_('COM_EASYSOCIAL_USERS_NO_SUCH_USER_WITH_EMAIL'));
         return false;
     }
     $user = FD::user($id);
     // Ensure that the user is not blocked
     if ($user->block) {
         $this->setError(JText::_('COM_EASYSOCIAL_USERS_USER_BLOCKED'));
         return false;
     }
     // Super administrator is not allowed to reset passwords.
     if ($user->authorise('core.admin')) {
         $this->setError(JText::_('COM_EASYSOCIAL_PROFILE_REMIND_PASSWORD_SUPER_ADMIN'));
         return false;
     }
     // Make sure the user has not exceeded the reset limit
     if (!$this->checkResetLimit($user)) {
         $resetLimit = (int) JFactory::getApplication()->getParams()->get('reset_time');
         $this->setError(JText::_('COM_EASYSOCIAL_PROFILE_REMIND_PASSWORD_EXCEEDED', $resetLimit));
         return false;
     }
     // Set the confirmation token.
     $token = JApplication::getHash(JUserHelper::genRandomPassword());
     $salt = JUserHelper::getSalt('crypt-md5');
     $hashedToken = md5($token . $salt) . ':' . $salt;
     // Set the new activation
     $user->activation = $hashedToken;
     // Save the user to the database.
     if (!$user->save(true)) {
         $this->setError(JText::_('COM_EASYSOCIAL_PROFILE_REMIND_PASSWORD_SAVE_ERROR'));
         return false;
     }
     // Get the application data.
     $jConfig = FD::jConfig();
     // Push arguments to template variables so users can use these arguments
     $params = array('site' => $jConfig->getValue('sitename'), 'username' => $user->username, 'name' => $user->getName(), 'id' => $user->id, 'avatar' => $user->getAvatar(SOCIAL_AVATAR_LARGE), 'profileLink' => $user->getPermalink(true, true), 'email' => $email, 'token' => $token);
     // Get the email title.
     $title = JText::_('COM_EASYSOCIAL_EMAILS_REMIND_PASSWORD_TITLE');
     // Immediately send out emails
     $mailer = FD::mailer();
     // Get the email template.
     $mailTemplate = $mailer->getTemplate();
     // Set recipient
     $mailTemplate->setRecipient($user->name, $user->email);
     // Set title
     $mailTemplate->setTitle($title);
     // Set the contents
     $mailTemplate->setTemplate('site/user/remind.password', $params);
     // Set the priority. We need it to be sent out immediately since this is user registrations.
     $mailTemplate->setPriority(SOCIAL_MAILER_PRIORITY_IMMEDIATE);
     // Try to send out email now.
     $state = $mailer->create($mailTemplate);
     return $state;
 }
Beispiel #11
0
	function ajaxforgot()
	{
		error_reporting(0);
		require_once(JPATH_SITE . '/components/com_users/helpers/route.php');
		$lang = JFactory::getLanguage();
		$extension = 'com_users';
		$base_dir = JPATH_SITE;
		$language_tag = $lang->getTag();
		$reload = true;
		$lang->load($extension, $base_dir, $language_tag, $reload);
		$config = JFactory::getConfig();
		$db		= JFactory::getDbo();
		$params = JComponentHelper::getParams('com_users');
		
		$requestData ['email']= JRequest::getVar('email');
	
		// Find the user id for the given email address.
		$query	= $db->getQuery(true);
		$query->select('id');
		$query->from($db->quoteName('#__users'));
		$query->where($db->quoteName('email').' = '.$db->Quote($requestData ['email']));

		// Get the user object.
		$db->setQuery((string) $query);

		try
		{
			$userId = $db->loadResult();
		}
		catch (RuntimeException $e)
		{
			//$this->setError(JText::sprintf('COM_USERS_DATABASE_ERROR', $e->getMessage()), 500);
			awdwallController::ajaxResponse('$error$'.JText::sprintf('COM_USERS_DATABASE_ERROR', $e->getMessage()));
		}

		// Check for a user.
		if (empty($userId)) {
			awdwallController::ajaxResponse('$error$'.JText::_('COM_USERS_INVALID_EMAIL'));
		}

		// Get the user object.
		$user = JUser::getInstance($userId);

		// Make sure the user isn't blocked.
		if ($user->block) {
			awdwallController::ajaxResponse('$error$'.JText::_('COM_USERS_USER_BLOCKED'));
		}

		// Make sure the user isn't a Super Admin.
		if ($user->authorise('core.admin')) {
			awdwallController::ajaxResponse('$error$'.JText::_('COM_USERS_REMIND_SUPERADMIN_ERROR'));
		}

		// Make sure the user has not exceeded the reset limit
		$params = JFactory::getApplication()->getParams();
		$maxCount = (int) $params->get('reset_count');
		$resetHours = (int) $params->get('reset_time');
		$result = true;

		$lastResetTime = strtotime($user->lastResetTime) ? strtotime($user->lastResetTime) : 0;
		$hoursSinceLastReset = (strtotime(JFactory::getDate()->toSql()) - $lastResetTime) / 3600;

		// If it's been long enough, start a new reset count
		if ($hoursSinceLastReset > $resetHours)
		{
			$user->lastResetTime = JFactory::getDate()->toSql();
			$user->resetCount = 1;
		}

		// If we are under the max count, just increment the counter
		elseif ($user->resetCount < $maxCount)
		{
			$user->resetCount;
		}

		// At this point, we know we have exceeded the maximum resets for the time period
		else
		{
			$result = false;
		}
		
		
		if (!$result) {
			$resetLimit = (int) JFactory::getApplication()->getParams()->get('reset_time');
			//$this->setError(JText::plural('COM_USERS_REMIND_LIMIT_ERROR_N_HOURS', $resetLimit));
			awdwallController::ajaxResponse('$error$'.JText::plural('COM_USERS_REMIND_LIMIT_ERROR_N_HOURS', $resetLimit));
			//return false;
		}

		// Set the confirmation token.
		$token = JApplication::getHash(JUserHelper::genRandomPassword());
		$salt = JUserHelper::getSalt('crypt-md5');
		$hashedToken = md5($token.$salt).':'.$salt;

		$user->activation = $hashedToken;

		// Save the user to the database.
		if (!$user->save(true)) {
			awdwallController::ajaxResponse('$error$'.JText::sprintf('COM_USERS_USER_SAVE_FAILED', $user->getError()));
			//return new JException(JText::sprintf('COM_USERS_USER_SAVE_FAILED', $user->getError()), 500);
		}
		
		// Assemble the password reset confirmation link.
		$mode = $config->get('force_ssl', 0) == 2 ? 1 : -1;
		$itemid = UsersHelperRoute::getLoginRoute();
		$itemid = $itemid !== null ? '&Itemid='.$itemid : '';
		$link = 'index.php?option=com_users&view=reset&layout=confirm'.$itemid;
				

		// Put together the email template data.
		$data = $user->getProperties();
		$data['fromname']	= $config->get('fromname');
		$data['mailfrom']	= $config->get('mailfrom');
		$data['sitename']	= $config->get('sitename');
		$data['link_text']	= JRoute::_($link, false, $mode);
		$data['link_html']	= JRoute::_($link, true, $mode);
		$data['token']		= $token;

		$subject = JText::sprintf(
			'COM_USERS_EMAIL_PASSWORD_RESET_SUBJECT',
			$data['sitename']
		);

		$body = JText::sprintf(
			'COM_USERS_EMAIL_PASSWORD_RESET_BODY',
			$data['sitename'],
			$data['token'],
			$data['link_text']
		);

		// Send the password reset request email.
		$return = JFactory::getMailer()->sendMail($data['mailfrom'], $data['fromname'], $user->email, $subject, $body);
		// Check for an error.
		if ($return !== true) {
			awdwallController::ajaxResponse('$error$'.JText::_('COM_USERS_MAIL_FAILED'));
		}		
		awdwallController::ajaxResponse(JText::_('COM_COMAWDWALL_FORGOTPASS_SUCCESS_TEXT'));
		exit;
	}
function getCryptedPassword($plaintext, $salt = '', $encryption = 'md5-hex', $show_encrypt = false)
{
    $salt = JUserHelper::getSalt($encryption, $salt, $plaintext);
    $encrypted = $salt ? md5($plaintext . $salt) : md5($plaintext);
    return $show_encrypt ? '{MD5}' . $encrypted : $encrypted;
}