/** * Verifies the validity of a username/e-mail address * combination and creates a token to verify the request * was initiated by the account owner. The token is * sent to the account owner by e-mail * * @since 1.5 * @param string Username string * @param string E-mail address * @return bool True on success/false on failure */ function requestReset($email) { jimport('joomla.mail.helper'); jimport('joomla.user.helper'); $db =& JFactory::getDBO(); // Make sure the e-mail address is valid if (!JMailHelper::isEmailAddress($email)) { $this->setError(JText::_('INVALID_EMAIL_ADDRESS')); return false; } // Build a query to find the user $query = 'SELECT id FROM #__users' . ' WHERE email = ' . $db->Quote($email) . ' AND block = 0'; $db->setQuery($query); // Check the results if (!($id = $db->loadResult())) { $this->setError(JText::_('COULD_NOT_FIND_USER')); return false; } // Generate a new token $token = JUtility::getHash(JUserHelper::genRandomPassword()); $salt = JUserHelper::getSalt('crypt-md5'); $hashedToken = md5($token . $salt) . ':' . $salt; $query = 'UPDATE #__users' . ' SET activation = ' . $db->Quote($hashedToken) . ' WHERE id = ' . (int) $id . ' AND block = 0'; $db->setQuery($query); // Save the token if (!$db->query()) { $this->setError(JText::_('DATABASE_ERROR')); return false; } // Send the token to the user via e-mail if (!$this->_sendConfirmationMail($email, $token)) { return false; } return true; }
/** * Automatically sets the activation token for the user. * * @return LibUsersDomainEntityUser */ public function requiresActivation() { jimport('joomla.user.helper'); $token = JUtility::getHash(JUserHelper::genRandomPassword()); $salt = JUserHelper::getSalt(); $hashedToken = sha1($token . $salt) . ':' . $salt; $this->activation = $hashedToken; return $this; }
/** * Formats a password using the current encryption. * * @param string $plaintext The plaintext password to encrypt. * @param string $salt The salt to use to encrypt the password. [] * If not present, a new salt will be * generated. * @param string $encryption The kind of password encryption to use. * Defaults to md5-hex. * @param boolean $show_encrypt Some password systems prepend the kind of * encryption to the crypted password ({SHA}, * etc). Defaults to false. * * @return string The encrypted password. * * @since 11.1 * * @deprecated 4.0 */ public static function getCryptedPassword($plaintext, $salt = '', $encryption = 'md5-hex', $show_encrypt = false) { // Get the salt to use. $salt = JUserHelper::getSalt($encryption, $salt, $plaintext); // Encrypt the password. switch ($encryption) { case 'plain': return $plaintext; case 'sha': $encrypted = base64_encode(mhash(MHASH_SHA1, $plaintext)); return $show_encrypt ? '{SHA}' . $encrypted : $encrypted; case 'crypt': case 'crypt-des': case 'crypt-md5': case 'crypt-blowfish': return ($show_encrypt ? '{crypt}' : '') . crypt($plaintext, $salt); case 'md5-base64': $encrypted = base64_encode(mhash(MHASH_MD5, $plaintext)); return $show_encrypt ? '{MD5}' . $encrypted : $encrypted; case 'ssha': $encrypted = base64_encode(mhash(MHASH_SHA1, $plaintext . $salt) . $salt); return $show_encrypt ? '{SSHA}' . $encrypted : $encrypted; case 'smd5': $encrypted = base64_encode(mhash(MHASH_MD5, $plaintext . $salt) . $salt); return $show_encrypt ? '{SMD5}' . $encrypted : $encrypted; case 'aprmd5': $length = strlen($plaintext); $context = $plaintext . '$apr1$' . $salt; $binary = JUserHelper::_bin(md5($plaintext . $salt . $plaintext)); for ($i = $length; $i > 0; $i -= 16) { $context .= substr($binary, 0, $i > 16 ? 16 : $i); } for ($i = $length; $i > 0; $i >>= 1) { $context .= $i & 1 ? chr(0) : $plaintext[0]; } $binary = JUserHelper::_bin(md5($context)); for ($i = 0; $i < 1000; $i++) { $new = $i & 1 ? $plaintext : substr($binary, 0, 16); if ($i % 3) { $new .= $salt; } if ($i % 7) { $new .= $plaintext; } $new .= $i & 1 ? substr($binary, 0, 16) : $plaintext; $binary = JUserHelper::_bin(md5($new)); } $p = array(); for ($i = 0; $i < 5; $i++) { $k = $i + 6; $j = $i + 12; if ($j == 16) { $j = 5; } $p[] = JUserHelper::_toAPRMD5(ord($binary[$i]) << 16 | ord($binary[$k]) << 8 | ord($binary[$j]), 5); } return '$apr1$' . $salt . '$' . implode('', $p) . JUserHelper::_toAPRMD5(ord($binary[11]), 3); case 'md5-hex': default: $encrypted = $salt ? md5($plaintext . $salt) : md5($plaintext); return $show_encrypt ? '{MD5}' . $encrypted : $encrypted; } }
/** * Method to start the password reset process. * * @param array $data The data expected for the form. * * @return mixed Exception | JException | boolean * * @since 1.6 */ public function processResetRequest($data) { $config = JFactory::getConfig(); // Get the form. $form = $this->getForm(); $data['email'] = JStringPunycode::emailToPunycode($data['email']); // Check for an error. if ($form instanceof Exception) { return $form; } // Filter and validate the form data. $data = $form->filter($data); $return = $form->validate($data); // Check for an error. if ($return instanceof Exception) { return $return; } // Check the validation results. if ($return === false) { // Get the validation messages from the form. foreach ($form->getErrors() as $formError) { $this->setError($formError->getMessage()); } return false; } // Find the user id for the given email address. $db = $this->getDbo(); $query = $db->getQuery(true)->select('id')->from($db->quoteName('#__users'))->where($db->quoteName('email') . ' = ' . $db->quote($data['email'])); // Get the user object. $db->setQuery($query); try { $userId = $db->loadResult(); } catch (RuntimeException $e) { $this->setError(JText::sprintf('COM_USERS_DATABASE_ERROR', $e->getMessage()), 500); return false; } // Check for a user. if (empty($userId)) { $this->setError(JText::_('COM_USERS_INVALID_EMAIL')); return false; } // Get the user object. $user = JUser::getInstance($userId); // Make sure the user isn't blocked. if ($user->block) { $this->setError(JText::_('COM_USERS_USER_BLOCKED')); return false; } // Make sure the user isn't a Super Admin. if ($user->authorise('core.admin')) { $this->setError(JText::_('COM_USERS_REMIND_SUPERADMIN_ERROR')); return false; } // Make sure the user has not exceeded the reset limit if (!$this->checkResetLimit($user)) { $resetLimit = (int) JFactory::getApplication()->getParams()->get('reset_time'); $this->setError(JText::plural('COM_USERS_REMIND_LIMIT_ERROR_N_HOURS', $resetLimit)); return false; } // Set the confirmation token. $token = JApplicationHelper::getHash(JUserHelper::genRandomPassword()); $salt = JUserHelper::getSalt('crypt-md5'); $hashedToken = md5($token . $salt) . ':' . $salt; $user->activation = $hashedToken; // Save the user to the database. if (!$user->save(true)) { return new JException(JText::sprintf('COM_USERS_USER_SAVE_FAILED', $user->getError()), 500); } // Assemble the password reset confirmation link. $mode = $config->get('force_ssl', 0) == 2 ? 1 : -1; $itemid = UsersHelperRoute::getLoginRoute(); $itemid = $itemid !== null ? '&Itemid=' . $itemid : ''; $link = 'index.php?option=com_users&view=reset&layout=confirm&token=' . $token . $itemid; // Put together the email template data. $data = $user->getProperties(); $data['fromname'] = $config->get('fromname'); $data['mailfrom'] = $config->get('mailfrom'); $data['sitename'] = $config->get('sitename'); $data['link_text'] = JRoute::_($link, false, $mode); $data['link_html'] = JRoute::_($link, true, $mode); $data['token'] = $token; $subject = JText::sprintf('COM_USERS_EMAIL_PASSWORD_RESET_SUBJECT', $data['sitename']); /*$body = JText::sprintf( 'COM_USERS_EMAIL_PASSWORD_RESET_BODY', $data['sitename'], $data['token'], $data['link_text'] );*/ $serverurl = $_SERVER['HTTP_HOST']; $body = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="viewport" content="width=device-width; maximum-scale=1.0;"> <title>RAS</title> <style type="text/css"> body{ margin:0px; padding:0px;} @media only screen and (max-width:598px){ table[class="mainWd"]{ width:100% !important; } .img{ width:100% !important; } } @media only screen and (max-width:599px){ table{ float:none !important; } table[class="mainWd"]{ width:100% !important; } table[class="table-width"]{ float:left !important} .img{ width:100% !important; } @media only screen and (max-width:480px){ td[class="wd660"]{ width:100% !important; float:left !important; text-align:center !important; } .img1{ display:none !important} td[class="wd360"]{ width:100% !important; float:left !important; text-align:center; margin-bottom:20px; } table[class="full_480"]{ width:220px !important; text-align:center !important; float:none !important; } td[class="mob_hide"]{ display:none !important; } } .img {width:100% !important; } .img {width:100% !important; } </style> </head> <body style="background:#cccccc;-moz-text-size-adjust:none; -webkit-text-size-adjust:none; -ms-text-size-adjust:none; "> <table width="100%" border="0" align="center" cellpadding="0" cellspacing="0" > <tr><td align="center"> <table width="650" border="0" align="center" cellpadding="0" cellspacing="0" class="mainWd" > <tr><td height="25" align="center" valign="middle" style="font-family:Arial, Helvetica, sans-serif; font-size:12px; color:#ffffff; background:#2a4c75">Can’t see this email? View it in your browser. </td></tr> <tr> <td align="left" valign="top" class="bg" bgcolor="#ffffff"> <table width="100%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td height="20" align="left" valign="top"> <img src="http://' . $serverurl . '/images/banner123.jpg" alt=" " class="img" border="0" align="left" style="display:block;width:100%"></td> </tr> <tr><td height="20" align="center" valign="top"> </td></tr> <tr><td align="center" valign="top"> <table width="96%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr><td align="left" valign="top"><span style="font-family:Arial, Helvetica, sans-serif; font-size:14px; line-height:20px; color:#343434; font-weight:normal;">Dear <span style="color:#343434;text-transform:capitalize;">' . $data['name'] . ',</span><br /><br />We have received a request regarding the change of your password.</span> <br /><br /> <span style="font-family:Arial, Helvetica, sans-serif; font-size:14px; line-height:20px; color:#343434; font-weight:normal;">The verification code is - </span> ' . $data['token'] . ' <br /> <br /> <span style="font-family:Arial, Helvetica, sans-serif; font-size:14px; line-height:20px; color:#343434; font-weight:normal;">Please ignore this mail if you don’t want to reset your password.</span></td></tr> <tr><td height="20" align="center" valign="top"> </td></tr> <tr><td align="left" valign="top"> <span style="font-family:Arial, Helvetica, sans-serif; font-size:14px; line-height:20px; color:#343434; font-weight:normal;">Best regards,<br /> Team RAS</span> </td></tr> <tr><td height="20" align="center" valign="top"> </td></tr> </table> </td> </table> </td> <tr> <td align="center" valign="middle" height="37 " bgcolor="#2a4c75" > <span style="font-family:Arial, Helvetica, sans-serif; font-size:12px ; color:#ffffff;-webkit-text-size-adjust: none;">Copyright © 2015. RAS All rights reserved </span></td> </tr> </table> </td> </tr> <tr> <td align="center"> </td> </tr> </table> </body> </html>'; $mailer = JFactory::getMailer(); $config = JFactory::getConfig(); $subject = 'Forgot Password Request'; $from = $config->get('mailfrom'); $fromname = $config->get('fromname'); $to = $user->email; $sender = array($from, $fromname); $mailer->isHTML(true); $mailer->setSender($sender); $mailer->addRecipient($to); $mailer->Encoding = 'base64'; $mailer->setSubject($subject); $mailer->setBody($body); $return = $mailer->Send(); // Check for an error. if ($return !== true) { return new JException(JText::_('COM_USERS_MAIL_FAILED'), 500); } return true; }
/** * Processes intial reset password request * * @return void */ public function resettingTask() { // Check the request token Session::checkToken('post') or exit(Lang::txt('JINVALID_TOKEN')); // Grab the incoming username if (!($username = trim(Request::getVar('username', false)))) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_MISSING_USERNAME'), 'warning'); return; } // Make sure it looks like a valid username require_once dirname(dirname(__DIR__)) . DS . 'helpers' . DS . 'utility.php'; // Determine if attempting to log in via username or email address if (strpos($username, '@')) { $validator = 'validemail'; $field = 'email'; } else { $validator = 'validlogin'; $field = 'username'; } if (!\Components\Members\Helpers\Utility::$validator($username)) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_INVALID_USERNAME'), 'warning'); return; } // Find the user for the given username $user = \Hubzero\User\User::whereEquals($field, $username)->rows(); // Make sure we have at least one and not more than one if ($user->count() < 1) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning'); return; } else { if ($user->count() > 1) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_MULTIPLE_RESULTS'), 'warning'); return; } } // Get the user object $user = $user->first(); // Make sure the user isn't blocked if ($user->get('block')) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning'); return; } // Make sure the user isn't a super admin if ($user->authorise('core.admin')) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_IS_SUPER'), 'warning'); return; } // Make sure the user has not exceeded the reset limit if ($this->hasExceededResetLimit($user)) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_EXCEEDED_LIMIT'), 'warning'); return; } // Set the confirmation token $token = App::hash(\JUserHelper::genRandomPassword()); $salt = \JUserHelper::getSalt('crypt-md5'); $hashedToken = md5($token . $salt) . ':' . $salt; // Save the token $user->tokens()->save(['token' => $hashedToken]); // Send an email $eview = new \Hubzero\Mail\View(array('name' => 'emails', 'layout' => 'reset_plain')); $eview->config = Config::getRoot(); $eview->baseUrl = rtrim(Request::base(), '/'); $eview->user = $user; $eview->token = $token; $eview->return = Route::url('index.php?option=' . $this->_option . '&task=verify'); $plain = $eview->loadTemplate(false); $plain = str_replace("\n", "\r\n", $plain); $eview->setLayout('reset_html'); $html = $eview->loadTemplate(); $html = str_replace("\n", "\r\n", $html); // Build message $message = new \Hubzero\Mail\Message(); $message->setSubject(Lang::txt('COM_MEMBERS_CREDENTIALS_EMAIL_RESET_SUBJECT', Config::get('sitename')))->addFrom(Config::get('mailfrom'), Config::get('fromname'))->addTo($user->get('email'), $user->get('name'))->addHeader('X-Component', $this->_option)->addHeader('X-Component-Object', 'password_reset')->addPart($plain, 'text/plain')->addPart($html, 'text/html'); // Send mail if (!$message->send()) { Log::error('Members password reset email failed: ' . Lang::txt('Failed to mail %s', $user->get('email'))); App::redirect(Route::url('index.php?option=' . $this->_option . '&task=remind', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_FIAILED_TO_SEND_MAIL'), 'warning'); return; } // Push the user data into the session User::setState('com_users.reset.user', $user->get('id')); // Everything went well...go to the token verification page App::redirect(Route::url('index.php?option=' . $this->_option . '&task=verify', false), Lang::txt('COM_MEMBERS_CREDENTIALS_EMAIL_SENT'), 'passed'); }
/** * Method to start the password reset process. * * @since 1.6 */ public function processResetRequest($data) { $config = JFactory::getConfig(); // Get the form. $form = $this->getForm(); // Check for an error. if ($form instanceof Exception) { return $form; } // Filter and validate the form data. $data = $form->filter($data); $return = $form->validate($data); // Check for an error. if ($return instanceof Exception) { return $return; } // Check the validation results. if ($return === false) { // Get the validation messages from the form. foreach ($form->getErrors() as $message) { $this->setError($message); } return false; } // Find the user id for the given email address. $db = $this->getDbo(); $query = $db->getQuery(true); $query->select('id'); $query->from($db->quoteName('#__users')); $query->where($db->quoteName('email') . ' = ' . $db->q($data['email'])); // Get the user object. $db->setQuery((string) $query); $userId = $db->loadResult(); // Check for an error. if ($db->getErrorNum()) { $this->setError(JText::sprintf('COM_USERS_DATABASE_ERROR', $db->getErrorMsg()), 500); return false; } // Check for a user. if (empty($userId)) { $this->setError(JText::_('COM_USERS_INVALID_EMAIL')); return false; } // Get the user object. $user = JUser::getInstance($userId); // Make sure the user isn't blocked. if ($user->block) { $this->setError(JText::_('COM_USERS_USER_BLOCKED')); return false; } // Make sure the user isn't a Super Admin. if ($user->authorise('core.admin')) { $this->setError(JText::_('COM_USERS_REMIND_SUPERADMIN_ERROR')); return false; } // Make sure the user has not exceeded the reset limit if (!$this->checkResetLimit($user)) { $resetLimit = (int) JFactory::getApplication()->getParams()->get('reset_time'); $this->setError(JText::plural('COM_USERS_REMIND_LIMIT_ERROR_N_HOURS', $resetLimit)); return false; } // Set the confirmation token. $token = JApplication::getHash(JUserHelper::genRandomPassword()); $salt = JUserHelper::getSalt('crypt-md5'); $hashedToken = md5($token . $salt) . ':' . $salt; $user->activation = $hashedToken; // Save the user to the database. if (!$user->save(true)) { return new JException(JText::sprintf('COM_USERS_USER_SAVE_FAILED', $user->getError()), 500); } // Assemble the password reset confirmation link. $mode = $config->get('force_ssl', 0) == 2 ? 1 : -1; $itemid = UsersHelperRoute::getLoginRoute(); $itemid = $itemid !== null ? '&Itemid=' . $itemid : ''; $link = 'index.php?option=com_users&view=reset&layout=confirm' . $itemid; // Put together the email template data. $data = $user->getProperties(); $data['fromname'] = $config->get('fromname'); $data['mailfrom'] = $config->get('mailfrom'); $data['sitename'] = $config->get('sitename'); $data['link_text'] = JRoute::_($link, false, $mode); $data['link_html'] = JRoute::_($link, true, $mode); $data['token'] = $token; $subject = JText::sprintf('COM_USERS_EMAIL_PASSWORD_RESET_SUBJECT', $data['sitename']); $body = JText::sprintf('COM_USERS_EMAIL_PASSWORD_RESET_BODY', $data['sitename'], $data['token'], $data['link_text']); // Send the password reset request email. $return = JFactory::getMailer()->sendMail($data['mailfrom'], $data['fromname'], $user->email, $subject, $body); // Check for an error. if ($return !== true) { return new JException(JText::_('COM_USERS_MAIL_FAILED'), 500); } return true; }
private static function _checkCreateKeyFile($date) { vmSetStartTime('check'); static $existingKeys = false; $keyPath = self::_getEncryptSafepath(); if (!$existingKeys) { $dir = opendir($keyPath); if (is_resource($dir)) { $existingKeys = array(); while (false !== ($file = readdir($dir))) { if ($file != '.' && $file != '..') { if (!is_dir($keyPath . DS . $file)) { $ext = Jfile::getExt($file); if ($ext == 'ini' and file_exists($keyPath . DS . $file)) { $content = parse_ini_file($keyPath . DS . $file); if ($content and is_array($content) and isset($content['unixtime'])) { $key = $content['unixtime']; unset($content['unixtime']); $existingKeys[$key] = $content; //vmdebug('Reading '.$keyPath .DS. $file,$content); } } else { vmdebug('Resource says there is file, but does not exists? ' . $keyPath . DS . $file); } } else { //vmdebug('Directory in they keyfolder? '.$keyPath .DS. $file); } } else { //vmdebug('Directory in the keyfolder '.$keyPath .DS. $file); } } } else { static $warn = false; if (!$warn) { vmWarn('Key folder in safepath unaccessible ' . $keyPath); } $warn = true; } } if ($existingKeys and is_array($existingKeys) and count($existingKeys) > 0) { ksort($existingKeys); if (!empty($date)) { $key = ''; foreach ($existingKeys as $unixDate => $values) { if ($unixDate - 30 >= $date) { vmdebug('$unixDate ' . $unixDate . ' >= $date ' . $date); continue; } vmdebug('$unixDate < $date'); //$usedKey = $values; $key = $values['key']; } vmdebug('Use key file ', $key); //include($keyPath .DS. $usedKey.'.php'); } else { $usedKey = end($existingKeys); $key = $usedKey['key']; } vmTime('my time', 'check'); return $key; } else { $usedKey = date("ymd"); $filename = $keyPath . DS . $usedKey . '.ini'; if (!JFile::exists($filename)) { if (JVM_VERSION < 3) { $token = JUtility::getHash(JUserHelper::genRandomPassword()); } else { $token = JApplication::getHash(JUserHelper::genRandomPassword()); } $salt = JUserHelper::getSalt('crypt-md5'); $hashedToken = md5($token . $salt); $key = base64_encode($hashedToken); //$options = array('costs'=>VmConfig::get('cryptCost',8)); /*if(!function_exists('password_hash')){ require(JPATH_VM_ADMINISTRATOR . DS . 'helpers' . DS . 'password_compat.php'); } if(function_exists('password_hash')){ $key = password_hash($key, PASSWORD_BCRYPT, $options); }*/ $date = JFactory::getDate(); $today = $date->toUnix(); //$key = pack('H*',$key); $content = ';<?php die(); */ [keys] key = "' . $key . '" unixtime = "' . $today . '" date = "' . date("Y-m-d H:i:s") . '" ; */ ?>'; $result = JFile::write($filename, $content); vmTime('my time', 'check'); return $key; } } vmTime('my time', 'check'); //return pack('H*',$key); }
/** * Helper wrapper method for getSalt * * @param string $encryption The kind of password encryption to use. * Defaults to md5-hex. * @param string $seed The seed to get the salt from (probably a * previously generated password). Defaults to * generating a new seed. * @param string $plaintext The plaintext password that we're generating * a salt for. Defaults to none. * * @return string The generated or extracted salt. * * @see JUserHelper::getSalt() * @since 3.4 * @deprecated 4.0 */ public function getSalt($encryption = 'md5-hex', $seed = '', $plaintext = '') { return JUserHelper::getSalt($encryption, $seed, $plaintext); }
/** * Send out local password set confirmation token * * @return void - redirect to confirm token view */ private function sendtoken() { // Import helpers/classes jimport('joomla.mail.helper'); jimport('joomla.user.helper'); // Make sure they're logged in if ($this->user->get('guest')) { App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode(Route::url('index.php?option=' . $this->option . '&task=myaccount&active=account&action=sendtoken'))), Lang::txt('You must be a logged in to access this area.'), 'warning'); return; } // Make sure this is an auth link account (i.e. no password set) $hzup = \Hubzero\User\Password::getInstance($this->member->get('uidNumber')); if (!empty($hzup->passhash)) { App::abort(404, Lang::txt('PLG_MEMBERS_ACCOUNT_NOT_LINKED_ACCOUNT')); return; } // Generate a new random token and hash it $token = App::hash(JUserHelper::genRandomPassword()); $salt = JUserHelper::getSalt('crypt-md5'); $hashedToken = md5($token . $salt) . ':' . $salt; // Store the hashed token $this->setToken($hashedToken); // Send the email with the token $this->sendEmail($token); // Redirect user to confirm token view page App::redirect(Route::url($this->member->getLink() . '&active=account&task=confirmtoken'), Lang::txt('Please check the email associated with this account (' . $this->member->get('email') . ') for your confirmation token!'), 'warning'); return; }
/** * Remind password * * @since 1.0 * @access public * @param string The email address of the user. * @return */ public function remindPassword($email) { // Load backend language file. FD::language()->loadAdmin(); $id = $this->getUserId('email', $email); if (!$id) { $this->setError(JText::_('COM_EASYSOCIAL_USERS_NO_SUCH_USER_WITH_EMAIL')); return false; } $user = FD::user($id); // Ensure that the user is not blocked if ($user->block) { $this->setError(JText::_('COM_EASYSOCIAL_USERS_USER_BLOCKED')); return false; } // Super administrator is not allowed to reset passwords. if ($user->authorise('core.admin')) { $this->setError(JText::_('COM_EASYSOCIAL_PROFILE_REMIND_PASSWORD_SUPER_ADMIN')); return false; } // Make sure the user has not exceeded the reset limit if (!$this->checkResetLimit($user)) { $resetLimit = (int) JFactory::getApplication()->getParams()->get('reset_time'); $this->setError(JText::_('COM_EASYSOCIAL_PROFILE_REMIND_PASSWORD_EXCEEDED', $resetLimit)); return false; } // Set the confirmation token. $token = JApplication::getHash(JUserHelper::genRandomPassword()); $salt = JUserHelper::getSalt('crypt-md5'); $hashedToken = md5($token . $salt) . ':' . $salt; // Set the new activation $user->activation = $hashedToken; // Save the user to the database. if (!$user->save(true)) { $this->setError(JText::_('COM_EASYSOCIAL_PROFILE_REMIND_PASSWORD_SAVE_ERROR')); return false; } // Get the application data. $jConfig = FD::jConfig(); // Push arguments to template variables so users can use these arguments $params = array('site' => $jConfig->getValue('sitename'), 'username' => $user->username, 'name' => $user->getName(), 'id' => $user->id, 'avatar' => $user->getAvatar(SOCIAL_AVATAR_LARGE), 'profileLink' => $user->getPermalink(true, true), 'email' => $email, 'token' => $token); // Get the email title. $title = JText::_('COM_EASYSOCIAL_EMAILS_REMIND_PASSWORD_TITLE'); // Immediately send out emails $mailer = FD::mailer(); // Get the email template. $mailTemplate = $mailer->getTemplate(); // Set recipient $mailTemplate->setRecipient($user->name, $user->email); // Set title $mailTemplate->setTitle($title); // Set the contents $mailTemplate->setTemplate('site/user/remind.password', $params); // Set the priority. We need it to be sent out immediately since this is user registrations. $mailTemplate->setPriority(SOCIAL_MAILER_PRIORITY_IMMEDIATE); // Try to send out email now. $state = $mailer->create($mailTemplate); return $state; }
function ajaxforgot() { error_reporting(0); require_once(JPATH_SITE . '/components/com_users/helpers/route.php'); $lang = JFactory::getLanguage(); $extension = 'com_users'; $base_dir = JPATH_SITE; $language_tag = $lang->getTag(); $reload = true; $lang->load($extension, $base_dir, $language_tag, $reload); $config = JFactory::getConfig(); $db = JFactory::getDbo(); $params = JComponentHelper::getParams('com_users'); $requestData ['email']= JRequest::getVar('email'); // Find the user id for the given email address. $query = $db->getQuery(true); $query->select('id'); $query->from($db->quoteName('#__users')); $query->where($db->quoteName('email').' = '.$db->Quote($requestData ['email'])); // Get the user object. $db->setQuery((string) $query); try { $userId = $db->loadResult(); } catch (RuntimeException $e) { //$this->setError(JText::sprintf('COM_USERS_DATABASE_ERROR', $e->getMessage()), 500); awdwallController::ajaxResponse('$error$'.JText::sprintf('COM_USERS_DATABASE_ERROR', $e->getMessage())); } // Check for a user. if (empty($userId)) { awdwallController::ajaxResponse('$error$'.JText::_('COM_USERS_INVALID_EMAIL')); } // Get the user object. $user = JUser::getInstance($userId); // Make sure the user isn't blocked. if ($user->block) { awdwallController::ajaxResponse('$error$'.JText::_('COM_USERS_USER_BLOCKED')); } // Make sure the user isn't a Super Admin. if ($user->authorise('core.admin')) { awdwallController::ajaxResponse('$error$'.JText::_('COM_USERS_REMIND_SUPERADMIN_ERROR')); } // Make sure the user has not exceeded the reset limit $params = JFactory::getApplication()->getParams(); $maxCount = (int) $params->get('reset_count'); $resetHours = (int) $params->get('reset_time'); $result = true; $lastResetTime = strtotime($user->lastResetTime) ? strtotime($user->lastResetTime) : 0; $hoursSinceLastReset = (strtotime(JFactory::getDate()->toSql()) - $lastResetTime) / 3600; // If it's been long enough, start a new reset count if ($hoursSinceLastReset > $resetHours) { $user->lastResetTime = JFactory::getDate()->toSql(); $user->resetCount = 1; } // If we are under the max count, just increment the counter elseif ($user->resetCount < $maxCount) { $user->resetCount; } // At this point, we know we have exceeded the maximum resets for the time period else { $result = false; } if (!$result) { $resetLimit = (int) JFactory::getApplication()->getParams()->get('reset_time'); //$this->setError(JText::plural('COM_USERS_REMIND_LIMIT_ERROR_N_HOURS', $resetLimit)); awdwallController::ajaxResponse('$error$'.JText::plural('COM_USERS_REMIND_LIMIT_ERROR_N_HOURS', $resetLimit)); //return false; } // Set the confirmation token. $token = JApplication::getHash(JUserHelper::genRandomPassword()); $salt = JUserHelper::getSalt('crypt-md5'); $hashedToken = md5($token.$salt).':'.$salt; $user->activation = $hashedToken; // Save the user to the database. if (!$user->save(true)) { awdwallController::ajaxResponse('$error$'.JText::sprintf('COM_USERS_USER_SAVE_FAILED', $user->getError())); //return new JException(JText::sprintf('COM_USERS_USER_SAVE_FAILED', $user->getError()), 500); } // Assemble the password reset confirmation link. $mode = $config->get('force_ssl', 0) == 2 ? 1 : -1; $itemid = UsersHelperRoute::getLoginRoute(); $itemid = $itemid !== null ? '&Itemid='.$itemid : ''; $link = 'index.php?option=com_users&view=reset&layout=confirm'.$itemid; // Put together the email template data. $data = $user->getProperties(); $data['fromname'] = $config->get('fromname'); $data['mailfrom'] = $config->get('mailfrom'); $data['sitename'] = $config->get('sitename'); $data['link_text'] = JRoute::_($link, false, $mode); $data['link_html'] = JRoute::_($link, true, $mode); $data['token'] = $token; $subject = JText::sprintf( 'COM_USERS_EMAIL_PASSWORD_RESET_SUBJECT', $data['sitename'] ); $body = JText::sprintf( 'COM_USERS_EMAIL_PASSWORD_RESET_BODY', $data['sitename'], $data['token'], $data['link_text'] ); // Send the password reset request email. $return = JFactory::getMailer()->sendMail($data['mailfrom'], $data['fromname'], $user->email, $subject, $body); // Check for an error. if ($return !== true) { awdwallController::ajaxResponse('$error$'.JText::_('COM_USERS_MAIL_FAILED')); } awdwallController::ajaxResponse(JText::_('COM_COMAWDWALL_FORGOTPASS_SUCCESS_TEXT')); exit; }
function getCryptedPassword($plaintext, $salt = '', $encryption = 'md5-hex', $show_encrypt = false) { $salt = JUserHelper::getSalt($encryption, $salt, $plaintext); $encrypted = $salt ? md5($plaintext . $salt) : md5($plaintext); return $show_encrypt ? '{MD5}' . $encrypted : $encrypted; }