/**
* Verifies the validity of a username/e-mail address
* combination and creates a token to verify the request
* was initiated by the account owner. The token is
* sent to the account owner by e-mail
*
* @since 1.5
* @param string Username string
* @param string E-mail address
* @return bool True on success/false on failure
*/
function requestReset($email)
{
jimport('joomla.mail.helper');
jimport('joomla.user.helper');
$db =& JFactory::getDBO();
// Make sure the e-mail address is valid
if (!JMailHelper::isEmailAddress($email)) {
$this->setError(JText::_('INVALID_EMAIL_ADDRESS'));
return false;
}
// Build a query to find the user
$query = 'SELECT id FROM #__users' . ' WHERE email = ' . $db->Quote($email) . ' AND block = 0';
$db->setQuery($query);
// Check the results
if (!($id = $db->loadResult())) {
$this->setError(JText::_('COULD_NOT_FIND_USER'));
return false;
}
// Generate a new token
$token = JUtility::getHash(JUserHelper::genRandomPassword());
$salt = JUserHelper::getSalt('crypt-md5');
$hashedToken = md5($token . $salt) . ':' . $salt;
$query = 'UPDATE #__users' . ' SET activation = ' . $db->Quote($hashedToken) . ' WHERE id = ' . (int) $id . ' AND block = 0';
$db->setQuery($query);
// Save the token
if (!$db->query()) {
$this->setError(JText::_('DATABASE_ERROR'));
return false;
}
// Send the token to the user via e-mail
if (!$this->_sendConfirmationMail($email, $token)) {
return false;
}
return true;
}
/**
* Automatically sets the activation token for the user.
*
* @return LibUsersDomainEntityUser
*/
public function requiresActivation()
{
jimport('joomla.user.helper');
$token = JUtility::getHash(JUserHelper::genRandomPassword());
$salt = JUserHelper::getSalt();
$hashedToken = sha1($token . $salt) . ':' . $salt;
$this->activation = $hashedToken;
return $this;
}
/**
* Formats a password using the current encryption.
*
* @param string $plaintext The plaintext password to encrypt.
* @param string $salt The salt to use to encrypt the password. []
* If not present, a new salt will be
* generated.
* @param string $encryption The kind of password encryption to use.
* Defaults to md5-hex.
* @param boolean $show_encrypt Some password systems prepend the kind of
* encryption to the crypted password ({SHA},
* etc). Defaults to false.
*
* @return string The encrypted password.
*
* @since 11.1
*
* @deprecated 4.0
*/
public static function getCryptedPassword($plaintext, $salt = '', $encryption = 'md5-hex', $show_encrypt = false)
{
// Get the salt to use.
$salt = JUserHelper::getSalt($encryption, $salt, $plaintext);
// Encrypt the password.
switch ($encryption) {
case 'plain':
return $plaintext;
case 'sha':
$encrypted = base64_encode(mhash(MHASH_SHA1, $plaintext));
return $show_encrypt ? '{SHA}' . $encrypted : $encrypted;
case 'crypt':
case 'crypt-des':
case 'crypt-md5':
case 'crypt-blowfish':
return ($show_encrypt ? '{crypt}' : '') . crypt($plaintext, $salt);
case 'md5-base64':
$encrypted = base64_encode(mhash(MHASH_MD5, $plaintext));
return $show_encrypt ? '{MD5}' . $encrypted : $encrypted;
case 'ssha':
$encrypted = base64_encode(mhash(MHASH_SHA1, $plaintext . $salt) . $salt);
return $show_encrypt ? '{SSHA}' . $encrypted : $encrypted;
case 'smd5':
$encrypted = base64_encode(mhash(MHASH_MD5, $plaintext . $salt) . $salt);
return $show_encrypt ? '{SMD5}' . $encrypted : $encrypted;
case 'aprmd5':
$length = strlen($plaintext);
$context = $plaintext . '$apr1$' . $salt;
$binary = JUserHelper::_bin(md5($plaintext . $salt . $plaintext));
for ($i = $length; $i > 0; $i -= 16) {
$context .= substr($binary, 0, $i > 16 ? 16 : $i);
}
for ($i = $length; $i > 0; $i >>= 1) {
$context .= $i & 1 ? chr(0) : $plaintext[0];
}
$binary = JUserHelper::_bin(md5($context));
for ($i = 0; $i < 1000; $i++) {
$new = $i & 1 ? $plaintext : substr($binary, 0, 16);
if ($i % 3) {
$new .= $salt;
}
if ($i % 7) {
$new .= $plaintext;
}
$new .= $i & 1 ? substr($binary, 0, 16) : $plaintext;
$binary = JUserHelper::_bin(md5($new));
}
$p = array();
for ($i = 0; $i < 5; $i++) {
$k = $i + 6;
$j = $i + 12;
if ($j == 16) {
$j = 5;
}
$p[] = JUserHelper::_toAPRMD5(ord($binary[$i]) << 16 | ord($binary[$k]) << 8 | ord($binary[$j]), 5);
}
return '$apr1$' . $salt . '$' . implode('', $p) . JUserHelper::_toAPRMD5(ord($binary[11]), 3);
case 'md5-hex':
default:
$encrypted = $salt ? md5($plaintext . $salt) : md5($plaintext);
return $show_encrypt ? '{MD5}' . $encrypted : $encrypted;
}
}
/**
* Method to start the password reset process.
*
* @param array $data The data expected for the form.
*
* @return mixed Exception | JException | boolean
*
* @since 1.6
*/
public function processResetRequest($data)
{
$config = JFactory::getConfig();
// Get the form.
$form = $this->getForm();
$data['email'] = JStringPunycode::emailToPunycode($data['email']);
// Check for an error.
if ($form instanceof Exception) {
return $form;
}
// Filter and validate the form data.
$data = $form->filter($data);
$return = $form->validate($data);
// Check for an error.
if ($return instanceof Exception) {
return $return;
}
// Check the validation results.
if ($return === false) {
// Get the validation messages from the form.
foreach ($form->getErrors() as $formError) {
$this->setError($formError->getMessage());
}
return false;
}
// Find the user id for the given email address.
$db = $this->getDbo();
$query = $db->getQuery(true)->select('id')->from($db->quoteName('#__users'))->where($db->quoteName('email') . ' = ' . $db->quote($data['email']));
// Get the user object.
$db->setQuery($query);
try {
$userId = $db->loadResult();
} catch (RuntimeException $e) {
$this->setError(JText::sprintf('COM_USERS_DATABASE_ERROR', $e->getMessage()), 500);
return false;
}
// Check for a user.
if (empty($userId)) {
$this->setError(JText::_('COM_USERS_INVALID_EMAIL'));
return false;
}
// Get the user object.
$user = JUser::getInstance($userId);
// Make sure the user isn't blocked.
if ($user->block) {
$this->setError(JText::_('COM_USERS_USER_BLOCKED'));
return false;
}
// Make sure the user isn't a Super Admin.
if ($user->authorise('core.admin')) {
$this->setError(JText::_('COM_USERS_REMIND_SUPERADMIN_ERROR'));
return false;
}
// Make sure the user has not exceeded the reset limit
if (!$this->checkResetLimit($user)) {
$resetLimit = (int) JFactory::getApplication()->getParams()->get('reset_time');
$this->setError(JText::plural('COM_USERS_REMIND_LIMIT_ERROR_N_HOURS', $resetLimit));
return false;
}
// Set the confirmation token.
$token = JApplicationHelper::getHash(JUserHelper::genRandomPassword());
$salt = JUserHelper::getSalt('crypt-md5');
$hashedToken = md5($token . $salt) . ':' . $salt;
$user->activation = $hashedToken;
// Save the user to the database.
if (!$user->save(true)) {
return new JException(JText::sprintf('COM_USERS_USER_SAVE_FAILED', $user->getError()), 500);
}
// Assemble the password reset confirmation link.
$mode = $config->get('force_ssl', 0) == 2 ? 1 : -1;
$itemid = UsersHelperRoute::getLoginRoute();
$itemid = $itemid !== null ? '&Itemid=' . $itemid : '';
$link = 'index.php?option=com_users&view=reset&layout=confirm&token=' . $token . $itemid;
// Put together the email template data.
$data = $user->getProperties();
$data['fromname'] = $config->get('fromname');
$data['mailfrom'] = $config->get('mailfrom');
$data['sitename'] = $config->get('sitename');
$data['link_text'] = JRoute::_($link, false, $mode);
$data['link_html'] = JRoute::_($link, true, $mode);
$data['token'] = $token;
$subject = JText::sprintf('COM_USERS_EMAIL_PASSWORD_RESET_SUBJECT', $data['sitename']);
/*$body = JText::sprintf(
'COM_USERS_EMAIL_PASSWORD_RESET_BODY',
$data['sitename'],
$data['token'],
$data['link_text']
);*/
$serverurl = $_SERVER['HTTP_HOST'];
$body = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="viewport" content="width=device-width; maximum-scale=1.0;">
<title>RAS</title>
<style type="text/css">
body{ margin:0px; padding:0px;}
@media only screen and (max-width:598px){
table[class="mainWd"]{ width:100% !important; }
.img{ width:100% !important; }
}
@media only screen and (max-width:599px){
table{ float:none !important; }
table[class="mainWd"]{ width:100% !important; }
table[class="table-width"]{ float:left !important}
.img{ width:100% !important; }
@media only screen and (max-width:480px){
td[class="wd660"]{ width:100% !important; float:left !important; text-align:center !important; }
.img1{ display:none !important}
td[class="wd360"]{ width:100% !important; float:left !important; text-align:center; margin-bottom:20px; }
table[class="full_480"]{ width:220px !important; text-align:center !important; float:none !important; }
td[class="mob_hide"]{ display:none !important; }
}
.img {width:100% !important; }
.img {width:100% !important; }
</style>
</head>
<body style="background:#cccccc;-moz-text-size-adjust:none; -webkit-text-size-adjust:none; -ms-text-size-adjust:none; ">
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="0" >
<tr><td align="center">
<table width="650" border="0" align="center" cellpadding="0" cellspacing="0" class="mainWd" >
<tr><td height="25" align="center" valign="middle" style="font-family:Arial, Helvetica, sans-serif; font-size:12px; color:#ffffff; background:#2a4c75">Can’t see this email? View it in your browser. </td></tr>
<tr>
<td align="left" valign="top" class="bg" bgcolor="#ffffff">
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr> <td height="20" align="left" valign="top"> <img src="http://' . $serverurl . '/images/banner123.jpg" alt=" " class="img" border="0" align="left" style="display:block;width:100%"></td> </tr>
<tr><td height="20" align="center" valign="top"> </td></tr>
<tr><td align="center" valign="top">
<table width="96%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr><td align="left" valign="top"><span style="font-family:Arial, Helvetica, sans-serif; font-size:14px; line-height:20px; color:#343434; font-weight:normal;">Dear <span style="color:#343434;text-transform:capitalize;">' . $data['name'] . ',</span><br /><br />We have received a request regarding the change of your password.</span>
<br /><br />
<span style="font-family:Arial, Helvetica, sans-serif; font-size:14px; line-height:20px; color:#343434; font-weight:normal;">The verification code is - </span> ' . $data['token'] . ' <br /> <br />
<span style="font-family:Arial, Helvetica, sans-serif; font-size:14px; line-height:20px; color:#343434; font-weight:normal;">Please ignore this mail if you don’t want to reset your password.</span></td></tr>
<tr><td height="20" align="center" valign="top"> </td></tr>
<tr><td align="left" valign="top">
<span style="font-family:Arial, Helvetica, sans-serif; font-size:14px; line-height:20px; color:#343434; font-weight:normal;">Best regards,<br />
Team RAS</span>
</td></tr>
<tr><td height="20" align="center" valign="top"> </td></tr>
</table>
</td>
</table>
</td>
<tr> <td align="center" valign="middle" height="37 " bgcolor="#2a4c75" > <span style="font-family:Arial, Helvetica, sans-serif; font-size:12px ; color:#ffffff;-webkit-text-size-adjust: none;">Copyright © 2015. RAS All rights reserved </span></td>
</tr>
</table>
</td>
</tr>
<tr>
<td align="center"> </td>
</tr>
</table>
</body>
</html>';
$mailer = JFactory::getMailer();
$config = JFactory::getConfig();
$subject = 'Forgot Password Request';
$from = $config->get('mailfrom');
$fromname = $config->get('fromname');
$to = $user->email;
$sender = array($from, $fromname);
$mailer->isHTML(true);
$mailer->setSender($sender);
$mailer->addRecipient($to);
$mailer->Encoding = 'base64';
$mailer->setSubject($subject);
$mailer->setBody($body);
$return = $mailer->Send();
// Check for an error.
if ($return !== true) {
return new JException(JText::_('COM_USERS_MAIL_FAILED'), 500);
}
return true;
}
/**
* Processes intial reset password request
*
* @return void
*/
public function resettingTask()
{
// Check the request token
Session::checkToken('post') or exit(Lang::txt('JINVALID_TOKEN'));
// Grab the incoming username
if (!($username = trim(Request::getVar('username', false)))) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_MISSING_USERNAME'), 'warning');
return;
}
// Make sure it looks like a valid username
require_once dirname(dirname(__DIR__)) . DS . 'helpers' . DS . 'utility.php';
// Determine if attempting to log in via username or email address
if (strpos($username, '@')) {
$validator = 'validemail';
$field = 'email';
} else {
$validator = 'validlogin';
$field = 'username';
}
if (!\Components\Members\Helpers\Utility::$validator($username)) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_INVALID_USERNAME'), 'warning');
return;
}
// Find the user for the given username
$user = \Hubzero\User\User::whereEquals($field, $username)->rows();
// Make sure we have at least one and not more than one
if ($user->count() < 1) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning');
return;
} else {
if ($user->count() > 1) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_MULTIPLE_RESULTS'), 'warning');
return;
}
}
// Get the user object
$user = $user->first();
// Make sure the user isn't blocked
if ($user->get('block')) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning');
return;
}
// Make sure the user isn't a super admin
if ($user->authorise('core.admin')) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_IS_SUPER'), 'warning');
return;
}
// Make sure the user has not exceeded the reset limit
if ($this->hasExceededResetLimit($user)) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_EXCEEDED_LIMIT'), 'warning');
return;
}
// Set the confirmation token
$token = App::hash(\JUserHelper::genRandomPassword());
$salt = \JUserHelper::getSalt('crypt-md5');
$hashedToken = md5($token . $salt) . ':' . $salt;
// Save the token
$user->tokens()->save(['token' => $hashedToken]);
// Send an email
$eview = new \Hubzero\Mail\View(array('name' => 'emails', 'layout' => 'reset_plain'));
$eview->config = Config::getRoot();
$eview->baseUrl = rtrim(Request::base(), '/');
$eview->user = $user;
$eview->token = $token;
$eview->return = Route::url('index.php?option=' . $this->_option . '&task=verify');
$plain = $eview->loadTemplate(false);
$plain = str_replace("\n", "\r\n", $plain);
$eview->setLayout('reset_html');
$html = $eview->loadTemplate();
$html = str_replace("\n", "\r\n", $html);
// Build message
$message = new \Hubzero\Mail\Message();
$message->setSubject(Lang::txt('COM_MEMBERS_CREDENTIALS_EMAIL_RESET_SUBJECT', Config::get('sitename')))->addFrom(Config::get('mailfrom'), Config::get('fromname'))->addTo($user->get('email'), $user->get('name'))->addHeader('X-Component', $this->_option)->addHeader('X-Component-Object', 'password_reset')->addPart($plain, 'text/plain')->addPart($html, 'text/html');
// Send mail
if (!$message->send()) {
Log::error('Members password reset email failed: ' . Lang::txt('Failed to mail %s', $user->get('email')));
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=remind', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_FIAILED_TO_SEND_MAIL'), 'warning');
return;
}
// Push the user data into the session
User::setState('com_users.reset.user', $user->get('id'));
// Everything went well...go to the token verification page
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=verify', false), Lang::txt('COM_MEMBERS_CREDENTIALS_EMAIL_SENT'), 'passed');
}
/**
* Method to start the password reset process.
*
* @since 1.6
*/
public function processResetRequest($data)
{
$config = JFactory::getConfig();
// Get the form.
$form = $this->getForm();
// Check for an error.
if ($form instanceof Exception) {
return $form;
}
// Filter and validate the form data.
$data = $form->filter($data);
$return = $form->validate($data);
// Check for an error.
if ($return instanceof Exception) {
return $return;
}
// Check the validation results.
if ($return === false) {
// Get the validation messages from the form.
foreach ($form->getErrors() as $message) {
$this->setError($message);
}
return false;
}
// Find the user id for the given email address.
$db = $this->getDbo();
$query = $db->getQuery(true);
$query->select('id');
$query->from($db->quoteName('#__users'));
$query->where($db->quoteName('email') . ' = ' . $db->q($data['email']));
// Get the user object.
$db->setQuery((string) $query);
$userId = $db->loadResult();
// Check for an error.
if ($db->getErrorNum()) {
$this->setError(JText::sprintf('COM_USERS_DATABASE_ERROR', $db->getErrorMsg()), 500);
return false;
}
// Check for a user.
if (empty($userId)) {
$this->setError(JText::_('COM_USERS_INVALID_EMAIL'));
return false;
}
// Get the user object.
$user = JUser::getInstance($userId);
// Make sure the user isn't blocked.
if ($user->block) {
$this->setError(JText::_('COM_USERS_USER_BLOCKED'));
return false;
}
// Make sure the user isn't a Super Admin.
if ($user->authorise('core.admin')) {
$this->setError(JText::_('COM_USERS_REMIND_SUPERADMIN_ERROR'));
return false;
}
// Make sure the user has not exceeded the reset limit
if (!$this->checkResetLimit($user)) {
$resetLimit = (int) JFactory::getApplication()->getParams()->get('reset_time');
$this->setError(JText::plural('COM_USERS_REMIND_LIMIT_ERROR_N_HOURS', $resetLimit));
return false;
}
// Set the confirmation token.
$token = JApplication::getHash(JUserHelper::genRandomPassword());
$salt = JUserHelper::getSalt('crypt-md5');
$hashedToken = md5($token . $salt) . ':' . $salt;
$user->activation = $hashedToken;
// Save the user to the database.
if (!$user->save(true)) {
return new JException(JText::sprintf('COM_USERS_USER_SAVE_FAILED', $user->getError()), 500);
}
// Assemble the password reset confirmation link.
$mode = $config->get('force_ssl', 0) == 2 ? 1 : -1;
$itemid = UsersHelperRoute::getLoginRoute();
$itemid = $itemid !== null ? '&Itemid=' . $itemid : '';
$link = 'index.php?option=com_users&view=reset&layout=confirm' . $itemid;
// Put together the email template data.
$data = $user->getProperties();
$data['fromname'] = $config->get('fromname');
$data['mailfrom'] = $config->get('mailfrom');
$data['sitename'] = $config->get('sitename');
$data['link_text'] = JRoute::_($link, false, $mode);
$data['link_html'] = JRoute::_($link, true, $mode);
$data['token'] = $token;
$subject = JText::sprintf('COM_USERS_EMAIL_PASSWORD_RESET_SUBJECT', $data['sitename']);
$body = JText::sprintf('COM_USERS_EMAIL_PASSWORD_RESET_BODY', $data['sitename'], $data['token'], $data['link_text']);
// Send the password reset request email.
$return = JFactory::getMailer()->sendMail($data['mailfrom'], $data['fromname'], $user->email, $subject, $body);
// Check for an error.
if ($return !== true) {
return new JException(JText::_('COM_USERS_MAIL_FAILED'), 500);
}
return true;
}
private static function _checkCreateKeyFile($date)
{
vmSetStartTime('check');
static $existingKeys = false;
$keyPath = self::_getEncryptSafepath();
if (!$existingKeys) {
$dir = opendir($keyPath);
if (is_resource($dir)) {
$existingKeys = array();
while (false !== ($file = readdir($dir))) {
if ($file != '.' && $file != '..') {
if (!is_dir($keyPath . DS . $file)) {
$ext = Jfile::getExt($file);
if ($ext == 'ini' and file_exists($keyPath . DS . $file)) {
$content = parse_ini_file($keyPath . DS . $file);
if ($content and is_array($content) and isset($content['unixtime'])) {
$key = $content['unixtime'];
unset($content['unixtime']);
$existingKeys[$key] = $content;
//vmdebug('Reading '.$keyPath .DS. $file,$content);
}
} else {
vmdebug('Resource says there is file, but does not exists? ' . $keyPath . DS . $file);
}
} else {
//vmdebug('Directory in they keyfolder? '.$keyPath .DS. $file);
}
} else {
//vmdebug('Directory in the keyfolder '.$keyPath .DS. $file);
}
}
} else {
static $warn = false;
if (!$warn) {
vmWarn('Key folder in safepath unaccessible ' . $keyPath);
}
$warn = true;
}
}
if ($existingKeys and is_array($existingKeys) and count($existingKeys) > 0) {
ksort($existingKeys);
if (!empty($date)) {
$key = '';
foreach ($existingKeys as $unixDate => $values) {
if ($unixDate - 30 >= $date) {
vmdebug('$unixDate ' . $unixDate . ' >= $date ' . $date);
continue;
}
vmdebug('$unixDate < $date');
//$usedKey = $values;
$key = $values['key'];
}
vmdebug('Use key file ', $key);
//include($keyPath .DS. $usedKey.'.php');
} else {
$usedKey = end($existingKeys);
$key = $usedKey['key'];
}
vmTime('my time', 'check');
return $key;
} else {
$usedKey = date("ymd");
$filename = $keyPath . DS . $usedKey . '.ini';
if (!JFile::exists($filename)) {
if (JVM_VERSION < 3) {
$token = JUtility::getHash(JUserHelper::genRandomPassword());
} else {
$token = JApplication::getHash(JUserHelper::genRandomPassword());
}
$salt = JUserHelper::getSalt('crypt-md5');
$hashedToken = md5($token . $salt);
$key = base64_encode($hashedToken);
//$options = array('costs'=>VmConfig::get('cryptCost',8));
/*if(!function_exists('password_hash')){
require(JPATH_VM_ADMINISTRATOR . DS . 'helpers' . DS . 'password_compat.php');
}
if(function_exists('password_hash')){
$key = password_hash($key, PASSWORD_BCRYPT, $options);
}*/
$date = JFactory::getDate();
$today = $date->toUnix();
//$key = pack('H*',$key);
$content = ';<?php die(); */
[keys]
key = "' . $key . '"
unixtime = "' . $today . '"
date = "' . date("Y-m-d H:i:s") . '"
; */ ?>';
$result = JFile::write($filename, $content);
vmTime('my time', 'check');
return $key;
}
}
vmTime('my time', 'check');
//return pack('H*',$key);
}
/**
* Helper wrapper method for getSalt
*
* @param string $encryption The kind of password encryption to use.
* Defaults to md5-hex.
* @param string $seed The seed to get the salt from (probably a
* previously generated password). Defaults to
* generating a new seed.
* @param string $plaintext The plaintext password that we're generating
* a salt for. Defaults to none.
*
* @return string The generated or extracted salt.
*
* @see JUserHelper::getSalt()
* @since 3.4
* @deprecated 4.0
*/
public function getSalt($encryption = 'md5-hex', $seed = '', $plaintext = '')
{
return JUserHelper::getSalt($encryption, $seed, $plaintext);
}
/**
* Send out local password set confirmation token
*
* @return void - redirect to confirm token view
*/
private function sendtoken()
{
// Import helpers/classes
jimport('joomla.mail.helper');
jimport('joomla.user.helper');
// Make sure they're logged in
if ($this->user->get('guest')) {
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode(Route::url('index.php?option=' . $this->option . '&task=myaccount&active=account&action=sendtoken'))), Lang::txt('You must be a logged in to access this area.'), 'warning');
return;
}
// Make sure this is an auth link account (i.e. no password set)
$hzup = \Hubzero\User\Password::getInstance($this->member->get('uidNumber'));
if (!empty($hzup->passhash)) {
App::abort(404, Lang::txt('PLG_MEMBERS_ACCOUNT_NOT_LINKED_ACCOUNT'));
return;
}
// Generate a new random token and hash it
$token = App::hash(JUserHelper::genRandomPassword());
$salt = JUserHelper::getSalt('crypt-md5');
$hashedToken = md5($token . $salt) . ':' . $salt;
// Store the hashed token
$this->setToken($hashedToken);
// Send the email with the token
$this->sendEmail($token);
// Redirect user to confirm token view page
App::redirect(Route::url($this->member->getLink() . '&active=account&task=confirmtoken'), Lang::txt('Please check the email associated with this account (' . $this->member->get('email') . ') for your confirmation token!'), 'warning');
return;
}
/**
* Remind password
*
* @since 1.0
* @access public
* @param string The email address of the user.
* @return
*/
public function remindPassword($email)
{
// Load backend language file.
FD::language()->loadAdmin();
$id = $this->getUserId('email', $email);
if (!$id) {
$this->setError(JText::_('COM_EASYSOCIAL_USERS_NO_SUCH_USER_WITH_EMAIL'));
return false;
}
$user = FD::user($id);
// Ensure that the user is not blocked
if ($user->block) {
$this->setError(JText::_('COM_EASYSOCIAL_USERS_USER_BLOCKED'));
return false;
}
// Super administrator is not allowed to reset passwords.
if ($user->authorise('core.admin')) {
$this->setError(JText::_('COM_EASYSOCIAL_PROFILE_REMIND_PASSWORD_SUPER_ADMIN'));
return false;
}
// Make sure the user has not exceeded the reset limit
if (!$this->checkResetLimit($user)) {
$resetLimit = (int) JFactory::getApplication()->getParams()->get('reset_time');
$this->setError(JText::_('COM_EASYSOCIAL_PROFILE_REMIND_PASSWORD_EXCEEDED', $resetLimit));
return false;
}
// Set the confirmation token.
$token = JApplication::getHash(JUserHelper::genRandomPassword());
$salt = JUserHelper::getSalt('crypt-md5');
$hashedToken = md5($token . $salt) . ':' . $salt;
// Set the new activation
$user->activation = $hashedToken;
// Save the user to the database.
if (!$user->save(true)) {
$this->setError(JText::_('COM_EASYSOCIAL_PROFILE_REMIND_PASSWORD_SAVE_ERROR'));
return false;
}
// Get the application data.
$jConfig = FD::jConfig();
// Push arguments to template variables so users can use these arguments
$params = array('site' => $jConfig->getValue('sitename'), 'username' => $user->username, 'name' => $user->getName(), 'id' => $user->id, 'avatar' => $user->getAvatar(SOCIAL_AVATAR_LARGE), 'profileLink' => $user->getPermalink(true, true), 'email' => $email, 'token' => $token);
// Get the email title.
$title = JText::_('COM_EASYSOCIAL_EMAILS_REMIND_PASSWORD_TITLE');
// Immediately send out emails
$mailer = FD::mailer();
// Get the email template.
$mailTemplate = $mailer->getTemplate();
// Set recipient
$mailTemplate->setRecipient($user->name, $user->email);
// Set title
$mailTemplate->setTitle($title);
// Set the contents
$mailTemplate->setTemplate('site/user/remind.password', $params);
// Set the priority. We need it to be sent out immediately since this is user registrations.
$mailTemplate->setPriority(SOCIAL_MAILER_PRIORITY_IMMEDIATE);
// Try to send out email now.
$state = $mailer->create($mailTemplate);
return $state;
}
function ajaxforgot()
{
error_reporting(0);
require_once(JPATH_SITE . '/components/com_users/helpers/route.php');
$lang = JFactory::getLanguage();
$extension = 'com_users';
$base_dir = JPATH_SITE;
$language_tag = $lang->getTag();
$reload = true;
$lang->load($extension, $base_dir, $language_tag, $reload);
$config = JFactory::getConfig();
$db = JFactory::getDbo();
$params = JComponentHelper::getParams('com_users');
$requestData ['email']= JRequest::getVar('email');
// Find the user id for the given email address.
$query = $db->getQuery(true);
$query->select('id');
$query->from($db->quoteName('#__users'));
$query->where($db->quoteName('email').' = '.$db->Quote($requestData ['email']));
// Get the user object.
$db->setQuery((string) $query);
try
{
$userId = $db->loadResult();
}
catch (RuntimeException $e)
{
//$this->setError(JText::sprintf('COM_USERS_DATABASE_ERROR', $e->getMessage()), 500);
awdwallController::ajaxResponse('$error$'.JText::sprintf('COM_USERS_DATABASE_ERROR', $e->getMessage()));
}
// Check for a user.
if (empty($userId)) {
awdwallController::ajaxResponse('$error$'.JText::_('COM_USERS_INVALID_EMAIL'));
}
// Get the user object.
$user = JUser::getInstance($userId);
// Make sure the user isn't blocked.
if ($user->block) {
awdwallController::ajaxResponse('$error$'.JText::_('COM_USERS_USER_BLOCKED'));
}
// Make sure the user isn't a Super Admin.
if ($user->authorise('core.admin')) {
awdwallController::ajaxResponse('$error$'.JText::_('COM_USERS_REMIND_SUPERADMIN_ERROR'));
}
// Make sure the user has not exceeded the reset limit
$params = JFactory::getApplication()->getParams();
$maxCount = (int) $params->get('reset_count');
$resetHours = (int) $params->get('reset_time');
$result = true;
$lastResetTime = strtotime($user->lastResetTime) ? strtotime($user->lastResetTime) : 0;
$hoursSinceLastReset = (strtotime(JFactory::getDate()->toSql()) - $lastResetTime) / 3600;
// If it's been long enough, start a new reset count
if ($hoursSinceLastReset > $resetHours)
{
$user->lastResetTime = JFactory::getDate()->toSql();
$user->resetCount = 1;
}
// If we are under the max count, just increment the counter
elseif ($user->resetCount < $maxCount)
{
$user->resetCount;
}
// At this point, we know we have exceeded the maximum resets for the time period
else
{
$result = false;
}
if (!$result) {
$resetLimit = (int) JFactory::getApplication()->getParams()->get('reset_time');
//$this->setError(JText::plural('COM_USERS_REMIND_LIMIT_ERROR_N_HOURS', $resetLimit));
awdwallController::ajaxResponse('$error$'.JText::plural('COM_USERS_REMIND_LIMIT_ERROR_N_HOURS', $resetLimit));
//return false;
}
// Set the confirmation token.
$token = JApplication::getHash(JUserHelper::genRandomPassword());
$salt = JUserHelper::getSalt('crypt-md5');
$hashedToken = md5($token.$salt).':'.$salt;
$user->activation = $hashedToken;
// Save the user to the database.
if (!$user->save(true)) {
awdwallController::ajaxResponse('$error$'.JText::sprintf('COM_USERS_USER_SAVE_FAILED', $user->getError()));
//return new JException(JText::sprintf('COM_USERS_USER_SAVE_FAILED', $user->getError()), 500);
}
// Assemble the password reset confirmation link.
$mode = $config->get('force_ssl', 0) == 2 ? 1 : -1;
$itemid = UsersHelperRoute::getLoginRoute();
$itemid = $itemid !== null ? '&Itemid='.$itemid : '';
$link = 'index.php?option=com_users&view=reset&layout=confirm'.$itemid;
// Put together the email template data.
$data = $user->getProperties();
$data['fromname'] = $config->get('fromname');
$data['mailfrom'] = $config->get('mailfrom');
$data['sitename'] = $config->get('sitename');
$data['link_text'] = JRoute::_($link, false, $mode);
$data['link_html'] = JRoute::_($link, true, $mode);
$data['token'] = $token;
$subject = JText::sprintf(
'COM_USERS_EMAIL_PASSWORD_RESET_SUBJECT',
$data['sitename']
);
$body = JText::sprintf(
'COM_USERS_EMAIL_PASSWORD_RESET_BODY',
$data['sitename'],
$data['token'],
$data['link_text']
);
// Send the password reset request email.
$return = JFactory::getMailer()->sendMail($data['mailfrom'], $data['fromname'], $user->email, $subject, $body);
// Check for an error.
if ($return !== true) {
awdwallController::ajaxResponse('$error$'.JText::_('COM_USERS_MAIL_FAILED'));
}
awdwallController::ajaxResponse(JText::_('COM_COMAWDWALL_FORGOTPASS_SUCCESS_TEXT'));
exit;
}
function getCryptedPassword($plaintext, $salt = '', $encryption = 'md5-hex', $show_encrypt = false)
{
$salt = JUserHelper::getSalt($encryption, $salt, $plaintext);
$encrypted = $salt ? md5($plaintext . $salt) : md5($plaintext);
return $show_encrypt ? '{MD5}' . $encrypted : $encrypted;
}
