/**
* Testing testDecrypt().
*
* @param string $expected The expected result of decryption
* @param string $key The key to use
* @param string $text The decrypted text
*
* @return void
* @dataProvider casesEncryption
* @covers JSimpleCrypt::decrypt
*/
public function testDecrypt($expected, $key, $text)
{
$cfg = $this->getMock('JObject', array('get'));
$cfg->expects($this->any())->method('get')->will($this->returnValue(''));
JFactory::$config = $cfg;
$this->object = new JSimpleCrypt($key);
$this->assertThat($this->object->decrypt($text), $this->equalTo($expected));
}
function onAfterInitialise()
{
$app = JFactory::getApplication();
// No remember me for admin
if ($app->isAdmin()) {
return;
}
$user = JFactory::getUser();
if ($user->get('guest')) {
jimport('joomla.utilities.utility');
$hash = JUtility::getHash('JLOGIN_REMEMBER');
if ($str = JRequest::getString($hash, '', 'cookie', JREQUEST_ALLOWRAW | JREQUEST_NOTRIM)) {
jimport('joomla.utilities.simplecrypt');
//Create the encryption key, apply extra hardening using the user agent string
$key = JUtility::getHash(@$_SERVER['HTTP_USER_AGENT']);
$crypt = new JSimpleCrypt($key);
$str = $crypt->decrypt($str);
$options = array();
$options['silent'] = true;
if (!$app->login(@unserialize($str), $options)) {
$config = JFactory::getConfig();
$cookie_domain = $config->get('cookie_domain', '');
$cookie_path = $config->get('cookie_path', '/');
// Clear the remember me cookie
setcookie(JUtility::getHash('JLOGIN_REMEMBER'), false, time() - 86400, $cookie_path, $cookie_domain);
}
}
}
}
public function load($keys = null, $reset = true)
{
$result = parent::load($keys, $reset);
if (isset($this->password) && !empty($this->password)) {
$cryptor = new JSimpleCrypt();
$this->password = $cryptor->decrypt($this->password);
}
return $result;
}
function onAfterInitialise()
{
$app = JFactory::getApplication();
// No remember me for admin
if ($app->isAdmin()) {
return;
}
$user = JFactory::getUser();
if ($user->get('guest')) {
jimport('joomla.utilities.utility');
$hash = JUtility::getHash('JLOGIN_REMEMBER');
if ($str = JRequest::getString($hash, '', 'cookie', JREQUEST_ALLOWRAW | JREQUEST_NOTRIM)) {
jimport('joomla.utilities.simplecrypt');
// Create the encryption key, apply extra hardening using the user agent string.
// Since we're decoding, no UA validity check is required.
$key = JUtility::getHash(@$_SERVER['HTTP_USER_AGENT']);
$crypt = new JSimpleCrypt($key);
$str = $crypt->decrypt($str);
$cookieData = @unserialize($str);
// Deserialized cookie could be any object structure, so make sure the
// credentials are well structured and only have user and password.
$credentials = array();
$filter = JFilterInput::getInstance();
$goodCookie = true;
if (is_array($credentials)) {
if (isset($cookieData['username']) && is_string($cookieData['username'])) {
$credentials['username'] = $filter->clean($cookieData['username'], 'username');
} else {
$goodCookie = false;
}
if (isset($cookieData['password']) && is_string($cookieData['password'])) {
$credentials['password'] = $filter->clean($cookieData['password'], 'string');
} else {
$goodCookie = false;
}
} else {
$goodCookie = false;
}
if (!$goodCookie || !$app->login($credentials, array('silent' => true))) {
$config = JFactory::getConfig();
$cookie_domain = $config->get('cookie_domain', '');
$cookie_path = $config->get('cookie_path', '/');
// Clear the remember me cookie
setcookie(JUtility::getHash('JLOGIN_REMEMBER'), false, time() - 86400, $cookie_path, $cookie_domain);
}
}
}
}
/**
* Retrieve the Twitter connection details for the current user
* @return array
*/
function _lookupUserLogin()
{
global $mainframe;
$user =& Jfactory::getUser();
if ($user->id) {
// make sure there is a logged in user
$btuser =& JTable::getInstance('btuser');
$data = $this->getUser($user->id);
$key = str_rot13(strrev($user->username));
$crypt = new JSimpleCrypt($key);
$password = $crypt->decrypt($data->password);
return array('username' => $data->username, 'password' => $password);
} else {
return array('username' => '', 'password' => '');
}
}
function onAfterInitialise()
{
global $mainframe;
// No remember me for admin
if ($mainframe->isAdmin()) {
return;
}
$user =& JFactory::getUser();
if (!$user->get('gid')) {
jimport('joomla.utilities.utility');
$hash = JUtility::getHash('JLOGIN_REMEMBER');
if ($str = JRequest::getString($hash, '', 'cookie', JREQUEST_ALLOWRAW | JREQUEST_NOTRIM)) {
jimport('joomla.utilities.simplecrypt');
//Create the encryption key, apply extra hardening using the user agent string
$key = JUtility::getHash(@$_SERVER['HTTP_USER_AGENT']);
$crypt = new JSimpleCrypt($key);
$str = $crypt->decrypt($str);
$mainframe->login(unserialize($str));
}
}
}
function onAfterInitialise()
{
global $mainframe;
// No remember me for admin
if ($mainframe->isAdmin()) {
return;
}
$user =& JFactory::getUser();
if (!$user->get('gid')) {
jimport('joomla.utilities.utility');
$hash = JUtility::getHash('JLOGIN_REMEMBER');
if ($str = JRequest::getString($hash, '', 'cookie', JREQUEST_ALLOWRAW | JREQUEST_NOTRIM)) {
jimport('joomla.utilities.simplecrypt');
// Create the encryption key, apply extra hardening using the user agent string
// Since we're decoding, no UA validity check is required.
$key = JUtility::getHash(@$_SERVER['HTTP_USER_AGENT']);
$crypt = new JSimpleCrypt($key);
$str = $crypt->decrypt($str);
$cookieData = @unserialize($str);
// Deserialized cookie could be any object structure, so make sure the
// credentials are well structured and only have user and password.
$credentials = array();
if (!is_array($credentials)) {
return;
}
if (!isset($cookieData['username']) || !is_string($cookieData['username'])) {
return;
}
$credentials['username'] = JFilterInput::clean($cookieData['username'], 'username');
if (!isset($cookieData['password']) || !is_string($cookieData['password'])) {
return;
}
$credentials['password'] = JFilterInput::clean($cookieData['password'], 'string');
if (!$mainframe->login($credentials, array('silent' => true))) {
// Clear the remember me cookie
setcookie(JUtility::getHash('JLOGIN_REMEMBER'), false, time() - 86400, '/');
}
}
}
}
/**
* Remebers handling.
*/
public function onAfterInitialise()
{
global $mainframe;
$viewer = get_viewer();
if (!$viewer->guest() && !$viewer->enabled) {
KService::get('com://site/people.helper.person')->logout();
}
// No remember me for admin
if ($mainframe->isAdmin()) {
return;
}
jimport('joomla.utilities.utility');
jimport('joomla.utilities.simplecrypt');
$user = array();
$remember = JUtility::getHash('JLOGIN_REMEMBER');
// for json requests obtain the username and password from the $_SERVER array
// else if the remember me cookie exists, decrypt and obtain the username and password from it
if ($viewer->guest() && KRequest::has('server.PHP_AUTH_USER') && KRequest::has('server.PHP_AUTH_PW') && KRequest::format() == 'json') {
$user['username'] = KRequest::get('server.PHP_AUTH_USER', 'raw');
$user['password'] = KRequest::get('server.PHP_AUTH_PW', 'raw');
} elseif ($viewer->guest() && isset($_COOKIE[$remember]) && $_COOKIE[$remember] != '') {
$key = JUtility::getHash(KRequest::get('server.HTTP_USER_AGENT', 'raw'));
if ($key) {
$crypt = new JSimpleCrypt($key);
$cookie = $crypt->decrypt($_COOKIE[$remember]);
$user = (array) @unserialize($cookie);
}
} else {
return;
}
if ($viewer->guest() && count($user)) {
try {
jimport('joomla.user.authentication');
$authentication =& JAuthentication::getInstance();
$authResponse = $authentication->authenticate($user, array());
if ($authResponse->status == JAUTHENTICATE_STATUS_SUCCESS) {
KService::get('com://site/people.helper.person')->login($user, true);
}
} catch (RuntimeException $e) {
//only throws exception if we are using JSON format
//otherwise let the current app handle it
if (KRequest::format() == 'json') {
throw $e;
}
}
}
return;
}
/**
* $$$ hugh - add in any encrypted stuff, in case we fail validation ...
* otherwise it won't be in $data when we rebuild the page.
* Need to do it here, so _raw fields get added in the next chunk 'o' code.
* @param array posted form data passed by reference
* @return null
*/
function addEncrytedVarsToArray(&$post)
{
if (array_key_exists('fabrik_vars', $_REQUEST) && array_key_exists('querystring', $_REQUEST['fabrik_vars'])) {
$groups = $this->getGroupsHiarachy();
$gkeys = array_keys($groups);
jimport('joomla.utilities.simplecrypt');
$crypt = new JSimpleCrypt();
$w = new FabrikWorker();
foreach ($gkeys as $g) {
$groupModel = $groups[$g];
$elementModels = $groupModel->getPublishedElements();
foreach ($elementModels as $elementModel) {
$element = $elementModel->getElement();
foreach ($_REQUEST['fabrik_vars']['querystring'] as $key => $encrypted) {
if ($elementModel->getFullName(false, true, false) == $key) {
// $$$ rob - dont test for !canUse() as confirmation plugin dynamically sets this
if ($elementModel->canView()) {
//if (!$elementModel->canUse() && $elementModel->canView()) {
if (is_array($encrypted)) {
//repeat groups no join
$v = array();
foreach ($encrypted as $e) {
//$$$ rob urldecode when posting from ajax form
$e = urldecode($e);
$e = empty($e) ? '' : $crypt->decrypt($e);
$v[] = $w->parseMessageForPlaceHolder($e, $post);
}
} else {
// $$$ rob urldecode when posting from ajax form
$encrypted = urldecode($encrypted);
$v = empty($encrypted) ? '' : $crypt->decrypt($encrypted);
$v = $w->parseMessageForPlaceHolder($v, $post);
}
$elementModel->_group = $groupModel;
$elementModel->setValuesFromEncryt($post, $key, $v);
// $$ rob set both normal and rawvalues to encrypted - otherwise validate mehtod doenst
//pick up decrypted value
$elementModel->setValuesFromEncryt($post, $key . '_raw', $v);
}
}
}
}
}
}
}
/**
* If an element is set to readonly, and has a default value selected then insert this
* data into the array that is to be bound to the table record
* @since 1.0.6
* @param array data
* @param object to bind to table row
* @param int is record join record
*/
function _addDefaultDataFromRO(&$data, &$oRecord, $isJoin, $rowid)
{
jimport('joomla.utilities.simplecrypt');
// $$$ rob since 1.0.6 : 10 June 08
// get the current record - not that which was posted
$formModel =& $this->getFormModel();
$table =& $this->getTable();
if (is_null($this->_origData)) {
if (empty($rowid)) {
$this->_origData = $origdata = array();
} else {
$sql = $formModel->_buildQuery();
$db =& $this->getDb();
$db->setQuery($sql);
$origdata = $db->loadObject();
$origdata = JArrayHelper::fromObject($origdata);
$origdata = is_array($origdata) ? $origdata : array();
$this->_origData =& $origdata;
}
} else {
$origdata =& $this->_origData;
}
$form =& $formModel->getForm();
$groups =& $formModel->getGroupsHiarachy();
$gcounter = 0;
$repeatGroupCounts = JRequest::getVar('fabrik_repeat_group', array());
foreach ($groups as $groupModel) {
if ($isJoin && $groupModel->isJoin() || !$isJoin && !$groupModel->isJoin()) {
$elementModels =& $groupModel->getPublishedElements();
foreach ($elementModels as $elementModel) {
// $$$ rob 25/02/2011 unviewable elements are now also being encrypted
//if (!$elementModel->canUse() && $elementModel->canView()) {
if (!$elementModel->canUse()) {
$element =& $elementModel->getElement();
$fullkey = $elementModel->getFullName(false, true, false);
$key = $element->name;
// $$$ hugh - allow submission plugins to override RO data
// TODO - test this for joined data
if ($formModel->updatedByPlugin($fullkey)) {
continue;
}
//force a reload of the default value with $origdata
unset($elementModel->defaults);
$default = array();
foreach ($repeatGroupCounts as $groupId => $repeatCount) {
$def = $elementModel->getValue($origdata, $repeatCount);
// $$$ rob 26/04/2011 encodeing done at the end
//if its a dropdown radio etc
/*if (is_array($def)) {
$def = json_encode($def);
}*/
$default[] = $def;
}
$default = count($default) == 1 ? $default[0] : json_encode($default);
$data[$key] = $default;
$oRecord->{$key} = $default;
}
}
}
$gcounter++;
}
$copy = JRequest::getBool('Copy');
//check crypted querystring vars (encrypted in form/view.html.php ) _cryptQueryString
if (array_key_exists('fabrik_vars', $_REQUEST) && array_key_exists('querystring', $_REQUEST['fabrik_vars'])) {
$crypt = new JSimpleCrypt();
foreach ($_REQUEST['fabrik_vars']['querystring'] as $key => $encrypted) {
// $$$ hugh - allow submission plugins to override RO data
// TODO - test this for joined data
if ($formModel->updatedByPlugin($key)) {
continue;
}
$key = FabrikString::shortColName($key);
// $$$ hugh - trying to fix issue where encrypted elements from a main group end up being added to
// a joined group's field list for the update/insert on the joined row(s).
if (!array_key_exists($key, $data)) {
continue;
}
foreach ($groups as $groupModel) {
$elementModels =& $groupModel->getPublishedElements();
foreach ($elementModels as $elementModel) {
$element =& $elementModel->getElement();
if ($element->name == $key) {
//dont overwrite if something has been entered
// $$$ rob 25/02/2011 unviewable elements are now also being encrypted
//if (!$elementModel->canUse() && $elementModel->canView()) {
if (!$elementModel->canUse()) {
//repeat groups no join:
if (is_array($encrypted)) {
$v = array();
foreach ($encrypted as $e) {
$v[] = empty($e) ? '' : $crypt->decrypt($e);
}
$v = json_encode($v);
} else {
$v = !empty($encrypted) ? $crypt->decrypt($encrypted) : '';
}
if ($copy) {
$v = $elementModel->onSaveAsCopy($v);
}
$data[$key] = $v;
$oRecord->{$key} = $v;
}
// $$$ hugh FIXME - is there some reason we don't break out back to the
// main querystring foreach at this point, rather than looping through
// all remaining elements and groups?
}
}
}
}
}
}
/**
* If an element is set to readonly, and has a default value selected then insert this
* data into the array that is to be bound to the table record
*
* @param array &$data list data
* @param object &$oRecord to bind to table row
* @param int $isJoin is record join record
* @param int $rowid row id
* @param object $joinGroupTable join group table
*
* @since 1.0.6
*
* @return void
*/
function _addDefaultDataFromRO(&$data, &$oRecord, $isJoin, $rowid, $joinGroupTable)
{
jimport('joomla.utilities.simplecrypt');
// $$$ rob since 1.0.6 : 10 June 08
// Get the current record - not that which was posted
$formModel = $this->getFormModel();
$table = $this->getTable();
if (is_null($this->_origData)) {
/* $$$ hugh FIXME - doesn't work for rowid=-1 / usekey submissions,
* ends up querying "WHERE foo.userid = '<rowid>'" instead of <userid>
* OK for now, as we should catch RO data from the encrypted vars check
* later in this method.
*/
if (empty($rowid)) {
$this->_origData = $origdata = array();
} else {
$sql = $formModel->_buildQuery();
$db = $this->getDb();
$db->setQuery($sql);
$origdata = $db->loadObject();
$origdata = JArrayHelper::fromObject($origdata);
$origdata = is_array($origdata) ? $origdata : array();
$this->_origData = $origdata;
}
} else {
$origdata = $this->_origData;
}
$form = $formModel->getForm();
$groups = $formModel->getGroupsHiarachy();
/* $$$ hugh - seems like there's no point in doing this chunk if there is no
$origdata to work with? Not sure if there's ever a valid reason for doing so,
but it certainly breaks things like onCopyRow(), where (for instance) user
elements will get reset to 0 by this code.
*/
if (!empty($origdata)) {
$gcounter = 0;
$repeatGroupCounts = JRequest::getVar('fabrik_repeat_group', array());
foreach ($groups as $groupModel) {
if ($isJoin && $groupModel->isJoin() || !$isJoin && !$groupModel->isJoin()) {
$elementModels = $groupModel->getPublishedElements();
foreach ($elementModels as $elementModel) {
// $$$ rob 25/02/2011 unviewable elements are now also being encrypted
// if (!$elementModel->canUse() && $elementModel->canView()) {
if (!$elementModel->canUse()) {
$element = $elementModel->getElement();
$fullkey = $elementModel->getFullName(false, true, false);
// $$$ rob 24/01/2012 if a previous joined data set had a ro element then if we werent checkign that group is the
// same as the join group then the insert failed as data from other joins added into the current join
if ($isJoin && $groupModel->getId() != $joinGroupTable->id) {
continue;
}
$key = $element->name;
// $$$ hugh - allow submission plugins to override RO data
// TODO - test this for joined data
if ($formModel->updatedByPlugin($fullkey)) {
continue;
}
// Force a reload of the default value with $origdata
unset($elementModel->defaults);
$default = array();
$repeatGroupCount = JArrayHelper::getValue($repeatGroupCounts, $groupModel->getGroup()->id);
for ($repeatCount = 0; $repeatCount < $repeatGroupCount; $repeatCount++) {
$def = $elementModel->getValue($origdata, $repeatCount);
if (is_array($def)) {
// Radio buttons getValue() returns an array already so don't array the array.
$default = $def;
} else {
$default[] = $def;
}
}
$default = count($default) == 1 ? $default[0] : json_encode($default);
$data[$key] = $default;
$oRecord->{$key} = $default;
}
}
}
$gcounter++;
}
}
$copy = JRequest::getBool('Copy');
// Check crypted querystring vars (encrypted in form/view.html.php ) _cryptQueryString
if (array_key_exists('fabrik_vars', $_REQUEST) && array_key_exists('querystring', $_REQUEST['fabrik_vars'])) {
$crypt = new JSimpleCrypt();
foreach ($_REQUEST['fabrik_vars']['querystring'] as $key => $encrypted) {
// $$$ hugh - allow submission plugins to override RO data
// TODO - test this for joined data
if ($formModel->updatedByPlugin($key)) {
continue;
}
$key = FabrikString::shortColName($key);
/* $$$ hugh - trying to fix issue where encrypted elements from a main group end up being added to
* a joined group's field list for the update/insert on the joined row(s).
*/
/*
* $$$ rob - commenting it out as this was stopping data that was not viewable or editable from being included
* in $data. New test added inside foreach loop below
**/
/* if (!array_key_exists($key, $data))
{
continue;
} */
foreach ($groups as $groupModel) {
// New test to replace if (!array_key_exists($key, $data))
// $$$ hugh - this stops elements from joined groups being added to main row, but see 'else'
if ($isJoin) {
if ($groupModel->getGroup()->id != $joinGroupTable->id) {
continue;
}
} else {
// $$$ hugh - need test here if not $isJoin, to stop keys from joined groups being added to main row!
if ($groupModel->isJoin()) {
continue;
}
}
$elementModels = $groupModel->getPublishedElements();
foreach ($elementModels as $elementModel) {
$element = $elementModel->getElement();
// $$$ hugh - I have a feeling this test is a Bad Thing <tm> as it is using short keys, so if two joined groups share the same element name(s) ...
if ($element->name == $key) {
// Don't overwrite if something has been entered
// $$$ rob 25/02/2011 unviewable elements are now also being encrypted
// if (!$elementModel->canUse() && $elementModel->canView()) {
if (!$elementModel->canUse()) {
// Repeat groups no join:
if (is_array($encrypted)) {
$v = array();
foreach ($encrypted as $e) {
$e = urldecode($e);
$v[] = empty($e) ? '' : $crypt->decrypt($e);
}
$v = json_encode($v);
} else {
$encrypted = urldecode($encrypted);
$v = !empty($encrypted) ? $crypt->decrypt($encrypted) : '';
}
/* $$$ hugh - also gets called in storeRow(), not sure if we really need to
* call it here? And if we do, then we should probably be calling onStoreRow
* as well, if $data['fabrik_copy_from_table'] is set? Can't remember why,
* but we differentiate between the two, with onCopyRow being when a row is copied
* using the list plugin, and onSaveAsCopy when the form plugin is used.
*/
if ($copy) {
$v = $elementModel->onSaveAsCopy($v);
}
$data[$key] = $v;
$oRecord->{$key} = $v;
}
break 2;
}
}
}
}
}
}
/**
* Add in any encrypted stuff, in case we fail validation ...
* otherwise it won't be in $data when we rebuild the page.
* Need to do it here, so _raw fields get added in the next chunk 'o' code.
*
* @param array &$post posted form data passed by reference
*
* @return null
*/
public function addEncrytedVarsToArray(&$post)
{
if (array_key_exists('fabrik_vars', $_REQUEST) && array_key_exists('querystring', $_REQUEST['fabrik_vars'])) {
$groups = $this->getGroupsHiarachy();
$gkeys = array_keys($groups);
jimport('joomla.utilities.simplecrypt');
$crypt = new JSimpleCrypt();
$w = new FabrikWorker();
foreach ($gkeys as $g) {
$groupModel = $groups[$g];
$elementModels = $groupModel->getPublishedElements();
foreach ($elementModels as $elementModel) {
$element = $elementModel->getElement();
foreach ($_REQUEST['fabrik_vars']['querystring'] as $key => $encrypted) {
if ($elementModel->getFullName(false, true, false) == $key) {
/* $$$ rob - dont test for !canUse() as confirmation plugin dynamically sets this
* if ($elementModel->canView())
* $$$ hugh - testing adding non-viewable, non-editable elements to encrypted vars
*/
if (true) {
// Was testing for: if (!$elementModel->canUse() && $elementModel->canView()) {
if (is_array($encrypted)) {
// Repeat groups no join
$v = array();
foreach ($encrypted as $e) {
// $$$ rob urldecode when posting from ajax form
$e = urldecode($e);
$e = empty($e) ? '' : $crypt->decrypt($e);
$e = FabrikWorker::JSONtoData($e);
$v[] = $w->parseMessageForPlaceHolder($e, $post);
}
} else {
// $$$ rob urldecode when posting from ajax form
$encrypted = urldecode($encrypted);
$v = empty($encrypted) ? '' : $crypt->decrypt($encrypted);
/* $$$ hugh - things like elementlist elements (radios, etc) seem to use
* their JSON data for encrypted read only vals, need to decode.
*/
$v = FabrikWorker::JSONtoData($v);
$v = $w->parseMessageForPlaceHolder($v, $post);
}
$elementModel->_group = $groupModel;
$elementModel->setValuesFromEncryt($post, $key, $v);
/* $$ rob set both normal and rawvalues to encrypted - otherwise validate method doenst
* pick up decrypted value
*/
$elementModel->setValuesFromEncryt($post, $key . '_raw', $v);
}
}
}
}
}
}
}
