/** * Sets the one time password (OTP) – a.k.a. two factor authentication – * configuration for a particular user. The $otpConfig object is the same as * the one returned by the getOtpConfig method. * * @param integer $user_id The numeric ID of the user * @param stdClass $otpConfig The OTP configuration object * * @return boolean True on success * * @since 3.2 */ public function setOtpConfig($user_id, $otpConfig) { $user_id = !empty($user_id) ? $user_id : (int) $this->getState('user.id'); $updates = (object) array('id' => $user_id, 'otpKey' => '', 'otep' => ''); // Create an encryptor class $key = $this->getOtpConfigEncryptionKey(); $aes = new FOFEncryptAes($key, 256); // Create the encrypted option strings if (!empty($otpConfig->method) && $otpConfig->method != 'none') { $decryptedConfig = json_encode($otpConfig->config); $decryptedOtep = json_encode($otpConfig->otep); $updates->otpKey = $otpConfig->method . ':' . $aes->encryptString($decryptedConfig); $updates->otep = $aes->encryptString($decryptedOtep); } $db = $this->getDbo(); $result = $db->updateObject('#__users', $updates, 'id'); return $result; }
/** * Method to save the form data. * * @param array $data The form data. * * @return boolean True on success. * * @since 1.6 */ public function save($data) { $input = JFactory::getApplication()->input; $filter = JFilterInput::getInstance(); // set the metadata to the Item Data if (isset($data['metadata']) && isset($data['metadata']['author'])) { $data['metadata']['author'] = $filter->clean($data['metadata']['author'], 'TRIM'); $metadata = new JRegistry(); $metadata->loadArray($data['metadata']); $data['metadata'] = (string) $metadata; } // Set the php_helper_site string to base64 string. if (isset($data['php_helper_site'])) { $data['php_helper_site'] = base64_encode($data['php_helper_site']); } // Set the php_helper_admin string to base64 string. if (isset($data['php_helper_admin'])) { $data['php_helper_admin'] = base64_encode($data['php_helper_admin']); } // Set the sql string to base64 string. if (isset($data['sql'])) { $data['sql'] = base64_encode($data['sql']); } // Set the php_admin_event string to base64 string. if (isset($data['php_admin_event'])) { $data['php_admin_event'] = base64_encode($data['php_admin_event']); } // Set the php_site_event string to base64 string. if (isset($data['php_site_event'])) { $data['php_site_event'] = base64_encode($data['php_site_event']); } // Set the php_dashboard_methods string to base64 string. if (isset($data['php_dashboard_methods'])) { $data['php_dashboard_methods'] = base64_encode($data['php_dashboard_methods']); } // Set the css string to base64 string. if (isset($data['css'])) { $data['css'] = base64_encode($data['css']); } // Set the php_preflight_install string to base64 string. if (isset($data['php_preflight_install'])) { $data['php_preflight_install'] = base64_encode($data['php_preflight_install']); } // Set the php_preflight_update string to base64 string. if (isset($data['php_preflight_update'])) { $data['php_preflight_update'] = base64_encode($data['php_preflight_update']); } // Set the php_postflight_install string to base64 string. if (isset($data['php_postflight_install'])) { $data['php_postflight_install'] = base64_encode($data['php_postflight_install']); } // Set the php_postflight_update string to base64 string. if (isset($data['php_postflight_update'])) { $data['php_postflight_update'] = base64_encode($data['php_postflight_update']); } // Set the php_method_uninstall string to base64 string. if (isset($data['php_method_uninstall'])) { $data['php_method_uninstall'] = base64_encode($data['php_method_uninstall']); } // Set the readme string to base64 string. if (isset($data['readme'])) { $data['readme'] = base64_encode($data['readme']); } // Get the basic encription key. $basickey = ComponentbuilderHelper::getCryptKey('basic'); // Get the encription object $basic = new FOFEncryptAes($basickey, 128); // Encript data update_server_ftp. if (isset($data['update_server_ftp']) && $basickey) { $data['update_server_ftp'] = $basic->encryptString($data['update_server_ftp']); } // Encript data whmcs_key. if (isset($data['whmcs_key']) && $basickey) { $data['whmcs_key'] = $basic->encryptString($data['whmcs_key']); } // Encript data sales_server_ftp. if (isset($data['sales_server_ftp']) && $basickey) { $data['sales_server_ftp'] = $basic->encryptString($data['sales_server_ftp']); } // Set the Params Items to data if (isset($data['params']) && is_array($data['params'])) { $params = new JRegistry(); $params->loadArray($data['params']); $data['params'] = (string) $params; } // Alter the uniqe field for save as copy if ($input->get('task') == 'save2copy') { // Automatic handling of other uniqe fields $uniqeFields = $this->getUniqeFields(); if (ComponentbuilderHelper::checkArray($uniqeFields)) { foreach ($uniqeFields as $uniqeField) { $data[$uniqeField] = $this->generateUniqe($uniqeField, $data[$uniqeField]); } } } if (parent::save($data)) { return true; } return false; }
private function updateTFA($oldsecret, $newsecret) { $this->container->session->set('tfa_warning', false); // There is no TFA in Joomla < 3.2 $jversion = $this->container->session->get('jversion'); if (version_compare($jversion, '3.2', 'lt')) { return; } $db = $this->getDatabase(); $query = $db->getQuery(true)->select('COUNT(extension_id)')->from($db->qn('#__extensions'))->where($db->qn('type') . ' = ' . $db->q('plugin'))->where($db->qn('folder') . ' = ' . $db->q('twofactorauth'))->where($db->qn('enabled') . ' = ' . $db->q('1')); $count = $db->setQuery($query)->loadResult(); // No enabled plugin, there is no point in continuing if (!$count) { return; } $query = $db->getQuery(true)->select('*')->from($db->qn('#__users'))->where($db->qn('otpKey') . ' != ' . $db->q(''))->where($db->qn('otep') . ' != ' . $db->q('')); $users = $db->setQuery($query)->loadObjectList(); // There are no users with TFA configured, let's stop here if (!$users) { return; } // Otherwise I'll get a blank page if (!defined('FOF_INCLUDED')) { define('FOF_INCLUDED', 1); } include_once APATH_LIBRARIES . '/fof/encrypt/aes.php'; // Does this host support AES? if (!FOFEncryptAes::isSupported()) { // If not, set a flag, so we will display a big, fat warning in the finalize screen $this->container->session->set('tfa_warning', true); // Let's disable them $query = $db->getQuery(true)->update($db->qn('#__extensions'))->set($db->qn('enabled') . ' = ' . $db->q('0'))->where($db->qn('type') . ' = ' . $db->q('plugin'))->where($db->qn('folder') . ' = ' . $db->q('twofactorauth')); $db->setQuery($query)->execute(); return; } $oldaes = new FOFEncryptAes($oldsecret, 256); $newaes = new FOFEncryptAes($newsecret, 256); foreach ($users as $user) { $update = (object) array('id' => $user->id, 'otpKey' => '', 'otep' => ''); list($method, $otpKey) = explode(':', $user->otpKey); $update->otpKey = $oldaes->decryptString($otpKey); $update->otpKey = $method . ':' . $newaes->encryptString($update->otpKey); $update->otep = $oldaes->decryptString($user->otep); $update->otep = $newaes->encryptString($update->otep); $db->updateObject('#__users', $update, 'id'); } }
/** * Sets the OTP settings for the user. This technique is borrowed from totp plugin * * @access public * @since 1.3 */ public function setOtpConfig($otpConfig) { // Create the encryptor class $key = FD::jConfig()->getValue('secret'); $aes = new FOFEncryptAes($key, 256); // Create the encrypted option strings if (!empty($otpConfig->method) && $otpConfig->method != 'none') { $decryptedConfig = json_encode($otpConfig->config); $decryptedOtep = json_encode($otpConfig->otep); // Bind the values to this user $this->otpKey = $otpConfig->method . ':' . $aes->encryptString($decryptedConfig); $this->otep = $aes->encryptString($decryptedOtep); } return $result; }
/** * Method to save the form data. * * @param array $data The form data. * * @return boolean True on success. * * @since 1.6 */ public function save($data) { $input = JFactory::getApplication()->input; $filter = JFilterInput::getInstance(); // set the metadata to the Item Data if (isset($data['metadata']) && isset($data['metadata']['author'])) { $data['metadata']['author'] = $filter->clean($data['metadata']['author'], 'TRIM'); $metadata = new JRegistry(); $metadata->loadArray($data['metadata']); $data['metadata'] = (string) $metadata; } // Set the empty causesrisks item to data if (!isset($data['causesrisks'])) { $data['causesrisks'] = ''; } // Set the causesrisks string to JSON string. if (isset($data['causesrisks'])) { $data['causesrisks'] = (string) json_encode($data['causesrisks']); } // Get the advanced encription key. $advancedkey = CostbenefitprojectionHelper::getCryptKey('advanced'); // Get the encription object $advanced = new FOFEncryptAes($advancedkey, 256); // Encript data medical_turnovers_females. if (isset($data['medical_turnovers_females']) && $advancedkey) { $data['medical_turnovers_females'] = $advanced->encryptString($data['medical_turnovers_females']); } // Encript data females. if (isset($data['females']) && $advancedkey) { $data['females'] = $advanced->encryptString($data['females']); } // Encript data sick_leave_males. if (isset($data['sick_leave_males']) && $advancedkey) { $data['sick_leave_males'] = $advanced->encryptString($data['sick_leave_males']); } // Encript data medical_turnovers_males. if (isset($data['medical_turnovers_males']) && $advancedkey) { $data['medical_turnovers_males'] = $advanced->encryptString($data['medical_turnovers_males']); } // Encript data total_salary. if (isset($data['total_salary']) && $advancedkey) { $data['total_salary'] = $advanced->encryptString($data['total_salary']); } // Encript data sick_leave_females. if (isset($data['sick_leave_females']) && $advancedkey) { $data['sick_leave_females'] = $advanced->encryptString($data['sick_leave_females']); } // Encript data total_healthcare. if (isset($data['total_healthcare']) && $advancedkey) { $data['total_healthcare'] = $advanced->encryptString($data['total_healthcare']); } // Encript data males. if (isset($data['males']) && $advancedkey) { $data['males'] = $advanced->encryptString($data['males']); } // make sure new company does not get locked $user = JFactory::getUser(); if ($data['id'] == 0 && !$user->authorise('company.edit.per', 'com_costbenefitprojection')) { $data['per'] = 1; } // Set the Params Items to data if (isset($data['params']) && is_array($data['params'])) { $params = new JRegistry(); $params->loadArray($data['params']); $data['params'] = (string) $params; } // Alter the uniqe field for save as copy if ($input->get('task') == 'save2copy') { // Automatic handling of other uniqe fields $uniqeFields = $this->getUniqeFields(); if (CostbenefitprojectionHelper::checkArray($uniqeFields)) { foreach ($uniqeFields as $uniqeField) { $data[$uniqeField] = $this->generateUniqe($uniqeField, $data[$uniqeField]); } } } if (parent::save($data)) { return true; } return false; }