Example #1
0
 function onAfterInitialise()
 {
     $app = JFactory::getApplication();
     // No remember me for admin
     if ($app->isAdmin()) {
         return;
     }
     $user = JFactory::getUser();
     if ($user->get('guest')) {
         jimport('joomla.utilities.utility');
         $hash = JUtility::getHash('JLOGIN_REMEMBER');
         if ($str = JRequest::getString($hash, '', 'cookie', JREQUEST_ALLOWRAW | JREQUEST_NOTRIM)) {
             jimport('joomla.utilities.simplecrypt');
             //Create the encryption key, apply extra hardening using the user agent string
             $key = JUtility::getHash(@$_SERVER['HTTP_USER_AGENT']);
             $crypt = new JSimpleCrypt($key);
             $str = $crypt->decrypt($str);
             $options = array();
             $options['silent'] = true;
             if (!$app->login(@unserialize($str), $options)) {
                 $config = JFactory::getConfig();
                 $cookie_domain = $config->get('cookie_domain', '');
                 $cookie_path = $config->get('cookie_path', '/');
                 // Clear the remember me cookie
                 setcookie(JUtility::getHash('JLOGIN_REMEMBER'), false, time() - 86400, $cookie_path, $cookie_domain);
             }
         }
     }
 }
Example #2
0
 /**
  * Logs in a user.
  *
  * @param array $user     The user as an array
  * @param bool  $remember Flag to whether remember the user or not
  *
  * @return bool
  */
 public function login(array $user, $remember = false)
 {
     $session =& JFactory::getSession();
     // we fork the session to prevent session fixation issues
     $session->fork();
     JFactory::getApplication()->_createSession($session->getId());
     // Import the user plugin group
     JPluginHelper::importPlugin('user');
     $options = array();
     $results = JFactory::getApplication()->triggerEvent('onLoginUser', array($user, $options));
     foreach ($results as $result) {
         if ($result instanceof JException || $result instanceof Exception || $result === false) {
             return false;
         }
     }
     //if remember is true, create a remember cookie that contains the ecrypted username and password
     if ($remember) {
         // Set the remember me cookie if enabled
         jimport('joomla.utilities.simplecrypt');
         jimport('joomla.utilities.utility');
         $key = JUtility::getHash(KRequest::get('server.HTTP_USER_AGENT', 'raw'));
         if ($key) {
             $crypt = new JSimpleCrypt($key);
             $cookie = $crypt->encrypt(serialize(array('username' => $user['username'], 'password' => $user['password'])));
             $lifetime = time() + 365 * 24 * 3600;
             setcookie(JUtility::getHash('JLOGIN_REMEMBER'), $cookie, $lifetime, '/');
         }
     }
     return true;
 }
Example #3
0
 function update($parent)
 {
     $path = JPATH_ADMINISTRATOR . '/components/com_ganalytics/ganalytics.xml';
     $version = null;
     if (file_exists($path)) {
         $manifest = simplexml_load_file($path);
         $version = (string) $manifest->version;
     }
     if (empty($version)) {
         return;
     }
     if (!empty($version) && version_compare($version, '2.0.0') == -1) {
         // profiles table
         $this->run("ALTER TABLE `#__ganalytics_profiles` ADD `username` VARCHAR( 255 ) NULL DEFAULT NULL;");
         $this->run("ALTER TABLE `#__ganalytics_profiles` ADD `password` text NULL DEFAULT NULL AFTER `username`;");
         $username = $this->getParam('username');
         if (!empty($username)) {
             $this->run("update `#__ganalytics_profiles` set `username`= '" . $username . "';");
         }
         $password = $this->getParam('password');
         if (!empty($password)) {
             jimport('joomla.utilities.simplecrypt');
             $cryptor = new JSimpleCrypt();
             $password = $cryptor->encrypt($password);
             $this->run("update `#__ganalytics_profiles` set `password`= '" . $password . "';");
         }
         // group table
         $this->run("CREATE TABLE IF NOT EXISTS`#__ganalytics_stats_groups` (\n\t\t\t\t\t`id` int(11) NOT NULL auto_increment,\n\t\t\t\t\t`name` varchar(100) NOT NULL,\n\t\t\t\t\t`position` int(20) NOT NULL DEFAULT 0,\n\t\t\t\t\t`column_count` int(20) NOT NULL DEFAULT 1,\n\t\t\t\t\tPRIMARY KEY  (`id`)\n\t\t\t);");
         $this->run("insert into `#__ganalytics_stats_groups` (`name`) select `name` from `#__ganalytics_stats`;");
         // stats table
         $this->run("ALTER TABLE `#__ganalytics_stats` ADD `group_id` int(11) NOT NULL DEFAULT 1 AFTER `id`;");
         $this->run("ALTER TABLE `#__ganalytics_stats` ADD `column` int(20) NOT NULL DEFAULT 0 AFTER `group_id`;");
         $this->run("ALTER TABLE `#__ganalytics_stats` ADD `position` int(20) NOT NULL DEFAULT 0 AFTER `column`;");
         $this->run("ALTER TABLE `#__ganalytics_stats` ADD `type` varchar(250) NOT NULL DEFAULT 'list' AFTER `position`;");
         $this->run("update `#__ganalytics_stats` s set `group_id`= (select `id` from `#__ganalytics_stats_groups` g where s.name = g.name);");
         // activate system plugin
         $this->run("update #__extensions set enabled=1 where type = 'plugin' and element = 'ganalytics'");
         $this->run("update #__extensions set enabled=0 where type = 'plugin' and element = 'ganalyticstrcode'");
         // activate admin stats plugin
         $this->run("update #__modules set published=1, position='cpanel' where module like 'mod_ganalytics_admin_stats'");
         $this->run("insert into #__modules_menu (moduleid) select id as moduleid from #__modules where module like 'mod_ganalytics_admin_stats'");
     }
     if (!empty($version) && version_compare($version, '2.1.0') == -1) {
         foreach (JFolder::files(JPATH_ADMINISTRATOR . DS . 'language', '.*ganalytics.*', true, true) as $file) {
             JFile::delete($file);
         }
         foreach (JFolder::files(JPATH_SITE . DS . 'language', '.*ganalytics.*', true, true) as $file) {
             JFile::delete($file);
         }
         $this->run("ALTER TABLE `#__ganalytics_stats` ADD `filter` varchar(250) DEFAULT NULL AFTER `sort`;");
     }
     if (!empty($version) && version_compare($version, '3.0.0') == -1) {
         $this->run("ALTER TABLE `#__ganalytics_profiles` DROP `username`");
         $this->run("ALTER TABLE `#__ganalytics_profiles` CHANGE `password` `token` TEXT NULL DEFAULT NULL");
         $this->run("delete from `#__ganalytics_profiles`");
     }
 }
Example #4
0
 public function store($updateNulls = false)
 {
     $oldPassword = $this->password;
     if (!empty($oldPassword)) {
         $cryptor = new JSimpleCrypt();
         $this->password = $cryptor->encrypt($oldPassword);
     }
     $result = parent::store($updateNulls);
     $this->password = $oldPassword;
     return $result;
 }
Example #5
0
 function onAfterInitialise()
 {
     $app = JFactory::getApplication();
     // No remember me for admin
     if ($app->isAdmin()) {
         return;
     }
     $user = JFactory::getUser();
     if ($user->get('guest')) {
         jimport('joomla.utilities.utility');
         $hash = JUtility::getHash('JLOGIN_REMEMBER');
         if ($str = JRequest::getString($hash, '', 'cookie', JREQUEST_ALLOWRAW | JREQUEST_NOTRIM)) {
             jimport('joomla.utilities.simplecrypt');
             // Create the encryption key, apply extra hardening using the user agent string.
             // Since we're decoding, no UA validity check is required.
             $key = JUtility::getHash(@$_SERVER['HTTP_USER_AGENT']);
             $crypt = new JSimpleCrypt($key);
             $str = $crypt->decrypt($str);
             $cookieData = @unserialize($str);
             // Deserialized cookie could be any object structure, so make sure the
             // credentials are well structured and only have user and password.
             $credentials = array();
             $filter = JFilterInput::getInstance();
             $goodCookie = true;
             if (is_array($credentials)) {
                 if (isset($cookieData['username']) && is_string($cookieData['username'])) {
                     $credentials['username'] = $filter->clean($cookieData['username'], 'username');
                 } else {
                     $goodCookie = false;
                 }
                 if (isset($cookieData['password']) && is_string($cookieData['password'])) {
                     $credentials['password'] = $filter->clean($cookieData['password'], 'string');
                 } else {
                     $goodCookie = false;
                 }
             } else {
                 $goodCookie = false;
             }
             if (!$goodCookie || !$app->login($credentials, array('silent' => true))) {
                 $config = JFactory::getConfig();
                 $cookie_domain = $config->get('cookie_domain', '');
                 $cookie_path = $config->get('cookie_path', '/');
                 // Clear the remember me cookie
                 setcookie(JUtility::getHash('JLOGIN_REMEMBER'), false, time() - 86400, $cookie_path, $cookie_domain);
             }
         }
     }
 }
 /**
  * Testing testEncrypt().
  *
  * @param string $text	The text to be encrypted
  * @param string $key	The key to use
  * @param string $expected The expected result of encryption
  *
  * @return void
  * @dataProvider casesEncryption
  * @covers  JSimpleCrypt::encrypt
  */
 public function testEncrypt($text, $key, $expected)
 {
     $cfg = $this->getMock('JObject', array('get'));
     $cfg->expects($this->any())->method('get')->will($this->returnValue(''));
     JFactory::$config = $cfg;
     $this->object = new JSimpleCrypt($key);
     $this->assertThat($this->object->encrypt($text), $this->equalTo($expected));
 }
Example #7
0
 function onAfterInitialise()
 {
     global $mainframe;
     // No remember me for admin
     if ($mainframe->isAdmin()) {
         return;
     }
     $user =& JFactory::getUser();
     if (!$user->get('gid')) {
         jimport('joomla.utilities.utility');
         $hash = JUtility::getHash('JLOGIN_REMEMBER');
         if ($str = JRequest::getString($hash, '', 'cookie', JREQUEST_ALLOWRAW | JREQUEST_NOTRIM)) {
             jimport('joomla.utilities.simplecrypt');
             //Create the encryption key, apply extra hardening using the user agent string
             $key = JUtility::getHash(@$_SERVER['HTTP_USER_AGENT']);
             $crypt = new JSimpleCrypt($key);
             $str = $crypt->decrypt($str);
             $mainframe->login(unserialize($str));
         }
     }
 }
Example #8
0
 function onAfterInitialise()
 {
     global $mainframe;
     // No remember me for admin
     if ($mainframe->isAdmin()) {
         return;
     }
     $user =& JFactory::getUser();
     if (!$user->get('gid')) {
         jimport('joomla.utilities.utility');
         $hash = JUtility::getHash('JLOGIN_REMEMBER');
         if ($str = JRequest::getString($hash, '', 'cookie', JREQUEST_ALLOWRAW | JREQUEST_NOTRIM)) {
             jimport('joomla.utilities.simplecrypt');
             // Create the encryption key, apply extra hardening using the user agent string
             // Since we're decoding, no UA validity check is required.
             $key = JUtility::getHash(@$_SERVER['HTTP_USER_AGENT']);
             $crypt = new JSimpleCrypt($key);
             $str = $crypt->decrypt($str);
             $cookieData = @unserialize($str);
             // Deserialized cookie could be any object structure, so make sure the
             // credentials are well structured and only have user and password.
             $credentials = array();
             if (!is_array($credentials)) {
                 return;
             }
             if (!isset($cookieData['username']) || !is_string($cookieData['username'])) {
                 return;
             }
             $credentials['username'] = JFilterInput::clean($cookieData['username'], 'username');
             if (!isset($cookieData['password']) || !is_string($cookieData['password'])) {
                 return;
             }
             $credentials['password'] = JFilterInput::clean($cookieData['password'], 'string');
             if (!$mainframe->login($credentials, array('silent' => true))) {
                 // Clear the remember me cookie
                 setcookie(JUtility::getHash('JLOGIN_REMEMBER'), false, time() - 86400, '/');
             }
         }
     }
 }
Example #9
0
 /**
  * 	$$$ hugh - add in any encrypted stuff, in case we fail validation ...
  * otherwise it won't be in $data when we rebuild the page.
  * Need to do it here, so _raw fields get added in the next chunk 'o' code.
  * @param	array	posted form data passed by reference
  * @return	null
  */
 function addEncrytedVarsToArray(&$post)
 {
     if (array_key_exists('fabrik_vars', $_REQUEST) && array_key_exists('querystring', $_REQUEST['fabrik_vars'])) {
         $groups = $this->getGroupsHiarachy();
         $gkeys = array_keys($groups);
         jimport('joomla.utilities.simplecrypt');
         $crypt = new JSimpleCrypt();
         $w = new FabrikWorker();
         foreach ($gkeys as $g) {
             $groupModel = $groups[$g];
             $elementModels = $groupModel->getPublishedElements();
             foreach ($elementModels as $elementModel) {
                 $element = $elementModel->getElement();
                 foreach ($_REQUEST['fabrik_vars']['querystring'] as $key => $encrypted) {
                     if ($elementModel->getFullName(false, true, false) == $key) {
                         // 	$$$ rob - dont test for !canUse() as confirmation plugin dynamically sets this
                         if ($elementModel->canView()) {
                             //if (!$elementModel->canUse() && $elementModel->canView()) {
                             if (is_array($encrypted)) {
                                 //repeat groups no join
                                 $v = array();
                                 foreach ($encrypted as $e) {
                                     //$$$ rob urldecode when posting from ajax form
                                     $e = urldecode($e);
                                     $e = empty($e) ? '' : $crypt->decrypt($e);
                                     $v[] = $w->parseMessageForPlaceHolder($e, $post);
                                 }
                             } else {
                                 // $$$ rob urldecode when posting from ajax form
                                 $encrypted = urldecode($encrypted);
                                 $v = empty($encrypted) ? '' : $crypt->decrypt($encrypted);
                                 $v = $w->parseMessageForPlaceHolder($v, $post);
                             }
                             $elementModel->_group = $groupModel;
                             $elementModel->setValuesFromEncryt($post, $key, $v);
                             // $$ rob set both normal and rawvalues to encrypted - otherwise validate mehtod doenst
                             //pick up decrypted value
                             $elementModel->setValuesFromEncryt($post, $key . '_raw', $v);
                         }
                     }
                 }
             }
         }
     }
 }
Example #10
0
 /**
  * Login authentication function.
  *
  * Username and encoded password are passed the onUserLogin event which
  * is responsible for the user validation. A successful validation updates
  * the current session record with the user's details.
  *
  * Username and encoded password are sent as credentials (along with other
  * possibilities) to each observer (authentication plugin) for user
  * validation.  Successful validation will update the current session with
  * the user details.
  *
  * @param   array  $credentials  Array('username' => string, 'password' => string)
  * @param   array  $options      Array('remember' => boolean)
  *
  * @return  boolean  True on success.
  *
  * @since   11.1
  */
 public function login($credentials, $options = array())
 {
     // Get the global JAuthentication object.
     jimport('joomla.user.authentication');
     $authenticate = JAuthentication::getInstance();
     $response = $authenticate->authenticate($credentials, $options);
     if ($response->status === JAuthentication::STATUS_SUCCESS) {
         // validate that the user should be able to login (different to being authenticated)
         // this permits authentication plugins blocking the user
         $authorisations = $authenticate->authorise($response, $options);
         foreach ($authorisations as $authorisation) {
             $denied_states = array(JAuthentication::STATUS_EXPIRED, JAuthentication::STATUS_DENIED);
             if (in_array($authorisation->status, $denied_states)) {
                 // Trigger onUserAuthorisationFailure Event.
                 $this->triggerEvent('onUserAuthorisationFailure', array((array) $authorisation));
                 // If silent is set, just return false.
                 if (isset($options['silent']) && $options['silent']) {
                     return false;
                 }
                 // Return the error.
                 switch ($authorisation->status) {
                     case JAuthentication::STATUS_EXPIRED:
                         return JError::raiseWarning('102002', JText::_('JLIB_LOGIN_EXPIRED'));
                         break;
                     case JAuthentication::STATUS_DENIED:
                         return JError::raiseWarning('102003', JText::_('JLIB_LOGIN_DENIED'));
                         break;
                     default:
                         return JError::raiseWarning('102004', JText::_('JLIB_LOGIN_AUTHORISATION'));
                         break;
                 }
             }
         }
         // Import the user plugin group.
         JPluginHelper::importPlugin('user');
         // OK, the credentials are authenticated and user is authorised.  Lets fire the onLogin event.
         $results = $this->triggerEvent('onUserLogin', array((array) $response, $options));
         /*
          * If any of the user plugins did not successfully complete the login routine
          * then the whole method fails.
          *
          * Any errors raised should be done in the plugin as this provides the ability
          * to provide much more information about why the routine may have failed.
          */
         if (!in_array(false, $results, true)) {
             // Set the remember me cookie if enabled.
             if (isset($options['remember']) && $options['remember']) {
                 jimport('joomla.utilities.simplecrypt');
                 jimport('joomla.utilities.utility');
                 // Create the encryption key, apply extra hardening using the user agent string.
                 $agent = @$_SERVER['HTTP_USER_AGENT'];
                 // Ignore empty and crackish user agents
                 if ($agent != '' && $agent != 'JLOGIN_REMEMBER') {
                     $key = JUtility::getHash($agent);
                     $crypt = new JSimpleCrypt($key);
                     $rcookie = $crypt->encrypt(serialize($credentials));
                     $lifetime = time() + 365 * 24 * 60 * 60;
                     // Use domain and path set in config for cookie if it exists.
                     $cookie_domain = $this->getCfg('cookie_domain', '');
                     $cookie_path = $this->getCfg('cookie_path', '/');
                     setcookie(JUtility::getHash('JLOGIN_REMEMBER'), $rcookie, $lifetime, $cookie_path, $cookie_domain);
                 }
             }
             return true;
         }
     }
     // Trigger onUserLoginFailure Event.
     $this->triggerEvent('onUserLoginFailure', array((array) $response));
     // If silent is set, just return false.
     if (isset($options['silent']) && $options['silent']) {
         return false;
     }
     // If status is success, any error will have been raised by the user plugin
     if ($response->status !== JAuthentication::STATUS_SUCCESS) {
         JError::raiseWarning('102001', JText::_('JLIB_LOGIN_AUTHENTICATE'));
     }
     return false;
 }
Example #11
0
 /**
  * If an element is set to readonly, and has a default value selected then insert this
  * data into the array that is to be bound to the table record
  * @since 1.0.6
  * @param array data
  * @param object to bind to table row
  * @param int is record join record
  */
 function _addDefaultDataFromRO(&$data, &$oRecord, $isJoin, $rowid)
 {
     jimport('joomla.utilities.simplecrypt');
     // $$$ rob since 1.0.6 : 10 June 08
     // get the current record - not that which was posted
     $formModel =& $this->getFormModel();
     $table =& $this->getTable();
     if (is_null($this->_origData)) {
         if (empty($rowid)) {
             $this->_origData = $origdata = array();
         } else {
             $sql = $formModel->_buildQuery();
             $db =& $this->getDb();
             $db->setQuery($sql);
             $origdata = $db->loadObject();
             $origdata = JArrayHelper::fromObject($origdata);
             $origdata = is_array($origdata) ? $origdata : array();
             $this->_origData =& $origdata;
         }
     } else {
         $origdata =& $this->_origData;
     }
     $form =& $formModel->getForm();
     $groups =& $formModel->getGroupsHiarachy();
     $gcounter = 0;
     $repeatGroupCounts = JRequest::getVar('fabrik_repeat_group', array());
     foreach ($groups as $groupModel) {
         if ($isJoin && $groupModel->isJoin() || !$isJoin && !$groupModel->isJoin()) {
             $elementModels =& $groupModel->getPublishedElements();
             foreach ($elementModels as $elementModel) {
                 // $$$ rob 25/02/2011 unviewable elements are now also being encrypted
                 //if (!$elementModel->canUse() && $elementModel->canView()) {
                 if (!$elementModel->canUse()) {
                     $element =& $elementModel->getElement();
                     $fullkey = $elementModel->getFullName(false, true, false);
                     $key = $element->name;
                     // $$$ hugh - allow submission plugins to override RO data
                     // TODO - test this for joined data
                     if ($formModel->updatedByPlugin($fullkey)) {
                         continue;
                     }
                     //force a reload of the default value with $origdata
                     unset($elementModel->defaults);
                     $default = array();
                     foreach ($repeatGroupCounts as $groupId => $repeatCount) {
                         $def = $elementModel->getValue($origdata, $repeatCount);
                         // $$$ rob 26/04/2011 encodeing done at the end
                         //if its a dropdown radio etc
                         /*if (is_array($def)) {
                         		$def = json_encode($def);
                         		}*/
                         $default[] = $def;
                     }
                     $default = count($default) == 1 ? $default[0] : json_encode($default);
                     $data[$key] = $default;
                     $oRecord->{$key} = $default;
                 }
             }
         }
         $gcounter++;
     }
     $copy = JRequest::getBool('Copy');
     //check crypted querystring vars (encrypted in form/view.html.php ) _cryptQueryString
     if (array_key_exists('fabrik_vars', $_REQUEST) && array_key_exists('querystring', $_REQUEST['fabrik_vars'])) {
         $crypt = new JSimpleCrypt();
         foreach ($_REQUEST['fabrik_vars']['querystring'] as $key => $encrypted) {
             // $$$ hugh - allow submission plugins to override RO data
             // TODO - test this for joined data
             if ($formModel->updatedByPlugin($key)) {
                 continue;
             }
             $key = FabrikString::shortColName($key);
             // $$$ hugh - trying to fix issue where encrypted elements from a main group end up being added to
             // a joined group's field list for the update/insert on the joined row(s).
             if (!array_key_exists($key, $data)) {
                 continue;
             }
             foreach ($groups as $groupModel) {
                 $elementModels =& $groupModel->getPublishedElements();
                 foreach ($elementModels as $elementModel) {
                     $element =& $elementModel->getElement();
                     if ($element->name == $key) {
                         //dont overwrite if something has been entered
                         // $$$ rob 25/02/2011 unviewable elements are now also being encrypted
                         //if (!$elementModel->canUse() && $elementModel->canView()) {
                         if (!$elementModel->canUse()) {
                             //repeat groups no join:
                             if (is_array($encrypted)) {
                                 $v = array();
                                 foreach ($encrypted as $e) {
                                     $v[] = empty($e) ? '' : $crypt->decrypt($e);
                                 }
                                 $v = json_encode($v);
                             } else {
                                 $v = !empty($encrypted) ? $crypt->decrypt($encrypted) : '';
                             }
                             if ($copy) {
                                 $v = $elementModel->onSaveAsCopy($v);
                             }
                             $data[$key] = $v;
                             $oRecord->{$key} = $v;
                         }
                         // $$$ hugh FIXME - is there some reason we don't break out back to the
                         // main querystring foreach at this point, rather than looping through
                         // all remaining elements and groups?
                     }
                 }
             }
         }
     }
 }
Example #12
0
 /**
  * Add in any encrypted stuff, in case we fail validation ...
  * otherwise it won't be in $data when we rebuild the page.
  * Need to do it here, so _raw fields get added in the next chunk 'o' code.
  *
  * @param   array  &$post  posted form data passed by reference
  *
  * @return	null
  */
 public function addEncrytedVarsToArray(&$post)
 {
     if (array_key_exists('fabrik_vars', $_REQUEST) && array_key_exists('querystring', $_REQUEST['fabrik_vars'])) {
         $groups = $this->getGroupsHiarachy();
         $gkeys = array_keys($groups);
         jimport('joomla.utilities.simplecrypt');
         $crypt = new JSimpleCrypt();
         $w = new FabrikWorker();
         foreach ($gkeys as $g) {
             $groupModel = $groups[$g];
             $elementModels = $groupModel->getPublishedElements();
             foreach ($elementModels as $elementModel) {
                 $element = $elementModel->getElement();
                 foreach ($_REQUEST['fabrik_vars']['querystring'] as $key => $encrypted) {
                     if ($elementModel->getFullName(false, true, false) == $key) {
                         /* 	$$$ rob - dont test for !canUse() as confirmation plugin dynamically sets this
                          * if ($elementModel->canView())
                          * $$$ hugh - testing adding non-viewable, non-editable elements to encrypted vars
                          */
                         if (true) {
                             // Was testing for: if (!$elementModel->canUse() && $elementModel->canView()) {
                             if (is_array($encrypted)) {
                                 // Repeat groups no join
                                 $v = array();
                                 foreach ($encrypted as $e) {
                                     // $$$ rob urldecode when posting from ajax form
                                     $e = urldecode($e);
                                     $e = empty($e) ? '' : $crypt->decrypt($e);
                                     $e = FabrikWorker::JSONtoData($e);
                                     $v[] = $w->parseMessageForPlaceHolder($e, $post);
                                 }
                             } else {
                                 // $$$ rob urldecode when posting from ajax form
                                 $encrypted = urldecode($encrypted);
                                 $v = empty($encrypted) ? '' : $crypt->decrypt($encrypted);
                                 /* $$$ hugh - things like elementlist elements (radios, etc) seem to use
                                  * their JSON data for encrypted read only vals, need to decode.
                                  */
                                 $v = FabrikWorker::JSONtoData($v);
                                 $v = $w->parseMessageForPlaceHolder($v, $post);
                             }
                             $elementModel->_group = $groupModel;
                             $elementModel->setValuesFromEncryt($post, $key, $v);
                             /* $$ rob set both normal and rawvalues to encrypted - otherwise validate method doenst
                              * pick up decrypted value
                              */
                             $elementModel->setValuesFromEncryt($post, $key . '_raw', $v);
                         }
                     }
                 }
             }
         }
     }
 }
Example #13
0
 /**
  * If an element is set to readonly, and has a default value selected then insert this
  * data into the array that is to be bound to the table record
  *
  * @param   array   &$data           list data
  * @param   object  &$oRecord        to bind to table row
  * @param   int     $isJoin          is record join record
  * @param   int     $rowid           row id
  * @param   object  $joinGroupTable  join group table
  *
  * @since	1.0.6
  *
  * @return  void
  */
 function _addDefaultDataFromRO(&$data, &$oRecord, $isJoin, $rowid, $joinGroupTable)
 {
     jimport('joomla.utilities.simplecrypt');
     // $$$ rob since 1.0.6 : 10 June 08
     // Get the current record - not that which was posted
     $formModel = $this->getFormModel();
     $table = $this->getTable();
     if (is_null($this->_origData)) {
         /* $$$ hugh FIXME - doesn't work for rowid=-1 / usekey submissions,
          * ends up querying "WHERE foo.userid = '<rowid>'" instead of <userid>
          * OK for now, as we should catch RO data from the encrypted vars check
          * later in this method.
          */
         if (empty($rowid)) {
             $this->_origData = $origdata = array();
         } else {
             $sql = $formModel->_buildQuery();
             $db = $this->getDb();
             $db->setQuery($sql);
             $origdata = $db->loadObject();
             $origdata = JArrayHelper::fromObject($origdata);
             $origdata = is_array($origdata) ? $origdata : array();
             $this->_origData = $origdata;
         }
     } else {
         $origdata = $this->_origData;
     }
     $form = $formModel->getForm();
     $groups = $formModel->getGroupsHiarachy();
     /* $$$ hugh - seems like there's no point in doing this chunk if there is no
     		 $origdata to work with?  Not sure if there's ever a valid reason for doing so,
     		 but it certainly breaks things like onCopyRow(), where (for instance) user
     		 elements will get reset to 0 by this code.
     		 */
     if (!empty($origdata)) {
         $gcounter = 0;
         $repeatGroupCounts = JRequest::getVar('fabrik_repeat_group', array());
         foreach ($groups as $groupModel) {
             if ($isJoin && $groupModel->isJoin() || !$isJoin && !$groupModel->isJoin()) {
                 $elementModels = $groupModel->getPublishedElements();
                 foreach ($elementModels as $elementModel) {
                     // $$$ rob 25/02/2011 unviewable elements are now also being encrypted
                     // if (!$elementModel->canUse() && $elementModel->canView()) {
                     if (!$elementModel->canUse()) {
                         $element = $elementModel->getElement();
                         $fullkey = $elementModel->getFullName(false, true, false);
                         // $$$ rob 24/01/2012 if a previous joined data set had a ro element then if we werent checkign that group is the
                         // same as the join group then the insert failed as data from other joins added into the current join
                         if ($isJoin && $groupModel->getId() != $joinGroupTable->id) {
                             continue;
                         }
                         $key = $element->name;
                         // $$$ hugh - allow submission plugins to override RO data
                         // TODO - test this for joined data
                         if ($formModel->updatedByPlugin($fullkey)) {
                             continue;
                         }
                         // Force a reload of the default value with $origdata
                         unset($elementModel->defaults);
                         $default = array();
                         $repeatGroupCount = JArrayHelper::getValue($repeatGroupCounts, $groupModel->getGroup()->id);
                         for ($repeatCount = 0; $repeatCount < $repeatGroupCount; $repeatCount++) {
                             $def = $elementModel->getValue($origdata, $repeatCount);
                             if (is_array($def)) {
                                 // Radio buttons getValue() returns an array already so don't array the array.
                                 $default = $def;
                             } else {
                                 $default[] = $def;
                             }
                         }
                         $default = count($default) == 1 ? $default[0] : json_encode($default);
                         $data[$key] = $default;
                         $oRecord->{$key} = $default;
                     }
                 }
             }
             $gcounter++;
         }
     }
     $copy = JRequest::getBool('Copy');
     // Check crypted querystring vars (encrypted in form/view.html.php ) _cryptQueryString
     if (array_key_exists('fabrik_vars', $_REQUEST) && array_key_exists('querystring', $_REQUEST['fabrik_vars'])) {
         $crypt = new JSimpleCrypt();
         foreach ($_REQUEST['fabrik_vars']['querystring'] as $key => $encrypted) {
             // $$$ hugh - allow submission plugins to override RO data
             // TODO - test this for joined data
             if ($formModel->updatedByPlugin($key)) {
                 continue;
             }
             $key = FabrikString::shortColName($key);
             /* $$$ hugh - trying to fix issue where encrypted elements from a main group end up being added to
              * a joined group's field list for the update/insert on the joined row(s).
              */
             /*
              * $$$ rob - commenting it out as this was stopping data that was not viewable or editable from being included
              * in $data. New test added inside foreach loop below
              **/
             /* if (!array_key_exists($key, $data))
             			{
             			    continue;
             			} */
             foreach ($groups as $groupModel) {
                 // New test to replace if (!array_key_exists($key, $data))
                 // $$$ hugh - this stops elements from joined groups being added to main row, but see 'else'
                 if ($isJoin) {
                     if ($groupModel->getGroup()->id != $joinGroupTable->id) {
                         continue;
                     }
                 } else {
                     // $$$ hugh - need test here if not $isJoin, to stop keys from joined groups being added to main row!
                     if ($groupModel->isJoin()) {
                         continue;
                     }
                 }
                 $elementModels = $groupModel->getPublishedElements();
                 foreach ($elementModels as $elementModel) {
                     $element = $elementModel->getElement();
                     // $$$ hugh - I have a feeling this test is a Bad Thing <tm> as it is using short keys, so if two joined groups share the same element name(s) ...
                     if ($element->name == $key) {
                         // Don't overwrite if something has been entered
                         // $$$ rob 25/02/2011 unviewable elements are now also being encrypted
                         // if (!$elementModel->canUse() && $elementModel->canView()) {
                         if (!$elementModel->canUse()) {
                             // Repeat groups no join:
                             if (is_array($encrypted)) {
                                 $v = array();
                                 foreach ($encrypted as $e) {
                                     $e = urldecode($e);
                                     $v[] = empty($e) ? '' : $crypt->decrypt($e);
                                 }
                                 $v = json_encode($v);
                             } else {
                                 $encrypted = urldecode($encrypted);
                                 $v = !empty($encrypted) ? $crypt->decrypt($encrypted) : '';
                             }
                             /* $$$ hugh - also gets called in storeRow(), not sure if we really need to
                              * call it here?  And if we do, then we should probably be calling onStoreRow
                              * as well, if $data['fabrik_copy_from_table'] is set?  Can't remember why,
                              * but we differentiate between the two, with onCopyRow being when a row is copied
                              * using the list plugin, and onSaveAsCopy when the form plugin is used.
                              */
                             if ($copy) {
                                 $v = $elementModel->onSaveAsCopy($v);
                             }
                             $data[$key] = $v;
                             $oRecord->{$key} = $v;
                         }
                         break 2;
                     }
                 }
             }
         }
     }
 }
Example #14
0
	function onUserLogin($user, $options = array())
	{
		$mainframe = JFactory::getApplication('site');
			
		if (array_key_exists ('skip_joomdlehooks', $options))
			return;

		if ($mainframe->isAdmin()) 
			return;

		$username = $user['username'];
        $moodle_user = JoomdleHelperContent::call_method ("user_id", $username);
        // Do nothing if user does not exist in Moodle
        if (!$moodle_user)
            return;


		$comp_params = JComponentHelper::getParams( 'com_joomdle' );

		$moodle_url = $comp_params->get( 'MOODLE_URL' );
		$redirectless_sso = $comp_params->get( 'redirectless_sso' );

		$session                = JFactory::getSession();
		$token = md5 ($session->getId());

		/* Don't log in Moodle if user is blocked */
		$user_id = JUserHelper::getUserId($username);
		$user_obj = JFactory::getUser($user_id);
		if  ($user_obj->block)
			return;

		$app =  JFactory::getApplication();


		if (JRequest::getVar ('return'))
		{
			$return = JRequest::getVar ('return');
            if (!strncmp ($return, 'B:', 2))
            {
                /* CB login module */
                $login_url = urlencode (base64_decode (substr ($return, 2)));
            }
            else
            {
                /* Normal login */
                $login_url = urlencode (base64_decode (JRequest::getVar ('return')));
            }
		}
		else if (array_key_exists ('url', $options))
			$login_url = urlencode ($options['url']);
		else
			$login_url = urlencode (JRequest::getUri ());

		// Set the remember me cookie if enabled
		// as we are redirecting and this would not be executed by Joomla
		if (isset($options['remember']) && $options['remember'])
		{
			jimport('joomla.utilities.simplecrypt');
			jimport('joomla.utilities.utility');

			//Create the encryption key, apply extra hardening using the user agent string
			$key = JApplication::getHash(@$_SERVER['HTTP_USER_AGENT']);

			$credentials = array ('username'=>$username, 'password'=>$user['password']);

			$crypt = new JSimpleCrypt($key);
			$rcookie = $crypt->encrypt(serialize($credentials));
			$lifetime = time() + 365*24*60*60;
			setcookie( JApplication::getHash('JLOGIN_REMEMBER'), $rcookie, $lifetime, '/' );
		}
		// Metodo nuevo con cURL
		if ($redirectless_sso)
			plgUserJoomdlehooks::log_into_moodle ($username, $token);
		else  // Metodo normal usando redirect
			$app->redirect($moodle_url."/auth/joomdle/land.php?username=$username&token=$token&use_wrapper=0&create_user=0&wantsurl=$login_url" ); 
	}
Example #15
0
 /**
  * Write user twitter details to database, encrypting the password
  * @param $username
  * @param $password
  * @return bool
  */
 function _saveUserLogin($username, $password)
 {
     global $mainframe;
     $user =& JFactory::getUser();
     if ($user->id) {
         // make sure there is a logged in user
         $key = str_rot13(strrev($user->username));
         $crypt = new JSimpleCrypt($key);
         $hash = $crypt->encrypt($password);
         $btuser =& JTable::getInstance('btuser');
         $data = $this->getUser($user->id);
         $btuser->id = $data->id;
         $btuser->userid = $user->id;
         $btuser->username = $username;
         $btuser->password = $hash;
         return $btuser->save($btuser);
     } else {
         return false;
     }
 }
Example #16
0
 /**
  * Remebers handling.
  */
 public function onAfterInitialise()
 {
     global $mainframe;
     $viewer = get_viewer();
     if (!$viewer->guest() && !$viewer->enabled) {
         KService::get('com://site/people.helper.person')->logout();
     }
     // No remember me for admin
     if ($mainframe->isAdmin()) {
         return;
     }
     jimport('joomla.utilities.utility');
     jimport('joomla.utilities.simplecrypt');
     $user = array();
     $remember = JUtility::getHash('JLOGIN_REMEMBER');
     // for json requests obtain the username and password from the $_SERVER array
     // else if the remember me cookie exists, decrypt and obtain the username and password from it
     if ($viewer->guest() && KRequest::has('server.PHP_AUTH_USER') && KRequest::has('server.PHP_AUTH_PW') && KRequest::format() == 'json') {
         $user['username'] = KRequest::get('server.PHP_AUTH_USER', 'raw');
         $user['password'] = KRequest::get('server.PHP_AUTH_PW', 'raw');
     } elseif ($viewer->guest() && isset($_COOKIE[$remember]) && $_COOKIE[$remember] != '') {
         $key = JUtility::getHash(KRequest::get('server.HTTP_USER_AGENT', 'raw'));
         if ($key) {
             $crypt = new JSimpleCrypt($key);
             $cookie = $crypt->decrypt($_COOKIE[$remember]);
             $user = (array) @unserialize($cookie);
         }
     } else {
         return;
     }
     if ($viewer->guest() && count($user)) {
         try {
             jimport('joomla.user.authentication');
             $authentication =& JAuthentication::getInstance();
             $authResponse = $authentication->authenticate($user, array());
             if ($authResponse->status == JAUTHENTICATE_STATUS_SUCCESS) {
                 KService::get('com://site/people.helper.person')->login($user, true);
             }
         } catch (RuntimeException $e) {
             //only throws exception if we are using JSON format
             //otherwise let the current app handle it
             if (KRequest::format() == 'json') {
                 throw $e;
             }
         }
     }
     return;
 }
Example #17
0
 protected function _cryptViewOnlyElements(&$aHiddenFields)
 {
     jimport('joomla.utilities.simplecrypt');
     jimport('joomla.utilities.utility');
     $crypt = new JSimpleCrypt();
     $formModel = $this->getModel();
     $fields = array();
     foreach ($this->get('readOnlyVals') as $key => $input) {
         $repeatGroup = $input['repeatgroup'];
         $isJoin = $input['join'];
         $input = $input['data'];
         // $$$ rob not sure this is correct now as I modified the readOnlyVals structure to contain info about if its in a group
         // and it now contains the repeated group data
         $input = is_array($input) && array_key_exists('value', $input) ? $input['value'] : $input;
         if ($repeatGroup) {
             $ar = array();
             $input = (array) $input;
             foreach ($input as $i) {
                 if (is_array($i)) {
                     //elements with sub options in repeat group
                     $i = json_encode($i);
                 }
                 $ar[] = $i;
             }
             $input = $isJoin ? $ar : json_encode($ar);
         } else {
             if (is_array($input)) {
                 //elements with sub options not in repeat group
                 $input = json_encode($input);
             }
         }
         if (is_array($input)) {
             for ($x = 0; $x < count($input); $x++) {
                 if (trim($input[$x]) !== '') {
                     $input[$x] = $crypt->encrypt($input[$x]);
                 }
             }
         } else {
             if (trim($input) !== '') {
                 $input = $crypt->encrypt($input);
             }
         }
         $key = FabrikString::rtrimword($key, "[]");
         // $$$ rob - no dont do below as it will strip out join names join[x][fullname] => join
         //$key = preg_replace("/\[(.*)\]/", '', $key);
         if (!array_key_exists($key, $fields)) {
             $fields[$key] = $input;
         } else {
             $fields[$key] = (array) $fields[$key];
             $fields[$key][] = $input;
         }
     }
     foreach ($fields as $key => $input) {
         if (is_array($input)) {
             for ($c = 0; $c < count($input); $c++) {
                 $i = $input[$c];
                 $aHiddenFields .= "<input type=\"hidden\" name=\"fabrik_vars[querystring][{$key}][{$c}]\" value=\"" . $i . "\" />\n";
             }
         } else {
             $aHiddenFields .= "<input type=\"hidden\" name=\"fabrik_vars[querystring][{$key}]\" value=\"" . $input . "\" />\n";
         }
     }
 }
Example #18
0
 /**
  * Login authentication function.
  *
  * Username and encoded password are passed the the onLoginUser event which
  * is responsible for the user validation. A successful validation updates
  * the current session record with the users details.
  *
  * Username and encoded password are sent as credentials (along with other
  * possibilities) to each observer (authentication plugin) for user
  * validation.  Successful validation will update the current session with
  * the user details.
  *
  * @param	array 	Array( 'username' => string, 'password' => string )
  * @param	array 	Array( 'remember' => boolean )
  * @return	boolean True on success.
  * @access	public
  * @since	1.5
  */
 function login($credentials, $options = array())
 {
     // Get the global JAuthentication object
     jimport('joomla.user.authentication');
     $authenticate =& JAuthentication::getInstance();
     $response = $authenticate->authenticate($credentials, $options);
     if ($response->status === JAUTHENTICATE_STATUS_SUCCESS) {
         $session =& JFactory::getSession();
         // we fork the session to prevent session fixation issues
         $session->fork();
         $this->_createSession($session->getId());
         // Import the user plugin group
         JPluginHelper::importPlugin('user');
         // OK, the credentials are authenticated.  Lets fire the onLogin event
         $results = $this->triggerEvent('onLoginUser', array((array) $response, $options));
         /*
          * If any of the user plugins did not successfully complete the login routine
          * then the whole method fails.
          *
          * Any errors raised should be done in the plugin as this provides the ability
          * to provide much more information about why the routine may have failed.
          */
         if (!in_array(false, $results, true)) {
             // Set the remember me cookie if enabled
             if (isset($options['remember']) && $options['remember']) {
                 jimport('joomla.utilities.simplecrypt');
                 jimport('joomla.utilities.utility');
                 //Create the encryption key, apply extra hardening using the user agent string
                 $agent = @$_SERVER['HTTP_USER_AGENT'];
                 // Ignore empty and crackish user agents
                 if ($agent != '' && $agent != 'JLOGIN_REMEMBER') {
                     $key = JUtility::getHash($agent);
                     $crypt = new JSimpleCrypt($key);
                     $rcookie = $crypt->encrypt(serialize($credentials));
                     $lifetime = time() + 365 * 24 * 60 * 60;
                     setcookie(JUtility::getHash('JLOGIN_REMEMBER'), $rcookie, $lifetime, '/');
                 }
             }
             return true;
         }
     }
     // Trigger onLoginFailure Event
     $this->triggerEvent('onLoginFailure', array((array) $response));
     // If silent is set, just return false
     if (isset($options['silent']) && $options['silent']) {
         return false;
     }
     // Return the error
     return JError::raiseWarning('SOME_ERROR_CODE', JText::_('E_LOGIN_AUTHENTICATE'));
 }
Example #19
0
 /**
  * Login authentication function.
  *
  * Username and encoded password are passed the the onUserLogin event which
  * is responsible for the user validation. A successful validation updates
  * the current session record with the user's details.
  *
  * Username and encoded password are sent as credentials (along with other
  * possibilities) to each observer (authentication plugin) for user
  * validation.  Successful validation will update the current session with
  * the user details.
  *
  * @param   array  $credentials  Array('username' => string, 'password' => string)
  * @param   array  $options      Array('remember' => boolean)
  *
  * @return  boolean  True on success.
  *
  * @since   11.1
  */
 public function login($credentials, $options = array())
 {
     // Get the global JAuthentication object.
     jimport('joomla.user.authentication');
     $authenticate = JAuthentication::getInstance();
     $response = $authenticate->authenticate($credentials, $options);
     if ($response->status === JAUTHENTICATE_STATUS_SUCCESS) {
         // Import the user plugin group.
         JPluginHelper::importPlugin('user');
         // OK, the credentials are authenticated.  Lets fire the onLogin event.
         $results = $this->triggerEvent('onUserLogin', array((array) $response, $options));
         /*
          * If any of the user plugins did not successfully complete the login routine
          * then the whole method fails.
          *
          * Any errors raised should be done in the plugin as this provides the ability
          * to provide much more information about why the routine may have failed.
          */
         if (!in_array(false, $results, true)) {
             // Set the remember me cookie if enabled.
             if (isset($options['remember']) && $options['remember']) {
                 jimport('joomla.utilities.simplecrypt');
                 jimport('joomla.utilities.utility');
                 // Create the encryption key, apply extra hardening using the user agent string.
                 $key = JUtility::getHash(@$_SERVER['HTTP_USER_AGENT']);
                 $crypt = new JSimpleCrypt($key);
                 $rcookie = $crypt->encrypt(serialize($credentials));
                 $lifetime = time() + 365 * 24 * 60 * 60;
                 // Use domain and path set in config for cookie if it exists.
                 $cookie_domain = $this->getCfg('cookie_domain', '');
                 $cookie_path = $this->getCfg('cookie_path', '/');
                 setcookie(JUtility::getHash('JLOGIN_REMEMBER'), $rcookie, $lifetime, $cookie_path, $cookie_domain);
             }
             return true;
         }
     }
     // Trigger onUserLoginFailure Event.
     $this->triggerEvent('onUserLoginFailure', array((array) $response));
     // If silent is set, just return false.
     if (isset($options['silent']) && $options['silent']) {
         return false;
     }
     // If status is success, any error will ahve been raised by the user plugin
     if ($response->status !== JAUTHENTICATE_STATUS_SUCCESS) {
         JError::raiseWarning('SOME_ERROR_CODE', JText::_('JLIB_LOGIN_AUTHENTICATE'));
     }
     return false;
 }