public function action($request) { $db = JFactory::getDBO(); $set = array(); if ($this->settings['activate']) { $set[] = '`block` = \'0\''; $set[] = '`activation` = \'\''; } $username = $this->getUsername($request); if (!empty($username)) { $set[] = '`username` = \'' . $username . '\''; } if (!empty($this->settings['password'])) { $pw = AECToolbox::rewriteEngineRQ($this->settings['password'], $request); jimport('joomla.user.helper'); $salt = JUserHelper::genRandomPassword(32); $crypt = JUserHelper::getCryptedPassword($pw, $salt); $password = $crypt . ':' . $salt; $set[] = '`password` = \'' . $password . '\''; } if (!empty($set)) { $query = 'UPDATE #__users'; $query .= ' SET ' . implode(', ', $set); $query .= ' WHERE `id` = \'' . (int) $request->metaUser->userid . '\''; $db->setQuery($query); $db->query() or die($db->stderr()); $userid = $request->metaUser->userid; // Reloading metaUser object for other MIs $request->metaUser = new metaUser($userid); } if (!empty($this->settings['set_fields'])) { $this->setFields($request); } }
function ajaxSaveRow() { $user = JFactory::getUser(); $id = $user->get('id'); jimport('joomla.mail.helper'); jimport('joomla.user.helper'); global $mainframe; $db =& JFactory::getDBO(); $varolan = JRequest::getVar('varolan'); $yeni = JRequest::getVar('yeni'); $sql = "select password from jos_users where id={$id}"; $liste = mysql_fetch_array(mysql_query($sql)); $parts = explode(":", $liste[password]); $crypt = $parts[0]; $salt = @$parts[1]; $testcrypt = JUserHelper::getCryptedPassword($varolan, $salt); if ($crypt == $testcrypt) { $salt = JUserHelper::genRandomPassword(32); $crypt = JUserHelper::getCryptedPassword($yeni, $salt); $password = $crypt . ':' . $salt; $query = 'UPDATE #__users' . ' SET `password` = "' . $password . '"' . ' WHERE id = ' . (int) $id . ' AND block = 0'; $db->setQuery($query); $db->query(); echo "<p align=center>Şifreniz başarıyla değiştirildi.</p>"; } else { echo "<p align=center>Geçerli şifreniz yanlış.</p><p align=center><a href='index.php?option=com_user&view=changepass'>Yeniden deneyiniz</a></p>"; } }
public function addTempUser($data) { $db =& $this->getDBO(); //get current session id. $mySess =& JFactory::getSession(); $token = $mySess->get('JS_REG_TOKEN', ''); $nowDate = JFactory::getDate(); $nowDate = $nowDate->toMysql(); // Combine firsname and last name as full name if (empty($data['jsname'])) { $data['jsname'] = $data['jsfirstname'] . ' ' . $data['jslastname']; } $obj = new stdClass(); $obj->name = $data['jsname']; $obj->firstname = isset($data['jsfirstname']) ? $data['jsfirstname'] : ''; $obj->lastname = isset($data['jslastname']) ? $data['jslastname'] : ''; $obj->token = $token; $obj->username = $data['jsusername']; $obj->email = $data['jsemail']; $obj->password = $data['jspassword']; $obj->created = $nowDate; $obj->ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; // no clear text password store in db jimport('joomla.user.helper'); $salt = JUserHelper::genRandomPassword(32); $crypt = JUserHelper::getCryptedPassword($obj->password, $salt); $obj->password = $crypt . ':' . $salt; $db->insertObject('#__community_register', $obj); if ($db->getErrorNum()) { JError::raiseError(500, $db->stderr()); } $this->return_value[__FUNCTION__] = true; return $this; }
/** * Generate token here to standardize the token generation * @condition if the userId is provided it will be assign to the user directly * @see assignToken() * @return String generated token */ public function generateToken() { $salt = JUserHelper::genRandomPassword(20); $crypt = JUserHelper::getCryptedPassword(rand(), $salt); $token = $crypt . ':' . $salt; return $token; }
function onAuthenticate($credentials, $options, &$response) { jimport('joomla.user.helper'); if (empty($credentials['password'])) { $response->status = JAUTHENTICATE_STATUS_FAILURE; $response->error_message = 'Empty password not allowed'; return false; } $db =& JFactory::getDBO(); $sql = 'SELECT `id`, `password`, `gid` FROM `#__users` WHERE payroll=' . $db->Quote($credentials['username']); $db->setQuery($sql); $result = $db->loadObject(); if ($result) { $parts = explode(':', $result->password); $crypt = $parts[0]; $salt = @$parts[1]; $testcrypt = JUserHelper::getCryptedPassword($credentials['password'], $salt); if ($crypt == $testcrypt) { $user = JUser::getInstance($result->id); // Bring this in line with the rest of the system $response->username = $user->username; $response->email = $user->email; $response->fullname = $user->name; $response->status = JAUTHENTICATE_STATUS_SUCCESS; $response->error_message = ''; } else { $response->status = JAUTHENTICATE_STATUS_FAILURE; $response->error_message = 'Invalid password'; } } else { $response->status = JAUTHENTICATE_STATUS_FAILURE; $response->error_message = 'User does not exist'; } }
function simple_registration($username, $password, $name, $email, $defaultUserGroups = array(2)) { //Default group 2=registered $result = array('error', 'message'); $usersConfig =& JComponentHelper::getParams('com_users'); if ($usersConfig->get('allowUserRegistration') == '1') { //PASSWORD $salt = JUserHelper::genRandomPassword(32); $password_clear = $password; $crypted = JUserHelper::getCryptedPassword($password_clear, $salt); $password = $crypted . ':' . $salt; //set $instance = JUser::getInstance(); $instance->set('id', 0); $instance->set('name', $name); $instance->set('username', $username); $instance->set('password', $password); $instance->set('password_clear', $password_clear); $instance->set('email', $email); $instance->set('groups', $defaultUserGroups); if (!$instance->save()) { //resultat $result['error'] = true; $result['message'] = 'bad data'; } else { $result['error'] = false; $result['message'] = 'success'; } } else { $result['error'] = true; $result['message'] = 'no allow user registration'; } return $result; }
private function authenticate($username, $password = null, $valid = 86400) { // Get a database object $db = JFactory::getDbo(); // Look for any tokens for this user $db->setQuery($db->getQuery(true)->select('*')->from('#__rvs_user_tokens')->where('uid=' . $db->q($result->id))); $obj = $db->loadObject(); // If there is already a valid token, just return that, otherwise try to create one if ($obj->valid > JDate::getInstance()->toUnix()) { return $obj->token; } else { $db->setQuery($db->getQuery(true)->select('id, password')->from('#__users')->where('username='******':', $result->password); $crypt = $parts[0]; $salt = @$parts[1]; $testcrypt = JUserHelper::getCryptedPassword($password, $salt); if ($crypt == $testcrypt) { // Authentication successful, create a token and populate the table $obj = new stdClass(); $obj->uid = $result->id; $obj->token = md5(rand() . $salt); $obj->valid = JDate::getInstance()->toUnix() + $valid; $db->setQuery($db->getQuery(true)->select('uid')->from('#__rvs_user_tokens')->where('uid=' . $db->q($obj->uid))); if ($db->loadResult()) { $db->updateObject('#__rvs_user_tokens', $obj, 'uid'); } else { $db->insertObject('#__rvs_user_tokens', $obj, 'uid'); } return $obj->token; } } return null; }
function changepassword() { $mainframe = JFactory::getApplication(); $return = JRequest::getVar('return', 0); $return = base64_decode($return); $user_data = $_POST; if ($user_data['password'] == $user_data['password2']) { $user = JFactory::getUser(); $salt = JUserHelper::genRandomPassword(32); $crypt = JUserHelper::getCryptedPassword(JString::trim($user_data['password']), $salt); $password = $crypt . ':' . $salt; $user->set('password', $password); if ($user->save()) { $mainframe->enqueueMessage(JText::_('Successfully saved'), 'message'); } } else { JError::raiseWarning('', JText::_(' Passwords do not match. Please re-enter password.')); } $config = JBFactory::getConfig(); if ($return) { $this->setRedirect($return); } else { $this->setRedirect('index.php?option=com_bookpro&view=account&form=password&Itemid=' . JRequest::getVar('Itemid')); } }
/** * Password is saved to Joomla DB after succesful authentication * * @access public * @return boolean * @since 1.5 */ function onUserAfterLogin() { /* po uspesnem prihlaseni ulozime heslo */ if (isset($_POST["password"]) && $_POST["password"] != "") { // misto $_POST["password"] by melo byt //$jinput = JFactory::getApplication()->input; //$password = $jinput->get('password', '', 'STRING'); // http://stackoverflow.com/questions/2727043/using-php-to-create-a-joomla-user-password jimport('joomla.user.helper'); $salt = JUserHelper::genRandomPassword(32); $crypt = JUserHelper::getCryptedPassword($_POST["password"], $salt); $password = $crypt . ':' . $salt; // Get a database object $user = JFactory::getUser(); $db =& JFactory::getDBO(); $query = $db->getQuery(true); $fields = array($db->quoteName('password') . ' = "' . $password . '"'); $conditions = array($db->quoteName('username') . ' = "' . $user->username . '"'); $query->update($db->quoteName('#__users'))->set($fields)->where($conditions); $db->setQuery($query); $result = $db->execute(); return $result; } return false; }
function hashPassword($password) { require_once JPATH_BASE . '/includes/defines.php'; require_once JPATH_LIBRARIES . '/joomla/user/helper.php'; $salt = JUserHelper::genRandomPassword(32); $crypt = JUserHelper::getCryptedPassword($password, $salt); return "{$crypt}:{$salt}"; }
/** * Manupulates posted form data for insertion into database * * @param mixed $val this elements posted form data * @param array $data posted form data * * @return mixed */ public function storeDatabaseFormat($val, $data) { jimport('joomla.user.helper'); $salt = JUserHelper::genRandomPassword(32); $crypt = JUserHelper::getCryptedPassword($val, $salt); $val = $crypt . ':' . $salt; return $val; }
/** * This method should handle any authentication and report back to the subject */ function onUserAuthenticate($credentials, $options, &$response) { jimport('joomla.user.helper'); jimport('joomla.version'); $version = new JVersion(); $version = explode('.', $version->getShortVersion()); if ($version[0] == 3) { $success = JAuthentication::STATUS_SUCCESS; $failure = JAuthentication::STATUS_FAILURE; } else { $success = JAUTHENTICATE_STATUS_SUCCESS; $failure = JAUTHENTICATE_STATUS_FAILURE; } $response->type = 'Joomla'; // Joomla does not like blank passwords if (empty($credentials['password'])) { $response->status = $failure; $response->error_message = JText::_('JGLOBAL_AUTH_EMPTY_PASS_NOT_ALLOWED'); return false; } // Initialise variables. $conditions = ''; // Get a database object $db = JFactory::getDbo(); $query = $db->getQuery(true); $query->select('id, password'); $query->from('#__users'); $query->where('email=' . $db->Quote($credentials['username'])); $db->setQuery($query); $result = $db->loadObject(); if ($result) { $parts = explode(':', $result->password); $crypt = $parts[0]; $salt = @$parts[1]; $testcrypt = JUserHelper::getCryptedPassword($credentials['password'], $salt); if ($crypt == $testcrypt) { $user = JUser::getInstance($result->id); // Bring this in line with the rest of the system $response->username = $user->username; $response->email = $user->email; $response->fullname = $user->name; if (JFactory::getApplication()->isAdmin()) { $response->language = $user->getParam('admin_language'); } else { $response->language = $user->getParam('language'); } $response->status = $success; $response->error_message = ''; } else { $response->status = $failure; $response->error_message = JText::_('JGLOBAL_AUTH_INVALID_PASS'); } } else { $response->status = $failure; $response->error_message = JText::_('JGLOBAL_AUTH_NO_USER'); } }
public static function generatePassword($text, $is_cripted = false) { $password = $text; if ($is_cripted == false) { return $password; } jimport('joomla.user.helper'); $salt = JUserHelper::genRandomPassword(8); $crypt = JUserHelper::getCryptedPassword($password, $salt); $password = $crypt . ":" . $salt; return $password; }
/** * Function post for create user record. * * @return void */ public function post() { $error_messages = array(); $fieldname = array(); $response = null; $validated = true; $userid = null; $data = array(); $app = JFactory::getApplication(); $data['username'] = $app->input->get('username', '', 'STRING'); $data['password'] = $app->input->get('password', '', 'STRING'); $data['name'] = $app->input->get('name', '', 'STRING'); $data['email'] = $app->input->get('email', '', 'STRING'); global $message; jimport('joomla.user.helper'); $authorize = JFactory::getACL(); $user = clone JFactory::getUser(); $user->set('username', $data['username']); $user->set('password', $data['password']); $user->set('name', $data['name']); $user->set('email', $data['email']); // Password encryption $salt = JUserHelper::genRandomPassword(32); $crypt = JUserHelper::getCryptedPassword($user->password, $salt); $user->password = "******"; // User group/type $user->set('id', ''); $user->set('usertype', 'Registered'); if (JVERSION >= '1.6.0') { $userConfig = JComponentHelper::getParams('com_users'); // Default to Registered. $defaultUserGroup = $userConfig->get('new_usertype', 2); $user->set('groups', array($defaultUserGroup)); } else { $user->set('gid', $authorize->get_group_id('', 'Registered', 'ARO')); } $date =& JFactory::getDate(); $user->set('registerDate', $date->toSql()); // True on success, false otherwise if (!$user->save()) { $message = "not created because of " . $user->getError(); return false; } else { $message = "created of username-" . $user->username . " and send mail of details please check"; } // #$this->plugin->setResponse($user->id); $userid = $user->id; // Result message $result = array('user id ' => $userid, 'message' => $message); $result = $userid ? $result : $message; $this->plugin->setResponse($result); }
/** * Generate token here to standardize the token generation * @condition if the user_id is provided it will be assign to the user directly * @see assignToken() * @return String generated token */ public function generateToken($user_id = null) { $salt = JUserHelper::genRandomPassword(50); $crypt = JUserHelper::getCryptedPassword($user_id, $salt); $token = $crypt . ':' . $salt; if ($user_id != NULL) { if ($this->assignToken($user_id, $token)) { return true; } else { return false; } } else { return $token; } }
public function post() { $username = JRequest::getVar('username', '', 'post'); $password = JRequest::getVar('password', '', 'post'); if (!$username || !$password) { $error = new JException('Credentials Not Found'); $this->plugin->setResponse($error); return; } $db = JFactory::getDBO(); $query = "SELECT id, password FROM #__users WHERE LOWER(username) = LOWER(" . $db->Quote($username) . ")"; $db->setQuery($query); $result = $db->loadObject(); if (!$result) { // Login failed $error = new JException('Incorrect username or password.'); $this->plugin->setResponse($error); return; } jimport('joomla.user.helper'); $parts = explode(':', $result->password); $crypt = $parts[0]; $salt = @$parts[1]; $testcrypt = JUserHelper::getCryptedPassword($password, $salt); if ($crypt == $testcrypt) { // Login success, return API Key $query = "SELECT hash FROM #__api_keys WHERE user_id = " . $db->Quote($result->id); $db->setQuery($query); $key = $db->loadResult(); if ($key) { // Key found $this->plugin->setResponse($key); return; } else { // No key found $error = new JException('API Key Not Found'); $this->plugin->setResponse($error); return; } } else { // Login failed $error = new JException('Incorrect username or password.'); $this->plugin->setResponse($error); return; } }
/** * This method should handle any authentication and report back to the subject * * @access public * @param array $credentials Array holding the user credentials * @param array $options Array of extra options * @param object $response Authentication response object * @return boolean * @since 1.5 */ function onAuthenticate(&$credentials, $options, &$response) { jimport('joomla.user.helper'); // Joomla does not like blank passwords if (empty($credentials['password'])) { $response->status = JAUTHENTICATE_STATUS_FAILURE; $response->error_message = 'Empty password not allowed'; return false; } // Initialize variables $conditions = ''; // Get a database object $db =& JFactory::getDBO(); $username = $db->Quote($credentials['username']); $query = 'SELECT `id`, `username`, `password`, `email`' . ' FROM `#__users`' . ' WHERE username='******'@')) { $query .= ' OR email=' . $username; } $db->setQuery($query); $result = $db->loadObject(); if ($result) { $credentials['username'] = $result->username; $parts = explode(':', $result->password); $crypt = $parts[0]; $salt = isset($parts[1]) ? $parts[1] : ''; $testcrypt = JUserHelper::getCryptedPassword($credentials['password'], $salt); if ($crypt === $testcrypt) { // Bring this in line with the rest of the system $user = JUser::getInstance($result->id); $response->username = $user->username; $response->email = $user->email; $response->fullname = $user->name; $response->status = JAUTHENTICATE_STATUS_SUCCESS; $response->error_message = ''; } else { $response->status = JAUTHENTICATE_STATUS_FAILURE; $response->error_message = 'Invalid password'; } } else { $response->status = JAUTHENTICATE_STATUS_FAILURE; $response->error_message = 'User does not exist'; } }
/** * This method should handle any authentication and report back to the subject * * @param array $credentials Array holding the user credentials * @param array $options Array of extra options * @param object &$response Authentication response object * * @return boolean * * @since 1.5 */ public function onUserAuthenticate($credentials, $options, &$response) { $response->type = 'Joomla'; // Joomla does not like blank passwords if (empty($credentials['password'])) { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::_('JGLOBAL_AUTH_EMPTY_PASS_NOT_ALLOWED'); return false; } // Get a database object $db = JFactory::getDbo(); $query = $db->getQuery(true)->select('id, password')->from('#__users')->where('username='******'username'])); $db->setQuery($query); $result = $db->loadObject(); if ($result) { $parts = explode(':', $result->password); $crypt = $parts[0]; $salt = @$parts[1]; $testcrypt = JUserHelper::getCryptedPassword($credentials['password'], $salt); if ($crypt == $testcrypt) { // Bring this in line with the rest of the system $user = JUser::getInstance($result->id); $response->email = $user->email; $response->fullname = $user->name; if (JFactory::getApplication()->isAdmin()) { $response->language = $user->getParam('admin_language'); } else { $response->language = $user->getParam('language'); } $response->status = JAuthentication::STATUS_SUCCESS; $response->error_message = ''; } else { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::_('JGLOBAL_AUTH_INVALID_PASS'); } } else { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::_('JGLOBAL_AUTH_NO_USER'); } }
/** * Function to create a user of Joomla. * * @param array $params associated array * @param string $mail email id for cms user * * @return uid if user exists, false otherwise * * @access public */ public function createUser(&$params, $output) { require_once JPATH_BASE . '/libraries/joomla/user/helper.php'; require_once JPATH_BASE . '/libraries/joomla/user/user.php'; require_once JPATH_BASE . '/libraries/cms/component/helper.php'; $salt = \JUserHelper::genRandomPassword(32); $password_clear = $params->pass; $crypted = \JUserHelper::getCryptedPassword($password_clear, $salt); $password = $crypted . ':' . $salt; $instance = \JUser::getInstance(); $instance->set('id', 0); $instance->set('name', $params->name); $instance->set('username', $params->user); $instance->set('password', $password); $instance->set('password_clear', $password_clear); $instance->set('email', $params->email); $instance->set('groups', array($params->group)); $instance->set('block', 0); if (!$instance->save()) { // Return exception for instance } else { $output->writeln("Your Joomla user has been created. You can login using the credentials {$params->user} / {$password_clear}"); } }
public function setLoginErrorCodeInSession($username, $password) { $db = JFactory::getDbo(); $query = 'SELECT id, password, block FROM text_users WHERE username='******' OR email=' . $db->Quote($username); $db->setQuery($query); $user = $db->loadObject(); session_start(); //login exitoso $_SESSION["login-error-code"] = 0; if ($user) { $parts = explode(':', $user->password); $crypt = $parts[0]; $salt = @$parts[1]; $testcrypt = JUserHelper::getCryptedPassword($password, $salt); if ($crypt == $testcrypt) { if ($user->block == 1) { //login: usuario sin activar $_SESSION["login-error-code"] = 3; } } else { //login: password invalida $_SESSION["login-error-code"] = 1; } } else { //login: usuario inexistente $_SESSION["login-error-code"] = 2; } }
function ubahDataAkun() { $id = $this->session->userdata('feun_id'); $passLama = $this->security->xss_clean($this->input->post('pass_lama', TRUE)); $passBaru = $this->security->xss_clean($this->input->post('pass_baru', TRUE)); $passBaruKonfir = $this->security->xss_clean($this->input->post('pass_baru_konfir', TRUE)); //$crypt0 = JUserHelper::getCryptedPassword($passLama, $salt); //$passwordLama = $crypt0.':'.$salt; //$crypt1 = ''; //$getPasword = ''; //require_once ('system/libraries/joomla-helper.php'); // $cryptsalt = $this->main_models->checkPassword($id);//password yg ada di database //list($crypt,$salt0) = explode(":",$cryptsalt); //$crypt1 = joomlauser::getCryptedPassword($passLama,$salt0); //$getPasword = $crypt1.':'.$salt0; //$checkPassword = ; if ($passLama) { $this->load->library('form_validation'); $this->form_validation->set_rules('pass_lama', 'Password Lama', 'required'); $this->form_validation->set_rules('pass_baru', 'Password Baru', 'matches[pass_baru_konfir]'); $this->form_validation->set_rules('pass_baru_konfir', 'Ulangi Password Baru', 'matches[pass_baru]'); //$this->form_validation->set_rules('usertype', 'User Type', 'required'); if ($this->form_validation->run() == TRUE) { //if($passBaru <>""){ require_once 'system/libraries/helper.php'; $salt = JUserHelper::genRandomPassword(32); $password = $passBaru; $crypt = JUserHelper::getCryptedPassword($password, $salt); $passwordBaru = $crypt . ':' . $salt; //} else{ //$passwordBaru = ""; //} $save = $this->model_account->editDataAkun($id, $passwordBaru); if (!$save) { $this->session->set_flashdata('gagal', 'Data Akun anda gagal diubah, silakan ulangi kembali'); header('location: ' . base_url() . 'index.php/account/editAccount'); } else { header('location: ' . base_url() . 'index.php/login/logout'); } } else { $this->session->set_flashdata('gagal', 'Password anda tidak sesuai, silakan ulangi kembali'); header('location: ' . base_url() . 'index.php/account/editAccount'); } } else { $this->session->set_flashdata('gagal', 'Password lama anda tidak tepat, silakan ulangi kembali = ' . $passLama); header('location: ' . base_url() . 'index.php/account/editAccount'); } }
/** * Receive the reset password request * * @param array $data The data expected for the form. * * @return mixed Exception | JException | boolean * * @since 1.6 */ public function processResetConfirm($data) { // Get the form. $form = $this->getResetConfirmForm(); $data['email'] = JStringPunycode::emailToPunycode($data['email']); // Check for an error. if ($form instanceof Exception) { return $form; } // Filter and validate the form data. $data = $form->filter($data); $return = $form->validate($data); // Check for an error. if ($return instanceof Exception) { return $return; } // Check the validation results. if ($return === false) { // Get the validation messages from the form. foreach ($form->getErrors() as $formError) { $this->setError($formError->getMessage()); } return false; } // Find the user id for the given token. $db = $this->getDbo(); $query = $db->getQuery(true)->select('activation')->select('id')->select('block')->from($db->quoteName('#__users'))->where($db->quoteName('username') . ' = ' . $db->quote($data['username'])); // Get the user id. $db->setQuery($query); try { $user = $db->loadObject(); } catch (RuntimeException $e) { return new JException(JText::sprintf('COM_USERS_DATABASE_ERROR', $e->getMessage()), 500); } // Check for a user. if (empty($user)) { $this->setError(JText::_('COM_USERS_USER_NOT_FOUND')); return false; } $parts = explode(':', $user->activation); $crypt = $parts[0]; if (!isset($parts[1])) { $this->setError(JText::_('COM_USERS_USER_NOT_FOUND')); return false; } $salt = $parts[1]; $testcrypt = JUserHelper::getCryptedPassword($data['token'], $salt, 'md5-hex'); // Verify the token if (!($crypt == $testcrypt)) { $this->setError(JText::_('COM_USERS_USER_NOT_FOUND')); return false; } // Make sure the user isn't blocked. if ($user->block) { $this->setError(JText::_('COM_USERS_USER_BLOCKED')); return false; } // Push the user data into the session. $app = JFactory::getApplication(); $app->setUserState('com_users.reset.token', $crypt . ':' . $salt); $app->setUserState('com_users.reset.user', $user->id); return true; }
function create() { // Get the document object. $document =& JFactory::getDocument(); // Set the MIME type for JSON output. $document->setMimeEncoding('application/json'); //Connect to Sugar via Rest interface include_once 'components/com_advancedopenportal/sugarRestClient.php'; $restClient = new sugarRestClient(); $restClient->login(); if (isset($_REQUEST['sug']) && $_REQUEST['sug'] != '') { $contacts = $restClient->getEntry('Contacts', $_REQUEST['sug'], array('name', 'email1')); if (!empty($contacts['entry_list'])) { $contact = $contacts['entry_list'][0]['name_value_list']; $pass = JUserHelper::genRandomPassword(); $pass_c = JUserHelper::getCryptedPassword($pass); $data = array(); $data['fullname'] = $contact['name']['value']; $data['email'] = $contact['email1']['value']; $data['password'] = $pass_c; $data['username'] = $contact['email1']['value']; $user = JUser::getInstance(); jimport('joomla.application.component.helper'); $config = JFactory::getConfig(); $params = JComponentHelper::getParams('com_users'); // Default to Registered. $defaultUserGroup = $params->get('new_usertype', 2); $acl = JFactory::getACL(); $user->set('id', 0); $user->set('name', $data['fullname']); $user->set('username', $data['username']); $user->set('password', $data['password']); $user->set('email', $data['email']); // Result should contain an email (check) $user->set('usertype', 'deprecated'); $user->set('groups', array($defaultUserGroup)); $user->setParam('sugarid', $_REQUEST['sug']); //If autoregister is set let's register the user $autoregister = isset($options['autoregister']) ? $options['autoregister'] : $params->get('autoregister', 1); if ($autoregister) { if (!$user->save()) { echo json_encode(array("error" => "Failed to save user " . implode(" ", $user->getErrors()))); JFactory::getApplication()->close(); return JError::raiseWarning('SOME_ERROR_CODE', $user->getError()); } } else { // No existing user and autoregister off, this is a temporary user. $user->set('tmp_user', true); } $restClient->setEntry('Contacts', array('id' => $_REQUEST['sug'], 'joomla_account_id' => $user->id, 'joomla_account_access' => $pass)); echo json_encode(array("success" => true)); } } else { echo json_encode(array("error" => "ID Not specified")); } JFactory::getApplication()->close(); }
/** * Creates the admin user */ function createAdminUser(&$vars) { $DBtype = JArrayHelper::getValue($vars, 'DBtype', 'mysql'); $DBhostname = JArrayHelper::getValue($vars, 'DBhostname', ''); $DBuserName = JArrayHelper::getValue($vars, 'DBuserName', ''); $DBpassword = JArrayHelper::getValue($vars, 'DBpassword', ''); $DBname = JArrayHelper::getValue($vars, 'DBname', ''); $DBPrefix = JArrayHelper::getValue($vars, 'DBPrefix', ''); $adminPassword = JArrayHelper::getValue($vars, 'adminPassword', ''); $adminEmail = JArrayHelper::getValue($vars, 'adminEmail', ''); jimport('joomla.user.helper'); // Create random salt/password for the admin user $salt = JUserHelper::genRandomPassword(32); $crypt = JUserHelper::getCryptedPassword($adminPassword, $salt); $cryptpass = $crypt . ':' . $salt; $vars['adminLogin'] = '******'; $db =& JInstallationHelper::getDBO($DBtype, $DBhostname, $DBuserName, $DBpassword, $DBname, $DBPrefix); // create the admin user $installdate = date('Y-m-d H:i:s'); $nullDate = $db->getNullDate(); $query = "INSERT INTO #__users VALUES (62, 'Administrator', 'admin', " . $db->Quote($adminEmail) . ", " . $db->Quote($cryptpass) . ", 'Super Administrator', 0, 1, 25, '{$installdate}', '{$nullDate}', '', '')"; $db->setQuery($query); if (!$db->query()) { // is there already and existing admin in migrated data if ($db->getErrorNum() == 1062) { $vars['adminLogin'] = JText::_('Admin login in migrated content was kept'); $vars['adminPassword'] = JText::_('Admin password in migrated content was kept'); return; } else { echo $db->getErrorMsg(); return; } } // add the ARO (Access Request Object) $query = "INSERT INTO #__core_acl_aro VALUES (10,'users','62',0,'Administrator',0)"; $db->setQuery($query); if (!$db->query()) { echo $db->getErrorMsg(); return; } // add the map between the ARO and the Group $query = "INSERT INTO #__core_acl_groups_aro_map VALUES (25,'',10)"; $db->setQuery($query); if (!$db->query()) { echo $db->getErrorMsg(); return; } }
function createnewuser($data, $randpass) { global $message; jimport('joomla.user.helper'); $app = JFactory::getApplication(); $authorize = JFactory::getACL(); $user = clone JFactory::getUser(); $user->set('username', $data['user_name']); $user->set('password1', $randpass); $user->set('name', $data['user_name']); $user->set('email', $data['user_email']); // password encryption $salt = JUserHelper::genRandomPassword(32); $crypt = JUserHelper::getCryptedPassword($user->password1, $salt); $user->password = "******"; // user group/type $user->set('id', ''); $user->set('usertype', 'Registered'); if (version_compare(JVERSION, '1.6.0', 'ge')) { $userConfig = JComponentHelper::getParams('com_users'); // Default to Registered. $defaultUserGroup = $userConfig->get('new_usertype', 2); $user->set('groups', array($defaultUserGroup)); } else { $user->set('gid', $authorize->get_group_id('', 'Registered', 'ARO')); } $date = JFactory::getDate(); $user->set('registerDate', $date->toSQL()); // true on success, false otherwise if (!$user->save()) { echo $message = JText::_('COM_QUICK2CART_UNABLE_TO_CREATE_USER_BZ_OF') . $user->getError(); return false; } else { $message = JText::sprintf('COM_QUICK2CART_CREATED_USER_AND_SEND_ACCOUNT_DETAIL_ON_EMAIL', $user->username); } $app->enqueueMessage($errMsg); return $user->id; }
/** * Method to create a new Joomla! user if it does not yet exist * * @param array $user * @param bool $empty_password * @return JUser|null */ public function create($user, $empty_password = false) { // Check on the users email if (empty($user['email']) || $this->isValidEmail($user['email']) == false) { return false; } // Import needed libraries jimport('joomla.utilities.date'); jimport('joomla.user.helper'); jimport('joomla.application.component.helper'); // Import user plugins JPluginHelper::importPlugin('user'); // Get system variables $db = JFactory::getDBO(); // Determine the email address $email = $user['email']; if (!empty($user['original_data']['email'])) { $email = $user['original_data']['email']; } // Try to fetch the user-record from the database $query = 'SELECT `id` FROM #__users WHERE email=' . $db->quote(email); $db->setQuery($query); $result = $db->loadResult(); // If $result is empty, this user (with $user['email']) does not exist yet if (empty($result)) { // Construct a data-array for this user $data = array('name' => $user['name'], 'username' => $user['username'], 'email' => $user['email'], 'guest' => 0); // Current date $now = new JDate(); $data['registerDate'] = $now->toSql(); // Do not use empty passwords in the Joomla! user-record if ($empty_password == false) { // Generate a new password if a password is not set if (!empty($user['password']) && is_string($user['password'])) { $password = $user['password']; } else { $password = JUserHelper::genRandomPassword(); } // Generate the encrypted password $salt = JUserHelper::genRandomPassword(32); $crypt = JUserHelper::getCryptedPassword($password, $salt); $data['password'] = $crypt . ':' . $salt; $data['password2'] = $crypt . ':' . $salt; // Use empty password in the Joomla! user-record } else { $data['password'] = ''; $data['password2'] = ''; } // Make sure MageBridge events stop $data['disable_events'] = 1; // Trigger the before-save event MageBridgeModelDebug::getInstance()->notice('Firing event onUserBeforeSave'); JFactory::getApplication()->triggerEvent('onUserBeforeSave', array($data, true, $data)); // Get the com_user table-class and use it to store the data to the database $table = JTable::getInstance('user', 'JTable'); $table->bind($data); $result = $table->store(); // Load the user $newuser = $this->loadByEmail($user['email']); $data['id'] = $newuser->id; // Trigger the after-save event MageBridgeModelDebug::getInstance()->notice('Firing event onUserAfterSave'); JFactory::getApplication()->triggerEvent('onUserAfterSave', array($data, true, true, null)); // Add additional data if (isset($table->id) && $table->id > 0) { // Check whether the current user is part of any groups $db->setQuery('SELECT * FROM `#__user_usergroup_map` WHERE `user_id`=' . $table->id); $rows = $db->loadObjectList(); if (empty($rows)) { $group_id = MageBridgeUserHelper::getDefaultJoomlaGroupid(); if (!empty($group_id)) { $db->setQuery('INSERT INTO `#__user_usergroup_map` SET `user_id`=' . $table->id . ', `group_id`=' . $group_id); $db->execute(); } } } // Get the resulting user return self::loadByEmail($user['email']); } return null; }
/** * Processes the password reset token verification request * * @return void */ public function verifyingTask() { // Check the request token Session::checkToken('request') or exit(Lang::txt('JINVALID_TOKEN')); // Grab the token (not to be confused with the CSRF token above!) if (!($token = trim(Request::getVar('token', false)))) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=verify', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_MISSING_TOKEN'), 'warning'); return; } // Get the token and user id from the confirmation process $id = User::getState('com_users.reset.user', null); // Get the user object try { $user = \Hubzero\User\User::oneOrFail($id); } catch (Exception $e) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_TOKENS_MISSING'), 'warning'); return; } $parts = explode(':', $user->tokens()->latest()->token); $crypt = $parts[0]; if (!isset($parts[1])) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=verify', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning'); return; } $salt = $parts[1]; $testcrypt = \JUserHelper::getCryptedPassword($token, $salt); // Verify the token if (!($crypt == $testcrypt)) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=verify', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning'); return; } // Make sure the user isn't blocked if ($user->get('block')) { App::redirect(Route::url('index.php?option=' . $this->_option . '&task=verify', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning'); return; } // Push the user data into the session User::setState('com_users.reset.token', $crypt . ':' . $salt); // Everything went well...go to the actual change password page App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), Lang::txt('COM_MEMBERS_CREDENTIALS_TOKEN_CONFIRMED'), 'passed'); }
/** * @since 1.6 */ function processResetConfirm($data) { // Get the form. $form = $this->getResetConfirmForm(); // Check for an error. if ($form instanceof Exception) { return $form; } // Filter and validate the form data. $data = $form->filter($data); $return = $form->validate($data); // Check for an error. if ($return instanceof Exception) { return $return; } // Check the validation results. if ($return === false) { // Get the validation messages from the form. foreach ($form->getErrors() as $message) { $this->setError($message); } return false; } // Get the token and user id from the confirmation process. $app = JFactory::getApplication(); $id = $app->getUserState('com_users.reset.user', null); // Get the user object. $user = User::getInstance($id); $parts = explode(':', $user->activation); $crypt = $parts[0]; if (!isset($parts[1])) { $this->setError(Lang::txt('COM_USERS_USER_NOT_FOUND')); return false; } $salt = $parts[1]; $testcrypt = JUserHelper::getCryptedPassword($data['token'], $salt); // Verify the token if (!($crypt == $testcrypt)) { $this->setError(Lang::txt('COM_USERS_USER_NOT_FOUND')); return false; } // Make sure the user isn't blocked. if ($user->block) { $this->setError(Lang::txt('COM_USERS_USER_BLOCKED')); return false; } // Push the user data into the session. $app = JFactory::getApplication(); $app->setUserState('com_users.reset.token', $crypt . ':' . $salt); return true; }
/** * Method to bind an associative array of data to a user object * * @param array &$array The associative array to bind to the object * * @return boolean True on success * * @since 11.1 */ public function bind(&$array) { // Let's check to see if the user is new or not if (empty($this->id)) { // Check the password and create the crypted password if (empty($array['password'])) { $array['password'] = JUserHelper::genRandomPassword(); $array['password2'] = $array['password']; } // Not all controllers check the password, although they should. // Hence this code is required: if (isset($array['password2']) && $array['password'] != $array['password2']) { $this->setError(JText::_('JLIB_USER_ERROR_PASSWORD_NOT_MATCH')); return false; } $this->password_clear = JArrayHelper::getValue($array, 'password', '', 'string'); $salt = JUserHelper::genRandomPassword(32); $crypt = JUserHelper::getCryptedPassword($array['password'], $salt); $array['password'] = $crypt . ':' . $salt; // Set the registration timestamp $this->set('registerDate', JFactory::getDate()->toSql()); // Check that username is not greater than 150 characters $username = $this->get('username'); if (strlen($username) > 150) { $username = substr($username, 0, 150); $this->set('username', $username); } // Check that password is not greater than 100 characters $password = $this->get('password'); if (strlen($password) > 100) { $password = substr($password, 0, 100); $this->set('password', $password); } } else { // Updating an existing user if (!empty($array['password'])) { if ($array['password'] != $array['password2']) { $this->setError(JText::_('JLIB_USER_ERROR_PASSWORD_NOT_MATCH')); return false; } $this->password_clear = JArrayHelper::getValue($array, 'password', '', 'string'); $salt = JUserHelper::genRandomPassword(32); $crypt = JUserHelper::getCryptedPassword($array['password'], $salt); $array['password'] = $crypt . ':' . $salt; } else { $array['password'] = $this->password; } } if (array_key_exists('params', $array)) { $params = ''; $this->_params->loadArray($array['params']); if (is_array($array['params'])) { $params = (string) $this->_params; } else { $params = $array['params']; } $this->params = $params; } // Bind the array if (!$this->setProperties($array)) { $this->setError(JText::_('JLIB_USER_ERROR_BIND_ARRAY')); return false; } // Make sure its an integer $this->id = (int) $this->id; return true; }
private function getSubscriberUserid($newuser) { $db = JFactory::getDBO(); $config = JFactory::getConfig(); $jlang = JFactory::getLanguage(); $jlang->load('com_users', JPATH_SITE, 'en-GB', true); // Load English (British) $jlang->load('com_users', JPATH_SITE, $jlang->getDefault(), true); // Load the site's default language $jlang->load('com_users', JPATH_SITE, null, true); // Load the currently selected language $query = $db->getQuery(true); $query->select('id'); $query->from('#__users'); $query->where('email = ' . $db->Quote($newuser['email'])); $db->setQuery($query); if ($uid = $db->loadResult()) { return $uid; } else { $uid = 0; JLoader::import('joomla.application.component.helper'); $password_clear = JUserHelper::genRandomPassword(); $salt = JUserHelper::genRandomPassword(32); $crypt = JUserHelper::getCryptedPassword($password_clear, $salt); $usersConfig = JComponentHelper::getParams('com_users'); $defaultUserGroup = $usersConfig->get('new_usertype', 2); $password = "******"; $instance = JUser::getInstance(); $instance->set('id', 0); $instance->set('name', $newuser['name']); $instance->set('username', $newuser['email']); $instance->set('password', $password); $instance->set('password_clear', $password_clear); $instance->set('email', $newuser['email']); $instance->set('usertype', 'deprecated'); $instance->set('groups', array($defaultUserGroup)); // Here is possible set user profile details if ($instance->save()) { $uid = $instance->id; } $data['fromname'] = $config->get('fromname'); $data['mailfrom'] = $config->get('mailfrom'); $data['sitename'] = $config->get('sitename'); $data['siteurl'] = JUri::root(); $data = array_merge($newuser, $data); $emailSubject = JText::sprintf('COM_USERS_EMAIL_ACCOUNT_DETAILS', $data['name'], $data['sitename']); $emailBody = JText::sprintf('COM_USERS_EMAIL_REGISTERED_BODY', $data['name'], $data['sitename'], $data['siteurl'], $data['username'], $password_clear); $return = JFactory::getMailer()->sendMail($data['mailfrom'], $data['fromname'], $data['email'], $emailSubject, $emailBody); if ($uid) { return $uid; } else { return false; } } }