/** * Remember me method to run onAfterInitialise * Only purpose is to initialise the login authentication process if a cookie is present * * @return void * * @since 1.5 * @throws InvalidArgumentException */ public function onAfterInitialise() { // No remember me for admin. if ($this->app->isAdmin()) { return; } // Check for a cookie if user is not logged in if (JFactory::getUser()->get('guest')) { $cookieName = JUserHelper::getShortHashedUserAgent(); // Check for the cookie if ($this->app->input->cookie->get($cookieName)) { $this->app->login(array('username' => ''), array('silent' => true)); } } }
/** * Remember me method to run onAfterInitialise * * @return boolean * * @since 1.5 * @throws InvalidArgumentException */ public function onAfterInitialise() { // No remember me for admin if ($this->app->isAdmin()) { return false; } $user = JFactory::getUser(); $this->app->rememberCookieLifetime = $this->lifetime; $this->app->rememberCookieSecure = $this->secure; $this->app->rememberCookieLength = $this->length; // Check for a cookie if ($user->get('guest') == 1) { // Create the cookie name and data $rememberArray = JUserHelper::getRememberCookieData(); if ($rememberArray !== false) { if (count($rememberArray) != 3) { // Destroy the cookie in the browser. $this->app->input->cookie->set(end($rememberArray), false, time() - 42000, $this->app->get('cookie_path'), $this->app->get('cookie_domain')); JLog::add('Invalid cookie detected.', JLog::WARNING, 'error'); return false; } list($privateKey, $series, $uastring) = $rememberArray; if (!JUserHelper::clearExpiredTokens($this)) { JLog::add('Error in deleting expired cookie tokens.', JLog::WARNING, 'error'); } // Find the matching record if it exists $query = $this->db->getQuery(true)->select($this->db->quoteName(array('user_id', 'token', 'series', 'time', 'invalid')))->from($this->db->quoteName('#__user_keys'))->where($this->db->quoteName('series') . ' = ' . $this->db->quote(base64_encode($series)))->where($this->db->quoteName('uastring') . ' = ' . $this->db->quote($uastring))->order($this->db->quoteName('time') . ' DESC'); $results = $this->db->setQuery($query)->loadObjectList(); $countResults = count($results); // We have a user but a cookie that is not in the database, or it is invalid. This is a possible attack, so invalidate everything. if (($countResults === 0 || $results[0]->invalid != 0) && !empty($results[0]->user_id)) { JUserHelper::invalidateCookie($results[0]->user_id, $uastring); JLog::add(JText::sprintf('PLG_SYSTEM_REMEMBER_ERROR_LOG_INVALIDATED_COOKIES', $user->username), JLog::WARNING, 'security'); // Possibly e-mail user and admin here. return false; } // We have a user with one cookie with a valid series and a corresponding record in the database. if ($countResults === 1) { if (substr($results[0]->token, 0, 4) === '$2y$') { if (JCrypt::hasStrongPasswordSupport()) { $match = password_verify($privateKey, $results[0]->token); } } else { if (JCrypt::timingSafeCompare($results[0]->token, $privateKey)) { $match = true; } } if (empty($match)) { JUserHelper::invalidateCookie($results[0]->user_id, $uastring); JLog::add(JText::sprintf('PLG_SYSTEM_REMEMBER_ERROR_LOG_LOGIN_FAILED', $user->username), JLog::WARNING, 'security'); return false; } // Set up the credentials array to pass to onUserAuthenticate $credentials = array('username' => $results[0]->user_id); return $this->app->login($credentials, array('silent' => true, 'lifetime' => $this->lifetime, 'secure' => $this->secure, 'length' => $this->length)); } } } return false; }
/** * Remember me method to run onAfterInitialise * Only purpose is to initialise the login authentication process if a cookie is present * * @return void * * @since 1.5 * @throws InvalidArgumentException */ public function onAfterInitialise() { // Get the application if not done by JPlugin. This may happen during upgrades from Joomla 2.5. if (!$this->app) { $this->app = JFactory::getApplication(); } // No remember me for admin. if ($this->app->isAdmin()) { return; } // Check for a cookie if user is not logged in if (JFactory::getUser()->get('guest')) { $cookieName = JUserHelper::getShortHashedUserAgent(); // Check for the cookie if ($this->app->input->cookie->get($cookieName)) { $this->app->login(array('username' => ''), array('silent' => true)); } } }
/** * Login authentication function * * @param array $credentials Array('username' => string, 'password' => string) * @param array $options Array('remember' => boolean) * * @return boolean True on success. * * @since 3.2 */ public function login($credentials, $options = array()) { // Set the application login entry point if (!array_key_exists('entry_url', $options)) { $options['entry_url'] = JUri::base() . 'index.php?option=com_users&task=user.login'; } // Set the access control action to check. $options['action'] = 'core.login.site'; return parent::login($credentials, $options); }
/** * Login authentication function * * @param array $credentials Array('username' => string, 'password' => string) * @param array $options Array('remember' => boolean) * * @return boolean True on success. * * @since 3.2 */ public function login($credentials, $options = array()) { // The minimum group $options['group'] = 'Public Backend'; // Make sure users are not auto-registered $options['autoregister'] = false; // Set the application login entry point if (!array_key_exists('entry_url', $options)) { $options['entry_url'] = JUri::base() . 'index.php?option=com_users&task=login'; } // Set the access control action to check. $options['action'] = 'core.login.admin'; $result = parent::login($credentials, $options); if (!$result instanceof Exception) { $lang = $this->input->getCmd('lang', 'en-GB'); $lang = preg_replace('/[^A-Z-]/i', '', $lang); $this->setUserState('application.lang', $lang); static::purgeMessages(); } return $result; }