/**
* Remember me method to run onAfterInitialise
* Only purpose is to initialise the login authentication process if a cookie is present
*
* @return void
*
* @since 1.5
* @throws InvalidArgumentException
*/
public function onAfterInitialise()
{
// No remember me for admin.
if ($this->app->isAdmin()) {
return;
}
// Check for a cookie if user is not logged in
if (JFactory::getUser()->get('guest')) {
$cookieName = JUserHelper::getShortHashedUserAgent();
// Check for the cookie
if ($this->app->input->cookie->get($cookieName)) {
$this->app->login(array('username' => ''), array('silent' => true));
}
}
}
/**
* Remember me method to run onAfterInitialise
*
* @return boolean
*
* @since 1.5
* @throws InvalidArgumentException
*/
public function onAfterInitialise()
{
// No remember me for admin
if ($this->app->isAdmin()) {
return false;
}
$user = JFactory::getUser();
$this->app->rememberCookieLifetime = $this->lifetime;
$this->app->rememberCookieSecure = $this->secure;
$this->app->rememberCookieLength = $this->length;
// Check for a cookie
if ($user->get('guest') == 1) {
// Create the cookie name and data
$rememberArray = JUserHelper::getRememberCookieData();
if ($rememberArray !== false) {
if (count($rememberArray) != 3) {
// Destroy the cookie in the browser.
$this->app->input->cookie->set(end($rememberArray), false, time() - 42000, $this->app->get('cookie_path'), $this->app->get('cookie_domain'));
JLog::add('Invalid cookie detected.', JLog::WARNING, 'error');
return false;
}
list($privateKey, $series, $uastring) = $rememberArray;
if (!JUserHelper::clearExpiredTokens($this)) {
JLog::add('Error in deleting expired cookie tokens.', JLog::WARNING, 'error');
}
// Find the matching record if it exists
$query = $this->db->getQuery(true)->select($this->db->quoteName(array('user_id', 'token', 'series', 'time', 'invalid')))->from($this->db->quoteName('#__user_keys'))->where($this->db->quoteName('series') . ' = ' . $this->db->quote(base64_encode($series)))->where($this->db->quoteName('uastring') . ' = ' . $this->db->quote($uastring))->order($this->db->quoteName('time') . ' DESC');
$results = $this->db->setQuery($query)->loadObjectList();
$countResults = count($results);
// We have a user but a cookie that is not in the database, or it is invalid. This is a possible attack, so invalidate everything.
if (($countResults === 0 || $results[0]->invalid != 0) && !empty($results[0]->user_id)) {
JUserHelper::invalidateCookie($results[0]->user_id, $uastring);
JLog::add(JText::sprintf('PLG_SYSTEM_REMEMBER_ERROR_LOG_INVALIDATED_COOKIES', $user->username), JLog::WARNING, 'security');
// Possibly e-mail user and admin here.
return false;
}
// We have a user with one cookie with a valid series and a corresponding record in the database.
if ($countResults === 1) {
if (substr($results[0]->token, 0, 4) === '$2y$') {
if (JCrypt::hasStrongPasswordSupport()) {
$match = password_verify($privateKey, $results[0]->token);
}
} else {
if (JCrypt::timingSafeCompare($results[0]->token, $privateKey)) {
$match = true;
}
}
if (empty($match)) {
JUserHelper::invalidateCookie($results[0]->user_id, $uastring);
JLog::add(JText::sprintf('PLG_SYSTEM_REMEMBER_ERROR_LOG_LOGIN_FAILED', $user->username), JLog::WARNING, 'security');
return false;
}
// Set up the credentials array to pass to onUserAuthenticate
$credentials = array('username' => $results[0]->user_id);
return $this->app->login($credentials, array('silent' => true, 'lifetime' => $this->lifetime, 'secure' => $this->secure, 'length' => $this->length));
}
}
}
return false;
}
/**
* Remember me method to run onAfterInitialise
* Only purpose is to initialise the login authentication process if a cookie is present
*
* @return void
*
* @since 1.5
* @throws InvalidArgumentException
*/
public function onAfterInitialise()
{
// Get the application if not done by JPlugin. This may happen during upgrades from Joomla 2.5.
if (!$this->app) {
$this->app = JFactory::getApplication();
}
// No remember me for admin.
if ($this->app->isAdmin()) {
return;
}
// Check for a cookie if user is not logged in
if (JFactory::getUser()->get('guest')) {
$cookieName = JUserHelper::getShortHashedUserAgent();
// Check for the cookie
if ($this->app->input->cookie->get($cookieName)) {
$this->app->login(array('username' => ''), array('silent' => true));
}
}
}
/**
* Login authentication function
*
* @param array $credentials Array('username' => string, 'password' => string)
* @param array $options Array('remember' => boolean)
*
* @return boolean True on success.
*
* @since 3.2
*/
public function login($credentials, $options = array())
{
// Set the application login entry point
if (!array_key_exists('entry_url', $options)) {
$options['entry_url'] = JUri::base() . 'index.php?option=com_users&task=user.login';
}
// Set the access control action to check.
$options['action'] = 'core.login.site';
return parent::login($credentials, $options);
}
/**
* Login authentication function
*
* @param array $credentials Array('username' => string, 'password' => string)
* @param array $options Array('remember' => boolean)
*
* @return boolean True on success.
*
* @since 3.2
*/
public function login($credentials, $options = array())
{
// The minimum group
$options['group'] = 'Public Backend';
// Make sure users are not auto-registered
$options['autoregister'] = false;
// Set the application login entry point
if (!array_key_exists('entry_url', $options)) {
$options['entry_url'] = JUri::base() . 'index.php?option=com_users&task=login';
}
// Set the access control action to check.
$options['action'] = 'core.login.admin';
$result = parent::login($credentials, $options);
if (!$result instanceof Exception) {
$lang = $this->input->getCmd('lang', 'en-GB');
$lang = preg_replace('/[^A-Z-]/i', '', $lang);
$this->setUserState('application.lang', $lang);
static::purgeMessages();
}
return $result;
}
