/** * Check the strength of the Secret Word for front-end and remote backups. If it is insecure return the reason it * is insecure as a string. If the Secret Word is secure return an empty string. * * @return string */ public function getFrontendSecretWordError() { // Is frontend backup enabled? $febEnabled = Platform::getInstance()->get_platform_configuration_option('frontend_enable', 0) != 0; if (!$febEnabled) { return ''; } $secretWord = Platform::getInstance()->get_platform_configuration_option('frontend_secret_word', ''); try { \Akeeba\Engine\Util\Complexify::isStrongEnough($secretWord); } catch (RuntimeException $e) { // Ah, the current Secret Word is bad. Create a new one if necessary. $session = JFactory::getSession(); $newSecret = $session->get('newSecretWord', null, 'akeeba.cpanel'); if (empty($newSecret)) { $random = new \Akeeba\Engine\Util\RandomValue(); $newSecret = $random->generateString(32); $session->set('newSecretWord', $newSecret, 'akeeba.cpanel'); } return $e->getMessage(); } return ''; }
/** * Reset the Secret Word for front-end and remote backup * * @return void */ public function resetSecretWord() { // CSRF prevention $this->csrfProtection(); $session = $this->container->session; $newSecret = $session->get('newSecretWord', null, 'akeeba.cpanel'); if (empty($newSecret)) { $random = new \Akeeba\Engine\Util\RandomValue(); $newSecret = $random->generateString(32); $session->set('newSecretWord', $newSecret, 'akeeba.cpanel'); } $this->container->params->set('frontend_secret_word', $newSecret); $this->container->params->save(); $msg = JText::sprintf('COM_AKEEBA_CPANEL_MSG_FESECRETWORD_RESET', $newSecret); $url = 'index.php?option=com_akeeba'; $this->setRedirect($url, $msg); }
/** * Reset the Secret Word for front-end and remote backup * * @return void */ public function resetSecretWord() { // CSRF prevention if ($this->csrfProtection) { $this->_csrfProtection(); } $session = JFactory::getSession(); $newSecret = $session->get('newSecretWord', null, 'admintools.cpanel'); if (empty($newSecret)) { $random = new \Akeeba\Engine\Util\RandomValue(); $newSecret = $random->generateString(32); $session->set('newSecretWord', $newSecret, 'admintools.cpanel'); } JLoader::import('joomla.application.component.helper'); $params = JComponentHelper::getParams('com_admintools'); $params->set('frontend_secret_word', $newSecret); $db = F0FPlatform::getInstance()->getDbo(); $sql = $db->getQuery(true)->update($db->qn('#__extensions'))->set($db->qn('params') . ' = ' . $db->q($params->toString('JSON')))->where($db->qn('element') . " = " . $db->q('com_admintools')); try { $db->setQuery($sql)->execute(); $result = true; } catch (Exception $e) { $result = false; } if ($db->getErrorNum()) { $result = false; } $msg = JText::sprintf('COM_ADMINTOOLS_CPANEL_MSG_FESECRETWORD_RESET', $newSecret); $msgType = null; if (!$result) { $msg = JText::_('COM_ADMINTOOLS_CPANEL_ERR_FESECRETWORD_RESET'); $msgType = 'error'; } $url = 'index.php?option=com_admintools'; $this->setRedirect($url, $msg, $msgType); }
/** * Check the strength of the Secret Word for front-end and remote scans. If it is insecure return the reason it * is insecure as a string. If the Secret Word is secure return an empty string. * * @return string */ public function getFrontendSecretWordError() { // Load the Akeeba Engine autoloader define('AKEEBAENGINE', 1); require_once JPATH_ADMINISTRATOR . '/components/com_admintools/engine/Autoloader.php'; // Load the platform \Akeeba\Engine\Platform::addPlatform('filescan', JPATH_ADMINISTRATOR . '/components/com_admintools/platform/Filescan'); // Is frontend backup enabled? $febEnabled = \Akeeba\Engine\Platform::getInstance()->get_platform_configuration_option('frontend_enable', 0) != 0; if (!$febEnabled) { return ''; } $secretWord = \Akeeba\Engine\Platform::getInstance()->get_platform_configuration_option('frontend_secret_word', ''); try { \Akeeba\Engine\Util\Complexify::isStrongEnough($secretWord); } catch (RuntimeException $e) { // Ah, the current Secret Word is bad. Create a new one if necessary. $session = JFactory::getSession(); $newSecret = $session->get('newSecretWord', null, 'admintools.cpanel'); if (empty($newSecret)) { $random = new \Akeeba\Engine\Util\RandomValue(); $newSecret = $random->generateString(32); $session->set('newSecretWord', $newSecret, 'admintools.cpanel'); } return $e->getMessage(); } return ''; }