/** * Constructor. We use it to set the app and db properties. * * @param object &$subject The object to observe * @param array $config An optional associative array of configuration settings. * Recognized key values include 'name', 'group', 'params', 'language' * (this list is not meant to be comprehensive). * * @since 3.2 */ public function __construct(&$subject, $config = array()) { parent::__construct($subject, $config); // Use domain and path set in config for cookie if it exists. $this->cookie_domain = $this->app->get('cookie_domain', ''); $this->cookie_path = $this->app->get('cookie_path', '/'); $this->lifetime = time() + $this->params->get('cookie_lifetime', '60') * 24 * 60 * 60; $this->secure = $this->app->isSSLConnection(); $this->length = $this->params->get('key_length', '16'); }
/** * We set the authentication cookie only after login is successfullly finished. * We set a new cookie either for a user with no cookies or one * where the user used a cookie to authenticate. * * @param array $options Array holding options * * @return boolean True on success * * @since 3.2 */ public function onUserAfterLogin($options) { // No remember me for admin if ($this->app->isAdmin()) { return false; } if (isset($options['responseType']) && $options['responseType'] == 'Cookie') { // Logged in using a cookie $cookieName = JUserHelper::getShortHashedUserAgent(); // We need the old data to get the existing series $cookieValue = $this->app->input->cookie->get($cookieName); $cookieArray = explode('.', $cookieValue); // Filter series since we're going to use it in the query $filter = new JFilterInput(); $series = $filter->clean($cookieArray[1], 'ALNUM'); } elseif (!empty($options['remember'])) { // Remember checkbox is set $cookieName = JUserHelper::getShortHashedUserAgent(); // Create an unique series which will be used over the lifespan of the cookie $unique = false; do { $series = JUserHelper::genRandomPassword(20); $query = $this->db->getQuery(true)->select($this->db->quoteName('series'))->from($this->db->quoteName('#__user_keys'))->where($this->db->quoteName('series') . ' = ' . $this->db->quote($series)); $results = $this->db->setQuery($query)->loadResult(); if (is_null($results)) { $unique = true; } } while ($unique === false); } else { return false; } // Get the parameter values $lifetime = $this->params->get('cookie_lifetime', '60') * 24 * 60 * 60; $length = $this->params->get('key_length', '16'); // Generate new cookie $token = JUserHelper::genRandomPassword($length); $cookieValue = $token . '.' . $series; // Overwrite existing cookie with new value $this->app->input->cookie->set($cookieName, $cookieValue, time() + $lifetime, $this->app->get('cookie_path', '/'), $this->app->get('cookie_domain'), $this->app->isSSLConnection()); $query = $this->db->getQuery(true); if (!empty($options['remember'])) { // Create new record $query->insert($this->db->quoteName('#__user_keys'))->set($this->db->quoteName('user_id') . ' = ' . $this->db->quote($options['user']->username))->set($this->db->quoteName('series') . ' = ' . $this->db->quote($series))->set($this->db->quoteName('uastring') . ' = ' . $this->db->quote($cookieName))->set($this->db->quoteName('time') . ' = ' . (time() + $lifetime)); } else { // Update existing record with new token $query->update($this->db->quoteName('#__user_keys'))->where($this->db->quoteName('user_id') . ' = ' . $this->db->quote($options['user']->username))->where($this->db->quoteName('series') . ' = ' . $this->db->quote($series))->where($this->db->quoteName('uastring') . ' = ' . $this->db->quote($cookieName)); } $hashed_token = JUserHelper::hashPassword($token); $query->set($this->db->quoteName('token') . ' = ' . $this->db->quote($hashed_token)); $this->db->setQuery($query)->execute(); return true; }
/** * Set the language cookie * * @param string $lang_code The language code for which we want to set the cookie * * @return void * * @since 3.4.2 */ private function setLanguageCookie($lang_code) { // Get the cookie lifetime we want. $cookie_expire = 0; if ($this->params->get('lang_cookie', 1) == 1) { $cookie_expire = time() + 365 * 86400; } // Create a cookie. $cookie_domain = $this->app->get('cookie_domain'); $cookie_path = $this->app->get('cookie_path', '/'); $cookie_secure = $this->app->isSSLConnection(); $this->app->input->cookie->set(JApplicationHelper::getHash('language'), $lang_code, $cookie_expire, $cookie_path, $cookie_domain, $cookie_secure); }
/** * We set the authentication cookie only after login is successfullly finished. * We set a new cookie either for a user with no cookies or one * where the user used a cookie to authenticate. * * @param array $options Array holding options * * @return boolean True on success * * @since 3.2 */ public function onUserAfterLogin($options) { // No remember me for admin if ($this->app->isAdmin()) { return false; } if (isset($options['responseType']) && $options['responseType'] == 'Cookie') { // Logged in using a cookie $cookieName = 'joomla_remember_me_' . JUserHelper::getShortHashedUserAgent(); // We need the old data to get the existing series $cookieValue = $this->app->input->cookie->get($cookieName); // Try with old cookieName (pre 3.6.0) if not found if (!$cookieValue) { $oldCookieName = JUserHelper::getShortHashedUserAgent(); $cookieValue = $this->app->input->cookie->get($oldCookieName); // Destroy the old cookie in the browser $this->app->input->cookie->set($oldCookieName, false, time() - 42000, $this->app->get('cookie_path', '/'), $this->app->get('cookie_domain')); } $cookieArray = explode('.', $cookieValue); // Filter series since we're going to use it in the query $filter = new JFilterInput(); $series = $filter->clean($cookieArray[1], 'ALNUM'); } elseif (!empty($options['remember'])) { // Remember checkbox is set $cookieName = 'joomla_remember_me_' . JUserHelper::getShortHashedUserAgent(); // Create a unique series which will be used over the lifespan of the cookie $unique = false; $errorCount = 0; do { $series = JUserHelper::genRandomPassword(20); $query = $this->db->getQuery(true)->select($this->db->quoteName('series'))->from($this->db->quoteName('#__user_keys'))->where($this->db->quoteName('series') . ' = ' . $this->db->quote($series)); try { $results = $this->db->setQuery($query)->loadResult(); if (is_null($results)) { $unique = true; } } catch (RuntimeException $e) { $errorCount++; // We'll let this query fail up to 5 times before giving up, there's probably a bigger issue at this point if ($errorCount == 5) { return false; } } } while ($unique === false); } else { return false; } // Get the parameter values $lifetime = $this->params->get('cookie_lifetime', '60') * 24 * 60 * 60; $length = $this->params->get('key_length', '16'); // Generate new cookie $token = JUserHelper::genRandomPassword($length); $cookieValue = $token . '.' . $series; // Overwrite existing cookie with new value $this->app->input->cookie->set($cookieName, $cookieValue, time() + $lifetime, $this->app->get('cookie_path', '/'), $this->app->get('cookie_domain'), $this->app->isSSLConnection()); $query = $this->db->getQuery(true); if (!empty($options['remember'])) { // Create new record $query->insert($this->db->quoteName('#__user_keys'))->set($this->db->quoteName('user_id') . ' = ' . $this->db->quote($options['user']->username))->set($this->db->quoteName('series') . ' = ' . $this->db->quote($series))->set($this->db->quoteName('uastring') . ' = ' . $this->db->quote($cookieName))->set($this->db->quoteName('time') . ' = ' . (time() + $lifetime)); } else { // Update existing record with new token $query->update($this->db->quoteName('#__user_keys'))->where($this->db->quoteName('user_id') . ' = ' . $this->db->quote($options['user']->username))->where($this->db->quoteName('series') . ' = ' . $this->db->quote($series))->where($this->db->quoteName('uastring') . ' = ' . $this->db->quote($cookieName)); } $hashed_token = JUserHelper::hashPassword($token); $query->set($this->db->quoteName('token') . ' = ' . $this->db->quote($hashed_token)); try { $this->db->setQuery($query)->execute(); } catch (RuntimeException $e) { return false; } return true; }