function onAfterInitialise()
{
$app = JFactory::getApplication();
// No remember me for admin
if ($app->isAdmin()) {
return;
}
$user = JFactory::getUser();
if ($user->get('guest')) {
jimport('joomla.utilities.utility');
$hash = JUtility::getHash('JLOGIN_REMEMBER');
if ($str = JRequest::getString($hash, '', 'cookie', JREQUEST_ALLOWRAW | JREQUEST_NOTRIM)) {
jimport('joomla.utilities.simplecrypt');
//Create the encryption key, apply extra hardening using the user agent string
$key = JUtility::getHash(@$_SERVER['HTTP_USER_AGENT']);
$crypt = new JSimpleCrypt($key);
$str = $crypt->decrypt($str);
$options = array();
$options['silent'] = true;
if (!$app->login(@unserialize($str), $options)) {
$config = JFactory::getConfig();
$cookie_domain = $config->get('cookie_domain', '');
$cookie_path = $config->get('cookie_path', '/');
// Clear the remember me cookie
setcookie(JUtility::getHash('JLOGIN_REMEMBER'), false, time() - 86400, $cookie_path, $cookie_domain);
}
}
}
}
/**
* Logs in a user.
*
* @param array $user The user as an array
* @param bool $remember Flag to whether remember the user or not
*
* @return bool
*/
public function login(array $user, $remember = false)
{
$session =& JFactory::getSession();
// we fork the session to prevent session fixation issues
$session->fork();
JFactory::getApplication()->_createSession($session->getId());
// Import the user plugin group
JPluginHelper::importPlugin('user');
$options = array();
$results = JFactory::getApplication()->triggerEvent('onLoginUser', array($user, $options));
foreach ($results as $result) {
if ($result instanceof JException || $result instanceof Exception || $result === false) {
return false;
}
}
//if remember is true, create a remember cookie that contains the ecrypted username and password
if ($remember) {
// Set the remember me cookie if enabled
jimport('joomla.utilities.simplecrypt');
jimport('joomla.utilities.utility');
$key = JUtility::getHash(KRequest::get('server.HTTP_USER_AGENT', 'raw'));
if ($key) {
$crypt = new JSimpleCrypt($key);
$cookie = $crypt->encrypt(serialize(array('username' => $user['username'], 'password' => $user['password'])));
$lifetime = time() + 365 * 24 * 3600;
setcookie(JUtility::getHash('JLOGIN_REMEMBER'), $cookie, $lifetime, '/');
}
}
return true;
}
function update($parent)
{
$path = JPATH_ADMINISTRATOR . '/components/com_ganalytics/ganalytics.xml';
$version = null;
if (file_exists($path)) {
$manifest = simplexml_load_file($path);
$version = (string) $manifest->version;
}
if (empty($version)) {
return;
}
if (!empty($version) && version_compare($version, '2.0.0') == -1) {
// profiles table
$this->run("ALTER TABLE `#__ganalytics_profiles` ADD `username` VARCHAR( 255 ) NULL DEFAULT NULL;");
$this->run("ALTER TABLE `#__ganalytics_profiles` ADD `password` text NULL DEFAULT NULL AFTER `username`;");
$username = $this->getParam('username');
if (!empty($username)) {
$this->run("update `#__ganalytics_profiles` set `username`= '" . $username . "';");
}
$password = $this->getParam('password');
if (!empty($password)) {
jimport('joomla.utilities.simplecrypt');
$cryptor = new JSimpleCrypt();
$password = $cryptor->encrypt($password);
$this->run("update `#__ganalytics_profiles` set `password`= '" . $password . "';");
}
// group table
$this->run("CREATE TABLE IF NOT EXISTS`#__ganalytics_stats_groups` (\n\t\t\t\t\t`id` int(11) NOT NULL auto_increment,\n\t\t\t\t\t`name` varchar(100) NOT NULL,\n\t\t\t\t\t`position` int(20) NOT NULL DEFAULT 0,\n\t\t\t\t\t`column_count` int(20) NOT NULL DEFAULT 1,\n\t\t\t\t\tPRIMARY KEY (`id`)\n\t\t\t);");
$this->run("insert into `#__ganalytics_stats_groups` (`name`) select `name` from `#__ganalytics_stats`;");
// stats table
$this->run("ALTER TABLE `#__ganalytics_stats` ADD `group_id` int(11) NOT NULL DEFAULT 1 AFTER `id`;");
$this->run("ALTER TABLE `#__ganalytics_stats` ADD `column` int(20) NOT NULL DEFAULT 0 AFTER `group_id`;");
$this->run("ALTER TABLE `#__ganalytics_stats` ADD `position` int(20) NOT NULL DEFAULT 0 AFTER `column`;");
$this->run("ALTER TABLE `#__ganalytics_stats` ADD `type` varchar(250) NOT NULL DEFAULT 'list' AFTER `position`;");
$this->run("update `#__ganalytics_stats` s set `group_id`= (select `id` from `#__ganalytics_stats_groups` g where s.name = g.name);");
// activate system plugin
$this->run("update #__extensions set enabled=1 where type = 'plugin' and element = 'ganalytics'");
$this->run("update #__extensions set enabled=0 where type = 'plugin' and element = 'ganalyticstrcode'");
// activate admin stats plugin
$this->run("update #__modules set published=1, position='cpanel' where module like 'mod_ganalytics_admin_stats'");
$this->run("insert into #__modules_menu (moduleid) select id as moduleid from #__modules where module like 'mod_ganalytics_admin_stats'");
}
if (!empty($version) && version_compare($version, '2.1.0') == -1) {
foreach (JFolder::files(JPATH_ADMINISTRATOR . DS . 'language', '.*ganalytics.*', true, true) as $file) {
JFile::delete($file);
}
foreach (JFolder::files(JPATH_SITE . DS . 'language', '.*ganalytics.*', true, true) as $file) {
JFile::delete($file);
}
$this->run("ALTER TABLE `#__ganalytics_stats` ADD `filter` varchar(250) DEFAULT NULL AFTER `sort`;");
}
if (!empty($version) && version_compare($version, '3.0.0') == -1) {
$this->run("ALTER TABLE `#__ganalytics_profiles` DROP `username`");
$this->run("ALTER TABLE `#__ganalytics_profiles` CHANGE `password` `token` TEXT NULL DEFAULT NULL");
$this->run("delete from `#__ganalytics_profiles`");
}
}
public function store($updateNulls = false)
{
$oldPassword = $this->password;
if (!empty($oldPassword)) {
$cryptor = new JSimpleCrypt();
$this->password = $cryptor->encrypt($oldPassword);
}
$result = parent::store($updateNulls);
$this->password = $oldPassword;
return $result;
}
function onAfterInitialise()
{
$app = JFactory::getApplication();
// No remember me for admin
if ($app->isAdmin()) {
return;
}
$user = JFactory::getUser();
if ($user->get('guest')) {
jimport('joomla.utilities.utility');
$hash = JUtility::getHash('JLOGIN_REMEMBER');
if ($str = JRequest::getString($hash, '', 'cookie', JREQUEST_ALLOWRAW | JREQUEST_NOTRIM)) {
jimport('joomla.utilities.simplecrypt');
// Create the encryption key, apply extra hardening using the user agent string.
// Since we're decoding, no UA validity check is required.
$key = JUtility::getHash(@$_SERVER['HTTP_USER_AGENT']);
$crypt = new JSimpleCrypt($key);
$str = $crypt->decrypt($str);
$cookieData = @unserialize($str);
// Deserialized cookie could be any object structure, so make sure the
// credentials are well structured and only have user and password.
$credentials = array();
$filter = JFilterInput::getInstance();
$goodCookie = true;
if (is_array($credentials)) {
if (isset($cookieData['username']) && is_string($cookieData['username'])) {
$credentials['username'] = $filter->clean($cookieData['username'], 'username');
} else {
$goodCookie = false;
}
if (isset($cookieData['password']) && is_string($cookieData['password'])) {
$credentials['password'] = $filter->clean($cookieData['password'], 'string');
} else {
$goodCookie = false;
}
} else {
$goodCookie = false;
}
if (!$goodCookie || !$app->login($credentials, array('silent' => true))) {
$config = JFactory::getConfig();
$cookie_domain = $config->get('cookie_domain', '');
$cookie_path = $config->get('cookie_path', '/');
// Clear the remember me cookie
setcookie(JUtility::getHash('JLOGIN_REMEMBER'), false, time() - 86400, $cookie_path, $cookie_domain);
}
}
}
}
/**
* Testing testEncrypt().
*
* @param string $text The text to be encrypted
* @param string $key The key to use
* @param string $expected The expected result of encryption
*
* @return void
* @dataProvider casesEncryption
* @covers JSimpleCrypt::encrypt
*/
public function testEncrypt($text, $key, $expected)
{
$cfg = $this->getMock('JObject', array('get'));
$cfg->expects($this->any())->method('get')->will($this->returnValue(''));
JFactory::$config = $cfg;
$this->object = new JSimpleCrypt($key);
$this->assertThat($this->object->encrypt($text), $this->equalTo($expected));
}
function onAfterInitialise()
{
global $mainframe;
// No remember me for admin
if ($mainframe->isAdmin()) {
return;
}
$user =& JFactory::getUser();
if (!$user->get('gid')) {
jimport('joomla.utilities.utility');
$hash = JUtility::getHash('JLOGIN_REMEMBER');
if ($str = JRequest::getString($hash, '', 'cookie', JREQUEST_ALLOWRAW | JREQUEST_NOTRIM)) {
jimport('joomla.utilities.simplecrypt');
//Create the encryption key, apply extra hardening using the user agent string
$key = JUtility::getHash(@$_SERVER['HTTP_USER_AGENT']);
$crypt = new JSimpleCrypt($key);
$str = $crypt->decrypt($str);
$mainframe->login(unserialize($str));
}
}
}
function onAfterInitialise()
{
global $mainframe;
// No remember me for admin
if ($mainframe->isAdmin()) {
return;
}
$user =& JFactory::getUser();
if (!$user->get('gid')) {
jimport('joomla.utilities.utility');
$hash = JUtility::getHash('JLOGIN_REMEMBER');
if ($str = JRequest::getString($hash, '', 'cookie', JREQUEST_ALLOWRAW | JREQUEST_NOTRIM)) {
jimport('joomla.utilities.simplecrypt');
// Create the encryption key, apply extra hardening using the user agent string
// Since we're decoding, no UA validity check is required.
$key = JUtility::getHash(@$_SERVER['HTTP_USER_AGENT']);
$crypt = new JSimpleCrypt($key);
$str = $crypt->decrypt($str);
$cookieData = @unserialize($str);
// Deserialized cookie could be any object structure, so make sure the
// credentials are well structured and only have user and password.
$credentials = array();
if (!is_array($credentials)) {
return;
}
if (!isset($cookieData['username']) || !is_string($cookieData['username'])) {
return;
}
$credentials['username'] = JFilterInput::clean($cookieData['username'], 'username');
if (!isset($cookieData['password']) || !is_string($cookieData['password'])) {
return;
}
$credentials['password'] = JFilterInput::clean($cookieData['password'], 'string');
if (!$mainframe->login($credentials, array('silent' => true))) {
// Clear the remember me cookie
setcookie(JUtility::getHash('JLOGIN_REMEMBER'), false, time() - 86400, '/');
}
}
}
}
/**
* $$$ hugh - add in any encrypted stuff, in case we fail validation ...
* otherwise it won't be in $data when we rebuild the page.
* Need to do it here, so _raw fields get added in the next chunk 'o' code.
* @param array posted form data passed by reference
* @return null
*/
function addEncrytedVarsToArray(&$post)
{
if (array_key_exists('fabrik_vars', $_REQUEST) && array_key_exists('querystring', $_REQUEST['fabrik_vars'])) {
$groups = $this->getGroupsHiarachy();
$gkeys = array_keys($groups);
jimport('joomla.utilities.simplecrypt');
$crypt = new JSimpleCrypt();
$w = new FabrikWorker();
foreach ($gkeys as $g) {
$groupModel = $groups[$g];
$elementModels = $groupModel->getPublishedElements();
foreach ($elementModels as $elementModel) {
$element = $elementModel->getElement();
foreach ($_REQUEST['fabrik_vars']['querystring'] as $key => $encrypted) {
if ($elementModel->getFullName(false, true, false) == $key) {
// $$$ rob - dont test for !canUse() as confirmation plugin dynamically sets this
if ($elementModel->canView()) {
//if (!$elementModel->canUse() && $elementModel->canView()) {
if (is_array($encrypted)) {
//repeat groups no join
$v = array();
foreach ($encrypted as $e) {
//$$$ rob urldecode when posting from ajax form
$e = urldecode($e);
$e = empty($e) ? '' : $crypt->decrypt($e);
$v[] = $w->parseMessageForPlaceHolder($e, $post);
}
} else {
// $$$ rob urldecode when posting from ajax form
$encrypted = urldecode($encrypted);
$v = empty($encrypted) ? '' : $crypt->decrypt($encrypted);
$v = $w->parseMessageForPlaceHolder($v, $post);
}
$elementModel->_group = $groupModel;
$elementModel->setValuesFromEncryt($post, $key, $v);
// $$ rob set both normal and rawvalues to encrypted - otherwise validate mehtod doenst
//pick up decrypted value
$elementModel->setValuesFromEncryt($post, $key . '_raw', $v);
}
}
}
}
}
}
}
/**
* Login authentication function.
*
* Username and encoded password are passed the onUserLogin event which
* is responsible for the user validation. A successful validation updates
* the current session record with the user's details.
*
* Username and encoded password are sent as credentials (along with other
* possibilities) to each observer (authentication plugin) for user
* validation. Successful validation will update the current session with
* the user details.
*
* @param array $credentials Array('username' => string, 'password' => string)
* @param array $options Array('remember' => boolean)
*
* @return boolean True on success.
*
* @since 11.1
*/
public function login($credentials, $options = array())
{
// Get the global JAuthentication object.
jimport('joomla.user.authentication');
$authenticate = JAuthentication::getInstance();
$response = $authenticate->authenticate($credentials, $options);
if ($response->status === JAuthentication::STATUS_SUCCESS) {
// validate that the user should be able to login (different to being authenticated)
// this permits authentication plugins blocking the user
$authorisations = $authenticate->authorise($response, $options);
foreach ($authorisations as $authorisation) {
$denied_states = array(JAuthentication::STATUS_EXPIRED, JAuthentication::STATUS_DENIED);
if (in_array($authorisation->status, $denied_states)) {
// Trigger onUserAuthorisationFailure Event.
$this->triggerEvent('onUserAuthorisationFailure', array((array) $authorisation));
// If silent is set, just return false.
if (isset($options['silent']) && $options['silent']) {
return false;
}
// Return the error.
switch ($authorisation->status) {
case JAuthentication::STATUS_EXPIRED:
return JError::raiseWarning('102002', JText::_('JLIB_LOGIN_EXPIRED'));
break;
case JAuthentication::STATUS_DENIED:
return JError::raiseWarning('102003', JText::_('JLIB_LOGIN_DENIED'));
break;
default:
return JError::raiseWarning('102004', JText::_('JLIB_LOGIN_AUTHORISATION'));
break;
}
}
}
// Import the user plugin group.
JPluginHelper::importPlugin('user');
// OK, the credentials are authenticated and user is authorised. Lets fire the onLogin event.
$results = $this->triggerEvent('onUserLogin', array((array) $response, $options));
/*
* If any of the user plugins did not successfully complete the login routine
* then the whole method fails.
*
* Any errors raised should be done in the plugin as this provides the ability
* to provide much more information about why the routine may have failed.
*/
if (!in_array(false, $results, true)) {
// Set the remember me cookie if enabled.
if (isset($options['remember']) && $options['remember']) {
jimport('joomla.utilities.simplecrypt');
jimport('joomla.utilities.utility');
// Create the encryption key, apply extra hardening using the user agent string.
$agent = @$_SERVER['HTTP_USER_AGENT'];
// Ignore empty and crackish user agents
if ($agent != '' && $agent != 'JLOGIN_REMEMBER') {
$key = JUtility::getHash($agent);
$crypt = new JSimpleCrypt($key);
$rcookie = $crypt->encrypt(serialize($credentials));
$lifetime = time() + 365 * 24 * 60 * 60;
// Use domain and path set in config for cookie if it exists.
$cookie_domain = $this->getCfg('cookie_domain', '');
$cookie_path = $this->getCfg('cookie_path', '/');
setcookie(JUtility::getHash('JLOGIN_REMEMBER'), $rcookie, $lifetime, $cookie_path, $cookie_domain);
}
}
return true;
}
}
// Trigger onUserLoginFailure Event.
$this->triggerEvent('onUserLoginFailure', array((array) $response));
// If silent is set, just return false.
if (isset($options['silent']) && $options['silent']) {
return false;
}
// If status is success, any error will have been raised by the user plugin
if ($response->status !== JAuthentication::STATUS_SUCCESS) {
JError::raiseWarning('102001', JText::_('JLIB_LOGIN_AUTHENTICATE'));
}
return false;
}
/**
* If an element is set to readonly, and has a default value selected then insert this
* data into the array that is to be bound to the table record
* @since 1.0.6
* @param array data
* @param object to bind to table row
* @param int is record join record
*/
function _addDefaultDataFromRO(&$data, &$oRecord, $isJoin, $rowid)
{
jimport('joomla.utilities.simplecrypt');
// $$$ rob since 1.0.6 : 10 June 08
// get the current record - not that which was posted
$formModel =& $this->getFormModel();
$table =& $this->getTable();
if (is_null($this->_origData)) {
if (empty($rowid)) {
$this->_origData = $origdata = array();
} else {
$sql = $formModel->_buildQuery();
$db =& $this->getDb();
$db->setQuery($sql);
$origdata = $db->loadObject();
$origdata = JArrayHelper::fromObject($origdata);
$origdata = is_array($origdata) ? $origdata : array();
$this->_origData =& $origdata;
}
} else {
$origdata =& $this->_origData;
}
$form =& $formModel->getForm();
$groups =& $formModel->getGroupsHiarachy();
$gcounter = 0;
$repeatGroupCounts = JRequest::getVar('fabrik_repeat_group', array());
foreach ($groups as $groupModel) {
if ($isJoin && $groupModel->isJoin() || !$isJoin && !$groupModel->isJoin()) {
$elementModels =& $groupModel->getPublishedElements();
foreach ($elementModels as $elementModel) {
// $$$ rob 25/02/2011 unviewable elements are now also being encrypted
//if (!$elementModel->canUse() && $elementModel->canView()) {
if (!$elementModel->canUse()) {
$element =& $elementModel->getElement();
$fullkey = $elementModel->getFullName(false, true, false);
$key = $element->name;
// $$$ hugh - allow submission plugins to override RO data
// TODO - test this for joined data
if ($formModel->updatedByPlugin($fullkey)) {
continue;
}
//force a reload of the default value with $origdata
unset($elementModel->defaults);
$default = array();
foreach ($repeatGroupCounts as $groupId => $repeatCount) {
$def = $elementModel->getValue($origdata, $repeatCount);
// $$$ rob 26/04/2011 encodeing done at the end
//if its a dropdown radio etc
/*if (is_array($def)) {
$def = json_encode($def);
}*/
$default[] = $def;
}
$default = count($default) == 1 ? $default[0] : json_encode($default);
$data[$key] = $default;
$oRecord->{$key} = $default;
}
}
}
$gcounter++;
}
$copy = JRequest::getBool('Copy');
//check crypted querystring vars (encrypted in form/view.html.php ) _cryptQueryString
if (array_key_exists('fabrik_vars', $_REQUEST) && array_key_exists('querystring', $_REQUEST['fabrik_vars'])) {
$crypt = new JSimpleCrypt();
foreach ($_REQUEST['fabrik_vars']['querystring'] as $key => $encrypted) {
// $$$ hugh - allow submission plugins to override RO data
// TODO - test this for joined data
if ($formModel->updatedByPlugin($key)) {
continue;
}
$key = FabrikString::shortColName($key);
// $$$ hugh - trying to fix issue where encrypted elements from a main group end up being added to
// a joined group's field list for the update/insert on the joined row(s).
if (!array_key_exists($key, $data)) {
continue;
}
foreach ($groups as $groupModel) {
$elementModels =& $groupModel->getPublishedElements();
foreach ($elementModels as $elementModel) {
$element =& $elementModel->getElement();
if ($element->name == $key) {
//dont overwrite if something has been entered
// $$$ rob 25/02/2011 unviewable elements are now also being encrypted
//if (!$elementModel->canUse() && $elementModel->canView()) {
if (!$elementModel->canUse()) {
//repeat groups no join:
if (is_array($encrypted)) {
$v = array();
foreach ($encrypted as $e) {
$v[] = empty($e) ? '' : $crypt->decrypt($e);
}
$v = json_encode($v);
} else {
$v = !empty($encrypted) ? $crypt->decrypt($encrypted) : '';
}
if ($copy) {
$v = $elementModel->onSaveAsCopy($v);
}
$data[$key] = $v;
$oRecord->{$key} = $v;
}
// $$$ hugh FIXME - is there some reason we don't break out back to the
// main querystring foreach at this point, rather than looping through
// all remaining elements and groups?
}
}
}
}
}
}
/**
* Add in any encrypted stuff, in case we fail validation ...
* otherwise it won't be in $data when we rebuild the page.
* Need to do it here, so _raw fields get added in the next chunk 'o' code.
*
* @param array &$post posted form data passed by reference
*
* @return null
*/
public function addEncrytedVarsToArray(&$post)
{
if (array_key_exists('fabrik_vars', $_REQUEST) && array_key_exists('querystring', $_REQUEST['fabrik_vars'])) {
$groups = $this->getGroupsHiarachy();
$gkeys = array_keys($groups);
jimport('joomla.utilities.simplecrypt');
$crypt = new JSimpleCrypt();
$w = new FabrikWorker();
foreach ($gkeys as $g) {
$groupModel = $groups[$g];
$elementModels = $groupModel->getPublishedElements();
foreach ($elementModels as $elementModel) {
$element = $elementModel->getElement();
foreach ($_REQUEST['fabrik_vars']['querystring'] as $key => $encrypted) {
if ($elementModel->getFullName(false, true, false) == $key) {
/* $$$ rob - dont test for !canUse() as confirmation plugin dynamically sets this
* if ($elementModel->canView())
* $$$ hugh - testing adding non-viewable, non-editable elements to encrypted vars
*/
if (true) {
// Was testing for: if (!$elementModel->canUse() && $elementModel->canView()) {
if (is_array($encrypted)) {
// Repeat groups no join
$v = array();
foreach ($encrypted as $e) {
// $$$ rob urldecode when posting from ajax form
$e = urldecode($e);
$e = empty($e) ? '' : $crypt->decrypt($e);
$e = FabrikWorker::JSONtoData($e);
$v[] = $w->parseMessageForPlaceHolder($e, $post);
}
} else {
// $$$ rob urldecode when posting from ajax form
$encrypted = urldecode($encrypted);
$v = empty($encrypted) ? '' : $crypt->decrypt($encrypted);
/* $$$ hugh - things like elementlist elements (radios, etc) seem to use
* their JSON data for encrypted read only vals, need to decode.
*/
$v = FabrikWorker::JSONtoData($v);
$v = $w->parseMessageForPlaceHolder($v, $post);
}
$elementModel->_group = $groupModel;
$elementModel->setValuesFromEncryt($post, $key, $v);
/* $$ rob set both normal and rawvalues to encrypted - otherwise validate method doenst
* pick up decrypted value
*/
$elementModel->setValuesFromEncryt($post, $key . '_raw', $v);
}
}
}
}
}
}
}
/**
* If an element is set to readonly, and has a default value selected then insert this
* data into the array that is to be bound to the table record
*
* @param array &$data list data
* @param object &$oRecord to bind to table row
* @param int $isJoin is record join record
* @param int $rowid row id
* @param object $joinGroupTable join group table
*
* @since 1.0.6
*
* @return void
*/
function _addDefaultDataFromRO(&$data, &$oRecord, $isJoin, $rowid, $joinGroupTable)
{
jimport('joomla.utilities.simplecrypt');
// $$$ rob since 1.0.6 : 10 June 08
// Get the current record - not that which was posted
$formModel = $this->getFormModel();
$table = $this->getTable();
if (is_null($this->_origData)) {
/* $$$ hugh FIXME - doesn't work for rowid=-1 / usekey submissions,
* ends up querying "WHERE foo.userid = '<rowid>'" instead of <userid>
* OK for now, as we should catch RO data from the encrypted vars check
* later in this method.
*/
if (empty($rowid)) {
$this->_origData = $origdata = array();
} else {
$sql = $formModel->_buildQuery();
$db = $this->getDb();
$db->setQuery($sql);
$origdata = $db->loadObject();
$origdata = JArrayHelper::fromObject($origdata);
$origdata = is_array($origdata) ? $origdata : array();
$this->_origData = $origdata;
}
} else {
$origdata = $this->_origData;
}
$form = $formModel->getForm();
$groups = $formModel->getGroupsHiarachy();
/* $$$ hugh - seems like there's no point in doing this chunk if there is no
$origdata to work with? Not sure if there's ever a valid reason for doing so,
but it certainly breaks things like onCopyRow(), where (for instance) user
elements will get reset to 0 by this code.
*/
if (!empty($origdata)) {
$gcounter = 0;
$repeatGroupCounts = JRequest::getVar('fabrik_repeat_group', array());
foreach ($groups as $groupModel) {
if ($isJoin && $groupModel->isJoin() || !$isJoin && !$groupModel->isJoin()) {
$elementModels = $groupModel->getPublishedElements();
foreach ($elementModels as $elementModel) {
// $$$ rob 25/02/2011 unviewable elements are now also being encrypted
// if (!$elementModel->canUse() && $elementModel->canView()) {
if (!$elementModel->canUse()) {
$element = $elementModel->getElement();
$fullkey = $elementModel->getFullName(false, true, false);
// $$$ rob 24/01/2012 if a previous joined data set had a ro element then if we werent checkign that group is the
// same as the join group then the insert failed as data from other joins added into the current join
if ($isJoin && $groupModel->getId() != $joinGroupTable->id) {
continue;
}
$key = $element->name;
// $$$ hugh - allow submission plugins to override RO data
// TODO - test this for joined data
if ($formModel->updatedByPlugin($fullkey)) {
continue;
}
// Force a reload of the default value with $origdata
unset($elementModel->defaults);
$default = array();
$repeatGroupCount = JArrayHelper::getValue($repeatGroupCounts, $groupModel->getGroup()->id);
for ($repeatCount = 0; $repeatCount < $repeatGroupCount; $repeatCount++) {
$def = $elementModel->getValue($origdata, $repeatCount);
if (is_array($def)) {
// Radio buttons getValue() returns an array already so don't array the array.
$default = $def;
} else {
$default[] = $def;
}
}
$default = count($default) == 1 ? $default[0] : json_encode($default);
$data[$key] = $default;
$oRecord->{$key} = $default;
}
}
}
$gcounter++;
}
}
$copy = JRequest::getBool('Copy');
// Check crypted querystring vars (encrypted in form/view.html.php ) _cryptQueryString
if (array_key_exists('fabrik_vars', $_REQUEST) && array_key_exists('querystring', $_REQUEST['fabrik_vars'])) {
$crypt = new JSimpleCrypt();
foreach ($_REQUEST['fabrik_vars']['querystring'] as $key => $encrypted) {
// $$$ hugh - allow submission plugins to override RO data
// TODO - test this for joined data
if ($formModel->updatedByPlugin($key)) {
continue;
}
$key = FabrikString::shortColName($key);
/* $$$ hugh - trying to fix issue where encrypted elements from a main group end up being added to
* a joined group's field list for the update/insert on the joined row(s).
*/
/*
* $$$ rob - commenting it out as this was stopping data that was not viewable or editable from being included
* in $data. New test added inside foreach loop below
**/
/* if (!array_key_exists($key, $data))
{
continue;
} */
foreach ($groups as $groupModel) {
// New test to replace if (!array_key_exists($key, $data))
// $$$ hugh - this stops elements from joined groups being added to main row, but see 'else'
if ($isJoin) {
if ($groupModel->getGroup()->id != $joinGroupTable->id) {
continue;
}
} else {
// $$$ hugh - need test here if not $isJoin, to stop keys from joined groups being added to main row!
if ($groupModel->isJoin()) {
continue;
}
}
$elementModels = $groupModel->getPublishedElements();
foreach ($elementModels as $elementModel) {
$element = $elementModel->getElement();
// $$$ hugh - I have a feeling this test is a Bad Thing <tm> as it is using short keys, so if two joined groups share the same element name(s) ...
if ($element->name == $key) {
// Don't overwrite if something has been entered
// $$$ rob 25/02/2011 unviewable elements are now also being encrypted
// if (!$elementModel->canUse() && $elementModel->canView()) {
if (!$elementModel->canUse()) {
// Repeat groups no join:
if (is_array($encrypted)) {
$v = array();
foreach ($encrypted as $e) {
$e = urldecode($e);
$v[] = empty($e) ? '' : $crypt->decrypt($e);
}
$v = json_encode($v);
} else {
$encrypted = urldecode($encrypted);
$v = !empty($encrypted) ? $crypt->decrypt($encrypted) : '';
}
/* $$$ hugh - also gets called in storeRow(), not sure if we really need to
* call it here? And if we do, then we should probably be calling onStoreRow
* as well, if $data['fabrik_copy_from_table'] is set? Can't remember why,
* but we differentiate between the two, with onCopyRow being when a row is copied
* using the list plugin, and onSaveAsCopy when the form plugin is used.
*/
if ($copy) {
$v = $elementModel->onSaveAsCopy($v);
}
$data[$key] = $v;
$oRecord->{$key} = $v;
}
break 2;
}
}
}
}
}
}
function onUserLogin($user, $options = array())
{
$mainframe = JFactory::getApplication('site');
if (array_key_exists ('skip_joomdlehooks', $options))
return;
if ($mainframe->isAdmin())
return;
$username = $user['username'];
$moodle_user = JoomdleHelperContent::call_method ("user_id", $username);
// Do nothing if user does not exist in Moodle
if (!$moodle_user)
return;
$comp_params = JComponentHelper::getParams( 'com_joomdle' );
$moodle_url = $comp_params->get( 'MOODLE_URL' );
$redirectless_sso = $comp_params->get( 'redirectless_sso' );
$session = JFactory::getSession();
$token = md5 ($session->getId());
/* Don't log in Moodle if user is blocked */
$user_id = JUserHelper::getUserId($username);
$user_obj = JFactory::getUser($user_id);
if ($user_obj->block)
return;
$app = JFactory::getApplication();
if (JRequest::getVar ('return'))
{
$return = JRequest::getVar ('return');
if (!strncmp ($return, 'B:', 2))
{
/* CB login module */
$login_url = urlencode (base64_decode (substr ($return, 2)));
}
else
{
/* Normal login */
$login_url = urlencode (base64_decode (JRequest::getVar ('return')));
}
}
else if (array_key_exists ('url', $options))
$login_url = urlencode ($options['url']);
else
$login_url = urlencode (JRequest::getUri ());
// Set the remember me cookie if enabled
// as we are redirecting and this would not be executed by Joomla
if (isset($options['remember']) && $options['remember'])
{
jimport('joomla.utilities.simplecrypt');
jimport('joomla.utilities.utility');
//Create the encryption key, apply extra hardening using the user agent string
$key = JApplication::getHash(@$_SERVER['HTTP_USER_AGENT']);
$credentials = array ('username'=>$username, 'password'=>$user['password']);
$crypt = new JSimpleCrypt($key);
$rcookie = $crypt->encrypt(serialize($credentials));
$lifetime = time() + 365*24*60*60;
setcookie( JApplication::getHash('JLOGIN_REMEMBER'), $rcookie, $lifetime, '/' );
}
// Metodo nuevo con cURL
if ($redirectless_sso)
plgUserJoomdlehooks::log_into_moodle ($username, $token);
else // Metodo normal usando redirect
$app->redirect($moodle_url."/auth/joomdle/land.php?username=$username&token=$token&use_wrapper=0&create_user=0&wantsurl=$login_url" );
}
/**
* Write user twitter details to database, encrypting the password
* @param $username
* @param $password
* @return bool
*/
function _saveUserLogin($username, $password)
{
global $mainframe;
$user =& JFactory::getUser();
if ($user->id) {
// make sure there is a logged in user
$key = str_rot13(strrev($user->username));
$crypt = new JSimpleCrypt($key);
$hash = $crypt->encrypt($password);
$btuser =& JTable::getInstance('btuser');
$data = $this->getUser($user->id);
$btuser->id = $data->id;
$btuser->userid = $user->id;
$btuser->username = $username;
$btuser->password = $hash;
return $btuser->save($btuser);
} else {
return false;
}
}
/**
* Remebers handling.
*/
public function onAfterInitialise()
{
global $mainframe;
$viewer = get_viewer();
if (!$viewer->guest() && !$viewer->enabled) {
KService::get('com://site/people.helper.person')->logout();
}
// No remember me for admin
if ($mainframe->isAdmin()) {
return;
}
jimport('joomla.utilities.utility');
jimport('joomla.utilities.simplecrypt');
$user = array();
$remember = JUtility::getHash('JLOGIN_REMEMBER');
// for json requests obtain the username and password from the $_SERVER array
// else if the remember me cookie exists, decrypt and obtain the username and password from it
if ($viewer->guest() && KRequest::has('server.PHP_AUTH_USER') && KRequest::has('server.PHP_AUTH_PW') && KRequest::format() == 'json') {
$user['username'] = KRequest::get('server.PHP_AUTH_USER', 'raw');
$user['password'] = KRequest::get('server.PHP_AUTH_PW', 'raw');
} elseif ($viewer->guest() && isset($_COOKIE[$remember]) && $_COOKIE[$remember] != '') {
$key = JUtility::getHash(KRequest::get('server.HTTP_USER_AGENT', 'raw'));
if ($key) {
$crypt = new JSimpleCrypt($key);
$cookie = $crypt->decrypt($_COOKIE[$remember]);
$user = (array) @unserialize($cookie);
}
} else {
return;
}
if ($viewer->guest() && count($user)) {
try {
jimport('joomla.user.authentication');
$authentication =& JAuthentication::getInstance();
$authResponse = $authentication->authenticate($user, array());
if ($authResponse->status == JAUTHENTICATE_STATUS_SUCCESS) {
KService::get('com://site/people.helper.person')->login($user, true);
}
} catch (RuntimeException $e) {
//only throws exception if we are using JSON format
//otherwise let the current app handle it
if (KRequest::format() == 'json') {
throw $e;
}
}
}
return;
}
protected function _cryptViewOnlyElements(&$aHiddenFields)
{
jimport('joomla.utilities.simplecrypt');
jimport('joomla.utilities.utility');
$crypt = new JSimpleCrypt();
$formModel = $this->getModel();
$fields = array();
foreach ($this->get('readOnlyVals') as $key => $input) {
$repeatGroup = $input['repeatgroup'];
$isJoin = $input['join'];
$input = $input['data'];
// $$$ rob not sure this is correct now as I modified the readOnlyVals structure to contain info about if its in a group
// and it now contains the repeated group data
$input = is_array($input) && array_key_exists('value', $input) ? $input['value'] : $input;
if ($repeatGroup) {
$ar = array();
$input = (array) $input;
foreach ($input as $i) {
if (is_array($i)) {
//elements with sub options in repeat group
$i = json_encode($i);
}
$ar[] = $i;
}
$input = $isJoin ? $ar : json_encode($ar);
} else {
if (is_array($input)) {
//elements with sub options not in repeat group
$input = json_encode($input);
}
}
if (is_array($input)) {
for ($x = 0; $x < count($input); $x++) {
if (trim($input[$x]) !== '') {
$input[$x] = $crypt->encrypt($input[$x]);
}
}
} else {
if (trim($input) !== '') {
$input = $crypt->encrypt($input);
}
}
$key = FabrikString::rtrimword($key, "[]");
// $$$ rob - no dont do below as it will strip out join names join[x][fullname] => join
//$key = preg_replace("/\[(.*)\]/", '', $key);
if (!array_key_exists($key, $fields)) {
$fields[$key] = $input;
} else {
$fields[$key] = (array) $fields[$key];
$fields[$key][] = $input;
}
}
foreach ($fields as $key => $input) {
if (is_array($input)) {
for ($c = 0; $c < count($input); $c++) {
$i = $input[$c];
$aHiddenFields .= "<input type=\"hidden\" name=\"fabrik_vars[querystring][{$key}][{$c}]\" value=\"" . $i . "\" />\n";
}
} else {
$aHiddenFields .= "<input type=\"hidden\" name=\"fabrik_vars[querystring][{$key}]\" value=\"" . $input . "\" />\n";
}
}
}
/**
* Login authentication function.
*
* Username and encoded password are passed the the onLoginUser event which
* is responsible for the user validation. A successful validation updates
* the current session record with the users details.
*
* Username and encoded password are sent as credentials (along with other
* possibilities) to each observer (authentication plugin) for user
* validation. Successful validation will update the current session with
* the user details.
*
* @param array Array( 'username' => string, 'password' => string )
* @param array Array( 'remember' => boolean )
* @return boolean True on success.
* @access public
* @since 1.5
*/
function login($credentials, $options = array())
{
// Get the global JAuthentication object
jimport('joomla.user.authentication');
$authenticate =& JAuthentication::getInstance();
$response = $authenticate->authenticate($credentials, $options);
if ($response->status === JAUTHENTICATE_STATUS_SUCCESS) {
$session =& JFactory::getSession();
// we fork the session to prevent session fixation issues
$session->fork();
$this->_createSession($session->getId());
// Import the user plugin group
JPluginHelper::importPlugin('user');
// OK, the credentials are authenticated. Lets fire the onLogin event
$results = $this->triggerEvent('onLoginUser', array((array) $response, $options));
/*
* If any of the user plugins did not successfully complete the login routine
* then the whole method fails.
*
* Any errors raised should be done in the plugin as this provides the ability
* to provide much more information about why the routine may have failed.
*/
if (!in_array(false, $results, true)) {
// Set the remember me cookie if enabled
if (isset($options['remember']) && $options['remember']) {
jimport('joomla.utilities.simplecrypt');
jimport('joomla.utilities.utility');
//Create the encryption key, apply extra hardening using the user agent string
$agent = @$_SERVER['HTTP_USER_AGENT'];
// Ignore empty and crackish user agents
if ($agent != '' && $agent != 'JLOGIN_REMEMBER') {
$key = JUtility::getHash($agent);
$crypt = new JSimpleCrypt($key);
$rcookie = $crypt->encrypt(serialize($credentials));
$lifetime = time() + 365 * 24 * 60 * 60;
setcookie(JUtility::getHash('JLOGIN_REMEMBER'), $rcookie, $lifetime, '/');
}
}
return true;
}
}
// Trigger onLoginFailure Event
$this->triggerEvent('onLoginFailure', array((array) $response));
// If silent is set, just return false
if (isset($options['silent']) && $options['silent']) {
return false;
}
// Return the error
return JError::raiseWarning('SOME_ERROR_CODE', JText::_('E_LOGIN_AUTHENTICATE'));
}
/**
* Login authentication function.
*
* Username and encoded password are passed the the onUserLogin event which
* is responsible for the user validation. A successful validation updates
* the current session record with the user's details.
*
* Username and encoded password are sent as credentials (along with other
* possibilities) to each observer (authentication plugin) for user
* validation. Successful validation will update the current session with
* the user details.
*
* @param array $credentials Array('username' => string, 'password' => string)
* @param array $options Array('remember' => boolean)
*
* @return boolean True on success.
*
* @since 11.1
*/
public function login($credentials, $options = array())
{
// Get the global JAuthentication object.
jimport('joomla.user.authentication');
$authenticate = JAuthentication::getInstance();
$response = $authenticate->authenticate($credentials, $options);
if ($response->status === JAUTHENTICATE_STATUS_SUCCESS) {
// Import the user plugin group.
JPluginHelper::importPlugin('user');
// OK, the credentials are authenticated. Lets fire the onLogin event.
$results = $this->triggerEvent('onUserLogin', array((array) $response, $options));
/*
* If any of the user plugins did not successfully complete the login routine
* then the whole method fails.
*
* Any errors raised should be done in the plugin as this provides the ability
* to provide much more information about why the routine may have failed.
*/
if (!in_array(false, $results, true)) {
// Set the remember me cookie if enabled.
if (isset($options['remember']) && $options['remember']) {
jimport('joomla.utilities.simplecrypt');
jimport('joomla.utilities.utility');
// Create the encryption key, apply extra hardening using the user agent string.
$key = JUtility::getHash(@$_SERVER['HTTP_USER_AGENT']);
$crypt = new JSimpleCrypt($key);
$rcookie = $crypt->encrypt(serialize($credentials));
$lifetime = time() + 365 * 24 * 60 * 60;
// Use domain and path set in config for cookie if it exists.
$cookie_domain = $this->getCfg('cookie_domain', '');
$cookie_path = $this->getCfg('cookie_path', '/');
setcookie(JUtility::getHash('JLOGIN_REMEMBER'), $rcookie, $lifetime, $cookie_path, $cookie_domain);
}
return true;
}
}
// Trigger onUserLoginFailure Event.
$this->triggerEvent('onUserLoginFailure', array((array) $response));
// If silent is set, just return false.
if (isset($options['silent']) && $options['silent']) {
return false;
}
// If status is success, any error will ahve been raised by the user plugin
if ($response->status !== JAUTHENTICATE_STATUS_SUCCESS) {
JError::raiseWarning('SOME_ERROR_CODE', JText::_('JLIB_LOGIN_AUTHENTICATE'));
}
return false;
}
