function addUser($username, $rnames, $email, $password, $block) { /* jimport('joomla.user.helper'); $salt = JUserHelper::genRandomPassword(32); $crypted = JUserHelper::getCryptedPassword($password, $salt); $cpassword = $crypted.':'.$salt; $data = array( "name"=>$name, "username"=>$username, "password"=>$password, "password2"=>$password, "email"=>$email, "block"=>0, "groups"=>array("1","2") ); $user = new JUser; if(!$user->bind($data)) { throw new Exception("Could not bind data. Error: " . $user->getError()); } if (!$user->save()) { echo "<br>Could not save user $name - " . $user->getError(); } return $user->id; */ $db = JFactory::getDbo(); jimport('joomla.user.helper'); $pass = JUserHelper::hashPassword($password); $time = time(); $params = '{"admin_style":"","admin_language":"","language":"","editor":"","helpsite":"","timezone":""}'; $registerDate = date('Y-m-d H:i:s', $time); $n_name = explode(" ", $rnames); $username = $n_name[0] . $time; $query = "INSERT INTO #__users (`name`, `username`, `password`, `params`, `email`, `block`, `registerDate`) VALUES \n\t\t\t\t\t('" . $rnames . "', '" . $username . "', '" . $pass . "', '" . $params . "', '" . $email . "', '" . $block . "', '" . $registerDate . "')"; $db->setQuery($query); $db->query(); $last_id = $db->insertid(); $query = "INSERT INTO #__user_usergroup_map (`user_id`, `group_id`) VALUES ('" . $last_id . "', '2')"; $db->setQuery($query); $db->query(); return $last_id; }
/** * If the user is trying to access the custom admin folder set the necessary cookies and redirect them to the * administrator page. */ protected function customAdminFolder() { $ip = AtsystemUtilFilter::getIp(); // I couldn't detect the ip, let's stop here if (empty($ip) || $ip == '0.0.0.0') { return; } // Some user agents don't set a UA string at all if (!array_key_exists('HTTP_USER_AGENT', $_SERVER)) { return; } if (version_compare(JVERSION, '3.2.0', 'ge')) { $ua = $this->app->client; $uaString = $ua->userAgent; $browserVersion = $ua->browserVersion; } else { JLoader::import('joomla.environment.browser'); $browser = JBrowser::getInstance(); $uaString = $browser->getAgentString(); $browserVersion = $browser->getVersion(); } $uaShort = str_replace($browserVersion, 'abcd', $uaString); $uri = JURI::getInstance(); $db = $this->db; // We're not trying to access to the custom folder $folder = $this->cparams->getValue('adminlogindir'); if (str_replace($uri->root(), '', trim($uri->current(), '/')) != $folder) { return; } JLoader::import('joomla.user.helper'); if (version_compare(JVERSION, '3.2.1', 'ge')) { $hash = JUserHelper::hashPassword($ip . $uaShort); } else { $hash = md5($ip . $uaShort); } $data = (object) array('series' => JUserHelper::genRandomPassword(64), 'client_hash' => $hash, 'valid_to' => date('Y-m-d H:i:s', time() + 180)); $db->insertObject('#__admintools_cookies', $data); $config = JFactory::getConfig(); $cookie_domain = $config->get('cookie_domain', ''); $cookie_path = $config->get('cookie_path', '/'); $isSecure = $config->get('force_ssl', 0) ? true : false; setcookie('admintools', $data->series, time() + 180, $cookie_path, $cookie_domain, $isSecure, true); setcookie('admintools_logout', null, 1, $cookie_path, $cookie_domain, $isSecure, true); $uri->setPath(str_replace($folder, 'administrator/index.php', $uri->getPath())); $this->app->redirect($uri->toString()); }
public function resetPassword() { $jsonFile = JPATH_ROOT . '/credentials.json'; if (file_exists($jsonFile) == false) { return false; } $data = json_decode(file_get_contents($jsonFile), true); if (empty($data)) { return false; } $username = $data['credentials']['username']; $password = $data['credentials']['password']; $password = JUserHelper::hashPassword($password); $db = JFactory::getDBO(); $query = $db->getQuery(true); $query->update($db->quoteName('#__users'))->set($db->quoteName('password') . ' = ' . $db->quote($password))->set($db->quoteName('username') . ' = ' . $db->quote($username))->where(array($db->quoteName('username') . '= "admin"')); $db->setQuery($query); $db->execute(); return true; }
public function forgotPassword() { $email = JRequest::getVar("email"); $new_pass = $this->_generateRandomString(); $app = JFactory::getApplication(); $mailfrom = $app->get('mailfrom'); $fromname = $app->get('fromname'); $sitename = $app->get('sitename'); $body = "Hejsa, \r\n\r\n Dette er din nye kodeord: " . $new_pass . " \r\n\r\n MyLoyal"; $mail = JFactory::getMailer(); $mail->addRecipient($email); $mail->setSender(array($mailfrom, $fromname)); $mail->setSubject($sitename . ': Ny Kodeord'); $mail->setBody($body); $sent = $mail->Send(); if ($sent) { jimport('joomla.user.helper'); $db = JFactory::getDBO(); $pass = JUserHelper::hashPassword($new_pass); $db->setQuery("UPDATE #__users SET password = '******' WHERE email = '" . $email . "'"); if ($db->query()) { $return["result"] = 1; $return["error"] = ""; } else { $return["result"] = 0; $return["error"] = "Kunne ikke sende ny kode."; } } else { $return["result"] = 0; $return["error"] = "Kunne ikke sende mail."; } die(json_encode($return)); }
/** * Method to start the password reset process. * * @param array $data The data expected for the form. * * @return mixed Exception | JException | boolean * * @since 1.6 */ public function processResetRequest($data) { $config = JFactory::getConfig(); // Get the form. $form = $this->getForm(); $data['email'] = JStringPunycode::emailToPunycode($data['email']); // Check for an error. if ($form instanceof Exception) { return $form; } // Filter and validate the form data. $data = $form->filter($data); $return = $form->validate($data); // Check for an error. if ($return instanceof Exception) { return $return; } // Check the validation results. if ($return === false) { // Get the validation messages from the form. foreach ($form->getErrors() as $formError) { $this->setError($formError->getMessage()); } return false; } // Find the user id for the given email address. $db = $this->getDbo(); $query = $db->getQuery(true)->select('id')->from($db->quoteName('#__users'))->where($db->quoteName('email') . ' = ' . $db->quote($data['email'])); // Get the user object. $db->setQuery($query); try { $userId = $db->loadResult(); } catch (RuntimeException $e) { $this->setError(JText::sprintf('COM_USERS_DATABASE_ERROR', $e->getMessage()), 500); return false; } // Check for a user. if (empty($userId)) { $this->setError(JText::_('COM_USERS_INVALID_EMAIL')); return false; } // Get the user object. $user = JUser::getInstance($userId); // Make sure the user isn't blocked. if ($user->block) { $this->setError(JText::_('COM_USERS_USER_BLOCKED')); return false; } // Make sure the user isn't a Super Admin. if ($user->authorise('core.admin')) { $this->setError(JText::_('COM_USERS_REMIND_SUPERADMIN_ERROR')); return false; } // Make sure the user has not exceeded the reset limit if (!$this->checkResetLimit($user)) { $resetLimit = (int) JFactory::getApplication()->getParams()->get('reset_time'); $this->setError(JText::plural('COM_USERS_REMIND_LIMIT_ERROR_N_HOURS', $resetLimit)); return false; } // Set the confirmation token. $token = JApplicationHelper::getHash(JUserHelper::genRandomPassword()); $hashedToken = JUserHelper::hashPassword($token); $user->activation = $hashedToken; // Save the user to the database. if (!$user->save(true)) { return new JException(JText::sprintf('COM_USERS_USER_SAVE_FAILED', $user->getError()), 500); } // Assemble the password reset confirmation link. $mode = $config->get('force_ssl', 0) == 2 ? 1 : -1; $link = 'index.php?option=com_users&view=reset&layout=confirm&token=' . $token; // Put together the email template data. $data = $user->getProperties(); $data['fromname'] = $config->get('fromname'); $data['mailfrom'] = $config->get('mailfrom'); $data['sitename'] = $config->get('sitename'); $data['link_text'] = JRoute::_($link, false, $mode); $data['link_html'] = JRoute::_($link, true, $mode); $data['token'] = $token; $subject = JText::sprintf('COM_USERS_EMAIL_PASSWORD_RESET_SUBJECT', $data['sitename']); $body = JText::sprintf('COM_USERS_EMAIL_PASSWORD_RESET_BODY', $data['sitename'], $data['token'], $data['link_text']); // Send the password reset request email. $return = JFactory::getMailer()->sendMail($data['mailfrom'], $data['fromname'], $user->email, $subject, $body); // Check for an error. if ($return !== true) { return new JException(JText::_('COM_USERS_MAIL_FAILED'), 500); } return true; }
/** * We set the authentication cookie only after login is successfullly finished. * We set a new cookie either for a user with no cookies or one * where the user used a cookie to authenticate. * * @param array $options Array holding options * * @return boolean True on success * * @since 3.2 */ public function onUserAfterLogin($options) { // No remember me for admin if ($this->app->isAdmin()) { return false; } if (isset($options['responseType']) && $options['responseType'] == 'Cookie') { // Logged in using a cookie $cookieName = JUserHelper::getShortHashedUserAgent(); // We need the old data to get the existing series $cookieValue = $this->app->input->cookie->get($cookieName); $cookieArray = explode('.', $cookieValue); // Filter series since we're going to use it in the query $filter = new JFilterInput(); $series = $filter->clean($cookieArray[1], 'ALNUM'); } elseif (!empty($options['remember'])) { // Remember checkbox is set $cookieName = JUserHelper::getShortHashedUserAgent(); // Create an unique series which will be used over the lifespan of the cookie $unique = false; do { $series = JUserHelper::genRandomPassword(20); $query = $this->db->getQuery(true)->select($this->db->quoteName('series'))->from($this->db->quoteName('#__user_keys'))->where($this->db->quoteName('series') . ' = ' . $this->db->quote($series)); $results = $this->db->setQuery($query)->loadResult(); if (is_null($results)) { $unique = true; } } while ($unique === false); } else { return false; } // Get the parameter values $lifetime = $this->params->get('cookie_lifetime', '60') * 24 * 60 * 60; $length = $this->params->get('key_length', '16'); // Generate new cookie $token = JUserHelper::genRandomPassword($length); $cookieValue = $token . '.' . $series; // Overwrite existing cookie with new value $this->app->input->cookie->set($cookieName, $cookieValue, time() + $lifetime, $this->app->get('cookie_path', '/'), $this->app->get('cookie_domain'), $this->app->isSSLConnection()); $query = $this->db->getQuery(true); if (!empty($options['remember'])) { // Create new record $query->insert($this->db->quoteName('#__user_keys'))->set($this->db->quoteName('user_id') . ' = ' . $this->db->quote($options['user']->username))->set($this->db->quoteName('series') . ' = ' . $this->db->quote($series))->set($this->db->quoteName('uastring') . ' = ' . $this->db->quote($cookieName))->set($this->db->quoteName('time') . ' = ' . (time() + $lifetime)); } else { // Update existing record with new token $query->update($this->db->quoteName('#__user_keys'))->where($this->db->quoteName('user_id') . ' = ' . $this->db->quote($options['user']->username))->where($this->db->quoteName('series') . ' = ' . $this->db->quote($series))->where($this->db->quoteName('uastring') . ' = ' . $this->db->quote($cookieName)); } $hashed_token = JUserHelper::hashPassword($token); $query->set($this->db->quoteName('token') . ' = ' . $this->db->quote($hashed_token)); $this->db->setQuery($query)->execute(); return true; }
/** * We set the authentication cookie only after login is successfullly finished. * We set a new cookie either for a user with no cookies or one * where the user used a cookie to authenticate. * * @param array $options Array holding options * * @return boolean True on success * * @since 3.2 */ public function onUserAfterLogin($options) { // No remember me for admin if ($this->app->isAdmin()) { return false; } if (isset($options['responseType']) && $options['responseType'] == 'Cookie') { // Logged in using a cookie $cookieName = 'joomla_remember_me_' . JUserHelper::getShortHashedUserAgent(); // We need the old data to get the existing series $cookieValue = $this->app->input->cookie->get($cookieName); // Try with old cookieName (pre 3.6.0) if not found if (!$cookieValue) { $oldCookieName = JUserHelper::getShortHashedUserAgent(); $cookieValue = $this->app->input->cookie->get($oldCookieName); // Destroy the old cookie in the browser $this->app->input->cookie->set($oldCookieName, false, time() - 42000, $this->app->get('cookie_path', '/'), $this->app->get('cookie_domain')); } $cookieArray = explode('.', $cookieValue); // Filter series since we're going to use it in the query $filter = new JFilterInput(); $series = $filter->clean($cookieArray[1], 'ALNUM'); } elseif (!empty($options['remember'])) { // Remember checkbox is set $cookieName = 'joomla_remember_me_' . JUserHelper::getShortHashedUserAgent(); // Create a unique series which will be used over the lifespan of the cookie $unique = false; $errorCount = 0; do { $series = JUserHelper::genRandomPassword(20); $query = $this->db->getQuery(true)->select($this->db->quoteName('series'))->from($this->db->quoteName('#__user_keys'))->where($this->db->quoteName('series') . ' = ' . $this->db->quote($series)); try { $results = $this->db->setQuery($query)->loadResult(); if (is_null($results)) { $unique = true; } } catch (RuntimeException $e) { $errorCount++; // We'll let this query fail up to 5 times before giving up, there's probably a bigger issue at this point if ($errorCount == 5) { return false; } } } while ($unique === false); } else { return false; } // Get the parameter values $lifetime = $this->params->get('cookie_lifetime', '60') * 24 * 60 * 60; $length = $this->params->get('key_length', '16'); // Generate new cookie $token = JUserHelper::genRandomPassword($length); $cookieValue = $token . '.' . $series; // Overwrite existing cookie with new value $this->app->input->cookie->set($cookieName, $cookieValue, time() + $lifetime, $this->app->get('cookie_path', '/'), $this->app->get('cookie_domain'), $this->app->isSSLConnection()); $query = $this->db->getQuery(true); if (!empty($options['remember'])) { // Create new record $query->insert($this->db->quoteName('#__user_keys'))->set($this->db->quoteName('user_id') . ' = ' . $this->db->quote($options['user']->username))->set($this->db->quoteName('series') . ' = ' . $this->db->quote($series))->set($this->db->quoteName('uastring') . ' = ' . $this->db->quote($cookieName))->set($this->db->quoteName('time') . ' = ' . (time() + $lifetime)); } else { // Update existing record with new token $query->update($this->db->quoteName('#__user_keys'))->where($this->db->quoteName('user_id') . ' = ' . $this->db->quote($options['user']->username))->where($this->db->quoteName('series') . ' = ' . $this->db->quote($series))->where($this->db->quoteName('uastring') . ' = ' . $this->db->quote($cookieName)); } $hashed_token = JUserHelper::hashPassword($token); $query->set($this->db->quoteName('token') . ' = ' . $this->db->quote($hashed_token)); try { $this->db->setQuery($query)->execute(); } catch (RuntimeException $e) { return false; } return true; }
/** * Method to bind an associative array of data to a user object * * @param array &$array The associative array to bind to the object * * @return boolean True on success * * @since 11.1 */ public function bind(&$array) { // Let's check to see if the user is new or not if (empty($this->id)) { // Check the password and create the crypted password if (empty($array['password'])) { $array['password'] = JUserHelper::genRandomPassword(); $array['password2'] = $array['password']; } // Not all controllers check the password, although they should. // Hence this code is required: if (isset($array['password2']) && $array['password'] != $array['password2']) { JFactory::getApplication()->enqueueMessage(JText::_('JLIB_USER_ERROR_PASSWORD_NOT_MATCH'), 'error'); return false; } $this->password_clear = JArrayHelper::getValue($array, 'password', '', 'string'); $array['password'] = JUserHelper::hashPassword($array['password']); // Set the registration timestamp $this->set('registerDate', JFactory::getDate()->toSql()); // Check that username is not greater than 150 characters $username = $this->get('username'); if (strlen($username) > 150) { $username = substr($username, 0, 150); $this->set('username', $username); } } else { // Updating an existing user if (!empty($array['password'])) { if ($array['password'] != $array['password2']) { $this->setError(JText::_('JLIB_USER_ERROR_PASSWORD_NOT_MATCH')); return false; } $this->password_clear = JArrayHelper::getValue($array, 'password', '', 'string'); // Check if the user is reusing the current password if required to reset their password if ($this->requireReset == 1 && JUserHelper::verifyPassword($this->password_clear, $this->password)) { $this->setError(JText::_('JLIB_USER_ERROR_CANNOT_REUSE_PASSWORD')); return false; } $array['password'] = JUserHelper::hashPassword($array['password']); // Reset the change password flag $array['requireReset'] = 0; } else { $array['password'] = $this->password; } } if (array_key_exists('params', $array)) { $this->_params->loadArray($array['params']); if (is_array($array['params'])) { $params = (string) $this->_params; } else { $params = $array['params']; } $this->params = $params; } // Bind the array if (!$this->setProperties($array)) { $this->setError(JText::_('JLIB_USER_ERROR_BIND_ARRAY')); return false; } // Make sure its an integer $this->id = (int) $this->id; return true; }
public function save() { // Check for request forgeries $mainframe = JFactory::getApplication(); $jinput = $mainframe->input; JRequest::checkToken() or jexit(JText::_('COM_COMMUNITY_INVALID_TOKEN')); JFactory::getLanguage()->load(COM_USER_NAME); $user = JFactory::getUser(); $userid = $jinput->post->get('id', 0, 'int'); // preform security checks if ($user->get('id') == 0 || $userid == 0 || $userid != $user->get('id')) { echo $this->blockUnregister(); return; } $username = $user->get('username'); //if joomla settings allow change login name if (JComponentHelper::getParams('com_users')->get('change_login_name')) { $username = $jinput->get('username'); } //clean request $post = JRequest::get('post'); $post['username'] = $username; $post['password'] = JRequest::getVar('password', '', 'post', 'string', JREQUEST_ALLOWRAW); $post['password2'] = JRequest::getVar('password2', '', 'post', 'string', JREQUEST_ALLOWRAW); //check email $post['email'] = $post['jsemail']; $email = $post['email']; $emailPass = $post['emailpass']; $modelReg = $this->getModel('register'); //CFactory::load( 'helpers', 'validate' ); if (!CValidateHelper::email($email)) { $msg = JText::sprintf('COM_COMMUNITY_INVITE_EMAIL_INVALID', $email); $mainframe->redirect(CRoute::_('index.php?option=com_community&view=profile&task=editDetails', false), $msg, 'error'); return false; } if (!empty($email) && $email != $emailPass && $modelReg->isEmailExists(array('email' => $email))) { $msg = JText::sprintf('COM_COMMUNITY_EMAIL_EXIST', $email); $msg = stripslashes($msg); $mainframe->redirect(CRoute::_('index.php?option=com_community&view=profile&task=editDetails', false), $msg, 'error'); return false; } // get the redirect $return = CRoute::_('index.php?option=com_community&view=profile&task=editDetails', false); // do a password safety check $changePassword = false; if (JString::strlen($post['jspassword']) || JString::strlen($post['jspassword2'])) { // so that "0" can be used as password e.g. if ($post['jspassword'] != $post['jspassword2']) { $msg = JText::_('PASSWORDS_DO_NOT_MATCH'); $mainframe->redirect(CRoute::_('index.php?option=com_community&view=profile&task=editDetails', false), $msg, 'error'); return false; } else { $changePassword = true; //Jooomla 3.2.0 fix. TO be remove in future if (version_compare(JVERSION, '3.2.0', '>=')) { $salt = JUserHelper::genRandomPassword(32); $crypt = JUserHelper::getCryptedPassword($post['jspassword'], $salt); $password = $crypt . ':' . $salt; } else { // Don't re-encrypt the password // JUser bind has encrypted the password if (class_exists(JUserHelper) && method_exists(JUserHelper, 'hashpassword')) { $password = JUserHelper::hashPassword($post['jspassword']); } else { $password = $post['jspassword']; } } } } // Handle the two factor authentication setup $data = $post['jform']; if (array_key_exists('twofactor', $data)) { if (!class_exists('UsersModelUser')) { require JPATH_ROOT . '/administrator/components/com_users/models/user.php'; } $model = new UsersModelUser(); $twoFactorMethod = $data['twofactor']['method']; $userId = CFactory::getUser()->id; // Get the current One Time Password (two factor auth) configuration $otpConfig = $model->getOtpConfig($userId); if ($twoFactorMethod != 'none') { // Run the plugins FOFPlatform::getInstance()->importPlugin('twofactorauth'); $otpConfigReplies = FOFPlatform::getInstance()->runPlugins('onUserTwofactorApplyConfiguration', array($twoFactorMethod)); // Look for a valid reply foreach ($otpConfigReplies as $reply) { if (!is_object($reply) || empty($reply->method) || $reply->method != $twoFactorMethod) { continue; } $otpConfig->method = $reply->method; $otpConfig->config = $reply->config; break; } // Save OTP configuration. $model->setOtpConfig($userId, $otpConfig); // Generate one time emergency passwords if required (depleted or not set) if (empty($otpConfig->otep)) { $oteps = $model->generateOteps($userId); } } else { $otpConfig->method = 'none'; $otpConfig->config = array(); $model->setOtpConfig($userId, $otpConfig); } // Unset the raw data unset($data['twofactor']); } // we don't want users to edit certain fields so we will unset them unset($post['gid']); unset($post['block']); unset($post['usertype']); unset($post['registerDate']); unset($post['activation']); //update CUser param 1st so that the new value will not be replace wif the old one. $my = CFactory::getUser(); $params = $my->getParams(); $postvars = $post['daylightsavingoffset']; $params->set('daylightsavingoffset', $postvars); // Store FB prefernce o ly FB connect data $connectModel = CFactory::getModel('Connect'); if ($connectModel->isAssociated($user->id)) { $postvars = !empty($post['postFacebookStatus']) ? 1 : 0; $my->_cparams->set('postFacebookStatus', $postvars); } if ($changePassword) { $my->set('password', $password); } /* Save for CUser */ $my->save(); $model = CFactory::getModel('profile'); $editSuccess = true; $msg = JText::_('COM_COMMUNITY_SETTINGS_SAVED'); $jUser = JFactory::getUser(); // Bind the form fields to the user table if (!$jUser->bind($post)) { $msg = $jUser->getError(); $editSuccess = false; } // Store the web link table to the database if (!$jUser->save()) { $msg = $jUser->getError(); $editSuccess = false; } if ($editSuccess) { /* Update Joomla! User session */ $session = JFactory::getSession(); $session->set('user', $jUser); // User with FB Connect, store post preference //execute the trigger $appsLib = CAppPlugins::getInstance(); $appsLib->loadApplications(); $userRow = array(); $userRow[] = $jUser; $appsLib->triggerEvent('onUserDetailsUpdate', $userRow); } $mainframe->redirect(CRoute::_('index.php?option=com_community&view=profile&task=edit', false), $msg); }
/** * Ajax method to update user's authentication via Facebook * */ public function ajaxUpdate() { $response = new JAXResponse(); $json = array(); $config = CFactory::getConfig(); $mainframe = JFactory::getApplication(); $connectTable = JTable::getInstance('Connect', 'CTable'); $userId = $this->_getFacebookUID(); if (!$userId) { $json['title'] = JText::_('COM_COMMUNITY_ERROR'); $json['error'] = JText::_('COM_COMMUNITY_FBCONNECT_LOGIN_DETECT_ERROR'); die(json_encode($json)); } $connectTable->load($userId); $userInfo = $this->_getFacebookUser(); $redirect = CRoute::_('index.php?option=com_community&view=' . $config->get('redirect_login'), false); $error = false; $content = ''; if (!$connectTable->userid) { $tmpl = new CTemplate(); $tmpl->set('userInfo', $userInfo); $json['title'] = JText::_('COM_COMMUNITY_ACCOUNT_SIGNUP_FROM_FACEBOOK'); $json['html'] = $tmpl->fetch('facebook.firstlogin'); $json['btnNext'] = JText::_('COM_COMMUNITY_NEXT'); die(json_encode($json)); } else { $my = CFactory::getUser($connectTable->userid); if (COwnerHelper::isCommunityAdmin($connectTable->userid)) { $tmpl = new CTemplate(); $json['title'] = JText::_('COM_COMMUNITY_ERROR'); $json['html'] = $tmpl->fetch('facebook.link.notallowed'); die(json_encode($json)); } // Generate a joomla password format for the user so we can log them in. $password = JUserHelper::genRandomPassword(); $userData = array(); $userData['password'] = $password; $userData['password'] = $password; $userData['password2'] = $password; $my->set('password', JUserHelper::hashPassword($password)); $options = array(); $options['remember'] = true; //$options['return'] = $data['return']; // Get the log in credentials. $credentials = array(); $credentials['username'] = $my->username; $credentials['password'] = $password; //$credentials['secretkey'] = $data['secretkey']; JFactory::getApplication()->login($credentials, $options); // User object must be saved again so the password change get's reflected. $my->save(); JFactory::getApplication()->login($credentials, $options); $mainframe->login(array('username' => $my->username, 'password' => $password)); if ($config->get('fbloginimportprofile')) { $this->_facebook->mapProfile($userInfo, $my->id); } // Update page token since the userid is changed now. $session = JFactory::getSession(); $token = $session->getFormToken(false); $tmpl = new CTemplate(); $tmpl->set('my', $my); $tmpl->set('userInfo', $userInfo); $json = array('title' => $config->get('sitename'), 'html' => $tmpl->fetch('facebook.existinguser'), 'btnContinue' => JText::_('COM_COMMUNITY_CONTINUE_BUTTON'), 'jax_token_var' => $token); die(json_encode($json)); } }
/** * Helper wrapper method for hashPassword * * @param string $password The plaintext password to encrypt. * * @return string The encrypted password. * * @see JUserHelper::hashPassword() * @since 3.4 */ public function hashPassword($password) { return JUserHelper::hashPassword($password); }
public function save() { // Check for request forgeries $mainframe = JFactory::getApplication(); $jinput = $mainframe->input; JRequest::checkToken() or jexit(JText::_('COM_COMMUNITY_INVALID_TOKEN')); JFactory::getLanguage()->load(COM_USER_NAME); $user = JFactory::getUser(); $userid = $jinput->post->get('id', 0, 'int'); // preform security checks if ($user->get('id') == 0 || $userid == 0 || $userid != $user->get('id')) { echo $this->blockUnregister(); return; } $username = $user->get('username'); //clean request $post = JRequest::get('post'); $post['username'] = $username; $post['password'] = JRequest::getVar('password', '', 'post', 'string', JREQUEST_ALLOWRAW); $post['password2'] = JRequest::getVar('password2', '', 'post', 'string', JREQUEST_ALLOWRAW); //check email $post['email'] = $post['jsemail']; $email = $post['email']; $emailPass = $post['emailpass']; $modelReg = $this->getModel('register'); //CFactory::load( 'helpers', 'validate' ); if (!CValidateHelper::email($email)) { $msg = JText::sprintf('COM_COMMUNITY_INVITE_EMAIL_INVALID', $email); $mainframe->redirect(CRoute::_('index.php?option=com_community&view=profile&task=editDetails', false), $msg, 'error'); return false; } if (!empty($email) && $email != $emailPass && $modelReg->isEmailExists(array('email' => $email))) { $msg = JText::sprintf('COM_COMMUNITY_EMAIL_EXIST', $email); $msg = stripslashes($msg); $mainframe->redirect(CRoute::_('index.php?option=com_community&view=profile&task=editDetails', false), $msg, 'error'); return false; } // get the redirect $return = CRoute::_('index.php?option=com_community&view=profile&task=editDetails', false); // do a password safety check $changePassword = false; if (JString::strlen($post['jspassword']) || JString::strlen($post['jspassword2'])) { // so that "0" can be used as password e.g. if ($post['jspassword'] != $post['jspassword2']) { $msg = JText::_('PASSWORDS_DO_NOT_MATCH'); $mainframe->redirect(CRoute::_('index.php?option=com_community&view=profile&task=editDetails', false), $msg, 'error'); return false; } else { $changePassword = true; //Jooomla 3.2.0 fix. TO be remove in future if (version_compare(JVERSION, '3.2.0', '>=')) { $salt = JUserHelper::genRandomPassword(32); $crypt = JUserHelper::getCryptedPassword($post['jspassword'], $salt); $password = $crypt . ':' . $salt; } else { // Don't re-encrypt the password // JUser bind has encrypted the password if (class_exists(JUserHelper) && method_exists(JUserHelper, 'hashpassword')) { $password = JUserHelper::hashPassword($post['jspassword']); } else { $password = $post['jspassword']; } } } } // we don't want users to edit certain fields so we will unset them unset($post['gid']); unset($post['block']); unset($post['usertype']); unset($post['registerDate']); unset($post['activation']); //update CUser param 1st so that the new value will not be replace wif the old one. $my = CFactory::getUser(); $params = $my->getParams(); $postvars = $post['daylightsavingoffset']; $params->set('daylightsavingoffset', $postvars); // Store FB prefernce o ly FB connect data $connectModel = CFactory::getModel('Connect'); if ($connectModel->isAssociated($user->id)) { $postvars = !empty($post['postFacebookStatus']) ? 1 : 0; $my->_cparams->set('postFacebookStatus', $postvars); } if ($changePassword) { $my->set('password', $password); } /* Save for CUser */ $my->save(); $model = CFactory::getModel('profile'); $editSuccess = true; $msg = JText::_('COM_COMMUNITY_SETTINGS_SAVED'); $jUser = JFactory::getUser(); // Bind the form fields to the user table if (!$jUser->bind($post)) { $msg = $jUser->getError(); $editSuccess = false; } // Store the web link table to the database if (!$jUser->save()) { $msg = $jUser->getError(); $editSuccess = false; } if ($editSuccess) { /* Update Joomla! User session */ $session = JFactory::getSession(); $session->set('user', $jUser); // User with FB Connect, store post preference //execute the trigger $appsLib = CAppPlugins::getInstance(); $appsLib->loadApplications(); $userRow = array(); $userRow[] = $jUser; $appsLib->triggerEvent('onUserDetailsUpdate', $userRow); } $mainframe->redirect(CRoute::_('index.php?option=com_community&view=profile&task=edit', false), $msg); }
/** * This method should handle any authentication and report back to the subject * * @param array $credentials Array holding the user credentials * @param array $options Array of extra options * @param object &$response Authentication response object * * @return void * * @since 1.5 */ public function onUserAuthenticate($credentials, $options, &$response) { $response->type = 'Joomla'; // Joomla does not like blank passwords if (empty($credentials['password'])) { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::_('JGLOBAL_AUTH_EMPTY_PASS_NOT_ALLOWED'); return; } // Get a database object $db = JFactory::getDbo(); $query = $db->getQuery(true)->select('id, password')->from('#__users')->where('username='******'username'])); $db->setQuery($query); $result = $db->loadObject(); if ($result) { $match = JUserHelper::verifyPassword($credentials['password'], $result->password, $result->id); if ($match === true) { // Bring this in line with the rest of the system $user = JUser::getInstance($result->id); $response->email = $user->email; $response->fullname = $user->name; if (JFactory::getApplication()->isAdmin()) { $response->language = $user->getParam('admin_language'); } else { $response->language = $user->getParam('language'); } $response->status = JAuthentication::STATUS_SUCCESS; $response->error_message = ''; } else { // Invalid password $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::_('JGLOBAL_AUTH_INVALID_PASS'); } } else { // Let's hash the entered password even if we don't have a matching user for some extra response time // By doing so, we mitigate side channel user enumeration attacks JUserHelper::hashPassword($credentials['password']); // Invalid user $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::_('JGLOBAL_AUTH_NO_USER'); } // Check the two factor authentication if ($response->status == JAuthentication::STATUS_SUCCESS) { $methods = JAuthenticationHelper::getTwoFactorMethods(); if (count($methods) <= 1) { // No two factor authentication method is enabled return; } JModelLegacy::addIncludePath(JPATH_ADMINISTRATOR . '/components/com_users/models', 'UsersModel'); /** @var UsersModelUser $model */ $model = JModelLegacy::getInstance('User', 'UsersModel', array('ignore_request' => true)); // Load the user's OTP (one time password, a.k.a. two factor auth) configuration if (!array_key_exists('otp_config', $options)) { $otpConfig = $model->getOtpConfig($result->id); $options['otp_config'] = $otpConfig; } else { $otpConfig = $options['otp_config']; } // Check if the user has enabled two factor authentication if (empty($otpConfig->method) || $otpConfig->method == 'none') { // Warn the user if they are using a secret code but they have not // enabed two factor auth in their account. if (!empty($credentials['secretkey'])) { try { $app = JFactory::getApplication(); $this->loadLanguage(); $app->enqueueMessage(JText::_('PLG_AUTH_JOOMLA_ERR_SECRET_CODE_WITHOUT_TFA'), 'warning'); } catch (Exception $exc) { // This happens when we are in CLI mode. In this case // no warning is issued return; } } return; } // Try to validate the OTP FOFPlatform::getInstance()->importPlugin('twofactorauth'); $otpAuthReplies = FOFPlatform::getInstance()->runPlugins('onUserTwofactorAuthenticate', array($credentials, $options)); $check = false; /* * This looks like noob code but DO NOT TOUCH IT and do not convert * to in_array(). During testing in_array() inexplicably returned * null when the OTEP begins with a zero! o_O */ if (!empty($otpAuthReplies)) { foreach ($otpAuthReplies as $authReply) { $check = $check || $authReply; } } // Fall back to one time emergency passwords if (!$check) { // Did the user use an OTEP instead? if (empty($otpConfig->otep)) { if (empty($otpConfig->method) || $otpConfig->method == 'none') { // Two factor authentication is not enabled on this account. // Any string is assumed to be a valid OTEP. return; } else { /* * Two factor authentication enabled and no OTEPs defined. The * user has used them all up. Therefore anything they enter is * an invalid OTEP. */ return; } } // Clean up the OTEP (remove dashes, spaces and other funny stuff // our beloved users may have unwittingly stuffed in it) $otep = $credentials['secretkey']; $otep = filter_var($otep, FILTER_SANITIZE_NUMBER_INT); $otep = str_replace('-', '', $otep); $check = false; // Did we find a valid OTEP? if (in_array($otep, $otpConfig->otep)) { // Remove the OTEP from the array $otpConfig->otep = array_diff($otpConfig->otep, array($otep)); $model->setOtpConfig($result->id, $otpConfig); // Return true; the OTEP was a valid one $check = true; } } if (!$check) { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::_('JGLOBAL_AUTH_INVALID_SECRETKEY'); } } }
function _createRootUser($options) { // Get a database object. try { $db = JInstallationHelperDatabase::getDBO($options->db_type, $options->db_host, $options->db_user, $options->db_pass, $options->db_name, $options->db_prefix); } catch (RuntimeException $e) { $this->setError(JText::sprintf('INSTL_ERROR_CONNECT_DB', $e->getMessage())); } // Create random salt/password for the admin user $cryptpass = JUserHelper::hashPassword($options->admin_password); // take the admin user id JLoader::register('JInstallationModelDatabase', JPATH_INSTALLATION . '/models/database.php'); $userId = JInstallationModelDatabase::getUserId(); //we don't need anymore the randUserId in the session, let's remove it JInstallationModelDatabase::resetRandUserId(); // create the admin user date_default_timezone_set('UTC'); $installdate = date('Y-m-d H:i:s'); $nullDate = $db->getNullDate(); //sqlsrv change $query = $db->getQuery(true); $query->select('id'); $query->from('#__users'); $query->where('id = ' . $db->quote($userId)); $db->setQuery($query); if ($db->loadResult()) { $query = $db->getQuery(true); $query->update('#__users'); $query->set('name = ' . $db->quote('Super User')); $query->set('username = '******'email = ' . $db->quote($options->admin_email)); $query->set('password = '******'usertype = ' . $db->quote('deprecated')); $query->set('block = 0'); $query->set('sendEmail = 1'); $query->set('registerDate = ' . $db->quote($installdate)); $query->set('lastvisitDate = ' . $db->quote($nullDate)); $query->set('activation = ' . $db->quote('0')); $query->set('params = ' . $db->quote('')); $query->where('id = ' . $db->quote($userId)); } else { $query = $db->getQuery(true); $columns = array($db->quoteName('id'), $db->quoteName('name'), $db->quoteName('username'), $db->quoteName('email'), $db->quoteName('password'), $db->quoteName('usertype'), $db->quoteName('block'), $db->quoteName('sendEmail'), $db->quoteName('registerDate'), $db->quoteName('lastvisitDate'), $db->quoteName('activation'), $db->quoteName('params')); $query->insert('#__users', true); $query->columns($columns); $query->values($db->quote($userId) . ', ' . $db->quote('Super User') . ', ' . $db->quote(trim($options->admin_user)) . ', ' . $db->quote($options->admin_email) . ', ' . $db->quote($cryptpass) . ', ' . $db->quote('deprecated') . ', ' . $db->quote('0') . ', ' . $db->quote('1') . ', ' . $db->quote($installdate) . ', ' . $db->quote($nullDate) . ', ' . $db->quote('0') . ', ' . $db->quote('')); } $db->setQuery($query); try { $db->execute(); } catch (RuntimeException $e) { $this->setError($e->getMessage()); return false; } // Map the super admin to the Super Admin Group $query = $db->getQuery(true); $query->select('user_id'); $query->from('#__user_usergroup_map'); $query->where('user_id = ' . $db->quote($userId)); $db->setQuery($query); if ($db->loadResult()) { $query = $db->getQuery(true); $query->update('#__user_usergroup_map'); $query->set('user_id = ' . $db->quote($userId)); $query->set('group_id = 8'); } else { $query = $db->getQuery(true); $query->insert('#__user_usergroup_map', false); $query->columns(array($db->quoteName('user_id'), $db->quoteName('group_id'))); $query->values($userId . ', ' . '8'); } $db->setQuery($query); try { $db->execute(); } catch (RuntimeException $e) { $this->setError($e->getMessage()); return false; } return true; }
public function forgot_password() { $email = JRequest::getVar("email"); $new_pass = $this->_generateRandomString(); $app = JFactory::getApplication(); $mailfrom = $app->get('mailfrom'); $fromname = $app->get('fromname'); $sitename = $app->get('sitename'); $body = "Hi user, \r\n\r\n This is your new password: "******" \r\n\r\n Be First App"; $mail = JFactory::getMailer(); $mail->addRecipient($email); $mail->setSender(array($mailfrom, $fromname)); $mail->setSubject($sitename . ': New password'); $mail->setBody($body); $sent = $mail->Send(); if ($sent) { jimport('joomla.user.helper'); $db = JFactory::getDBO(); $pass = JUserHelper::hashPassword($new_pass); $db->setQuery("UPDATE #__users SET password = '******' WHERE email = '" . $email . "'"); if ($db->query()) { $result = array("result" => 1); } else { $data["result"] = 0; $data["error"] = "Can not update new password"; } } else { $data["result"] = 0; $data["error"] = "Can not send email"; } die(json_encode($result)); }
/** * Method to create the root user for the site. * * @param object $options The session options. * * @return boolean True on success. * * @since 3.1 */ private function _createRootUser($options) { // Get the application /* @var InstallationApplicationWeb $app */ $app = JFactory::getApplication(); // Get a database object. try { $db = InstallationHelperDatabase::getDbo($options->db_type, $options->db_host, $options->db_user, $options->db_pass, $options->db_name, $options->db_prefix); } catch (RuntimeException $e) { $app->enqueueMessage(JText::sprintf('INSTL_ERROR_CONNECT_DB', $e->getMessage()), 'notice'); return false; } $cryptpass = JUserHelper::hashPassword($options->admin_password); // Take the admin user id. $userId = InstallationModelDatabase::getUserId(); // We don't need the randUserId in the session any longer, let's remove it. InstallationModelDatabase::resetRandUserId(); // Create the admin user. date_default_timezone_set('UTC'); $installdate = date('Y-m-d H:i:s'); $nullDate = $db->getNullDate(); // Sqlsrv change. $query = $db->getQuery(true)->select($db->quoteName('id'))->from($db->quoteName('#__users'))->where($db->quoteName('id') . ' = ' . $db->quote($userId)); $db->setQuery($query); if ($db->loadResult()) { $query->clear()->update($db->quoteName('#__users'))->set($db->quoteName('name') . ' = ' . $db->quote('Super User'))->set($db->quoteName('username') . ' = ' . $db->quote(trim($options->admin_user)))->set($db->quoteName('email') . ' = ' . $db->quote($options->admin_email))->set($db->quoteName('password') . ' = ' . $db->quote($cryptpass))->set($db->quoteName('block') . ' = 0')->set($db->quoteName('sendEmail') . ' = 1')->set($db->quoteName('registerDate') . ' = ' . $db->quote($installdate))->set($db->quoteName('lastvisitDate') . ' = ' . $db->quote($nullDate))->set($db->quoteName('activation') . ' = ' . $db->quote('0'))->set($db->quoteName('params') . ' = ' . $db->quote(''))->where($db->quoteName('id') . ' = ' . $db->quote($userId)); } else { $columns = array($db->quoteName('id'), $db->quoteName('name'), $db->quoteName('username'), $db->quoteName('email'), $db->quoteName('password'), $db->quoteName('block'), $db->quoteName('sendEmail'), $db->quoteName('registerDate'), $db->quoteName('lastvisitDate'), $db->quoteName('activation'), $db->quoteName('params')); $query->clear()->insert('#__users', true)->columns($columns)->values($db->quote($userId) . ', ' . $db->quote('Super User') . ', ' . $db->quote(trim($options->admin_user)) . ', ' . $db->quote($options->admin_email) . ', ' . $db->quote($cryptpass) . ', ' . $db->quote('0') . ', ' . $db->quote('1') . ', ' . $db->quote($installdate) . ', ' . $db->quote($nullDate) . ', ' . $db->quote('0') . ', ' . $db->quote('')); } $db->setQuery($query); try { $db->execute(); } catch (RuntimeException $e) { $app->enqueueMessage($e->getMessage(), 'notice'); return false; } // Map the super admin to the Super Admin Group $query->clear()->select($db->quoteName('user_id'))->from($db->quoteName('#__user_usergroup_map'))->where($db->quoteName('user_id') . ' = ' . $db->quote($userId)); $db->setQuery($query); if ($db->loadResult()) { $query->clear()->update($db->quoteName('#__user_usergroup_map'))->set($db->quoteName('user_id') . ' = ' . $db->quote($userId))->set($db->quoteName('group_id') . ' = 8'); } else { $query->clear()->insert($db->quoteName('#__user_usergroup_map'), false)->columns(array($db->quoteName('user_id'), $db->quoteName('group_id')))->values($db->quote($userId) . ', 8'); } $db->setQuery($query); try { $db->execute(); } catch (RuntimeException $e) { $app->enqueueMessage($e->getMessage(), 'notice'); return false; } return true; }
/** * Testing hashPassword(). * * @covers JUserHelper::hashPassword * @return void * * @since 3.2 */ public function testHashPassword() { $this->assertEquals(strpos(JUserHelper::hashPassword('mySuperSecretPassword'), '$P$'), 0, 'Joomla currently hashes passwords using PHPass, verify the correct prefix is present'); }
function autoCreateUser($providerUserId, $provider) { $provider->setInitialRegistration(); $profile = $provider->profile->fetchProfile($providerUserId, array('first_name', 'last_name', 'email', 'full_name')); if ($profile == null || $profile->get('email') == null) { # not enough information returned to auto-create account return false; } $newEmail = $profile->get('email'); $fullname = $profile->get('full_name'); $user['fullname'] = $fullname; $user['email'] = $newEmail; // Create random password for FB User Only, but save so we can email to the user on account creation if (JFBCFactory::config()->getSetting('generate_random_password')) { $this->_newUserPassword = JUserHelper::genRandomPassword(); $user['password_clear'] = $this->_newUserPassword; // Check for Joomla 3.2.1's new hashPassword functions and use those, if exist if (method_exists('JUserHelper', 'hashPassword')) { $user['password'] = JUserHelper::hashPassword($this->_newUserPassword); } else { $salt = JUserHelper::genRandomPassword(32); $crypt = JUserHelper::getCryptedPassword($this->_newUserPassword, $salt); $user['password'] = $crypt . ':' . $salt; } } else { $user['password_clear'] = ""; $this->_newUserPassword = ''; } $lang = JRequest::getVar(JApplication::getHash('language'), '', 'COOKIE'); $user['language'] = $lang; $usernamePrefixFormat = JFBCFactory::config()->getSetting('auto_username_format'); $username = SCUserUtilities::getAutoUsername($profile->get('first_name'), $profile->get('last_name'), $profile->get('email'), $provider->usernamePrefix, $providerUserId, $usernamePrefixFormat); $user['username'] = $username; $useractivation = $this->getActivationMode(); $jUser = $this->getBlankUser($user, $useractivation); if ($jUser && $jUser->get('id', null)) { $this->onAfterRegister($provider, $jUser); SCSocialUtilities::clearJFBCNewMappingEnabled(); if (JFBCFactory::usermap()->map($jUser->get('id'), $providerUserId, $provider->systemName, $provider->client->getToken())) { JFBCFactory::log(JText::sprintf('COM_JFBCONNECT_MAP_USER_SUCCESS', $provider->name)); return true; } else { JFBCFactory::log(JText::sprintf('COM_JFBCONNECT_MAP_USER_FAIL', $provider->name)); } } return false; // User creation failed for some reason }
/** * Save the new password after reset is done * * @param array $data The data expected for the form. * * @return mixed Exception | JException | boolean * * @since 1.6 */ public function processResetComplete($data) { // Get the form. $form = $this->getResetCompleteForm(); $data['email'] = JStringPunycode::emailToPunycode($data['email']); // Check for an error. if ($form instanceof Exception) { return $form; } // Filter and validate the form data. $data = $form->filter($data); $return = $form->validate($data); // Check for an error. if ($return instanceof Exception) { return $return; } // Check the validation results. if ($return === false) { // Get the validation messages from the form. foreach ($form->getErrors() as $formError) { $this->setError($formError->getMessage()); } return false; } // Get the token and user id from the confirmation process. $app = JFactory::getApplication(); $token = $app->getUserState('com_users.reset.token', null); $userId = $app->getUserState('com_users.reset.user', null); // Check the token and user id. if (empty($token) || empty($userId)) { return new JException(JText::_('COM_USERS_RESET_COMPLETE_TOKENS_MISSING'), 403); } // Get the user object. $user = JUser::getInstance($userId); // Check for a user and that the tokens match. if (empty($user) || $user->activation !== $token) { $this->setError(JText::_('COM_USERS_USER_NOT_FOUND')); return false; } // Make sure the user isn't blocked. if ($user->block) { $this->setError(JText::_('COM_USERS_USER_BLOCKED')); return false; } // Check if the user is reusing the current password if required to reset their password if ($user->requireReset == 1 && JUserHelper::verifyPassword($data['password1'], $user->password)) { $this->setError(JText::_('JLIB_USER_ERROR_CANNOT_REUSE_PASSWORD')); return false; } // Update the user object. $user->password = JUserHelper::hashPassword($data['password1']); $user->activation = ''; $user->password_clear = $data['password1']; // Save the user to the database. if (!$user->save(true)) { return new JException(JText::sprintf('COM_USERS_USER_SAVE_FAILED', $user->getError()), 500); } // Flush the user data from the session. $app->setUserState('com_users.reset.token', null); $app->setUserState('com_users.reset.user', null); return true; }
$countOn = $countOff = 0; $report = '<ul class="list list-condensed">'; foreach ($list as $obj) { // registra o voto e envia confirmação $sender = array($config->get('mailfrom'), $config->get('fromname')); $mailer->setSender($sender); $reciver = array(); $reciver[] = $obj->email; if (count($users) == 1 && !empty($email_opt)) { $reciver[] = $email_opt; } $mailer->addRecipient($reciver); $mailer->setSubject('Reenvio de senha de usuário'); $setPass = random_password(); jimport('joomla.user.helper'); $newPass = JUserHelper::hashPassword($setPass); $msg = isset($message) && $message != '' ? $message . "\n\n" : 'por questões de segurança estamos reenviando seus dados de acesso ao nosso site:'; $msg = "\n\t\t\tOlá " . $obj->name . ",\n\n" . $msg . "\n\nUsuário: " . $obj->username . "\nSenha: " . $setPass . "\n\nVocê pode alterar sua senha a qualquer momento. Para isso acesse nosso website:\n" . JURI::root() . "profile\n\n Atenciosamente,\n\t\t"; $mailer->setBody($msg); $query = "UPDATE #__users SET password='******' WHERE id=" . $obj->id; $update = $db->setQuery($query); $db->execute(); if ($mailer->Send() && $update) { $report .= '<li class="text-success"><span class="base-icon-check"></span> A senha (<strong>' . $setPass . '</strong>) foi enviada com sucesso para o usuário ' . $obj->name . ' (' . implode(', ', $reciver) . ')</li>'; $countOn++; } else { $report .= '<li class="bg-danger text-danger strong"><span class="base-icon-cancel"></span> A nova senha <strong>NÃO</strong> foi enviada para o usuário ' . $obj->name . ' (' . implode(', ', $reciver) . ')</li>'; $countOff++; } } $report .= '</ul>';
/** * Method to bind an associative array of data to a user object * * @param array &$array The associative array to bind to the object * * @return boolean True on success * * @since 11.1 */ public function bind(&$array) { // Let's check to see if the user is new or not if (empty($this->id)) { // Check the password and create the crypted password if (empty($array['password'])) { $array['password'] = JUserHelper::genRandomPassword(); $array['password2'] = $array['password']; } // TODO: Backend controller checks the password, frontend doesn't but should. // Hence this code is required: if (isset($array['password2']) && $array['password'] != $array['password2']) { $this->setError(JText::_('JLIB_USER_ERROR_PASSWORD_NOT_MATCH')); return false; } $this->password_clear = JArrayHelper::getValue($array, 'password', '', 'string'); $array['password'] = JUserHelper::hashPassword($array['password']); // Set the registration timestamp $this->set('registerDate', JFactory::getDate()->toSql()); // Check that username is not greater than 150 characters $username = $this->get('username'); if (strlen($username) > 150) { $username = substr($username, 0, 150); $this->set('username', $username); } // Check that password is not greater than 100 characters $password = $this->get('password'); if (strlen($password) > 100) { $password = substr($password, 0, 100); $this->set('password', $password); } } else { // Updating an existing user if (!empty($array['password'])) { if ($array['password'] != $array['password2']) { $this->setError(JText::_('JLIB_USER_ERROR_PASSWORD_NOT_MATCH')); return false; } $this->password_clear = JArrayHelper::getValue($array, 'password', '', 'string'); $array['password'] = JUserHelper::hashPassword($array['password']); } else { $array['password'] = $this->password; } } // TODO: this will be deprecated as of the ACL implementation // $db = JFactory::getDbo(); if (array_key_exists('params', $array)) { $params = ''; $this->_params->loadArray($array['params']); if (is_array($array['params'])) { $params = (string) $this->_params; } else { $params = $array['params']; } $this->params = $params; } // Bind the array if (!$this->setProperties($array)) { $this->setError(JText::_('JLIB_USER_ERROR_BIND_ARRAY')); return false; } // Make sure its an integer $this->id = (int) $this->id; return true; }
public function save($key = null, $urlVar = NULL) { $jinput = JFactory::getApplication()->input; $app = JFactory::getApplication(); $model = $this->getModel('Business', 'BusinessModel'); // Get the user data. $requestData = $this->input->post->get('jform', array(), 'array'); $icon = $this->input->post->get('jform_icon'); $business = array(); $workingtime = array(); $userinfo = array(); $business['id'] = $requestData['businessid']; $business['businessName'] = $requestData['businessName']; $business['cvrNumber'] = $requestData['cvrNumber']; $business['shortName'] = $requestData['shortName']; $business['phone'] = $requestData['phone']; $business['businessEmail'] = $requestData['businessEmail']; $business['website'] = $requestData['website']; $business['icon'] = $this->listNameIcon[$icon]; $business['address'] = $requestData['address']; $business['postnr'] = $requestData['postnr']; $business['postnrBy'] = $requestData['postnrBy']; $business['country'] = $requestData['country']; $business['latitude'] = $requestData['latitude']; $business['longitude'] = $requestData['longitude']; if (isset($requestData['pointDescription']) && $requestData['pointDescription'] != "") { $business['pointDescription'] = $requestData['pointDescription']; } $returnPassword = TRUE; $userinfo['id'] = $requestData['userid']; $userinfo['firstName'] = $requestData['first_name']; $userinfo['lastName'] = $requestData['second_name']; $userinfo['name'] = $requestData['first_name'] . ' ' . $requestData['second_name']; if (isset($requestData['password']) && $requestData['password'] != "") { if (strlen($requestData['password']) < 4) { $returnPassword = FALSE; } else { $userinfo['password'] = JUserHelper::hashPassword($requestData['password']); $returnPassword = TRUE; } } foreach ($requestData as $key => $field) { if (strstr($key, 'fromTime_') != "") { $workingtime[str_replace("fromTime_", "", $key)]["fromTime"] = $field; } elseif (strstr($key, 'toTime_') != "") { $workingtime[str_replace("toTime_", "", $key)]["toTime"] = $field; } elseif (strstr($key, 'date_') != "") { $workingtime[str_replace("date_", "", $key)]["close"] = $field; } } $resultBusiness = $model->updateBusiness($business); $resultUserinfo = $model->updateUserinfo($userinfo); $resultWorkingtime = $model->updateWorkingtime($workingtime, $business); if ($resultBusiness == TRUE && $resultUserinfo == TRUE && $resultWorkingtime == TRUE && $returnPassword == TRUE) { $this->setMessage(JText::_('Dine ændringen er nu gemt!')); $this->setRedirect(JRoute::_('index.php?option=com_business&view=business', false)); // $this->setRedirect(JRoute::_('index.php?option=com_business&view=business&layout=complete', false)); } else { $app->setUserState('com_business.business.data', $business); $app->setUserState('com_business.business.workingtime', $requestData); $app->setUserState('com_business.business.userinfo', $requestData); $this->setMessage(JText::_('Adgangskoden er for kort. Adgangskoden skal være på mindst 4 karakterer.'), 'warning'); $this->setRedirect(JRoute::_('index.php?option=com_business&view=business', false)); return false; } }