/** * Utility method to act on a user after it has been saved. * * This method sends a registration email to new users created in the backend. * * @param array $user Holds the new user data. * @param boolean $isnew True if a new user is stored. * @param boolean $success True if user was succesfully stored in the database. * @param string $msg Message. * * @return void * * @since 1.6 */ public function onUserAfterSave($user, $isnew, $success, $msg) { $mail_to_user = $this->params->get('mail_to_user', 1); if ($isnew) { // TODO: Suck in the frontend registration emails here as well. Job for a rainy day. if ($this->app->isAdmin()) { if ($mail_to_user) { // Load user_joomla plugin language (not done automatically). $lang = JFactory::getLanguage(); $lang->load('plg_user_joomla', JPATH_ADMINISTRATOR); // Compute the mail subject. $emailSubject = JText::sprintf('PLG_USER_JOOMLA_NEW_USER_EMAIL_SUBJECT', $user['name'], $config = $this->app->get('sitename')); // Compute the mail body. $emailBody = JText::sprintf('PLG_USER_JOOMLA_NEW_USER_EMAIL_BODY', $user['name'], $this->app->get('sitename'), JUri::root(), $user['username'], $user['password_clear']); // Assemble the email data...the sexy way! $mail = JFactory::getMailer()->setSender(array($this->app->get('mailfrom'), $this->app->get('fromname')))->addRecipient($user['email'])->setSubject($emailSubject)->setBody($emailBody); if (!$mail->Send()) { $this->app->enqueueMessage(JText::_('JERROR_SENDING_EMAIL'), 'warning'); } } } } else { // Existing user - nothing to do...yet. } }
/** * Listener for the `onAfterInitialise` event * * @return void * * @since 3.5 */ public function onAfterInitialise() { if (!$this->app->isAdmin() || !$this->isAllowedUser()) { return; } if (!$this->isDebugEnabled() && !$this->isUpdateRequired()) { return; } JHtml::_('jquery.framework'); JHtml::script('plg_system_stats/stats.js', false, true, false); }
public function onUserLogout($options) { // No remember me for admin if ($this->app->isAdmin()) { return false; } $cookieName = JUserHelper::getShortHashedUserAgent(); // Check for the cookie if ($this->app->input->cookie->get($cookieName)) { // Make sure authentication group is loaded to process onUserAfterLogout event JPluginHelper::importPlugin('authentication'); } }
/** * Convert links in com_templates to point into Gantry Administrator component. */ public function onAfterRender() { if (!$this->app->isAdmin()) { return; } $document = JFactory::getDocument(); $type = $document->getType(); $option = $this->app->input->getString('option'); $view = $this->app->input->getString('view', 'styles'); $task = $this->app->input->getString('task'); if (in_array($option, ['com_templates', 'com_advancedtemplates']) && $view == 'styles' && !$task && $type == 'html') { $this->styles = $this->getStyles(); $body = preg_replace_callback('/(<a\\s[^>]*href=")([^"]*)("[^>]*>)(.*)(<\\/a>)/siU', array($this, 'appendHtml'), $this->app->getBody()); $this->app->setBody($body); } }
/** * Listener for the `onAfterInitialise` event * * @return void * * @since 3.5 */ public function onAfterInitialise() { if (!$this->app->isAdmin() || !$this->isAllowedUser()) { return; } if (!$this->isDebugEnabled() && !$this->isUpdateRequired()) { return; } if (JUri::getInstance()->getVar("tmpl") === "component") { return; } // Load plugin language files only when needed (ex: they are not needed in site client). $this->loadLanguage(); JHtml::_('jquery.framework'); JHtml::script('plg_system_stats/stats.js', false, true, false); }
/** * This is where we delete any authentication cookie when a user logs out * * @param array $options Array holding options (length, timeToExpiration) * * @return boolean True on success * * @since 3.2 */ public function onUserAfterLogout($options) { // No remember me for admin if ($this->app->isAdmin()) { return false; } $cookieName = 'joomla_remember_me_' . JUserHelper::getShortHashedUserAgent(); $cookieValue = $this->app->input->cookie->get($cookieName); // There are no cookies to delete. if (!$cookieValue) { return true; } $cookieArray = explode('.', $cookieValue); // Filter series since we're going to use it in the query $filter = new JFilterInput(); $series = $filter->clean($cookieArray[1], 'ALNUM'); // Remove the record from the database $query = $this->db->getQuery(true)->delete('#__user_keys')->where($this->db->quoteName('series') . ' = ' . $this->db->quote($series)); try { $this->db->setQuery($query)->execute(); } catch (RuntimeException $e) { // We aren't concerned with errors from this query, carry on } // Destroy the cookie $this->app->input->cookie->set($cookieName, false, time() - 42000, $this->app->get('cookie_path', '/'), $this->app->get('cookie_domain')); return true; }
/** * Remember me method to run onAfterInitialise * * @return boolean * * @since 1.5 * @throws InvalidArgumentException */ public function onAfterInitialise() { // No remember me for admin if ($this->app->isAdmin()) { return false; } $user = JFactory::getUser(); $this->app->rememberCookieLifetime = $this->lifetime; $this->app->rememberCookieSecure = $this->secure; $this->app->rememberCookieLength = $this->length; // Check for a cookie if ($user->get('guest') == 1) { // Create the cookie name and data $rememberArray = JUserHelper::getRememberCookieData(); if ($rememberArray !== false) { if (count($rememberArray) != 3) { // Destroy the cookie in the browser. $this->app->input->cookie->set(end($rememberArray), false, time() - 42000, $this->app->get('cookie_path'), $this->app->get('cookie_domain')); JLog::add('Invalid cookie detected.', JLog::WARNING, 'error'); return false; } list($privateKey, $series, $uastring) = $rememberArray; if (!JUserHelper::clearExpiredTokens($this)) { JLog::add('Error in deleting expired cookie tokens.', JLog::WARNING, 'error'); } // Find the matching record if it exists $query = $this->db->getQuery(true)->select($this->db->quoteName(array('user_id', 'token', 'series', 'time', 'invalid')))->from($this->db->quoteName('#__user_keys'))->where($this->db->quoteName('series') . ' = ' . $this->db->quote(base64_encode($series)))->where($this->db->quoteName('uastring') . ' = ' . $this->db->quote($uastring))->order($this->db->quoteName('time') . ' DESC'); $results = $this->db->setQuery($query)->loadObjectList(); $countResults = count($results); // We have a user but a cookie that is not in the database, or it is invalid. This is a possible attack, so invalidate everything. if (($countResults === 0 || $results[0]->invalid != 0) && !empty($results[0]->user_id)) { JUserHelper::invalidateCookie($results[0]->user_id, $uastring); JLog::add(JText::sprintf('PLG_SYSTEM_REMEMBER_ERROR_LOG_INVALIDATED_COOKIES', $user->username), JLog::WARNING, 'security'); // Possibly e-mail user and admin here. return false; } // We have a user with one cookie with a valid series and a corresponding record in the database. if ($countResults === 1) { if (substr($results[0]->token, 0, 4) === '$2y$') { if (JCrypt::hasStrongPasswordSupport()) { $match = password_verify($privateKey, $results[0]->token); } } else { if (JCrypt::timingSafeCompare($results[0]->token, $privateKey)) { $match = true; } } if (empty($match)) { JUserHelper::invalidateCookie($results[0]->user_id, $uastring); JLog::add(JText::sprintf('PLG_SYSTEM_REMEMBER_ERROR_LOG_LOGIN_FAILED', $user->username), JLog::WARNING, 'security'); return false; } // Set up the credentials array to pass to onUserAuthenticate $credentials = array('username' => $results[0]->user_id); return $this->app->login($credentials, array('silent' => true, 'lifetime' => $this->lifetime, 'secure' => $this->secure, 'length' => $this->length)); } } } return false; }
/** * Dispatch the application. * * @param JApplicationCms $app * * @return string An rendered view from executing the controller. */ public function execute() { $view = $this->app->input->get('view'); if ($view === null) { throw new ControllerResolutionException('No view was specified.'); } $fqcn = __NAMESPACE__ . '\\Controllers\\' . ($this->app->isAdmin() ? 'Admin\\' : '') . ucfirst($view) . 'Controller'; if (!class_exists($fqcn)) { throw new ControllerResolutionException(sprintf('Controller for view (%s) cannot be found.', $view)); } /** @var \Framework\Controllers\AbstractBaseController $controller */ $controller = $this->container->buildObject($fqcn); $controller->setContainer($this->container); $controller->createDefaultModel(); $controller->createDefaultView(); return $controller->execute(); }
/** * Execute the controller. * * @return mixed A rendered view or true * * @since 3.2 */ public function execute() { // Get the document object. $document = JFactory::getDocument(); $componentFolder = $this->input->getWord('option', 'com_config'); if ($this->app->isAdmin()) { $viewName = $this->input->getWord('view', 'application'); } else { $viewName = $this->input->getWord('view', 'config'); } $viewFormat = $document->getType(); $layoutName = $this->input->getWord('layout', 'default'); // Register the layout paths for the view $paths = new SplPriorityQueue(); if ($this->app->isAdmin()) { $paths->insert(JPATH_ADMINISTRATOR . '/components/' . $componentFolder . '/view/' . $viewName . '/tmpl', 1); } else { $paths->insert(JPATH_BASE . '/components/' . $componentFolder . '/view/' . $viewName . '/tmpl', 1); } $viewClass = $this->prefix . 'View' . ucfirst($viewName) . ucfirst($viewFormat); $modelClass = $this->prefix . 'Model' . ucfirst($viewName); if (class_exists($viewClass)) { $model = new $modelClass(); $component = $model->getState()->get('component.option'); // Access check. if (!JFactory::getUser()->authorise('core.admin', $component) && !JFactory::getUser()->authorise('core.options', $component)) { $this->app->enqueueMessage(JText::_('JERROR_ALERTNOAUTHOR'), 'error'); return; } $view = new $viewClass($model, $paths); $view->setLayout($layoutName); // Push document object into the view. $view->document = $document; // Reply for service requests if ($viewFormat == 'json') { return $view->render(); } // Render view. echo $view->render(); } return true; }
/** * Utility method to act on a user after it has been saved. * * This method sends a registration email to new users created in the backend. * * @param array $user Holds the new user data. * @param boolean $isnew True if a new user is stored. * @param boolean $success True if user was successfully stored in the database. * @param string $msg Message. * * @return void * * @since 1.6 */ public function onUserAfterSave($user, $isnew, $success, $msg) { $mail_to_user = $this->params->get('mail_to_user', 1); if ($isnew) { // TODO: Suck in the frontend registration emails here as well. Job for a rainy day. if ($this->app->isAdmin()) { if ($mail_to_user) { $lang = JFactory::getLanguage(); $defaultLocale = $lang->getTag(); /** * Look for user language. Priority: * 1. User frontend language * 2. User backend language */ $userParams = new JRegistry($user['params']); $userLocale = $userParams->get('language', $userParams->get('admin_language', $defaultLocale)); if ($userLocale != $defaultLocale) { $lang->setLanguage($userLocale); } $lang->load('plg_user_joomla', JPATH_ADMINISTRATOR); // Compute the mail subject. $emailSubject = JText::sprintf('PLG_USER_JOOMLA_NEW_USER_EMAIL_SUBJECT', $user['name'], $config = $this->app->get('sitename')); // Compute the mail body. $emailBody = JText::sprintf('PLG_USER_JOOMLA_NEW_USER_EMAIL_BODY', $user['name'], $this->app->get('sitename'), JUri::root(), $user['username'], $user['password_clear']); // Assemble the email data...the sexy way! $mail = JFactory::getMailer()->setSender(array($this->app->get('mailfrom'), $this->app->get('fromname')))->addRecipient($user['email'])->setSubject($emailSubject)->setBody($emailBody); // Set application language back to default if we changed it if ($userLocale != $defaultLocale) { $lang->setLanguage($defaultLocale); } if (!$mail->Send()) { $this->app->enqueueMessage(JText::_('JERROR_SENDING_EMAIL'), 'warning'); } } } } else { // Existing user - nothing to do...yet. } }
/** * Convert links in com_templates to point into Gantry Administrator component. */ public function onAfterRender() { if (!$this->app->isAdmin()) { return; } $document = JFactory::getDocument(); $type = $document->getType(); $option = $this->app->input->getString('option'); $view = $this->app->input->getString('view', 'g5'); $task = $this->app->input->getString('task'); if (in_array($option, array('com_templates', 'com_advancedtemplates')) && ($view == 'g5' || $view == 'styles') && !$task && $type == 'html') { $this->styles = $this->getStyles(); $body = preg_replace_callback('/(<a\\s[^>]*href=")([^"]*)("[^>]*>)(.*)(<\\/a>)/siU', array($this, 'appendHtml'), $this->app->getBody()); $this->app->setBody($body); } if (($option == 'com_modules' || $option == 'com_advancedmodules') && ($view == 'g5' || $view == 'modules' || empty($view)) && $type == 'html') { $db = JFactory::getDBO(); $query = $db->getQuery(true); $query->select('id, title, params'); $query->from('#__modules'); $query->where('module = ' . $db->quote('mod_gantry5_particle')); $db->setQuery($query); $data = $db->loadObjectList(); if (sizeof($data) > 0) { $this->modules = []; $body = $this->app->getBody(); foreach ($data as $module) { $params = json_decode($module->params); $particle = isset($params->particle) ? json_decode($params->particle) : ''; $title = isset($particle->title) ? $particle->title : (isset($particle->particle) ? $particle->particle : ''); $this->modules[$module->id] = $particle; $body = preg_replace_callback('/(<a\\s[^>]*href=")([^"]*)("[^>]*>)(.*)(<\\/a>)/siU', function ($matches) use($title) { return $this->appendHtml($matches, $title); }, $body); } $this->app->setBody($body); } } }
/** * Determine if we use the plugin or not * both location and event criteria have to be match when form plug-in * * @param string $location Location to trigger plugin on * @param string $event Event to trigger plugin on * * @return bool true if we should run the plugin otherwise false */ public function canUse($location = null, $event = null) { $ok = false; $model = $this->getModel(); switch ($location) { case 'front': if (!$this->app->isAdmin()) { $ok = true; } break; case 'back': if ($this->app->isAdmin()) { $ok = true; } break; case 'both': $ok = true; break; } if ($ok) { // $$$ hugh @FIXME - added copyingRow() stuff to form model, need to do it // for list model as well. $k = array_key_exists('origRowId', $model) && isset($model->origRowId) ? 'origRowId' : 'rowId'; switch ($event) { case 'new': if ($model->{$k} != 0) { $ok = isset($model->copyingRow) ? $model->copyingRow() : false; } break; case 'edit': if ($model->{$k} == 0) { /** $$$ hugh - don't think this is right, as it'll return true when it shouldn't. * Think if this row is being copied, then by definition it's not being edited, it's new. * For now, just set $ok to false; * $ok = $ok = isset($model->copyingRow) ? !$model->copyingRow() : false; */ $ok = false; } break; } } return $ok; }
/** * Determines if the message should be displayed * * @return boolean * * @since __DEPLOY_VERSION__ */ private function shouldDisplayMessage() { // Only on admin app if (!$this->app->isAdmin()) { return false; } // Only if authenticated if (JFactory::getUser()->guest) { return false; } // Only on HTML documents if ($this->app->getDocument()->getType() !== 'html') { return false; } // Only on full page requests if ($this->app->input->getCmd('tmpl', 'index') === 'component') { return false; } // Only to com_cpanel if ($this->app->input->get('option') != 'com_cpanel') { return false; } return true; }
/** * Set the List's tab HTML * * @return array Tabs */ public function loadTabs() { $this->tabs = array(); $tabs = $this->getTabCategories(); if (!is_array($tabs) || empty($tabs)) { return $this->tabs; } $package = $this->app->getUserState('com_fabrik.package', 'fabrik'); $listId = $this->getId(); $tabsField = $this->getTabField(); $itemId = FabrikWorker::itemId(); $uri = JURI::getInstance(); $urlBase = $uri->toString(array('path')); $urlBase .= '?option=com_' . $package . '&'; if ($this->app->isAdmin()) { $urlBase .= 'task=list.view&'; } else { $urlBase .= 'view=list&'; } $urlBase .= 'listid=' . $listId . '&resetfilters=1'; $urlEquals = $urlBase . '&' . $tabsField . '=%s'; $urlRange = $urlBase . '&' . $tabsField . '[value][]=%s&' . $tabsField . '[value][]=%s&' . $tabsField . '[condition]=BETWEEN'; $uri = JURI::getInstance(); $thisUri = rawurldecode($uri->toString(array('path', 'query'))); foreach ($tabs as $i => $tabArray) { $row = new stdClass(); list($label, $range) = $tabArray; $row->label = $label; if (is_null($range)) { $row->href = $urlBase; } elseif (!is_array($range)) { $row->href = sprintf($urlEquals, $range); } else { list($low, $high) = $range; $row->href = sprintf($urlEquals, sprintf($urlRange, $low, $high)); } if ($itemId) { $row->href .= '&Itemid=' . $itemId; } $row->id = 'list_tabs_' . $this->getId() . '_' . $i; $row->js = false; $row->class = $thisUri == $row->href ? 'active' : ''; $this->tabs[] = $row; } return $this->tabs; }
/** * This method should handle any authentication and report back to the subject * * @param array $credentials Array holding the user credentials * @param array $options Array of extra options * @param object &$response Authentication response object * * @return boolean * * @since 3.2 */ public function onUserAuthenticate($credentials, $options, &$response) { // No remember me for admin if ($this->app->isAdmin()) { return false; } JLoader::register('JAuthentication', JPATH_LIBRARIES . '/joomla/user/authentication.php'); $response->type = 'Cookie'; // We need to validate the cookie data because there may be no Remember Me plugin to do it. // Create the cookie name and data. $rememberArray = JUserHelper::getRememberCookieData(); if ($rememberArray == false) { return false; } list($privateKey, $series, $uastring) = $rememberArray; // Find the matching record if it exists. $query = $this->db->getQuery(true)->select($this->db->quoteName(array('user_id', 'token', 'series', 'time', 'invalid')))->from($this->db->quoteName('#__user_keys'))->where($this->db->quoteName('series') . ' = ' . $this->db->quote(base64_encode($series)))->where($this->db->quoteName('uastring') . ' = ' . $this->db->quote($uastring))->order($this->db->quoteName('time') . ' DESC'); $results = $this->db->setQuery($query)->loadObjectList(); $countResults = count($results); if ($countResults !== 1) { $response->status = JAuthentication::STATUS_FAILURE; return; } else { if (substr($results[0]->token, 0, 4) === '$2y$') { if (JCrypt::hasStrongPasswordSupport()) { $match = password_verify($privateKey, $results[0]->token); } } else { if (JCrypt::timingSafeCompare($results[0]->token, $privateKey)) { $match = true; } } if (empty($match)) { JUserHelper::invalidateCookie($results[0]->user_id, $uastring); JLog::add(JText::sprintf('PLG_SYSTEM_REMEMBER_ERROR_LOG_LOGIN_FAILED', $user->username), JLog::WARNING, 'security'); $response->status = JAuthentication::STATUS_FAILURE; return false; } } // Set cookie params. if (!empty($options['lifetime']) && !empty($options['length']) && !empty($options['secure'])) { $response->lifetime = $options['lifetime']; $response->length = $options['length']; $response->secure = $options['secure']; } // Make sure there really is a user with this name and get the data for the session. $query = $this->db->getQuery(true)->select($this->db->quoteName(array('id', 'username', 'password')))->from($this->db->quoteName('#__users'))->where($this->db->quoteName('username') . ' = ' . $this->db->quote($credentials['username'])); $result = $this->db->setQuery($query)->loadObject(); if ($result) { // Bring this in line with the rest of the system $user = JUser::getInstance($result->id); $cookieName = JUserHelper::getShortHashedUserAgent(); // If there is no cookie, bail out if (!$this->app->input->cookie->get($cookieName)) { return; } // Set response data. $response->username = $result->username; $response->email = $user->email; $response->fullname = $user->name; $response->password = $result->password; $response->language = $user->getParam('language'); // Set response status. $response->status = JAuthentication::STATUS_SUCCESS; $response->error_message = ''; } else { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::_('JGLOBAL_AUTH_NO_USER'); } }
/** * Listener for the `onAfterInitialise` event * * @return void * * @since 3.5 */ public function onAfterInitialise() { // Only run this in admin if (!$this->app->isAdmin()) { return; } // Do we need to run? Compare the last run timestamp stored in the plugin's options with the current // timestamp. If the difference is greater than the cache timeout we shall not execute again. $now = time(); $last = (int) $this->params->get('lastrun', 0); // 12 hours - 60*60*12 = 43200 if (!defined('PLG_SYSTEM_STATS_DEBUG') && abs($now - $last) < 43200) { return; } // Update last run status $this->params->set('lastrun', $now); $uniqueId = $this->params->get('unique_id', ''); /* * If the unique ID is empty (because we have never submitted a piece of data before or because the refresh button * has been used - generate a new ID and store it in the database for future use. */ if (empty($uniqueId)) { $uniqueId = hash('sha1', JUserHelper::genRandomPassword(28) . time()); $this->params->set('unique_id', $uniqueId); } $query = $this->db->getQuery(true)->update($this->db->quoteName('#__extensions'))->set($this->db->quoteName('params') . ' = ' . $this->db->quote($this->params->toString('JSON')))->where($this->db->quoteName('type') . ' = ' . $this->db->quote('plugin'))->where($this->db->quoteName('folder') . ' = ' . $this->db->quote('system'))->where($this->db->quoteName('element') . ' = ' . $this->db->quote('stats')); try { // Lock the tables to prevent multiple plugin executions causing a race condition $this->db->lockTable('#__extensions'); } catch (Exception $e) { // If we can't lock the tables it's too risky to continue execution return; } try { // Update the plugin parameters $result = $this->db->setQuery($query)->execute(); $this->clearCacheGroups(array('com_plugins'), array(0, 1)); } catch (Exception $exc) { // If we failed to execute $this->db->unlockTables(); $result = false; } try { // Unlock the tables after writing $this->db->unlockTables(); } catch (Exception $e) { // If we can't lock the tables assume we have somehow failed $result = false; } // Abort on failure if (!$result) { return; } $data = array('unique_id' => $uniqueId, 'php_version' => PHP_VERSION, 'db_type' => $this->db->name, 'db_version' => $this->db->getVersion(), 'cms_version' => JVERSION, 'server_os' => php_uname('s') . ' ' . php_uname('r')); // Don't let the request take longer than 2 seconds to avoid page timeout issues try { // Don't let the request take longer than 2 seconds to avoid page timeout issues JHttpFactory::getHttp()->post($this->params->get('url', 'https://developer.joomla.org/stats/submit'), $data, null, 2); } catch (UnexpectedValueException $e) { // There was an error sending stats. Should we do anything? JLog::add('Could not send site statistics to remote server: ' . $e->getMessage(), JLog::WARNING, 'stats'); } catch (RuntimeException $e) { // There was an error connecting to the server or in the post request JLog::add('Could not connect to statistics server: ' . $e->getMessage(), JLog::WARNING, 'stats'); } catch (Exception $e) { // An unexpected error in processing; don't let this failure kill the site JLog::add('Unexpected error connecting to statistics server: ' . $e->getMessage(), JLog::WARNING, 'stats'); } }