public function action($request)
{
$db = JFactory::getDBO();
$set = array();
if ($this->settings['activate']) {
$set[] = '`block` = \'0\'';
$set[] = '`activation` = \'\'';
}
$username = $this->getUsername($request);
if (!empty($username)) {
$set[] = '`username` = \'' . $username . '\'';
}
if (!empty($this->settings['password'])) {
$pw = AECToolbox::rewriteEngineRQ($this->settings['password'], $request);
jimport('joomla.user.helper');
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword($pw, $salt);
$password = $crypt . ':' . $salt;
$set[] = '`password` = \'' . $password . '\'';
}
if (!empty($set)) {
$query = 'UPDATE #__users';
$query .= ' SET ' . implode(', ', $set);
$query .= ' WHERE `id` = \'' . (int) $request->metaUser->userid . '\'';
$db->setQuery($query);
$db->query() or die($db->stderr());
$userid = $request->metaUser->userid;
// Reloading metaUser object for other MIs
$request->metaUser = new metaUser($userid);
}
if (!empty($this->settings['set_fields'])) {
$this->setFields($request);
}
}
function ajaxSaveRow()
{
$user = JFactory::getUser();
$id = $user->get('id');
jimport('joomla.mail.helper');
jimport('joomla.user.helper');
global $mainframe;
$db =& JFactory::getDBO();
$varolan = JRequest::getVar('varolan');
$yeni = JRequest::getVar('yeni');
$sql = "select password from jos_users where id={$id}";
$liste = mysql_fetch_array(mysql_query($sql));
$parts = explode(":", $liste[password]);
$crypt = $parts[0];
$salt = @$parts[1];
$testcrypt = JUserHelper::getCryptedPassword($varolan, $salt);
if ($crypt == $testcrypt) {
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword($yeni, $salt);
$password = $crypt . ':' . $salt;
$query = 'UPDATE #__users' . ' SET `password` = "' . $password . '"' . ' WHERE id = ' . (int) $id . ' AND block = 0';
$db->setQuery($query);
$db->query();
echo "<p align=center>Şifreniz başarıyla değiştirildi.</p>";
} else {
echo "<p align=center>Geçerli şifreniz yanlış.</p><p align=center><a href='index.php?option=com_user&view=changepass'>Yeniden deneyiniz</a></p>";
}
}
public function addTempUser($data)
{
$db =& $this->getDBO();
//get current session id.
$mySess =& JFactory::getSession();
$token = $mySess->get('JS_REG_TOKEN', '');
$nowDate = JFactory::getDate();
$nowDate = $nowDate->toMysql();
// Combine firsname and last name as full name
if (empty($data['jsname'])) {
$data['jsname'] = $data['jsfirstname'] . ' ' . $data['jslastname'];
}
$obj = new stdClass();
$obj->name = $data['jsname'];
$obj->firstname = isset($data['jsfirstname']) ? $data['jsfirstname'] : '';
$obj->lastname = isset($data['jslastname']) ? $data['jslastname'] : '';
$obj->token = $token;
$obj->username = $data['jsusername'];
$obj->email = $data['jsemail'];
$obj->password = $data['jspassword'];
$obj->created = $nowDate;
$obj->ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
// no clear text password store in db
jimport('joomla.user.helper');
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword($obj->password, $salt);
$obj->password = $crypt . ':' . $salt;
$db->insertObject('#__community_register', $obj);
if ($db->getErrorNum()) {
JError::raiseError(500, $db->stderr());
}
$this->return_value[__FUNCTION__] = true;
return $this;
}
/**
* Generate token here to standardize the token generation
* @condition if the userId is provided it will be assign to the user directly
* @see assignToken()
* @return String generated token
*/
public function generateToken()
{
$salt = JUserHelper::genRandomPassword(20);
$crypt = JUserHelper::getCryptedPassword(rand(), $salt);
$token = $crypt . ':' . $salt;
return $token;
}
function onAuthenticate($credentials, $options, &$response)
{
jimport('joomla.user.helper');
if (empty($credentials['password'])) {
$response->status = JAUTHENTICATE_STATUS_FAILURE;
$response->error_message = 'Empty password not allowed';
return false;
}
$db =& JFactory::getDBO();
$sql = 'SELECT `id`, `password`, `gid` FROM `#__users` WHERE payroll=' . $db->Quote($credentials['username']);
$db->setQuery($sql);
$result = $db->loadObject();
if ($result) {
$parts = explode(':', $result->password);
$crypt = $parts[0];
$salt = @$parts[1];
$testcrypt = JUserHelper::getCryptedPassword($credentials['password'], $salt);
if ($crypt == $testcrypt) {
$user = JUser::getInstance($result->id);
// Bring this in line with the rest of the system
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
$response->status = JAUTHENTICATE_STATUS_SUCCESS;
$response->error_message = '';
} else {
$response->status = JAUTHENTICATE_STATUS_FAILURE;
$response->error_message = 'Invalid password';
}
} else {
$response->status = JAUTHENTICATE_STATUS_FAILURE;
$response->error_message = 'User does not exist';
}
}
function simple_registration($username, $password, $name, $email, $defaultUserGroups = array(2))
{
//Default group 2=registered
$result = array('error', 'message');
$usersConfig =& JComponentHelper::getParams('com_users');
if ($usersConfig->get('allowUserRegistration') == '1') {
//PASSWORD
$salt = JUserHelper::genRandomPassword(32);
$password_clear = $password;
$crypted = JUserHelper::getCryptedPassword($password_clear, $salt);
$password = $crypted . ':' . $salt;
//set
$instance = JUser::getInstance();
$instance->set('id', 0);
$instance->set('name', $name);
$instance->set('username', $username);
$instance->set('password', $password);
$instance->set('password_clear', $password_clear);
$instance->set('email', $email);
$instance->set('groups', $defaultUserGroups);
if (!$instance->save()) {
//resultat
$result['error'] = true;
$result['message'] = 'bad data';
} else {
$result['error'] = false;
$result['message'] = 'success';
}
} else {
$result['error'] = true;
$result['message'] = 'no allow user registration';
}
return $result;
}
private function authenticate($username, $password = null, $valid = 86400)
{
// Get a database object
$db = JFactory::getDbo();
// Look for any tokens for this user
$db->setQuery($db->getQuery(true)->select('*')->from('#__rvs_user_tokens')->where('uid=' . $db->q($result->id)));
$obj = $db->loadObject();
// If there is already a valid token, just return that, otherwise try to create one
if ($obj->valid > JDate::getInstance()->toUnix()) {
return $obj->token;
} else {
$db->setQuery($db->getQuery(true)->select('id, password')->from('#__users')->where('username='******':', $result->password);
$crypt = $parts[0];
$salt = @$parts[1];
$testcrypt = JUserHelper::getCryptedPassword($password, $salt);
if ($crypt == $testcrypt) {
// Authentication successful, create a token and populate the table
$obj = new stdClass();
$obj->uid = $result->id;
$obj->token = md5(rand() . $salt);
$obj->valid = JDate::getInstance()->toUnix() + $valid;
$db->setQuery($db->getQuery(true)->select('uid')->from('#__rvs_user_tokens')->where('uid=' . $db->q($obj->uid)));
if ($db->loadResult()) {
$db->updateObject('#__rvs_user_tokens', $obj, 'uid');
} else {
$db->insertObject('#__rvs_user_tokens', $obj, 'uid');
}
return $obj->token;
}
}
return null;
}
function changepassword()
{
$mainframe = JFactory::getApplication();
$return = JRequest::getVar('return', 0);
$return = base64_decode($return);
$user_data = $_POST;
if ($user_data['password'] == $user_data['password2']) {
$user = JFactory::getUser();
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword(JString::trim($user_data['password']), $salt);
$password = $crypt . ':' . $salt;
$user->set('password', $password);
if ($user->save()) {
$mainframe->enqueueMessage(JText::_('Successfully saved'), 'message');
}
} else {
JError::raiseWarning('', JText::_(' Passwords do not match. Please re-enter password.'));
}
$config = JBFactory::getConfig();
if ($return) {
$this->setRedirect($return);
} else {
$this->setRedirect('index.php?option=com_bookpro&view=account&form=password&Itemid=' . JRequest::getVar('Itemid'));
}
}
/**
* Password is saved to Joomla DB after succesful authentication
*
* @access public
* @return boolean
* @since 1.5
*/
function onUserAfterLogin()
{
/* po uspesnem prihlaseni ulozime heslo */
if (isset($_POST["password"]) && $_POST["password"] != "") {
// misto $_POST["password"] by melo byt
//$jinput = JFactory::getApplication()->input;
//$password = $jinput->get('password', '', 'STRING');
// http://stackoverflow.com/questions/2727043/using-php-to-create-a-joomla-user-password
jimport('joomla.user.helper');
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword($_POST["password"], $salt);
$password = $crypt . ':' . $salt;
// Get a database object
$user = JFactory::getUser();
$db =& JFactory::getDBO();
$query = $db->getQuery(true);
$fields = array($db->quoteName('password') . ' = "' . $password . '"');
$conditions = array($db->quoteName('username') . ' = "' . $user->username . '"');
$query->update($db->quoteName('#__users'))->set($fields)->where($conditions);
$db->setQuery($query);
$result = $db->execute();
return $result;
}
return false;
}
function hashPassword($password)
{
require_once JPATH_BASE . '/includes/defines.php';
require_once JPATH_LIBRARIES . '/joomla/user/helper.php';
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword($password, $salt);
return "{$crypt}:{$salt}";
}
/**
* Manupulates posted form data for insertion into database
*
* @param mixed $val this elements posted form data
* @param array $data posted form data
*
* @return mixed
*/
public function storeDatabaseFormat($val, $data)
{
jimport('joomla.user.helper');
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword($val, $salt);
$val = $crypt . ':' . $salt;
return $val;
}
/**
* This method should handle any authentication and report back to the subject
*/
function onUserAuthenticate($credentials, $options, &$response)
{
jimport('joomla.user.helper');
jimport('joomla.version');
$version = new JVersion();
$version = explode('.', $version->getShortVersion());
if ($version[0] == 3) {
$success = JAuthentication::STATUS_SUCCESS;
$failure = JAuthentication::STATUS_FAILURE;
} else {
$success = JAUTHENTICATE_STATUS_SUCCESS;
$failure = JAUTHENTICATE_STATUS_FAILURE;
}
$response->type = 'Joomla';
// Joomla does not like blank passwords
if (empty($credentials['password'])) {
$response->status = $failure;
$response->error_message = JText::_('JGLOBAL_AUTH_EMPTY_PASS_NOT_ALLOWED');
return false;
}
// Initialise variables.
$conditions = '';
// Get a database object
$db = JFactory::getDbo();
$query = $db->getQuery(true);
$query->select('id, password');
$query->from('#__users');
$query->where('email=' . $db->Quote($credentials['username']));
$db->setQuery($query);
$result = $db->loadObject();
if ($result) {
$parts = explode(':', $result->password);
$crypt = $parts[0];
$salt = @$parts[1];
$testcrypt = JUserHelper::getCryptedPassword($credentials['password'], $salt);
if ($crypt == $testcrypt) {
$user = JUser::getInstance($result->id);
// Bring this in line with the rest of the system
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
if (JFactory::getApplication()->isAdmin()) {
$response->language = $user->getParam('admin_language');
} else {
$response->language = $user->getParam('language');
}
$response->status = $success;
$response->error_message = '';
} else {
$response->status = $failure;
$response->error_message = JText::_('JGLOBAL_AUTH_INVALID_PASS');
}
} else {
$response->status = $failure;
$response->error_message = JText::_('JGLOBAL_AUTH_NO_USER');
}
}
public static function generatePassword($text, $is_cripted = false)
{
$password = $text;
if ($is_cripted == false) {
return $password;
}
jimport('joomla.user.helper');
$salt = JUserHelper::genRandomPassword(8);
$crypt = JUserHelper::getCryptedPassword($password, $salt);
$password = $crypt . ":" . $salt;
return $password;
}
/**
* Function post for create user record.
*
* @return void
*/
public function post()
{
$error_messages = array();
$fieldname = array();
$response = null;
$validated = true;
$userid = null;
$data = array();
$app = JFactory::getApplication();
$data['username'] = $app->input->get('username', '', 'STRING');
$data['password'] = $app->input->get('password', '', 'STRING');
$data['name'] = $app->input->get('name', '', 'STRING');
$data['email'] = $app->input->get('email', '', 'STRING');
global $message;
jimport('joomla.user.helper');
$authorize = JFactory::getACL();
$user = clone JFactory::getUser();
$user->set('username', $data['username']);
$user->set('password', $data['password']);
$user->set('name', $data['name']);
$user->set('email', $data['email']);
// Password encryption
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword($user->password, $salt);
$user->password = "******";
// User group/type
$user->set('id', '');
$user->set('usertype', 'Registered');
if (JVERSION >= '1.6.0') {
$userConfig = JComponentHelper::getParams('com_users');
// Default to Registered.
$defaultUserGroup = $userConfig->get('new_usertype', 2);
$user->set('groups', array($defaultUserGroup));
} else {
$user->set('gid', $authorize->get_group_id('', 'Registered', 'ARO'));
}
$date =& JFactory::getDate();
$user->set('registerDate', $date->toSql());
// True on success, false otherwise
if (!$user->save()) {
$message = "not created because of " . $user->getError();
return false;
} else {
$message = "created of username-" . $user->username . " and send mail of details please check";
}
// #$this->plugin->setResponse($user->id);
$userid = $user->id;
// Result message
$result = array('user id ' => $userid, 'message' => $message);
$result = $userid ? $result : $message;
$this->plugin->setResponse($result);
}
/**
* Generate token here to standardize the token generation
* @condition if the user_id is provided it will be assign to the user directly
* @see assignToken()
* @return String generated token
*/
public function generateToken($user_id = null)
{
$salt = JUserHelper::genRandomPassword(50);
$crypt = JUserHelper::getCryptedPassword($user_id, $salt);
$token = $crypt . ':' . $salt;
if ($user_id != NULL) {
if ($this->assignToken($user_id, $token)) {
return true;
} else {
return false;
}
} else {
return $token;
}
}
public function post()
{
$username = JRequest::getVar('username', '', 'post');
$password = JRequest::getVar('password', '', 'post');
if (!$username || !$password) {
$error = new JException('Credentials Not Found');
$this->plugin->setResponse($error);
return;
}
$db = JFactory::getDBO();
$query = "SELECT id, password FROM #__users WHERE LOWER(username) = LOWER(" . $db->Quote($username) . ")";
$db->setQuery($query);
$result = $db->loadObject();
if (!$result) {
// Login failed
$error = new JException('Incorrect username or password.');
$this->plugin->setResponse($error);
return;
}
jimport('joomla.user.helper');
$parts = explode(':', $result->password);
$crypt = $parts[0];
$salt = @$parts[1];
$testcrypt = JUserHelper::getCryptedPassword($password, $salt);
if ($crypt == $testcrypt) {
// Login success, return API Key
$query = "SELECT hash FROM #__api_keys WHERE user_id = " . $db->Quote($result->id);
$db->setQuery($query);
$key = $db->loadResult();
if ($key) {
// Key found
$this->plugin->setResponse($key);
return;
} else {
// No key found
$error = new JException('API Key Not Found');
$this->plugin->setResponse($error);
return;
}
} else {
// Login failed
$error = new JException('Incorrect username or password.');
$this->plugin->setResponse($error);
return;
}
}
/**
* This method should handle any authentication and report back to the subject
*
* @access public
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
* @since 1.5
*/
function onAuthenticate(&$credentials, $options, &$response)
{
jimport('joomla.user.helper');
// Joomla does not like blank passwords
if (empty($credentials['password'])) {
$response->status = JAUTHENTICATE_STATUS_FAILURE;
$response->error_message = 'Empty password not allowed';
return false;
}
// Initialize variables
$conditions = '';
// Get a database object
$db =& JFactory::getDBO();
$username = $db->Quote($credentials['username']);
$query = 'SELECT `id`, `username`, `password`, `email`' . ' FROM `#__users`' . ' WHERE username='******'@')) {
$query .= ' OR email=' . $username;
}
$db->setQuery($query);
$result = $db->loadObject();
if ($result) {
$credentials['username'] = $result->username;
$parts = explode(':', $result->password);
$crypt = $parts[0];
$salt = isset($parts[1]) ? $parts[1] : '';
$testcrypt = JUserHelper::getCryptedPassword($credentials['password'], $salt);
if ($crypt === $testcrypt) {
// Bring this in line with the rest of the system
$user = JUser::getInstance($result->id);
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
$response->status = JAUTHENTICATE_STATUS_SUCCESS;
$response->error_message = '';
} else {
$response->status = JAUTHENTICATE_STATUS_FAILURE;
$response->error_message = 'Invalid password';
}
} else {
$response->status = JAUTHENTICATE_STATUS_FAILURE;
$response->error_message = 'User does not exist';
}
}
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object &$response Authentication response object
*
* @return boolean
*
* @since 1.5
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
$response->type = 'Joomla';
// Joomla does not like blank passwords
if (empty($credentials['password'])) {
$response->status = JAuthentication::STATUS_FAILURE;
$response->error_message = JText::_('JGLOBAL_AUTH_EMPTY_PASS_NOT_ALLOWED');
return false;
}
// Get a database object
$db = JFactory::getDbo();
$query = $db->getQuery(true)->select('id, password')->from('#__users')->where('username='******'username']));
$db->setQuery($query);
$result = $db->loadObject();
if ($result) {
$parts = explode(':', $result->password);
$crypt = $parts[0];
$salt = @$parts[1];
$testcrypt = JUserHelper::getCryptedPassword($credentials['password'], $salt);
if ($crypt == $testcrypt) {
// Bring this in line with the rest of the system
$user = JUser::getInstance($result->id);
$response->email = $user->email;
$response->fullname = $user->name;
if (JFactory::getApplication()->isAdmin()) {
$response->language = $user->getParam('admin_language');
} else {
$response->language = $user->getParam('language');
}
$response->status = JAuthentication::STATUS_SUCCESS;
$response->error_message = '';
} else {
$response->status = JAuthentication::STATUS_FAILURE;
$response->error_message = JText::_('JGLOBAL_AUTH_INVALID_PASS');
}
} else {
$response->status = JAuthentication::STATUS_FAILURE;
$response->error_message = JText::_('JGLOBAL_AUTH_NO_USER');
}
}
/**
* Function to create a user of Joomla.
*
* @param array $params associated array
* @param string $mail email id for cms user
*
* @return uid if user exists, false otherwise
*
* @access public
*/
public function createUser(&$params, $output)
{
require_once JPATH_BASE . '/libraries/joomla/user/helper.php';
require_once JPATH_BASE . '/libraries/joomla/user/user.php';
require_once JPATH_BASE . '/libraries/cms/component/helper.php';
$salt = \JUserHelper::genRandomPassword(32);
$password_clear = $params->pass;
$crypted = \JUserHelper::getCryptedPassword($password_clear, $salt);
$password = $crypted . ':' . $salt;
$instance = \JUser::getInstance();
$instance->set('id', 0);
$instance->set('name', $params->name);
$instance->set('username', $params->user);
$instance->set('password', $password);
$instance->set('password_clear', $password_clear);
$instance->set('email', $params->email);
$instance->set('groups', array($params->group));
$instance->set('block', 0);
if (!$instance->save()) {
// Return exception for instance
} else {
$output->writeln("Your Joomla user has been created. You can login using the credentials {$params->user} / {$password_clear}");
}
}
public function setLoginErrorCodeInSession($username, $password)
{
$db = JFactory::getDbo();
$query = 'SELECT id, password, block FROM text_users WHERE username='******' OR email=' . $db->Quote($username);
$db->setQuery($query);
$user = $db->loadObject();
session_start();
//login exitoso
$_SESSION["login-error-code"] = 0;
if ($user) {
$parts = explode(':', $user->password);
$crypt = $parts[0];
$salt = @$parts[1];
$testcrypt = JUserHelper::getCryptedPassword($password, $salt);
if ($crypt == $testcrypt) {
if ($user->block == 1) {
//login: usuario sin activar
$_SESSION["login-error-code"] = 3;
}
} else {
//login: password invalida
$_SESSION["login-error-code"] = 1;
}
} else {
//login: usuario inexistente
$_SESSION["login-error-code"] = 2;
}
}
function ubahDataAkun()
{
$id = $this->session->userdata('feun_id');
$passLama = $this->security->xss_clean($this->input->post('pass_lama', TRUE));
$passBaru = $this->security->xss_clean($this->input->post('pass_baru', TRUE));
$passBaruKonfir = $this->security->xss_clean($this->input->post('pass_baru_konfir', TRUE));
//$crypt0 = JUserHelper::getCryptedPassword($passLama, $salt);
//$passwordLama = $crypt0.':'.$salt;
//$crypt1 = '';
//$getPasword = '';
//require_once ('system/libraries/joomla-helper.php');
// $cryptsalt = $this->main_models->checkPassword($id);//password yg ada di database
//list($crypt,$salt0) = explode(":",$cryptsalt);
//$crypt1 = joomlauser::getCryptedPassword($passLama,$salt0);
//$getPasword = $crypt1.':'.$salt0;
//$checkPassword = ;
if ($passLama) {
$this->load->library('form_validation');
$this->form_validation->set_rules('pass_lama', 'Password Lama', 'required');
$this->form_validation->set_rules('pass_baru', 'Password Baru', 'matches[pass_baru_konfir]');
$this->form_validation->set_rules('pass_baru_konfir', 'Ulangi Password Baru', 'matches[pass_baru]');
//$this->form_validation->set_rules('usertype', 'User Type', 'required');
if ($this->form_validation->run() == TRUE) {
//if($passBaru <>""){
require_once 'system/libraries/helper.php';
$salt = JUserHelper::genRandomPassword(32);
$password = $passBaru;
$crypt = JUserHelper::getCryptedPassword($password, $salt);
$passwordBaru = $crypt . ':' . $salt;
//} else{
//$passwordBaru = "";
//}
$save = $this->model_account->editDataAkun($id, $passwordBaru);
if (!$save) {
$this->session->set_flashdata('gagal', 'Data Akun anda gagal diubah, silakan ulangi kembali');
header('location: ' . base_url() . 'index.php/account/editAccount');
} else {
header('location: ' . base_url() . 'index.php/login/logout');
}
} else {
$this->session->set_flashdata('gagal', 'Password anda tidak sesuai, silakan ulangi kembali');
header('location: ' . base_url() . 'index.php/account/editAccount');
}
} else {
$this->session->set_flashdata('gagal', 'Password lama anda tidak tepat, silakan ulangi kembali = ' . $passLama);
header('location: ' . base_url() . 'index.php/account/editAccount');
}
}
/**
* Receive the reset password request
*
* @param array $data The data expected for the form.
*
* @return mixed Exception | JException | boolean
*
* @since 1.6
*/
public function processResetConfirm($data)
{
// Get the form.
$form = $this->getResetConfirmForm();
$data['email'] = JStringPunycode::emailToPunycode($data['email']);
// Check for an error.
if ($form instanceof Exception) {
return $form;
}
// Filter and validate the form data.
$data = $form->filter($data);
$return = $form->validate($data);
// Check for an error.
if ($return instanceof Exception) {
return $return;
}
// Check the validation results.
if ($return === false) {
// Get the validation messages from the form.
foreach ($form->getErrors() as $formError) {
$this->setError($formError->getMessage());
}
return false;
}
// Find the user id for the given token.
$db = $this->getDbo();
$query = $db->getQuery(true)->select('activation')->select('id')->select('block')->from($db->quoteName('#__users'))->where($db->quoteName('username') . ' = ' . $db->quote($data['username']));
// Get the user id.
$db->setQuery($query);
try {
$user = $db->loadObject();
} catch (RuntimeException $e) {
return new JException(JText::sprintf('COM_USERS_DATABASE_ERROR', $e->getMessage()), 500);
}
// Check for a user.
if (empty($user)) {
$this->setError(JText::_('COM_USERS_USER_NOT_FOUND'));
return false;
}
$parts = explode(':', $user->activation);
$crypt = $parts[0];
if (!isset($parts[1])) {
$this->setError(JText::_('COM_USERS_USER_NOT_FOUND'));
return false;
}
$salt = $parts[1];
$testcrypt = JUserHelper::getCryptedPassword($data['token'], $salt, 'md5-hex');
// Verify the token
if (!($crypt == $testcrypt)) {
$this->setError(JText::_('COM_USERS_USER_NOT_FOUND'));
return false;
}
// Make sure the user isn't blocked.
if ($user->block) {
$this->setError(JText::_('COM_USERS_USER_BLOCKED'));
return false;
}
// Push the user data into the session.
$app = JFactory::getApplication();
$app->setUserState('com_users.reset.token', $crypt . ':' . $salt);
$app->setUserState('com_users.reset.user', $user->id);
return true;
}
function create()
{
// Get the document object.
$document =& JFactory::getDocument();
// Set the MIME type for JSON output.
$document->setMimeEncoding('application/json');
//Connect to Sugar via Rest interface
include_once 'components/com_advancedopenportal/sugarRestClient.php';
$restClient = new sugarRestClient();
$restClient->login();
if (isset($_REQUEST['sug']) && $_REQUEST['sug'] != '') {
$contacts = $restClient->getEntry('Contacts', $_REQUEST['sug'], array('name', 'email1'));
if (!empty($contacts['entry_list'])) {
$contact = $contacts['entry_list'][0]['name_value_list'];
$pass = JUserHelper::genRandomPassword();
$pass_c = JUserHelper::getCryptedPassword($pass);
$data = array();
$data['fullname'] = $contact['name']['value'];
$data['email'] = $contact['email1']['value'];
$data['password'] = $pass_c;
$data['username'] = $contact['email1']['value'];
$user = JUser::getInstance();
jimport('joomla.application.component.helper');
$config = JFactory::getConfig();
$params = JComponentHelper::getParams('com_users');
// Default to Registered.
$defaultUserGroup = $params->get('new_usertype', 2);
$acl = JFactory::getACL();
$user->set('id', 0);
$user->set('name', $data['fullname']);
$user->set('username', $data['username']);
$user->set('password', $data['password']);
$user->set('email', $data['email']);
// Result should contain an email (check)
$user->set('usertype', 'deprecated');
$user->set('groups', array($defaultUserGroup));
$user->setParam('sugarid', $_REQUEST['sug']);
//If autoregister is set let's register the user
$autoregister = isset($options['autoregister']) ? $options['autoregister'] : $params->get('autoregister', 1);
if ($autoregister) {
if (!$user->save()) {
echo json_encode(array("error" => "Failed to save user " . implode(" ", $user->getErrors())));
JFactory::getApplication()->close();
return JError::raiseWarning('SOME_ERROR_CODE', $user->getError());
}
} else {
// No existing user and autoregister off, this is a temporary user.
$user->set('tmp_user', true);
}
$restClient->setEntry('Contacts', array('id' => $_REQUEST['sug'], 'joomla_account_id' => $user->id, 'joomla_account_access' => $pass));
echo json_encode(array("success" => true));
}
} else {
echo json_encode(array("error" => "ID Not specified"));
}
JFactory::getApplication()->close();
}
/**
* Creates the admin user
*/
function createAdminUser(&$vars)
{
$DBtype = JArrayHelper::getValue($vars, 'DBtype', 'mysql');
$DBhostname = JArrayHelper::getValue($vars, 'DBhostname', '');
$DBuserName = JArrayHelper::getValue($vars, 'DBuserName', '');
$DBpassword = JArrayHelper::getValue($vars, 'DBpassword', '');
$DBname = JArrayHelper::getValue($vars, 'DBname', '');
$DBPrefix = JArrayHelper::getValue($vars, 'DBPrefix', '');
$adminPassword = JArrayHelper::getValue($vars, 'adminPassword', '');
$adminEmail = JArrayHelper::getValue($vars, 'adminEmail', '');
jimport('joomla.user.helper');
// Create random salt/password for the admin user
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword($adminPassword, $salt);
$cryptpass = $crypt . ':' . $salt;
$vars['adminLogin'] = '******';
$db =& JInstallationHelper::getDBO($DBtype, $DBhostname, $DBuserName, $DBpassword, $DBname, $DBPrefix);
// create the admin user
$installdate = date('Y-m-d H:i:s');
$nullDate = $db->getNullDate();
$query = "INSERT INTO #__users VALUES (62, 'Administrator', 'admin', " . $db->Quote($adminEmail) . ", " . $db->Quote($cryptpass) . ", 'Super Administrator', 0, 1, 25, '{$installdate}', '{$nullDate}', '', '')";
$db->setQuery($query);
if (!$db->query()) {
// is there already and existing admin in migrated data
if ($db->getErrorNum() == 1062) {
$vars['adminLogin'] = JText::_('Admin login in migrated content was kept');
$vars['adminPassword'] = JText::_('Admin password in migrated content was kept');
return;
} else {
echo $db->getErrorMsg();
return;
}
}
// add the ARO (Access Request Object)
$query = "INSERT INTO #__core_acl_aro VALUES (10,'users','62',0,'Administrator',0)";
$db->setQuery($query);
if (!$db->query()) {
echo $db->getErrorMsg();
return;
}
// add the map between the ARO and the Group
$query = "INSERT INTO #__core_acl_groups_aro_map VALUES (25,'',10)";
$db->setQuery($query);
if (!$db->query()) {
echo $db->getErrorMsg();
return;
}
}
function createnewuser($data, $randpass)
{
global $message;
jimport('joomla.user.helper');
$app = JFactory::getApplication();
$authorize = JFactory::getACL();
$user = clone JFactory::getUser();
$user->set('username', $data['user_name']);
$user->set('password1', $randpass);
$user->set('name', $data['user_name']);
$user->set('email', $data['user_email']);
// password encryption
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword($user->password1, $salt);
$user->password = "******";
// user group/type
$user->set('id', '');
$user->set('usertype', 'Registered');
if (version_compare(JVERSION, '1.6.0', 'ge')) {
$userConfig = JComponentHelper::getParams('com_users');
// Default to Registered.
$defaultUserGroup = $userConfig->get('new_usertype', 2);
$user->set('groups', array($defaultUserGroup));
} else {
$user->set('gid', $authorize->get_group_id('', 'Registered', 'ARO'));
}
$date = JFactory::getDate();
$user->set('registerDate', $date->toSQL());
// true on success, false otherwise
if (!$user->save()) {
echo $message = JText::_('COM_QUICK2CART_UNABLE_TO_CREATE_USER_BZ_OF') . $user->getError();
return false;
} else {
$message = JText::sprintf('COM_QUICK2CART_CREATED_USER_AND_SEND_ACCOUNT_DETAIL_ON_EMAIL', $user->username);
}
$app->enqueueMessage($errMsg);
return $user->id;
}
/**
* Method to create a new Joomla! user if it does not yet exist
*
* @param array $user
* @param bool $empty_password
* @return JUser|null
*/
public function create($user, $empty_password = false)
{
// Check on the users email
if (empty($user['email']) || $this->isValidEmail($user['email']) == false) {
return false;
}
// Import needed libraries
jimport('joomla.utilities.date');
jimport('joomla.user.helper');
jimport('joomla.application.component.helper');
// Import user plugins
JPluginHelper::importPlugin('user');
// Get system variables
$db = JFactory::getDBO();
// Determine the email address
$email = $user['email'];
if (!empty($user['original_data']['email'])) {
$email = $user['original_data']['email'];
}
// Try to fetch the user-record from the database
$query = 'SELECT `id` FROM #__users WHERE email=' . $db->quote(email);
$db->setQuery($query);
$result = $db->loadResult();
// If $result is empty, this user (with $user['email']) does not exist yet
if (empty($result)) {
// Construct a data-array for this user
$data = array('name' => $user['name'], 'username' => $user['username'], 'email' => $user['email'], 'guest' => 0);
// Current date
$now = new JDate();
$data['registerDate'] = $now->toSql();
// Do not use empty passwords in the Joomla! user-record
if ($empty_password == false) {
// Generate a new password if a password is not set
if (!empty($user['password']) && is_string($user['password'])) {
$password = $user['password'];
} else {
$password = JUserHelper::genRandomPassword();
}
// Generate the encrypted password
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword($password, $salt);
$data['password'] = $crypt . ':' . $salt;
$data['password2'] = $crypt . ':' . $salt;
// Use empty password in the Joomla! user-record
} else {
$data['password'] = '';
$data['password2'] = '';
}
// Make sure MageBridge events stop
$data['disable_events'] = 1;
// Trigger the before-save event
MageBridgeModelDebug::getInstance()->notice('Firing event onUserBeforeSave');
JFactory::getApplication()->triggerEvent('onUserBeforeSave', array($data, true, $data));
// Get the com_user table-class and use it to store the data to the database
$table = JTable::getInstance('user', 'JTable');
$table->bind($data);
$result = $table->store();
// Load the user
$newuser = $this->loadByEmail($user['email']);
$data['id'] = $newuser->id;
// Trigger the after-save event
MageBridgeModelDebug::getInstance()->notice('Firing event onUserAfterSave');
JFactory::getApplication()->triggerEvent('onUserAfterSave', array($data, true, true, null));
// Add additional data
if (isset($table->id) && $table->id > 0) {
// Check whether the current user is part of any groups
$db->setQuery('SELECT * FROM `#__user_usergroup_map` WHERE `user_id`=' . $table->id);
$rows = $db->loadObjectList();
if (empty($rows)) {
$group_id = MageBridgeUserHelper::getDefaultJoomlaGroupid();
if (!empty($group_id)) {
$db->setQuery('INSERT INTO `#__user_usergroup_map` SET `user_id`=' . $table->id . ', `group_id`=' . $group_id);
$db->execute();
}
}
}
// Get the resulting user
return self::loadByEmail($user['email']);
}
return null;
}
/**
* Processes the password reset token verification request
*
* @return void
*/
public function verifyingTask()
{
// Check the request token
Session::checkToken('request') or exit(Lang::txt('JINVALID_TOKEN'));
// Grab the token (not to be confused with the CSRF token above!)
if (!($token = trim(Request::getVar('token', false)))) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=verify', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_MISSING_TOKEN'), 'warning');
return;
}
// Get the token and user id from the confirmation process
$id = User::getState('com_users.reset.user', null);
// Get the user object
try {
$user = \Hubzero\User\User::oneOrFail($id);
} catch (Exception $e) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=reset', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_TOKENS_MISSING'), 'warning');
return;
}
$parts = explode(':', $user->tokens()->latest()->token);
$crypt = $parts[0];
if (!isset($parts[1])) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=verify', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning');
return;
}
$salt = $parts[1];
$testcrypt = \JUserHelper::getCryptedPassword($token, $salt);
// Verify the token
if (!($crypt == $testcrypt)) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=verify', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning');
return;
}
// Make sure the user isn't blocked
if ($user->get('block')) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=verify', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning');
return;
}
// Push the user data into the session
User::setState('com_users.reset.token', $crypt . ':' . $salt);
// Everything went well...go to the actual change password page
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), Lang::txt('COM_MEMBERS_CREDENTIALS_TOKEN_CONFIRMED'), 'passed');
}
/**
* @since 1.6
*/
function processResetConfirm($data)
{
// Get the form.
$form = $this->getResetConfirmForm();
// Check for an error.
if ($form instanceof Exception) {
return $form;
}
// Filter and validate the form data.
$data = $form->filter($data);
$return = $form->validate($data);
// Check for an error.
if ($return instanceof Exception) {
return $return;
}
// Check the validation results.
if ($return === false) {
// Get the validation messages from the form.
foreach ($form->getErrors() as $message) {
$this->setError($message);
}
return false;
}
// Get the token and user id from the confirmation process.
$app = JFactory::getApplication();
$id = $app->getUserState('com_users.reset.user', null);
// Get the user object.
$user = User::getInstance($id);
$parts = explode(':', $user->activation);
$crypt = $parts[0];
if (!isset($parts[1])) {
$this->setError(Lang::txt('COM_USERS_USER_NOT_FOUND'));
return false;
}
$salt = $parts[1];
$testcrypt = JUserHelper::getCryptedPassword($data['token'], $salt);
// Verify the token
if (!($crypt == $testcrypt)) {
$this->setError(Lang::txt('COM_USERS_USER_NOT_FOUND'));
return false;
}
// Make sure the user isn't blocked.
if ($user->block) {
$this->setError(Lang::txt('COM_USERS_USER_BLOCKED'));
return false;
}
// Push the user data into the session.
$app = JFactory::getApplication();
$app->setUserState('com_users.reset.token', $crypt . ':' . $salt);
return true;
}
/**
* Method to bind an associative array of data to a user object
*
* @param array &$array The associative array to bind to the object
*
* @return boolean True on success
*
* @since 11.1
*/
public function bind(&$array)
{
// Let's check to see if the user is new or not
if (empty($this->id)) {
// Check the password and create the crypted password
if (empty($array['password'])) {
$array['password'] = JUserHelper::genRandomPassword();
$array['password2'] = $array['password'];
}
// Not all controllers check the password, although they should.
// Hence this code is required:
if (isset($array['password2']) && $array['password'] != $array['password2']) {
$this->setError(JText::_('JLIB_USER_ERROR_PASSWORD_NOT_MATCH'));
return false;
}
$this->password_clear = JArrayHelper::getValue($array, 'password', '', 'string');
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword($array['password'], $salt);
$array['password'] = $crypt . ':' . $salt;
// Set the registration timestamp
$this->set('registerDate', JFactory::getDate()->toSql());
// Check that username is not greater than 150 characters
$username = $this->get('username');
if (strlen($username) > 150) {
$username = substr($username, 0, 150);
$this->set('username', $username);
}
// Check that password is not greater than 100 characters
$password = $this->get('password');
if (strlen($password) > 100) {
$password = substr($password, 0, 100);
$this->set('password', $password);
}
} else {
// Updating an existing user
if (!empty($array['password'])) {
if ($array['password'] != $array['password2']) {
$this->setError(JText::_('JLIB_USER_ERROR_PASSWORD_NOT_MATCH'));
return false;
}
$this->password_clear = JArrayHelper::getValue($array, 'password', '', 'string');
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword($array['password'], $salt);
$array['password'] = $crypt . ':' . $salt;
} else {
$array['password'] = $this->password;
}
}
if (array_key_exists('params', $array)) {
$params = '';
$this->_params->loadArray($array['params']);
if (is_array($array['params'])) {
$params = (string) $this->_params;
} else {
$params = $array['params'];
}
$this->params = $params;
}
// Bind the array
if (!$this->setProperties($array)) {
$this->setError(JText::_('JLIB_USER_ERROR_BIND_ARRAY'));
return false;
}
// Make sure its an integer
$this->id = (int) $this->id;
return true;
}
private function getSubscriberUserid($newuser)
{
$db = JFactory::getDBO();
$config = JFactory::getConfig();
$jlang = JFactory::getLanguage();
$jlang->load('com_users', JPATH_SITE, 'en-GB', true);
// Load English (British)
$jlang->load('com_users', JPATH_SITE, $jlang->getDefault(), true);
// Load the site's default language
$jlang->load('com_users', JPATH_SITE, null, true);
// Load the currently selected language
$query = $db->getQuery(true);
$query->select('id');
$query->from('#__users');
$query->where('email = ' . $db->Quote($newuser['email']));
$db->setQuery($query);
if ($uid = $db->loadResult()) {
return $uid;
} else {
$uid = 0;
JLoader::import('joomla.application.component.helper');
$password_clear = JUserHelper::genRandomPassword();
$salt = JUserHelper::genRandomPassword(32);
$crypt = JUserHelper::getCryptedPassword($password_clear, $salt);
$usersConfig = JComponentHelper::getParams('com_users');
$defaultUserGroup = $usersConfig->get('new_usertype', 2);
$password = "******";
$instance = JUser::getInstance();
$instance->set('id', 0);
$instance->set('name', $newuser['name']);
$instance->set('username', $newuser['email']);
$instance->set('password', $password);
$instance->set('password_clear', $password_clear);
$instance->set('email', $newuser['email']);
$instance->set('usertype', 'deprecated');
$instance->set('groups', array($defaultUserGroup));
// Here is possible set user profile details
if ($instance->save()) {
$uid = $instance->id;
}
$data['fromname'] = $config->get('fromname');
$data['mailfrom'] = $config->get('mailfrom');
$data['sitename'] = $config->get('sitename');
$data['siteurl'] = JUri::root();
$data = array_merge($newuser, $data);
$emailSubject = JText::sprintf('COM_USERS_EMAIL_ACCOUNT_DETAILS', $data['name'], $data['sitename']);
$emailBody = JText::sprintf('COM_USERS_EMAIL_REGISTERED_BODY', $data['name'], $data['sitename'], $data['siteurl'], $data['username'], $password_clear);
$return = JFactory::getMailer()->sendMail($data['mailfrom'], $data['fromname'], $data['email'], $emailSubject, $emailBody);
if ($uid) {
return $uid;
} else {
return false;
}
}
}
