/** * Helper wrapper method for clearExpiredTokens * * @return mixed Database query result * * @see JUserHelper::clearExpiredTokens() * @since 3.4 * @deprecated 4.0 */ public function clearExpiredTokens() { return JUserHelper::clearExpiredTokens(); }
/** * Remember me method to run onAfterInitialise * * @return boolean * * @since 1.5 * @throws InvalidArgumentException */ public function onAfterInitialise() { // No remember me for admin if ($this->app->isAdmin()) { return false; } $user = JFactory::getUser(); $this->app->rememberCookieLifetime = $this->lifetime; $this->app->rememberCookieSecure = $this->secure; $this->app->rememberCookieLength = $this->length; // Check for a cookie if ($user->get('guest') == 1) { // Create the cookie name and data $rememberArray = JUserHelper::getRememberCookieData(); if ($rememberArray !== false) { if (count($rememberArray) != 3) { // Destroy the cookie in the browser. $this->app->input->cookie->set(end($rememberArray), false, time() - 42000, $this->app->get('cookie_path'), $this->app->get('cookie_domain')); JLog::add('Invalid cookie detected.', JLog::WARNING, 'error'); return false; } list($privateKey, $series, $uastring) = $rememberArray; if (!JUserHelper::clearExpiredTokens($this)) { JLog::add('Error in deleting expired cookie tokens.', JLog::WARNING, 'error'); } // Find the matching record if it exists $query = $this->db->getQuery(true)->select($this->db->quoteName(array('user_id', 'token', 'series', 'time', 'invalid')))->from($this->db->quoteName('#__user_keys'))->where($this->db->quoteName('series') . ' = ' . $this->db->quote(base64_encode($series)))->where($this->db->quoteName('uastring') . ' = ' . $this->db->quote($uastring))->order($this->db->quoteName('time') . ' DESC'); $results = $this->db->setQuery($query)->loadObjectList(); $countResults = count($results); // We have a user but a cookie that is not in the database, or it is invalid. This is a possible attack, so invalidate everything. if (($countResults === 0 || $results[0]->invalid != 0) && !empty($results[0]->user_id)) { JUserHelper::invalidateCookie($results[0]->user_id, $uastring); JLog::add(JText::sprintf('PLG_SYSTEM_REMEMBER_ERROR_LOG_INVALIDATED_COOKIES', $user->username), JLog::WARNING, 'security'); // Possibly e-mail user and admin here. return false; } // We have a user with one cookie with a valid series and a corresponding record in the database. if ($countResults === 1) { if (!JCrypt::timingSafeCompare($results[0]->token, $privateKey)) { JUserHelper::invalidateCookie($results[0]->user_id, $uastring); JLog::add(JText::sprintf('PLG_SYSTEM_REMEMBER_ERROR_LOG_LOGIN_FAILED', $user->username), JLog::WARNING, 'security'); return false; } // Set up the credentials array to pass to onUserAuthenticate $credentials = array('username' => $results[0]->user_id); return $this->app->login($credentials, array('silent' => true, 'lifetime' => $this->lifetime, 'secure' => $this->secure, 'length' => $this->length)); } } } return false; }