/**
* Constructor. We use it to set the app and db properties.
*
* @param object &$subject The object to observe
* @param array $config An optional associative array of configuration settings.
* Recognized key values include 'name', 'group', 'params', 'language'
* (this list is not meant to be comprehensive).
*
* @since 3.2
*/
public function __construct(&$subject, $config = array())
{
parent::__construct($subject, $config);
// Use domain and path set in config for cookie if it exists.
$this->cookie_domain = $this->app->get('cookie_domain', '');
$this->cookie_path = $this->app->get('cookie_path', '/');
$this->lifetime = time() + $this->params->get('cookie_lifetime', '60') * 24 * 60 * 60;
$this->secure = $this->app->isSSLConnection();
$this->length = $this->params->get('key_length', '16');
}
/**
* We set the authentication cookie only after login is successfullly finished.
* We set a new cookie either for a user with no cookies or one
* where the user used a cookie to authenticate.
*
* @param array $options Array holding options
*
* @return boolean True on success
*
* @since 3.2
*/
public function onUserAfterLogin($options)
{
// No remember me for admin
if ($this->app->isAdmin()) {
return false;
}
if (isset($options['responseType']) && $options['responseType'] == 'Cookie') {
// Logged in using a cookie
$cookieName = JUserHelper::getShortHashedUserAgent();
// We need the old data to get the existing series
$cookieValue = $this->app->input->cookie->get($cookieName);
$cookieArray = explode('.', $cookieValue);
// Filter series since we're going to use it in the query
$filter = new JFilterInput();
$series = $filter->clean($cookieArray[1], 'ALNUM');
} elseif (!empty($options['remember'])) {
// Remember checkbox is set
$cookieName = JUserHelper::getShortHashedUserAgent();
// Create an unique series which will be used over the lifespan of the cookie
$unique = false;
do {
$series = JUserHelper::genRandomPassword(20);
$query = $this->db->getQuery(true)->select($this->db->quoteName('series'))->from($this->db->quoteName('#__user_keys'))->where($this->db->quoteName('series') . ' = ' . $this->db->quote($series));
$results = $this->db->setQuery($query)->loadResult();
if (is_null($results)) {
$unique = true;
}
} while ($unique === false);
} else {
return false;
}
// Get the parameter values
$lifetime = $this->params->get('cookie_lifetime', '60') * 24 * 60 * 60;
$length = $this->params->get('key_length', '16');
// Generate new cookie
$token = JUserHelper::genRandomPassword($length);
$cookieValue = $token . '.' . $series;
// Overwrite existing cookie with new value
$this->app->input->cookie->set($cookieName, $cookieValue, time() + $lifetime, $this->app->get('cookie_path', '/'), $this->app->get('cookie_domain'), $this->app->isSSLConnection());
$query = $this->db->getQuery(true);
if (!empty($options['remember'])) {
// Create new record
$query->insert($this->db->quoteName('#__user_keys'))->set($this->db->quoteName('user_id') . ' = ' . $this->db->quote($options['user']->username))->set($this->db->quoteName('series') . ' = ' . $this->db->quote($series))->set($this->db->quoteName('uastring') . ' = ' . $this->db->quote($cookieName))->set($this->db->quoteName('time') . ' = ' . (time() + $lifetime));
} else {
// Update existing record with new token
$query->update($this->db->quoteName('#__user_keys'))->where($this->db->quoteName('user_id') . ' = ' . $this->db->quote($options['user']->username))->where($this->db->quoteName('series') . ' = ' . $this->db->quote($series))->where($this->db->quoteName('uastring') . ' = ' . $this->db->quote($cookieName));
}
$hashed_token = JUserHelper::hashPassword($token);
$query->set($this->db->quoteName('token') . ' = ' . $this->db->quote($hashed_token));
$this->db->setQuery($query)->execute();
return true;
}
/**
* Set the language cookie
*
* @param string $lang_code The language code for which we want to set the cookie
*
* @return void
*
* @since 3.4.2
*/
private function setLanguageCookie($lang_code)
{
// Get the cookie lifetime we want.
$cookie_expire = 0;
if ($this->params->get('lang_cookie', 1) == 1) {
$cookie_expire = time() + 365 * 86400;
}
// Create a cookie.
$cookie_domain = $this->app->get('cookie_domain');
$cookie_path = $this->app->get('cookie_path', '/');
$cookie_secure = $this->app->isSSLConnection();
$this->app->input->cookie->set(JApplicationHelper::getHash('language'), $lang_code, $cookie_expire, $cookie_path, $cookie_domain, $cookie_secure);
}
/**
* We set the authentication cookie only after login is successfullly finished.
* We set a new cookie either for a user with no cookies or one
* where the user used a cookie to authenticate.
*
* @param array $options Array holding options
*
* @return boolean True on success
*
* @since 3.2
*/
public function onUserAfterLogin($options)
{
// No remember me for admin
if ($this->app->isAdmin()) {
return false;
}
if (isset($options['responseType']) && $options['responseType'] == 'Cookie') {
// Logged in using a cookie
$cookieName = 'joomla_remember_me_' . JUserHelper::getShortHashedUserAgent();
// We need the old data to get the existing series
$cookieValue = $this->app->input->cookie->get($cookieName);
// Try with old cookieName (pre 3.6.0) if not found
if (!$cookieValue) {
$oldCookieName = JUserHelper::getShortHashedUserAgent();
$cookieValue = $this->app->input->cookie->get($oldCookieName);
// Destroy the old cookie in the browser
$this->app->input->cookie->set($oldCookieName, false, time() - 42000, $this->app->get('cookie_path', '/'), $this->app->get('cookie_domain'));
}
$cookieArray = explode('.', $cookieValue);
// Filter series since we're going to use it in the query
$filter = new JFilterInput();
$series = $filter->clean($cookieArray[1], 'ALNUM');
} elseif (!empty($options['remember'])) {
// Remember checkbox is set
$cookieName = 'joomla_remember_me_' . JUserHelper::getShortHashedUserAgent();
// Create a unique series which will be used over the lifespan of the cookie
$unique = false;
$errorCount = 0;
do {
$series = JUserHelper::genRandomPassword(20);
$query = $this->db->getQuery(true)->select($this->db->quoteName('series'))->from($this->db->quoteName('#__user_keys'))->where($this->db->quoteName('series') . ' = ' . $this->db->quote($series));
try {
$results = $this->db->setQuery($query)->loadResult();
if (is_null($results)) {
$unique = true;
}
} catch (RuntimeException $e) {
$errorCount++;
// We'll let this query fail up to 5 times before giving up, there's probably a bigger issue at this point
if ($errorCount == 5) {
return false;
}
}
} while ($unique === false);
} else {
return false;
}
// Get the parameter values
$lifetime = $this->params->get('cookie_lifetime', '60') * 24 * 60 * 60;
$length = $this->params->get('key_length', '16');
// Generate new cookie
$token = JUserHelper::genRandomPassword($length);
$cookieValue = $token . '.' . $series;
// Overwrite existing cookie with new value
$this->app->input->cookie->set($cookieName, $cookieValue, time() + $lifetime, $this->app->get('cookie_path', '/'), $this->app->get('cookie_domain'), $this->app->isSSLConnection());
$query = $this->db->getQuery(true);
if (!empty($options['remember'])) {
// Create new record
$query->insert($this->db->quoteName('#__user_keys'))->set($this->db->quoteName('user_id') . ' = ' . $this->db->quote($options['user']->username))->set($this->db->quoteName('series') . ' = ' . $this->db->quote($series))->set($this->db->quoteName('uastring') . ' = ' . $this->db->quote($cookieName))->set($this->db->quoteName('time') . ' = ' . (time() + $lifetime));
} else {
// Update existing record with new token
$query->update($this->db->quoteName('#__user_keys'))->where($this->db->quoteName('user_id') . ' = ' . $this->db->quote($options['user']->username))->where($this->db->quoteName('series') . ' = ' . $this->db->quote($series))->where($this->db->quoteName('uastring') . ' = ' . $this->db->quote($cookieName));
}
$hashed_token = JUserHelper::hashPassword($token);
$query->set($this->db->quoteName('token') . ' = ' . $this->db->quote($hashed_token));
try {
$this->db->setQuery($query)->execute();
} catch (RuntimeException $e) {
return false;
}
return true;
}
