/** * Decrypt data. * * @param array $keys That must be an array that contains private and public keys. * @param mixed $data Encrypted data that has to be decrypted. * * @return mixed */ public static function decrypt(array $keys, $data) { $chiper = new JCryptCipherRijndael256(); $key = new JCryptKey("rijndael256", $keys["private"], $keys["public"]); $crypt = new JCrypt($chiper, $key); return $crypt->decrypt($data); }
/** * Run when a membership activated * @param PlanOsMembership $row */ function onMembershipActive($row) { if (!$row->user_id && $row->username && $row->user_password) { //Need to create the account here $data['name'] = trim($row->first_name . ' ' . $row->last_name); //Decrypt the password $data['username'] = $row->username; //Password $privateKey = md5(JFactory::getConfig()->get('secret')); $key = new JCryptKey('simple', $privateKey, $privateKey); $crypt = new JCrypt(new JCryptCipherSimple(), $key); $data['password'] = $data['password2'] = $data['password'] = $crypt->decrypt($row->user_password); $data['email1'] = $data['email2'] = $data['email'] = $row->email; $params = JComponentHelper::getParams('com_users'); $data['groups'] = array(); $data['groups'][] = $params->get('new_usertype', 2); $user = new JUser(); if (!$user->bind($data)) { return false; } // Store the data. if (!$user->save()) { return false; } $row->user_id = $user->get('id'); $row->store(); } }
function onAfterInitialise() { $app = JFactory::getApplication(); // No remember me for admin if ($app->isAdmin()) { return; } $user = JFactory::getUser(); if ($user->get('guest')) { $hash = JApplication::getHash('JLOGIN_REMEMBER'); if ($str = JRequest::getString($hash, '', 'cookie', JREQUEST_ALLOWRAW | JREQUEST_NOTRIM)) { jimport('joomla.utilities.simplecrypt'); $credentials = array(); $goodCookie = true; $filter = JFilterInput::getInstance(); // Create the encryption key, apply extra hardening using the user agent string. // Since we're decoding, no UA validity check is required. $privateKey = JApplication::getHash(@$_SERVER['HTTP_USER_AGENT']); $key = new JCryptKey('simple', $privateKey, $privateKey); $crypt = new JCrypt(new JCryptCipherSimple(), $key); try { $str = $crypt->decrypt($str); if (!is_string($str)) { throw new Exception('Decoded cookie is not a string.'); } $cookieData = json_decode($str); if (null === $cookieData) { throw new Exception('JSON could not be docoded.'); } if (!is_object($cookieData)) { throw new Exception('Decoded JSON is not an object.'); } // json_decoded cookie could be any object structure, so make sure the // credentials are well structured and only have user and password. if (isset($cookieData->username) && is_string($cookieData->username)) { $credentials['username'] = $filter->clean($cookieData->username, 'username'); } else { throw new Exception('Malformed username.'); } if (isset($cookieData->password) && is_string($cookieData->password)) { $credentials['password'] = $filter->clean($cookieData->password, 'string'); } else { throw new Exception('Malformed password.'); } $return = $app->login($credentials, array('silent' => true)); if (!$return) { throw new Exception('Log-in failed.'); } } catch (Exception $e) { $config = JFactory::getConfig(); $cookie_domain = $config->get('cookie_domain', ''); $cookie_path = $config->get('cookie_path', '/'); // Clear the remember me cookie setcookie(JApplication::getHash('JLOGIN_REMEMBER'), false, time() - 86400, $cookie_path, $cookie_domain); JLog::add('A remember me cookie was unset for the following reason: ' . $e->getMessage(), JLog::WARNING, 'security'); } } } }
function onAfterInitialise() { $app = JFactory::getApplication(); // No remember me for admin if ($app->isAdmin()) { return; } $user = JFactory::getUser(); if ($user->get('guest')) { $hash = JApplication::getHash('JLOGIN_REMEMBER'); if ($str = JRequest::getString($hash, '', 'cookie', JREQUEST_ALLOWRAW | JREQUEST_NOTRIM)) { jimport('joomla.utilities.simplecrypt'); // Create the encryption key, apply extra hardening using the user agent string. // Since we're decoding, no UA validity check is required. $privateKey = JApplication::getHash(@$_SERVER['HTTP_USER_AGENT']); $key = new JCryptKey('simple', $privateKey, $privateKey); $crypt = new JCrypt(new JCryptCipherSimple(), $key); $str = $crypt->decrypt($str); $cookieData = @unserialize($str); // Deserialized cookie could be any object structure, so make sure the // credentials are well structured and only have user and password. $credentials = array(); $filter = JFilterInput::getInstance(); $goodCookie = true; if (is_array($credentials)) { if (isset($cookieData['username']) && is_string($cookieData['username'])) { $credentials['username'] = $filter->clean($cookieData['username'], 'username'); } else { $goodCookie = false; } if (isset($cookieData['password']) && is_string($cookieData['password'])) { $credentials['password'] = $filter->clean($cookieData['password'], 'string'); } else { $goodCookie = false; } } else { $goodCookie = false; } if (!$goodCookie || !$app->login($credentials, array('silent' => true))) { $config = JFactory::getConfig(); $cookie_domain = $config->get('cookie_domain', ''); $cookie_path = $config->get('cookie_path', '/'); // Clear the remember me cookie setcookie(JApplication::getHash('JLOGIN_REMEMBER'), false, time() - 86400, $cookie_path, $cookie_domain); } } } }
/** * Decrypt a string * * @param string $s String to decrypt * * @return string * * @since 11.1 * @deprecated 12.3 Use JCrypt instead. */ public function decrypt($s) { return $this->_crypt->decrypt($s); }
/** * Get detail information of the subscription * * @param object $config * @param object $row * * @return string */ public static function getEmailContent($config, $row, $toAdmin = false) { $db = JFactory::getDbo(); $sql = 'SELECT lifetime_membership, title FROM #__osmembership_plans WHERE id=' . $row->plan_id; $db->setQuery($sql); $plan = $db->loadObject(); $data = array(); $data['planTitle'] = $plan->title; $data['lifetimeMembership'] = $plan->lifetime_membership; $data['config'] = $config; $data['row'] = $row; $data['toAdmin'] = $toAdmin; if ($row->payment_method == 'os_creditcard') { $cardNumber = JRequest::getVar('x_card_num', ''); $last4Digits = substr($cardNumber, strlen($cardNumber) - 4); $data['last4Digits'] = $last4Digits; } if ($row->user_id) { $sql = 'SELECT username FROM #__users WHERE id=' . $row->user_id; $db->setQuery($sql); $username = $db->loadResult(); $data['username'] = $username; } if ($row->username && $row->user_password) { $data['username'] = $row->username; //Password $privateKey = md5(JFactory::getConfig()->get('secret')); $key = new JCryptKey('simple', $privateKey, $privateKey); $crypt = new JCrypt(new JCryptCipherSimple(), $key); $data['password'] = $crypt->decrypt($row->user_password); } $rowFields = OSMembershipHelper::getProfileFields($row->plan_id); $formData = OSMembershipHelper::getProfileData($row, $row->plan_id, $rowFields); $form = new RADForm($rowFields); $form->setData($formData)->bindData(); $data['form'] = $form; return OSMembershipHelperHtml::loadCommonLayout(JPATH_ROOT . '/components/com_osmembership/emailtemplates/email.php', $data); }