/** * Testing testDecrypt(). * * @param string $expected The expected result of decryption * @param string $key The key to use * @param string $text The decrypted text * * @return void * @dataProvider casesEncryption * @covers JSimpleCrypt::decrypt */ public function testDecrypt($expected, $key, $text) { $cfg = $this->getMock('JObject', array('get')); $cfg->expects($this->any())->method('get')->will($this->returnValue('')); JFactory::$config = $cfg; $this->object = new JSimpleCrypt($key); $this->assertThat($this->object->decrypt($text), $this->equalTo($expected)); }
function onAfterInitialise() { $app = JFactory::getApplication(); // No remember me for admin if ($app->isAdmin()) { return; } $user = JFactory::getUser(); if ($user->get('guest')) { jimport('joomla.utilities.utility'); $hash = JUtility::getHash('JLOGIN_REMEMBER'); if ($str = JRequest::getString($hash, '', 'cookie', JREQUEST_ALLOWRAW | JREQUEST_NOTRIM)) { jimport('joomla.utilities.simplecrypt'); //Create the encryption key, apply extra hardening using the user agent string $key = JUtility::getHash(@$_SERVER['HTTP_USER_AGENT']); $crypt = new JSimpleCrypt($key); $str = $crypt->decrypt($str); $options = array(); $options['silent'] = true; if (!$app->login(@unserialize($str), $options)) { $config = JFactory::getConfig(); $cookie_domain = $config->get('cookie_domain', ''); $cookie_path = $config->get('cookie_path', '/'); // Clear the remember me cookie setcookie(JUtility::getHash('JLOGIN_REMEMBER'), false, time() - 86400, $cookie_path, $cookie_domain); } } } }
public function load($keys = null, $reset = true) { $result = parent::load($keys, $reset); if (isset($this->password) && !empty($this->password)) { $cryptor = new JSimpleCrypt(); $this->password = $cryptor->decrypt($this->password); } return $result; }
function onAfterInitialise() { $app = JFactory::getApplication(); // No remember me for admin if ($app->isAdmin()) { return; } $user = JFactory::getUser(); if ($user->get('guest')) { jimport('joomla.utilities.utility'); $hash = JUtility::getHash('JLOGIN_REMEMBER'); if ($str = JRequest::getString($hash, '', 'cookie', JREQUEST_ALLOWRAW | JREQUEST_NOTRIM)) { jimport('joomla.utilities.simplecrypt'); // Create the encryption key, apply extra hardening using the user agent string. // Since we're decoding, no UA validity check is required. $key = JUtility::getHash(@$_SERVER['HTTP_USER_AGENT']); $crypt = new JSimpleCrypt($key); $str = $crypt->decrypt($str); $cookieData = @unserialize($str); // Deserialized cookie could be any object structure, so make sure the // credentials are well structured and only have user and password. $credentials = array(); $filter = JFilterInput::getInstance(); $goodCookie = true; if (is_array($credentials)) { if (isset($cookieData['username']) && is_string($cookieData['username'])) { $credentials['username'] = $filter->clean($cookieData['username'], 'username'); } else { $goodCookie = false; } if (isset($cookieData['password']) && is_string($cookieData['password'])) { $credentials['password'] = $filter->clean($cookieData['password'], 'string'); } else { $goodCookie = false; } } else { $goodCookie = false; } if (!$goodCookie || !$app->login($credentials, array('silent' => true))) { $config = JFactory::getConfig(); $cookie_domain = $config->get('cookie_domain', ''); $cookie_path = $config->get('cookie_path', '/'); // Clear the remember me cookie setcookie(JUtility::getHash('JLOGIN_REMEMBER'), false, time() - 86400, $cookie_path, $cookie_domain); } } } }
/** * Retrieve the Twitter connection details for the current user * @return array */ function _lookupUserLogin() { global $mainframe; $user =& Jfactory::getUser(); if ($user->id) { // make sure there is a logged in user $btuser =& JTable::getInstance('btuser'); $data = $this->getUser($user->id); $key = str_rot13(strrev($user->username)); $crypt = new JSimpleCrypt($key); $password = $crypt->decrypt($data->password); return array('username' => $data->username, 'password' => $password); } else { return array('username' => '', 'password' => ''); } }
function onAfterInitialise() { global $mainframe; // No remember me for admin if ($mainframe->isAdmin()) { return; } $user =& JFactory::getUser(); if (!$user->get('gid')) { jimport('joomla.utilities.utility'); $hash = JUtility::getHash('JLOGIN_REMEMBER'); if ($str = JRequest::getString($hash, '', 'cookie', JREQUEST_ALLOWRAW | JREQUEST_NOTRIM)) { jimport('joomla.utilities.simplecrypt'); //Create the encryption key, apply extra hardening using the user agent string $key = JUtility::getHash(@$_SERVER['HTTP_USER_AGENT']); $crypt = new JSimpleCrypt($key); $str = $crypt->decrypt($str); $mainframe->login(unserialize($str)); } } }
function onAfterInitialise() { global $mainframe; // No remember me for admin if ($mainframe->isAdmin()) { return; } $user =& JFactory::getUser(); if (!$user->get('gid')) { jimport('joomla.utilities.utility'); $hash = JUtility::getHash('JLOGIN_REMEMBER'); if ($str = JRequest::getString($hash, '', 'cookie', JREQUEST_ALLOWRAW | JREQUEST_NOTRIM)) { jimport('joomla.utilities.simplecrypt'); // Create the encryption key, apply extra hardening using the user agent string // Since we're decoding, no UA validity check is required. $key = JUtility::getHash(@$_SERVER['HTTP_USER_AGENT']); $crypt = new JSimpleCrypt($key); $str = $crypt->decrypt($str); $cookieData = @unserialize($str); // Deserialized cookie could be any object structure, so make sure the // credentials are well structured and only have user and password. $credentials = array(); if (!is_array($credentials)) { return; } if (!isset($cookieData['username']) || !is_string($cookieData['username'])) { return; } $credentials['username'] = JFilterInput::clean($cookieData['username'], 'username'); if (!isset($cookieData['password']) || !is_string($cookieData['password'])) { return; } $credentials['password'] = JFilterInput::clean($cookieData['password'], 'string'); if (!$mainframe->login($credentials, array('silent' => true))) { // Clear the remember me cookie setcookie(JUtility::getHash('JLOGIN_REMEMBER'), false, time() - 86400, '/'); } } } }
/** * Remebers handling. */ public function onAfterInitialise() { global $mainframe; $viewer = get_viewer(); if (!$viewer->guest() && !$viewer->enabled) { KService::get('com://site/people.helper.person')->logout(); } // No remember me for admin if ($mainframe->isAdmin()) { return; } jimport('joomla.utilities.utility'); jimport('joomla.utilities.simplecrypt'); $user = array(); $remember = JUtility::getHash('JLOGIN_REMEMBER'); // for json requests obtain the username and password from the $_SERVER array // else if the remember me cookie exists, decrypt and obtain the username and password from it if ($viewer->guest() && KRequest::has('server.PHP_AUTH_USER') && KRequest::has('server.PHP_AUTH_PW') && KRequest::format() == 'json') { $user['username'] = KRequest::get('server.PHP_AUTH_USER', 'raw'); $user['password'] = KRequest::get('server.PHP_AUTH_PW', 'raw'); } elseif ($viewer->guest() && isset($_COOKIE[$remember]) && $_COOKIE[$remember] != '') { $key = JUtility::getHash(KRequest::get('server.HTTP_USER_AGENT', 'raw')); if ($key) { $crypt = new JSimpleCrypt($key); $cookie = $crypt->decrypt($_COOKIE[$remember]); $user = (array) @unserialize($cookie); } } else { return; } if ($viewer->guest() && count($user)) { try { jimport('joomla.user.authentication'); $authentication =& JAuthentication::getInstance(); $authResponse = $authentication->authenticate($user, array()); if ($authResponse->status == JAUTHENTICATE_STATUS_SUCCESS) { KService::get('com://site/people.helper.person')->login($user, true); } } catch (RuntimeException $e) { //only throws exception if we are using JSON format //otherwise let the current app handle it if (KRequest::format() == 'json') { throw $e; } } } return; }
/** * $$$ hugh - add in any encrypted stuff, in case we fail validation ... * otherwise it won't be in $data when we rebuild the page. * Need to do it here, so _raw fields get added in the next chunk 'o' code. * @param array posted form data passed by reference * @return null */ function addEncrytedVarsToArray(&$post) { if (array_key_exists('fabrik_vars', $_REQUEST) && array_key_exists('querystring', $_REQUEST['fabrik_vars'])) { $groups = $this->getGroupsHiarachy(); $gkeys = array_keys($groups); jimport('joomla.utilities.simplecrypt'); $crypt = new JSimpleCrypt(); $w = new FabrikWorker(); foreach ($gkeys as $g) { $groupModel = $groups[$g]; $elementModels = $groupModel->getPublishedElements(); foreach ($elementModels as $elementModel) { $element = $elementModel->getElement(); foreach ($_REQUEST['fabrik_vars']['querystring'] as $key => $encrypted) { if ($elementModel->getFullName(false, true, false) == $key) { // $$$ rob - dont test for !canUse() as confirmation plugin dynamically sets this if ($elementModel->canView()) { //if (!$elementModel->canUse() && $elementModel->canView()) { if (is_array($encrypted)) { //repeat groups no join $v = array(); foreach ($encrypted as $e) { //$$$ rob urldecode when posting from ajax form $e = urldecode($e); $e = empty($e) ? '' : $crypt->decrypt($e); $v[] = $w->parseMessageForPlaceHolder($e, $post); } } else { // $$$ rob urldecode when posting from ajax form $encrypted = urldecode($encrypted); $v = empty($encrypted) ? '' : $crypt->decrypt($encrypted); $v = $w->parseMessageForPlaceHolder($v, $post); } $elementModel->_group = $groupModel; $elementModel->setValuesFromEncryt($post, $key, $v); // $$ rob set both normal and rawvalues to encrypted - otherwise validate mehtod doenst //pick up decrypted value $elementModel->setValuesFromEncryt($post, $key . '_raw', $v); } } } } } } }
/** * If an element is set to readonly, and has a default value selected then insert this * data into the array that is to be bound to the table record * @since 1.0.6 * @param array data * @param object to bind to table row * @param int is record join record */ function _addDefaultDataFromRO(&$data, &$oRecord, $isJoin, $rowid) { jimport('joomla.utilities.simplecrypt'); // $$$ rob since 1.0.6 : 10 June 08 // get the current record - not that which was posted $formModel =& $this->getFormModel(); $table =& $this->getTable(); if (is_null($this->_origData)) { if (empty($rowid)) { $this->_origData = $origdata = array(); } else { $sql = $formModel->_buildQuery(); $db =& $this->getDb(); $db->setQuery($sql); $origdata = $db->loadObject(); $origdata = JArrayHelper::fromObject($origdata); $origdata = is_array($origdata) ? $origdata : array(); $this->_origData =& $origdata; } } else { $origdata =& $this->_origData; } $form =& $formModel->getForm(); $groups =& $formModel->getGroupsHiarachy(); $gcounter = 0; $repeatGroupCounts = JRequest::getVar('fabrik_repeat_group', array()); foreach ($groups as $groupModel) { if ($isJoin && $groupModel->isJoin() || !$isJoin && !$groupModel->isJoin()) { $elementModels =& $groupModel->getPublishedElements(); foreach ($elementModels as $elementModel) { // $$$ rob 25/02/2011 unviewable elements are now also being encrypted //if (!$elementModel->canUse() && $elementModel->canView()) { if (!$elementModel->canUse()) { $element =& $elementModel->getElement(); $fullkey = $elementModel->getFullName(false, true, false); $key = $element->name; // $$$ hugh - allow submission plugins to override RO data // TODO - test this for joined data if ($formModel->updatedByPlugin($fullkey)) { continue; } //force a reload of the default value with $origdata unset($elementModel->defaults); $default = array(); foreach ($repeatGroupCounts as $groupId => $repeatCount) { $def = $elementModel->getValue($origdata, $repeatCount); // $$$ rob 26/04/2011 encodeing done at the end //if its a dropdown radio etc /*if (is_array($def)) { $def = json_encode($def); }*/ $default[] = $def; } $default = count($default) == 1 ? $default[0] : json_encode($default); $data[$key] = $default; $oRecord->{$key} = $default; } } } $gcounter++; } $copy = JRequest::getBool('Copy'); //check crypted querystring vars (encrypted in form/view.html.php ) _cryptQueryString if (array_key_exists('fabrik_vars', $_REQUEST) && array_key_exists('querystring', $_REQUEST['fabrik_vars'])) { $crypt = new JSimpleCrypt(); foreach ($_REQUEST['fabrik_vars']['querystring'] as $key => $encrypted) { // $$$ hugh - allow submission plugins to override RO data // TODO - test this for joined data if ($formModel->updatedByPlugin($key)) { continue; } $key = FabrikString::shortColName($key); // $$$ hugh - trying to fix issue where encrypted elements from a main group end up being added to // a joined group's field list for the update/insert on the joined row(s). if (!array_key_exists($key, $data)) { continue; } foreach ($groups as $groupModel) { $elementModels =& $groupModel->getPublishedElements(); foreach ($elementModels as $elementModel) { $element =& $elementModel->getElement(); if ($element->name == $key) { //dont overwrite if something has been entered // $$$ rob 25/02/2011 unviewable elements are now also being encrypted //if (!$elementModel->canUse() && $elementModel->canView()) { if (!$elementModel->canUse()) { //repeat groups no join: if (is_array($encrypted)) { $v = array(); foreach ($encrypted as $e) { $v[] = empty($e) ? '' : $crypt->decrypt($e); } $v = json_encode($v); } else { $v = !empty($encrypted) ? $crypt->decrypt($encrypted) : ''; } if ($copy) { $v = $elementModel->onSaveAsCopy($v); } $data[$key] = $v; $oRecord->{$key} = $v; } // $$$ hugh FIXME - is there some reason we don't break out back to the // main querystring foreach at this point, rather than looping through // all remaining elements and groups? } } } } } }
/** * If an element is set to readonly, and has a default value selected then insert this * data into the array that is to be bound to the table record * * @param array &$data list data * @param object &$oRecord to bind to table row * @param int $isJoin is record join record * @param int $rowid row id * @param object $joinGroupTable join group table * * @since 1.0.6 * * @return void */ function _addDefaultDataFromRO(&$data, &$oRecord, $isJoin, $rowid, $joinGroupTable) { jimport('joomla.utilities.simplecrypt'); // $$$ rob since 1.0.6 : 10 June 08 // Get the current record - not that which was posted $formModel = $this->getFormModel(); $table = $this->getTable(); if (is_null($this->_origData)) { /* $$$ hugh FIXME - doesn't work for rowid=-1 / usekey submissions, * ends up querying "WHERE foo.userid = '<rowid>'" instead of <userid> * OK for now, as we should catch RO data from the encrypted vars check * later in this method. */ if (empty($rowid)) { $this->_origData = $origdata = array(); } else { $sql = $formModel->_buildQuery(); $db = $this->getDb(); $db->setQuery($sql); $origdata = $db->loadObject(); $origdata = JArrayHelper::fromObject($origdata); $origdata = is_array($origdata) ? $origdata : array(); $this->_origData = $origdata; } } else { $origdata = $this->_origData; } $form = $formModel->getForm(); $groups = $formModel->getGroupsHiarachy(); /* $$$ hugh - seems like there's no point in doing this chunk if there is no $origdata to work with? Not sure if there's ever a valid reason for doing so, but it certainly breaks things like onCopyRow(), where (for instance) user elements will get reset to 0 by this code. */ if (!empty($origdata)) { $gcounter = 0; $repeatGroupCounts = JRequest::getVar('fabrik_repeat_group', array()); foreach ($groups as $groupModel) { if ($isJoin && $groupModel->isJoin() || !$isJoin && !$groupModel->isJoin()) { $elementModels = $groupModel->getPublishedElements(); foreach ($elementModels as $elementModel) { // $$$ rob 25/02/2011 unviewable elements are now also being encrypted // if (!$elementModel->canUse() && $elementModel->canView()) { if (!$elementModel->canUse()) { $element = $elementModel->getElement(); $fullkey = $elementModel->getFullName(false, true, false); // $$$ rob 24/01/2012 if a previous joined data set had a ro element then if we werent checkign that group is the // same as the join group then the insert failed as data from other joins added into the current join if ($isJoin && $groupModel->getId() != $joinGroupTable->id) { continue; } $key = $element->name; // $$$ hugh - allow submission plugins to override RO data // TODO - test this for joined data if ($formModel->updatedByPlugin($fullkey)) { continue; } // Force a reload of the default value with $origdata unset($elementModel->defaults); $default = array(); $repeatGroupCount = JArrayHelper::getValue($repeatGroupCounts, $groupModel->getGroup()->id); for ($repeatCount = 0; $repeatCount < $repeatGroupCount; $repeatCount++) { $def = $elementModel->getValue($origdata, $repeatCount); if (is_array($def)) { // Radio buttons getValue() returns an array already so don't array the array. $default = $def; } else { $default[] = $def; } } $default = count($default) == 1 ? $default[0] : json_encode($default); $data[$key] = $default; $oRecord->{$key} = $default; } } } $gcounter++; } } $copy = JRequest::getBool('Copy'); // Check crypted querystring vars (encrypted in form/view.html.php ) _cryptQueryString if (array_key_exists('fabrik_vars', $_REQUEST) && array_key_exists('querystring', $_REQUEST['fabrik_vars'])) { $crypt = new JSimpleCrypt(); foreach ($_REQUEST['fabrik_vars']['querystring'] as $key => $encrypted) { // $$$ hugh - allow submission plugins to override RO data // TODO - test this for joined data if ($formModel->updatedByPlugin($key)) { continue; } $key = FabrikString::shortColName($key); /* $$$ hugh - trying to fix issue where encrypted elements from a main group end up being added to * a joined group's field list for the update/insert on the joined row(s). */ /* * $$$ rob - commenting it out as this was stopping data that was not viewable or editable from being included * in $data. New test added inside foreach loop below **/ /* if (!array_key_exists($key, $data)) { continue; } */ foreach ($groups as $groupModel) { // New test to replace if (!array_key_exists($key, $data)) // $$$ hugh - this stops elements from joined groups being added to main row, but see 'else' if ($isJoin) { if ($groupModel->getGroup()->id != $joinGroupTable->id) { continue; } } else { // $$$ hugh - need test here if not $isJoin, to stop keys from joined groups being added to main row! if ($groupModel->isJoin()) { continue; } } $elementModels = $groupModel->getPublishedElements(); foreach ($elementModels as $elementModel) { $element = $elementModel->getElement(); // $$$ hugh - I have a feeling this test is a Bad Thing <tm> as it is using short keys, so if two joined groups share the same element name(s) ... if ($element->name == $key) { // Don't overwrite if something has been entered // $$$ rob 25/02/2011 unviewable elements are now also being encrypted // if (!$elementModel->canUse() && $elementModel->canView()) { if (!$elementModel->canUse()) { // Repeat groups no join: if (is_array($encrypted)) { $v = array(); foreach ($encrypted as $e) { $e = urldecode($e); $v[] = empty($e) ? '' : $crypt->decrypt($e); } $v = json_encode($v); } else { $encrypted = urldecode($encrypted); $v = !empty($encrypted) ? $crypt->decrypt($encrypted) : ''; } /* $$$ hugh - also gets called in storeRow(), not sure if we really need to * call it here? And if we do, then we should probably be calling onStoreRow * as well, if $data['fabrik_copy_from_table'] is set? Can't remember why, * but we differentiate between the two, with onCopyRow being when a row is copied * using the list plugin, and onSaveAsCopy when the form plugin is used. */ if ($copy) { $v = $elementModel->onSaveAsCopy($v); } $data[$key] = $v; $oRecord->{$key} = $v; } break 2; } } } } } }
/** * Add in any encrypted stuff, in case we fail validation ... * otherwise it won't be in $data when we rebuild the page. * Need to do it here, so _raw fields get added in the next chunk 'o' code. * * @param array &$post posted form data passed by reference * * @return null */ public function addEncrytedVarsToArray(&$post) { if (array_key_exists('fabrik_vars', $_REQUEST) && array_key_exists('querystring', $_REQUEST['fabrik_vars'])) { $groups = $this->getGroupsHiarachy(); $gkeys = array_keys($groups); jimport('joomla.utilities.simplecrypt'); $crypt = new JSimpleCrypt(); $w = new FabrikWorker(); foreach ($gkeys as $g) { $groupModel = $groups[$g]; $elementModels = $groupModel->getPublishedElements(); foreach ($elementModels as $elementModel) { $element = $elementModel->getElement(); foreach ($_REQUEST['fabrik_vars']['querystring'] as $key => $encrypted) { if ($elementModel->getFullName(false, true, false) == $key) { /* $$$ rob - dont test for !canUse() as confirmation plugin dynamically sets this * if ($elementModel->canView()) * $$$ hugh - testing adding non-viewable, non-editable elements to encrypted vars */ if (true) { // Was testing for: if (!$elementModel->canUse() && $elementModel->canView()) { if (is_array($encrypted)) { // Repeat groups no join $v = array(); foreach ($encrypted as $e) { // $$$ rob urldecode when posting from ajax form $e = urldecode($e); $e = empty($e) ? '' : $crypt->decrypt($e); $e = FabrikWorker::JSONtoData($e); $v[] = $w->parseMessageForPlaceHolder($e, $post); } } else { // $$$ rob urldecode when posting from ajax form $encrypted = urldecode($encrypted); $v = empty($encrypted) ? '' : $crypt->decrypt($encrypted); /* $$$ hugh - things like elementlist elements (radios, etc) seem to use * their JSON data for encrypted read only vals, need to decode. */ $v = FabrikWorker::JSONtoData($v); $v = $w->parseMessageForPlaceHolder($v, $post); } $elementModel->_group = $groupModel; $elementModel->setValuesFromEncryt($post, $key, $v); /* $$ rob set both normal and rawvalues to encrypted - otherwise validate method doenst * pick up decrypted value */ $elementModel->setValuesFromEncryt($post, $key . '_raw', $v); } } } } } } }