/** * Logs in a user. * * @param array $user The user as an array * @param bool $remember Flag to whether remember the user or not * * @return bool */ public function login(array $user, $remember = false) { $session =& JFactory::getSession(); // we fork the session to prevent session fixation issues $session->fork(); JFactory::getApplication()->_createSession($session->getId()); // Import the user plugin group JPluginHelper::importPlugin('user'); $options = array(); $results = JFactory::getApplication()->triggerEvent('onLoginUser', array($user, $options)); foreach ($results as $result) { if ($result instanceof JException || $result instanceof Exception || $result === false) { return false; } } //if remember is true, create a remember cookie that contains the ecrypted username and password if ($remember) { // Set the remember me cookie if enabled jimport('joomla.utilities.simplecrypt'); jimport('joomla.utilities.utility'); $key = JUtility::getHash(KRequest::get('server.HTTP_USER_AGENT', 'raw')); if ($key) { $crypt = new JSimpleCrypt($key); $cookie = $crypt->encrypt(serialize(array('username' => $user['username'], 'password' => $user['password']))); $lifetime = time() + 365 * 24 * 3600; setcookie(JUtility::getHash('JLOGIN_REMEMBER'), $cookie, $lifetime, '/'); } } return true; }
/** * Testing testEncrypt(). * * @param string $text The text to be encrypted * @param string $key The key to use * @param string $expected The expected result of encryption * * @return void * @dataProvider casesEncryption * @covers JSimpleCrypt::encrypt */ public function testEncrypt($text, $key, $expected) { $cfg = $this->getMock('JObject', array('get')); $cfg->expects($this->any())->method('get')->will($this->returnValue('')); JFactory::$config = $cfg; $this->object = new JSimpleCrypt($key); $this->assertThat($this->object->encrypt($text), $this->equalTo($expected)); }
function update($parent) { $path = JPATH_ADMINISTRATOR . '/components/com_ganalytics/ganalytics.xml'; $version = null; if (file_exists($path)) { $manifest = simplexml_load_file($path); $version = (string) $manifest->version; } if (empty($version)) { return; } if (!empty($version) && version_compare($version, '2.0.0') == -1) { // profiles table $this->run("ALTER TABLE `#__ganalytics_profiles` ADD `username` VARCHAR( 255 ) NULL DEFAULT NULL;"); $this->run("ALTER TABLE `#__ganalytics_profiles` ADD `password` text NULL DEFAULT NULL AFTER `username`;"); $username = $this->getParam('username'); if (!empty($username)) { $this->run("update `#__ganalytics_profiles` set `username`= '" . $username . "';"); } $password = $this->getParam('password'); if (!empty($password)) { jimport('joomla.utilities.simplecrypt'); $cryptor = new JSimpleCrypt(); $password = $cryptor->encrypt($password); $this->run("update `#__ganalytics_profiles` set `password`= '" . $password . "';"); } // group table $this->run("CREATE TABLE IF NOT EXISTS`#__ganalytics_stats_groups` (\n\t\t\t\t\t`id` int(11) NOT NULL auto_increment,\n\t\t\t\t\t`name` varchar(100) NOT NULL,\n\t\t\t\t\t`position` int(20) NOT NULL DEFAULT 0,\n\t\t\t\t\t`column_count` int(20) NOT NULL DEFAULT 1,\n\t\t\t\t\tPRIMARY KEY (`id`)\n\t\t\t);"); $this->run("insert into `#__ganalytics_stats_groups` (`name`) select `name` from `#__ganalytics_stats`;"); // stats table $this->run("ALTER TABLE `#__ganalytics_stats` ADD `group_id` int(11) NOT NULL DEFAULT 1 AFTER `id`;"); $this->run("ALTER TABLE `#__ganalytics_stats` ADD `column` int(20) NOT NULL DEFAULT 0 AFTER `group_id`;"); $this->run("ALTER TABLE `#__ganalytics_stats` ADD `position` int(20) NOT NULL DEFAULT 0 AFTER `column`;"); $this->run("ALTER TABLE `#__ganalytics_stats` ADD `type` varchar(250) NOT NULL DEFAULT 'list' AFTER `position`;"); $this->run("update `#__ganalytics_stats` s set `group_id`= (select `id` from `#__ganalytics_stats_groups` g where s.name = g.name);"); // activate system plugin $this->run("update #__extensions set enabled=1 where type = 'plugin' and element = 'ganalytics'"); $this->run("update #__extensions set enabled=0 where type = 'plugin' and element = 'ganalyticstrcode'"); // activate admin stats plugin $this->run("update #__modules set published=1, position='cpanel' where module like 'mod_ganalytics_admin_stats'"); $this->run("insert into #__modules_menu (moduleid) select id as moduleid from #__modules where module like 'mod_ganalytics_admin_stats'"); } if (!empty($version) && version_compare($version, '2.1.0') == -1) { foreach (JFolder::files(JPATH_ADMINISTRATOR . DS . 'language', '.*ganalytics.*', true, true) as $file) { JFile::delete($file); } foreach (JFolder::files(JPATH_SITE . DS . 'language', '.*ganalytics.*', true, true) as $file) { JFile::delete($file); } $this->run("ALTER TABLE `#__ganalytics_stats` ADD `filter` varchar(250) DEFAULT NULL AFTER `sort`;"); } if (!empty($version) && version_compare($version, '3.0.0') == -1) { $this->run("ALTER TABLE `#__ganalytics_profiles` DROP `username`"); $this->run("ALTER TABLE `#__ganalytics_profiles` CHANGE `password` `token` TEXT NULL DEFAULT NULL"); $this->run("delete from `#__ganalytics_profiles`"); } }
public function store($updateNulls = false) { $oldPassword = $this->password; if (!empty($oldPassword)) { $cryptor = new JSimpleCrypt(); $this->password = $cryptor->encrypt($oldPassword); } $result = parent::store($updateNulls); $this->password = $oldPassword; return $result; }
/** * Login authentication function. * * Username and encoded password are passed the the onLoginUser event which * is responsible for the user validation. A successful validation updates * the current session record with the users details. * * Username and encoded password are sent as credentials (along with other * possibilities) to each observer (authentication plugin) for user * validation. Successful validation will update the current session with * the user details. * * @param array Array( 'username' => string, 'password' => string ) * @param array Array( 'remember' => boolean ) * @return boolean True on success. * @access public * @since 1.5 */ function login($credentials, $options = array()) { // Get the global JAuthentication object jimport('joomla.user.authentication'); $authenticate =& JAuthentication::getInstance(); $response = $authenticate->authenticate($credentials, $options); if ($response->status === JAUTHENTICATE_STATUS_SUCCESS) { $session =& JFactory::getSession(); // we fork the session to prevent session fixation issues $session->fork(); $this->_createSession($session->getId()); // Import the user plugin group JPluginHelper::importPlugin('user'); // OK, the credentials are authenticated. Lets fire the onLogin event $results = $this->triggerEvent('onLoginUser', array((array) $response, $options)); /* * If any of the user plugins did not successfully complete the login routine * then the whole method fails. * * Any errors raised should be done in the plugin as this provides the ability * to provide much more information about why the routine may have failed. */ if (!in_array(false, $results, true)) { // Set the remember me cookie if enabled if (isset($options['remember']) && $options['remember']) { jimport('joomla.utilities.simplecrypt'); jimport('joomla.utilities.utility'); //Create the encryption key, apply extra hardening using the user agent string $agent = @$_SERVER['HTTP_USER_AGENT']; // Ignore empty and crackish user agents if ($agent != '' && $agent != 'JLOGIN_REMEMBER') { $key = JUtility::getHash($agent); $crypt = new JSimpleCrypt($key); $rcookie = $crypt->encrypt(serialize($credentials)); $lifetime = time() + 365 * 24 * 60 * 60; setcookie(JUtility::getHash('JLOGIN_REMEMBER'), $rcookie, $lifetime, '/'); } } return true; } } // Trigger onLoginFailure Event $this->triggerEvent('onLoginFailure', array((array) $response)); // If silent is set, just return false if (isset($options['silent']) && $options['silent']) { return false; } // Return the error return JError::raiseWarning('SOME_ERROR_CODE', JText::_('E_LOGIN_AUTHENTICATE')); }
/** * Login authentication function. * * Username and encoded password are passed the onUserLogin event which * is responsible for the user validation. A successful validation updates * the current session record with the user's details. * * Username and encoded password are sent as credentials (along with other * possibilities) to each observer (authentication plugin) for user * validation. Successful validation will update the current session with * the user details. * * @param array $credentials Array('username' => string, 'password' => string) * @param array $options Array('remember' => boolean) * * @return boolean True on success. * * @since 11.1 */ public function login($credentials, $options = array()) { // Get the global JAuthentication object. jimport('joomla.user.authentication'); $authenticate = JAuthentication::getInstance(); $response = $authenticate->authenticate($credentials, $options); if ($response->status === JAuthentication::STATUS_SUCCESS) { // validate that the user should be able to login (different to being authenticated) // this permits authentication plugins blocking the user $authorisations = $authenticate->authorise($response, $options); foreach ($authorisations as $authorisation) { $denied_states = array(JAuthentication::STATUS_EXPIRED, JAuthentication::STATUS_DENIED); if (in_array($authorisation->status, $denied_states)) { // Trigger onUserAuthorisationFailure Event. $this->triggerEvent('onUserAuthorisationFailure', array((array) $authorisation)); // If silent is set, just return false. if (isset($options['silent']) && $options['silent']) { return false; } // Return the error. switch ($authorisation->status) { case JAuthentication::STATUS_EXPIRED: return JError::raiseWarning('102002', JText::_('JLIB_LOGIN_EXPIRED')); break; case JAuthentication::STATUS_DENIED: return JError::raiseWarning('102003', JText::_('JLIB_LOGIN_DENIED')); break; default: return JError::raiseWarning('102004', JText::_('JLIB_LOGIN_AUTHORISATION')); break; } } } // Import the user plugin group. JPluginHelper::importPlugin('user'); // OK, the credentials are authenticated and user is authorised. Lets fire the onLogin event. $results = $this->triggerEvent('onUserLogin', array((array) $response, $options)); /* * If any of the user plugins did not successfully complete the login routine * then the whole method fails. * * Any errors raised should be done in the plugin as this provides the ability * to provide much more information about why the routine may have failed. */ if (!in_array(false, $results, true)) { // Set the remember me cookie if enabled. if (isset($options['remember']) && $options['remember']) { jimport('joomla.utilities.simplecrypt'); jimport('joomla.utilities.utility'); // Create the encryption key, apply extra hardening using the user agent string. $agent = @$_SERVER['HTTP_USER_AGENT']; // Ignore empty and crackish user agents if ($agent != '' && $agent != 'JLOGIN_REMEMBER') { $key = JUtility::getHash($agent); $crypt = new JSimpleCrypt($key); $rcookie = $crypt->encrypt(serialize($credentials)); $lifetime = time() + 365 * 24 * 60 * 60; // Use domain and path set in config for cookie if it exists. $cookie_domain = $this->getCfg('cookie_domain', ''); $cookie_path = $this->getCfg('cookie_path', '/'); setcookie(JUtility::getHash('JLOGIN_REMEMBER'), $rcookie, $lifetime, $cookie_path, $cookie_domain); } } return true; } } // Trigger onUserLoginFailure Event. $this->triggerEvent('onUserLoginFailure', array((array) $response)); // If silent is set, just return false. if (isset($options['silent']) && $options['silent']) { return false; } // If status is success, any error will have been raised by the user plugin if ($response->status !== JAuthentication::STATUS_SUCCESS) { JError::raiseWarning('102001', JText::_('JLIB_LOGIN_AUTHENTICATE')); } return false; }
/** * Login authentication function. * * Username and encoded password are passed the the onUserLogin event which * is responsible for the user validation. A successful validation updates * the current session record with the user's details. * * Username and encoded password are sent as credentials (along with other * possibilities) to each observer (authentication plugin) for user * validation. Successful validation will update the current session with * the user details. * * @param array $credentials Array('username' => string, 'password' => string) * @param array $options Array('remember' => boolean) * * @return boolean True on success. * * @since 11.1 */ public function login($credentials, $options = array()) { // Get the global JAuthentication object. jimport('joomla.user.authentication'); $authenticate = JAuthentication::getInstance(); $response = $authenticate->authenticate($credentials, $options); if ($response->status === JAUTHENTICATE_STATUS_SUCCESS) { // Import the user plugin group. JPluginHelper::importPlugin('user'); // OK, the credentials are authenticated. Lets fire the onLogin event. $results = $this->triggerEvent('onUserLogin', array((array) $response, $options)); /* * If any of the user plugins did not successfully complete the login routine * then the whole method fails. * * Any errors raised should be done in the plugin as this provides the ability * to provide much more information about why the routine may have failed. */ if (!in_array(false, $results, true)) { // Set the remember me cookie if enabled. if (isset($options['remember']) && $options['remember']) { jimport('joomla.utilities.simplecrypt'); jimport('joomla.utilities.utility'); // Create the encryption key, apply extra hardening using the user agent string. $key = JUtility::getHash(@$_SERVER['HTTP_USER_AGENT']); $crypt = new JSimpleCrypt($key); $rcookie = $crypt->encrypt(serialize($credentials)); $lifetime = time() + 365 * 24 * 60 * 60; // Use domain and path set in config for cookie if it exists. $cookie_domain = $this->getCfg('cookie_domain', ''); $cookie_path = $this->getCfg('cookie_path', '/'); setcookie(JUtility::getHash('JLOGIN_REMEMBER'), $rcookie, $lifetime, $cookie_path, $cookie_domain); } return true; } } // Trigger onUserLoginFailure Event. $this->triggerEvent('onUserLoginFailure', array((array) $response)); // If silent is set, just return false. if (isset($options['silent']) && $options['silent']) { return false; } // If status is success, any error will ahve been raised by the user plugin if ($response->status !== JAUTHENTICATE_STATUS_SUCCESS) { JError::raiseWarning('SOME_ERROR_CODE', JText::_('JLIB_LOGIN_AUTHENTICATE')); } return false; }
protected function _cryptViewOnlyElements(&$aHiddenFields) { jimport('joomla.utilities.simplecrypt'); jimport('joomla.utilities.utility'); $crypt = new JSimpleCrypt(); $formModel = $this->getModel(); $fields = array(); foreach ($this->get('readOnlyVals') as $key => $input) { $repeatGroup = $input['repeatgroup']; $isJoin = $input['join']; $input = $input['data']; // $$$ rob not sure this is correct now as I modified the readOnlyVals structure to contain info about if its in a group // and it now contains the repeated group data $input = is_array($input) && array_key_exists('value', $input) ? $input['value'] : $input; if ($repeatGroup) { $ar = array(); $input = (array) $input; foreach ($input as $i) { if (is_array($i)) { //elements with sub options in repeat group $i = json_encode($i); } $ar[] = $i; } $input = $isJoin ? $ar : json_encode($ar); } else { if (is_array($input)) { //elements with sub options not in repeat group $input = json_encode($input); } } if (is_array($input)) { for ($x = 0; $x < count($input); $x++) { if (trim($input[$x]) !== '') { $input[$x] = $crypt->encrypt($input[$x]); } } } else { if (trim($input) !== '') { $input = $crypt->encrypt($input); } } $key = FabrikString::rtrimword($key, "[]"); // $$$ rob - no dont do below as it will strip out join names join[x][fullname] => join //$key = preg_replace("/\[(.*)\]/", '', $key); if (!array_key_exists($key, $fields)) { $fields[$key] = $input; } else { $fields[$key] = (array) $fields[$key]; $fields[$key][] = $input; } } foreach ($fields as $key => $input) { if (is_array($input)) { for ($c = 0; $c < count($input); $c++) { $i = $input[$c]; $aHiddenFields .= "<input type=\"hidden\" name=\"fabrik_vars[querystring][{$key}][{$c}]\" value=\"" . $i . "\" />\n"; } } else { $aHiddenFields .= "<input type=\"hidden\" name=\"fabrik_vars[querystring][{$key}]\" value=\"" . $input . "\" />\n"; } } }
function onUserLogin($user, $options = array()) { $mainframe = JFactory::getApplication('site'); if (array_key_exists ('skip_joomdlehooks', $options)) return; if ($mainframe->isAdmin()) return; $username = $user['username']; $moodle_user = JoomdleHelperContent::call_method ("user_id", $username); // Do nothing if user does not exist in Moodle if (!$moodle_user) return; $comp_params = JComponentHelper::getParams( 'com_joomdle' ); $moodle_url = $comp_params->get( 'MOODLE_URL' ); $redirectless_sso = $comp_params->get( 'redirectless_sso' ); $session = JFactory::getSession(); $token = md5 ($session->getId()); /* Don't log in Moodle if user is blocked */ $user_id = JUserHelper::getUserId($username); $user_obj = JFactory::getUser($user_id); if ($user_obj->block) return; $app = JFactory::getApplication(); if (JRequest::getVar ('return')) { $return = JRequest::getVar ('return'); if (!strncmp ($return, 'B:', 2)) { /* CB login module */ $login_url = urlencode (base64_decode (substr ($return, 2))); } else { /* Normal login */ $login_url = urlencode (base64_decode (JRequest::getVar ('return'))); } } else if (array_key_exists ('url', $options)) $login_url = urlencode ($options['url']); else $login_url = urlencode (JRequest::getUri ()); // Set the remember me cookie if enabled // as we are redirecting and this would not be executed by Joomla if (isset($options['remember']) && $options['remember']) { jimport('joomla.utilities.simplecrypt'); jimport('joomla.utilities.utility'); //Create the encryption key, apply extra hardening using the user agent string $key = JApplication::getHash(@$_SERVER['HTTP_USER_AGENT']); $credentials = array ('username'=>$username, 'password'=>$user['password']); $crypt = new JSimpleCrypt($key); $rcookie = $crypt->encrypt(serialize($credentials)); $lifetime = time() + 365*24*60*60; setcookie( JApplication::getHash('JLOGIN_REMEMBER'), $rcookie, $lifetime, '/' ); } // Metodo nuevo con cURL if ($redirectless_sso) plgUserJoomdlehooks::log_into_moodle ($username, $token); else // Metodo normal usando redirect $app->redirect($moodle_url."/auth/joomdle/land.php?username=$username&token=$token&use_wrapper=0&create_user=0&wantsurl=$login_url" ); }
/** * Write user twitter details to database, encrypting the password * @param $username * @param $password * @return bool */ function _saveUserLogin($username, $password) { global $mainframe; $user =& JFactory::getUser(); if ($user->id) { // make sure there is a logged in user $key = str_rot13(strrev($user->username)); $crypt = new JSimpleCrypt($key); $hash = $crypt->encrypt($password); $btuser =& JTable::getInstance('btuser'); $data = $this->getUser($user->id); $btuser->id = $data->id; $btuser->userid = $user->id; $btuser->username = $username; $btuser->password = $hash; return $btuser->save($btuser); } else { return false; } }