/**
* Method to display the view.
*
* @param string The template file to include
* @since 1.5
*/
public function display($tpl = null)
{
// Get the view data.
$this->user = JFactory::getUser();
$this->form = $this->get('Form');
$this->state = $this->get('State');
$this->params = $this->state->get('params');
// Check for errors.
if (count($errors = $this->get('Errors'))) {
JError::raiseError(500, implode('<br />', $errors));
return false;
}
// Check for layout override
$active = JFactory::getApplication()->getMenu()->getActive();
if (isset($active->query['layout'])) {
$this->setLayout($active->query['layout']);
}
require_once JPATH_ADMINISTRATOR . '/components/com_users/helpers/users.php';
$tfa = UsersHelper::getTwoFactorMethods();
$this->tfa = is_array($tfa) && count($tfa) > 1;
//Escape strings for HTML output
$this->pageclass_sfx = htmlspecialchars($this->params->get('pageclass_sfx'));
$this->prepareDocument();
parent::display($tpl);
}
/**
* Check if the two factor authentication by Joomla! is enabled
*/
public static function tfaEnabled()
{
//tfa is not supported before 3.2
if (version_compare(JVERSION, '3.2', '<')) {
return false;
}
//check for two way authentication
require_once JPATH_ADMINISTRATOR . '/components/com_users/helpers/users.php';
$tfa = UsersHelper::getTwoFactorMethods();
if (isset($tfa) && is_array($tfa) && count($tfa) > 1) {
return true;
}
return false;
}
/**
* Execute and display a template script.
*
* @param string $tpl The name of the template file to parse; automatically searches through the template paths.
*
* @return mixed A string if successful, otherwise an Error object.
*
* @since 1.6
*/
public function display($tpl = null)
{
// Get the view data.
$this->data = $this->get('Data');
$this->form = $this->get('Form');
$this->state = $this->get('State');
$this->params = $this->state->get('params');
$this->twofactorform = $this->get('Twofactorform');
$this->twofactormethods = UsersHelper::getTwoFactorMethods();
$this->otpConfig = $this->get('OtpConfig');
$this->db = JFactory::getDbo();
// Check for errors.
if (count($errors = $this->get('Errors'))) {
JError::raiseError(500, implode('<br />', $errors));
return false;
}
// View also takes responsibility for checking if the user logged in with remember me.
$user = JFactory::getUser();
$cookieLogin = $user->get('cookieLogin');
if (!empty($cookieLogin)) {
// If so, the user must login to edit the password and other data.
// What should happen here? Should we force a logout which destroys the cookies?
$app = JFactory::getApplication();
$app->enqueueMessage(JText::_('JGLOBAL_REMEMBER_MUST_LOGIN'), 'message');
$app->redirect(JRoute::_('index.php?option=com_users&view=login', false));
return false;
}
// Check if a user was found.
if (!$this->data->id) {
JError::raiseError(404, JText::_('JERROR_USERS_PROFILE_NOT_FOUND'));
return false;
}
$this->data->tags = new JHelperTags();
$this->data->tags->getItemTags('com_users.user.', $this->data->id);
// Check for layout override
$active = JFactory::getApplication()->getMenu()->getActive();
if (isset($active->query['layout'])) {
$this->setLayout($active->query['layout']);
}
// Escape strings for HTML output
$this->pageclass_sfx = htmlspecialchars($this->params->get('pageclass_sfx'));
$this->prepareDocument();
return parent::display($tpl);
}
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object &$response Authentication response object
*
* @return boolean
*
* @since 1.5
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
$response->type = 'Joomla';
// Joomla does not like blank passwords
if (empty($credentials['password'])) {
$response->status = JAuthentication::STATUS_FAILURE;
$response->error_message = JText::_('JGLOBAL_AUTH_EMPTY_PASS_NOT_ALLOWED');
return false;
}
// Get a database object
$db = JFactory::getDbo();
$query = $db->getQuery(true)->select('id, password')->from('#__users')->where('username='******'username']));
$db->setQuery($query);
$result = $db->loadObject();
if ($result) {
$match = JUserHelper::verifyPassword($credentials['password'], $result->password, $result->id);
if ($match === true) {
// Bring this in line with the rest of the system
$user = JUser::getInstance($result->id);
$response->email = $user->email;
$response->fullname = $user->name;
if (JFactory::getApplication()->isAdmin()) {
$response->language = $user->getParam('admin_language');
} else {
$response->language = $user->getParam('language');
}
$response->status = JAuthentication::STATUS_SUCCESS;
$response->error_message = '';
} else {
// Invalid password
$response->status = JAuthentication::STATUS_FAILURE;
$response->error_message = JText::_('JGLOBAL_AUTH_INVALID_PASS');
}
} else {
// Invalid user
$response->status = JAuthentication::STATUS_FAILURE;
$response->error_message = JText::_('JGLOBAL_AUTH_NO_USER');
}
// Check the two factor authentication
if ($response->status == JAuthentication::STATUS_SUCCESS) {
require_once JPATH_ADMINISTRATOR . '/components/com_users/helpers/users.php';
$methods = UsersHelper::getTwoFactorMethods();
if (count($methods) <= 1) {
// No two factor authentication method is enabled
return;
}
require_once JPATH_ADMINISTRATOR . '/components/com_users/models/user.php';
$model = new UsersModelUser();
// Load the user's OTP (one time password, a.k.a. two factor auth) configuration
if (!array_key_exists('otp_config', $options)) {
$otpConfig = $model->getOtpConfig($result->id);
$options['otp_config'] = $otpConfig;
} else {
$otpConfig = $options['otp_config'];
}
// Check if the user has enabled two factor authentication
if (empty($otpConfig->method) || $otpConfig->method == 'none') {
// Warn the user if he's using a secret code but he has not
// enabed two factor auth in his account.
if (!empty($credentials['secretkey'])) {
try {
$app = JFactory::getApplication();
$this->loadLanguage();
$app->enqueueMessage(JText::_('PLG_AUTH_JOOMLA_ERR_SECRET_CODE_WITHOUT_TFA'), 'warning');
} catch (Exception $exc) {
// This happens when we are in CLI mode. In this case
// no warning is issued
return;
}
}
return;
}
// Load the Joomla! RAD layer
if (!defined('FOF_INCLUDED')) {
include_once JPATH_LIBRARIES . '/fof/include.php';
}
// Try to validate the OTP
FOFPlatform::getInstance()->importPlugin('twofactorauth');
$otpAuthReplies = FOFPlatform::getInstance()->runPlugins('onUserTwofactorAuthenticate', array($credentials, $options));
$check = false;
/*
* This looks like noob code but DO NOT TOUCH IT and do not convert
* to in_array(). During testing in_array() inexplicably returned
* null when the OTEP begins with a zero! o_O
*/
if (!empty($otpAuthReplies)) {
foreach ($otpAuthReplies as $authReply) {
$check = $check || $authReply;
}
}
// Fall back to one time emergency passwords
if (!$check) {
// Did the user use an OTEP instead?
if (empty($otpConfig->otep)) {
if (empty($otpConfig->method) || $otpConfig->method == 'none') {
// Two factor authentication is not enabled on this account.
// Any string is assumed to be a valid OTEP.
return true;
} else {
/*
* Two factor authentication enabled and no OTEPs defined. The
* user has used them all up. Therefore anything he enters is
* an invalid OTEP.
*/
return false;
}
}
// Clean up the OTEP (remove dashes, spaces and other funny stuff
// our beloved users may have unwittingly stuffed in it)
$otep = $credentials['secretkey'];
$otep = filter_var($otep, FILTER_SANITIZE_NUMBER_INT);
$otep = str_replace('-', '', $otep);
$check = false;
// Did we find a valid OTEP?
if (in_array($otep, $otpConfig->otep)) {
// Remove the OTEP from the array
$otpConfig->otep = array_diff($otpConfig->otep, array($otep));
$model->setOtpConfig($result->id, $otpConfig);
// Return true; the OTEP was a valid one
$check = true;
}
}
if (!$check) {
$response->status = JAuthentication::STATUS_FAILURE;
$response->error_message = JText::_('JGLOBAL_AUTH_INVALID_SECRETKEY');
}
}
}
<?php
/**
* @package Warp Theme Framework
* @author YOOtheme http://www.yootheme.com
* @copyright Copyright (C) YOOtheme GmbH
* @license http://www.gnu.org/licenses/gpl.html GNU/GPL
*/
// prepare filters
$filters = $this['assetfilter']->create(array('CSSImportResolver', 'CSSRewriteURL', 'CSSCompressor'));
require_once JPATH_ADMINISTRATOR . '/components/com_users/helpers/users.php';
$twofactormethods = UsersHelper::getTwoFactorMethods();
?>
<!DOCTYPE HTML>
<html lang="<?php
echo $this['config']->get('language');
?>
" dir="<?php
echo $this['config']->get('direction');
?>
">
<head>
<title><?php
echo $error;
?>
- <?php
echo $title;
?>
</title>
<link rel="stylesheet" href="<?php
/**
* Creates a list of two factor authentication methods used in com_users
* on user view
*
* @return array
*/
public static function getTwoFactorMethods()
{
JLoader::register('UsersHelper', JPATH_ADMINISTRATOR . '/components/com_users/helpers/users.php');
return UsersHelper::getTwoFactorMethods();
}
/**
* Creates a list of two factor authentication methods used in com_users
* on user view
*
* @return array
*/
public static function getTwoFactorMethods()
{
require_once JPATH_ADMINISTRATOR . '/components/com_users/helpers/users.php';
return UsersHelper::getTwoFactorMethods();
}
/**
* Method to check if TFA is enabled when user ins't logged
*
* @return int
*/
public static function getTwoFactorMethods()
{
if (!version_compare(JVERSION, '3.2', '>=')) {
return null;
}
require_once JPATH_ADMINISTRATOR . '/components/com_users/helpers/users.php';
return count(UsersHelper::getTwoFactorMethods());
}
<?php
/**
* @package AkeebaSubs
* @copyright Copyright (c)2010-2015 Nicholas K. Dionysopoulos
* @license GNU General Public License version 3, or later
*/
defined('_JEXEC') or die;
// The form action URL, points to com_users' login task
$login_url = 'index.php?option=com_users&task=user.login';
// A reference back to ourselves
$redirectURL = JURI::getInstance()->toString();
// Should I use two factor authentication in Joomla! 3.2 and later?
$useTwoFactorAuth = false;
require_once JPATH_ADMINISTRATOR . '/components/com_users/helpers/users.php';
$tfaMethods = UsersHelper::getTwoFactorMethods();
$useTwoFactorAuth = count($tfaMethods) > 1;
if ($useTwoFactorAuth) {
JHtml::_('behavior.keepalive');
}
?>
<form action="<?php
echo rtrim(JURI::base(), '/');
?>
/<?php
echo $login_url;
?>
" method="post" class="form form-horizontal well">
<input type="hidden" name="return" value="<?php
echo base64_encode($redirectURL);
static function getTwoFactorMethods()
{
global $_CB_framework;
if (checkJversion('3.2+')) {
require_once $_CB_framework->getCfg('absolute_path') . '/administrator/components/com_users/helpers/users.php';
return UsersHelper::getTwoFactorMethods();
} else {
return array();
}
}
