/**
* Hook for after parsing route
*
* @return void
*/
public function onAfterRoute()
{
if (App::isSite() && !User::isGuest()) {
$exceptions = ['com_users.logout', 'com_support.tickets.save.index', 'com_members.media.download.profiles'];
$current = Request::getWord('option', '');
$current .= ($controller = Request::getWord('controller', false)) ? '.' . $controller : '';
$current .= ($task = Request::getWord('task', false)) ? '.' . $task : '';
$current .= ($view = Request::getWord('view', false)) ? '.' . $view : '';
// If guest, proceed as normal and they'll land on the login page
if (!in_array($current, $exceptions) && \Hubzero\User\User::oneOrFail(User::get('id'))->reputation->isJailed()) {
Request::setVar('option', 'com_users');
Request::setVar('view', 'spamjail');
}
}
}
/**
* Processes the password set form
*
* @return void
*/
public function settingpasswordTask()
{
// Check for request forgeries
Session::checkToken('post') or exit(Lang::txt('JINVALID_TOKEN'));
// Get the token and user id from the verification process
$token = User::getState('com_users.reset.token', null);
$id = User::getState('com_users.reset.user', null);
$no_html = Request::getInt('no_html', 0);
// Check the token and user id
if (empty($token) || empty($id)) {
throw new Exception(Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_TOKENS_MISSING'), 403);
}
// Get the user object
$user = \Hubzero\User\User::oneOrFail($id);
// Check for a user and that the tokens match
if ($user->tokens()->latest()->token !== $token) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning');
return;
}
// Make sure the user isn't blocked
if ($user->get('block')) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning');
return;
}
if (\Hubzero\User\Helper::isXDomainUser($user->get('id'))) {
throw new Exception(Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_LINKED_ACCOUNT'), 403);
}
$password_rules = \Hubzero\Password\Rule::all()->whereEquals('enabled', 1)->rows();
$password1 = trim(Request::getVar('password1', null));
$password2 = trim(Request::getVar('password2', null));
if (!empty($password1)) {
$msg = \Hubzero\Password\Rule::verify($password1, $password_rules, $user->get('username'));
} else {
$msg = array();
}
require_once dirname(dirname(__DIR__)) . DS . 'helpers' . DS . 'utility.php';
$error = false;
$changing = true;
if (!$password1 || !$password2) {
$error = Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_PASSWORD_TWICE');
} elseif ($password1 != $password2) {
$error = Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_PASSWORD_DONT_MATCH');
} elseif (!\Components\Members\Helpers\Utility::validpassword($password1)) {
$error = Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_PASSWORD_INVALID');
} elseif (!empty($msg)) {
$error = Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_PASSWORD_FAILS_REQUIREMENTS');
}
// If we're resetting password to the current password, just return true
// That way you can't reset the counter on your current password, or invalidate it by putting it into history
if (\Hubzero\User\Password::passwordMatches($user->get('id'), $password1)) {
$error = false;
$changing = false;
$result = true;
}
if ($error) {
if ($no_html) {
$response = array('success' => false, 'message' => $error);
echo json_encode($response);
die;
} else {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), $error, 'warning');
return;
}
}
if ($changing) {
// Encrypt the password and update the profile
$result = \Hubzero\User\Password::changePassword($user->get('username'), $password1);
}
// Save the changes
if (!$result) {
if ($no_html) {
$response = array('success' => false, 'message' => Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_GENERIC'));
echo json_encode($response);
die;
} else {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_GENERIC'), 'warning');
return;
}
}
// Flush the user data from the session
User::setState('com_users.reset.token', null);
User::setState('com_users.reset.user', null);
if ($no_html) {
$response = array('success' => true, 'redirect' => Route::url('index.php?option=com_users&view=login', false));
echo json_encode($response);
die;
} else {
// Everything went well...go to the login page
App::redirect(Route::url('index.php?option=com_users&view=login', false), Lang::txt('COM_MEMBERS_CREDENTIALS_PASSWORD_RESET_COMPLETE'), 'passed');
}
}
/**
* This method should handle any authentication and report back to the subject
*
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return boolean
*/
public function onUserAuthenticate($credentials, $options, &$response)
{
jimport('joomla.user.helper');
// For JLog
$response->type = 'hubzero';
// HUBzero does not like blank passwords
if (empty($credentials['password'])) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_HUBZERO_ERROR_EMPTY_PASS');
return false;
}
// Initialize variables
$conditions = '';
// Get a database object
$db = \App::get('db');
// Determine if attempting to log in via username or email address
if (strpos($credentials['username'], '@')) {
$conditions = ' WHERE email=' . $db->Quote($credentials['username']);
} else {
$conditions = ' WHERE username='******'username']);
}
$query = 'SELECT `id`, `username`, `password`' . ' FROM `#__users`' . $conditions . ' AND `block` != 1';
$db->setQuery($query);
$result = $db->loadObjectList();
if (is_array($result) && count($result) > 1) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_HUBZERO_UNKNOWN_USER');
return false;
} elseif (is_array($result) && isset($result[0])) {
$result = $result[0];
}
// Now make sure they haven't made too many failed login attempts
if (\Hubzero\User\User::oneOrFail($result->id)->hasExceededLoginLimit()) {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_HUBZERO_TOO_MANY_ATTEMPTS');
return false;
}
if ($result) {
if (\Hubzero\User\Password::passwordMatches($result->username, $credentials['password'], true)) {
$user = User::getInstance($result->id);
$response->username = $user->username;
$response->email = $user->email;
$response->fullname = $user->name;
$response->status = \Hubzero\Auth\Status::SUCCESS;
$response->error_message = '';
// Check validity and age of password
$password_rules = \Hubzero\Password\Rule::getRules();
$msg = \Hubzero\Password\Rule::validate($credentials['password'], $password_rules, $result->username);
if (is_array($msg) && !empty($msg[0])) {
App::get('session')->set('badpassword', '1');
}
if (\Hubzero\User\Password::isPasswordExpired($result->username)) {
App::get('session')->set('expiredpassword', '1');
}
// Set cookie with login preference info
$prefs = array('user_id' => $user->get('id'), 'user_img' => \Hubzero\User\Profile::getInstance($user->get('id'))->getPicture(0, false), 'authenticator' => 'hubzero');
$namespace = 'authenticator';
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake($namespace, $lifetime, $prefs);
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_HUBZERO_AUTHENTICATION_FAILED');
}
} else {
$response->status = \Hubzero\Auth\Status::FAILURE;
$response->error_message = Lang::txt('PLG_AUTHENTICATION_HUBZERO_AUTHENTICATION_FAILED');
}
}
/**
* Before save content method
*
* Article is passed by reference, but after the save, so no changes will be saved.
* Method is called right after the content is saved
*
* @param string $context The context of the content passed to the plugin (added in 1.6)
* @param object $article Model
* @param boolean $isNew If the content is just about to be created
* @return void
* @since 2.5
*/
public function onContentBeforeSave($context, $article, $isNew)
{
if (!App::isSite()) {
return;
}
if ($article instanceof \Hubzero\Base\Object || $article instanceof \Hubzero\Database\Relational) {
$key = $this->_key($context);
$content = ltrim($article->get($key));
} else {
if (is_object($article) || is_array($article)) {
return;
} else {
$content = $article;
}
}
$content = preg_replace('/^<!-- \\{FORMAT:.*\\} -->/i', '', $content);
$content = trim($content);
if (!$content) {
return;
}
// Get the detector manager
$service = new \Hubzero\Spam\Checker();
foreach (Event::trigger('antispam.onAntispamDetector') as $detector) {
if (!$detector) {
continue;
}
$service->registerDetector($detector);
}
// Check content
$data = array('name' => User::get('name'), 'email' => User::get('email'), 'username' => User::get('username'), 'id' => User::get('id'), 'ip' => Request::ip(), 'user_agent' => Request::getVar('HTTP_USER_AGENT', null, 'server'), 'text' => $content);
$result = $service->check($data);
// Log errors any of the service providers may have thrown
if ($service->getError() && App::has('log')) {
App::get('log')->logger('debug')->info(implode(' ', $service->getErrors()));
}
// If the content was detected as spam...
if ($result->isSpam()) {
// Learn from it?
if ($this->params->get('learn_spam', 1)) {
Event::trigger('antispam.onAntispamTrain', array($content, true));
}
// If a message was set...
if ($message = $this->params->get('message')) {
Notify::error($message);
}
// Increment spam hits count...go to spam jail!
\Hubzero\User\User::oneOrFail(User::get('id'))->reputation->incrementSpamCount();
if ($this->params->get('log_spam')) {
$this->log($result->isSpam(), $data);
}
return false;
}
// Content was not spam.
// Learn from it?
if ($this->params->get('learn_ham', 0)) {
Event::trigger('antispam.onAntispamTrain', array($content, false));
}
}
/**
* Before save content method
*
* Article is passed by reference, but after the save, so no changes will be saved.
* Method is called right after the content is saved
*
* @param string $context The context of the content passed to the plugin (added in 1.6)
* @param object $article A JTableContent object
* @param boolean $isNew If the content is just about to be created
* @return void
* @since 2.5
*/
public function onContentBeforeSave($context, $article, $isNew)
{
if (!App::isSite()) {
return;
}
if ($article instanceof \Hubzero\Base\Object) {
$key = $this->_key($context);
$content = ltrim($article->get($key));
} else {
if (is_object($article) || is_array($article)) {
return;
} else {
$content = $article;
}
}
$content = preg_replace('/^<!-- \\{FORMAT:.*\\} -->/i', '', $content);
$content = trim($content);
if (!$content) {
return;
}
// Get the detector manager
$service = new \Hubzero\Spam\Checker();
foreach (Event::trigger('antispam.onAntispamDetector') as $detector) {
if (!$detector) {
continue;
}
$service->registerDetector($detector);
}
// Check content
$data = array('name' => User::get('name'), 'email' => User::get('email'), 'username' => User::get('username'), 'id' => User::get('id'), 'text' => $content);
$result = $service->check($data);
// If the content was detected as spam...
if ($result->isSpam()) {
// Learn from it?
if ($this->params->get('learn_spam', 1)) {
Event::trigger('antispam.onAntispamTrain', array($content, true));
}
// If a message was set...
if ($message = $this->params->get('message')) {
Notify::error($message);
}
// Increment spam hits count...go to spam jail!
\Hubzero\User\User::oneOrFail(User::get('id'))->reputation->incrementSpamCount();
return false;
}
// Content was not spam.
// Learn from it?
if ($this->params->get('learn_ham', 0)) {
Event::trigger('antispam.onAntispamTrain', array($content, false));
}
}
