Source for file cookie.php

Documentation is available at cookie.php

  1. <?php
  2. /**
  3.  * @package     Joomla.Plugin
  4.  * @subpackage  Authentication.cookie
  5.  *
  6.  * @copyright   Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
  7.  * @license     GNU General Public License version 2 or later; see LICENSE.txt
  8.  */
  9.  
  10. defined('_JEXEC'or die;
  11.  
  12. /**
  13.  * Joomla Authentication plugin
  14.  *
  15.  * @package     Joomla.Plugin
  16.  * @subpackage  Authentication.cookie
  17.  * @since       3.2
  18.  */
  19. class PlgAuthenticationCookie extends JPlugin
  20. {
  21.     /**
  22.      * Application object
  23.      *
  24.      * @var    JApplicationCms 
  25.      * @since  3.2
  26.      */
  27.     protected $app;
  28.  
  29.     /**
  30.      * Database object
  31.      *
  32.      * @var    JDatabaseDriver 
  33.      * @since  3.2
  34.      */
  35.     protected $db;
  36.  
  37.     /**
  38.      * This method should handle any authentication and report back to the subject
  39.      *
  40.      * @param   array   $credentials  Array holding the user credentials
  41.      * @param   array   $options      Array of extra options
  42.      * @param   object  &$response    Authentication response object
  43.      *
  44.      * @return  boolean 
  45.      *
  46.      * @since   3.2
  47.      */
  48.     public function onUserAuthenticate($credentials$options&$response)
  49.     {
  50.         // No remember me for admin
  51.         if ($this->app->isAdmin())
  52.         {
  53.             return false;
  54.         }
  55.  
  56.         JLoader::register('JAuthentication'JPATH_LIBRARIES '/joomla/user/authentication.php');
  57.  
  58.         $response->type 'Cookie';
  59.  
  60.         // We need to validate the cookie data because there may be no Remember Me plugin to do it.
  61.         // Create the cookie name and data.
  62.         $rememberArray JUserHelper::getRememberCookieData();
  63.  
  64.         if ($rememberArray == false)
  65.         {
  66.             return false;
  67.         }
  68.  
  69.         list($privateKey$series$uastring$rememberArray;
  70.  
  71.         // Find the matching record if it exists.
  72.         $query $this->db->getQuery(true)
  73.         ->select($this->db->quoteName(array('user_id''token''series''time''invalid')))
  74.         ->from($this->db->quoteName('#__user_keys'))
  75.         ->where($this->db->quoteName('series'' = ' $this->db->quote(base64_encode($series)))
  76.         ->where($this->db->quoteName('uastring'' = ' $this->db->quote($uastring))
  77.         ->order($this->db->quoteName('time'' DESC');
  78.  
  79.         $results $this->db->setQuery($query)->loadObjectList();
  80.  
  81.         $countResults count($results);
  82.  
  83.         if ($countResults !== 1)
  84.         {
  85.              $response->status  JAuthentication::STATUS_FAILURE;
  86.  
  87.              return;
  88.         }
  89.  
  90.         // We have a user with one cookie with a valid series and a corresponding record in the database.
  91.         else
  92.         {
  93.             if (substr($results[0]->token04=== '$2y$')
  94.             {
  95.                 if (JCrypt::hasStrongPasswordSupport())
  96.                 {
  97.                     $match password_verify($privateKey$results[0]->token);
  98.                 }
  99.             }
  100.             else
  101.             {
  102.                 if (JCrypt::timingSafeCompare($results[0]->token$privateKey))
  103.                 {
  104.                     $match true;
  105.                 }
  106.             }
  107.  
  108.             if (empty($match))
  109.             {
  110.                 JUserHelper::invalidateCookie($results[0]->user_id$uastring);
  111.                 JLog::add(JText::sprintf('PLG_SYSTEM_REMEMBER_ERROR_LOG_LOGIN_FAILED'$user->username)JLog::WARNING'security');
  112.                 $response->status  JAuthentication::STATUS_FAILURE;
  113.  
  114.                 return false;
  115.             }
  116.         }
  117.  
  118.         // Set cookie params.
  119.         if (!empty($options['lifetime']&& !empty($options['length']&& !empty($options['secure']))
  120.         {
  121.             $response->lifetime $options['lifetime'];
  122.             $response->length $options['length'];
  123.             $response->secure $options['secure'];
  124.         }
  125.  
  126.         // Make sure there really is a user with this name and get the data for the session.
  127.         $query $this->db->getQuery(true)
  128.             ->select($this->db->quoteName(array('id''username''password')))
  129.             ->from($this->db->quoteName('#__users'))
  130.             ->where($this->db->quoteName('username'' = ' $this->db->quote($credentials['username']));
  131.  
  132.         $result $this->db->setQuery($query)->loadObject();
  133.  
  134.         if ($result)
  135.         {
  136.             // Bring this in line with the rest of the system
  137.             $user JUser::getInstance($result->id);
  138.             $cookieName JUserHelper::getShortHashedUserAgent();
  139.  
  140.             // If there is no cookie, bail out
  141.             if (!$this->app->input->cookie->get($cookieName))
  142.             {
  143.                 return;
  144.             }
  145.  
  146.             // Set response data.
  147.             $response->username $result->username;
  148.             $response->email    $user->email;
  149.             $response->fullname $user->name;
  150.             $response->password $result->password;
  151.             $response->language $user->getParam('language');
  152.  
  153.             // Set response status.
  154.             $response->status        JAuthentication::STATUS_SUCCESS;
  155.             $response->error_message '';
  156.         }
  157.         else
  158.         {
  159.             $response->status        JAuthentication::STATUS_FAILURE;
  160.             $response->error_message JText::_('JGLOBAL_AUTH_NO_USER');
  161.         }
  162.     }
  163. }

Documentation generated on Tue, 19 Nov 2013 14:57:34 +0100 by phpDocumentor 1.4.3