Source for file joomla.php
Documentation is available at joomla.php
* @subpackage User.joomla
* @copyright Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
* @subpackage User.joomla
* True to use strong password encryption
* Constructor. We use it to set the app and db properties.
* @param object &$subject The object to observe
* @param array $config An optional associative array of configuration settings.
* Recognized key values include 'name', 'group', 'params', 'language'
* (this list is not meant to be comprehensive).
public function __construct(&$subject, $config =
array())
// As of CMS 3.2 strong encryption is the default.
* Remove all sessions for the user name
* Method is called after user data is deleted from the database
* @param array $user Holds the user data
* @param boolean $success True if user was succesfully stored in the database
* @param string $msg Message
$this->db->getQuery(true)
->delete($this->db->quoteName('#__session'))
->where($this->db->quoteName('userid') .
' = ' . (int)
$user['id'])
* Utility method to act on a user after it has been saved.
* This method sends a registration email to new users created in the backend.
* @param array $user Holds the new user data.
* @param boolean $isnew True if a new user is stored.
* @param boolean $success True if user was succesfully stored in the database.
* @param string $msg Message.
$mail_to_user =
$this->params->get('mail_to_user', 1);
// TODO: Suck in the frontend registration emails here as well. Job for a rainy day.
if ($this->app->isAdmin())
// Load user_joomla plugin language (not done automatically).
// Compute the mail subject.
'PLG_USER_JOOMLA_NEW_USER_EMAIL_SUBJECT',
$config =
$this->app->get('sitename')
// Compute the mail body.
'PLG_USER_JOOMLA_NEW_USER_EMAIL_BODY',
$this->app->get('sitename'),
// Assemble the email data...the sexy way!
$this->app->get('mailfrom'),
$this->app->get('fromname')
->addRecipient($user['email'])
->setSubject($emailSubject)
$this->app->enqueueMessage(JText::_('ERROR_SENDING_EMAIL'), 'warning');
// Existing user - nothing to do...yet.
* This method should handle any login logic and report back to the subject
* @param array $user Holds the user data
* @param array $options Array holding options (remember, autoregister, group)
* @return boolean True on success
$instance =
$this->_getUser($user, $options);
// If _getUser returned an error, then pass it back.
if ($instance instanceof
Exception)
// If the user is blocked, redirect with an error
if ($instance->get('block') ==
1)
$this->app->enqueueMessage(JText::_('JERROR_NOLOGIN_BLOCKED'), 'warning');
// Authorise the user based on the group information
if (!isset
($options['group']))
$options['group'] =
'USERS';
// Check the user can login.
$result =
$instance->authorise($options['action']);
$this->app->enqueueMessage(JText::_('JERROR_LOGIN_DENIED'), 'warning');
// Mark the user as logged in
$instance->set('guest', 0);
// If the user has an outdated hash, update it.
if (strlen($user['password']) >
55)
$user['password'] =
substr($user['password'], 0, 55);
// Register the needed session variables
$session->set('user', $instance);
// Check to see the the session already exists.
$this->app->checkSession();
// Update the user related fields for the Joomla sessions table.
$query =
$this->db->getQuery(true)
->update($this->db->quoteName('#__session'))
->set($this->db->quoteName('guest') .
' = ' .
$this->db->quote($instance->guest))
->set($this->db->quoteName('username') .
' = ' .
$this->db->quote($instance->username))
->set($this->db->quoteName('userid') .
' = ' . (int)
$instance->id)
->where($this->db->quoteName('session_id') .
' = ' .
$this->db->quote($session->getId()));
$this->db->setQuery($query)->execute();
// Hit the user last visit field
$instance->setLastVisit();
* This method should handle any logout logic and report back to the subject
* @param array $user Holds the user data.
* @param array $options Array holding options (client, ...).
* @return object True on success
// Make sure we're a valid user first
if ($user['id'] ==
0 &&
!$my->get('tmp_user'))
// Check to see if we're deleting the current session
if ($my->get('id') ==
$user['id'] &&
$options['clientid'] ==
$this->app->getClientId())
// Hit the user last visit field
// Destroy the php session for this user
// Force logout all users with that userid
$query =
$this->db->getQuery(true)
->delete($this->db->quoteName('#__session'))
->where($this->db->quoteName('userid') .
' = ' . (int)
$user['id'])
->where($this->db->quoteName('client_id') .
' = ' . (int)
$options['clientid']);
$this->db->setQuery($query)->execute();
* This method will return a user object
* If options['autoregister'] is true, if the user doesn't exist yet he will be created
* @param array $user Holds the user data.
* @param array $options Array holding options (remember, autoregister, group).
* @return object A JUser object
protected function _getUser($user, $options =
array())
// TODO : move this out of the plugin
// Hard coded default to match the default value from com_users.
$defaultUserGroup =
$config->get('new_usertype', 2);
$instance->set('name', $user['fullname']);
$instance->set('username', $user['username']);
$instance->set('password_clear', $user['password_clear']);
// Result should contain an email (check).
$instance->set('email', $user['email']);
$instance->set('groups', array($defaultUserGroup));
// If autoregister is set let's register the user
$autoregister = isset
($options['autoregister']) ?
$options['autoregister'] :
$this->params->get('autoregister', 1);
JLog::add('Error in autoregistration for user ' .
$user['username'] .
'.', JLog::WARNING, 'error');
// No existing user and autoregister off, this is a temporary user.
$instance->set('tmp_user', true);
* We set the authentication cookie only after login is successfullly finished.
* We set a new cookie either for a user with no cookies or one
* where the user used a cookie to authenticate.
* @param array options Array holding options
* @return boolean True on success
// Currently this portion of the method only applies to Cookie based login.
if (!isset
($options['responseType']) ||
($options['responseType'] !=
'Cookie' &&
empty($options['remember'])))
// We get the parameter values differently for cookie and non-cookie logins.
$cookieLifetime =
empty($options['lifetime']) ?
$this->app->rememberCookieLifetime :
$options['lifetime'];
$length =
empty($options['length']) ?
$this->app->rememberCookieLength :
$options['length'];
$secure =
empty($options['secure']) ?
$this->app->rememberCookieSecure :
$options['secure'];
// We need the old data to match against the current database
// We are going to concatenate with . so we need to remove it from the strings.
// Create an identifier and make sure that it is unique.
// Unique identifier for the device-user
// We are going to concatenate with . so we need to remove it from the strings.
$query =
$this->db->getQuery(true)
->select($this->db->quoteName('series'))
->from($this->db->quoteName('#__user_keys'))
->where($this->db->quoteName('series') .
' = ' .
$this->db->quote(base64_encode($series)));
$results =
$this->db->setQuery($query)->loadResult();
while ($unique ===
false);
// If a user logs in with non cookie login and remember me checked we will
// delete any invalid entries so that he or she can use remember once again.
if ($options['responseType'] !==
'Cookie')
$query =
$this->db->getQuery(true)
->where($this->db->quoteName('uastring') .
' = ' .
$this->db->quote($cookieName))
->where($this->db->quoteName('user_id') .
' = ' .
$this->db->quote($options['user']->username));
$this->db->setQuery($query)->execute();
$cookieValue =
$privateKey .
'.' .
$series .
'.' .
$cookieName;
// Destroy the old cookie.
$this->app->input->cookie->set($cookieName, false, time() -
42000, $this->app->get('cookie_path'), $this->app->get('cookie_domain'));
$this->app->input->cookie->set(
$cookieName, $cookieValue, $cookieLifetime, $this->app->get('cookie_path'), $this->app->get('cookie_domain'), $secure
$query =
$this->db->getQuery(true);
if (empty($user->cookieLogin) ||
$options['response'] !=
'Coookie')
// For users doing login from Joomla or other systems
$query->insert($this->db->quoteName('#__user_keys'));
->update($this->db->quoteName('#__user_keys'))
->where($this->db->quoteName('user_id') .
' = ' .
$this->db->quote($options['user']->username))
->where($this->db->quoteName('series') .
' = ' .
$this->db->quote(base64_encode($rememberArray[1])))
->where($this->db->quoteName('uastring') .
' = ' .
$this->db->quote($cookieName));
->set($this->db->quoteName('user_id') .
' = ' .
$this->db->quote($options['user']->username))
->set($this->db->quoteName('time') .
' = ' .
$cookieLifetime)
->set($this->db->quoteName('token') .
' = ' .
$this->db->quote($cryptedKey))
->set($this->db->quoteName('series') .
' = ' .
$this->db->quote(base64_encode($series)))
->set($this->db->quoteName('invalid') .
' = 0')
->set($this->db->quoteName('uastring') .
' = ' .
$this->db->quote($cookieName));
$this->db->setQuery($query)->execute();
* This is where we delete any authentication cookie when a user logs out
* @param array $options Array holding options (length, timeToExpiration)
* @return boolean True on success
// There are no cookies to delete.
if ($rememberArray ===
false)
list
($privateKey, $series, $cookieName) =
$rememberArray;
// Remove the record from the database
$query =
$this->db->getQuery(true);
->where($this->db->quoteName('uastring') .
' = ' .
$this->db->quote($cookieName))
->where($this->db->quoteName('series') .
' = ' .
$this->db->quote(base64_encode($series)))
->where($this->db->quoteName('user_id') .
' = ' .
$this->db->quote($options['username']));
$this->db->setQuery($query)->execute();
$this->app->input->cookie->set($cookieName, false, time() -
42000, $this->cookie_path, $this->cookie_domain);
* Method to set the default encryption for passwords
* @param JRegistry $userPluginParams User plugin params
* @return string The default encryption method based on plugin parameters
if ($userPluginParams->get('strong_passwords') ==
1)
Documentation generated on Tue, 19 Nov 2013 15:06:13 +0100 by phpDocumentor 1.4.3