Spade
Mini Shell
controller.php000064400000005333151155742530007454 0ustar00<?php
/**
* @package Joomla.Administrator
* @subpackage com_login
*
* @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All
rights reserved.
* @license GNU General Public License version 2 or later; see
LICENSE.txt
*/
defined('_JEXEC') or die;
/**
* Login Controller.
*
* @since 1.5
*/
class LoginController extends JControllerLegacy
{
/**
* Method to display a view.
*
* @param boolean $cachable If true, the view output will be cached
* @param array $urlparams An array of safe URL parameters and their
variable types, for valid values see {@link JFilterInput::clean()}.
*
* @return JController This object to support chaining.
*
* @since 1.5
*/
public function display($cachable = false, $urlparams = false)
{
/*
* Special treatment is required for this component, as this view may be
called
* after a session timeout. We must reset the view and layout prior to
display
* otherwise an error will occur.
*/
$this->input->set('view', 'login');
$this->input->set('layout', 'default');
// For non-html formats we do not have login view, so just display 403
instead
if ($this->input->get('format', 'html') !==
'html')
{
throw new RuntimeException(JText::_('JERROR_ALERTNOAUTHOR'),
403);
}
parent::display();
}
/**
* Method to log in a user.
*
* @return void
*/
public function login()
{
// Check for request forgeries.
$this->checkToken('request');
$app = JFactory::getApplication();
$model = $this->getModel('login');
$credentials = $model->getState('credentials');
$return = $model->getState('return');
$result = $app->login($credentials, array('action' =>
'core.login.admin'));
if ($result && !($result instanceof Exception))
{
// Only redirect to an internal URL.
if (JUri::isInternal($return))
{
// If &tmpl=component - redirect to index.php
if (strpos($return, 'tmpl=component') === false)
{
$app->redirect($return);
}
else
{
$app->redirect('index.php');
}
}
}
$this->display();
}
/**
* Method to log out a user.
*
* @return void
*/
public function logout()
{
$this->checkToken('request');
$app = JFactory::getApplication();
$userid = $this->input->getInt('uid', null);
if ($app->get('shared_session', '0'))
{
$clientid = null;
}
else
{
$clientid = $userid ? 0 : 1;
}
$options = array(
'clientid' => $clientid,
);
$result = $app->logout($userid, $options);
if (!($result instanceof Exception))
{
$model = $this->getModel('login');
$return = $model->getState('return');
// Only redirect to an internal URL.
if (JUri::isInternal($return))
{
$app->redirect($return);
}
}
parent::display();
}
}
login.php000064400000001042151155742530006372 0ustar00<?php
/**
* @package Joomla.Administrator
* @subpackage com_login
*
* @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All
rights reserved.
* @license GNU General Public License version 2 or later; see
LICENSE.txt
*/
defined('_JEXEC') or die;
$input = JFactory::getApplication()->input;
$task = $input->get('task');
if ($task != 'login' && $task != 'logout')
{
$input->set('task', '');
$task = '';
}
$controller = JControllerLegacy::getInstance('Login');
$controller->execute($task);
$controller->redirect();
login.xml000064400000001626151155742530006413 0ustar00<?xml
version="1.0" encoding="utf-8"?>
<extension type="component" version="3.1"
method="upgrade">
<name>com_login</name>
<author>Joomla! Project</author>
<creationDate>April 2006</creationDate>
<copyright>(C) 2005 - 2020 Open Source Matters. All rights
reserved.</copyright>
<license>GNU General Public License version 2 or later; see
LICENSE.txt</license>
<authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl>
<version>3.0.0</version>
<description>COM_LOGIN_XML_DESCRIPTION</description>
<administration>
<files folder="admin">
<filename>controller.php</filename>
<filename>login.php</filename>
<folder>views</folder>
<folder>models</folder>
</files>
<languages folder="admin">
<language
tag="en-GB">language/en-GB.com_login.ini</language>
<language
tag="en-GB">language/en-GB.com_login.sys.ini</language>
</languages>
</administration>
</extension>
models/login.php000064400000010655151155742530007667 0ustar00<?php
/**
* @package Joomla.Administrator
* @subpackage com_login
*
* @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All
rights reserved.
* @license GNU General Public License version 2 or later; see
LICENSE.txt
*/
defined('_JEXEC') or die;
/**
* Login Model
*
* @since 1.5
*/
class LoginModelLogin extends JModelLegacy
{
/**
* Method to auto-populate the model state.
*
* Note. Calling getState in this method will result in recursion.
*
* @return void
*
* @since 1.6
*/
protected function populateState()
{
$input =
JFactory::getApplication()->input->getInputForRequestMethod();
$credentials = array(
'username' => $input->get('username',
'', 'USERNAME'),
'password' => $input->get('passwd',
'', 'RAW'),
'secretkey' => $input->get('secretkey',
'', 'RAW'),
);
$this->setState('credentials', $credentials);
// Check for return URL from the request first.
if ($return = $input->get('return', '',
'BASE64'))
{
$return = base64_decode($return);
if (!JUri::isInternal($return))
{
$return = '';
}
}
// Set the return URL if empty.
if (empty($return))
{
$return = 'index.php';
}
$this->setState('return', $return);
}
/**
* Get the administrator login module by name (real, eg 'login'
or folder, eg 'mod_login').
*
* @param string $name The name of the module.
* @param string $title The title of the module, optional.
*
* @return object The Module object.
*
* @since 1.7.0
*/
public static function getLoginModule($name = 'mod_login',
$title = null)
{
$result = null;
$modules = self::_load($name);
$total = count($modules);
for ($i = 0; $i < $total; $i++)
{
// Match the title if we're looking for a specific instance of the
module.
if (!$title || $modules[$i]->title == $title)
{
$result = $modules[$i];
break;
}
}
// If we didn't find it, and the name is mod_something, create a
dummy object.
if (is_null($result) && substr($name, 0, 4) == 'mod_')
{
$result = new stdClass;
$result->id = 0;
$result->title = '';
$result->module = $name;
$result->position = '';
$result->content = '';
$result->showtitle = 0;
$result->control = '';
$result->params = '';
$result->user = 0;
}
return $result;
}
/**
* Load login modules.
*
* Note that we load regardless of state or access level since access
* for public is the only thing that makes sense since users are not
logged in
* and the module lets them log in.
* This is put in as a failsafe to avoid super user lock out caused by an
unpublished
* login module or by a module set to have a viewing access level that is
not Public.
*
* @param string $module The name of the module.
*
* @return array
*
* @since 1.7.0
*/
protected static function _load($module)
{
static $clean;
if (isset($clean))
{
return $clean;
}
$app = JFactory::getApplication();
$lang = JFactory::getLanguage()->getTag();
$clientId = (int) $app->getClientId();
/** @var JCacheControllerCallback $cache */
$cache = JFactory::getCache('com_modules',
'callback');
$loader = function () use ($app, $lang, $module) {
$db = JFactory::getDbo();
$query = $db->getQuery(true)
->select('m.id, m.title, m.module, m.position, m.showtitle,
m.params')
->from('#__modules AS m')
->where('m.module =' . $db->quote($module) . ' AND
m.client_id = 1')
->join('LEFT', '#__extensions AS e ON e.element =
m.module AND e.client_id = m.client_id')
->where('e.enabled = 1');
// Filter by language.
if ($app->isClient('site') &&
$app->getLanguageFilter())
{
$query->where('m.language IN (' . $db->quote($lang) .
',' . $db->quote('*') . ')');
}
$query->order('m.position, m.ordering');
// Set the query.
$db->setQuery($query);
return $db->loadObjectList();
};
try
{
return $clean = $cache->get($loader, array(),
md5(serialize(array($clientId, $lang))));
}
catch (JCacheException $cacheException)
{
try
{
return $loader();
}
catch (JDatabaseExceptionExecuting $databaseException)
{
JError::raiseWarning(500,
JText::sprintf('JLIB_APPLICATION_ERROR_MODULE_LOAD',
$databaseException->getMessage()));
return array();
}
}
catch (JDatabaseExceptionExecuting $databaseException)
{
JError::raiseWarning(500,
JText::sprintf('JLIB_APPLICATION_ERROR_MODULE_LOAD',
$databaseException->getMessage()));
return array();
}
}
}
views/login/tmpl/default.php000064400000001724151155742540012137
0ustar00<?php
/**
* @package Joomla.Administrator
* @subpackage com_login
*
* @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All
rights reserved.
* @license GNU General Public License version 2 or later; see
LICENSE.txt
*/
defined('_JEXEC') or die;
/**
* Get the login modules
* If you want to use a completely different login module change the value
of name
* in your layout override.
*/
$loginmodule = LoginModelLogin::getLoginModule('mod_login');
echo JModuleHelper::renderModule($loginmodule, array('style'
=> 'rounded', 'id' => 'section-box'));
/**
* Get any other modules in the login position.
* If you want to use a different position for the modules, change the name
here in your override.
*/
$modules = JModuleHelper::getModules('login');
foreach ($modules as $module)
// Render the login modules
if ($module->module != 'mod_login'){
echo JModuleHelper::renderModule($module, array('style' =>
'rounded', 'id' => 'section-box'));
}
views/login/view.html.php000064400000001750151155742540011453
0ustar00<?php
/**
* @package Joomla.Administrator
* @subpackage com_login
*
* @copyright Copyright (C) 2005 - 2020 Open Source Matters, Inc. All
rights reserved.
* @license GNU General Public License version 2 or later; see
LICENSE.txt
*/
defined('_JEXEC') or die;
/**
* HTML View class for the Login component
*
* @since 1.6
*/
class LoginViewLogin extends JViewLegacy
{
/**
* Display the view.
*
* @param string $tpl The name of the template file to parse.
*
* @return void
*
* @since 3.7.0
*/
public function display($tpl = null)
{
/**
* To prevent clickjacking, only allow the login form to be used inside a
frame in the same origin.
* So send a X-Frame-Options HTTP Header with the SAMEORIGIN value.
*
* @link https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
* @link https://tools.ietf.org/html/rfc7034
*/
JFactory::getApplication()->setHeader('X-Frame-Options',
'SAMEORIGIN');
return parent::display($tpl);
}
}