Spade
Mini Shell
PK�)�[�"�ZZforms/mailto.xmlnu�[���<?xml
version="1.0" encoding="utf-8" ?>
<form>
<fieldset name="default">
<field
name="emailto"
type="email"
label="COM_MAILTO_EMAIL_TO"
filter="string"
required="true"
size="30"
validate="email"
autocomplete="email"
/>
<field
name="sender"
type="text"
label="COM_MAILTO_SENDER"
filter="string"
required="true"
size="30"
/>
<field
name="emailfrom"
type="email"
label="COM_MAILTO_YOUR_EMAIL"
filter="string"
required="true"
size="30"
validate="email"
autocomplete="email"
/>
<field
name="subject"
type="text"
label="COM_MAILTO_SUBJECT"
filter="string"
required="true"
size="30"
/>
<field
name="captcha"
type="captcha"
label="COM_MAILTO_CAPTCHA"
validate="captcha"
/>
</fieldset>
</form>
PK�)�[��f�
�
mailto.phpnu�[���<?php
/**
* @package Joomla.Site
* @subpackage com_users
*
* @copyright (C) 2018 Open Source Matters, Inc.
<https://www.joomla.org>
* @license GNU General Public License version 2 or later; see
LICENSE.txt
*/
defined('_JEXEC') or die;
/**
* Mailto model class.
*
* @since 3.8.9
*/
class MailtoModelMailto extends JModelForm
{
/**
* Method to get the mailto form.
*
* The base form is loaded from XML and then an event is fired
* for users plugins to extend the form with extra fields.
*
* @param array $data An optional array of data for the form to
interrogate.
* @param boolean $loadData True if the form is to load its own data
(default case), false if not.
*
* @return JForm A JForm object on success, false on failure
*
* @since 3.8.9
*/
public function getForm($data = array(), $loadData = true)
{
// Get the form.
$form = $this->loadForm('com_mailto.mailto',
'mailto', array('load_data' => $loadData));
if (empty($form))
{
return false;
}
return $form;
}
/**
* Method to get the data that should be injected in the form.
*
* @return array The default data is an empty array.
*
* @since 3.8.9
*/
protected function loadFormData()
{
$user = JFactory::getUser();
$app = JFactory::getApplication();
$data = $app->getUserState('mailto.mailto.form.data',
array());
$data['link'] =
urldecode($app->input->get('link', '',
'BASE64'));
if ($data['link'] == '')
{
JError::raiseError(403,
JText::_('COM_MAILTO_LINK_IS_MISSING'));
return false;
}
// Load with previous data, if it exists
$data['sender'] =
$app->input->post->getString('sender', '');
$data['subject'] =
$app->input->post->getString('subject', '');
$data['emailfrom'] =
JStringPunycode::emailToPunycode($app->input->post->getString('emailfrom',
''));
$data['emailto'] =
JStringPunycode::emailToPunycode($app->input->post->getString('emailto',
''));
if (!$user->guest)
{
$data['sender'] = $user->name;
$data['emailfrom'] = $user->email;
}
$app->setUserState('mailto.mailto.form.data', $data);
$this->preprocessData('com_mailto.mailto', $data);
return $data;
}
/**
* Get the request data
*
* @return array The requested data
*
* @since 3.8.9
*/
public function getData()
{
$input = JFactory::getApplication()->input;
$data['emailto'] = $input->get('emailto',
'', 'string');
$data['sender'] = $input->get('sender',
'', 'string');
$data['emailfrom'] = $input->get('emailfrom',
'', 'string');
$data['subject'] = $input->get('subject',
'', 'string');
$data['consentbox'] = $input->get('consentbox',
'', 'string');
return $data;
}
}
PK{,�[����forms/frontend.xmlnu�[���<?xml
version="1.0" encoding="utf-8"?>
<form>
<fields name="params">
<!-- Basic user account settings. -->
<fieldset name="params"
label="COM_USERS_SETTINGS_FIELDSET_LABEL">
<field
name="editor"
type="plugins"
label="COM_USERS_USER_FIELD_EDITOR_LABEL"
description="COM_USERS_USER_FIELD_EDITOR_DESC"
folder="editors"
useaccess="true"
>
<option value="">JOPTION_USE_DEFAULT</option>
</field>
<field
name="timezone"
type="timezone"
label="COM_USERS_USER_FIELD_TIMEZONE_LABEL"
description="COM_USERS_USER_FIELD_TIMEZONE_DESC"
>
<option value="">JOPTION_USE_DEFAULT</option>
</field>
<field
name="language"
type="language"
label="COM_USERS_USER_FIELD_FRONTEND_LANGUAGE_LABEL"
description="COM_USERS_USER_FIELD_FRONTEND_LANGUAGE_DESC"
client="site"
filter="cmd"
>
<option value="">JOPTION_USE_DEFAULT</option>
</field>
</fieldset>
</fields>
</form>
PK{,�[�qnforms/frontend_admin.xmlnu�[���<?xml
version="1.0" encoding="utf-8"?>
<form>
<fields name="params">
<!-- Backend user account settings. -->
<fieldset name="params"
label="COM_USERS_SETTINGS_FIELDSET_LABEL">
<field
name="admin_style"
type="templatestyle"
label="COM_USERS_USER_FIELD_BACKEND_TEMPLATE_LABEL"
description="COM_USERS_USER_FIELD_BACKEND_TEMPLATE_DESC"
client="administrator"
filter="uint"
>
<option value="">JOPTION_USE_DEFAULT</option>
</field>
<field
name="admin_language"
type="language"
label="COM_USERS_USER_FIELD_BACKEND_LANGUAGE_LABEL"
description="COM_USERS_USER_FIELD_BACKEND_LANGUAGE_DESC"
client="administrator"
filter="cmd"
>
<option value="">JOPTION_USE_DEFAULT</option>
</field>
</fieldset>
</fields>
</form>
PK{,�[[�����forms/login.xmlnu�[���<?xml
version="1.0" encoding="utf-8"?>
<form>
<fieldset name="credentials"
label="COM_USERS_LOGIN_DEFAULT_LABEL">
<field
name="username"
type="text"
label="COM_USERS_LOGIN_USERNAME_LABEL"
class="validate-username"
filter="username"
size="25"
required="true"
validate="username"
autofocus="true"
/>
<field
name="password"
type="password"
label="JGLOBAL_PASSWORD"
class="validate-password"
required="true"
filter="raw"
size="25"
/>
</fieldset>
<field
name="secretkey"
type="text"
label="JGLOBAL_SECRETKEY"
autocomplete="one-time-code"
class=""
filter="int"
size="25"
/>
<fieldset>
<field
name="return"
type="hidden"
/>
</fieldset>
</form>
PK{,�[3��cqqforms/profile.xmlnu�[���<?xml
version="1.0" encoding="utf-8"?>
<form>
<fieldset name="core"
label="COM_USERS_PROFILE_DEFAULT_LABEL">
<field
name="id"
type="hidden"
filter="integer"
/>
<field
name="name"
type="text"
label="COM_USERS_PROFILE_NAME_LABEL"
description="COM_USERS_PROFILE_NAME_DESC"
filter="string"
required="true"
size="30"
/>
<field
name="username"
type="text"
label="COM_USERS_PROFILE_USERNAME_LABEL"
description="COM_USERS_DESIRED_USERNAME"
class="validate-username"
filter="username"
message="COM_USERS_PROFILE_USERNAME_MESSAGE"
required="true"
size="30"
validate="username"
/>
<field
name="password1"
type="password"
label="COM_USERS_PROFILE_PASSWORD1_LABEL"
description="COM_USERS_DESIRED_PASSWORD"
autocomplete="off"
class="validate-password"
filter="raw"
size="30"
validate="password"
/>
<field
name="password2"
type="password"
label="COM_USERS_PROFILE_PASSWORD2_LABEL"
description="COM_USERS_PROFILE_PASSWORD2_DESC"
autocomplete="off"
class="validate-password"
field="password1"
filter="raw"
message="COM_USERS_PROFILE_PASSWORD1_MESSAGE"
size="30"
validate="equals"
/>
<field
name="email1"
type="email"
label="COM_USERS_PROFILE_EMAIL1_LABEL"
description="COM_USERS_PROFILE_EMAIL1_DESC"
filter="string"
required="true"
size="30"
unique="true"
validate="email"
validDomains="com_users.domains"
autocomplete="email"
/>
<field
name="email2"
type="email"
label="COM_USERS_PROFILE_EMAIL2_LABEL"
description="COM_USERS_PROFILE_EMAIL2_DESC"
field="email1"
filter="string"
message="COM_USERS_PROFILE_EMAIL2_MESSAGE"
required="true"
size="30"
validate="equals"
/>
</fieldset>
<!-- Used to get the two factor authentication configuration -->
<field
name="twofactor"
type="hidden"
/>
</form>
PK{,�[ H�forms/registration.xmlnu�[���<?xml
version="1.0" encoding="utf-8"?>
<form>
<fieldset name="default"
label="COM_USERS_REGISTRATION_DEFAULT_LABEL">
<field
name="spacer"
type="spacer"
label="COM_USERS_REGISTER_REQUIRED"
class="text"
/>
<field
name="name"
type="text"
label="COM_USERS_REGISTER_NAME_LABEL"
description="COM_USERS_REGISTER_NAME_DESC"
filter="string"
required="true"
size="30"
/>
<field
name="username"
type="text"
label="COM_USERS_REGISTER_USERNAME_LABEL"
description="COM_USERS_DESIRED_USERNAME"
class="validate-username"
filter="username"
message="COM_USERS_REGISTER_USERNAME_MESSAGE"
required="true"
size="30"
validate="username"
/>
<field
name="password1"
type="password"
label="COM_USERS_PROFILE_PASSWORD1_LABEL"
description="COM_USERS_DESIRED_PASSWORD"
autocomplete="off"
class="validate-password"
field="password1"
filter="raw"
size="30"
validate="password"
required="true"
/>
<field
name="password2"
type="password"
label="COM_USERS_PROFILE_PASSWORD2_LABEL"
description="COM_USERS_PROFILE_PASSWORD2_DESC"
autocomplete="off"
class="validate-password"
field="password1"
filter="raw"
message="COM_USERS_PROFILE_PASSWORD1_MESSAGE"
size="30"
validate="equals"
required="true"
/>
<field
name="email1"
type="email"
label="COM_USERS_REGISTER_EMAIL1_LABEL"
description="COM_USERS_REGISTER_EMAIL1_DESC"
field="id"
filter="string"
required="true"
size="30"
unique="true"
validate="email"
validDomains="com_users.domains"
autocomplete="email"
/>
<field
name="email2"
type="email"
label="COM_USERS_REGISTER_EMAIL2_LABEL"
description="COM_USERS_REGISTER_EMAIL2_DESC"
field="email1"
filter="string"
message="COM_USERS_REGISTER_EMAIL2_MESSAGE"
required="true"
size="30"
validate="equals"
/>
<field
name="captcha"
type="captcha"
label="COM_USERS_CAPTCHA_LABEL"
description="COM_USERS_CAPTCHA_DESC"
validate="captcha"
/>
</fieldset>
</form>
PK{,�[j�%��forms/remind.xmlnu�[���<?xml
version="1.0" encoding="utf-8"?>
<form>
<fieldset name="default"
label="COM_USERS_REMIND_DEFAULT_LABEL">
<field
name="email"
type="email"
label="COM_USERS_FIELD_REMIND_EMAIL_LABEL"
description="COM_USERS_FIELD_REMIND_EMAIL_DESC"
required="true"
size="30"
validate="email"
autocomplete="email"
/>
<field
name="captcha"
type="captcha"
label="COM_USERS_CAPTCHA_LABEL"
description="COM_USERS_CAPTCHA_DESC"
validate="captcha"
/>
</fieldset>
</form>PK{,�[.8��forms/reset_complete.xmlnu�[���<?xml
version="1.0" encoding="utf-8"?>
<form>
<fieldset name="default"
label="COM_USERS_RESET_COMPLETE_LABEL">
<field
name="password1"
type="password"
label="COM_USERS_FIELD_RESET_PASSWORD1_LABEL"
description="COM_USERS_FIELD_RESET_PASSWORD1_DESC"
autocomplete="off"
class="validate-password"
field="password2"
filter="raw"
message="COM_USERS_FIELD_RESET_PASSWORD1_MESSAGE"
required="true"
size="30"
validate="equals"
/>
<field
name="password2"
type="password"
label="COM_USERS_FIELD_RESET_PASSWORD2_LABEL"
description="COM_USERS_FIELD_RESET_PASSWORD2_DESC"
autocomplete="off"
class="validate-password"
filter="raw"
required="true"
size="30"
validate="password"
/>
</fieldset>
</form>PK{,�[���H--forms/reset_confirm.xmlnu�[���<?xml
version="1.0" encoding="utf-8"?>
<form>
<fieldset name="default"
label="COM_USERS_RESET_CONFIRM_LABEL">
<field
name="username"
type="text"
label="COM_USERS_FIELD_RESET_CONFIRM_USERNAME_LABEL"
description="COM_USERS_FIELD_RESET_CONFIRM_USERNAME_DESC"
filter="username"
required="true"
size="30"
/>
<field
name="token"
type="text"
label="COM_USERS_FIELD_RESET_CONFIRM_TOKEN_LABEL"
description="COM_USERS_FIELD_RESET_CONFIRM_TOKEN_DESC"
filter="alnum"
required="true"
size="32"
/>
</fieldset>
</form>
PK{,�[
���forms/reset_request.xmlnu�[���<?xml
version="1.0" encoding="utf-8"?>
<form>
<fieldset name="default"
label="COM_USERS_RESET_REQUEST_LABEL">
<field
name="email"
type="text"
label="COM_USERS_FIELD_PASSWORD_RESET_LABEL"
description="COM_USERS_FIELD_PASSWORD_RESET_DESC"
class="validate-username"
filter="email"
required="true"
size="30"
/>
<field
name="captcha"
type="captcha"
label="COM_USERS_CAPTCHA_LABEL"
description="COM_USERS_CAPTCHA_DESC"
validate="captcha"
/>
</fieldset>
</form>PK{,�[`����forms/sitelang.xmlnu�[���<?xml
version="1.0" encoding="utf-8"?>
<form>
<fields name="params">
<fieldset name="params"
label="COM_USERS_SETTINGS_FIELDSET_LABEL">
<field
name="language"
type="language"
label="COM_USERS_USER_FIELD_FRONTEND_LANGUAGE_LABEL"
description="COM_USERS_USER_FIELD_FRONTEND_LANGUAGE_DESC"
client="site"
filter="cmd"
default="active"
/>
</fieldset>
</fields>
</form>PK{,�[�S&p�
�
login.phpnu�[���<?php
/**
* @package Joomla.Site
* @subpackage com_users
*
* @copyright (C) 2010 Open Source Matters, Inc.
<https://www.joomla.org>
* @license GNU General Public License version 2 or later; see
LICENSE.txt
*/
defined('_JEXEC') or die;
/**
* Rest model class for Users.
*
* @since 1.6
*/
class UsersModelLogin extends JModelForm
{
/**
* Method to get the login form.
*
* The base form is loaded from XML and then an event is fired
* for users plugins to extend the form with extra fields.
*
* @param array $data An optional array of data for the form to
interrogate.
* @param boolean $loadData True if the form is to load its own data
(default case), false if not.
*
* @return JForm A JForm object on success, false on failure
*
* @since 1.6
*/
public function getForm($data = array(), $loadData = true)
{
// Get the form.
$form = $this->loadForm('com_users.login',
'login', array('load_data' => $loadData));
if (empty($form))
{
return false;
}
return $form;
}
/**
* Method to get the data that should be injected in the form.
*
* @return array The default data is an empty array.
*
* @since 1.6
*/
protected function loadFormData()
{
// Check the session for previously entered login form data.
$app = JFactory::getApplication();
$data = $app->getUserState('users.login.form.data',
array());
$input = $app->input->getInputForRequestMethod();
// Check for return URL from the request first
if ($return = $input->get('return', '',
'BASE64'))
{
$data['return'] = base64_decode($return);
if (!JUri::isInternal($data['return']))
{
$data['return'] = '';
}
}
$app->setUserState('users.login.form.data', $data);
$this->preprocessData('com_users.login', $data);
return $data;
}
/**
* Method to auto-populate the model state.
*
* Calling getState in this method will result in recursion.
*
* @return void
*
* @since 1.6
*/
protected function populateState()
{
// Get the application object.
$params =
JFactory::getApplication()->getParams('com_users');
// Load the parameters.
$this->setState('params', $params);
}
/**
* Override JModelAdmin::preprocessForm to ensure the correct plugin group
is loaded.
*
* @param JForm $form A JForm object.
* @param mixed $data The data expected for the form.
* @param string $group The name of the plugin group to import
(defaults to "content").
*
* @return void
*
* @since 1.6
* @throws Exception if there is an error in the form event.
*/
protected function preprocessForm(JForm $form, $data, $group =
'user')
{
parent::preprocessForm($form, $data, $group);
}
}
PK{,�[
��9k,k,
profile.phpnu�[���<?php
/**
* @package Joomla.Site
* @subpackage com_users
*
* @copyright (C) 2009 Open Source Matters, Inc.
<https://www.joomla.org>
* @license GNU General Public License version 2 or later; see
LICENSE.txt
*/
defined('_JEXEC') or die;
use Joomla\CMS\User\UserHelper;
use Joomla\Registry\Registry;
/**
* Profile model class for Users.
*
* @since 1.6
*/
class UsersModelProfile extends JModelForm
{
/**
* @var object The user profile data.
* @since 1.6
*/
protected $data;
/**
* Constructor
*
* @param array $config An array of configuration options (name,
state, dbo, table_path, ignore_request).
*
* @since 3.2
*
* @throws Exception
*/
public function __construct($config = array())
{
$config = array_merge(
array(
'events_map' => array('validate' =>
'user')
), $config
);
parent::__construct($config);
// Load the helper and model used for two factor authentication
JLoader::register('UsersModelUser', JPATH_ADMINISTRATOR .
'/components/com_users/models/user.php');
JLoader::register('UsersHelper', JPATH_ADMINISTRATOR .
'/components/com_users/helpers/users.php');
}
/**
* Method to check in a user.
*
* @param integer $userId The id of the row to check out.
*
* @return boolean True on success, false on failure.
*
* @since 1.6
*/
public function checkin($userId = null)
{
// Get the user id.
$userId = (!empty($userId)) ? $userId : (int)
$this->getState('user.id');
if ($userId)
{
// Initialise the table with JUser.
$table = JTable::getInstance('User');
// Attempt to check the row in.
if (!$table->checkin($userId))
{
$this->setError($table->getError());
return false;
}
}
return true;
}
/**
* Method to check out a user for editing.
*
* @param integer $userId The id of the row to check out.
*
* @return boolean True on success, false on failure.
*
* @since 1.6
*/
public function checkout($userId = null)
{
// Get the user id.
$userId = (!empty($userId)) ? $userId : (int)
$this->getState('user.id');
if ($userId)
{
// Initialise the table with JUser.
$table = JTable::getInstance('User');
// Get the current user object.
$user = JFactory::getUser();
// Attempt to check the row out.
if (!$table->checkout($user->get('id'), $userId))
{
$this->setError($table->getError());
return false;
}
}
return true;
}
/**
* Method to get the profile form data.
*
* The base form data is loaded and then an event is fired
* for users plugins to extend the data.
*
* @return mixed Data object on success, false on failure.
*
* @since 1.6
*/
public function getData()
{
if ($this->data === null)
{
$userId = $this->getState('user.id');
// Initialise the table with JUser.
$this->data = new JUser($userId);
// Set the base user data.
$this->data->email1 = $this->data->get('email');
$this->data->email2 = $this->data->get('email');
// Override the base user data with any data in the session.
$temp = (array)
JFactory::getApplication()->getUserState('com_users.edit.profile.data',
array());
foreach ($temp as $k => $v)
{
$this->data->$k = $v;
}
// Unset the passwords.
unset($this->data->password1, $this->data->password2);
$registry = new Registry($this->data->params);
$this->data->params = $registry->toArray();
}
return $this->data;
}
/**
* Method to get the profile form.
*
* The base form is loaded from XML and then an event is fired
* for users plugins to extend the form with extra fields.
*
* @param array $data An optional array of data for the form to
interrogate.
* @param boolean $loadData True if the form is to load its own data
(default case), false if not.
*
* @return JForm A JForm object on success, false on failure
*
* @since 1.6
*/
public function getForm($data = array(), $loadData = true)
{
// Get the form.
$form = $this->loadForm('com_users.profile',
'profile', array('control' => 'jform',
'load_data' => $loadData));
if (empty($form))
{
return false;
}
// Check for username compliance and parameter set
$isUsernameCompliant = true;
$username = $loadData ? $form->getValue('username') :
$this->loadFormData()->username;
if ($username)
{
$isUsernameCompliant =
!(preg_match('#[<>"\'%;()&\\\\]|\\.\\./#',
$username) || strlen(utf8_decode($username)) < 2
|| trim($username) !== $username);
}
$this->setState('user.username.compliant',
$isUsernameCompliant);
if ($isUsernameCompliant &&
!JComponentHelper::getParams('com_users')->get('change_login_name'))
{
$form->setFieldAttribute('username', 'class',
'');
$form->setFieldAttribute('username', 'filter',
'');
$form->setFieldAttribute('username',
'description',
'COM_USERS_PROFILE_NOCHANGE_USERNAME_DESC');
$form->setFieldAttribute('username', 'validate',
'');
$form->setFieldAttribute('username', 'message',
'');
$form->setFieldAttribute('username', 'readonly',
'true');
$form->setFieldAttribute('username', 'required',
'false');
}
// When multilanguage is set, a user's default site language should
also be a Content Language
if (JLanguageMultilang::isEnabled())
{
$form->setFieldAttribute('language', 'type',
'frontend_language', 'params');
}
// If the user needs to change their password, mark the password fields
as required
if (JFactory::getUser()->requireReset)
{
$form->setFieldAttribute('password1', 'required',
'true');
$form->setFieldAttribute('password2', 'required',
'true');
}
return $form;
}
/**
* Method to get the data that should be injected in the form.
*
* @return mixed The data for the form.
*
* @since 1.6
*/
protected function loadFormData()
{
$data = $this->getData();
$this->preprocessData('com_users.profile', $data,
'user');
return $data;
}
/**
* Override preprocessForm to load the user plugin group instead of
content.
*
* @param JForm $form A JForm object.
* @param mixed $data The data expected for the form.
* @param string $group The name of the plugin group to import
(defaults to "content").
*
* @return void
*
* @throws Exception if there is an error in the form event.
*
* @since 1.6
*/
protected function preprocessForm(JForm $form, $data, $group =
'user')
{
if
(JComponentHelper::getParams('com_users')->get('frontend_userparams'))
{
$form->loadFile('frontend', false);
if (JFactory::getUser()->authorise('core.login.admin'))
{
$form->loadFile('frontend_admin', false);
}
}
parent::preprocessForm($form, $data, $group);
}
/**
* Method to auto-populate the model state.
*
* Note. Calling getState in this method will result in recursion.
*
* @return void
*
* @since 1.6
*/
protected function populateState()
{
// Get the application object.
$params =
JFactory::getApplication()->getParams('com_users');
// Get the user id.
$userId =
JFactory::getApplication()->getUserState('com_users.edit.profile.id');
$userId = !empty($userId) ? $userId : (int)
JFactory::getUser()->get('id');
// Set the user id.
$this->setState('user.id', $userId);
// Load the parameters.
$this->setState('params', $params);
}
/**
* Method to save the form data.
*
* @param array $data The form data.
*
* @return mixed The user id on success, false on failure.
*
* @since 1.6
*/
public function save($data)
{
$userId = (!empty($data['id'])) ? $data['id'] : (int)
$this->getState('user.id');
$user = new JUser($userId);
// Prepare the data for the user object.
$data['email'] =
JStringPunycode::emailToPunycode($data['email1']);
$data['password'] = $data['password1'];
// Unset the username if it should not be overwritten
$isUsernameCompliant =
$this->getState('user.username.compliant');
if ($isUsernameCompliant &&
!JComponentHelper::getParams('com_users')->get('change_login_name'))
{
unset($data['username']);
}
// Unset block and sendEmail so they do not get overwritten
unset($data['block'], $data['sendEmail']);
// Handle the two factor authentication setup
if (array_key_exists('twofactor', $data))
{
$model = new UsersModelUser;
$twoFactorMethod = $data['twofactor']['method'];
// Get the current One Time Password (two factor auth) configuration
$otpConfig = $model->getOtpConfig($userId);
if ($twoFactorMethod !== 'none')
{
// Run the plugins
FOFPlatform::getInstance()->importPlugin('twofactorauth');
$otpConfigReplies =
FOFPlatform::getInstance()->runPlugins('onUserTwofactorApplyConfiguration',
array($twoFactorMethod));
// Look for a valid reply
foreach ($otpConfigReplies as $reply)
{
if (!is_object($reply) || empty($reply->method) ||
($reply->method != $twoFactorMethod))
{
continue;
}
$otpConfig->method = $reply->method;
$otpConfig->config = $reply->config;
break;
}
// Save OTP configuration.
$model->setOtpConfig($userId, $otpConfig);
// Generate one time emergency passwords if required (depleted or not
set)
if (empty($otpConfig->otep))
{
$model->generateOteps($userId);
}
}
else
{
$otpConfig->method = 'none';
$otpConfig->config = array();
$model->setOtpConfig($userId, $otpConfig);
}
// Unset the raw data
unset($data['twofactor']);
// Reload the user record with the updated OTP configuration
$user->load($userId);
}
// Bind the data.
if (!$user->bind($data))
{
$this->setError(JText::sprintf('COM_USERS_PROFILE_BIND_FAILED',
$user->getError()));
return false;
}
// Load the users plugin group.
JPluginHelper::importPlugin('user');
// Retrieve the user groups so they don't get overwritten
unset($user->groups);
$user->groups = JAccess::getGroupsByUser($user->id, false);
// Store the data.
if (!$user->save())
{
$this->setError($user->getError());
return false;
}
// Destroy all active sessions for the user after changing the password
if ($data['password'])
{
UserHelper::destroyUserSessions($user->id, true);
}
return $user->id;
}
/**
* Gets the configuration forms for all two-factor authentication methods
* in an array.
*
* @param integer $userId The user ID to load the forms for (optional)
*
* @return array
*
* @since 3.2
*/
public function getTwofactorform($userId = null)
{
$userId = (!empty($userId)) ? $userId : (int)
$this->getState('user.id');
$model = new UsersModelUser;
$otpConfig = $model->getOtpConfig($userId);
FOFPlatform::getInstance()->importPlugin('twofactorauth');
return
FOFPlatform::getInstance()->runPlugins('onUserTwofactorShowConfiguration',
array($otpConfig, $userId));
}
/**
* Returns the one time password (OTP) – a.k.a. two factor
authentication –
* configuration for a particular user.
*
* @param integer $userId The numeric ID of the user
*
* @return stdClass An object holding the OTP configuration for this
user
*
* @since 3.2
*/
public function getOtpConfig($userId = null)
{
$userId = (!empty($userId)) ? $userId : (int)
$this->getState('user.id');
$model = new UsersModelUser;
return $model->getOtpConfig($userId);
}
}
PK{,�[|1 H Hregistration.phpnu�[���<?php
/**
* @package Joomla.Site
* @subpackage com_users
*
* @copyright (C) 2009 Open Source Matters, Inc.
<https://www.joomla.org>
* @license GNU General Public License version 2 or later; see
LICENSE.txt
*/
defined('_JEXEC') or die;
use Joomla\CMS\Router\Route;
/**
* Registration model class for Users.
*
* @since 1.6
*/
class UsersModelRegistration extends JModelForm
{
/**
* @var object The user registration data.
* @since 1.6
*/
protected $data;
/**
* Constructor
*
* @param array $config An array of configuration options (name,
state, dbo, table_path, ignore_request).
*
* @since 3.6
*
* @throws Exception
*/
public function __construct($config = array())
{
$config = array_merge(
array(
'events_map' => array('validate' =>
'user')
), $config
);
parent::__construct($config);
}
/**
* Method to get the user ID from the given token
*
* @param string $token The activation token.
*
* @return mixed False on failure, id of the user on success
*
* @since 3.8.13
*/
public function getUserIdFromToken($token)
{
$db = $this->getDbo();
// Get the user id based on the token.
$query = $db->getQuery(true);
$query->select($db->quoteName('id'))
->from($db->quoteName('#__users'))
->where($db->quoteName('activation') . ' = ' .
$db->quote($token))
->where($db->quoteName('block') . ' = ' . 1)
->where($db->quoteName('lastvisitDate') . ' =
' . $db->quote($db->getNullDate()));
$db->setQuery($query);
try
{
return (int) $db->loadResult();
}
catch (RuntimeException $e)
{
$this->setError(JText::sprintf('COM_USERS_DATABASE_ERROR',
$e->getMessage()), 500);
return false;
}
}
/**
* Method to activate a user account.
*
* @param string $token The activation token.
*
* @return mixed False on failure, user object on success.
*
* @since 1.6
*/
public function activate($token)
{
$config = JFactory::getConfig();
$userParams = JComponentHelper::getParams('com_users');
$userId = $this->getUserIdFromToken($token);
// Check for a valid user id.
if (!$userId)
{
$this->setError(JText::_('COM_USERS_ACTIVATION_TOKEN_NOT_FOUND'));
return false;
}
// Load the users plugin group.
JPluginHelper::importPlugin('user');
// Activate the user.
$user = JFactory::getUser($userId);
// Admin activation is on and user is verifying their email
if (($userParams->get('useractivation') == 2) &&
!$user->getParam('activate', 0))
{
$linkMode = $config->get('force_ssl', 0) == 2 ?
Route::TLS_FORCE : Route::TLS_IGNORE;
// Compile the admin notification mail values.
$data = $user->getProperties();
$data['activation'] =
JApplicationHelper::getHash(JUserHelper::genRandomPassword());
$user->set('activation', $data['activation']);
$data['siteurl'] = JUri::base();
$data['activate'] = JRoute::link(
'site',
'index.php?option=com_users&task=registration.activate&token='
. $data['activation'],
false,
$linkMode,
true
);
$data['fromname'] = $config->get('fromname');
$data['mailfrom'] = $config->get('mailfrom');
$data['sitename'] = $config->get('sitename');
$user->setParam('activate', 1);
$emailSubject = JText::sprintf(
'COM_USERS_EMAIL_ACTIVATE_WITH_ADMIN_ACTIVATION_SUBJECT',
$data['name'],
$data['sitename']
);
$emailBody = JText::sprintf(
'COM_USERS_EMAIL_ACTIVATE_WITH_ADMIN_ACTIVATION_BODY',
$data['sitename'],
$data['name'],
$data['email'],
$data['username'],
$data['activate']
);
// Get all admin users
$db = $this->getDbo();
$query = $db->getQuery(true)
->select($db->quoteName(array('name',
'email', 'sendEmail', 'id')))
->from($db->quoteName('#__users'))
->where($db->quoteName('sendEmail') . ' = 1')
->where($db->quoteName('block') . ' = 0');
$db->setQuery($query);
try
{
$rows = $db->loadObjectList();
}
catch (RuntimeException $e)
{
$this->setError(JText::sprintf('COM_USERS_DATABASE_ERROR',
$e->getMessage()), 500);
return false;
}
// Send mail to all users with users creating permissions and receiving
system emails
foreach ($rows as $row)
{
$usercreator = JFactory::getUser($row->id);
if ($usercreator->authorise('core.create',
'com_users') &&
$usercreator->authorise('core.manage', 'com_users'))
{
$return =
JFactory::getMailer()->sendMail($data['mailfrom'],
$data['fromname'], $row->email, $emailSubject, $emailBody);
// Check for an error.
if ($return !== true)
{
$this->setError(JText::_('COM_USERS_REGISTRATION_ACTIVATION_NOTIFY_SEND_MAIL_FAILED'));
return false;
}
}
}
}
// Admin activation is on and admin is activating the account
elseif (($userParams->get('useractivation') == 2) &&
$user->getParam('activate', 0))
{
$user->set('activation', '');
$user->set('block', '0');
// Compile the user activated notification mail values.
$data = $user->getProperties();
$user->setParam('activate', 0);
$data['fromname'] = $config->get('fromname');
$data['mailfrom'] = $config->get('mailfrom');
$data['sitename'] = $config->get('sitename');
$data['siteurl'] = JUri::base();
$emailSubject = JText::sprintf(
'COM_USERS_EMAIL_ACTIVATED_BY_ADMIN_ACTIVATION_SUBJECT',
$data['name'],
$data['sitename']
);
$emailBody = JText::sprintf(
'COM_USERS_EMAIL_ACTIVATED_BY_ADMIN_ACTIVATION_BODY',
$data['name'],
$data['siteurl'],
$data['username']
);
$return =
JFactory::getMailer()->sendMail($data['mailfrom'],
$data['fromname'], $data['email'], $emailSubject,
$emailBody);
// Check for an error.
if ($return !== true)
{
$this->setError(JText::_('COM_USERS_REGISTRATION_ACTIVATION_NOTIFY_SEND_MAIL_FAILED'));
return false;
}
}
else
{
$user->set('activation', '');
$user->set('block', '0');
}
// Store the user object.
if (!$user->save())
{
$this->setError(JText::sprintf('COM_USERS_REGISTRATION_ACTIVATION_SAVE_FAILED',
$user->getError()));
return false;
}
return $user;
}
/**
* Method to get the registration form data.
*
* The base form data is loaded and then an event is fired
* for users plugins to extend the data.
*
* @return mixed Data object on success, false on failure.
*
* @since 1.6
*/
public function getData()
{
if ($this->data === null)
{
$this->data = new stdClass;
$app = JFactory::getApplication();
$params = JComponentHelper::getParams('com_users');
// Override the base user data with any data in the session.
$temp = (array)
$app->getUserState('com_users.registration.data', array());
// Don't load the data in this getForm call, or we'll call
ourself
$form = $this->getForm(array(), false);
foreach ($temp as $k => $v)
{
// Here we could have a grouped field, let's check it
if (is_array($v))
{
$this->data->$k = new stdClass;
foreach ($v as $key => $val)
{
if ($form->getField($key, $k) !== false)
{
$this->data->$k->$key = $val;
}
}
}
// Only merge the field if it exists in the form.
elseif ($form->getField($k) !== false)
{
$this->data->$k = $v;
}
}
// Get the groups the user should be added to after registration.
$this->data->groups = array();
// Get the default new user group, guest or public group if not
specified.
$system = $params->get('new_usertype',
$params->get('guest_usergroup', 1));
$this->data->groups[] = $system;
// Unset the passwords.
unset($this->data->password1, $this->data->password2);
// Get the dispatcher and load the users plugins.
$dispatcher = JEventDispatcher::getInstance();
JPluginHelper::importPlugin('user');
// Trigger the data preparation event.
$results = $dispatcher->trigger('onContentPrepareData',
array('com_users.registration', $this->data));
// Check for errors encountered while preparing the data.
if (count($results) && in_array(false, $results, true))
{
$this->setError($dispatcher->getError());
$this->data = false;
}
}
return $this->data;
}
/**
* Method to get the registration form.
*
* The base form is loaded from XML and then an event is fired
* for users plugins to extend the form with extra fields.
*
* @param array $data An optional array of data for the form to
interrogate.
* @param boolean $loadData True if the form is to load its own data
(default case), false if not.
*
* @return JForm A JForm object on success, false on failure
*
* @since 1.6
*/
public function getForm($data = array(), $loadData = true)
{
// Get the form.
$form = $this->loadForm('com_users.registration',
'registration', array('control' =>
'jform', 'load_data' => $loadData));
if (empty($form))
{
return false;
}
// When multilanguage is set, a user's default site language should
also be a Content Language
if (JLanguageMultilang::isEnabled())
{
$form->setFieldAttribute('language', 'type',
'frontend_language', 'params');
}
return $form;
}
/**
* Method to get the data that should be injected in the form.
*
* @return mixed The data for the form.
*
* @since 1.6
*/
protected function loadFormData()
{
$data = $this->getData();
if (JLanguageMultilang::isEnabled() && empty($data->language))
{
$data->language = JFactory::getLanguage()->getTag();
}
$this->preprocessData('com_users.registration', $data);
return $data;
}
/**
* Override preprocessForm to load the user plugin group instead of
content.
*
* @param JForm $form A JForm object.
* @param mixed $data The data expected for the form.
* @param string $group The name of the plugin group to import
(defaults to "content").
*
* @return void
*
* @since 1.6
* @throws Exception if there is an error in the form event.
*/
protected function preprocessForm(JForm $form, $data, $group =
'user')
{
$userParams = JComponentHelper::getParams('com_users');
// Add the choice for site language at registration time
if ($userParams->get('site_language') == 1 &&
$userParams->get('frontend_userparams') == 1)
{
$form->loadFile('sitelang', false);
}
parent::preprocessForm($form, $data, $group);
}
/**
* Method to auto-populate the model state.
*
* Note. Calling getState in this method will result in recursion.
*
* @return void
*
* @since 1.6
*/
protected function populateState()
{
// Get the application object.
$app = JFactory::getApplication();
$params = $app->getParams('com_users');
// Load the parameters.
$this->setState('params', $params);
}
/**
* Method to save the form data.
*
* @param array $temp The form data.
*
* @return mixed The user id on success, false on failure.
*
* @since 1.6
*/
public function register($temp)
{
$params = JComponentHelper::getParams('com_users');
// Initialise the table with JUser.
$user = new JUser;
$data = (array) $this->getData();
// Merge in the registration data.
foreach ($temp as $k => $v)
{
$data[$k] = $v;
}
// Prepare the data for the user object.
$data['email'] =
JStringPunycode::emailToPunycode($data['email1']);
$data['password'] = $data['password1'];
$useractivation = $params->get('useractivation');
$sendpassword = $params->get('sendpassword', 1);
// Check if the user needs to activate their account.
if (($useractivation == 1) || ($useractivation == 2))
{
$data['activation'] =
JApplicationHelper::getHash(JUserHelper::genRandomPassword());
$data['block'] = 1;
}
// Bind the data.
if (!$user->bind($data))
{
$this->setError(JText::sprintf('COM_USERS_REGISTRATION_BIND_FAILED',
$user->getError()));
return false;
}
// Load the users plugin group.
JPluginHelper::importPlugin('user');
// Store the data.
if (!$user->save())
{
$this->setError(JText::sprintf('COM_USERS_REGISTRATION_SAVE_FAILED',
$user->getError()));
return false;
}
$config = JFactory::getConfig();
$db = $this->getDbo();
$query = $db->getQuery(true);
// Compile the notification mail values.
$data = $user->getProperties();
$data['fromname'] = $config->get('fromname');
$data['mailfrom'] = $config->get('mailfrom');
$data['sitename'] = $config->get('sitename');
$data['siteurl'] = JUri::root();
// Handle account activation/confirmation emails.
if ($useractivation == 2)
{
// Set the link to confirm the user email.
$linkMode = $config->get('force_ssl', 0) == 2 ?
Route::TLS_FORCE : Route::TLS_IGNORE;
$data['activate'] = JRoute::link(
'site',
'index.php?option=com_users&task=registration.activate&token='
. $data['activation'],
false,
$linkMode,
true
);
$emailSubject = JText::sprintf(
'COM_USERS_EMAIL_ACCOUNT_DETAILS',
$data['name'],
$data['sitename']
);
if ($sendpassword)
{
$emailBody = JText::sprintf(
'COM_USERS_EMAIL_REGISTERED_WITH_ADMIN_ACTIVATION_BODY',
$data['name'],
$data['sitename'],
$data['activate'],
$data['siteurl'],
$data['username'],
$data['password_clear']
);
}
else
{
$emailBody = JText::sprintf(
'COM_USERS_EMAIL_REGISTERED_WITH_ADMIN_ACTIVATION_BODY_NOPW',
$data['name'],
$data['sitename'],
$data['activate'],
$data['siteurl'],
$data['username']
);
}
}
elseif ($useractivation == 1)
{
// Set the link to activate the user account.
$linkMode = $config->get('force_ssl', 0) == 2 ?
Route::TLS_FORCE : Route::TLS_IGNORE;
$data['activate'] = JRoute::link(
'site',
'index.php?option=com_users&task=registration.activate&token='
. $data['activation'],
false,
$linkMode,
true
);
$emailSubject = JText::sprintf(
'COM_USERS_EMAIL_ACCOUNT_DETAILS',
$data['name'],
$data['sitename']
);
if ($sendpassword)
{
$emailBody = JText::sprintf(
'COM_USERS_EMAIL_REGISTERED_WITH_ACTIVATION_BODY',
$data['name'],
$data['sitename'],
$data['activate'],
$data['siteurl'],
$data['username'],
$data['password_clear']
);
}
else
{
$emailBody = JText::sprintf(
'COM_USERS_EMAIL_REGISTERED_WITH_ACTIVATION_BODY_NOPW',
$data['name'],
$data['sitename'],
$data['activate'],
$data['siteurl'],
$data['username']
);
}
}
else
{
$emailSubject = JText::sprintf(
'COM_USERS_EMAIL_ACCOUNT_DETAILS',
$data['name'],
$data['sitename']
);
if ($sendpassword)
{
$emailBody = JText::sprintf(
'COM_USERS_EMAIL_REGISTERED_BODY',
$data['name'],
$data['sitename'],
$data['siteurl'],
$data['username'],
$data['password_clear']
);
}
else
{
$emailBody = JText::sprintf(
'COM_USERS_EMAIL_REGISTERED_BODY_NOPW',
$data['name'],
$data['sitename'],
$data['siteurl']
);
}
}
// Send the registration email.
$return = JFactory::getMailer()->sendMail($data['mailfrom'],
$data['fromname'], $data['email'], $emailSubject,
$emailBody);
// Send Notification mail to administrators
if (($params->get('useractivation') < 2) &&
($params->get('mail_to_admin') == 1))
{
$emailSubject = JText::sprintf(
'COM_USERS_EMAIL_ACCOUNT_DETAILS',
$data['name'],
$data['sitename']
);
$emailBodyAdmin = JText::sprintf(
'COM_USERS_EMAIL_REGISTERED_NOTIFICATION_TO_ADMIN_BODY',
$data['name'],
$data['username'],
$data['siteurl']
);
// Get all admin users
$query->clear()
->select($db->quoteName(array('name',
'email', 'sendEmail', 'id')))
->from($db->quoteName('#__users'))
->where($db->quoteName('sendEmail') . ' = 1')
->where($db->quoteName('block') . ' = 0');
$db->setQuery($query);
try
{
$rows = $db->loadObjectList();
}
catch (RuntimeException $e)
{
$this->setError(JText::sprintf('COM_USERS_DATABASE_ERROR',
$e->getMessage()), 500);
return false;
}
// Send mail to all users with user creating permissions and receiving
system emails
foreach ($rows as $row)
{
$usercreator = JFactory::getUser($row->id);
if ($usercreator->authorise('core.create',
'com_users') &&
$usercreator->authorise('core.manage', 'com_users'))
{
$return =
JFactory::getMailer()->sendMail($data['mailfrom'],
$data['fromname'], $row->email, $emailSubject,
$emailBodyAdmin);
// Check for an error.
if ($return !== true)
{
$this->setError(JText::_('COM_USERS_REGISTRATION_ACTIVATION_NOTIFY_SEND_MAIL_FAILED'));
return false;
}
}
}
}
// Check for an error.
if ($return !== true)
{
$this->setError(JText::_('COM_USERS_REGISTRATION_SEND_MAIL_FAILED'));
// Send a system message to administrators receiving system mails
$db = $this->getDbo();
$query->clear()
->select($db->quoteName('id'))
->from($db->quoteName('#__users'))
->where($db->quoteName('block') . ' = ' .
(int) 0)
->where($db->quoteName('sendEmail') . ' = ' .
(int) 1);
$db->setQuery($query);
try
{
$userids = $db->loadColumn();
}
catch (RuntimeException $e)
{
$this->setError(JText::sprintf('COM_USERS_DATABASE_ERROR',
$e->getMessage()), 500);
return false;
}
if (count($userids) > 0)
{
$jdate = new JDate;
// Build the query to add the messages
foreach ($userids as $userid)
{
$values = array(
$db->quote($userid),
$db->quote($userid),
$db->quote($jdate->toSql()),
$db->quote(JText::_('COM_USERS_MAIL_SEND_FAILURE_SUBJECT')),
$db->quote(JText::sprintf('COM_USERS_MAIL_SEND_FAILURE_BODY',
$return, $data['username']))
);
$query->clear()
->insert($db->quoteName('#__messages'))
->columns($db->quoteName(array('user_id_from',
'user_id_to', 'date_time', 'subject',
'message')))
->values(implode(',', $values));
$db->setQuery($query);
try
{
$db->execute();
}
catch (RuntimeException $e)
{
$this->setError(JText::sprintf('COM_USERS_DATABASE_ERROR',
$e->getMessage()), 500);
return false;
}
}
}
return false;
}
if ($useractivation == 1)
{
return 'useractivate';
}
elseif ($useractivation == 2)
{
return 'adminactivate';
}
else
{
return $user->id;
}
}
}
PK{,�[�33
remind.phpnu�[���<?php
/**
* @package Joomla.Site
* @subpackage com_users
*
* @copyright (C) 2010 Open Source Matters, Inc.
<https://www.joomla.org>
* @license GNU General Public License version 2 or later; see
LICENSE.txt
*/
defined('_JEXEC') or die;
use Joomla\Utilities\ArrayHelper;
/**
* Remind model class for Users.
*
* @since 1.5
*/
class UsersModelRemind extends JModelForm
{
/**
* Method to get the username remind request form.
*
* @param array $data An optional array of data for the form to
interrogate.
* @param boolean $loadData True if the form is to load its own data
(default case), false if not.
*
* @return JFor A JForm object on success, false on failure
*
* @since 1.6
*/
public function getForm($data = array(), $loadData = true)
{
// Get the form.
$form = $this->loadForm('com_users.remind',
'remind', array('control' => 'jform',
'load_data' => $loadData));
if (empty($form))
{
return false;
}
return $form;
}
/**
* Override preprocessForm to load the user plugin group instead of
content.
*
* @param JForm $form A JForm object.
* @param mixed $data The data expected for the form.
* @param string $group The name of the plugin group to import
(defaults to "content").
*
* @return void
*
* @throws Exception if there is an error in the form event.
*
* @since 1.6
*/
protected function preprocessForm(JForm $form, $data, $group =
'user')
{
parent::preprocessForm($form, $data, 'user');
}
/**
* Method to auto-populate the model state.
*
* Note. Calling getState in this method will result in recursion.
*
* @return void
*
* @since 1.6
*/
protected function populateState()
{
// Get the application object.
$app = JFactory::getApplication();
$params = $app->getParams('com_users');
// Load the parameters.
$this->setState('params', $params);
}
/**
* Send the remind username email
*
* @param array $data Array with the data received from the form
*
* @return boolean
*
* @since 1.6
*/
public function processRemindRequest($data)
{
// Get the form.
$form = $this->getForm();
$data['email'] =
JStringPunycode::emailToPunycode($data['email']);
// Check for an error.
if (empty($form))
{
return false;
}
// Validate the data.
$data = $this->validate($form, $data);
// Check for an error.
if ($data instanceof Exception)
{
return false;
}
// Check the validation results.
if ($data === false)
{
// Get the validation messages from the form.
foreach ($form->getErrors() as $formError)
{
$this->setError($formError->getMessage());
}
return false;
}
// Find the user id for the given email address.
$db = $this->getDbo();
$query = $db->getQuery(true)
->select('*')
->from($db->quoteName('#__users'))
->where('LOWER(' . $db->quoteName('email') .
') = LOWER(' . $db->quote($data['email']) .
')');
// Get the user id.
$db->setQuery($query);
try
{
$user = $db->loadObject();
}
catch (RuntimeException $e)
{
$this->setError(JText::sprintf('COM_USERS_DATABASE_ERROR',
$e->getMessage()), 500);
return false;
}
// Check for a user.
if (empty($user))
{
$this->setError(JText::_('COM_USERS_USER_NOT_FOUND'));
return false;
}
// Make sure the user isn't blocked.
if ($user->block)
{
$this->setError(JText::_('COM_USERS_USER_BLOCKED'));
return false;
}
$config = JFactory::getConfig();
// Assemble the login link.
$link = 'index.php?option=com_users&view=login';
$mode = $config->get('force_ssl', 0) == 2 ? 1 : (-1);
// Put together the email template data.
$data = ArrayHelper::fromObject($user);
$data['fromname'] = $config->get('fromname');
$data['mailfrom'] = $config->get('mailfrom');
$data['sitename'] = $config->get('sitename');
$data['link_text'] = JRoute::_($link, false, $mode);
$data['link_html'] = JRoute::_($link, true, $mode);
$subject = JText::sprintf(
'COM_USERS_EMAIL_USERNAME_REMINDER_SUBJECT',
$data['sitename']
);
$body = JText::sprintf(
'COM_USERS_EMAIL_USERNAME_REMINDER_BODY',
$data['sitename'],
$data['username'],
$data['link_text']
);
// Send the password reset request email.
$return = JFactory::getMailer()->sendMail($data['mailfrom'],
$data['fromname'], $user->email, $subject, $body);
// Check for an error.
if ($return !== true)
{
$this->setError(JText::_('COM_USERS_MAIL_FAILED'), 500);
return false;
}
$dispatcher = \JEventDispatcher::getInstance();
$dispatcher->trigger('onUserAfterRemind', array($user));
return true;
}
}
PK{,�[���p�1�1 reset.phpnu�[���<?php
/**
* @package Joomla.Site
* @subpackage com_users
*
* @copyright (C) 2009 Open Source Matters, Inc.
<https://www.joomla.org>
* @license GNU General Public License version 2 or later; see
LICENSE.txt
*/
use Joomla\CMS\User\UserHelper;
defined('_JEXEC') or die;
/**
* Rest model class for Users.
*
* @since 1.5
*/
class UsersModelReset extends JModelForm
{
/**
* Method to get the password reset request form.
*
* The base form is loaded from XML and then an event is fired
* for users plugins to extend the form with extra fields.
*
* @param array $data An optional array of data for the form to
interrogate.
* @param boolean $loadData True if the form is to load its own data
(default case), false if not.
*
* @return JForm A JForm object on success, false on failure
*
* @since 1.6
*/
public function getForm($data = array(), $loadData = true)
{
// Get the form.
$form = $this->loadForm('com_users.reset_request',
'reset_request', array('control' =>
'jform', 'load_data' => $loadData));
if (empty($form))
{
return false;
}
return $form;
}
/**
* Method to get the password reset complete form.
*
* @param array $data Data for the form.
* @param boolean $loadData True if the form is to load its own data
(default case), false if not.
*
* @return JForm A JForm object on success, false on failure
*
* @since 1.6
*/
public function getResetCompleteForm($data = array(), $loadData = true)
{
// Get the form.
$form = $this->loadForm('com_users.reset_complete',
'reset_complete', $options = array('control' =>
'jform'));
if (empty($form))
{
return false;
}
return $form;
}
/**
* Method to get the password reset confirm form.
*
* @param array $data Data for the form.
* @param boolean $loadData True if the form is to load its own data
(default case), false if not.
*
* @return JForm A JForm object on success, false on failure
*
* @since 1.6
*/
public function getResetConfirmForm($data = array(), $loadData = true)
{
// Get the form.
$form = $this->loadForm('com_users.reset_confirm',
'reset_confirm', $options = array('control' =>
'jform'));
if (empty($form))
{
return false;
}
else
{
$form->setValue('token', '',
JFactory::getApplication()->input->get('token'));
}
return $form;
}
/**
* Override preprocessForm to load the user plugin group instead of
content.
*
* @param JForm $form A JForm object.
* @param mixed $data The data expected for the form.
* @param string $group The name of the plugin group to import
(defaults to "content").
*
* @return void
*
* @throws Exception if there is an error in the form event.
*
* @since 1.6
*/
protected function preprocessForm(JForm $form, $data, $group =
'user')
{
parent::preprocessForm($form, $data, $group);
}
/**
* Method to auto-populate the model state.
*
* Note. Calling getState in this method will result in recursion.
*
* @return void
*
* @since 1.6
*/
protected function populateState()
{
// Get the application object.
$params =
JFactory::getApplication()->getParams('com_users');
// Load the parameters.
$this->setState('params', $params);
}
/**
* Save the new password after reset is done
*
* @param array $data The data expected for the form.
*
* @return mixed Exception | JException | boolean
*
* @since 1.6
*/
public function processResetComplete($data)
{
// Get the form.
$form = $this->getResetCompleteForm();
// Check for an error.
if ($form instanceof Exception)
{
return $form;
}
// Filter and validate the form data.
$data = $form->filter($data);
$return = $form->validate($data);
// Check for an error.
if ($return instanceof Exception)
{
return $return;
}
// Check the validation results.
if ($return === false)
{
// Get the validation messages from the form.
foreach ($form->getErrors() as $formError)
{
$this->setError($formError->getMessage());
}
return false;
}
// Get the token and user id from the confirmation process.
$app = JFactory::getApplication();
$token = $app->getUserState('com_users.reset.token', null);
$userId = $app->getUserState('com_users.reset.user', null);
// Check the token and user id.
if (empty($token) || empty($userId))
{
return new
JException(JText::_('COM_USERS_RESET_COMPLETE_TOKENS_MISSING'),
403);
}
// Get the user object.
$user = JUser::getInstance($userId);
// Check for a user and that the tokens match.
if (empty($user) || $user->activation !== $token)
{
$this->setError(JText::_('COM_USERS_USER_NOT_FOUND'));
return false;
}
// Make sure the user isn't blocked.
if ($user->block)
{
$this->setError(JText::_('COM_USERS_USER_BLOCKED'));
return false;
}
// Check if the user is reusing the current password if required to reset
their password
if ($user->requireReset == 1 &&
JUserHelper::verifyPassword($data['password1'],
$user->password))
{
$this->setError(JText::_('JLIB_USER_ERROR_CANNOT_REUSE_PASSWORD'));
return false;
}
// Prepare user data.
$data['password'] = $data['password1'];
$data['activation'] = '';
// Update the user object.
if (!$user->bind($data))
{
return new \Exception($user->getError(), 500);
}
// Save the user to the database.
if (!$user->save(true))
{
return new
JException(JText::sprintf('COM_USERS_USER_SAVE_FAILED',
$user->getError()), 500);
}
// Destroy all active sessions for the user
UserHelper::destroyUserSessions($user->id);
// Flush the user data from the session.
$app->setUserState('com_users.reset.token', null);
$app->setUserState('com_users.reset.user', null);
return true;
}
/**
* Receive the reset password request
*
* @param array $data The data expected for the form.
*
* @return mixed Exception | JException | boolean
*
* @since 1.6
*/
public function processResetConfirm($data)
{
// Get the form.
$form = $this->getResetConfirmForm();
// Check for an error.
if ($form instanceof Exception)
{
return $form;
}
// Filter and validate the form data.
$data = $form->filter($data);
$return = $form->validate($data);
// Check for an error.
if ($return instanceof Exception)
{
return $return;
}
// Check the validation results.
if ($return === false)
{
// Get the validation messages from the form.
foreach ($form->getErrors() as $formError)
{
$this->setError($formError->getMessage());
}
return false;
}
// Find the user id for the given token.
$db = $this->getDbo();
$query = $db->getQuery(true)
->select('activation')
->select('id')
->select('block')
->from($db->quoteName('#__users'))
->where($db->quoteName('username') . ' = ' .
$db->quote($data['username']));
// Get the user id.
$db->setQuery($query);
try
{
$user = $db->loadObject();
}
catch (RuntimeException $e)
{
return new
JException(JText::sprintf('COM_USERS_DATABASE_ERROR',
$e->getMessage()), 500);
}
// Check for a user.
if (empty($user))
{
$this->setError(JText::_('COM_USERS_USER_NOT_FOUND'));
return false;
}
if (!$user->activation)
{
$this->setError(JText::_('COM_USERS_USER_NOT_FOUND'));
return false;
}
// Verify the token
if (!JUserHelper::verifyPassword($data['token'],
$user->activation))
{
$this->setError(JText::_('COM_USERS_USER_NOT_FOUND'));
return false;
}
// Make sure the user isn't blocked.
if ($user->block)
{
$this->setError(JText::_('COM_USERS_USER_BLOCKED'));
return false;
}
// Push the user data into the session.
$app = JFactory::getApplication();
$app->setUserState('com_users.reset.token',
$user->activation);
$app->setUserState('com_users.reset.user', $user->id);
return true;
}
/**
* Method to start the password reset process.
*
* @param array $data The data expected for the form.
*
* @return mixed Exception | JException | boolean
*
* @since 1.6
*/
public function processResetRequest($data)
{
$config = JFactory::getConfig();
// Get the form.
$form = $this->getForm();
$data['email'] =
JStringPunycode::emailToPunycode($data['email']);
// Check for an error.
if ($form instanceof Exception)
{
return $form;
}
// Filter and validate the form data.
$data = $form->filter($data);
$return = $form->validate($data);
// Check for an error.
if ($return instanceof Exception)
{
return $return;
}
// Check the validation results.
if ($return === false)
{
// Get the validation messages from the form.
foreach ($form->getErrors() as $formError)
{
$this->setError($formError->getMessage());
}
return false;
}
// Find the user id for the given email address.
$db = $this->getDbo();
$query = $db->getQuery(true)
->select('id')
->from($db->quoteName('#__users'))
->where('LOWER(' . $db->quoteName('email') .
') = LOWER(' . $db->quote($data['email']) .
')');
// Get the user object.
$db->setQuery($query);
try
{
$userId = $db->loadResult();
}
catch (RuntimeException $e)
{
$this->setError(JText::sprintf('COM_USERS_DATABASE_ERROR',
$e->getMessage()), 500);
return false;
}
// Check for a user.
if (empty($userId))
{
$this->setError(JText::_('COM_USERS_INVALID_EMAIL'));
return false;
}
// Get the user object.
$user = JUser::getInstance($userId);
// Make sure the user isn't blocked.
if ($user->block)
{
$this->setError(JText::_('COM_USERS_USER_BLOCKED'));
return false;
}
// Make sure the user isn't a Super Admin.
if ($user->authorise('core.admin'))
{
$this->setError(JText::_('COM_USERS_REMIND_SUPERADMIN_ERROR'));
return false;
}
// Make sure the user has not exceeded the reset limit
if (!$this->checkResetLimit($user))
{
$resetLimit = (int)
JFactory::getApplication()->getParams()->get('reset_time');
$this->setError(JText::plural('COM_USERS_REMIND_LIMIT_ERROR_N_HOURS',
$resetLimit));
return false;
}
// Set the confirmation token.
$token = JApplicationHelper::getHash(JUserHelper::genRandomPassword());
$hashedToken = JUserHelper::hashPassword($token);
$user->activation = $hashedToken;
// Save the user to the database.
if (!$user->save(true))
{
return new
JException(JText::sprintf('COM_USERS_USER_SAVE_FAILED',
$user->getError()), 500);
}
// Assemble the password reset confirmation link.
$mode = $config->get('force_ssl', 0) == 2 ? 1 : (-1);
$link =
'index.php?option=com_users&view=reset&layout=confirm&token='
. $token;
// Put together the email template data.
$data = $user->getProperties();
$data['fromname'] = $config->get('fromname');
$data['mailfrom'] = $config->get('mailfrom');
$data['sitename'] = $config->get('sitename');
$data['link_text'] = JRoute::_($link, false, $mode);
$data['link_html'] = JRoute::_($link, true, $mode);
$data['token'] = $token;
$subject = JText::sprintf(
'COM_USERS_EMAIL_PASSWORD_RESET_SUBJECT',
$data['sitename']
);
$body = JText::sprintf(
'COM_USERS_EMAIL_PASSWORD_RESET_BODY',
$data['sitename'],
$data['token'],
$data['link_text']
);
// Send the password reset request email.
$return = JFactory::getMailer()->sendMail($data['mailfrom'],
$data['fromname'], $user->email, $subject, $body);
// Check for an error.
if ($return !== true)
{
return new JException(JText::_('COM_USERS_MAIL_FAILED'), 500);
}
return true;
}
/**
* Method to check if user reset limit has been exceeded within the
allowed time period.
*
* @param JUser $user User doing the password reset
*
* @return boolean true if user can do the reset, false if limit exceeded
*
* @since 2.5
*/
public function checkResetLimit($user)
{
$params = JFactory::getApplication()->getParams();
$maxCount = (int) $params->get('reset_count');
$resetHours = (int) $params->get('reset_time');
$result = true;
$lastResetTime = strtotime($user->lastResetTime) ?: 0;
$hoursSinceLastReset = (strtotime(JFactory::getDate()->toSql()) -
$lastResetTime) / 3600;
if ($hoursSinceLastReset > $resetHours)
{
// If it's been long enough, start a new reset count
$user->lastResetTime = JFactory::getDate()->toSql();
$user->resetCount = 1;
}
elseif ($user->resetCount < $maxCount)
{
// If we are under the max count, just increment the counter
++$user->resetCount;
}
else
{
// At this point, we know we have exceeded the maximum resets for the
time period
$result = false;
}
return $result;
}
}
PK{,�[���?IIrules/loginuniquefield.phpnu�[���<?php
/**
* @package Joomla.Site
* @subpackage com_users
*
* @copyright (C) 2016 Open Source Matters, Inc.
<https://www.joomla.org>
* @license GNU General Public License version 2 or later; see
LICENSE.txt
*/
defined('JPATH_PLATFORM') or die;
use Joomla\Registry\Registry;
/**
* JFormRule for com_users to be sure only one redirect login field has a
value
*
* @since 3.6
*/
class JFormRuleLoginUniqueField extends JFormRule
{
/**
* Method to test if two fields have a value in order to use only one
field.
* To use this rule, the form
* XML needs a validate attribute of loginuniquefield and a field
attribute
* that is equal to the field to test against.
*
* @param SimpleXMLElement $element The SimpleXMLElement object
representing the `<field>` tag for the form field object.
* @param mixed $value The form field value to validate.
* @param string $group The field name group control
value. This acts as an array container for the field.
* For example if the field has
name="foo" and the group value is set to "bar" then the
* full field name would end up being
"bar[foo]".
* @param Registry $input An optional Registry object with
the entire data set to validate against the entire form.
* @param JForm $form The form object for which the
field is being tested.
*
* @return boolean True if the value is valid, false otherwise.
*
* @since 3.6
*/
public function test(SimpleXMLElement $element, $value, $group = null,
Registry $input = null, JForm $form = null)
{
$loginRedirectUrl =
$input['params']->login_redirect_url;
$loginRedirectMenuitem =
$input['params']->login_redirect_menuitem;
if ($form === null)
{
throw new InvalidArgumentException(sprintf('The value for $form
must not be null in %s', get_class($this)));
}
if ($input === null)
{
throw new InvalidArgumentException(sprintf('The value for $input
must not be null in %s', get_class($this)));
}
return true;
}
}
PK{,�[�x NNrules/logoutuniquefield.phpnu�[���<?php
/**
* @package Joomla.Site
* @subpackage com_users
*
* @copyright (C) 2016 Open Source Matters, Inc.
<https://www.joomla.org>
* @license GNU General Public License version 2 or later; see
LICENSE.txt
*/
defined('JPATH_PLATFORM') or die;
use Joomla\Registry\Registry;
/**
* JFormRule for com_users to be sure only one redirect logout field has a
value
*
* @since 3.6
*/
class JFormRuleLogoutUniqueField extends JFormRule
{
/**
* Method to test if two fields have a value in order to use only one
field.
* To use this rule, the form
* XML needs a validate attribute of logoutuniquefield and a field
attribute
* that is equal to the field to test against.
*
* @param SimpleXMLElement $element The SimpleXMLElement object
representing the `<field>` tag for the form field object.
* @param mixed $value The form field value to validate.
* @param string $group The field name group control
value. This acts as an array container for the field.
* For example if the field has
name="foo" and the group value is set to "bar" then the
* full field name would end up being
"bar[foo]".
* @param Registry $input An optional Registry object with
the entire data set to validate against the entire form.
* @param JForm $form The form object for which the
field is being tested.
*
* @return boolean True if the value is valid, false otherwise.
*
* @since 3.6
*/
public function test(SimpleXMLElement $element, $value, $group = null,
Registry $input = null, JForm $form = null)
{
$logoutRedirectUrl =
$input['params']->logout_redirect_url;
$logoutRedirectMenuitem =
$input['params']->logout_redirect_menuitem;
if ($form === null)
{
throw new InvalidArgumentException(sprintf('The value for $form
must not be null in %s', get_class($this)));
}
if ($input === null)
{
throw new InvalidArgumentException(sprintf('The value for $input
must not be null in %s', get_class($this)));
}
return true;
}
}
PK�)�[�"�ZZforms/mailto.xmlnu�[���PK�)�[��f�
�
�mailto.phpnu�[���PK{,�[����gforms/frontend.xmlnu�[���PK{,�[�qniforms/frontend_admin.xmlnu�[���PK{,�[[������forms/login.xmlnu�[���PK{,�[3��cqq�forms/profile.xmlnu�[���PK{,�[ H��
forms/registration.xmlnu�[���PK{,�[j�%���(forms/remind.xmlnu�[���PK{,�[.8��&+forms/reset_complete.xmlnu�[���PK{,�[���H--f.forms/reset_confirm.xmlnu�[���PK{,�[
����0forms/reset_request.xmlnu�[���PK{,�[`����3forms/sitelang.xmlnu�[���PK{,�[�S&p�
�
�4login.phpnu�[���PK{,�[
��9k,k,
�?profile.phpnu�[���PK{,�[|1
H Hrlregistration.phpnu�[���PK{,�[�33
Ѵremind.phpnu�[���PK{,�[���p�1�1 >�reset.phpnu�[���PK{,�[���?II6�rules/loginuniquefield.phpnu�[���PK{,�[�x NN�rules/logoutuniquefield.phpnu�[���PKb