remember.php
3.39 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
<?php
/**
* @package Joomla.Plugin
* @subpackage System.remember
*
* @copyright Copyright (C) 2005 - 2019 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
defined('_JEXEC') or die;
/**
* Joomla! System Remember Me Plugin
*
* @since 1.5
*/
class PlgSystemRemember extends JPlugin
{
/**
* Application object.
*
* @var JApplicationCms
* @since 3.2
*/
protected $app;
/**
* Remember me method to run onAfterInitialise
* Only purpose is to initialise the login authentication process if a cookie is present
*
* @return void
*
* @since 1.5
* @throws InvalidArgumentException
*/
public function onAfterInitialise()
{
// Get the application if not done by JPlugin. This may happen during upgrades from Joomla 2.5.
if (!$this->app)
{
$this->app = JFactory::getApplication();
}
// No remember me for admin.
if ($this->app->isClient('administrator'))
{
return;
}
// Check for a cookie if user is not logged in
if (JFactory::getUser()->get('guest'))
{
$cookieName = 'joomla_remember_me_' . JUserHelper::getShortHashedUserAgent();
// Try with old cookieName (pre 3.6.0) if not found
if (!$this->app->input->cookie->get($cookieName))
{
$cookieName = JUserHelper::getShortHashedUserAgent();
}
// Check for the cookie
if ($this->app->input->cookie->get($cookieName))
{
$this->app->login(array('username' => ''), array('silent' => true));
}
}
}
/**
* Imports the authentication plugin on user logout to make sure that the cookie is destroyed.
*
* @param array $user Holds the user data.
* @param array $options Array holding options (remember, autoregister, group).
*
* @return boolean
*/
public function onUserLogout($user, $options)
{
// No remember me for admin
if ($this->app->isClient('administrator'))
{
return true;
}
$cookieName = 'joomla_remember_me_' . JUserHelper::getShortHashedUserAgent();
// Check for the cookie
if ($this->app->input->cookie->get($cookieName))
{
// Make sure authentication group is loaded to process onUserAfterLogout event
JPluginHelper::importPlugin('authentication');
}
return true;
}
/**
* Method is called before user data is stored in the database
* Invalidate all existing remember-me cookies after a password change
*
* @param array $user Holds the old user data.
* @param boolean $isnew True if a new user is stored.
* @param array $data Holds the new user data.
*
* @return boolean
*
* @since 3.8.6
*/
public function onUserBeforeSave($user, $isnew, $data)
{
// Irrelevant on new users
if ($isnew)
{
return true;
}
// Irrelevant, because password was not changed by user
if (empty($data['password_clear']))
{
return true;
}
/*
* But now, we need to do something
* Delete all tokens for this user!
*/
$db = JFactory::getDbo();
$query = $db->getQuery(true)
->delete('#__user_keys')
->where($db->quoteName('user_id') . ' = ' . $db->quote($user['username']));
try
{
$db->setQuery($query)->execute();
}
catch (RuntimeException $e)
{
// Log an alert for the site admin
JLog::add(
sprintf('Failed to delete cookie token for user %s with the following error: %s', $user['username'], $e->getMessage()),
JLog::WARNING,
'security'
);
}
return true;
}
}