tommaso/liceo-ariosto
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
tommaso
2025-06-17 11:53:18 +02:00
commit 9f0f7ba12b
8804 changed files with 1369176 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
plugins/user/contactcreator/contactcreator.xml Normal file
View File

@ -0,0 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
<extension type="plugin" group="user" method="upgrade">
<name>plg_user_contactcreator</name>
<author>Joomla! Project</author>
<creationDate>2009-08</creationDate>
<copyright>(C) 2009 Open Source Matters, Inc.</copyright>
<license>GNU General Public License version 2 or later; see LICENSE.txt</license>
<authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl>
<version>3.0.0</version>
<description>PLG_CONTACTCREATOR_XML_DESCRIPTION</description>
<namespace path="src">Joomla\Plugin\User\ContactCreator</namespace>
<files>
<folder plugin="contactcreator">services</folder>
<folder>src</folder>
</files>
<languages>
<language tag="en-GB">language/en-GB/plg_user_contactcreator.ini</language>
<language tag="en-GB">language/en-GB/plg_user_contactcreator.sys.ini</language>
</languages>
<config>
<fields name="params">
<fieldset name="basic">
<field
name="autowebpage"
type="text"
label="PLG_CONTACTCREATOR_FIELD_AUTOMATIC_WEBPAGE_LABEL"
description="PLG_CONTACTCREATOR_FIELD_AUTOMATIC_WEBPAGE_DESC"
/>
<field
name="category"
type="category"
label="JCATEGORY"
extension="com_contact"
filter="integer"
/>
<field
name="autopublish"
type="radio"
layout="joomla.form.field.radio.switcher"
label="PLG_CONTACTCREATOR_FIELD_AUTOPUBLISH_LABEL"
default="0"
filter="integer"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
</fieldset>
</fields>
</config>
</extension>

46
plugins/user/contactcreator/services/provider.php Normal file
View File

@ -0,0 +1,46 @@
<?php
/**
* @package Joomla.Plugin
* @subpackage User.contactcreator
*
* @copyright (C) 2023 Open Source Matters, Inc. <https://www.joomla.org>
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
\defined('_JEXEC') or die;
use Joomla\CMS\Extension\PluginInterface;
use Joomla\CMS\Factory;
use Joomla\CMS\Plugin\PluginHelper;
use Joomla\DI\Container;
use Joomla\DI\ServiceProviderInterface;
use Joomla\Event\DispatcherInterface;
use Joomla\Plugin\User\ContactCreator\Extension\ContactCreator;
return new class () implements ServiceProviderInterface {
/**
* Registers the service provider with a DI container.
*
* @param Container $container The DI container.
*
* @return void
*
* @since 4.4.0
*/
public function register(Container $container): void
{
$container->set(
PluginInterface::class,
function (Container $container) {
$plugin = new ContactCreator(
$container->get(DispatcherInterface::class),
(array) PluginHelper::getPlugin('user', 'contactcreator')
);
$plugin->setApplication(Factory::getApplication());
return $plugin;
}
);
}
};

158
plugins/user/contactcreator/src/Extension/ContactCreator.php Normal file
View File

@ -0,0 +1,158 @@
<?php
/**
* @package Joomla.Plugin
* @subpackage User.contactcreator
*
* @copyright (C) 2010 Open Source Matters, Inc. <https://www.joomla.org>
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
namespace Joomla\Plugin\User\ContactCreator\Extension;
use Joomla\CMS\Plugin\CMSPlugin;
use Joomla\Component\Contact\Administrator\Table\ContactTable;
use Joomla\String\StringHelper;
// phpcs:disable PSR1.Files.SideEffects
\defined('_JEXEC') or die;
// phpcs:enable PSR1.Files.SideEffects
/**
* Class for Contact Creator
*
* A tool to automatically create and synchronise contacts with a user
*
* @since 1.6
*/
final class ContactCreator extends CMSPlugin
{
/**
* Utility method to act on a user after it has been saved.
*
* This method creates a contact for the saved user
*
* @param array $user Holds the new user data.
* @param boolean $isnew True if a new user is stored.
* @param boolean $success True if user was successfully stored in the database.
* @param string $msg Message.
*
* @return void
*
* @since 1.6
*/
public function onUserAfterSave($user, $isnew, $success, $msg): void
{
// If the user wasn't stored we don't resync
if (!$success) {
return;
}
// If the user isn't new we don't sync
if (!$isnew) {
return;
}
// Ensure the user id is really an int
$user_id = (int) $user['id'];
// If the user id appears invalid then bail out just in case
if (empty($user_id)) {
return;
}
// Load plugin language files
$this->loadLanguage();
$categoryId = $this->params->get('category', 0);
if (empty($categoryId)) {
$this->getApplication()->enqueueMessage($this->getApplication()->getLanguage()->_('PLG_CONTACTCREATOR_ERR_NO_CATEGORY'), 'error');
return;
}
if ($contact = $this->getContactTable()) {
/**
* Try to pre-load a contact for this user. Apparently only possible if other plugin creates it
* Note: $user_id is cleaned above
*/
if (!$contact->load(['user_id' => (int) $user_id])) {
$contact->published = $this->params->get('autopublish', 0);
}
$contact->name = $user['name'];
$contact->user_id = $user_id;
$contact->email_to = $user['email'];
$contact->catid = $categoryId;
$contact->access = (int) $this->getApplication()->get('access');
$contact->language = '*';
$contact->generateAlias();
// Check if the contact already exists to generate new name & alias if required
if ($contact->id == 0) {
list($name, $alias) = $this->generateAliasAndName($contact->alias, $contact->name, $categoryId);
$contact->name = $name;
$contact->alias = $alias;
}
$autowebpage = $this->params->get('autowebpage', '');
if (!empty($autowebpage)) {
// Search terms
$search_array = ['[name]', '[username]', '[userid]', '[email]'];
// Replacement terms, urlencoded
$replace_array = array_map('urlencode', [$user['name'], $user['username'], $user['id'], $user['email']]);
// Now replace it in together
$contact->webpage = str_replace($search_array, $replace_array, $autowebpage);
}
if ($contact->check() && $contact->store()) {
return;
}
}
$this->getApplication()->enqueueMessage($this->getApplication()->getLanguage()->_('PLG_CONTACTCREATOR_ERR_FAILED_CREATING_CONTACT'), 'error');
}
/**
* Method to change the name & alias if alias is already in use
*
* @param string $alias The alias.
* @param string $name The name.
* @param integer $categoryId Category identifier
*
* @return array Contains the modified title and alias.
*
* @since 3.2.3
*/
private function generateAliasAndName($alias, $name, $categoryId)
{
$table = $this->getContactTable();
while ($table->load(['alias' => $alias, 'catid' => $categoryId])) {
if ($name === $table->name) {
$name = StringHelper::increment($name);
}
$alias = StringHelper::increment($alias, 'dash');
}
return [$name, $alias];
}
/**
* Get an instance of the contact table
*
* @return ContactTable|null
*
* @since 3.2.3
*/
private function getContactTable()
{
return $this->getApplication()->bootComponent('com_contact')->getMVCFactory()->createTable('Contact', 'Administrator');
}
}

59
plugins/user/joomla/joomla.xml Normal file
View File

@ -0,0 +1,59 @@
<?xml version="1.0" encoding="UTF-8"?>
<extension type="plugin" group="user" method="upgrade">
<name>plg_user_joomla</name>
<author>Joomla! Project</author>
<creationDate>2006-12</creationDate>
<copyright>(C) 2006 Open Source Matters, Inc.</copyright>
<license>GNU General Public License version 2 or later; see LICENSE.txt</license>
<authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl>
<version>3.0.0</version>
<description>PLG_USER_JOOMLA_XML_DESCRIPTION</description>
<namespace path="src">Joomla\Plugin\User\Joomla</namespace>
<files>
<folder plugin="joomla">services</folder>
<folder>src</folder>
</files>
<languages>
<language tag="en-GB">language/en-GB/plg_user_joomla.ini</language>
<language tag="en-GB">language/en-GB/plg_user_joomla.sys.ini</language>
</languages>
<config>
<fields name="params">
<fieldset name="basic">
<field
name="autoregister"
type="radio"
layout="joomla.form.field.radio.switcher"
label="PLG_USER_JOOMLA_FIELD_AUTOREGISTER_LABEL"
default="1"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="mail_to_user"
type="radio"
layout="joomla.form.field.radio.switcher"
label="PLG_USER_JOOMLA_FIELD_MAILTOUSER_LABEL"
default="1"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="forceLogout"
type="radio"
layout="joomla.form.field.radio.switcher"
label="PLG_USER_JOOMLA_FIELD_FORCELOGOUT_LABEL"
default="1"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
</fieldset>
</fields>
</config>
</extension>

50
plugins/user/joomla/services/provider.php Normal file
View File

@ -0,0 +1,50 @@
<?php
/**
* @package Joomla.Plugin
* @subpackage User.joomla
*
* @copyright (C) 2023 Open Source Matters, Inc. <https://www.joomla.org>
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
\defined('_JEXEC') or die;
use Joomla\CMS\Extension\PluginInterface;
use Joomla\CMS\Factory;
use Joomla\CMS\Plugin\PluginHelper;
use Joomla\CMS\User\UserFactoryInterface;
use Joomla\Database\DatabaseInterface;
use Joomla\DI\Container;
use Joomla\DI\ServiceProviderInterface;
use Joomla\Event\DispatcherInterface;
use Joomla\Plugin\User\Joomla\Extension\Joomla;
return new class () implements ServiceProviderInterface {
/**
* Registers the service provider with a DI container.
*
* @param Container $container The DI container.
*
* @return void
*
* @since 4.4.0
*/
public function register(Container $container): void
{
$container->set(
PluginInterface::class,
function (Container $container) {
$plugin = new Joomla(
$container->get(DispatcherInterface::class),
(array) PluginHelper::getPlugin('user', 'joomla')
);
$plugin->setApplication(Factory::getApplication());
$plugin->setDatabase($container->get(DatabaseInterface::class));
$plugin->setUserFactory($container->get(UserFactoryInterface::class));
return $plugin;
}
);
}
};

507
plugins/user/joomla/src/Extension/Joomla.php Normal file
View File

@ -0,0 +1,507 @@
<?php
/**
* @package Joomla.Plugin
* @subpackage User.joomla
*
* @copyright (C) 2006 Open Source Matters, Inc. <https://www.joomla.org>
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
namespace Joomla\Plugin\User\Joomla\Extension;
use Joomla\CMS\Component\ComponentHelper;
use Joomla\CMS\Factory;
use Joomla\CMS\Language\LanguageFactoryInterface;
use Joomla\CMS\Log\Log;
use Joomla\CMS\Mail\MailTemplate;
use Joomla\CMS\Plugin\CMSPlugin;
use Joomla\CMS\Uri\Uri;
use Joomla\CMS\User\User;
use Joomla\CMS\User\UserFactoryAwareTrait;
use Joomla\CMS\User\UserHelper;
use Joomla\Database\DatabaseAwareTrait;
use Joomla\Database\Exception\ExecutionFailureException;
use Joomla\Database\ParameterType;
use Joomla\Registry\Registry;
// phpcs:disable PSR1.Files.SideEffects
\defined('_JEXEC') or die;
// phpcs:enable PSR1.Files.SideEffects
/**
* Joomla User plugin
*
* @since 1.5
*/
final class Joomla extends CMSPlugin
{
use DatabaseAwareTrait;
use UserFactoryAwareTrait;
/**
* Set as required the passwords fields when mail to user is set to No
*
* @param \Joomla\CMS\Form\Form $form The form to be altered.
* @param mixed $data The associated data for the form.
*
* @return boolean
*
* @since 4.0.0
*/
public function onContentPrepareForm($form, $data)
{
// Check we are manipulating a valid user form before modifying it.
$name = $form->getName();
if ($name === 'com_users.user') {
// In case there is a validation error (like duplicated user), $data is an empty array on save.
// After returning from error, $data is an array but populated
if (!$data) {
$data = $this->getApplication()->getInput()->get('jform', [], 'array');
}
if (\is_array($data)) {
$data = (object) $data;
}
// Passwords fields are required when mail to user is set to No
if (empty($data->id) && !$this->params->get('mail_to_user', 1)) {
$form->setFieldAttribute('password', 'required', 'true');
$form->setFieldAttribute('password2', 'required', 'true');
}
}
return true;
}
/**
* Remove all sessions for the user name
*
* Method is called after user data is deleted from the database
*
* @param array $user Holds the user data
* @param boolean $success True if user was successfully stored in the database
* @param string $msg Message
*
* @return void
*
* @since 1.6
*/
public function onUserAfterDelete($user, $success, $msg): void
{
if (!$success) {
return;
}
$userId = (int) $user['id'];
// Only execute this if the session metadata is tracked
if ($this->getApplication()->get('session_metadata', true)) {
UserHelper::destroyUserSessions($userId, true);
}
$db = $this->getDatabase();
try {
$db->setQuery(
$db->getQuery(true)
->delete($db->quoteName('#__messages'))
->where($db->quoteName('user_id_from') . ' = :userId')
->bind(':userId', $userId, ParameterType::INTEGER)
)->execute();
} catch (ExecutionFailureException $e) {
// Do nothing.
}
// Delete Multi-factor Authentication user profile records
$profileKey = 'mfa.%';
$query = $db->getQuery(true)
->delete($db->quoteName('#__user_profiles'))
->where($db->quoteName('user_id') . ' = :userId')
->where($db->quoteName('profile_key') . ' LIKE :profileKey')
->bind(':userId', $userId, ParameterType::INTEGER)
->bind(':profileKey', $profileKey, ParameterType::STRING);
try {
$db->setQuery($query)->execute();
} catch (\Exception $e) {
// Do nothing
}
// Delete Multi-factor Authentication records
$query = $db->getQuery(true)
->delete($db->quoteName('#__user_mfa'))
->where($db->quoteName('user_id') . ' = :userId')
->bind(':userId', $userId, ParameterType::INTEGER);
try {
$db->setQuery($query)->execute();
} catch (\Exception $e) {
// Do nothing
}
}
/**
* Utility method to act on a user after it has been saved.
*
* This method sends a registration email to new users created in the backend.
*
* @param array $user Holds the new user data.
* @param boolean $isnew True if a new user is stored.
* @param boolean $success True if user was successfully stored in the database.
* @param string $msg Message.
*
* @return void
*
* @since 1.6
*/
public function onUserAfterSave($user, $isnew, $success, $msg): void
{
$mail_to_user = $this->params->get('mail_to_user', 1);
if (!$isnew || !$mail_to_user) {
return;
}
$app = $this->getApplication();
$language = $app->getLanguage();
$defaultLocale = $language->getTag();
// @todo: Suck in the frontend registration emails here as well. Job for a rainy day.
// The method check here ensures that if running as a CLI Application we don't get any errors
if (method_exists($app, 'isClient') && ($app->isClient('site') || $app->isClient('cli'))) {
return;
}
// Check if we have a sensible from email address, if not bail out as mail would not be sent anyway
if (strpos($app->get('mailfrom'), '@') === false) {
$app->enqueueMessage($language->_('JERROR_SENDING_EMAIL'), 'warning');
return;
}
/**
* Look for user language. Priority:
* 1. User frontend language
* 2. User backend language
*/
$userParams = new Registry($user['params']);
$userLocale = $userParams->get('language', $userParams->get('admin_language', $defaultLocale));
// Temporarily set application language to user's language.
if ($userLocale !== $defaultLocale) {
Factory::$language = Factory::getContainer()
->get(LanguageFactoryInterface::class)
->createLanguage($userLocale, $app->get('debug_lang', false));
if (method_exists($app, 'loadLanguage')) {
$app->loadLanguage(Factory::$language);
}
}
// Load plugin language files.
$this->loadLanguage();
// Collect data for mail
$data = [
'name' => $user['name'],
'sitename' => $app->get('sitename'),
'url' => Uri::root(),
'username' => $user['username'],
'password' => $user['password_clear'],
'email' => $user['email'],
];
$mailer = new MailTemplate('plg_user_joomla.mail', $userLocale);
$mailer->addTemplateData($data);
$mailer->addRecipient($user['email'], $user['name']);
try {
$res = $mailer->send();
} catch (\Exception $exception) {
try {
Log::add($language->_($exception->getMessage()), Log::WARNING, 'jerror');
$res = false;
} catch (\RuntimeException $exception) {
$app->enqueueMessage($language->_($exception->getMessage()), 'warning');
$res = false;
}
}
if ($res === false) {
$app->enqueueMessage($language->_('JERROR_SENDING_EMAIL'), 'warning');
}
// Set application language back to default if we changed it
if ($userLocale !== $defaultLocale) {
Factory::$language = $language;
if (method_exists($app, 'loadLanguage')) {
$app->loadLanguage($language);
}
}
}
/**
* This method should handle any login logic and report back to the subject
*
* @param array $user Holds the user data
* @param array $options Array holding options (remember, autoregister, group)
*
* @return boolean True on success
*
* @since 1.5
*/
public function onUserLogin($user, $options = [])
{
$instance = $this->getUser($user, $options);
// If getUser returned an error, then pass it back.
if ($instance instanceof \Exception) {
return false;
}
// If the user is blocked, redirect with an error
if ($instance->block == 1) {
$this->getApplication()->enqueueMessage($this->getApplication()->getLanguage()->_('JERROR_NOLOGIN_BLOCKED'), 'warning');
return false;
}
// Authorise the user based on the group information
if (!isset($options['group'])) {
$options['group'] = 'USERS';
}
// Check the user can login.
$result = $instance->authorise($options['action']);
if (!$result) {
$this->getApplication()->enqueueMessage($this->getApplication()->getLanguage()->_('JERROR_LOGIN_DENIED'), 'warning');
return false;
}
// Mark the user as logged in
$instance->guest = 0;
// Load the logged in user to the application
$this->getApplication()->loadIdentity($instance);
$session = $this->getApplication()->getSession();
// Grab the current session ID
$oldSessionId = $session->getId();
// Fork the session
$session->fork();
// Register the needed session variables
$session->set('user', $instance);
// Update the user related fields for the Joomla sessions table if tracking session metadata.
if ($this->getApplication()->get('session_metadata', true)) {
$this->getApplication()->checkSession();
}
$db = $this->getDatabase();
// Purge the old session
$query = $db->getQuery(true)
->delete($db->quoteName('#__session'))
->where($db->quoteName('session_id') . ' = :sessionid')
->bind(':sessionid', $oldSessionId);
try {
$db->setQuery($query)->execute();
} catch (\RuntimeException $e) {
// The old session is already invalidated, don't let this block logging in
}
// Hit the user last visit field
$instance->setLastVisit();
// Add "user state" cookie used for reverse caching proxies like Varnish, Nginx etc.
if ($this->getApplication()->isClient('site')) {
$this->getApplication()->getInput()->cookie->set(
'joomla_user_state',
'logged_in',
0,
$this->getApplication()->get('cookie_path', '/'),
$this->getApplication()->get('cookie_domain', ''),
$this->getApplication()->isHttpsForced(),
true
);
}
return true;
}
/**
* This method should handle any logout logic and report back to the subject
*
* @param array $user Holds the user data.
* @param array $options Array holding options (client, ...).
*
* @return boolean True on success
*
* @since 1.5
*/
public function onUserLogout($user, $options = [])
{
$my = $this->getApplication()->getIdentity();
$session = Factory::getSession();
$userid = (int) $user['id'];
// Make sure we're a valid user first
if ($user['id'] === 0 && !$my->get('tmp_user')) {
return true;
}
$sharedSessions = $this->getApplication()->get('shared_session', '0');
// Check to see if we're deleting the current session
if ($my->id == $userid && ($sharedSessions || (!$sharedSessions && $options['clientid'] == $this->getApplication()->getClientId()))) {
// Hit the user last visit field
$my->setLastVisit();
// Destroy the php session for this user
$session->destroy();
}
// Enable / Disable Forcing logout all users with same userid, but only if session metadata is tracked
$forceLogout = $this->params->get('forceLogout', 1) && $this->getApplication()->get('session_metadata', true);
if ($forceLogout) {
$clientId = $sharedSessions ? null : (int) $options['clientid'];
UserHelper::destroyUserSessions($user['id'], false, $clientId);
}
// Delete "user state" cookie used for reverse caching proxies like Varnish, Nginx etc.
if ($this->getApplication()->isClient('site')) {
$this->getApplication()->getInput()->cookie->set('joomla_user_state', '', 1, $this->getApplication()->get('cookie_path', '/'), $this->getApplication()->get('cookie_domain', ''));
}
return true;
}
/**
* Hooks on the Joomla! login event. Detects silent logins and disables the Multi-Factor
* Authentication page in this case.
*
* Moreover, it will save the redirection URL and the Captive URL which is necessary in Joomla 4. You see, in Joomla
* 4 having unified sessions turned on makes the backend login redirect you to the frontend of the site AFTER
* logging in, something which would cause the Captive page to appear in the frontend and redirect you to the public
* frontend homepage after successfully passing the Two Step verification process.
*
* @param array $options Passed by Joomla. user: a User object; responseType: string, authentication response type.
*
* @return void
* @since 4.2.0
*/
public function onUserAfterLogin(array $options): void
{
if (!($this->getApplication()->isClient('administrator')) && !($this->getApplication()->isClient('site'))) {
return;
}
$this->disableMfaOnSilentLogin($options);
}
/**
* Detect silent logins and disable MFA if the relevant com_users option is set.
*
* @param array $options The array of login options and login result
*
* @return void
* @since 4.2.0
*/
private function disableMfaOnSilentLogin(array $options): void
{
$userParams = ComponentHelper::getParams('com_users');
$doMfaOnSilentLogin = $userParams->get('mfaonsilent', 0) == 1;
// Should I show MFA even on silent logins? Default: 1 (yes, show)
if ($doMfaOnSilentLogin) {
return;
}
// Make sure I have a valid user
/** @var User $user */
$user = $options['user'];
if (!\is_object($user) || !($user instanceof User) || $user->guest) {
return;
}
$silentResponseTypes = array_map(
'trim',
explode(',', $userParams->get('silentresponses', '') ?: '')
);
$silentResponseTypes = $silentResponseTypes ?: ['cookie', 'passwordless'];
// Only proceed if this is not a silent login
if (!\in_array(strtolower($options['responseType'] ?? ''), $silentResponseTypes)) {
return;
}
// Set the flag indicating that MFA is already checked.
$this->getApplication()->getSession()->set('com_users.mfa_checked', 1);
}
/**
* This method will return a user object
*
* If options['autoregister'] is true, if the user doesn't exist yet they will be created
*
* @param array $user Holds the user data.
* @param array $options Array holding options (remember, autoregister, group).
*
* @return User
*
* @since 1.5
*/
private function getUser($user, $options = [])
{
$instance = $this->getUserFactory()->loadUserByUsername($user['username']);
if ($instance && $instance->id) {
return $instance;
}
$instance = $this->getUserFactory()->loadUserById(0);
// @todo : move this out of the plugin
$params = ComponentHelper::getParams('com_users');
// Read the default user group option from com_users
$defaultUserGroup = $params->get('new_usertype', $params->get('guest_usergroup', 1));
$instance->id = 0;
$instance->name = $user['fullname'];
$instance->username = $user['username'];
$instance->password_clear = $user['password_clear'];
// Result should contain an email (check).
$instance->email = $user['email'];
$instance->groups = [$defaultUserGroup];
// If autoregister is set let's register the user
$autoregister = $options['autoregister'] ?? $this->params->get('autoregister', 1);
if ($autoregister) {
if (!$instance->save()) {
Log::add('Failed to automatically create account for user ' . $user['username'] . '.', Log::WARNING, 'error');
}
} else {
// No existing user and autoregister off, this is a temporary user.
$instance->set('tmp_user', true);
}
return $instance;
}
}

113
plugins/user/profile/forms/profile.xml Normal file
View File

@ -0,0 +1,113 @@
<?xml version="1.0" encoding="UTF-8"?>
<form>
<fields name="profile">
<fieldset
name="profile"
label="PLG_USER_PROFILE_SLIDER_LABEL"
>
<field
name="address1"
type="text"
label="PLG_USER_PROFILE_FIELD_ADDRESS1_LABEL"
filter="string"
size="30"
/>
<field
name="address2"
type="text"
label="PLG_USER_PROFILE_FIELD_ADDRESS2_LABEL"
filter="string"
size="30"
/>
<field
name="city"
type="text"
label="PLG_USER_PROFILE_FIELD_CITY_LABEL"
filter="string"
size="30"
/>
<field
name="region"
type="text"
label="PLG_USER_PROFILE_FIELD_REGION_LABEL"
filter="string"
size="30"
/>
<field
name="country"
type="text"
label="PLG_USER_PROFILE_FIELD_COUNTRY_LABEL"
filter="string"
size="30"
/>
<field
name="postal_code"
type="text"
label="PLG_USER_PROFILE_FIELD_POSTAL_CODE_LABEL"
filter="string"
size="30"
/>
<field
name="phone"
type="tel"
label="PLG_USER_PROFILE_FIELD_PHONE_LABEL"
filter="string"
size="30"
/>
<field
name="website"
type="url"
label="PLG_USER_PROFILE_FIELD_WEB_SITE_LABEL"
filter="url"
size="30"
validate="url"
/>
<field
name="favoritebook"
type="text"
label="PLG_USER_PROFILE_FIELD_FAVORITE_BOOK_LABEL"
filter="string"
size="30"
/>
<field
name="aboutme"
type="textarea"
label="PLG_USER_PROFILE_FIELD_ABOUT_ME_LABEL"
cols="30"
rows="5"
filter="safehtml"
/>
<field
name="dob"
type="calendar"
label="PLG_USER_PROFILE_FIELD_DOB_LABEL"
description="PLG_USER_PROFILE_FIELD_DOB_DESCRIPTION"
hint="PLG_USER_PROFILE_FIELD_DOB_HINT"
translateformat="true"
showtime="false"
filter="server_utc"
/>
<field
name="tos"
type="tos"
label="PLG_USER_PROFILE_FIELD_TOS_LABEL"
default="0"
filter="integer"
>
<option value="1">PLG_USER_PROFILE_OPTION_AGREE</option>
<option value="0">PLG_USER_PROFILE_OPTION_DO_NOT_AGREE</option>
</field>
</fieldset>
</fields>
</form>

356
plugins/user/profile/profile.xml Normal file
View File

@ -0,0 +1,356 @@
<?xml version="1.0" encoding="UTF-8"?>
<extension type="plugin" group="user" method="upgrade">
<name>plg_user_profile</name>
<author>Joomla! Project</author>
<creationDate>2008-01</creationDate>
<copyright>(C) 2008 Open Source Matters, Inc.</copyright>
<license>GNU General Public License version 2 or later; see LICENSE.txt</license>
<authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl>
<version>3.0.0</version>
<description>PLG_USER_PROFILE_XML_DESCRIPTION</description>
<namespace path="src">Joomla\Plugin\User\Profile</namespace>
<files>
<folder>forms</folder>
<folder plugin="profile">services</folder>
<folder>src</folder>
</files>
<languages>
<language tag="en-GB">language/en-GB/plg_user_profile.ini</language>
<language tag="en-GB">language/en-GB/plg_user_profile.sys.ini</language>
</languages>
<config>
<fields name="params">
<fieldset name="basic" addfieldprefix="Joomla\Component\Content\Administrator\Field">
<field
name="register-require-user"
type="spacer"
label="PLG_USER_PROFILE_FIELD_NAME_REGISTER_REQUIRE_USER"
class="text"
/>
<field
name="register-require_address1"
type="list"
label="PLG_USER_PROFILE_FIELD_ADDRESS1_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="register-require_address2"
type="list"
label="PLG_USER_PROFILE_FIELD_ADDRESS2_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="register-require_city"
type="list"
label="PLG_USER_PROFILE_FIELD_CITY_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="register-require_region"
type="list"
label="PLG_USER_PROFILE_FIELD_REGION_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="register-require_country"
type="list"
label="PLG_USER_PROFILE_FIELD_COUNTRY_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="register-require_postal_code"
type="list"
label="PLG_USER_PROFILE_FIELD_POSTAL_CODE_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="register-require_phone"
type="list"
label="PLG_USER_PROFILE_FIELD_PHONE_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="register-require_website"
type="list"
label="PLG_USER_PROFILE_FIELD_WEB_SITE_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="register-require_favoritebook"
type="list"
label="PLG_USER_PROFILE_FIELD_FAVORITE_BOOK_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="register-require_aboutme"
type="list"
label="PLG_USER_PROFILE_FIELD_ABOUT_ME_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="register-require_tos"
type="list"
label="PLG_USER_PROFILE_FIELD_TOS_LABEL"
default="0"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="0">JDISABLED</option>
</field>
<field
name="register_tos_article"
type="modal_article"
label="PLG_USER_PROFILE_FIELD_TOS_ARTICLE_LABEL"
select="true"
new="true"
edit="true"
clear="true"
filter="integer"
/>
<field
name="register-require_dob"
type="list"
label="PLG_USER_PROFILE_FIELD_DOB_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="spacer1"
type="spacer"
hr="true"
/>
<field
name="profile-require-user"
type="spacer"
label="PLG_USER_PROFILE_FIELD_NAME_PROFILE_REQUIRE_USER"
class="text"
/>
<field
name="profile-require_address1"
type="list"
label="PLG_USER_PROFILE_FIELD_ADDRESS1_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="profile-require_address2"
type="list"
label="PLG_USER_PROFILE_FIELD_ADDRESS2_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="profile-require_city"
type="list"
label="PLG_USER_PROFILE_FIELD_CITY_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="profile-require_region"
type="list"
label="PLG_USER_PROFILE_FIELD_REGION_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="profile-require_country"
type="list"
label="PLG_USER_PROFILE_FIELD_COUNTRY_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="profile-require_postal_code"
type="list"
label="PLG_USER_PROFILE_FIELD_POSTAL_CODE_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="profile-require_phone"
type="list"
label="PLG_USER_PROFILE_FIELD_PHONE_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="profile-require_website"
type="list"
label="PLG_USER_PROFILE_FIELD_WEB_SITE_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="profile-require_favoritebook"
type="list"
label="PLG_USER_PROFILE_FIELD_FAVORITE_BOOK_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="profile-require_aboutme"
type="list"
label="PLG_USER_PROFILE_FIELD_ABOUT_ME_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
<field
name="profile-require_dob"
type="list"
label="PLG_USER_PROFILE_FIELD_DOB_LABEL"
default="1"
filter="integer"
validate="options"
>
<option value="2">JOPTION_REQUIRED</option>
<option value="1">JOPTION_OPTIONAL</option>
<option value="0">JDISABLED</option>
</field>
</fieldset>
</fields>
</config>
</extension>

48
plugins/user/profile/services/provider.php Normal file
View File

@ -0,0 +1,48 @@
<?php
/**
* @package Joomla.Plugin
* @subpackage User.profile
*
* @copyright (C) 2023 Open Source Matters, Inc. <https://www.joomla.org>
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
\defined('_JEXEC') or die;
use Joomla\CMS\Extension\PluginInterface;
use Joomla\CMS\Factory;
use Joomla\CMS\Plugin\PluginHelper;
use Joomla\Database\DatabaseInterface;
use Joomla\DI\Container;
use Joomla\DI\ServiceProviderInterface;
use Joomla\Event\DispatcherInterface;
use Joomla\Plugin\User\Profile\Extension\Profile;
return new class () implements ServiceProviderInterface {
/**
* Registers the service provider with a DI container.
*
* @param Container $container The DI container.
*
* @return void
*
* @since 4.4.0
*/
public function register(Container $container): void
{
$container->set(
PluginInterface::class,
function (Container $container) {
$plugin = new Profile(
$container->get(DispatcherInterface::class),
(array) PluginHelper::getPlugin('user', 'profile')
);
$plugin->setApplication(Factory::getApplication());
$plugin->setDatabase($container->get(DatabaseInterface::class));
return $plugin;
}
);
}
};

445
plugins/user/profile/src/Extension/Profile.php Normal file
View File

@ -0,0 +1,445 @@
<?php
/**
* @package Joomla.Plugin
* @subpackage User.profile
*
* @copyright (C) 2009 Open Source Matters, Inc. <https://www.joomla.org>
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
namespace Joomla\Plugin\User\Profile\Extension;
use Exception;
use Joomla\CMS\Date\Date;
use Joomla\CMS\Form\Form;
use Joomla\CMS\Form\FormHelper;
use Joomla\CMS\HTML\HTMLHelper;
use Joomla\CMS\Language\Text;
use Joomla\CMS\Plugin\CMSPlugin;
use Joomla\CMS\String\PunycodeHelper;
use Joomla\Database\DatabaseAwareTrait;
use Joomla\Database\ParameterType;
use Joomla\Utilities\ArrayHelper;
// phpcs:disable PSR1.Files.SideEffects
\defined('_JEXEC') or die;
// phpcs:enable PSR1.Files.SideEffects
/**
* An example custom profile plugin.
*
* @since 1.6
*/
final class Profile extends CMSPlugin
{
use DatabaseAwareTrait;
/**
* Date of birth.
*
* @var string
*
* @since 3.1
*/
private $date = '';
/**
* Runs on content preparation
*
* @param string $context The context for the data
* @param object $data An object containing the data for the form.
*
* @return boolean
*
* @since 1.6
*/
public function onContentPrepareData($context, $data)
{
// Check we are manipulating a valid form.
if (!\in_array($context, ['com_users.profile', 'com_users.user', 'com_users.registration'])) {
return true;
}
// Load plugin language files
$this->loadLanguage();
if (\is_object($data)) {
$userId = $data->id ?? 0;
if (!isset($data->profile) && $userId > 0) {
// Load the profile data from the database.
$db = $this->getDatabase();
$query = $db->getQuery(true)
->select(
[
$db->quoteName('profile_key'),
$db->quoteName('profile_value'),
]
)
->from($db->quoteName('#__user_profiles'))
->where($db->quoteName('user_id') . ' = :userid')
->where($db->quoteName('profile_key') . ' LIKE ' . $db->quote('profile.%'))
->order($db->quoteName('ordering'))
->bind(':userid', $userId, ParameterType::INTEGER);
$db->setQuery($query);
$results = $db->loadRowList();
// Merge the profile data.
$data->profile = [];
foreach ($results as $v) {
$k = str_replace('profile.', '', $v[0]);
$data->profile[$k] = json_decode($v[1], true);
if ($data->profile[$k] === null) {
$data->profile[$k] = $v[1];
}
}
}
if (!HTMLHelper::isRegistered('users.url')) {
HTMLHelper::register('users.url', [__CLASS__, 'url']);
}
if (!HTMLHelper::isRegistered('users.calendar')) {
HTMLHelper::register('users.calendar', [__CLASS__, 'calendar']);
}
if (!HTMLHelper::isRegistered('users.tos')) {
HTMLHelper::register('users.tos', [__CLASS__, 'tos']);
}
if (!HTMLHelper::isRegistered('users.dob')) {
HTMLHelper::register('users.dob', [__CLASS__, 'dob']);
}
}
return true;
}
/**
* Returns an anchor tag generated from a given value
*
* @param string $value URL to use
*
* @return mixed|string
*/
public static function url($value)
{
if (empty($value)) {
return HTMLHelper::_('users.value', $value);
}
// Convert website URL to utf8 for display
$value = PunycodeHelper::urlToUTF8(htmlspecialchars($value));
if (strpos($value, 'http') === 0) {
return '<a href="' . $value . '">' . $value . '</a>';
}
return '<a href="http://' . $value . '">' . $value . '</a>';
}
/**
* Returns html markup showing a date picker
*
* @param string $value valid date string
*
* @return mixed
*/
public static function calendar($value)
{
if (empty($value)) {
return HTMLHelper::_('users.value', $value);
}
return HTMLHelper::_('date', $value, null, null);
}
/**
* Returns the date of birth formatted and calculated using server timezone.
*
* @param string $value valid date string
*
* @return mixed
*/
public static function dob($value)
{
if (!$value) {
return '';
}
return HTMLHelper::_('date', $value, Text::_('DATE_FORMAT_LC1'), false);
}
/**
* Return the translated strings yes or no depending on the value
*
* @param boolean $value input value
*
* @return string
*/
public static function tos($value)
{
if ($value) {
return Text::_('JYES');
}
return Text::_('JNO');
}
/**
* Adds additional fields to the user editing form
*
* @param Form $form The form to be altered.
* @param mixed $data The associated data for the form.
*
* @return boolean
*
* @since 1.6
*/
public function onContentPrepareForm(Form $form, $data)
{
// Check we are manipulating a valid form.
$name = $form->getName();
if (!\in_array($name, ['com_users.user', 'com_users.profile', 'com_users.registration'])) {
return true;
}
// Load plugin language files
$this->loadLanguage();
// Add the registration fields to the form.
FormHelper::addFieldPrefix('Joomla\\Plugin\\User\\Profile\\Field');
FormHelper::addFormPath(JPATH_PLUGINS . '/' . $this->_type . '/' . $this->_name . '/forms');
$form->loadFile('profile');
$fields = [
'address1',
'address2',
'city',
'region',
'country',
'postal_code',
'phone',
'website',
'favoritebook',
'aboutme',
'dob',
'tos',
];
$tosArticle = $this->params->get('register_tos_article');
$tosEnabled = $this->params->get('register-require_tos', 0);
// We need to be in the registration form and field needs to be enabled
if ($name !== 'com_users.registration' || !$tosEnabled) {
// We only want the TOS in the registration form
$form->removeField('tos', 'profile');
} else {
// Push the TOS article ID into the TOS field.
$form->setFieldAttribute('tos', 'article', $tosArticle, 'profile');
}
foreach ($fields as $field) {
// Case using the users manager in admin
if ($name === 'com_users.user') {
// Toggle whether the field is required.
if ($this->params->get('profile-require_' . $field, 1) > 0) {
$form->setFieldAttribute($field, 'required', ($this->params->get('profile-require_' . $field) == 2) ? 'required' : '', 'profile');
} elseif (
// Remove the field if it is disabled in registration and profile
$this->params->get('register-require_' . $field, 1) == 0
&& $this->params->get('profile-require_' . $field, 1) == 0
) {
$form->removeField($field, 'profile');
}
} elseif ($name === 'com_users.registration') {
// Case registration
// Toggle whether the field is required.
if ($this->params->get('register-require_' . $field, 1) > 0) {
$form->setFieldAttribute($field, 'required', ($this->params->get('register-require_' . $field) == 2) ? 'required' : '', 'profile');
} else {
$form->removeField($field, 'profile');
}
} elseif ($name === 'com_users.profile') {
// Case profile in site or admin
// Toggle whether the field is required.
if ($this->params->get('profile-require_' . $field, 1) > 0) {
$form->setFieldAttribute($field, 'required', ($this->params->get('profile-require_' . $field) == 2) ? 'required' : '', 'profile');
} else {
$form->removeField($field, 'profile');
}
}
}
// Drop the profile form entirely if there aren't any fields to display.
$remainingfields = $form->getGroup('profile');
if (!\count($remainingfields)) {
$form->removeGroup('profile');
}
return true;
}
/**
* Method is called before user data is stored in the database
*
* @param array $user Holds the old user data.
* @param boolean $isnew True if a new user is stored.
* @param array $data Holds the new user data.
*
* @return boolean
*
* @since 3.1
* @throws \InvalidArgumentException on invalid date.
*/
public function onUserBeforeSave($user, $isnew, $data)
{
// Load plugin language files
$this->loadLanguage();
// Check that the date is valid.
if (!empty($data['profile']['dob'])) {
try {
$date = new Date($data['profile']['dob']);
$this->date = $date->format('Y-m-d H:i:s');
} catch (\Exception $e) {
// Throw an exception if date is not valid.
throw new \InvalidArgumentException($this->getApplication()->getLanguage()->_('PLG_USER_PROFILE_ERROR_INVALID_DOB'));
}
if (Date::getInstance('now') < $date) {
// Throw an exception if dob is greater than now.
throw new \InvalidArgumentException($this->getApplication()->getLanguage()->_('PLG_USER_PROFILE_ERROR_INVALID_DOB_FUTURE_DATE'));
}
}
// Check that the tos is checked if required ie only in registration from frontend.
$task = $this->getApplication()->getInput()->getCmd('task');
$option = $this->getApplication()->getInput()->getCmd('option');
$tosEnabled = ($this->params->get('register-require_tos', 0) == 2);
// Check that the tos is checked.
if ($task === 'register' && $tosEnabled && $option === 'com_users' && !$data['profile']['tos']) {
throw new \InvalidArgumentException($this->getApplication()->getLanguage()->_('PLG_USER_PROFILE_FIELD_TOS_DESC_SITE'));
}
return true;
}
/**
* Saves user profile data
*
* @param array $data entered user data
* @param boolean $isNew true if this is a new user
* @param boolean $result true if saving the user worked
* @param string $error error message
*
* @return void
*/
public function onUserAfterSave($data, $isNew, $result, $error): void
{
$userId = ArrayHelper::getValue($data, 'id', 0, 'int');
if ($userId && $result && isset($data['profile']) && \count($data['profile'])) {
$db = $this->getDatabase();
// Sanitize the date
if (!empty($data['profile']['dob'])) {
$data['profile']['dob'] = $this->date;
}
$keys = array_keys($data['profile']);
foreach ($keys as &$key) {
$key = 'profile.' . $key;
}
$query = $db->getQuery(true)
->delete($db->quoteName('#__user_profiles'))
->where($db->quoteName('user_id') . ' = :userid')
->whereIn($db->quoteName('profile_key'), $keys, ParameterType::STRING)
->bind(':userid', $userId, ParameterType::INTEGER);
$db->setQuery($query);
$db->execute();
$query->clear()
->select($db->quoteName('ordering'))
->from($db->quoteName('#__user_profiles'))
->where($db->quoteName('user_id') . ' = :userid')
->bind(':userid', $userId, ParameterType::INTEGER);
$db->setQuery($query);
$usedOrdering = $db->loadColumn();
$order = 1;
$query->clear()
->insert($db->quoteName('#__user_profiles'));
foreach ($data['profile'] as $k => $v) {
while (\in_array($order, $usedOrdering)) {
$order++;
}
$query->values(
implode(
',',
$query->bindArray(
[
$userId,
'profile.' . $k,
json_encode($v),
$order++,
],
[
ParameterType::INTEGER,
ParameterType::STRING,
ParameterType::STRING,
ParameterType::INTEGER,
]
)
)
);
}
$db->setQuery($query);
$db->execute();
}
}
/**
* Remove all user profile information for the given user ID
*
* Method is called after user data is deleted from the database
*
* @param array $user Holds the user data
* @param boolean $success True if user was successfully stored in the database
* @param string $msg Message
*
* @return void
*/
public function onUserAfterDelete($user, $success, $msg): void
{
if (!$success) {
return;
}
$userId = ArrayHelper::getValue($user, 'id', 0, 'int');
if ($userId) {
$db = $this->getDatabase();
$query = $db->getQuery(true)
->delete($db->quoteName('#__user_profiles'))
->where($db->quoteName('user_id') . ' = :userid')
->where($db->quoteName('profile_key') . ' LIKE ' . $db->quote('profile.%'))
->bind(':userid', $userId, ParameterType::INTEGER);
$db->setQuery($query);
$db->execute();
}
}
}

144
plugins/user/profile/src/Field/TosField.php Normal file
View File

@ -0,0 +1,144 @@
<?php
/**
* @package Joomla.Plugin
* @subpackage User.profile
*
* @copyright (C) 2012 Open Source Matters, Inc. <https://www.joomla.org>
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
namespace Joomla\Plugin\User\Profile\Field;
use Joomla\CMS\Factory;
use Joomla\CMS\Form\Field\RadioField;
use Joomla\CMS\HTML\HTMLHelper;
use Joomla\CMS\Language\Associations;
use Joomla\CMS\Language\Text;
use Joomla\CMS\Router\Route;
use Joomla\Component\Content\Site\Helper\RouteHelper;
use Joomla\Database\ParameterType;
// phpcs:disable PSR1.Files.SideEffects
\defined('_JEXEC') or die;
// phpcs:enable PSR1.Files.SideEffects
/**
* Provides input for TOS
*
* @since 2.5.5
*/
class TosField extends RadioField
{
/**
* The form field type.
*
* @var string
* @since 2.5.5
*/
protected $type = 'Tos';
/**
* Method to get the field label markup.
*
* @return string The field label markup.
*
* @since 2.5.5
*/
protected function getLabel()
{
$label = '';
if ($this->hidden) {
return $label;
}
// Get the label text from the XML element, defaulting to the element name.
$text = $this->element['label'] ? (string) $this->element['label'] : (string) $this->element['name'];
$text = $this->translateLabel ? Text::_($text) : $text;
// Set required to true as this field is not displayed at all if not required.
$this->required = true;
// Build the class for the label.
$class = !empty($this->description) ? 'hasPopover' : '';
$class .= ' required';
$class = !empty($this->labelClass) ? $class . ' ' . $this->labelClass : $class;
// Add the opening label tag and main attributes attributes.
$label .= '<label id="' . $this->id . '-lbl" for="' . $this->id . '" class="' . $class . '"';
// If a description is specified, use it to build a tooltip.
if (!empty($this->description)) {
HTMLHelper::_('bootstrap.popover', '.hasPopover');
$label .= ' data-bs-content="' . htmlspecialchars(
$this->translateDescription ? Text::_($this->description) : $this->description,
ENT_COMPAT,
'UTF-8'
) . '"';
if (Factory::getLanguage()->isRtl()) {
$label .= ' data-bs-placement="left"';
}
}
$tosArticle = $this->element['article'] > 0 ? (int) $this->element['article'] : 0;
if ($tosArticle) {
$attribs = [];
$attribs['data-bs-toggle'] = 'modal';
$attribs['data-bs-target'] = '#tosModal';
$db = $this->getDatabase();
$query = $db->getQuery(true);
$query->select($db->quoteName(['id', 'alias', 'catid', 'language']))
->from($db->quoteName('#__content'))
->where($db->quoteName('id') . ' = :id')
->bind(':id', $tosArticle, ParameterType::INTEGER);
$db->setQuery($query);
$article = $db->loadObject();
if (Associations::isEnabled()) {
$tosAssociated = Associations::getAssociations('com_content', '#__content', 'com_content.item', $tosArticle);
}
$currentLang = Factory::getLanguage()->getTag();
if (isset($tosAssociated) && $currentLang !== $article->language && \array_key_exists($currentLang, $tosAssociated)) {
$url = RouteHelper::getArticleRoute(
$tosAssociated[$currentLang]->id,
$tosAssociated[$currentLang]->catid,
$tosAssociated[$currentLang]->language
);
$link = HTMLHelper::_('link', Route::_($url . '&tmpl=component'), $text, $attribs);
} else {
$slug = $article->alias ? ($article->id . ':' . $article->alias) : $article->id;
$url = RouteHelper::getArticleRoute($slug, $article->catid, $article->language);
$link = HTMLHelper::_('link', Route::_($url . '&tmpl=component'), $text, $attribs);
}
echo HTMLHelper::_(
'bootstrap.renderModal',
'tosModal',
[
'url' => Route::_($url . '&tmpl=component'),
'title' => $text,
'height' => '100%',
'width' => '100%',
'modalWidth' => '800',
'bodyHeight' => '500',
'footer' => '<button type="button" class="btn btn-secondary" data-bs-dismiss="modal" aria-hidden="true">'
. Text::_('JLIB_HTML_BEHAVIOR_CLOSE') . '</button>',
]
);
} else {
$link = $text;
}
// Add the label text and closing tag.
$label .= '>' . $link . '<span class="star" aria-hidden="true">&#160;*</span></label>';
return $label;
}
}

21
plugins/user/terms/forms/terms.xml Normal file
View File

@ -0,0 +1,21 @@
<?xml version="1.0" encoding="UTF-8"?>
<form>
<fields name="terms">
<fieldset
name="terms"
label="PLG_USER_TERMS_LABEL"
>
<field
name="terms"
type="terms"
label="PLG_USER_TERMS_FIELD_LABEL"
default="0"
filter="integer"
required="true"
>
<option value="1">PLG_USER_TERMS_OPTION_AGREE</option>
<option value="0">PLG_USER_TERMS_OPTION_DO_NOT_AGREE</option>
</field>
</fieldset>
</fields>
</form>

46
plugins/user/terms/services/provider.php Normal file
View File

@ -0,0 +1,46 @@
<?php
/**
* @package Joomla.Plugin
* @subpackage User.terms
*
* @copyright (C) 2023 Open Source Matters, Inc. <https://www.joomla.org>
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
\defined('_JEXEC') or die;
use Joomla\CMS\Extension\PluginInterface;
use Joomla\CMS\Factory;
use Joomla\CMS\Plugin\PluginHelper;
use Joomla\DI\Container;
use Joomla\DI\ServiceProviderInterface;
use Joomla\Event\DispatcherInterface;
use Joomla\Plugin\User\Terms\Extension\Terms;
return new class () implements ServiceProviderInterface {
/**
* Registers the service provider with a DI container.
*
* @param Container $container The DI container.
*
* @return void
*
* @since 4.4.0
*/
public function register(Container $container): void
{
$container->set(
PluginInterface::class,
function (Container $container) {
$plugin = new Terms(
$container->get(DispatcherInterface::class),
(array) PluginHelper::getPlugin('user', 'terms')
);
$plugin->setApplication(Factory::getApplication());
return $plugin;
}
);
}
};

145
plugins/user/terms/src/Extension/Terms.php Normal file
View File

@ -0,0 +1,145 @@
<?php
/**
* @package Joomla.Plugin
* @subpackage User.terms
*
* @copyright (C) 2018 Open Source Matters, Inc. <https://www.joomla.org>
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
namespace Joomla\Plugin\User\Terms\Extension;
use Joomla\CMS\Form\Form;
use Joomla\CMS\Form\FormHelper;
use Joomla\CMS\Plugin\CMSPlugin;
use Joomla\Component\Actionlogs\Administrator\Model\ActionlogModel;
use Joomla\Utilities\ArrayHelper;
// phpcs:disable PSR1.Files.SideEffects
\defined('_JEXEC') or die;
// phpcs:enable PSR1.Files.SideEffects
/**
* An example custom terms and conditions plugin.
*
* @since 3.9.0
*/
final class Terms extends CMSPlugin
{
/**
* Adds additional fields to the user registration form
*
* @param Form $form The form to be altered.
* @param mixed $data The associated data for the form.
*
* @return boolean
*
* @since 3.9.0
*/
public function onContentPrepareForm(Form $form, $data)
{
// Check we are manipulating a valid form - we only display this on user registration form.
$name = $form->getName();
if (!\in_array($name, ['com_users.registration'])) {
return true;
}
// Load plugin language files
$this->loadLanguage();
// Add the terms and conditions fields to the form.
FormHelper::addFieldPrefix('Joomla\\Plugin\\User\\Terms\\Field');
FormHelper::addFormPath(JPATH_PLUGINS . '/' . $this->_type . '/' . $this->_name . '/forms');
$form->loadFile('terms');
$termsarticle = $this->params->get('terms_article');
$termsnote = $this->params->get('terms_note');
// Push the terms and conditions article ID into the terms field.
$form->setFieldAttribute('terms', 'article', $termsarticle, 'terms');
$form->setFieldAttribute('terms', 'note', $termsnote, 'terms');
}
/**
* Method is called before user data is stored in the database
*
* @param array $user Holds the old user data.
* @param boolean $isNew True if a new user is stored.
* @param array $data Holds the new user data.
*
* @return boolean
*
* @since 3.9.0
* @throws \InvalidArgumentException on missing required data.
*/
public function onUserBeforeSave($user, $isNew, $data)
{
// // Only check for front-end user registration
if ($this->getApplication()->isClient('administrator')) {
return true;
}
$userId = ArrayHelper::getValue($user, 'id', 0, 'int');
// User already registered, no need to check it further
if ($userId > 0) {
return true;
}
// Load plugin language files
$this->loadLanguage();
// Check that the terms is checked if required ie only in registration from frontend.
$input = $this->getApplication()->getInput();
$option = $input->get('option');
$task = $input->post->get('task');
$form = $input->post->get('jform', [], 'array');
if ($option == 'com_users' && \in_array($task, ['registration.register']) && empty($form['terms']['terms'])) {
throw new \InvalidArgumentException($this->getApplication()->getLanguage()->_('PLG_USER_TERMS_FIELD_ERROR'));
}
return true;
}
/**
* Saves user profile data
*
* @param array $data entered user data
* @param boolean $isNew true if this is a new user
* @param boolean $result true if saving the user worked
* @param string $error error message
*
* @return void
*
* @since 3.9.0
*/
public function onUserAfterSave($data, $isNew, $result, $error): void
{
if (!$isNew || !$result) {
return;
}
$userId = ArrayHelper::getValue($data, 'id', 0, 'int');
$message = [
'action' => 'consent',
'id' => $userId,
'title' => $data['name'],
'itemlink' => 'index.php?option=com_users&task=user.edit&id=' . $userId,
'userid' => $userId,
'username' => $data['username'],
'accountlink' => 'index.php?option=com_users&task=user.edit&id=' . $userId,
];
/** @var ActionlogModel $model */
$model = $this->getApplication()
->bootComponent('com_actionlogs')
->getMVCFactory()
->createModel('Actionlog', 'Administrator');
$model->addLog([$message], 'PLG_USER_TERMS_LOGGING_CONSENT_TO_TERMS', 'plg_user_terms', $userId);
}
}

125
plugins/user/terms/src/Field/TermsField.php Normal file
View File

@ -0,0 +1,125 @@
<?php
/**
* @package Joomla.Plugin
* @subpackage User.terms
*
* @copyright (C) 2018 Open Source Matters, Inc. <https://www.joomla.org>
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
namespace Joomla\Plugin\User\Terms\Field;
use Joomla\CMS\Factory;
use Joomla\CMS\Form\Field\RadioField;
use Joomla\CMS\Language\Associations;
use Joomla\CMS\Language\Text;
use Joomla\Component\Content\Site\Helper\RouteHelper;
use Joomla\Database\ParameterType;
// phpcs:disable PSR1.Files.SideEffects
\defined('_JEXEC') or die;
// phpcs:enable PSR1.Files.SideEffects
/**
* Provides input for privacyterms
*
* @since 3.9.0
*/
class TermsField extends RadioField
{
/**
* The form field type.
*
* @var string
* @since 3.9.0
*/
protected $type = 'terms';
/**
* Method to get the field input markup.
*
* @return string The field input markup.
*
* @since 3.9.0
*/
protected function getInput()
{
// Display the message before the field
echo $this->getRenderer('plugins.user.terms.message')->render($this->getLayoutData());
return parent::getInput();
}
/**
* Method to get the field label markup.
*
* @return string The field label markup.
*
* @since 3.9.0
*/
protected function getLabel()
{
if ($this->hidden) {
return '';
}
return $this->getRenderer('plugins.user.terms.label')->render($this->getLayoutData());
}
/**
* Method to get the data to be passed to the layout for rendering.
*
* @return array
*
* @since 3.9.4
*/
protected function getLayoutData()
{
$data = parent::getLayoutData();
$article = false;
$termsArticle = $this->element['article'] > 0 ? (int) $this->element['article'] : 0;
if ($termsArticle && Factory::getApplication()->isClient('site')) {
$db = $this->getDatabase();
$query = $db->getQuery(true)
->select($db->quoteName(['id', 'alias', 'catid', 'language']))
->from($db->quoteName('#__content'))
->where($db->quoteName('id') . ' = :id')
->bind(':id', $termsArticle, ParameterType::INTEGER);
$db->setQuery($query);
$article = $db->loadObject();
if (Associations::isEnabled()) {
$termsAssociated = Associations::getAssociations('com_content', '#__content', 'com_content.item', $termsArticle);
}
$currentLang = Factory::getLanguage()->getTag();
if (isset($termsAssociated) && $currentLang !== $article->language && \array_key_exists($currentLang, $termsAssociated)) {
$article->link = RouteHelper::getArticleRoute(
$termsAssociated[$currentLang]->id,
$termsAssociated[$currentLang]->catid,
$termsAssociated[$currentLang]->language
);
} else {
$slug = $article->alias ? ($article->id . ':' . $article->alias) : $article->id;
$article->link = RouteHelper::getArticleRoute($slug, $article->catid, $article->language);
}
}
$extraData = [
'termsnote' => !empty($this->element['note']) ? $this->element['note'] : Text::_('PLG_USER_TERMS_NOTE_FIELD_DEFAULT'),
'options' => $this->getOptions(),
'value' => (string) $this->value,
'translateLabel' => $this->translateLabel,
'translateDescription' => $this->translateDescription,
'translateHint' => $this->translateHint,
'termsArticle' => $termsArticle,
'article' => $article,
];
return array_merge($data, $extraData);
}
}

50
plugins/user/terms/terms.xml Normal file
View File

@ -0,0 +1,50 @@
<?xml version="1.0" encoding="UTF-8"?>
<extension type="plugin" group="user" method="upgrade">
<name>plg_user_terms</name>
<author>Joomla! Project</author>
<creationDate>2018-06</creationDate>
<copyright>(C) 2018 Open Source Matters, Inc.</copyright>
<license>GNU General Public License version 2 or later; see LICENSE.txt</license>
<authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl>
<version>3.9.0</version>
<description>PLG_USER_TERMS_XML_DESCRIPTION</description>
<namespace path="src">Joomla\Plugin\User\Terms</namespace>
<files>
<folder>forms</folder>
<folder plugin="terms">services</folder>
<folder>src</folder>
</files>
<languages>
<language tag="en-GB">language/en-GB/plg_user_terms.ini</language>
<language tag="en-GB">language/en-GB/plg_user_terms.sys.ini</language>
</languages>
<config>
<fields name="params">
<fieldset name="basic" addfieldprefix="Joomla\Component\Content\Administrator\Field">
<field
name="terms_note"
type="textarea"
label="PLG_USER_TERMS_NOTE_FIELD_LABEL"
description="PLG_USER_TERMS_NOTE_FIELD_DESC"
hint="PLG_USER_TERMS_NOTE_FIELD_DEFAULT"
rows="7"
cols="20"
filter="html"
/>
<field
name="terms_article"
type="modal_article"
label="PLG_USER_TERMS_FIELD_ARTICLE_LABEL"
description="PLG_USER_TERMS_FIELD_ARTICLE_DESC"
select="true"
new="true"
edit="true"
clear="true"
filter="integer"
/>
</fieldset>
</fields>
</config>
</extension>

65
plugins/user/token/forms/token.xml Normal file
View File

@ -0,0 +1,65 @@
<?xml version="1.0" encoding="UTF-8"?>
<form>
<fields name="joomlatoken" addfieldprefix="Joomla\Plugin\User\Token\Field">
<fieldset
name="joomlatoken"
label="PLG_USER_TOKEN_GROUP_LABEL"
description="PLG_USER_TOKEN_GROUP_DESC">
<field
name="saveme"
type="note"
description="PLG_USER_TOKEN_SAVEME_DESC"
class="alert alert-warning"
/>
<field
name="notokenforotherpeople"
type="note"
description="PLG_USER_TOKEN_NOTOKENFOROTHERPEOPLE_DESC"
class="alert alert-warning"
/>
<field
name="savemeforotherpeople"
type="note"
description="PLG_USER_TOKEN_SAVEMEFOROTHERPEOPLE_DESC"
class="alert alert-warning"
/>
<field
name="token"
type="joomlatoken"
label="PLG_USER_TOKEN_TOKEN_LABEL"
description="PLG_USER_TOKEN_TOKEN_DESC"
default=""
algo="sha256"
readonly="true"
/>
<field
name="enabled"
type="radio"
label="PLG_USER_TOKEN_ENABLED_LABEL"
description="PLG_USER_TOKEN_ENABLED_DESC"
layout="joomla.form.field.radio.switcher"
default="1"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
<field
name="reset"
type="radio"
label="PLG_USER_TOKEN_RESET_LABEL"
description="PLG_USER_TOKEN_RESET_DESC"
layout="joomla.form.field.radio.switcher"
default="0"
>
<option value="0">JNO</option>
<option value="1">JYES</option>
</field>
</fieldset>
</fields>
</form>

50
plugins/user/token/services/provider.php Normal file
View File

@ -0,0 +1,50 @@
<?php
/**
* @package Joomla.Plugin
* @subpackage User.token
*
* @copyright (C) 2023 Open Source Matters, Inc. <https://www.joomla.org>
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
\defined('_JEXEC') or die;
use Joomla\CMS\Extension\PluginInterface;
use Joomla\CMS\Factory;
use Joomla\CMS\Plugin\PluginHelper;
use Joomla\CMS\User\UserFactoryInterface;
use Joomla\Database\DatabaseInterface;
use Joomla\DI\Container;
use Joomla\DI\ServiceProviderInterface;
use Joomla\Event\DispatcherInterface;
use Joomla\Plugin\User\Token\Extension\Token;
return new class () implements ServiceProviderInterface {
/**
* Registers the service provider with a DI container.
*
* @param Container $container The DI container.
*
* @return void
*
* @since 4.4.0
*/
public function register(Container $container): void
{
$container->set(
PluginInterface::class,
function (Container $container) {
$plugin = new Token(
$container->get(DispatcherInterface::class),
(array) PluginHelper::getPlugin('user', 'token')
);
$plugin->setApplication(Factory::getApplication());
$plugin->setDatabase($container->get(DatabaseInterface::class));
$plugin->setUserFactory($container->get(UserFactoryInterface::class));
return $plugin;
}
);
}
};

605
plugins/user/token/src/Extension/Token.php Normal file
View File

@ -0,0 +1,605 @@
<?php
/**
* @package Joomla.Plugin
* @subpackage User.token
*
* @copyright (C) 2020 Open Source Matters, Inc. <https://www.joomla.org>
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
namespace Joomla\Plugin\User\Token\Extension;
use Joomla\CMS\Crypt\Crypt;
use Joomla\CMS\Form\Form;
use Joomla\CMS\Plugin\CMSPlugin;
use Joomla\CMS\Plugin\PluginHelper;
use Joomla\CMS\User\UserFactoryAwareTrait;
use Joomla\Database\DatabaseAwareTrait;
use Joomla\Database\ParameterType;
use Joomla\Utilities\ArrayHelper;
// phpcs:disable PSR1.Files.SideEffects
\defined('_JEXEC') or die;
// phpcs:enable PSR1.Files.SideEffects
/**
* An example custom terms and conditions plugin.
*
* @since 3.9.0
*/
final class Token extends CMSPlugin
{
use DatabaseAwareTrait;
use UserFactoryAwareTrait;
/**
* Joomla XML form contexts where we should inject our token management user interface.
*
* @var array
* @since 4.0.0
*/
private $allowedContexts = [
'com_users.profile',
'com_users.user',
];
/**
* The prefix of the user profile keys, without the dot.
*
* @var string
* @since 4.0.0
*/
private $profileKeyPrefix = 'joomlatoken';
/**
* Token length, in bytes.
*
* @var integer
* @since 4.0.0
*/
private $tokenLength = 32;
/**
* Inject the Joomla token management panel's data into the User Profile.
*
* This method is called whenever Joomla is preparing the data for an XML form for display.
*
* @param string $context Form context, passed by Joomla
* @param mixed $data Form data
*
* @return boolean
* @since 4.0.0
*/
public function onContentPrepareData(string $context, &$data): bool
{
// Only do something if the api-authentication plugin with the same name is published
if (!PluginHelper::isEnabled('api-authentication', $this->_name)) {
return true;
}
// Check we are manipulating a valid form.
if (!\in_array($context, $this->allowedContexts)) {
return true;
}
// $data must be an object
if (!\is_object($data)) {
return true;
}
// We expect the numeric user ID in $data->id
if (!isset($data->id)) {
return true;
}
// Get the user ID
$userId = \intval($data->id);
// Make sure we have a positive integer user ID
if ($userId <= 0) {
return true;
}
if (!$this->isInAllowedUserGroup($userId)) {
return true;
}
// Load plugin language files
$this->loadLanguage();
$data->{$this->profileKeyPrefix} = [];
// Load the profile data from the database.
try {
$db = $this->getDatabase();
$query = $db->getQuery(true)
->select([
$db->quoteName('profile_key'),
$db->quoteName('profile_value'),
])
->from($db->quoteName('#__user_profiles'))
->where($db->quoteName('user_id') . ' = :userId')
->where($db->quoteName('profile_key') . ' LIKE :profileKey')
->order($db->quoteName('ordering'));
$profileKey = $this->profileKeyPrefix . '.%';
$query->bind(':userId', $userId, ParameterType::INTEGER);
$query->bind(':profileKey', $profileKey, ParameterType::STRING);
$results = $db->setQuery($query)->loadRowList();
foreach ($results as $v) {
$k = str_replace($this->profileKeyPrefix . '.', '', $v[0]);
$data->{$this->profileKeyPrefix}[$k] = $v[1];
}
} catch (\Exception $e) {
// We suppress any database error. It means we get no token saved by default.
}
/**
* Modify the data for display in the user profile view page in the frontend.
*
* It's important to note that we deliberately not register HTMLHelper methods to do the
* same (unlike e.g. the actionlogs system plugin) because the names of our fields are too
* generic and we run the risk of creating naming clashes. Instead, we manipulate the data
* directly.
*/
if (($context === 'com_users.profile') && ($this->getApplication()->getInput()->get('layout') !== 'edit')) {
$pluginData = $data->{$this->profileKeyPrefix} ?? [];
$enabled = $pluginData['enabled'] ?? false;
$token = $pluginData['token'] ?? '';
$pluginData['enabled'] = $this->getApplication()->getLanguage()->_('JDISABLED');
$pluginData['token'] = '';
if ($enabled) {
$algo = $this->getAlgorithmFromFormFile();
$pluginData['enabled'] = $this->getApplication()->getLanguage()->_('JENABLED');
$pluginData['token'] = $this->getTokenForDisplay($userId, $token, $algo);
}
$data->{$this->profileKeyPrefix} = $pluginData;
}
return true;
}
/**
* Runs whenever Joomla is preparing a form object.
*
* @param Form $form The form to be altered.
* @param mixed $data The associated data for the form.
*
* @return boolean
*
* @throws \Exception When $form is not a valid form object
* @since 4.0.0
*/
public function onContentPrepareForm(Form $form, $data): bool
{
// Only do something if the api-authentication plugin with the same name is published
if (!PluginHelper::isEnabled('api-authentication', $this->_name)) {
return true;
}
// Check we are manipulating a valid form.
if (!\in_array($form->getName(), $this->allowedContexts)) {
return true;
}
// If we are on the save command, no data is passed to $data variable, we need to get it directly from request
$jformData = $this->getApplication()->getInput()->get('jform', [], 'array');
if ($jformData && !$data) {
$data = $jformData;
}
if (\is_array($data)) {
$data = (object) $data;
}
// Check if the user belongs to an allowed user group
$userId = (\is_object($data) && isset($data->id)) ? $data->id : 0;
if (!empty($userId) && !$this->isInAllowedUserGroup($userId)) {
return true;
}
// Load plugin language files
$this->loadLanguage();
// Add the registration fields to the form.
Form::addFormPath(JPATH_PLUGINS . '/' . $this->_type . '/' . $this->_name . '/forms');
$form->loadFile('token', false);
// No token: no reset
$userTokenSeed = $this->getTokenSeedForUser($userId);
$currentUser = $this->getApplication()->getIdentity();
if (empty($userTokenSeed)) {
$form->removeField('notokenforotherpeople', 'joomlatoken');
$form->removeField('reset', 'joomlatoken');
$form->removeField('token', 'joomlatoken');
$form->removeField('enabled', 'joomlatoken');
} else {
$form->removeField('saveme', 'joomlatoken');
}
if ($userId != $currentUser->id) {
$form->removeField('token', 'joomlatoken');
} else {
$form->removeField('notokenforotherpeople', 'joomlatoken');
}
if (($userId != $currentUser->id) && empty($userTokenSeed)) {
$form->removeField('saveme', 'joomlatoken');
} else {
$form->removeField('savemeforotherpeople', 'joomlatoken');
}
// Remove the Reset field when displaying the user profile form
if (($form->getName() === 'com_users.profile') && ($this->getApplication()->getInput()->get('layout') !== 'edit')) {
$form->removeField('reset', 'joomlatoken');
}
return true;
}
/**
* Save the Joomla token in the user profile field
*
* @param mixed $data The incoming form data
* @param bool $isNew Is this a new user?
* @param bool $result Has Joomla successfully saved the user?
* @param string $error Error string
*
* @return void
* @since 4.0.0
*/
public function onUserAfterSave($data, bool $isNew, bool $result, ?string $error): void
{
if (!\is_array($data)) {
return;
}
$userId = ArrayHelper::getValue($data, 'id', 0, 'int');
if ($userId <= 0) {
return;
}
if (!$result) {
return;
}
$noToken = false;
// No Joomla token data. Set the $noToken flag which results in a new token being generated.
if (!isset($data[$this->profileKeyPrefix])) {
/**
* Is the user being saved programmatically, without passing the user profile
* information? In this case I do not want to accidentally try to generate a new token!
*
* We determine that by examining whether the Joomla token field exists. If it does but
* it wasn't passed when saving the user I know it's a programmatic user save and I have
* to ignore it.
*/
if ($this->hasTokenProfileFields($userId)) {
return;
}
$noToken = true;
$data[$this->profileKeyPrefix] = [];
}
if (isset($data[$this->profileKeyPrefix]['reset'])) {
$reset = $data[$this->profileKeyPrefix]['reset'] == 1;
unset($data[$this->profileKeyPrefix]['reset']);
if ($reset) {
$noToken = true;
}
}
// We may have a token already saved. Let's check, shall we?
if (!$noToken) {
$noToken = true;
$existingToken = $this->getTokenSeedForUser($userId);
if (!empty($existingToken)) {
$noToken = false;
$data[$this->profileKeyPrefix]['token'] = $existingToken;
}
}
// If there is no token or this is a new user generate a new token.
if ($noToken || $isNew) {
if (
isset($data[$this->profileKeyPrefix]['token'])
&& empty($data[$this->profileKeyPrefix]['token'])
) {
unset($data[$this->profileKeyPrefix]['token']);
}
$default = $this->getDefaultProfileFieldValues();
$data[$this->profileKeyPrefix] = array_merge($default, $data[$this->profileKeyPrefix]);
}
// Remove existing Joomla Token user profile values
$db = $this->getDatabase();
$query = $db->getQuery(true)
->delete($db->quoteName('#__user_profiles'))
->where($db->quoteName('user_id') . ' = :userId')
->where($db->quoteName('profile_key') . ' LIKE :profileKey');
$profileKey = $this->profileKeyPrefix . '.%';
$query->bind(':userId', $userId, ParameterType::INTEGER);
$query->bind(':profileKey', $profileKey, ParameterType::STRING);
$db->setQuery($query)->execute();
// If the user is not in the allowed user group don't save any new token information.
if (!$this->isInAllowedUserGroup($data['id'])) {
return;
}
// Save the new Joomla Token user profile values
$order = 1;
$query = $db->getQuery(true)
->insert($db->quoteName('#__user_profiles'))
->columns([
$db->quoteName('user_id'),
$db->quoteName('profile_key'),
$db->quoteName('profile_value'),
$db->quoteName('ordering'),
]);
foreach ($data[$this->profileKeyPrefix] as $k => $v) {
$query->values($userId . ', '
. $db->quote($this->profileKeyPrefix . '.' . $k)
. ', ' . $db->quote($v)
. ', ' . ($order++));
}
$db->setQuery($query)->execute();
}
/**
* Remove the Joomla token when the user account is deleted from the database.
*
* This event is called after the user data is deleted from the database.
*
* @param array $user Holds the user data
* @param boolean $success True if user was successfully stored in the database
* @param string $msg Message
*
* @return void
*
* @throws \Exception
* @since 4.0.0
*/
public function onUserAfterDelete(array $user, bool $success, string $msg): void
{
if (!$success) {
return;
}
$userId = ArrayHelper::getValue($user, 'id', 0, 'int');
if ($userId <= 0) {
return;
}
try {
$db = $this->getDatabase();
$query = $db->getQuery(true)
->delete($db->quoteName('#__user_profiles'))
->where($db->quoteName('user_id') . ' = :userId')
->where($db->quoteName('profile_key') . ' LIKE :profileKey');
$profileKey = $this->profileKeyPrefix . '.%';
$query->bind(':userId', $userId, ParameterType::INTEGER);
$query->bind(':profileKey', $profileKey, ParameterType::STRING);
$db->setQuery($query)->execute();
} catch (\Exception $e) {
// Do nothing.
}
}
/**
* Returns an array with the default profile field values.
*
* This is used when saving the form data of a user (new or existing) without a token already
* set.
*
* @return array
* @since 4.0.0
*/
private function getDefaultProfileFieldValues(): array
{
return [
'token' => base64_encode(Crypt::genRandomBytes($this->tokenLength)),
'enabled' => true,
];
}
/**
* Retrieve the token seed string for the given user ID.
*
* @param int $userId The numeric user ID to return the token seed string for.
*
* @return string|null Null if there is no token configured or the user doesn't exist.
* @since 4.0.0
*/
private function getTokenSeedForUser(int $userId): ?string
{
try {
$db = $this->getDatabase();
$query = $db->getQuery(true)
->select($db->quoteName('profile_value'))
->from($db->quoteName('#__user_profiles'))
->where($db->quoteName('profile_key') . ' = :profileKey')
->where($db->quoteName('user_id') . ' = :userId');
$profileKey = $this->profileKeyPrefix . '.token';
$query->bind(':profileKey', $profileKey, ParameterType::STRING);
$query->bind(':userId', $userId, ParameterType::INTEGER);
return $db->setQuery($query)->loadResult();
} catch (\Exception $e) {
return null;
}
}
/**
* Get the configured user groups which are allowed to have access to tokens.
*
* @return int[]
* @since 4.0.0
*/
private function getAllowedUserGroups(): array
{
$userGroups = $this->params->get('allowedUserGroups', [8]);
if (empty($userGroups)) {
return [];
}
if (!\is_array($userGroups)) {
$userGroups = [$userGroups];
}
return $userGroups;
}
/**
* Is the user with the given ID in the allowed User Groups with access to tokens?
*
* @param int $userId The user ID to check
*
* @return boolean False when doesn't belong to allowed user groups, user not found, or guest
* @since 4.0.0
*/
private function isInAllowedUserGroup($userId)
{
$allowedUserGroups = $this->getAllowedUserGroups();
$user = $this->getUserFactory()->loadUserById($userId);
if ($user->id != $userId) {
return false;
}
if ($user->guest) {
return false;
}
// No specifically allowed user groups: allow ALL user groups.
if (empty($allowedUserGroups)) {
return true;
}
$groups = $user->getAuthorisedGroups();
$intersection = array_intersect($groups, $allowedUserGroups);
return !empty($intersection);
}
/**
* Returns the token formatted suitably for the user to copy.
*
* @param integer $userId The user id for token
* @param string $tokenSeed The token seed data stored in the database
* @param string $algorithm The hashing algorithm to use for the token (default: sha256)
*
* @return string
* @since 4.0.0
*/
private function getTokenForDisplay(
int $userId,
string $tokenSeed,
string $algorithm = 'sha256'
): string {
if (empty($tokenSeed)) {
return '';
}
try {
$siteSecret = $this->getApplication()->get('secret');
} catch (\Exception $e) {
$siteSecret = '';
}
// NO site secret? You monster!
if (empty($siteSecret)) {
return '';
}
$rawToken = base64_decode($tokenSeed);
$tokenHash = hash_hmac($algorithm, $rawToken, $siteSecret);
$message = base64_encode("$algorithm:$userId:$tokenHash");
if ($userId !== $this->getApplication()->getIdentity()->id) {
$message = '';
}
return $message;
}
/**
* Get the token algorithm as defined in the form file
*
* We use a simple RegEx match instead of loading the form for better performance.
*
* @return string The configured algorithm, 'sha256' as a fallback if none is found.
*/
private function getAlgorithmFromFormFile(): string
{
$algo = 'sha256';
$file = JPATH_PLUGINS . '/' . $this->_type . '/' . $this->_name . '/forms/token.xml';
$contents = @file_get_contents($file);
if ($contents === false) {
return $algo;
}
if (preg_match('/\s*algo=\s*"\s*([a-z0-9]+)\s*"/i', $contents, $matches) !== 1) {
return $algo;
}
return $matches[1];
}
/**
* Does the user have the Joomla Token profile fields?
*
* @param int|null $userId The user we're interested in
*
* @return bool True if the user has Joomla Token profile fields
*/
private function hasTokenProfileFields(?int $userId): bool
{
if (\is_null($userId) || ($userId <= 0)) {
return false;
}
$db = $this->getDatabase();
$q = $db->getQuery(true)
->select('COUNT(*)')
->from($db->quoteName('#__user_profiles'))
->where($db->quoteName('user_id') . ' = ' . $userId)
->where($db->quoteName('profile_key') . ' = ' . $db->quote($this->profileKeyPrefix . '.token'));
try {
$numRows = $db->setQuery($q)->loadResult() ?? 0;
} catch (\Exception $e) {
return false;
}
return $numRows > 0;
}
}

142
plugins/user/token/src/Field/JoomlatokenField.php Normal file
View File

@ -0,0 +1,142 @@
<?php
/**
* @package Joomla.Plugin
* @subpackage User.token
*
* @copyright (C) 2020 Open Source Matters, Inc. <https://www.joomla.org>
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
namespace Joomla\Plugin\User\Token\Field;
use Joomla\CMS\Factory;
use Joomla\CMS\Form\Field\TextField;
// phpcs:disable PSR1.Files.SideEffects
\defined('_JEXEC') or die;
// phpcs:enable PSR1.Files.SideEffects
/**
* Joomlatoken field class
*
* @since 4.0.0
*/
class JoomlatokenField extends TextField
{
/**
* Name of the layout being used to render the field
*
* @var string
* @since 4.0.0
*/
protected $layout = 'plugins.user.token.token';
/**
* Method to attach a Form object to the field.
*
* @param \SimpleXMLElement $element The SimpleXMLElement object representing the `<field>`
* tag for the form field object.
* @param mixed $value The form field value to validate.
* @param string $group The field name group control value. This acts as an
* array container for the field. For example if the
* field has name="foo" and the group value is set to
* "bar" then the full field name would end up being
* "bar[foo]".
*
* @return boolean True on success.
*
* @see FormField::setup()
* @since 4.0.0
*/
public function setup(\SimpleXMLElement $element, $value, $group = null)
{
$ret = parent::setup($element, $value, $group);
/**
* Security and privacy precaution: do not display the token field when the user being
* edited is not the same as the logged in user. Tokens are conceptually a combination of
* a username and password, therefore they should be treated in the same mode of
* confidentiality and privacy as passwords i.e. you can reset them for other users but NOT
* be able to see them, thus preventing impersonation attacks by a malicious administrator.
*/
$userId = $this->form->getData()->get('id');
if ($userId != $this->getCurrentUser()->id) {
$this->hidden = true;
}
return $ret;
}
/**
* Method to get the field input markup.
*
* @return string The field input markup.
*
* @since 4.0.0
*/
protected function getInput()
{
// Do not display the token field when the user being edited is not the same as the logged in user
if ($this->hidden) {
return '';
}
return parent::getInput();
}
/**
* Returns the token formatted suitably for the user to copy.
*
* @param string $tokenSeed The token seed data stored in the database
*
* @return string
* @since 4.0.0
*/
private function getTokenForDisplay(string $tokenSeed): string
{
if (empty($tokenSeed)) {
return '';
}
$algorithm = $this->getAttribute('algo', 'sha256');
try {
$siteSecret = Factory::getApplication()->get('secret');
} catch (\Exception $e) {
$siteSecret = '';
}
// NO site secret? You monster!
if (empty($siteSecret)) {
return '';
}
$rawToken = base64_decode($tokenSeed);
$tokenHash = hash_hmac($algorithm, $rawToken, $siteSecret);
$userId = $this->form->getData()->get('id');
$message = base64_encode("$algorithm:$userId:$tokenHash");
if ($userId != $this->getCurrentUser()->id) {
$message = '';
}
return $message;
}
/**
* Get the data for the layout
*
* @return array
*
* @since 4.0.0
*/
protected function getLayoutData()
{
$data = parent::getLayoutData();
$data['value'] = $this->getTokenForDisplay($this->value);
return $data;
}
}

38
plugins/user/token/token.xml Normal file
View File

@ -0,0 +1,38 @@
<?xml version="1.0" encoding="UTF-8"?>
<extension type="plugin" group="user" method="upgrade">
<name>plg_user_token</name>
<author>Joomla! Project</author>
<creationDate>2019-11</creationDate>
<copyright>(C) 2020 Open Source Matters, Inc.</copyright>
<license>GNU General Public License version 2 or later; see LICENSE.txt</license>
<authorEmail>admin@joomla.org</authorEmail>
<authorUrl>www.joomla.org</authorUrl>
<version>3.9.0</version>
<description>PLG_USER_TOKEN_XML_DESCRIPTION</description>
<namespace path="src">Joomla\Plugin\User\Token</namespace>
<files>
<folder>forms</folder>
<folder plugin="token">services</folder>
<folder>src</folder>
</files>
<languages>
<language tag="en-GB">language/en-GB/plg_user_token.ini</language>
<language tag="en-GB">language/en-GB/plg_user_token.sys.ini</language>
</languages>
<config>
<fields name="params">
<fieldset name="basic" addfieldprefix="Joomla\Component\Content\Administrator\Field">
<field
name="allowedUserGroups"
type="UserGroupList"
label="PLG_USER_TOKEN_ALLOWEDUSERGROUPS_LABEL"
description="PLG_USER_TOKEN_ALLOWEDUSERGROUPS_DESC"
layout="joomla.form.field.list-fancy-select"
multiple="true"
checksuperusergroup="0"
default="8"
/>
</fieldset>
</fields>
</config>
</extension>