API tools faq
paste
Guest User

Untitled

a guest
Jul 10th, 2017
84
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 15.75 KB | None | 0 0
raw download clone embed print report
  1. Place the following in the code where the form is submitted to. This code will check what the user has typed matches the code in the image.
  2.  
  3. ------------------------------------------------------------------------------------------------
  4.  
  5. <?php
  6. $session =& JFactory::getSession();
  7. $code = $session->get('security_code');
  8. $v_code = JRequest::getVar('verify_code');
  9.  
  10. if(($code == $v_code )) {
  11. Your sucess page message
  12. } else {
  13. Your Failure page message
  14. }
  15. ?>
  16.  
  17. ------------------------
  18. com_user/controller.php
  19. ------------------------
  20.  
  21. <?php
  22. /**
  23.  * @version     $Id: controller.php 16385 2010-04-23 10:44:15Z ian $
  24.  * @package     Joomla
  25.  * @subpackage  Content
  26.  * @copyright   Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.
  27.  * @license     GNU/GPL, see LICENSE.php
  28.  * Joomla! is free software. This version may have been modified pursuant to the
  29.  * GNU General Public License, and as distributed it includes or is derivative
  30.  * of works licensed under the GNU General Public License or other free or open
  31.  * source software licenses. See COPYRIGHT.php for copyright notices and
  32.  * details.
  33.  */
  34.  
  35. // Check to ensure this file is included in Joomla!
  36. defined('_JEXEC') or die( 'Restricted access' );
  37.  
  38. jimport('joomla.application.component.controller');
  39.  
  40. /**
  41.  * User Component Controller
  42.  *
  43.  * @package     Joomla
  44.  * @subpackage  Weblinks
  45.  * @since 1.5
  46.  */
  47. class UserController extends JController
  48. {
  49.     /**
  50.      * Method to display a view
  51.      *
  52.      * @access  public
  53.      * @since   1.5
  54.      */
  55.     function display()
  56.     {
  57.         parent::display();
  58.     }
  59.  
  60.     function edit()
  61.     {
  62.         global $mainframe, $option;
  63.  
  64.         $db     =& JFactory::getDBO();
  65.         $user   =& JFactory::getUser();
  66.  
  67.         if ( $user->get('guest')) {
  68.             JError::raiseError( 403, JText::_('Access Forbidden') );
  69.             return;
  70.         }
  71.  
  72.         JRequest::setVar('layout', 'form');
  73.  
  74.         parent::display();
  75.     }
  76.  
  77.     function save()
  78.     {
  79.         // Check for request forgeries
  80.         JRequest::checkToken() or jexit( 'Invalid Token' );
  81.  
  82.         $user    =& JFactory::getUser();
  83.         $userid = JRequest::getVar( 'id', 0, 'post', 'int' );
  84.  
  85.         // preform security checks
  86.         if ($user->get('id') == 0 || $userid == 0 || $userid <> $user->get('id')) {
  87.             JError::raiseError( 403, JText::_('Access Forbidden') );
  88.             return;
  89.         }
  90.  
  91.         //clean request
  92.         $post = JRequest::get( 'post' );
  93.         $post['username']   = JRequest::getVar('username', '', 'post', 'username');
  94.         $post['password']   = JRequest::getVar('password', '', 'post', 'string', JREQUEST_ALLOWRAW);
  95.         $post['password2']  = JRequest::getVar('password2', '', 'post', 'string', JREQUEST_ALLOWRAW);
  96.    
  97.         // get the redirect
  98.         $return = JURI::base();
  99.        
  100.         // do a password safety check
  101.         if(strlen($post['password']) || strlen($post['password2'])) { // so that "0" can be used as password e.g.
  102.             if($post['password'] != $post['password2']) {
  103.                 $msg    = JText::_('PASSWORDS_DO_NOT_MATCH');
  104.                 // something is wrong. we are redirecting back to edit form.
  105.                 // TODO: HTTP_REFERER should be replaced with a base64 encoded form field in a later release
  106.                 $return = str_replace(array('"', '<', '>', "'"), '', @$_SERVER['HTTP_REFERER']);
  107.                 if (empty($return) || !JURI::isInternal($return)) {
  108.                     $return = JURI::base();
  109.                 }
  110.                 $this->setRedirect($return, $msg, 'error');
  111.                 return false;
  112.             }
  113.         }
  114.  
  115.         // we don't want users to edit certain fields so we will unset them
  116.         unset($post['gid']);
  117.         unset($post['block']);
  118.         unset($post['usertype']);
  119.         unset($post['registerDate']);
  120.         unset($post['activation']);
  121.  
  122.         // store data
  123.         $model = $this->getModel('user');
  124.  
  125.         if ($model->store($post)) {
  126.             $msg    = JText::_( 'Your settings have been saved.' );
  127.         } else {
  128.             //$msg  = JText::_( 'Error saving your settings.' );
  129.             $msg    = $model->getError();
  130.         }
  131.  
  132.        
  133.         $this->setRedirect( $return, $msg );
  134.     }
  135.  
  136.     function cancel()
  137.     {
  138.         $this->setRedirect( 'index.php' );
  139.     }
  140.  
  141.     function login()
  142.     {
  143.         // Check for request forgeries
  144.         JRequest::checkToken('request') or jexit( 'Invalid Token' );
  145.  
  146.         global $mainframe;
  147.  
  148.         if ($return = JRequest::getVar('return', '', 'method', 'base64')) {
  149.             $return = base64_decode($return);
  150.             if (!JURI::isInternal($return)) {
  151.                 $return = '';
  152.             }
  153.         }
  154.  
  155.         $options = array();
  156.         $options['remember'] = JRequest::getBool('remember', false);
  157.         $options['return'] = $return;
  158.  
  159.         $credentials = array();
  160.         $credentials['username'] = JRequest::getVar('username', '', 'method', 'username');
  161.         $credentials['password'] = JRequest::getString('passwd', '', 'post', JREQUEST_ALLOWRAW);
  162.  
  163.         //preform the login action
  164.         $error = $mainframe->login($credentials, $options);
  165.  
  166.         if(!JError::isError($error))
  167.         {
  168.             // Redirect if the return url is not registration or login
  169.             if ( ! $return ) {
  170.                 $return = 'index.php?option=com_user';
  171.             }
  172.  
  173.             $mainframe->redirect( $return );
  174.         }
  175.         else
  176.         {
  177.             // Facilitate third party login forms
  178.             if ( ! $return ) {
  179.                 $return = 'index.php?option=com_user&view=login';
  180.             }
  181.  
  182.             // Redirect to a login form
  183.             $mainframe->redirect( $return );
  184.         }
  185.     }
  186.  
  187.     function logout()
  188.     {
  189.         global $mainframe;
  190.  
  191.         //preform the logout action
  192.         $error = $mainframe->logout();
  193.  
  194.         if(!JError::isError($error))
  195.         {
  196.             if ($return = JRequest::getVar('return', '', 'method', 'base64')) {
  197.                 $return = base64_decode($return);
  198.                 if (!JURI::isInternal($return)) {
  199.                     $return = '';
  200.                 }
  201.             }
  202.  
  203.             // Redirect if the return url is not registration or login
  204.             if ( $return && !( strpos( $return, 'com_user' )) ) {
  205.                 $mainframe->redirect( $return );
  206.             }
  207.         } else {
  208.             parent::display();
  209.         }
  210.     }
  211.  
  212.     /**
  213.      * Prepares the registration form
  214.      * @return void
  215.      */
  216.     function register()
  217.     {
  218.         $usersConfig = &JComponentHelper::getParams( 'com_users' );
  219.         if (!$usersConfig->get( 'allowUserRegistration' )) {
  220.             JError::raiseError( 403, JText::_( 'Access Forbidden' ));
  221.             return;
  222.         }
  223.  
  224.         $user   =& JFactory::getUser();
  225.  
  226.         if ( $user->get('guest')) {
  227.             JRequest::setVar('view', 'register');
  228.         } else {
  229.             $this->setredirect('index.php?option=com_user&task=edit',JText::_('You are already registered.'));
  230.         }
  231.  
  232.         parent::display();
  233.     }
  234.  
  235.     /**
  236.      * Save user registration and notify users and admins if required
  237.      * @return void
  238.      */
  239.     function register_save()
  240.     {
  241.         global $mainframe;
  242.  
  243.         // Check for request forgeries
  244.         JRequest::checkToken() or jexit( 'Invalid Token' );
  245.  
  246.         // Get required system objects
  247.         $user       = clone(JFactory::getUser());
  248.         $pathway    =& $mainframe->getPathway();
  249.         $config     =& JFactory::getConfig();
  250.         $authorize  =& JFactory::getACL();
  251.         $document   =& JFactory::getDocument();
  252.  
  253.         // If user registration is not allowed, show 403 not authorized.
  254.         $usersConfig = &JComponentHelper::getParams( 'com_users' );
  255.         if ($usersConfig->get('allowUserRegistration') == '0') {
  256.             JError::raiseError( 403, JText::_( 'Access Forbidden' ));
  257.             return;
  258.         }
  259.  
  260.         // Initialize new usertype setting
  261.         $newUsertype = $usersConfig->get( 'new_usertype' );
  262.         if (!$newUsertype) {
  263.             $newUsertype = 'Registered';
  264.         }
  265.  
  266.         // Bind the post array to the user object
  267.         if (!$user->bind( JRequest::get('post'), 'usertype' )) {
  268.             JError::raiseError( 500, $user->getError());
  269.         }
  270.  
  271.         // Set some initial user values
  272.         $user->set('id', 0);
  273.         $user->set('usertype', $newUsertype);
  274.         $user->set('gid', $authorize->get_group_id( '', $newUsertype, 'ARO' ));
  275.  
  276.         $date =& JFactory::getDate();
  277.         $user->set('registerDate', $date->toMySQL());
  278.  
  279.         // If user activation is turned on, we need to set the activation information
  280.         $useractivation = $usersConfig->get( 'useractivation' );
  281.         if ($useractivation == '1')
  282.         {
  283.             jimport('joomla.user.helper');
  284.             $user->set('activation', JUtility::getHash( JUserHelper::genRandomPassword()) );
  285.             $user->set('block', '1');
  286.         }
  287.  
  288.         // If there was an error with registration, set the message and display form
  289.         if ( !$user->save() )
  290.         {
  291.             JError::raiseWarning('', JText::_( $user->getError()));
  292.             $this->register();
  293.             return false;
  294.         }
  295.  
  296.         // Send registration confirmation mail
  297.         $password = JRequest::getString('password', '', 'post', JREQUEST_ALLOWRAW);
  298.         $password = preg_replace('/[\x00-\x1F\x7F]/', '', $password); //Disallow control chars in the email
  299.         UserController::_sendMail($user, $password);
  300.  
  301.         // Everything went fine, set relevant message depending upon user activation state and display message
  302.         if ( $useractivation == 1 ) {
  303.             $message  = JText::_( 'REG_COMPLETE_ACTIVATE' );
  304.         } else {
  305.             $message = JText::_( 'REG_COMPLETE' );
  306.         }
  307.  
  308.         $this->setRedirect('index.php', $message);
  309.     }
  310.  
  311.     function activate()
  312.     {
  313.         global $mainframe;
  314.  
  315.         // Initialize some variables
  316.         $db         =& JFactory::getDBO();
  317.         $user       =& JFactory::getUser();
  318.         $document   =& JFactory::getDocument();
  319.         $pathway    =& $mainframe->getPathWay();
  320.  
  321.         $usersConfig = &JComponentHelper::getParams( 'com_users' );
  322.         $userActivation         = $usersConfig->get('useractivation');
  323.         $allowUserRegistration  = $usersConfig->get('allowUserRegistration');
  324.  
  325.         // Check to see if they're logged in, because they don't need activating!
  326.         if ($user->get('id')) {
  327.             // They're already logged in, so redirect them to the home page
  328.             $mainframe->redirect( 'index.php' );
  329.         }
  330.  
  331.         if ($allowUserRegistration == '0' || $userActivation == '0') {
  332.             JError::raiseError( 403, JText::_( 'Access Forbidden' ));
  333.             return;
  334.         }
  335.  
  336.         // create the view
  337.         require_once (JPATH_COMPONENT.DS.'views'.DS.'register'.DS.'view.html.php');
  338.         $view = new UserViewRegister();
  339.  
  340.         $message = new stdClass();
  341.  
  342.         // Do we even have an activation string?
  343.         $activation = JRequest::getVar('activation', '', '', 'alnum' );
  344.         $activation = $db->getEscaped( $activation );
  345.  
  346.         if (empty( $activation ))
  347.         {
  348.             // Page Title
  349.             $document->setTitle( JText::_( 'REG_ACTIVATE_NOT_FOUND_TITLE' ) );
  350.             // Breadcrumb
  351.             $pathway->addItem( JText::_( 'REG_ACTIVATE_NOT_FOUND_TITLE' ));
  352.  
  353.             $message->title = JText::_( 'REG_ACTIVATE_NOT_FOUND_TITLE' );
  354.             $message->text = JText::_( 'REG_ACTIVATE_NOT_FOUND' );
  355.             $view->assign('message', $message);
  356.             $view->display('message');
  357.             return;
  358.         }
  359.  
  360.         // Lets activate this user
  361.         jimport('joomla.user.helper');
  362.         if (JUserHelper::activateUser($activation))
  363.         {
  364.             // Page Title
  365.             $document->setTitle( JText::_( 'REG_ACTIVATE_COMPLETE_TITLE' ) );
  366.             // Breadcrumb
  367.             $pathway->addItem( JText::_( 'REG_ACTIVATE_COMPLETE_TITLE' ));
  368.  
  369.             $message->title = JText::_( 'REG_ACTIVATE_COMPLETE_TITLE' );
  370.             $message->text = JText::_( 'REG_ACTIVATE_COMPLETE' );
  371.         }
  372.         else
  373.         {
  374.             // Page Title
  375.             $document->setTitle( JText::_( 'REG_ACTIVATE_NOT_FOUND_TITLE' ) );
  376.             // Breadcrumb
  377.             $pathway->addItem( JText::_( 'REG_ACTIVATE_NOT_FOUND_TITLE' ));
  378.  
  379.             $message->title = JText::_( 'REG_ACTIVATE_NOT_FOUND_TITLE' );
  380.             $message->text = JText::_( 'REG_ACTIVATE_NOT_FOUND' );
  381.         }
  382.  
  383.         $view->assign('message', $message);
  384.         $view->display('message');
  385.     }
  386.  
  387.     /**
  388.      * Password Reset Request Method
  389.      *
  390.      * @access  public
  391.      */
  392.     function requestreset()
  393.     {
  394.         // Check for request forgeries
  395.         JRequest::checkToken() or jexit( 'Invalid Token' );
  396.  
  397.         // Get the input
  398.         $email      = JRequest::getVar('email', null, 'post', 'string');
  399.  
  400.         // Get the model
  401.         $model = &$this->getModel('Reset');
  402.  
  403.         // Request a reset
  404.         if ($model->requestReset($email) === false)
  405.         {
  406.             $message = JText::sprintf('PASSWORD_RESET_REQUEST_FAILED', $model->getError());
  407.             $this->setRedirect('index.php?option=com_user&view=reset', $message);
  408.             return false;
  409.         }
  410.  
  411.         $this->setRedirect('index.php?option=com_user&view=reset&layout=confirm');
  412.     }
  413.  
  414.     /**
  415.      * Password Reset Confirmation Method
  416.      *
  417.      * @access  public
  418.      */
  419.     function confirmreset()
  420.     {
  421.         // Check for request forgeries
  422.         JRequest::checkToken() or jexit( 'Invalid Token' );
  423.  
  424.         // Get the input
  425.         $token = JRequest::getVar('token', null, 'post', 'alnum');
  426.         $username = JRequest::getVar('username', null, 'post');
  427.  
  428.         // Get the model
  429.         $model = &$this->getModel('Reset');
  430.  
  431.         // Verify the token
  432.         if ($model->confirmReset($token, $username) !== true)
  433.         {
  434.             $message = JText::sprintf('PASSWORD_RESET_CONFIRMATION_FAILED', $model->getError());
  435.             $this->setRedirect('index.php?option=com_user&view=reset&layout=confirm', $message);
  436.             return false;
  437.         }
  438.         $this->setRedirect('index.php?option=com_user&view=reset&layout=complete');
  439.     }
  440.  
  441.     /**
  442.      * Password Reset Completion Method
  443.      *
  444.      * @access  public
  445.      */
  446.     function completereset()
  447.     {
  448.         // Check for request forgeries
  449.         JRequest::checkToken() or jexit( 'Invalid Token' );
  450.  
  451.         // Get the input
  452.         $password1 = JRequest::getVar('password1', null, 'post', 'string', JREQUEST_ALLOWRAW);
  453.         $password2 = JRequest::getVar('password2', null, 'post', 'string', JREQUEST_ALLOWRAW);
  454.  
  455.         // Get the model
  456.         $model = &$this->getModel('Reset');
  457.  
  458.         // Reset the password
  459.         if ($model->completeReset($password1, $password2) === false)
  460.         {
  461.             $message = JText::sprintf('PASSWORD_RESET_FAILED', $model->getError());
  462.             $this->setRedirect('index.php?option=com_user&view=reset&layout=complete', $message);
  463.             return false;
  464.         }
  465.  
  466.         $message = JText::_('PASSWORD_RESET_SUCCESS');
  467.         $this->setRedirect('index.php?option=com_user&view=login', $message);
  468.     }
  469.  
  470.     /**
  471.      * Username Reminder Method
  472.      *
  473.      * @access  public
  474.      */
  475.     function remindusername()
  476.     {
  477.         // Check for request forgeries
  478.         JRequest::checkToken() or jexit( 'Invalid Token' );
  479.  
  480.         // Get the input
  481.         $email = JRequest::getVar('email', null, 'post', 'string');
  482.  
  483.         // Get the model
  484.         $model = &$this->getModel('Remind');
  485.  
  486.         // Send the reminder
  487.         if ($model->remindUsername($email) === false)
  488.         {
  489.             $message = JText::sprintf('USERNAME_REMINDER_FAILED', $model->getError());
  490.             $this->setRedirect('index.php?option=com_user&view=remind', $message);
  491.             return false;
  492.         }
  493.  
  494.         $message = JText::sprintf('USERNAME_REMINDER_SUCCESS', $email);
  495.         $this->setRedirect('index.php?option=com_user&view=login', $message);
  496.     }
  497.  
  498.     function _sendMail(&$user, $password)
  499.     {
  500.         global $mainframe;
  501.  
  502.         $db     =& JFactory::getDBO();
  503.  
  504.         $name       = $user->get('name');
  505.         $email      = $user->get('email');
  506.         $username   = $user->get('username');
  507.  
  508.         $usersConfig    = &JComponentHelper::getParams( 'com_users' );
  509.         $sitename       = $mainframe->getCfg( 'sitename' );
  510.         $useractivation = $usersConfig->get( 'useractivation' );
  511.         $mailfrom       = $mainframe->getCfg( 'mailfrom' );
  512.         $fromname       = $mainframe->getCfg( 'fromname' );
  513.         $siteURL        = JURI::base();
  514.  
  515.         $subject    = sprintf ( JText::_( 'Account details for' ), $name, $sitename);
  516.         $subject    = html_entity_decode($subject, ENT_QUOTES);
  517.  
  518.         if ( $useractivation == 1 ){
  519.             $message = sprintf ( JText::_( 'SEND_MSG_ACTIVATE' ), $name, $sitename, $siteURL."index.php?option=com_user&task=activate&activation=".$user->get('activation'), $siteURL, $username, $password);
  520.         } else {
  521.             $message = sprintf ( JText::_( 'SEND_MSG' ), $name, $sitename, $siteURL);
  522.         }
  523.  
  524.         $message = html_entity_decode($message, ENT_QUOTES);
  525.  
  526.         //get all super administrator
  527.         $query = 'SELECT name, email, sendEmail' .
  528.                 ' FROM #__users' .
  529.                 ' WHERE LOWER( usertype ) = "super administrator"';
  530.         $db->setQuery( $query );
  531.         $rows = $db->loadObjectList();
  532.  
  533.         // Send email to user
  534.         if ( ! $mailfrom  || ! $fromname ) {
  535.             $fromname = $rows[0]->name;
  536.             $mailfrom = $rows[0]->email;
  537.         }
  538.  
  539.         JUtility::sendMail($mailfrom, $fromname, $email, $subject, $message);
  540.  
  541.         // Send notification to all administrators
  542.         $subject2 = sprintf ( JText::_( 'Account details for' ), $name, $sitename);
  543.         $subject2 = html_entity_decode($subject2, ENT_QUOTES);
  544.  
  545.         // get superadministrators id
  546.         foreach ( $rows as $row )
  547.         {
  548.             if ($row->sendEmail)
  549.             {
  550.                 $message2 = sprintf ( JText::_( 'SEND_MSG_ADMIN' ), $row->name, $sitename, $name, $email, $username);
  551.                 $message2 = html_entity_decode($message2, ENT_QUOTES);
  552.                 JUtility::sendMail($mailfrom, $fromname, $row->email, $subject2, $message2);
  553.             }
  554.         }
  555.     }
  556. }
  557. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!