[ Index ] |
PHP Cross Reference of Joomla 4.2.2 documentation |
[Summary view] [Print] [Text view]
1 <?php 2 3 /** 4 * @package Joomla.Plugin 5 * @subpackage Authentication.joomla 6 * 7 * @copyright (C) 2006 Open Source Matters, Inc. <https://www.joomla.org> 8 * @license GNU General Public License version 2 or later; see LICENSE.txt 9 10 * @phpcs:disable PSR1.Classes.ClassDeclaration.MissingNamespace 11 */ 12 13 use Joomla\CMS\Authentication\Authentication; 14 use Joomla\CMS\Helper\AuthenticationHelper; 15 use Joomla\CMS\Language\Text; 16 use Joomla\CMS\Plugin\CMSPlugin; 17 use Joomla\CMS\Plugin\PluginHelper; 18 use Joomla\CMS\User\User; 19 use Joomla\CMS\User\UserHelper; 20 21 // phpcs:disable PSR1.Files.SideEffects 22 \defined('_JEXEC') or die; 23 // phpcs:enable PSR1.Files.SideEffects 24 25 /** 26 * Joomla Authentication plugin 27 * 28 * @since 1.5 29 */ 30 class PlgAuthenticationJoomla extends CMSPlugin 31 { 32 /** 33 * Application object 34 * 35 * @var \Joomla\CMS\Application\CMSApplication 36 * @since 4.0.0 37 */ 38 protected $app; 39 40 /** 41 * Database object 42 * 43 * @var \Joomla\Database\DatabaseDriver 44 * @since 4.0.0 45 */ 46 protected $db; 47 48 /** 49 * This method should handle any authentication and report back to the subject 50 * 51 * @param array $credentials Array holding the user credentials 52 * @param array $options Array of extra options 53 * @param object &$response Authentication response object 54 * 55 * @return void 56 * 57 * @since 1.5 58 */ 59 public function onUserAuthenticate($credentials, $options, &$response) 60 { 61 $response->type = 'Joomla'; 62 63 // Joomla does not like blank passwords 64 if (empty($credentials['password'])) { 65 $response->status = Authentication::STATUS_FAILURE; 66 $response->error_message = Text::_('JGLOBAL_AUTH_EMPTY_PASS_NOT_ALLOWED'); 67 68 return; 69 } 70 71 $db = $this->db; 72 $query = $db->getQuery(true) 73 ->select($db->quoteName(['id', 'password'])) 74 ->from($db->quoteName('#__users')) 75 ->where($db->quoteName('username') . ' = :username') 76 ->bind(':username', $credentials['username']); 77 78 $db->setQuery($query); 79 $result = $db->loadObject(); 80 81 if ($result) { 82 $match = UserHelper::verifyPassword($credentials['password'], $result->password, $result->id); 83 84 if ($match === true) { 85 // Bring this in line with the rest of the system 86 $user = User::getInstance($result->id); 87 $response->email = $user->email; 88 $response->fullname = $user->name; 89 90 if ($this->app->isClient('administrator')) { 91 $response->language = $user->getParam('admin_language'); 92 } else { 93 $response->language = $user->getParam('language'); 94 } 95 96 $response->status = Authentication::STATUS_SUCCESS; 97 $response->error_message = ''; 98 } else { 99 // Invalid password 100 $response->status = Authentication::STATUS_FAILURE; 101 $response->error_message = Text::_('JGLOBAL_AUTH_INVALID_PASS'); 102 } 103 } else { 104 // Let's hash the entered password even if we don't have a matching user for some extra response time 105 // By doing so, we mitigate side channel user enumeration attacks 106 UserHelper::hashPassword($credentials['password']); 107 108 // Invalid user 109 $response->status = Authentication::STATUS_FAILURE; 110 $response->error_message = Text::_('JGLOBAL_AUTH_NO_USER'); 111 } 112 } 113 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Wed Sep 7 05:41:13 2022 | Chilli.vc Blog - For Webmaster,Blog-Writer,System Admin and Domainer |