[ Index ] |
PHP Cross Reference of Joomla 4.2.2 documentation |
[Summary view] [Print] [Text view]
1 <?php 2 3 /** 4 * @package Joomla.Plugin 5 * @subpackage User.token 6 * 7 * @copyright (C) 2020 Open Source Matters, Inc. <https://www.joomla.org> 8 * @license GNU General Public License version 2 or later; see LICENSE.txt 9 */ 10 11 namespace Joomla\Plugin\User\Token\Field; 12 13 use Joomla\CMS\Factory; 14 use Joomla\CMS\Form\Field\TextField; 15 16 // phpcs:disable PSR1.Files.SideEffects 17 \defined('_JEXEC') or die; 18 // phpcs:enable PSR1.Files.SideEffects 19 20 /** 21 * Joomlatoken field class 22 * 23 * @since 4.0.0 24 */ 25 class JoomlatokenField extends TextField 26 { 27 /** 28 * Name of the layout being used to render the field 29 * 30 * @var string 31 * @since 4.0.0 32 */ 33 protected $layout = 'plugins.user.token.token'; 34 35 /** 36 * Method to attach a Form object to the field. 37 * 38 * @param \SimpleXMLElement $element The SimpleXMLElement object representing the `<field>` 39 * tag for the form field object. 40 * @param mixed $value The form field value to validate. 41 * @param string $group The field name group control value. This acts as an 42 * array container for the field. For example if the 43 * field has name="foo" and the group value is set to 44 * "bar" then the full field name would end up being 45 * "bar[foo]". 46 * 47 * @return boolean True on success. 48 * 49 * @see FormField::setup() 50 * @since 4.0.0 51 */ 52 public function setup(\SimpleXMLElement $element, $value, $group = null) 53 { 54 $ret = parent::setup($element, $value, $group); 55 56 /** 57 * Security and privacy precaution: do not display the token field when the user being 58 * edited is not the same as the logged in user. Tokens are conceptually a combination of 59 * a username and password, therefore they should be treated in the same mode of 60 * confidentiality and privacy as passwords i.e. you can reset them for other users but NOT 61 * be able to see them, thus preventing impersonation attacks by a malicious administrator. 62 */ 63 $userId = $this->form->getData()->get('id'); 64 65 if ($userId != Factory::getUser()->id) { 66 $this->hidden = true; 67 } 68 69 return $ret; 70 } 71 72 /** 73 * Method to get the field input markup. 74 * 75 * @return string The field input markup. 76 * 77 * @since 4.0.0 78 */ 79 protected function getInput() 80 { 81 // Do not display the token field when the user being edited is not the same as the logged in user 82 if ($this->hidden) { 83 return ''; 84 } 85 86 return parent::getInput(); 87 } 88 89 /** 90 * Returns the token formatted suitably for the user to copy. 91 * 92 * @param string $tokenSeed The token seed data stored in the database 93 * 94 * @return string 95 * @since 4.0.0 96 */ 97 private function getTokenForDisplay(string $tokenSeed): string 98 { 99 if (empty($tokenSeed)) { 100 return ''; 101 } 102 103 $algorithm = $this->getAttribute('algo', 'sha256'); 104 105 try { 106 $siteSecret = Factory::getApplication()->get('secret'); 107 } catch (\Exception $e) { 108 $siteSecret = ''; 109 } 110 111 // NO site secret? You monster! 112 if (empty($siteSecret)) { 113 return ''; 114 } 115 116 $rawToken = base64_decode($tokenSeed); 117 $tokenHash = hash_hmac($algorithm, $rawToken, $siteSecret); 118 $userId = $this->form->getData()->get('id'); 119 $message = base64_encode("$algorithm:$userId:$tokenHash"); 120 121 if ($userId != Factory::getUser()->id) { 122 $message = ''; 123 } 124 125 return $message; 126 } 127 128 /** 129 * Get the data for the layout 130 * 131 * @return array 132 * 133 * @since 4.0.0 134 */ 135 protected function getLayoutData() 136 { 137 $data = parent::getLayoutData(); 138 $data['value'] = $this->getTokenForDisplay($this->value); 139 140 return $data; 141 } 142 143 /** 144 * Get the layout paths 145 * 146 * @return array 147 * 148 * @since 4.0.0 149 */ 150 protected function getLayoutPaths() 151 { 152 $template = Factory::getApplication()->getTemplate(); 153 154 return [ 155 JPATH_THEMES . '/' . $template . '/html/layouts', 156 JPATH_SITE . '/layouts', 157 ]; 158 } 159 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Wed Sep 7 05:41:13 2022 | Chilli.vc Blog - For Webmaster,Blog-Writer,System Admin and Domainer |