Skip to content

Fix - Users.php returning user's password #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
UmeshBhosale wants to merge 1 commit into
base: release-2.0.1
Choose a base branch
from
Open

Fix - Users.php returning user's password #5

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
192 changes: 124 additions & 68 deletions src/users/users.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?php
/**
* @package Joomla.Administrator
* @subpackage com_trading
* @subpackage Com_Trading
*
* @copyright Copyright (C) 2005 - 2014 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
Expand Down Expand Up @@ -214,18 +214,18 @@ public function post()
$data['profile_id'] = $app->input->get('profile_id', 1, 'INT');
global $message;

$eobj = new stdClass();
$eobj = new stdClass;

if( $data['username']=='' || $data['password'] =='' || $data['name'] == '' || $data['email']== '')
if ($data['username'] == '' || $data['password'] == '' || $data['name'] == '' || $data['email'] == '')
{
$eobj->status = false;
$eobj->id = 0;
$eobj->code = '403';
$eobj->message = JText::_( 'PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE' );
$eobj->message = JText::_('PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE');

$this->plugin->setResponse($eobj);
return;

return;
}

jimport('joomla.user.helper');
Expand Down Expand Up @@ -266,7 +266,7 @@ public function post()
// True on success, false otherwise
if (!$user->save())
{
//$message = "not created because of " . $user->getError();
// $message = "not created because of " . $user->getError();
$message = $user->getError();

$eobj->status = false;
Expand Down Expand Up @@ -298,32 +298,35 @@ public function post()
}
*/
/* Update profile type */
$profiles = FD::model( 'profiles' );
$profiles = FD::model('profiles');
$all_profiles = $profiles->getAllProfiles();

foreach ($all_profiles as $key) {
if($key->id == $data['profile_id']){
$profiles->updateUserProfile($user->id,$data['profile_id']);
foreach ($all_profiles as $key)
{
if ($key->id == $data['profile_id'])
{
$profiles->updateUserProfile($user->id, $data['profile_id']);
}
}

$mail_sent = $this->sendRegisterEmail($data);

$easysocial = JPATH_ADMINISTRATOR .'/components/com_easysocial/easysocial.php';
//eb version
if( JFile::exists( $easysocial ) )
$easysocial = JPATH_ADMINISTRATOR . '/components/com_easysocial/easysocial.php';

// Eb version
if (JFile::exists($easysocial))
{
$pobj = $this->createEsprofile($user->id);
//$message = "created of username-" . $user->username .",send mail of details please check";
$message = JText::_('PLG_API_USERS_ACCOUNT_CREATED_SUCCESSFULLY_MESSAGE');
}
else
$message = JText::_('PLG_API_USERS_ACCOUNT_CREATED_SUCCESSFULLY_MESSAGE');

{
$message = JText::_('PLG_API_USERS_ACCOUNT_CREATED_SUCCESSFULLY_MESSAGE');
}
// Assign badge for the person.
$badge = FD::badges();
$badge->log( 'com_easysocial' , 'registration.create' , $user->id , JText::_( 'COM_EASYSOCIAL_REGISTRATION_BADGE_REGISTERED' ) );

$badge->log('com_easysocial', 'registration.create', $user->id, JText::_('COM_EASYSOCIAL_REGISTRATION_BADGE_REGISTERED'));
}
$userid = $user->id;

Expand All @@ -336,6 +339,7 @@ public function post()
$eobj->message = $message;

$this->plugin->setResponse($eobj);

return;
}

Expand All @@ -346,20 +350,24 @@ public function post()
*/
public function get()
{

$input = JFactory::getApplication()->input;

// If we have an id try to fetch the user
if ($id = $input->get('id'))
{
$user = JUser::getInstance($id);

if (!$user->id)
{
$this->plugin->setResponse($this->getErrorResponse(JText::_( 'PLG_API_USERS_USER_NOT_FOUND_MESSAGE' )));
$this->plugin->setResponse($this->getErrorResponse(JText::_('PLG_API_USERS_USER_NOT_FOUND_MESSAGE')));

return;
}
$this->plugin->setResponse($user);

$userObject = new UserObject;
$usersMapp = $userObject->mapItem($user);

$this->plugin->setResponse($usersMapp);
}
else
{
Expand All @@ -378,19 +386,21 @@ public function get()
/**
* Function create easysocial profile.
*
* @param int $log_user int
*
* @return user obj
*/
public function createEsprofile($log_user)
{
$obj = new stdClass();
$obj = new stdClass;

if (JComponentHelper::isEnabled('com_easysocial', true))
{
$app = JFactory::getApplication();

$epost = $app->input->get('fields', '', 'ARRAY');

require_once JPATH_ADMINISTRATOR.'/components/com_easysocial/includes/foundry.php';
require_once JPATH_ADMINISTRATOR . '/components/com_easysocial/includes/foundry.php';

// Get all published fields apps that are available in the current form to perform validations
$fieldsModel = FD::model('Fields');
Expand All @@ -399,11 +409,12 @@ public function createEsprofile($log_user)
$my = FD::user($log_user);

// Only fetch relevant fields for this user.
$options = array( 'profile_id' => $my->getProfile()->id, 'data' => true, 'dataId' => $my->id, 'dataType' => SOCIAL_TYPE_USER, 'visible' => SOCIAL_PROFILES_VIEW_EDIT, 'group' => SOCIAL_FIELDS_GROUP_USER );
$options = array( 'profile_id' => $my->getProfile()->id, 'data' => true, 'dataId' => $my->id, 'dataType' => SOCIAL_TYPE_USER,
'visible' => SOCIAL_PROFILES_VIEW_EDIT, 'group' => SOCIAL_FIELDS_GROUP_USER );

$fields = $fieldsModel->getCustomFields($options);

$epost = $this->create_field_arr($fields,$epost);
$epost = $this->create_field_arr($fields, $epost);

// Load json library.
$json = FD::json();
Expand All @@ -412,15 +423,16 @@ public function createEsprofile($log_user)
$registry = FD::registry();

// Get disallowed keys so we wont get wrong values.
$disallowed = array( FD::token() , 'option' , 'task' , 'controller' );
$disallowed = array(FD::token(), 'option', 'task', 'controller');

// Process $_POST vars
foreach ($epost as $key => $value) {

if (!in_array($key, $disallowed)) {

if (is_array($value) && $key != 'es-fields-11') {
$value = $json->encode( $value );
foreach ($epost as $key => $value)
{
if (!in_array($key, $disallowed))
{
if (is_array($value) && $key != 'es-fields-11')
{
$value = $json->encode($value);
}

$registry->set($key, $value);
Expand All @@ -440,10 +452,6 @@ public function createEsprofile($log_user)
// Build arguments to be passed to the field apps.
$args = array( $data , &$my );

// Ensure that there is no errors.
// @trigger onEditValidate
//$errors = $fieldsLib->trigger( 'onEditValidate' , SOCIAL_FIELDS_GROUP_USER , $fields , $args, array( $handler, 'validate' ) );

// Bind the my object with appropriate data.
$my->bind($data);

Expand All @@ -454,7 +462,7 @@ public function createEsprofile($log_user)
$args = array(&$data, &$my);

// @trigger onEditAfterSave
$fieldsLib->trigger( 'onRegisterAfterSave' , SOCIAL_FIELDS_GROUP_USER , $fields , $args );
$fieldsLib->trigger('onRegisterAfterSave', SOCIAL_FIELDS_GROUP_USER, $fields, $args);

// Bind custom fields for the user.
$my->bindCustomFields($data);
Expand All @@ -463,89 +471,105 @@ public function createEsprofile($log_user)
$args = array(&$data, &$my);

// @trigger onEditAfterSaveFields
$fieldsLib->trigger( 'onEditAfterSaveFields' , SOCIAL_FIELDS_GROUP_USER , $fields , $args );
$fieldsLib->trigger('onEditAfterSaveFields', SOCIAL_FIELDS_GROUP_USER, $fields, $args);

if($sval)
if ($sval)
{
$obj->success = 1;
$obj->message = JText::_('PLG_API_USERS_PROFILE_CREATED_SUCCESSFULLY_MESSAGE');
}
else
{
$obj->success = 0;
$obj->message = JText::_( 'PLG_API_USERS_UNABLE_CREATE_PROFILE_MESSAGE' );
$obj->message = JText::_('PLG_API_USERS_UNABLE_CREATE_PROFILE_MESSAGE');
}

}
else
{
$obj->success = 0;
$obj->message = JText::_( 'PLG_API_USERS_EASYSOCIAL_NOT_INSTALL_MESSAGE');
$obj->message = JText::_('PLG_API_USERS_EASYSOCIAL_NOT_INSTALL_MESSAGE');
}

return $obj;

}

//create field array as per easysocial
/**
* Function create field array as per easysocial.
*
* @param object $fields object
*
* @param object $post object
*
* @return void
*/
public function create_field_arr($fields,$post)
{
$fld_data = array();
$app = JFactory::getApplication();

require_once JPATH_SITE.'/plugins/api/easysocial/libraries/uploadHelper.php';
//for upload photo
if(!empty($_FILES['avatar']['name']))
{
$upload_obj = new EasySocialApiUploadHelper();
require_once JPATH_SITE . '/plugins/api/easysocial/libraries/uploadHelper.php';

// For upload photo
if (!empty($_FILES['avatar']['name']))
{
$upload_obj = new EasySocialApiUploadHelper;

$phto_obj = $upload_obj->ajax_avatar($_FILES['avatar']);
$avtar_pth = $phto_obj['temp_path'];
$avtar_scr = $phto_obj['temp_uri'];
$avtar_typ = 'upload';
$avatar_file_name = $_FILES['avatar']['name'];
}
$avatar_file_name = $_FILES['avatar']['name'];
}

foreach($fields as $field)
foreach ($fields as $field)
{
$fobj = new stdClass();
$fobj = new stdClass;
$fullname = $app->input->get('name', '', 'STRING');
$fld_data['first_name'] = $app->input->get('name', '', 'STRING');


$fobj->first = $fld_data['first_name'];
$fobj->middle = '';
$fobj->last = '';
$fobj->name = $fullname;
switch($field->unique_key)
{
case 'HEADER': break;

case 'JOOMLA_FULLNAME': $fld_data['es-fields-'.$field->id] = $fobj;
switch ($field->unique_key)
{
case 'HEADER':
break;
case 'JOOMLA_FULLNAME': $fld_data['es-fields-' . $field->id] = $fobj;
break;
case 'JOOMLA_USERNAME': $fld_data['es-fields-'.$field->id] = $app->input->get('username', '', 'STRING');
case 'JOOMLA_USERNAME': $fld_data['es-fields-' . $field->id] = $app->input->get('username', '', 'STRING');
break;
case 'JOOMLA_PASSWORD': $fld_data['es-fields-'.$field->id] = $app->input->get('password', '', 'STRING');
case 'JOOMLA_PASSWORD': $fld_data['es-fields-' . $field->id] = $app->input->get('password', '', 'STRING');
break;
case 'JOOMLA_EMAIL': $fld_data['es-fields-'.$field->id] = $app->input->get('email', '', 'STRING');
case 'JOOMLA_EMAIL': $fld_data['es-fields-' . $field->id] = $app->input->get('email', '', 'STRING');
break;
case 'AVATAR': if(isset($avtar_scr)){
$fld_data['es-fields-'.$field->id] = Array
case 'AVATAR':

if (isset($avtar_scr))
{
$fld_data['es-fields-' . $field->id] = Array
(
'source' =>$avtar_scr,
'path' =>$avtar_pth,
'source' => $avtar_scr,
'path' => $avtar_pth,
'data' => '',
'type' => $avtar_typ,
'name' => $avatar_file_name
);
}
}
break;
}
}

return $fld_data;
}

//send registration mail
/**
* Function send registartion mail.
*
* @param object $base_dt object
*
* @return void
*/
public function sendRegisterEmail($base_dt)
{
$config = JFactory::getConfig();
Expand Down Expand Up @@ -587,7 +611,6 @@ public function sendRegisterEmail($base_dt)
$base_dt['password']
);
}

}
elseif ($data['activation'] == 1)
{
Expand Down Expand Up @@ -617,7 +640,40 @@ public function sendRegisterEmail($base_dt)
}
// Send the registration email.
$return = JFactory::getMailer()->sendMail($data['mailfrom'], $data['fromname'], $base_dt['email'], $emailSubject, $emailBody);

return $return;
}
}

/**
* API class UserObject
*
* @since 2.0
*/
class UserObject
{
/**
* Function maps user object.
*
* @param object $rows object
*
* @return void
*/
public function mapItem($rows)
{
$item = new stdClass;

$item->id = $rows->id;
$item->username = $rows->username;
$item->name = $rows->name;
$item->email = $rows->email;
$item->registerDate = $rows->registerDate;
$item->params = $rows->params;
$item->groups = $rows->groups;
$item->guest = $rows->guest;
$item->block = $rows->block;
$item->activation = $rows->activation;

return $item;
}
}