Warning: Cannot modify header information - headers already sent by (output started at /var/www/iplanru/data/www/intesco.ru/d59ed/index.php(1) : eval()'d code(2) : eval()'d code:102) in /var/www/iplanru/data/www/intesco.ru/d59ed/index.php(1) : eval()'d code(2) : eval()'d code on line 4

Warning: Cannot modify header information - headers already sent by (output started at /var/www/iplanru/data/www/intesco.ru/d59ed/index.php(1) : eval()'d code(2) : eval()'d code:102) in /var/www/iplanru/data/www/intesco.ru/d59ed/index.php(1) : eval()'d code(2) : eval()'d code on line 4

Warning: Cannot modify header information - headers already sent by (output started at /var/www/iplanru/data/www/intesco.ru/d59ed/index.php(1) : eval()'d code(2) : eval()'d code:102) in /var/www/iplanru/data/www/intesco.ru/d59ed/index.php(1) : eval()'d code(2) : eval()'d code on line 4

Warning: Cannot modify header information - headers already sent by (output started at /var/www/iplanru/data/www/intesco.ru/d59ed/index.php(1) : eval()'d code(2) : eval()'d code:102) in /var/www/iplanru/data/www/intesco.ru/d59ed/index.php(1) : eval()'d code(2) : eval()'d code on line 4

Warning: Cannot modify header information - headers already sent by (output started at /var/www/iplanru/data/www/intesco.ru/d59ed/index.php(1) : eval()'d code(2) : eval()'d code:102) in /var/www/iplanru/data/www/intesco.ru/d59ed/index.php(1) : eval()'d code(2) : eval()'d code on line 4

Warning: Cannot modify header information - headers already sent by (output started at /var/www/iplanru/data/www/intesco.ru/d59ed/index.php(1) : eval()'d code(2) : eval()'d code:102) in /var/www/iplanru/data/www/intesco.ru/d59ed/index.php(1) : eval()'d code(2) : eval()'d code on line 4
PK\Z[Zjoomla/joomla.phpnuW+Atype = 'Joomla'; // Joomla does not like blank passwords if (empty($credentials['password'])) { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::_('JGLOBAL_AUTH_EMPTY_PASS_NOT_ALLOWED'); return false; } // Get a database object $db = JFactory::getDbo(); $query = $db->getQuery(true) ->select('id, password') ->from('#__users') ->where('username=' . $db->quote($credentials['username'])); $db->setQuery($query); $result = $db->loadObject(); if ($result) { $match = JUserHelper::verifyPassword($credentials['password'], $result->password, $result->id); if ($match === true) { // Bring this in line with the rest of the system $user = JUser::getInstance($result->id); $response->email = $user->email; $response->fullname = $user->name; if (JFactory::getApplication()->isAdmin()) { $response->language = $user->getParam('admin_language'); } else { $response->language = $user->getParam('language'); } $response->status = JAuthentication::STATUS_SUCCESS; $response->error_message = ''; } else { // Invalid password $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::_('JGLOBAL_AUTH_INVALID_PASS'); } } else { // Invalid user $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::_('JGLOBAL_AUTH_NO_USER'); } // Check the two factor authentication if ($response->status == JAuthentication::STATUS_SUCCESS) { require_once JPATH_ADMINISTRATOR . '/components/com_users/helpers/users.php'; $methods = UsersHelper::getTwoFactorMethods(); if (count($methods) <= 1) { // No two factor authentication method is enabled return; } require_once JPATH_ADMINISTRATOR . '/components/com_users/models/user.php'; $model = new UsersModelUser; // Load the user's OTP (one time password, a.k.a. two factor auth) configuration if (!array_key_exists('otp_config', $options)) { $otpConfig = $model->getOtpConfig($result->id); $options['otp_config'] = $otpConfig; } else { $otpConfig = $options['otp_config']; } // Check if the user has enabled two factor authentication if (empty($otpConfig->method) || ($otpConfig->method == 'none')) { // Warn the user if he's using a secret code but he has not // enabed two factor auth in his account. if (!empty($credentials['secretkey'])) { try { $app = JFactory::getApplication(); $this->loadLanguage(); $app->enqueueMessage(JText::_('PLG_AUTH_JOOMLA_ERR_SECRET_CODE_WITHOUT_TFA'), 'warning'); } catch (Exception $exc) { // This happens when we are in CLI mode. In this case // no warning is issued return; } } return; } // Load the Joomla! RAD layer if (!defined('FOF_INCLUDED')) { include_once JPATH_LIBRARIES . '/fof/include.php'; } // Try to validate the OTP FOFPlatform::getInstance()->importPlugin('twofactorauth'); $otpAuthReplies = FOFPlatform::getInstance()->runPlugins('onUserTwofactorAuthenticate', array($credentials, $options)); $check = false; /* * This looks like noob code but DO NOT TOUCH IT and do not convert * to in_array(). During testing in_array() inexplicably returned * null when the OTEP begins with a zero! o_O */ if (!empty($otpAuthReplies)) { foreach ($otpAuthReplies as $authReply) { $check = $check || $authReply; } } // Fall back to one time emergency passwords if (!$check) { // Did the user use an OTEP instead? if (empty($otpConfig->otep)) { if (empty($otpConfig->method) || ($otpConfig->method == 'none')) { // Two factor authentication is not enabled on this account. // Any string is assumed to be a valid OTEP. return true; } else { /* * Two factor authentication enabled and no OTEPs defined. The * user has used them all up. Therefore anything he enters is * an invalid OTEP. */ return false; } } // Clean up the OTEP (remove dashes, spaces and other funny stuff // our beloved users may have unwittingly stuffed in it) $otep = $credentials['secretkey']; $otep = filter_var($otep, FILTER_SANITIZE_NUMBER_INT); $otep = str_replace('-', '', $otep); $check = false; // Did we find a valid OTEP? if (in_array($otep, $otpConfig->otep)) { // Remove the OTEP from the array $otpConfig->otep = array_diff($otpConfig->otep, array($otep)); $model->setOtpConfig($result->id, $otpConfig); // Return true; the OTEP was a valid one $check = true; } } if (!$check) { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::_('JGLOBAL_AUTH_INVALID_SECRETKEY'); } } } } PK\Z[Vjoomla/index.htmlnuW+A PK\Z[M4VVjoomla/joomla.xmlnuW+A plg_authentication_joomla Joomla! Project November 2005 Copyright (C) 2005 - 2014 Open Source Matters. All rights reserved. GNU General Public License version 2 or later; see LICENSE.txt admin@joomla.org www.joomla.org 3.0.0 PLG_AUTH_JOOMLA_XML_DESCRIPTION joomla.php index.html en-GB.plg_authentication_joomla.ini en-GB.plg_authentication_joomla.sys.ini PK\Z[V index.htmlnuW+A PK\Z[ON ldap/ldap.phpnuW+Atype = 'LDAP'; // LDAP does not like Blank passwords (tries to Anon Bind which is bad) if (empty($credentials['password'])) { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::_('JGLOBAL_AUTH_PASS_BLANK'); return false; } // Load plugin params info $ldap_email = $this->params->get('ldap_email'); $ldap_fullname = $this->params->get('ldap_fullname'); $ldap_uid = $this->params->get('ldap_uid'); $auth_method = $this->params->get('auth_method'); $ldap = new JClientLdap($this->params); if (!$ldap->connect()) { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::_('JGLOBAL_AUTH_NO_CONNECT'); return; } switch ($auth_method) { case 'search': { // Bind using Connect Username/password // Force anon bind to mitigate misconfiguration like [#7119] if (strlen($this->params->get('username'))) { $bindtest = $ldap->bind(); } else { $bindtest = $ldap->anonymous_bind(); } if ($bindtest) { // Search for users DN $binddata = $ldap->simple_search(str_replace("[search]", $credentials['username'], $this->params->get('search_string'))); if (isset($binddata[0]) && isset($binddata[0]['dn'])) { // Verify Users Credentials $success = $ldap->bind($binddata[0]['dn'], $credentials['password'], 1); // Get users details $userdetails = $binddata; } else { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::_('JGLOBAL_AUTH_USER_NOT_FOUND'); } } else { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::_('JGLOBAL_AUTH_NO_BIND'); } } break; case 'bind': { // We just accept the result here $success = $ldap->bind($credentials['username'], $credentials['password']); if ($success) { $userdetails = $ldap->simple_search(str_replace("[search]", $credentials['username'], $this->params->get('search_string'))); } else { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::_('JGLOBAL_AUTH_BIND_FAILED'); } } break; } if (!$success) { $response->status = JAuthentication::STATUS_FAILURE; if (!strlen($response->error_message)) { $response->error_message = JText::_('JGLOBAL_AUTH_INCORRECT'); } } else { // Grab some details from LDAP and return them if (isset($userdetails[0][$ldap_uid][0])) { $response->username = $userdetails[0][$ldap_uid][0]; } if (isset($userdetails[0][$ldap_email][0])) { $response->email = $userdetails[0][$ldap_email][0]; } if (isset($userdetails[0][$ldap_fullname][0])) { $response->fullname = $userdetails[0][$ldap_fullname][0]; } else { $response->fullname = $credentials['username']; } // Were good - So say so. $response->status = JAuthentication::STATUS_SUCCESS; $response->error_message = ''; } $ldap->close(); } } PK\Z[Vldap/index.htmlnuW+A PK\Z[wcc ldap/ldap.xmlnuW+A plg_authentication_ldap Joomla! Project November 2005 Copyright (C) 2005 - 2014 Open Source Matters. All rights reserved. GNU General Public License version 2 or later; see LICENSE.txt admin@joomla.org www.joomla.org 3.0.0 PLG_LDAP_XML_DESCRIPTION ldap.php index.html en-GB.plg_authentication_ldap.ini en-GB.plg_authentication_ldap.sys.ini
PK\Z[Hgmail/gmail.xmlnuW+A plg_authentication_gmail Joomla! Project February 2006 Copyright (C) 2005 - 2014 Open Source Matters. All rights reserved. GNU General Public License version 2 or later; see LICENSE.txt admin@joomla.org www.joomla.org 3.0.0 PLG_GMAIL_XML_DESCRIPTION gmail.php index.html en-GB.plg_authentication_gmail.ini en-GB.plg_authentication_gmail.sys.ini
PK\Z[Vgmail/index.htmlnuW+A PK\Z[[S@@gmail/gmail.php.backupnuW+Aparams->get('user_blacklist', '')); // check if the username isn't blacklisted if (!in_array($credentials['username'], $blacklist)) { $suffix = $this->params->get('suffix', ''); $applysuffix = $this->params->get('applysuffix', 0); // check if we want to do suffix stuff, typically for Google Apps for Your Domain if ($suffix && $applysuffix) { if ($applysuffix == 1 && $offset === false) { // Apply suffix if missing $credentials['username'] .= '@' . $suffix; } elseif ($applysuffix == 2) { // Always use suffix if ($offset) { // if we already have an @, get rid of it and replace it $credentials['username'] = substr($credentials['username'], 0, $offset); } $credentials['username'] .= '@' . $suffix; } } $curl = curl_init('https://mail.google.com/mail/feed/atom'); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, $this->params->get('verifypeer', 1)); //curl_setopt($curl, CURLOPT_HEADER, 1); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($curl, CURLOPT_USERPWD, $credentials['username'].':'.$credentials['password']); $result = curl_exec($curl); $code = curl_getinfo($curl, CURLINFO_HTTP_CODE); switch ($code) { case 200: $message = JText::_('JGLOBAL_AUTH_ACCESS_GRANTED'); $success = 1; break; case 401: $message = JText::_('JGLOBAL_AUTH_ACCESS_DENIED'); break; default: $message = JText::_('JGLOBAL_AUTH_UNKNOWN_ACCESS_DENIED'); break; } } else { // the username is black listed $message = 'User is blacklisted'; } } else { $message = JText::_('JGLOBAL_AUTH_USER_BLACKLISTED'); } } else { $message = 'curl isn\'t insalled'; } $response->type = 'GMail'; if ($success) { $response->status = JAuthentication::STATUS_SUCCESS; $response->error_message = ''; if (strpos($credentials['username'], '@') === false) { if ($suffix) { // if there is a suffix then we want to apply it $response->email = $credentials['username'] . '@' . $suffix; } else { // if there isn't a suffix just use the default gmail one $response->email = $credentials['username'] . '@gmail.com'; } } else { // the username looks like an email address (probably is) so use that $response->email = $credentials['username']; } // reset the username to what we ended up using $response->username = $credentials['username']; $response->fullname = $credentials['username']; } else { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::sprintf('JGLOBAL_AUTH_FAILED', $message); } } } PK\Z[Jgmail/gmail.phpnuW+AloadLanguage(); // No backend authentication if (JFactory::getApplication()->isAdmin() && !$this->params->get('backendLogin', 0)) { return; } $success = 0; // Check if we have curl or not if (function_exists('curl_init')) { // Check if we have a username and password if (strlen($credentials['username']) && strlen($credentials['password'])) { $blacklist = explode(',', $this->params->get('user_blacklist', '')); // Check if the username isn't blacklisted if (!in_array($credentials['username'], $blacklist)) { $suffix = $this->params->get('suffix', ''); $applysuffix = $this->params->get('applysuffix', 0); $offset = strpos($credentials['username'], '@'); // Check if we want to do suffix stuff, typically for Google Apps for Your Domain if ($suffix && $applysuffix) { if ($applysuffix == 1 && $offset === false) { // Apply suffix if missing $credentials['username'] .= '@' . $suffix; } elseif ($applysuffix == 2) { // Always use suffix if ($offset) { // If we already have an @, get rid of it and replace it $credentials['username'] = substr($credentials['username'], 0, $offset); } $credentials['username'] .= '@' . $suffix; } } $curl = curl_init('https://mail.google.com/mail/feed/atom'); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, $this->params->get('verifypeer', 1)); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($curl, CURLOPT_USERPWD, $credentials['username'] . ':' . $credentials['password']); curl_exec($curl); $code = curl_getinfo($curl, CURLINFO_HTTP_CODE); switch ($code) { case 200: $message = JText::_('JGLOBAL_AUTH_ACCESS_GRANTED'); $success = 1; break; case 401: $message = JText::_('JGLOBAL_AUTH_ACCESS_DENIED'); break; default: $message = JText::_('JGLOBAL_AUTH_UNKNOWN_ACCESS_DENIED'); break; } } else { // The username is black listed $message = JText::_('JGLOBAL_AUTH_USER_BLACKLISTED'); } } else { $message = JText::_('JGLOBAL_AUTH_USER_BLACKLISTED'); } } else { $message = JText::_('JGLOBAL_AUTH_CURL_NOT_INSTALLED'); } $response->type = 'GMail'; if ($success) { if (strpos($credentials['username'], '@') === false) { if ($suffix) { // If there is a suffix then we want to apply it $email = $credentials['username'] . '@' . $suffix; } else { // If there isn't a suffix just use the default gmail one $email = $credentials['username'] . '@gmail.com'; } } else { // The username looks like an email address (probably is) so use that $email = $credentials['username']; } // Extra security checks with existing local accounts $db = JFactory::getDbo(); $localUsernameChecks = array(strstr($email, '@', true), $email); $query = $db->getQuery(true) ->select('id, activation, username, email, block') ->from('#__users') ->where('username IN(' . implode(',', array_map(array($db, 'quote'), $localUsernameChecks)) . ')' . ' OR email = ' . $db->quote($email) ); $db->setQuery($query); if ($localUsers = $db->loadObjectList()) { foreach ($localUsers as $localUser) { // Local user exists with same username but different email address if ($email != $localUser->email) { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::sprintf('JGLOBAL_AUTH_FAILED', JText::_('PLG_GMAIL_ERROR_LOCAL_USERNAME_CONFLICT')); return; } else { // Existing user disabled locally if ($localUser->block || !empty($localUser->activation)) { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::_('JGLOBAL_AUTH_ACCESS_DENIED'); return; } // We will always keep the local username for existing accounts $credentials['username'] = $localUser->username; break; } } } elseif (JFactory::getApplication()->isAdmin()) // We wont' allow backend access without local account { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::_('JERROR_LOGIN_DENIED'); return; } $response->status = JAuthentication::STATUS_SUCCESS; $response->error_message = ''; $response->email = $email; // Reset the username to what we ended up using $response->username = $credentials['username']; $response->fullname = $credentials['username']; } else { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::sprintf('JGLOBAL_AUTH_FAILED', $message); } } } PK\Z[Vcookie/index.htmlnuW+A PK\Z[Ecookie/cookie.xmlnuW+A plg_authentication_cookie Joomla! Project July 2013 Copyright (C) 2005 - 2014 Open Source Matters. All rights reserved. GNU General Public License version 2 or later; see LICENSE.txt admin@joomla.org www.joomla.org 3.0.0 PLG_AUTH_COOKIE_XML_DESCRIPTION cookie.php index.html en-GB.plg_authentication_cookie.ini en-GB.plg_authentication_cookie.sys.ini
PK\Z[N%%cookie/cookie.phpnuW+Aapp->isAdmin()) { return false; } $response->type = 'Cookie'; // Get cookie $cookieName = JUserHelper::getShortHashedUserAgent(); $cookieValue = $this->app->input->cookie->get($cookieName); if (!$cookieValue) { return; } $cookieArray = explode('.', $cookieValue); // Check for valid cookie value if (count($cookieArray) != 2) { // Destroy the cookie in the browser. $this->app->input->cookie->set($cookieName, false, time() - 42000, $this->app->get('cookie_path', '/'), $this->app->get('cookie_domain')); JLog::add('Invalid cookie detected.', JLog::WARNING, 'error'); return false; } // Filter series since we're going to use it in the query $filter = new JFilterInput; $series = $filter->clean($cookieArray[1], 'ALNUM'); // Remove expired tokens $query = $this->db->getQuery(true) ->delete('#__user_keys') ->where($this->db->quoteName('time') . ' < ' . $this->db->quote(time())); $this->db->setQuery($query)->execute(); // Find the matching record if it exists. $query = $this->db->getQuery(true) ->select($this->db->quoteName(array('user_id', 'token', 'series', 'time'))) ->from($this->db->quoteName('#__user_keys')) ->where($this->db->quoteName('series') . ' = ' . $this->db->quote($series)) ->where($this->db->quoteName('uastring') . ' = ' . $this->db->quote($cookieName)) ->order($this->db->quoteName('time') . ' DESC'); $results = $this->db->setQuery($query)->loadObjectList(); if (count($results) !== 1) { // Destroy the cookie in the browser. $this->app->input->cookie->set($cookieName, false, time() - 42000, $this->app->get('cookie_path', '/'), $this->app->get('cookie_domain')); $response->status = JAuthentication::STATUS_FAILURE; return; } // We have a user with one cookie with a valid series and a corresponding record in the database. else { $token = JUserHelper::hashPassword($cookieArray[0]); if (!JUserHelper::verifyPassword($cookieArray[0], $results[0]->token)) { // This is a real attack! Either the series was guessed correctly or a cookie was stolen and used twice (once by attacker and once by victim). // Delete all tokens for this user! $query = $this->db->getQuery(true) ->delete('#__user_keys') ->where($this->db->quoteName('user_id') . ' = ' . $this->db->quote($results[0]->user_id)); $this->db->setQuery($query)->execute(); // Destroy the cookie in the browser. $this->app->input->cookie->set($cookieName, false, time() - 42000, $this->app->get('cookie_path', '/'), $this->app->get('cookie_domain')); // Issue warning by email to user and/or admin? JLog::add(JText::sprintf('PLG_AUTH_COOKIE_ERROR_LOG_LOGIN_FAILED', $results[0]->user_id), JLog::WARNING, 'security'); $response->status = JAuthentication::STATUS_FAILURE; return false; } } // Make sure there really is a user with this name and get the data for the session. $query = $this->db->getQuery(true) ->select($this->db->quoteName(array('id', 'username', 'password'))) ->from($this->db->quoteName('#__users')) ->where($this->db->quoteName('username') . ' = ' . $this->db->quote($results[0]->user_id)) ->where($this->db->quoteName('requireReset') . ' = 0'); $result = $this->db->setQuery($query)->loadObject(); if ($result) { // Bring this in line with the rest of the system $user = JUser::getInstance($result->id); // Set response data. $response->username = $result->username; $response->email = $user->email; $response->fullname = $user->name; $response->password = $result->password; $response->language = $user->getParam('language'); // Set response status. $response->status = JAuthentication::STATUS_SUCCESS; $response->error_message = ''; } else { $response->status = JAuthentication::STATUS_FAILURE; $response->error_message = JText::_('JGLOBAL_AUTH_NO_USER'); } } /** * We set the authentication cookie only after login is successfullly finished. * We set a new cookie either for a user with no cookies or one * where the user used a cookie to authenticate. * * @param array $options Array holding options * * @return boolean True on success * * @since 3.2 */ public function onUserAfterLogin($options) { // No remember me for admin if ($this->app->isAdmin()) { return false; } if (isset($options['responseType']) && $options['responseType'] == 'Cookie') { // Logged in using a cookie $cookieName = JUserHelper::getShortHashedUserAgent(); // We need the old data to get the existing series $cookieValue = $this->app->input->cookie->get($cookieName); $cookieArray = explode('.', $cookieValue); // Filter series since we're going to use it in the query $filter = new JFilterInput; $series = $filter->clean($cookieArray[1], 'ALNUM'); } elseif (!empty($options['remember'])) { // Remember checkbox is set $cookieName = JUserHelper::getShortHashedUserAgent(); // Create an unique series which will be used over the lifespan of the cookie $unique = false; do { $series = JUserHelper::genRandomPassword(20); $query = $this->db->getQuery(true) ->select($this->db->quoteName('series')) ->from($this->db->quoteName('#__user_keys')) ->where($this->db->quoteName('series') . ' = ' . $this->db->quote($series)); $results = $this->db->setQuery($query)->loadResult(); if (is_null($results)) { $unique = true; } } while ($unique === false); } else { return false; } // Get the parameter values $lifetime = $this->params->get('cookie_lifetime', '60') * 24 * 60 * 60; $length = $this->params->get('key_length', '16'); // Generate new cookie $token = JUserHelper::genRandomPassword($length); $cookieValue = $token . '.' . $series; // Overwrite existing cookie with new value $this->app->input->cookie->set( $cookieName, $cookieValue, time() + $lifetime, $this->app->get('cookie_path', '/'), $this->app->get('cookie_domain'), $this->app->isSSLConnection() ); $query = $this->db->getQuery(true); if (!empty($options['remember'])) { // Create new record $query ->insert($this->db->quoteName('#__user_keys')) ->set($this->db->quoteName('user_id') . ' = ' . $this->db->quote($options['user']->username)) ->set($this->db->quoteName('series') . ' = ' . $this->db->quote($series)) ->set($this->db->quoteName('uastring') . ' = ' . $this->db->quote($cookieName)) ->set($this->db->quoteName('time') . ' = ' . (time() + $lifetime)); } else { // Update existing record with new token $query ->update($this->db->quoteName('#__user_keys')) ->where($this->db->quoteName('user_id') . ' = ' . $this->db->quote($options['user']->username)) ->where($this->db->quoteName('series') . ' = ' . $this->db->quote($series)) ->where($this->db->quoteName('uastring') . ' = ' . $this->db->quote($cookieName)); } $hashed_token = JUserHelper::hashPassword($token); $query ->set($this->db->quoteName('token') . ' = ' . $this->db->quote($hashed_token)); $this->db->setQuery($query)->execute(); return true; } /** * This is where we delete any authentication cookie when a user logs out * * @param array $options Array holding options (length, timeToExpiration) * * @return boolean True on success * * @since 3.2 */ public function onUserAfterLogout($options) { // No remember me for admin if ($this->app->isAdmin()) { return false; } $cookieName = JUserHelper::getShortHashedUserAgent(); $cookieValue = $this->app->input->cookie->get($cookieName); // There are no cookies to delete. if (!$cookieValue) { return true; } $cookieArray = explode('.', $cookieValue); // Filter series since we're going to use it in the query $filter = new JFilterInput; $series = $filter->clean($cookieArray[1], 'ALNUM'); // Remove the record from the database $query = $this->db->getQuery(true); $query ->delete('#__user_keys') ->where($this->db->quoteName('series') . ' = ' . $this->db->quote($series)); $this->db->setQuery($query)->execute(); // Destroy the cookie $this->app->input->cookie->set($cookieName, false, time() - 42000, $this->app->get('cookie_path', '/'), $this->app->get('cookie_domain')); return true; } } PK\Z[Zjoomla/joomla.phpnuW+APK\Z[Vjoomla/index.htmlnuW+APK\Z[M4VV}joomla/joomla.xmlnuW+APK\Z[V index.htmlnuW+APK\Z[ON mldap/ldap.phpnuW+APK\Z[Vs+ldap/index.htmlnuW+APK\Z[wcc +ldap/ldap.xmlnuW+APK\Z[Hq:gmail/gmail.xmlnuW+APK\Z[V|Cgmail/index.htmlnuW+APK\Z[[S@@Cgmail/gmail.php.backupnuW+APK\Z[JaTgmail/gmail.phpnuW+APK\Z[Vfkcookie/index.htmlnuW+APK\Z[Ekcookie/cookie.xmlnuW+APK\Z[N%%rcookie/cookie.phpnuW+APK]]