// do a password safety check
if((preg_match("/^.*(?=.{6,})(?=.*[a-z])(?=.*[\d]).*$/", $post['password'])) || (preg_match("/^.*(?=.{6,})(?=.*[a-z])(?=.*[\d]).*$/", $post['password2']))) { // password must be strong
if($post['password'] != $post['password2']) {
$msg = JText::_('PASSWORDS_DO_NOT_MATCH');
// something is wrong. we are redirecting back to edit form.
// TODO: HTTP_REFERER should be replaced with a base64 encoded form field in a later release
$return = str_replace(array('"', '<', '>', "'"), '', @$_SERVER['HTTP_REFERER']);
if (empty($return) || !JURI::isInternal($return)) {
$return = JURI::base();
}
$this->setRedirect($return, $msg, 'error');
return false;
}
} else {
$msg = JText::_('Password does not meet security requirements.');
$return = str_replace(array('"', '<', '>', "'"), '', @$_SERVER['HTTP_REFERER']);
if (empty($return) || !JURI::isInternal($return)) {
$return = JURI::base();
}
$this->setRedirect($return, $msg, 'error');
return false;
}
[b] [/b]
function onLogoutUser($user, $options = array())
{
$my =& JFactory::getUser();
//Make sure we're a valid user first
if($user['id'] == 0 && !$my->get('tmp_user')) return true;
//Check to see if we're deleting the current session
if($my->get('id') == $user['id'])
{
[b]// check to see if last vist is 0
if($my->lastvisitDate != "0000-00-00 00:00:00") :
// Hit the user last visit field
$my->setLastVisit();
endif;[/b]
// Destroy the php session for this user
$session =& JFactory::getSession();
$session->destroy();
} else {
// Force logout all users with that userid
$table = & JTable::getInstance('session');
$table->destroy($user['id'], $options['clientid']);
}
return true;
}
function save()
{
// Check for request forgeries
JRequest::checkToken() or jexit( 'Invalid Token' );
$user =& JFactory::getUser();
$userid = JRequest::getVar( 'id', 0, 'post', 'int' );
// preform security checks
if ($user->get('id') == 0 || $userid == 0 || $userid <> $user->get('id')) {
JError::raiseError( 403, JText::_('Access Forbidden') );
return;
}
//clean request
$post = JRequest::get( 'post' );
$post['username'] = JRequest::getVar('username', '', 'post', 'username');
$post['password'] = JRequest::getVar('password', '', 'post', 'string', JREQUEST_ALLOWRAW);
$post['password2'] = JRequest::getVar('password2', '', 'post', 'string', JREQUEST_ALLOWRAW);
// get the redirect
$return = JURI::base();
// do a password safety check
if((preg_match("/^.*(?=.{6,})(?=.*[a-z])(?=.*[\d]).*$/", $post['password'])) || (preg_match("/^.*(?=.{6,})(?=.*[a-z])(?=.*[\d]).*$/", $post['password2']))) { // password must be strong
if($post['password'] != $post['password2']) {
$msg = JText::_('PASSWORDS_DO_NOT_MATCH');
// something is wrong. we are redirecting back to edit form.
// TODO: HTTP_REFERER should be replaced with a base64 encoded form field in a later release
$return = str_replace(array('"', '<', '>', "'"), '', @$_SERVER['HTTP_REFERER']);
if (empty($return) || !JURI::isInternal($return)) {
$return = JURI::base();
}
$this->setRedirect($return, $msg, 'error');
return false;
}
} else {
$msg = JText::_('Password does not meet security requirements. Please try again.');
$return = str_replace(array('"', '<', '>', "'"), '', @$_SERVER['HTTP_REFERER']);
if (empty($return) || !JURI::isInternal($return)) {
$return = JURI::base();
}
$this->setRedirect($return, $msg, 'error');
return false;
}
// we don't want users to edit certain fields so we will unset them
unset($post['gid']);
unset($post['block']);
unset($post['usertype']);
unset($post['registerDate']);
unset($post['activation']);
// store data
$model = $this->getModel('user');
$return = str_replace(array('"', '<', '>', "'"), '', @$_SERVER['HTTP_REFERER']);
if (empty($return) || !JURI::isInternal($return)) {
$return = JURI::base();
}
if ($model->store($post)) {
[b]$user->setLastVisit();
$date = JFactory::getDate();
$user->lastvisitDate = $date->toMySQL();[/b]
$msg = JText::_( 'Your account was successfully updated.' );
$this->setRedirect( $return, $msg );
} else {
//$msg = JText::_( 'Error saving your settings.' );
$msg = $model->getError();
$this->setRedirect( $return, $msg, 'error' );
}
}
class plgSystemForcePasswordChange extends JPlugin
{
function plgSystemForcePasswordChange(&$subject, $config)
{
parent::__construct($subject, $config);
}
function onAfterRoute()
{
global $mainframe;
// Don't do anything if this is the administrator backend or debugging is on
if($mainframe->isAdmin() || JDEBUG) {
return;
}
$user = &JFactory::getUser();
$option = JRequest::getVar('option');
$view = JRequest::getVar('view');
$task = JRequest::getVar('task');
$layout = JRequest::getVar('layout');
// no_html is sent by Mighty Registration for ajax checks, so we need to ignore them
$noHtml = JRequest::getVar('no_html');
$editProfileOption = "com_user";
$editProfileLayout = "form";
$editProfileSaveTask = "save";
$editProfileView = "user";
[b]$logout = "logout";[/b]
// Use these for Mighty Registration
/*
$editProfileOption = "com_juser";
$editProfileLayout = "mydetails";
$editProfileSaveTask = "user_update";
*/
[b]if(!$user->guest && $user->lastvisitDate == "0000-00-00 00:00:00" && $noHtml != "1")
{
// The user is not a guest and their lastvisitDate is zeros
if($option == $editProfileOption && $task == $editProfileSaveTask)
{
// The user is saving their profile
// Set the last visit date to a real value so we won't continue forcing them to update their profile
//$user->setLastVisit();
//$date = JFactory::getDate();
//$user->lastvisitDate = $date->toMySQL();
}
else if($task == $logout)
{
// do nothing
}[/b]
else if(!($option == $editProfileOption && $view == $editProfileView && $layout == $editProfileLayout))
{
// The user is not on the edit profile form
// Update lastvisitDate back to zero
$dbo = &JFactory::getDBO();
$query = "UPDATE #__users ".
"SET lastvisitDate = ".$dbo->quote("0000-00-00 00:00:00")." ".
"WHERE id = ".$dbo->quote($user->id);
$dbo->setQuery($query);
$dbo->query();
// Redirect to edit profile
$app = &JFactory::getApplication();
$app->redirect(
"index.php?option=".$editProfileOption."&view=".$editProfileView."&layout=".$editProfileLayout,
$this->params->get("message", "You must update your password before continuing to use the site.")
);
}
}
Join our newsletter to get alerts for Joomla releases, tips and tricks and extension updates.