| Server IP : 54.36.91.62 / Your IP : 216.73.217.112 Web Server : Apache System : Linux webm013.cluster127.gra.hosting.ovh.net 5.15.206-ovh-vps-grsec-zfs-classid #1 SMP Fri May 15 02:41:25 UTC 2026 x86_64 User : coopiak ( 151928) PHP Version : 8.3.23 Disable Function : _dyuweyrj4,_dyuweyrj4r,dl MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /home/coopiak/amisdesseniors-fr/components/com_jlexreview/models/ |
Upload File : |
<?php
/**
* @package JLex Review
* @version 4.2.3
* @copyright Copyright (c) 2013-2018 JLexArt. All rights reserved
* @license GNU General Public License version 2 or later;
* @author www.jlexart.com
*/
defined ( "_JEXEC" ) or die;
class JLexReviewModelOAuth extends JModelLegacy
{
public function action()
{
$app = JFactory::getApplication ();
$session = JFactory::getSession ();
$config = JLexReviewHelperAdmin::getConfig();
$case = $app->getInput()->getCmd('type','fb');
$jUser = JFactory::getUser ();
if ($jUser->id>0) return true; // user registered.
$support = array('fb', 'google', 'twitter', 'vk');
if(!in_array($case, $support))
{
throw new Exception(JText::_("JR_PAGE_NOT_FOUND"), 404);
return false;
}
// all data from new user will stored it
$ssl = JUri::getInstance()->isSSL();
$data = array ();
$jUser = JFactory::getUser(0);
$extraProfile = array('auth' => $case);
$app_name = 'Facebook';
$app_enable = 'fb_login';
$app_id = 'fb_app_id';
$app_secret = 'fb_app_secret';
switch ($case) {
case 'google':
$app_name = 'Google';
$app_enable = 'gg_login';
$app_id = 'gg_app_id';
$app_secret = 'gg_app_secret';
break;
case 'twitter':
$app_name = 'Twitter';
$app_enable = 'tw_login';
$app_id = 'tw_app_key';
$app_secret = 'tw_app_secret';
break;
case 'vk':
$app_name = 'VKontakte';
$app_enable = 'vk_login';
$app_id = 'vk_id';
$app_secret = 'vk_secret';
break;
}
if(!$config->get($app_enable,0))
{
throw new Exception(JText::_("JR_PAGE_NOT_FOUND"), 404);
return false;
}
$app_id = trim($config->get($app_id,''));
$app_secret = trim($config->get($app_secret,''));
if(trim($app_id)==''||trim($app_secret)=='')
{
$this->setError(jtext::sprintf('JR_YOU_MUST_SET_APP_ID_AND_APP_SECRET_FOR_APP',$app_name));
return false;
}
switch($case)
{
case 'fb':
// facebook sdk
require_once( dirname ( __FILE__ ) . '/oauth/Facebook/autoload.php' );
$access = $app->getInput()->getBool("access",false);
$redirect = JRoute::_('index.php?option=com_jlexreview&view=profile&task=oauth&type=fb&access=1',false,($ssl?1:2));
$fb = new Facebook\Facebook(array(
'app_id' => $app_id,
'app_secret' => $app_secret,
'default_graph_version' => 'v2.5',
));
$helper = $fb->getRedirectLoginHelper();
if ($access)
{
$access_denied = $app->getInput()->getCmd('error','')=='access_denied';
if($access_denied)
{
// user not share permission
$error_msg = $app->getInput()->getString('error_description','');
$url_issue = JRoute::_('index.php?option=com_jlexreview&task=oauth.issue&issue_msg='.$error_msg,false);
$app->redirect();
return;
}
if(!array_key_exists('code',$_GET))
{
$_GET['code'] = $app->getInput()->get('code','');
$_GET['state'] = $app->getInput()->get('state','');
}
try {
$accessToken = $helper->getAccessToken($redirect);
} catch(Facebook\Exceptions\FacebookResponseException $e) {
// When Graph returns an error
$this->setError('Graph returned an error: ' . $e->getMessage());
return false;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
// When validation fails or other local issues
$this->setError('Facebook SDK returned an error: ' . $e->getMessage());
return false;
}
try
{
$response = $fb->get('/me?fields=id,name,email', $accessToken->getValue());
} catch(Facebook\Exceptions\FacebookResponseException $e) {
// When Graph returns an error
$this->setError('ERROR: Graph ' . $e->getMessage());
return false;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
// When validation fails or other local issues
$this->setError('ERROR: validation fails ' . $e->getMessage());
return false;
}
$me = $response->getGraphUser();
$data['name'] = $me->getProperty('name');
$data['username'] = $me->getProperty('name');
$data['email'] = $me->getProperty('email');
$extraProfile['auth_id'] = $me->getProperty('id');
$extraProfile['auth_url'] = 'https://www.facebook.com/' . $me->getProperty('id');
$extraProfile['auth_picture'] = 'https://graph.facebook.com/' . $me->getProperty('id') . '/picture?width=200&height=200';
} else {
// get login url
$permissions = array("email");
$loginUrl = $helper->getLoginUrl($redirect, $permissions);
$app->redirect( $loginUrl . '&display=popup');
return;
}
break;
case 'google':
$redirect = urlencode ( JURI::root () . 'index.php?option=com_jlexreview&view=profile&task=oauth&type=google' );
$code = $app->getInput()->getString('code','');
if(empty($code))
{
$scope = urlencode ( 'https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email' );
$params = array (
'response_type=code',
'redirect_uri=' . $redirect,
'client_id=' . $app_id,
'scope=' . $scope
);
$params = implode('&',$params);
$url = 'https://accounts.google.com/o/oauth2/auth?' . $params;
$app->redirect($url );
$app->close();
}
// Checking token
$scope = urlencode ( 'https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email' );
$params = array (
'client_id=' . $app_id,
'client_secret=' . $app_secret,
'grant_type=authorization_code',
'code=' . $code,
'redirect_uri=' . $redirect,
'scope=' . $scope
);
$params = implode ( '&', $params );
$url = 'https://accounts.google.com/o/oauth2/token';
// Request URL to get access token
$request = json_decode(JLexReviewHelperSite::getUrl($url,true,$params));
if (empty($request))
{
$this->setError(JText::sprintf('JR_COULD_NOT_GET_RESPONSE_FROM_SERVICE','Google'));
return false;
}
$url = 'https://www.googleapis.com/oauth2/v1/userinfo?access_token='.$request->access_token;
$request = json_decode(JLexReviewHelperSite::getUrl($url));
if (empty($request))
{
$this->setError(JText::sprintf('JR_COULD_NOT_GET_RESPONSE_FROM_SERVICE','Google'));
return false;
} elseif(!empty($request->error)) {
$this->setError($request->error);
return false;
}
// assign profile data
$data ['name'] = $request->given_name . ' ' . $request->family_name;
$data ['username'] = $request->given_name . '_' . $request->family_name;
$data ['email'] = $request->email;
/*
* ID: $request->id Avatar:
* $request->picture?$request->picture:false;
*/
$extraProfile ['auth_id'] = $request->id;
$extraProfile ['auth_url'] = '';
$extraProfile ['auth_picture'] = isset ( $request->picture ) ? $request->picture : '';
break;
case 'twitter':
$OAUTH_CALLBACK = JUri::root () . 'index.php?option=com_jlexreview&view=profile&task=oauth&type=twitter';
require_once (dirname ( __FILE__ ) . '/oauth/twitteroauth/twitteroauth.php');
$oauth_token = $app->getInput()->getString('oauth_token', 0);
$oauth_verifier = $app->getInput()->getString('oauth_verifier', 0);
if (empty($oauth_token) || empty($oauth_verifier)) {
$connection = new TwitterOAuth ( $app_id, $app_secret );
$request_token = $connection->getRequestToken ( $OAUTH_CALLBACK );
if ($request_token) {
$token = $request_token ['oauth_token'];
$session->set ( 'tw_request_token', $token );
$session->set ( 'tw_request_token_secret', $request_token ['oauth_token_secret'] );
if ($connection->http_code == 200) {
$url = $connection->getAuthorizeURL ( $token );
$app->redirect ( $url );
$app->close ();
}
$this->setError ( "Connection with Twitter failed" );
return false;
}
$this->setError("Error Receiving Request Token");
return false;
}
$connection = new TwitterOAuth ( $app_id, $app_secret, $session->get('tw_request_token'), $session->get('tw_request_token_secret') );
$access_token = $connection->getAccessToken ( $oauth_verifier );
if (!$access_token) {
$this->setError("Login Error");
return false;
}
$connection = new TwitterOAuth ( $app_id, $app_secret, $access_token ['oauth_token'], $access_token ['oauth_token_secret'] );
$params = ['include_entities'=>false, 'include_email' => 'true'];
$content = $connection->get( 'account/verify_credentials', $params );
if ($content && isset ( $content->screen_name ) && isset ( $content->name )) {
$data ['name'] = $content->name;
$data ['username'] = $content->screen_name;
$data['email'] = isset($content->email) ? $content->email : ('tw_' . $content->id . '@twitter.com');
$extraProfile ['auth_id'] = $content->id;
$extraProfile ['auth_url'] = 'https://twitter.com/' . $content->screen_name;
$extraProfile ['auth_picture'] = str_replace("http://", "https://", $content->profile_image_url);
} else {
$this->setError ( JText::_("JR_TWITTER_USER_ERROR") );
return false;
}
break;
case 'vk':
$scope = 'email';
$version = '5.81';
$redirect_url = JUri::root().'index.php?option=com_jlexreview&view=profile&task=oauth&type=vk&callback=1';
$request_url = 'https://oauth.vk.com/authorize?client_id='.$app_id.'&display=popup&redirect_uri='.urlencode($redirect_url).'&scope='.$scope.'&response_type=code&v='.$version;
$callback = $app->getInput()->getBool('callback',false);
if(!$callback)
{
// authentication require.
$app->redirect($request_url);
return;
}
$code = $app->getInput()->getString('code','');
$error = $app->getInput()->getCmd('error','');
$msg = $app->getInput()->getString('error_description','');
if(preg_match('/^\s*$/',$code) || $error!='')
{
// return to error page.
$this->setError(jtext::sprintf('JR_PRINT_ERROR', $msg));
return;
}
// get email & access_token
$access_request_url = 'https://oauth.vk.com/access_token?client_id='.$app_id.'&client_secret='.$app_secret.'&redirect_uri='.urlencode($redirect_url).'&code='.$code;
// run request
$response = json_decode(JLexReviewHelperSite::getUrl($access_request_url));
if(!$response || !is_object($response))
{
$this->setError(JText::sprintf('JR_COULD_NOT_GET_RESPONSE_FROM_SERVICE', 'VKontakte'));
return;
}
if(isset($response->error))
{
// $response->error
// $response->error_description
$this->setError(JText::sprintf('JR_PRINT_ERROR', $response->error_description));
return;
}
$data['email']=$response->email;
// get basic information
$basic_info_url = 'https://api.vk.com/method/getProfiles?uid='.$response->user_id.'&access_token='.$response->access_token.'&fields=photo_200,screen_name&v='.$version;
// run request
$response = json_decode(JLexReviewHelperSite::getUrl($basic_info_url));
if(!$response || !is_object($response))
{
$this->setError(JText::sprintf('JR_COULD_NOT_GET_RESPONSE_FROM_SERVICE', 'VKontakte'));
return;
}
if(isset($response->error))
{
// $response->error
// $response->error->error_msg
$this->setError(JText::sprintf('JR_PRINT_ERROR', $response->error_description));
return;
}
// finally :)
$user_info = $response->response[0];
$data['name'] = $user_info->first_name.' '.$user_info->last_name;
$data['username'] = $user_info->screen_name;
$extraProfile['auth_id'] = $user_info->id;
$extraProfile['auth_picture'] = $user_info->photo_200;
break;
}
$data ['usertype'] = 'deprecated';
$data ['groups'] = array (
2
);
$data ['registerDate'] = JFactory::getDate ()->toSQL ();
$data ['password'] = JUserHelper::genRandomPassword ();
$data ['password2'] = $data ['password'];
$data ['sendEmail'] = 0;
$data ['block'] = 0;
// check if user exist
$exist = $this->getUserByEmail($data['email']);
if ($exist)
{
// modify user table
$extraProfile['userid'] = $exist->id;
$extraProfile['created'] = JFactory::getDate()->toSql();
$this->__jlexUser($extraProfile);
// change password
$randPassword = $this->randomkeys ();
$newPassword = JUserHelper::hashPassword ( $randPassword );
$this->_db->setQuery("UPDATE #__users SET password=" . $this->_db->quote($newPassword) . " WHERE id=" . $exist->id)->execute();
// try login
$credentials = array ();
$credentials ['username'] = $exist->username;
$credentials ['password'] = $randPassword;
$result = $app->login ( $credentials );
// re-change password
$this->_db->setQuery("UPDATE #__users SET password=" . $this->_db->quote($exist->password) . " WHERE id=" . $exist->id )->execute();
if($result) return true;
$this->setError(JText::_("JR_THE_ACCOUNT_BLOCKED"));
return false;
}
// Safe username
$username = (string) preg_replace ( '/[^A-z0-9_]/i', '', strtolower ( $data ['username'] ) );
if (strlen($username)<2)
{
$username .= '_user';
}
// username must be unique
if ($this->checkUsername($username))
{
$i = 1;
$user_login_tmp = $username;
do {
$user_login_tmp = $username . ($i ++);
} while ( $this->checkUsername ( $user_login_tmp ) );
// unique user login
$username = $user_login_tmp;
}
$data ['username'] = $username;
// Register a new user
if (! $jUser->bind ( $data )) {
$msg = JText::_ ( 'JR_COULD_NOT_BIND_DATA_TO_USER' ) . ': ' . JText::_ ( $jUser->getError () );
$this->setError ( $msg );
return false;
}
// save the user
if (! $jUser->save ()) {
$msg = JText::_ ( 'JR_COULD_NOT_CREATE_USER' ) . ': ' . JText::_ ( $jUser->getError () );
$this->setError ( $msg );
return false;
}
// assign to JLex User table
$extraProfile ['userid'] = $jUser->id;
$extraProfile ['created'] = JFactory::getDate()->toSql();
$this->__jlexUser($extraProfile);
// Login
$credentials = array();
$credentials ['username'] = $data['username'];
$credentials ['password'] = $data['password2'];
// send an welcome email
if($config->get("social_mail",0))
{
$caption = jtext::sprintf("JR_MAIL_SOCIAL_SUBJECT", JFactory::getConfig()->get("sitename"), ucfirst($case=="fb"?"Facebook":$case));
JLexReviewHelperAdmin::getAlert()->freeSend($data["email"], "social", [
"name" => $data["name"],
"email" => $data["email"],
"case" => $case,
"caption" => $caption
]);
}
$result = $app->login($credentials);
if(!$result)
{
$this->setError(JText::_("JR_COULD_NOT_LOGIN"));
return false;
}
return true;
}
protected function __jlexUser($data)
{
if(!array_key_exists('userid',$data)) return;
$query = $this->_db->getQuery(true);
$query->select('*')
->from('#__jlexreview_users')
->where('userid=' . $data['userid']);
$result = $this->_db->setQuery($query)->loadObject();
if($result)
{
// update
$query->clear()
->update($this->_db->quoteName('#__jlexreview_users'))
->set($this->_db->quoteName('auth_picture').'='.$this->_db->quote($data['auth_picture']))
->where($this->_db->quoteName('userid').'='.$data['userid']);
} else {
// add new
$columns = array();
$values = array();
foreach($data as $k=>$v)
{
$columns[]=$k;
$values[]=$this->_db->quote($v);
}
$query->clear()
->insert($this->_db->quoteName('#__jlexreview_users'))
->columns($this->_db->quoteName($columns))
->values(implode(',', $values));
}
$this->_db->setQuery($query)->execute();
return true;
}
/**
* Check username is available
*
* @param string $username
* @return boolean
*/
protected function checkUsername ($username)
{
$query = "SELECT id FROM #__users WHERE username = " . $this->_db->quote($username);
$uid = $this->_db->setQuery($query)->loadResult();
// done
return ! $uid ? false : $uid*1;
}
/**
* Check username is available base on email
*
* @param string $username
* @return object | boolean
*/
protected function getUserByEmail ($email)
{
// get user for username
$query = "SELECT id,username,password FROM #__users WHERE email = " . $this->_db->quote($email);
$user = $this->_db->setQuery($query)->loadObject();
// done
return $user ? $user : false;
}
/**
* Get random key use for pw or anything
*
* @param int $length
* @return string
*/
protected function randomkeys ($length = 5)
{
$pattern = "ABCDEFGHIJKLMNOPQRSTUVWXYZ123456789abcdefghijklmnopqrstuvwxyz";
$key = '';
for($i = 0; $i < $length; $i ++) {
$key.= $pattern[rand(0, strlen($pattern)-1)];
}
return $key;
}
}