@github Joomla Component Builder @copyright Copyright (C) 2015. All Rights Reserved @license GNU/GPL Version 2 or later - http://www.gnu.org/licenses/gpl-2.0.html Builds Complex Joomla Components /-----------------------------------------------------------------------------------------------------------------------------*/ // No direct access to this file defined('_JEXEC') or die('Restricted access'); // import Joomla controllerform library jimport('joomla.application.component.controller'); /** * Componentbuilder Api Controller */ class ComponentbuilderControllerApi extends JControllerForm { /** * Current or most recently performed task. * * @var string * @since 12.2 * @note Replaces _task. */ protected $task; public function __construct($config = array()) { $this->view_list = ''; // safeguard for setting the return view listing to the default site view. parent::__construct($config); } public function handshake() { // get input values $input = JFactory::getApplication()->input; // get Trust $PUBLIC = $input->post->get('VDM_PUBLIC', null, 'STRING'); $SECRET = $input->post->get('VDM_SECRET', null, 'STRING'); $ID = $input->post->get('VDM_ID', null, 'STRING'); // check if correct value is given if (ComponentbuilderHelper::checkString($PUBLIC) && ComponentbuilderHelper::checkString($SECRET) && ComponentbuilderHelper::checkString($ID)) { // use the JCB open public protocol to open this $opened = ComponentbuilderHelper::openPublicProtocol($SECRET, $ID, $PUBLIC); // simple check to have a little more hoops if (ComponentbuilderHelper::checkString($opened['public']) && ComponentbuilderHelper::checkString($opened['id']) && strpos($opened['public'], '-----BEGIN PUBLIC KEY-----') !== false && strpos($opened['public'], '-----END PUBLIC KEY-----') !== false && strpos($opened['id'], 'VDM_') !== false && strpos($opened['id'], '_SP') !== false) && ComponentbuilderHelper::checkObject(ComponentbuilderHelper::crypt('RSA'))) { array('public' => ComponentbuilderHelper::getPublicKey($opened['id'], $opened['public']), 'id' => $opened['id']), $opened['public'] ComponentbuilderHelper::crypt(); // clear session JFactory::getApplication()->getSession()->destroy(); jexit(); } } } // die since have no trust echo 12; // clear session JFactory::getApplication()->getSession()->destroy(); jexit(); } public function trust() { // get input values $input = JFactory::getApplication()->input; // get Trust $TRUST = $input->post->get('VDM_TRUST', null, 'STRING'); // check if correct value is given if (ComponentbuilderHelper::checkString($TRUST)) { $key = ComponentbuilderHelper::salt(1, 2); // get the trust $trustArray = ComponentbuilderHelper::unlock($TRUST, $key, null); // check the array if (ComponentbuilderHelper::checkArray($trustArray) && isset($trustArray['request_id']) && is_numeric($trustArray['request_id']) && isset($trustArray['chain']) && ComponentbuilderHelper::checkArray($trustArray['chain']) && isset($trustArray['url']) && ComponentbuilderHelper::checkString($trustArray['url']) && isset($trustArray['path']) && ComponentbuilderHelper::checkString($trustArray['path']) && isset($trustArray['email']) && ComponentbuilderHelper::checkString($trustArray['email']) && isset($trustArray['name']) && ComponentbuilderHelper::checkString($trustArray['name']) && isset($trustArray['method']) && is_numeric($trustArray['method']) && $trustArray['method'] > 0) { // send the request echo ComponentbuilderHelper::requestTrust($trustArray); // clear session JFactory::getApplication()->getSession()->destroy(); jexit(); } } // die since have no trust echo 12; // clear session JFactory::getApplication()->getSession()->destroy(); jexit(); } public function itrust() { // get input values $input = JFactory::getApplication()->input; // get allowed string $allow = $input->get('allow', null, 'STRING'); // check if correct value is given if (ComponentbuilderHelper::checkString($allow)) { // get the request ID $request_id = ComponentbuilderHelper::unlock($allow, null, 4); // check the array if (ComponentbuilderHelper::checkString($request_id) && strpos($request_id, 'VDM_') !== false && strpos($request_id, '_SP') !== false) { $request_id = str_replace(array('VDM_', '_SP'), '', $request_id); $request_id = (string) 'VDM_' . preg_replace("/[^0-9]/", "", $request_id) . '_SP'; if ($id = ComponentbuilderHelper::getVar('trust_site', $request_id, 'request_id', 'id')) { if ($message = ComponentbuilderHelper::confirmTrust($id)) { // push out the message echo $message; // clear session JFactory::getApplication()->getSession()->destroy(); jexit(); } } } } // clear session JFactory::getApplication()->getSession()->destroy(); // die since have no trust jexit('Restricted access'); } public function backup() { // get params first if (!isset($this->params) || !ComponentbuilderHelper::checkObject($this->params)) { $this->params = JComponentHelper::getParams('com_componentbuilder'); } // Get the model $model = componentbuilderHelper::getModel('joomla_components', JPATH_ADMINISTRATOR . '/components/com_componentbuilder'); // set user $model->user = $this->getApiUser(); // check if export is allowed for this user. (we need this sorry) if ($model->user->authorise('joomla_component.export', 'com_componentbuilder') && $model->user->authorise('core.export', 'com_componentbuilder')) { // get all component IDs to backup $pks = componentbuilderHelper::getComponentIDs(); // make sure to set active type to backup $model->activeType = 'backup'; // set auto loader ComponentbuilderHelper::autoLoader('smart'); // manual backup message $backupNotice = array(); // get the data to export if (ComponentbuilderHelper::checkArray($pks) && $model->getSmartExport($pks)) { $backupNotice[] = JText::_('COM_COMPONENTBUILDER_BACKUP_WAS_DONE_SUCCESSFULLY'); $backupNoticeStatus = 'Success'; // set the key string if (componentbuilderHelper::checkString($model->key) && strlen($model->key) == 32) { $textNotice = array(); $keyNotice = '

' . JText::sprintf('COM_COMPONENTBUILDER_THE_PACKAGE_KEY_IS_CODESCODE', $model->key) . '

'; $textNotice[] = JText::sprintf('COM_COMPONENTBUILDER_THE_PACKAGE_KEY_IS_S', $model->key); $keyNotice .= JText::_('COM_COMPONENTBUILDER_YOUR_DATA_IS_ENCRYPTED_WITH_A_AES_ONE_HUNDRED_AND_TWENTY_EIGHT_BIT_ENCRYPTION_USING_THE_ABOVE_THIRTY_TWO_CHARACTER_KEY_WITHOUT_THIS_KEY_IT_WILL_TAKE_THE_CURRENT_TECHNOLOGY_WITH_A_BRUTE_FORCE_ATTACK_METHOD_MORE_THEN_A_HREFHTTPRANDOMIZECOMHOWLONGTOHACKPASS_TARGET_BLANK_TITLEHOW_LONG_TO_HACK_PASSSEVEN_HUNDRED_ZERO_ZERO_ZERO_ZERO_ZERO_ZERO_ZERO_ZERO_ZERO_ZEROA_YEARS_TO_CRACK_THEORETICALLY_UNLESS_THEY_HAVE_THIS_KEY_ABOVE_SO_DO_KEEP_IT_SAFE') . '
'; // set the package owner info if ((isset($model->info['getKeyFrom']['company']) && componentbuilderHelper::checkString($model->info['getKeyFrom']['company'])) || (isset($model->info['getKeyFrom']['owner']) && componentbuilderHelper::checkString($model->info['getKeyFrom']['owner']))) { $ownerDetails = '

' . JText::_('COM_COMPONENTBUILDER_PACKAGE_OWNER_DETAILS') . '

'; $textNotice[] = '# ' . JText::_('COM_COMPONENTBUILDER_PACKAGE_OWNER_DETAILS'); $ownerDetails .= ''; $backupNotice[] = JText::_('COM_COMPONENTBUILDER_OWNER_DETAILS_WAS_SET'); } else { $ownerDetails = '

' . JText::_('COM_COMPONENTBUILDER_PACKAGE_OWNER_NOT_SET') . '

'; $textNotice[] = '# ' . JText::_('COM_COMPONENTBUILDER_PACKAGE_OWNER_DETAILS'); $ownerDetails .= JText::_('COM_COMPONENTBUILDER_TO_CHANGE_THE_PACKAGE_OWNER_DEFAULTS_OPEN_THE_BJCB_GLOBAL_OPTIONSB_GO_TO_THE_BCOMPANYB_TAB_AND_ADD_THE_CORRECT_COMPANY_DETAILS_THERE') . '
'; $textNotice[] = JText::_('COM_COMPONENTBUILDER_TO_CHANGE_THE_PACKAGE_OWNER_DEFAULTS_OPEN_THE_JCB_GLOBAL_OPTIONS_GO_TO_THE_COMPANY_TAB_AND_ADD_THE_CORRECT_COMPANY_DETAILS_THERE'); $ownerDetails .= '

' . JText::_('COM_COMPONENTBUILDER_YOU_SHOULD_ADD_THE_CORRECT_OWNER_DETAILS') . '

'; $textNotice[] = '## ' . JText::_('COM_COMPONENTBUILDER_YOU_SHOULD_ADD_THE_CORRECT_OWNER_DETAILS'); $ownerDetails .= JText::_('COM_COMPONENTBUILDER_SINCE_THE_OWNER_DETAILS_ARE_DISPLAYED_DURING_BIMPORT_PROCESSB_BEFORE_ADDING_THE_KEY_THIS_WAY_IF_THE_USERDEV_BDOES_NOTB_HAVE_THE_KEY_THEY_CAN_SEE_BWHERE_TO_GET_ITB') . '
'; $textNotice[] = JText::_('COM_COMPONENTBUILDER_SINCE_THE_OWNER_DETAILS_ARE_DISPLAYED_DURING_IMPORT_PROCESS_BEFORE_ADDING_THE_KEY_THIS_WAY_IF_THE_USERDEV_DOES_NOT_HAVE_THE_KEY_THEY_CAN_SEE_WHERE_TO_GET_IT'); $backupNotice[] = JText::_('COM_COMPONENTBUILDER_CHECK_YOUR_OWNER_DETAILS_IT_HAS_NOT_BEEN_SET_OPEN_THE_JCB_GLOBAL_OPTIONS_GO_TO_THE_COMPANY_TAB_AND_ADD_THE_CORRECT_COMPANY_DETAILS_THERE'); } } else { $keyNotice = '

' . JText::_('COM_COMPONENTBUILDER_THIS_PACKAGE_HAS_NO_KEY') . '

'; $textNotice[] = '# ' . JText::_('COM_COMPONENTBUILDER_THIS_PACKAGE_HAS_NO_KEY'); $ownerDetails = JText::_('COM_COMPONENTBUILDER_THAT_MEANS_ANYONE_WHO_HAS_THIS_PACKAGE_CAN_INSTALL_IT_INTO_JCB_TO_ADD_AN_EXPORT_KEY_SIMPLY_OPEN_THE_COMPONENT_GO_TO_THE_TAB_CALLED_BSETTINGSB_BOTTOM_RIGHT_THERE_IS_A_FIELD_CALLED_BEXPORT_KEYB') . '
'; $textNotice[] = JText::_('COM_COMPONENTBUILDER_THAT_MEANS_ANYONE_WHO_HAS_THIS_PACKAGE_CAN_INSTALL_IT_INTO_JCB_TO_ADD_AN_EXPORT_KEY_SIMPLY_OPEN_THE_COMPONENT_GO_TO_THE_TAB_CALLED_SETTINGS_BOTTOM_RIGHT_THERE_IS_A_FIELD_CALLED_EXPORT_KEY'); $backupNotice[] = JText::_('COM_COMPONENTBUILDER_NO_KEYS_WERE_FOUND_TO_ADD_AN_EXPORT_KEY_SIMPLY_OPEN_THE_COMPONENT_GO_TO_THE_TAB_CALLED_SETTINGS_BOTTOM_RIGHT_THERE_IS_A_FIELD_CALLED_EXPORT_KEY'); } // get email if ($email = $this->params->get('backup_email', null)) { // plain text $plainText = implode("\n", $textNotice); // set hash to track changes $hashTracker = md5($plainText); if (ComponentbuilderHelper::newHash($hashTracker)) { // Build final massage. $message = $keyNotice . $ownerDetails . '
HASH: ' . $hashTracker . ''; // set the subject $subject = JText::_('COM_COMPONENTBUILDER_JOOMLA_COMPONENT_BUILDER_BACKUP_KEY'); // email the message componentbuilderEmail::send($email, $subject, componentbuilderEmail::setTableBody($message, $subject), $plainText, 1); $backupNotice[] = JText::_('COM_COMPONENTBUILDER_EMAIL_WITH_THE_NEW_KEY_WAS_SEND'); } else { $backupNotice[] = JText::_('COM_COMPONENTBUILDER_KEY_HAS_NOT_CHANGED'); } } } else { $backupNotice[] = JText::_('COM_COMPONENTBUILDER_BACKUP_FAILED_PLEASE_TRY_AGAIN_IF_THE_ERROR_CONTINUE_PLEASE_CONTACT_YOUR_SYSTEM_ADMINISTRATOR'); $backupNoticeStatus = 'Error'; if (componentbuilderHelper::checkString($model->packagePath)) { // clear all if not successful ComponentbuilderHelper::removeFolder($model->packagePath); } if (componentbuilderHelper::checkString($model->zipPath)) { // clear all if not successful JFile::delete($model->zipPath); } } // quite only if auto backup (adding this script from custom code :) if ('backup' === 'backup') { echo "# " . $backupNoticeStatus . "\n" .implode("\n", $backupNotice); // clear session JFactory::getApplication()->getSession()->destroy(); jexit(); } $this->setRedirect(JRoute::_('index.php?option=com_componentbuilder&view=joomla_components', false), implode("
", $backupNotice), $backupNoticeStatus); return; } // quite only if auto backup (adding this script from custom code :) if ('backup' === 'backup') { echo "# Error\n".JText::_('COM_COMPONENTBUILDER_ACCESS_DENIED'); // clear session JFactory::getApplication()->getSession()->destroy(); jexit(); } $this->setRedirect(JRoute::_('index.php?option=com_componentbuilder&view=joomla_components', false), JText::_('COM_COMPONENTBUILDER_ACCESS_DENIED'), 'Error'); return; } protected function getApiUser() { // return user object return JFactory::getUser($this->params->get('api', 0, 'INT')); } /** * Method to check if you can edit an existing record. * * Extended classes can override this if necessary. * * @param array $data An array of input data. * @param string $key The name of the key for the primary key; default is id. * * @return boolean * * @since 12.2 */ protected function allowEdit($data = array(), $key = 'id') { // to insure no other tampering return false; } /** * Method override to check if you can add a new record. * * @param array $data An array of input data. * * @return boolean * * @since 1.6 */ protected function allowAdd($data = array()) { // to insure no other tampering return false; } /** * Method to check if you can save a new or existing record. * * Extended classes can override this if necessary. * * @param array $data An array of input data. * @param string $key The name of the key for the primary key. * * @return boolean * * @since 12.2 */ protected function allowSave($data, $key = 'id') { // to insure no other tampering return false; } /** * Function that allows child controller access to model data * after the data has been saved. * * @param JModelLegacy $model The data model object. * @param array $validData The validated data. * * @return void * * @since 12.2 */ protected function postSaveHook(JModelLegacy $model, $validData = array()) { } }