File Manager

Current Directory: /home/astoriaah/www/old15/plugins/system/admintools/feature
Viewing File: /home/astoriaah/www/old15/plugins/system/admintools/feature/secretword.php
<?php /** * @package AdminTools * @copyright Copyright (c)2010-2015 Nicholas K. Dionysopoulos * @license GNU General Public License version 3, or later */ defined('_JEXEC') or die; class AtsystemFeatureSecretword extends AtsystemFeatureAbstract { protected $loadOrder = 60; /** * Is this feature enabled? * * @return bool */ public function isEnabled() { if (!F0FPlatform::getInstance()->isBackend()) { return false; } $password = $this->cparams->getValue('adminpw', ''); return !empty($password); } public function onAfterInitialise() { if ($this->isAdminAccessAttempt()) { $this->checkSecretWord(); return; } // If there is an administrator secret word set, upon logout redirect to the site's home page $password = $this->cparams->getValue('adminpw', ''); if (!empty($password)) { $input = $this->input; $option = $input->getCmd('option', ''); $task = $input->getCmd('task', ''); $uid = $input->getInt('uid', 0); $loggingMeOut = true; if (version_compare(JVERSION, '3.0.0', 'ge') && !empty($uid)) { $myUID = JFactory::getUser()->id; $loggingMeOut = ($myUID == $uid); } if (($option == 'com_login') && ($task == 'logout') && $loggingMeOut) { $input = $this->app->input; $method = $input->getMethod(); // Yes, Joomla! 2.5 and Joomla! 3.2 are still using JRequest... if (version_compare(JVERSION, '3.3.0', 'lt')) { JRequest::setVar('return', base64_encode('index.php?' . urlencode($password))); } $input->$method->set('return', base64_encode('index.php?' . urlencode($password))); } } } /** * Checks if the secret word is set in the URL query, or redirects the user * back to the home page. */ protected function checkSecretWord() { $password = $this->cparams->getValue('adminpw', ''); $myURI = JURI::getInstance(); // If the "password" query param is not defined, the default value // "thisisnotgood" is returned. If it is defined, it will return null or // the value after the equal sign. $check = $myURI->getVar($password, 'thisisnotgood'); if ($check == 'thisisnotgood') { // Uh oh... Unauthorized access! Let's redirect the intruder back to the site's home page. if (!$this->exceptionsHandler->logAndAutoban('adminpw')) { return; } $this->redirectAdminToHome(); } } }