How to disable TFA (Two factor authentication) - joomla

I enabled TFA in Joomla 3.2 and it worked fine, but my smartphone is unaccessible.
Then I cannot go in backend and I tried to disable the plugin plg_twofactorauth_totp in database but it stay enabled.
Disabling by rename the folder hide Secret Key input, but I wasn't able to login.

Go to your MySQL database for joomla, go to the users table. Clear the value of otpKey. you should be able to login without a key now.

https://gist.github.com/medigeek/28a047be0d0d527a95769130a6faf559
This code will disable two-factor auth plugins and clear keys for Joomla! Super Users.
This script disables Joomla!'s two factor authentication plugin and clears the otpKey and otep values for Super Users. It allows you to login when you aren't able to use Google authenticator for any reason.
Usage:
Place it in the Joomla! 3.x root dir (where configuration.php and index.php are) and run it. Then login and leave the security key field empty.
Warning: Use with caution. Backup before use!
Snapshot of the code
<?php
/* This script disables Joomla!'s two factor authentication
* plugin and clears the otpKey and otep values for Super
* Users. It allows you to login when you aren't able to
* use Google authenticator for any reason.
* Usage:
* Place it in the Joomla! 3.x root dir (where configuration.php
* and index.php are) and run it. Then login and leave the
* security key field empty.
* Warning: Use with caution. Backup before use.
*/
define('_JEXEC', 1);
define('JPATH_BASE', __DIR__);
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Load system defines
if (file_exists(JPATH_BASE . '/defines.php')) { require_once JPATH_BASE . '/defines.php'; }
if (!defined('_JDEFINES')) { require_once JPATH_BASE . '/includes/defines.php'; }
require_once JPATH_LIBRARIES . '/import.legacy.php'; // Get the framework.
require_once JPATH_LIBRARIES . '/cms.php'; // Bootstrap the CMS libraries.
class Reset2FA extends JApplicationCli
{
public function execute()
{
$this->out('Initialising');
$db = JFactory::getDbo();
$query = $db->getQuery(true);
$query2 = $db->getQuery(true);
//get users by group: (array of integers)
$sadminids = JAccess::getUsersByGroup(8); // 8 = Super Users
$strsadminids = implode(',', $sadminids);
$this->out(sprintf('Super User IDs: %s', $strsadminids));
$this->out('Disabling twofactorauth plugin (totp and yubikey)');
// Fields to update.
$fields = array(sprintf('%s = 0', $db->quoteName('enabled')));
// Conditions for which records should be updated.
// plg_twofactorauth_totp
// plg_twofactorauth_yubikey
$conditions = array(sprintf('%s LIKE %s', $db->quoteName('name'), $db->quote('plg_twofactorauth_%')));
$query->update($db->quoteName('#__extensions'))->set($fields)->where($conditions);
$db->setQuery($query);
$result = $db->execute();
$this->out('Disabling/clearing otpKey and otep for all Super Users');
// UPDATE 2
$fields2 = array(
$db->quoteName('otpKey') . " = ''",
$db->quoteName('otep') . " = ''",
);
// Conditions for which records should be updated.
// otpKey
// otep
$conditions2 = array(
$db->quoteName('otpKey') . " != ''",
$db->quoteName('otep') . " != ''",
sprintf('%s IN (%s)', $db->quoteName('id'), $strsadminids)
);
$query2->update($db->quoteName('#__users'))->set($fields2)->where($conditions2);
$db->setQuery($query2);
$result2 = $db->execute();
$this->out('Done');
}
}
JApplicationCli::getInstance('Reset2FA')->execute();
?>

Related

Magento Admin Create Order not showing Custom Options

I have simple products with custom options in my store. They work perfectly from the front end, but if I try to add an order from the admin section, The custom options do not show up.
I only have this problem if the type of custom option is a dropdown, multi select, radio buttons, or check boxes. If it is a text field, date or anything else, it works fine.
I am assumming i need to make some changes to something in the /www/app/design/adminhtml/default/default/template/sales/order/create area, but no clue what i should try.
Looking a bit further, I found this /www/app/code/core/Mage/Adminhtml/Block/Sales/Order/Create/Items/grid.php
/**
* Get Custom Options of item
*
* #param Mage_Sales_Model_Quote_Item $item
* #return array
*/
public function getCustomOptions(Mage_Sales_Model_Quote_Item $item)
{
$optionStr = '';
$this->_moveToCustomerStorage = true;
if ($optionIds = $item->getOptionByCode('option_ids')) {
foreach (explode(',', $optionIds->getValue()) as $optionId) {
if ($option = $item->getProduct()->getOptionById($optionId)) {
$optionValue = $item->getOptionByCode('option_' . $option->getId())->getValue();
$optionStr .= $option->getTitle() . ':';
$quoteItemOption = $item->getOptionByCode('option_' . $option->getId());
$group = $option->groupFactory($option->getType())
->setOption($option)
->setQuoteItemOption($quoteItemOption);
$optionStr .= $group->getEditableOptionValue($quoteItemOption->getValue());
$optionStr .= "\n";
}
}
}
return $optionStr;
}
The best way to find the correct template path is to turn on admin template hints.
By default magento does not provide a way to accomplish from the admin, but you can easily accomplish this using one of these methods Enable template path hint in admin pages - Magento

Calling controllers dynamically

I'm attempting to create dynamic routing in Laravel for my controllers - I know this can be done in Kohana, but I've been unsuccessful trying to get it working with Laravel.
This is what I have right now:
Route::get('/{controller}/{action?}/{id?}'...
So I would like to call controller/method($id) with that.
Ideally this is what I would like to do:
Route::get('/{controller}/{action?}/{id?}', $controller . '#' . $action);
And have it dynamically call $controller::$action.
I've tried doing this:
Route::get('/{controller}/{action?}/{id?}', function($controller, $action = null, $id = null)
{
$controller = new $controller();
$controller->$action();
});
But I get an error message: Class Controller does not exist.
So it appears that Laravel is not including all the necessary files when the controller extends the BaseController.
If I use $controller::$action() it tells me I can't call a non-static function statically.
Any ideas for how to make this work?
You can auto register all controllers in one fell swoop:
Route::controller( Controller::detect() );
If you're using Laravel 4 (as your tag implies), you can't use Controller::detect() anymore. You'll have to manually register all the controllers you want to use.
After reading that Laravel doesn’t support this anymore, I came up with this solution:
$uri = $_SERVER['REQUEST_URI'];
$results = array();
preg_match('#^\/(\w+)?\/?(\w+)?\/?(\w+)?\/?#', $_SERVER['REQUEST_URI'], $results);
// set the default controller to landing
$controller = (empty($results[1])) ? 'landing' : $results[1];
// set the default method to index
$method = (empty($results[2])) ? 'index' : $results[2];
Route::get('{controller?}/{action?}/{id?}', $controller . '#' . $method);
// now we just need to catch and process the error if no controller#method exists.

joomla 2.5 ajax api

I would like to setup some little ajax support for my joomla page, in detail: I would like to send logging messages from the frontend to the backend via ajax and store them in database.
In drupal this can be done by adding a path and a callback inside a module, so how can this be achieved in joomla 2.5, so that there is an url like:
http://www.domain.com/log which leads to a function call?
Greetings..
The proper way would be to create a component to handle the call, but as you write most of the time it seems a bit overkill for just a module.
Another way would be to create a standalone php-file that uses the Joomla-library. This file could then easily be called from wherever you like. It's like a mini-version of Joomla with the advantage of having all libraries available:
define( 'DS', DIRECTORY_SEPARATOR );
if (!defined('JPATH_BASE')){
define('JPATH_BASE', '..'.DS.'..'.DS.'..');
}
define('JPATH_LIBRARIES', JPATH_BASE . DS . 'libraries');
require_once JPATH_LIBRARIES . DS . 'import.php';
$var = JRequest::getVar('my_var');
To access the DB-object, you would need to manually set the options to the DB-object since this file won't access the configuration files (you can program this of course).
$option = array(); //prevent problems
$option['driver']   = 'mysql';            // Database driver name
$option['host']     = 'db.myhost.com';    // Database host name
$option['user']     = 'myuser';       // User for database authentication
$option['password'] = 'mypass';   // Password for database authentication
$option['database'] = 'bigdatabase';      // Database name
$option['prefix']   = 'abc_';             // Database prefix (may be empty)
$db = & JDatabase::getInstance( $option );

jomsocial groups and events integration

I am trying to integrate jomsocial events with jomsocial groups.
What i am trying to achieve is to automatically create a group when the event is being created.
Would anyone have some hints regarding such functionality?
The approach i have in mind is to utilize a function onEventCreate($event) from jomsocial API
to call the group creation mechanism. Is that the right way to do it?
Yes, this is the approach I'd take.
You can find method save() in groups.php controller. There you've got all of the required code to implement this.
The rough code :
$my =& CFactory::getUser();
$config =& CFactory::getConfig();
$group =& JTable::getInstance( 'Group' , 'CTable' );
$group->name = $name;
$group->description = $description;
$group->categoryid = $categoryId; // Category Id must not be empty and will cause failure on this group if its empty.
$group->website = $website;
$group->ownerid = $my->id;
$group->created = gmdate('Y-m-d H:i:s');
$group->approvals = 0;
$params = new CParameter( '' );
// Here you need some code from private _bindParams()
$group->params = $params->toString();
$group->published = ( $config->get('moderategroupcreation') ) ? 0 : 1;
$group->store();
// Other useful stuff:
// - store the creator / admin into the groups members table
// - add into activity stream

How to implement login and register?

I have two forms: (login form, register form) and they submitted to my component.
Login form:
I want to check login and pass and set status to "logged" in joomla.
Register form:
I want register new user in joomla.
How to do it?
$inplogin = JRequest::getVar('inplogin');
$inppass = JRequest::getVar('inppass');
???? JFactory::login($inplogin, $inppass); ????
???? JFactory::registeruser($inplogin, $inppass); ????
???
For Login
$result = JFactory::getApplication()->login(array('username'=>$username, 'password'=>$password));
For Registration
require_once JPATH_ROOT.DS.'components'.DS.'com_users'.DS.'models'.DS.'registration.php';
$model = new UsersModelRegistration();
jimport('joomla.mail.helper');
// Attempt to save the data.
jimport('joomla.user.helper');
$username = ; //your user name here
$password = ; //your password here
$data = array( 'username'=>$email,'name'=>$email,'email1'=>$email,'password1'=>$password, 'password2'=>$password, 'block'=>1 );
$return = $model->register($data);
I don't see how this is related specifically to joomla.
you need to use the same $_SESSION variable in both cases. after you declare the variable, you can check on the beginning of your index page if this var exists (and if so, whether the credentials are correct or not). something like:
<?php
session_start();
if (!isset($_SESSION['logged']) {
header("location:login.php");
exit();
}
?>
you can use JUser::bind($userData) and JUser::save($userData) for registering the user.
Expanding upon Gaurav's answer:
If you're using just the Joomla framework and you don't have a site loaded, you will still need to initialize the site.
That said, these two lines should do the trick:
$app = JFactory::getApplication('site');
$app->initialise();

Resources