diff options
Diffstat (limited to 'plugins/Login/Controller.php')
-rw-r--r-- | plugins/Login/Controller.php | 174 |
1 files changed, 99 insertions, 75 deletions
diff --git a/plugins/Login/Controller.php b/plugins/Login/Controller.php index 022c47bf01..02056be0bf 100644 --- a/plugins/Login/Controller.php +++ b/plugins/Login/Controller.php @@ -11,13 +11,47 @@ */ /** + * Login controller * * @package Piwik_Login */ class Piwik_Login_Controller extends Piwik_Controller { /** + * Get referer to redirect to upon successful login. + * Remembers referer URL even if navigation is: login form -> reset password -> login form + * + * @returns string + */ + static public function getRefererToRedirect() + { + // retrieve any previously saved referer + $ns = new Zend_Session_Namespace('Piwik_Login.referer'); + $referer = $ns->referer; + if(empty($referer)) + { + // if the referer contains module=Login, Installation, or CoreUpdater, we instead redirect to the doc root + $referer = Piwik_Url::getLocalReferer(); + if(empty($referer) || preg_match('/module=(Login|Installation|CoreUpdater)/', $referer)) + { + $referer = 'index.php'; + } + $ns->referer = $referer; + $ns->setExpirationSeconds(300, 'referer'); + } + else if(!Piwik_Url::isLocalUrl($referer)) + { + $referer = 'index.php'; + } + + return $referer; + } + + /** * Default action + * + * @param none + * @return void */ function index() { @@ -26,34 +60,39 @@ class Piwik_Login_Controller extends Piwik_Controller /** * Login form + * + * @param string $messageNoAccess Access error message + * @param string $currentUrl Current URL + * @return void */ - function login() + function login($messageNoAccess = null) { - $messageNoAccess = null; - $form = new Piwik_Login_Form(); - - $currentUrl = Piwik_Url::getReferer(); - $urlToRedirect = Piwik_Common::getRequestVar('form_url', $currentUrl, 'string'); - $urlToRedirect = htmlspecialchars_decode($urlToRedirect); + $urlToRedirect = self::getRefererToRedirect(); + $form = new Piwik_Login_Form(); if($form->validate()) { - // if the current url to redirect contains module=Login or Installation we instead redirect to the doc root - if(preg_match('/module=(Login|Installation)/', $urlToRedirect)) + $nonce = $form->getSubmitValue('form_nonce'); + if(Piwik_Nonce::verifyNonce('Piwik_Login.login', $nonce)) { - $urlToRedirect = 'index.php'; + $login = $form->getSubmitValue('form_login'); + $password = $form->getSubmitValue('form_password'); + $md5Password = md5($password); + try { + $this->authenticateAndRedirect($login, $md5Password, $urlToRedirect); + } catch(Exception $e) { + $messageNoAccess = $e->getMessage(); + } + } + else + { + $messageNoAccess = Piwik_Translate('Login_InvalidNonceOrReferer'); } - - $login = $form->getSubmitValue('form_login'); - $password = $form->getSubmitValue('form_password'); - $md5Password = md5($password); - $messageNoAccess = $this->authenticateAndRedirect($login, $md5Password, $urlToRedirect); } $view = Piwik_View::factory('login'); - // make navigation login form -> reset password -> login form remember your first url - $view->urlToRedirect = $urlToRedirect; $view->AccessErrorString = $messageNoAccess; + $view->nonce = Piwik_Nonce::getNonce('Piwik_Login.login'); $view->linkTitle = Piwik::getRandomTitle(); $view->addForm( $form ); $view->subTemplate = 'genericForm.tpl'; @@ -62,28 +101,29 @@ class Piwik_Login_Controller extends Piwik_Controller /** * Form-less login + * + * @param none + * @return void */ function logme() { - $login = Piwik_Common::getRequestVar('login', null, 'string'); $password = Piwik_Common::getRequestVar('password', null, 'string'); - $currentUrl = 'index.php'; - $urlToRedirect = Piwik_Common::getRequestVar('url', $currentUrl, 'string'); - $urlToRedirect = htmlspecialchars_decode($urlToRedirect); - if(strlen($password) != 32) { - throw new Exception("The password parameter is expected to be a MD5 hash of the password."); + throw new Exception(Piwik_TranslateException('Login_ExceptionPasswordMD5HashExpected')); } + + $login = Piwik_Common::getRequestVar('login', null, 'string'); if($login == Zend_Registry::get('config')->superuser->login) - { - throw new Exception("The Super User cannot be authenticated using this URL."); - } - $authenticated = $this->authenticateAndRedirect($login, $password, $urlToRedirect); - if($authenticated === false) - { - echo Piwik_Translate('Login_LoginPasswordNotCorrect'); + { + throw new Exception(Piwik_TranslateException('Login_ExceptionInvalidSuperUserAuthenticationMethod', array("logme"))); } + + $currentUrl = 'index.php'; + $urlToRedirect = Piwik_Common::getRequestVar('url', $currentUrl, 'string'); + $urlToRedirect = htmlspecialchars_decode($urlToRedirect); + + $this->authenticateAndRedirect($login, $password, $urlToRedirect); } /** @@ -96,51 +136,33 @@ class Piwik_Login_Controller extends Piwik_Controller */ protected function authenticateAndRedirect($login, $md5Password, $urlToRedirect) { - $tokenAuth = Piwik_UsersManager_API::getTokenAuth($login, $md5Password); - - $auth = Zend_Registry::get('auth'); - $auth->setLogin($login); - $auth->setTokenAuth($tokenAuth); - - $authResult = $auth->authenticate(); - if(!$authResult->isValid()) - { - return Piwik_Translate('Login_LoginPasswordNotCorrect'); - } - - $authCookieName = Zend_Registry::get('config')->General->login_cookie_name; - $authCookieExpiry = time() + Zend_Registry::get('config')->General->login_cookie_expire; - $cookie = new Piwik_Cookie($authCookieName, $authCookieExpiry); - $cookie->set('login', $login); - $cookie->set('token_auth', $authResult->getTokenAuth()); - $cookie->save(); - - Zend_Session::regenerateId(); - + $info = array( 'login' => $login, + 'md5Password' => $md5Password, + ); + Piwik_PostEvent('Login.initSession', $info); Piwik_Url::redirectToUrl($urlToRedirect); } /** * Lost password form. Email password reset information. + * + * @param none + * @return void */ function lostPassword() { $messageNoAccess = null; - $form = new Piwik_Login_PasswordForm(); - $currentUrl = 'index.php'; - $urlToRedirect = Piwik_Common::getRequestVar('form_url', $currentUrl, 'string'); - $urlToRedirect = htmlspecialchars_decode($urlToRedirect); + $urlToRedirect = self::getRefererToRedirect(); + $form = new Piwik_Login_PasswordForm(); if($form->validate()) { $loginMail = $form->getSubmitValue('form_login'); - $messageNoAccess = $this->lostPasswordFormValidated($loginMail, $urlToRedirect); + $messageNoAccess = $this->lostPasswordFormValidated($loginMail); } $view = Piwik_View::factory('lostPassword'); $view->AccessErrorString = $messageNoAccess; - // make navigation login form -> reset password -> login form remember your first url - $view->urlToRedirect = $urlToRedirect; $view->linkTitle = Piwik::getRandomTitle(); $view->addForm( $form ); $view->subTemplate = 'genericForm.tpl'; @@ -154,7 +176,7 @@ class Piwik_Login_Controller extends Piwik_Controller * @param string $urlToRedirect (URL to redirect to, if successfully validated) * @return string (failure message if unable to validate) */ - protected function lostPasswordFormValidated($loginMail, $urlToRedirect) + protected function lostPasswordFormValidated($loginMail) { $user = self::getUserInformation($loginMail); if( $user === null ) @@ -184,7 +206,7 @@ class Piwik_Login_Controller extends Piwik_Controller '\n', "\n", sprintf(Piwik_Translate('Login_MailPasswordRecoveryBody'), $login, $ip, $url, $resetToken) - ) + ) . "\n" ); $piwikHost = $_SERVER['HTTP_HOST']; @@ -205,7 +227,6 @@ class Piwik_Login_Controller extends Piwik_Controller } $view->linkTitle = Piwik::getRandomTitle(); - $view->urlToRedirect = $urlToRedirect; echo $view->render(); exit; @@ -213,28 +234,26 @@ class Piwik_Login_Controller extends Piwik_Controller /** * Reset password form. Enter new password here. + * + * @param none + * @return void */ function resetPassword() { $messageNoAccess = null; + $urlToRedirect = self::getRefererToRedirect(); $form = new Piwik_Login_ResetPasswordForm(); - $currentUrl = 'index.php'; - $urlToRedirect = Piwik_Common::getRequestVar('form_url', $currentUrl, 'string'); - $urlToRedirect = htmlspecialchars_decode($urlToRedirect); - if($form->validate()) { $loginMail = $form->getSubmitValue('form_login'); $token = $form->getSubmitValue('form_token'); $password = $form->getSubmitValue('form_password'); - $messageNoAccess = $this->resetPasswordFormValidated($loginMail, $token, $password, $urlToRedirect); + $messageNoAccess = $this->resetPasswordFormValidated($loginMail, $token, $password); } $view = Piwik_View::factory('resetPassword'); $view->AccessErrorString = $messageNoAccess; - // make navigation login form -> reset password -> login form remember your first url - $view->urlToRedirect = $urlToRedirect; $view->linkTitle = Piwik::getRandomTitle(); $view->addForm( $form ); $view->subTemplate = 'genericForm.tpl'; @@ -250,7 +269,7 @@ class Piwik_Login_Controller extends Piwik_Controller * @param string $urlToRedirect (URL to redirect to, if successfully validated) * @return string (failure message) */ - protected function resetPasswordFormValidated($loginMail, $token, $password, $urlToRedirect) + protected function resetPasswordFormValidated($loginMail, $token, $password) { $user = self::getUserInformation($loginMail); if( $user === null ) @@ -272,7 +291,7 @@ class Piwik_Login_Controller extends Piwik_Controller } else { - Piwik_UsersManager_API::updateUser($user['login'], $password); + Piwik_UsersManager_API::getInstance()->updateUser($user['login'], $password); } } catch(Exception $e) @@ -282,7 +301,6 @@ class Piwik_Login_Controller extends Piwik_Controller $view = Piwik_View::factory('passwordchanged'); $view->linkTitle = Piwik::getRandomTitle(); - $view->urlToRedirect = $urlToRedirect; echo $view->render(); exit; @@ -308,13 +326,13 @@ class Piwik_Login_Controller extends Piwik_Controller 'password' => Zend_Registry::get('config')->superuser->password, ); } - else if( Piwik_UsersManager_API::userExists($loginMail) ) + else if( Piwik_UsersManager_API::getInstance()->userExists($loginMail) ) { - $user = Piwik_UsersManager_API::getUser($loginMail); + $user = Piwik_UsersManager_API::getInstance()->getUser($loginMail); } - else if( Piwik_UsersManager_API::userEmailExists($loginMail) ) + else if( Piwik_UsersManager_API::getInstance()->userEmailExists($loginMail) ) { - $user = Piwik_UsersManager_API::getUserByEmail($loginMail); + $user = Piwik_UsersManager_API::getInstance()->getUserByEmail($loginMail); } return $user; @@ -370,6 +388,9 @@ class Piwik_Login_Controller extends Piwik_Controller /** * Clear session information + * + * @param none + * @return void */ static public function clearSession() { @@ -382,6 +403,9 @@ class Piwik_Login_Controller extends Piwik_Controller /** * Logout current user + * + * @param none + * @return void */ public function logout() { |