public function indexAction()
{
if (Praxigento_LoginAs_Config::cfgGeneralEnabled()) {
/** define operator name */
/** @var $session Mage_Admin_Model_Session */
$session = Mage::getSingleton('admin/session');
if ($session->isLoggedIn()) {
/** @var $user Mage_Admin_Model_User */
$user = $session->getUser();
$operator = $user->getName() . ' (' . $user->getEmail() . ')';
/** if there is customer data in request */
if (!is_null($this->getRequest()->getParams())) {
$params = $this->getRequest()->getParams();
if (!is_null($params[Praxigento_LoginAs_Config::REQ_PARAM_LAS_ID])) {
/** extract customer ID from request and load customer data */
$customerId = $params[Praxigento_LoginAs_Config::REQ_PARAM_LAS_ID];
/** @var $customer Mage_Customer_Model_Customer */
$customer = Mage::getModel('customer/customer')->load($customerId);
if ($customer->getId() == $customerId) {
$customerName = $customer->getName();
/** define URL to login to customer's website */
$wsId = $customer->getData('website_id');
if (is_null($wsId)) {
$wsId = Mage::app()->getStore()->getWebsiteId();
}
/** @var $website Mage_Core_Model_Website */
$website = Mage::getModel('core/website')->load($wsId);
$defStoreId = $website->getDefaultStore()->getId();
$baseTarget = Mage::getStoreConfig(Mage_Core_Model_Url::XML_PATH_SECURE_URL, $defStoreId);
$baseSource = Mage::getStoreConfig(Mage_Core_Model_Url::XML_PATH_SECURE_URL);
/** compose redirection URL and replace current base by target base */
$urlModel = Mage::getModel('core/url');
$store = Mage::getModel('core/store')->load($defStoreId);
$urlModel->setStore($store);
$url = $urlModel->getUrl(Praxigento_LoginAs_Config::XMLCFG_ROUTER_FRONT . Praxigento_LoginAs_Config::ROUTE_CUSTOMER_LOGINAS);
$url = str_replace($baseSource, $baseTarget, $url);
/** compose authentication package */
/** @var $authPack Praxigento_LoginAs_Model_Package */
$authPack = Mage::getSingleton('prxgt_lgas_model/package');
$authPack->setAdminName($operator);
$authPack->setCustomerId($customerId);
$authPack->setCustomerName($customerName);
$authPack->setRedirectUrl($url);
$validatorData = $session->getValidatorData();
$ip = $validatorData['remote_addr'];
$authPack->setIp($ip);
/** save login data to file */
$authPack->saveAsFile();
/** log event */
$log = Praxigento_LoginAs_Model_Logger::getLogger($this);
$log->trace("Operator '{$operator}' is redirected to front from ip '{$ip}' to login" . " as customer '{$customerName}' ({$customerId}).");
}
$bu = var_export($this->getLayout()->getUpdate()->getHandles(), true);
/** load layout and render blocks */
$this->loadLayout()->renderLayout();
}
}
}
}
}
function __construct($name)
{
self::$_isLog4phpUsed = class_exists('Nmmlm_Log_Logger', false);
if (self::$_isLog4phpUsed) {
$this->_loggerLog4php = Nmmlm_Log_Logger::getLogger($name);
} else {
$this->_name = is_object($name) ? get_class($name) : (string) $name;
}
}
public function test_all()
{
$log = Praxigento_LoginAs_Model_Logger::getLogger($this);
$log->trace('trace');
$log->debug('debug');
$log->info('info');
$log->warn('warn');
$log->error('error');
$log->fatal('fatal');
$log->trace('trace', new Exception('test trace error'));
$log->debug('debug', new Exception('test debug error'));
$log->info('info', new Exception('test info error'));
$log->warn('warn', new Exception('test warn error'));
$log->error('error', new Exception('test error error'));
$log->fatal('fatal', new Exception('test fatal error'));
}
public function asAction()
{
/** event logger */
$log = Praxigento_LoginAs_Model_Logger::getLogger($this);
/** get filename from the request parameters */
$filename = $this->getRequest()->getPost(Praxigento_LoginAs_Config::REQ_PARAM_LAS_ID);
/** @var $authPack Praxigento_LoginAs_Model_Package */
$authPack = Mage::getSingleton('prxgt_lgas_model/package');
$authPack->loadFromFile($filename);
/** extract working data */
$customerId = $authPack->getCustomerId();
if (!is_null($customerId)) {
$customerName = $authPack->getCustomerName();
$operatorName = $authPack->getAdminName();
$operatorIp = $authPack->getIp();
$log->trace("Operator '{$operatorName}' trying to login as '{$customerName}' (id={$customerId}) from ip '{$operatorIp}'...");
/** validate current customer's session or establish new session and validate request */
$session = Mage::getSingleton('customer/session');
$sessionCustomer = $session->getCustomer();
$sessionCustomerId = $sessionCustomer->getId();
/** this operator is already logged in as required customer */
if ($session->isLoggedIn() && $customerId == $sessionCustomerId) {
$log->debug("Session for customer '{$customerName}' (id={$customerId}) is already exist. Refreshing page...");
/** save operator's name into session to use in orders later */
$session->setData(Praxigento_LoginAs_Config::SESS_LOGGED_AS_OPERATOR, $operatorName);
} else {
/** establish new customer session */
$validatorData = $session->getValidatorData();
if ($this->getRequest()->isPost() && $operatorIp == $validatorData['remote_addr']) {
try {
/** @var $customer Mage_Customer_Model_Customer */
$customer = Mage::getModel('customer/customer')->load($customerId);
if ($customer->getId() == $customerId) {
/** check allowed websites */
$wsId = Mage::app()->getStore()->getWebsiteId();
$wsids = $customer->getSharedWebsiteIds();
$custWsId = $customer->getData('website_id');
if (in_array($wsId, $wsids) || $wsId == $custWsId) {
$session->loginById($customerId);
/** save operator's name into session to use in orders later */
$session->setData(Praxigento_LoginAs_Config::SESS_LOGGED_AS_OPERATOR, $operatorName);
$log->info("New session for customer '{$customerName}' (id={$customerId}) is established for operator '{$operatorName}'");
} else {
$msg = "Customer '{$customerName}' (id={$customerId}) has no rights to access current website.";
$log->error($msg);
Mage::throwException($msg);
}
} else {
$msg = "Customer with id '{$customerId}' does not exists.";
$log->error($msg);
Mage::throwException($msg);
}
} catch (Mage_Core_Exception $e) {
switch ($e->getCode()) {
case Mage_Customer_Model_Customer::EXCEPTION_INVALID_EMAIL_OR_PASSWORD:
$message = $e->getMessage();
break;
default:
$message = $e->getMessage();
}
$session->addError($message);
$session->setId(null);
$log->error('Session ID is reset due to error is occurred. Exception is not logged.');
} catch (Exception $e) {
/** Mage::logException($e); // PA DSS violation: this exception log can disclose customer password */
}
} else {
$log->warn("Authentication request failure: request type is not POST or operator's current ip (" . $validatorData['remote_addr'] . ") is not equal to ip from authentication package ({$operatorIp}).");
}
}
} else {
$log->warn("Cannot get customer id for authentication package '{$filename}'.");
}
$this->_redirect('customer/account');
}
public function __construct()
{
parent::__construct();
$this->_log = Praxigento_LoginAs_Model_Logger::getLogger(__CLASS__);
$this->_fileNameCustomers = dirname($_SERVER['SCRIPT_NAME']) . '/data_customers.csv';
}
