/**
* send email to Piwik team and display nice thanks
*/
function sendFeedback()
{
$email = Piwik_Common::getRequestVar('email', '', 'string');
$body = Piwik_Common::getRequestVar('body', '', 'string');
$category = Piwik_Common::getRequestVar('category', '', 'string');
$nonce = Piwik_Common::getRequestVar('nonce', '', 'string');
$view = Piwik_View::factory('sent');
$view->feedbackEmailAddress = Zend_Registry::get('config')->General->feedback_email_address;
try {
$minimumBodyLength = 35;
if (strlen($body) < $minimumBodyLength) {
throw new Exception(Piwik_TranslateException('Feedback_ExceptionBodyLength', array($minimumBodyLength)));
}
if (!Piwik::isValidEmailString($email)) {
throw new Exception(Piwik_TranslateException('UsersManager_ExceptionInvalidEmail'));
}
if (preg_match('/https?:/i', $body)) {
throw new Exception(Piwik_TranslateException('Feedback_ExceptionNoUrls'));
}
if (!Piwik_Nonce::verifyNonce('Piwik_Feedback.sendFeedback', $nonce)) {
throw new Exception(Piwik_TranslateException('General_ExceptionNonceMismatch'));
}
Piwik_Nonce::discardNonce('Piwik_Feedback.sendFeedback');
$mail = new Piwik_Mail();
$mail->setFrom(Piwik_Common::unsanitizeInputValue($email));
$mail->addTo($view->feedbackEmailAddress, 'Piwik Team');
$mail->setSubject('[ Feedback form - Piwik ] ' . $category);
$mail->setBodyText(Piwik_Common::unsanitizeInputValue($body) . "\n" . 'Piwik ' . Piwik_Version::VERSION . "\n" . 'IP: ' . Piwik_Common::getIpString() . "\n" . 'URL: ' . Piwik_Url::getReferer() . "\n");
@$mail->send();
} catch (Exception $e) {
$view->ErrorString = $e->getMessage();
$view->message = $body;
}
echo $view->render();
}
/**
* Verify nonce and check referrer (if present, i.e., it may be suppressed by the browser or a proxy/network).
*
* @param string $id Unique id
* @param string $cnonce Nonce sent to client
* @return bool true if valid; false otherwise
*/
static public function verifyNonce($id, $cnonce)
{
$ns = new Piwik_Session_Namespace($id);
$nonce = $ns->nonce;
// validate token
if(empty($cnonce) || $cnonce !== $nonce)
{
return false;
}
// validate referer
$referer = Piwik_Url::getReferer();
if(!empty($referer) && !Piwik_Url::isLocalUrl($referer))
{
return false;
}
// validate origin
$origin = self::getOrigin();
if(!empty($origin) &&
($origin == 'null'
|| !in_array($origin, self::getAcceptableOrigins())))
{
return false;
}
return true;
}
/**
* Login form
*/
function login()
{
$messageNoAccess = null;
$form = new Piwik_Login_Form();
$currentUrl = Piwik_Url::getReferer();
$urlToRedirect = Piwik_Common::getRequestVar('form_url', $currentUrl, 'string');
$urlToRedirect = htmlspecialchars_decode($urlToRedirect);
if ($form->validate()) {
// if the current url to redirect contains module=Login or Installation we instead redirect to the doc root
if (preg_match('/module=(Login|Installation)/', $urlToRedirect)) {
$urlToRedirect = 'index.php';
}
$login = $form->getSubmitValue('form_login');
$password = $form->getSubmitValue('form_password');
$md5Password = md5($password);
$messageNoAccess = $this->authenticateAndRedirect($login, $md5Password, $urlToRedirect);
}
$view = Piwik_View::factory('login');
// make navigation login form -> reset password -> login form remember your first url
$view->urlToRedirect = $urlToRedirect;
$view->AccessErrorString = $messageNoAccess;
$view->linkTitle = Piwik::getRandomTitle();
$view->addForm($form);
$view->subTemplate = 'genericForm.tpl';
echo $view->render();
}
function init()
{
// if form_url is not defined go to current url
$currentUrl = 'index.php' . Piwik_Url::getCurrentQueryString();
$urlToGoAfter = Piwik_Common::getRequestVar('form_url', $currentUrl, 'string');
// if the current url to redirect contains module=login we insteaed redirect to the referer url
if (stripos($urlToGoAfter, 'module=Login') !== false) {
$urlToGoAfter = Piwik_Url::getReferer();
}
$formElements = array(array('text', 'form_login'), array('password', 'form_password'), array('hidden', 'form_url', $urlToGoAfter));
$this->addElements($formElements);
$formRules = array(array('form_login', sprintf(Piwik_Translate('General_Required'), Piwik_Translate('Login_Login')), 'required'), array('form_password', sprintf(Piwik_Translate('General_Required'), Piwik_Translate('Login_Password')), 'required'));
$this->addRules($formRules);
$this->addElement('submit', 'submit');
}
function init()
{
// if form_url is not defined, go to referrer
$currentUrl = Piwik_Url::getReferer();
$urlToGoAfter = Piwik_Common::getRequestVar('form_url', $currentUrl, 'string');
$urlToGoAfter = htmlspecialchars_decode($urlToGoAfter);
$formElements = array(
array('text', 'form_login'),
array('password', 'form_password'),
array('hidden', 'form_url', $urlToGoAfter),
);
$this->addElements( $formElements );
$formRules = array(
array('form_login', sprintf(Piwik_Translate('General_Required'), Piwik_Translate('Login_Login')), 'required'),
array('form_password', sprintf(Piwik_Translate('General_Required'), Piwik_Translate('Login_Password')), 'required'),
);
$this->addRules( $formRules );
$this->addElement('submit', 'submit');
}
/**
* Output redirection page instead of linking directly to avoid
* exposing the referrer on the Piwik demo.
*
* @param string $url (via $_GET)
*/
public function redirect()
{
$url = Piwik_Common::getRequestVar('url', '', 'string', $_GET);
// validate referrer
$referrer = Piwik_Url::getReferer();
if (!empty($referrer) && !Piwik_Url::isLocalUrl($referrer)) {
die('Invalid Referer detected - check that your browser sends the Referer header. <br/>The link you would have been redirected to is: ' . $url);
exit;
}
// mask visits to *.piwik.org
if (self::isPiwikUrl($url)) {
echo '<html><head>
<meta http-equiv="refresh" content="0;url=' . $url . '" />
</head></html>';
}
exit;
}
/**
* @group Core
* @group Url
*/
public function testGetReferer()
{
$_SERVER['HTTP_REFERER'] = 'http://www.piwik.org';
$this->assertEquals('http://www.piwik.org', Piwik_Url::getReferer());
}
/**
* Verify nonce and check referrer (if present, i.e., it may be suppressed by the browser or a proxy/network).
*
* @param string $id Unique id
* @param string $nonce Nonce sent to client
* @return bool true if valid; false otherwise
*/
public static function verifyNonce($id, $nonce)
{
$ns = new Zend_Session_Namespace($id);
$snonce = $ns->nonce;
// validate token
if (empty($nonce) || $snonce !== $nonce) {
return false;
}
// validate referer
$referer = Piwik_Url::getReferer();
if (!empty($referer) && Piwik_Url::getLocalReferer() === false) {
return false;
}
return true;
}
