public function init()
 {
     parent::init();
     if (is_file(PIMCORE_CONFIGURATION_SYSTEM)) {
         // session authentication, only possible if user is logged in
         $user = Pimcore_Tool_Authentication::authenticateSession();
         if (!$user instanceof User) {
             die("Authentication failed!<br />If you don't have access to the admin interface any more, and you want to find out if the server configuration matches the requirements you have to rename the the system.xml for the time of the check.");
         }
     } else {
         if ($this->_getParam("mysql_adapter")) {
         } else {
             die("Not possible... no database settings given.<br />Parameters: mysql_adapter,mysql_host,mysql_username,mysql_password,mysql_database");
         }
     }
 }
Example #2
0
 public function loginAction()
 {
     $userInactive = false;
     try {
         $user = User::getByName($this->_getParam("username"));
         if ($user instanceof User) {
             if ($user->isActive()) {
                 $authenticated = false;
                 if ($user->getPassword() == Pimcore_Tool_Authentication::getPasswordHash($this->_getParam("username"), $this->_getParam("password"))) {
                     $authenticated = true;
                 } else {
                     if ($this->_getParam("token") and Pimcore_Tool_Authentication::tokenAuthentication($this->_getParam("username"), $this->_getParam("token"), MCRYPT_TRIPLEDES, MCRYPT_MODE_ECB, false)) {
                         $authenticated = true;
                     } else {
                         throw new Exception("User and Password doesn't match");
                     }
                 }
                 if ($authenticated) {
                     $adminSession = new Zend_Session_Namespace("pimcore_admin");
                     $adminSession->user = $user;
                     $adminSession->frozenuser = $user->getAsFrozen();
                 }
             } else {
                 $userInactive = true;
                 throw new Exception("User is inactive");
             }
         } else {
             throw new Exception("User doesn't exist");
         }
     } catch (Exception $e) {
         //see if module ore plugin authenticates user
         $user = Pimcore_API_Plugin_Broker::getInstance()->authenticateUser($this->_getParam("username"), $this->_getParam("password"));
         if ($user instanceof User) {
             $adminSession = new Zend_Session_Namespace("pimcore_admin");
             $adminSession->user = $user;
             $adminSession->frozenuser = $user->getAsFrozen();
             $this->_redirect("/admin/?_dc=" . time());
         } else {
             $this->writeLogFile($this->_getParam("username"), $e->getMessage());
             Logger::info("Login Exception" . $e);
             $this->_redirect("/admin/login/?auth_failed=true&inactive=" . $userInactive);
             $this->getResponse()->sendResponse();
             exit;
         }
     }
     $this->_redirect("/admin/?_dc=" . time());
 }
Example #3
0
 /**
  * @deprecated
  * @static
  * @return void
  */
 public static function initSession()
 {
     Pimcore_Tool_Authentication::initSession();
 }
 /**
  * @static
  * @throws Exception
  * @param  string $username
  * @param  string $token
  * @param bool $adminRequired
  * @return User
  */
 public static function tokenAuthentication($username, $token, $algorithm, $mode, $adminRequired = false)
 {
     $user = User::getByName($username);
     if (!$user instanceof User) {
         throw new Exception("invalid username");
     } else {
         if (!$user->isActive()) {
             throw new Exception("user inactive");
         } else {
             if ($adminRequired and !$user->isAdmin()) {
                 throw new Exception("no permission");
             }
         }
     }
     $passwordHash = $user->getPassword();
     $decrypted = Pimcore_Tool_Authentication::decrypt($passwordHash, $token, $algorithm, $mode);
     $timestamp = $decrypted[0];
     $timeZone = date_default_timezone_get();
     date_default_timezone_set("UTC");
     if ($timestamp > time() or $timestamp < time() - 60 * 30) {
         throw new Exception("invalid timestamp");
     }
     date_default_timezone_set($timeZone);
     return $user;
 }
Example #5
0
 public function init()
 {
     parent::init();
     // log exceptions if handled by error_handler
     $this->checkForErrors();
     // general definitions
     Pimcore::unsetAdminMode();
     Document::setHideUnpublished(true);
     Object_Abstract::setHideUnpublished(true);
     Object_Abstract::setGetInheritedValues(true);
     // contains the logged in user if necessary
     $user = null;
     // assign variables
     $this->view->controller = $this;
     // init website config
     $config = Pimcore_Config::getWebsiteConfig();
     $this->config = $config;
     $this->view->config = $config;
     if (!$this->_getParam("document")) {
         Zend_Registry::set("pimcore_editmode", false);
         $this->editmode = false;
         $this->view->editmode = false;
         // no document available, continue, ...
         return;
     } else {
         $this->setDocument($this->_getParam("document"));
     }
     if ($this->_getParam("pimcore_editmode") || $this->_getParam("pimcore_version") || $this->_getParam("pimcore_preview") || $this->_getParam("pimcore_admin") || $this->_getParam("pimcore_object_preview")) {
         $specialAdminRequest = true;
         $this->disableBrowserCache();
         // start admin session & get logged in user
         $user = Pimcore_Tool_Authentication::authenticateSession();
     }
     if (!$this->document->isPublished()) {
         if ($specialAdminRequest) {
             if (!$user) {
                 throw new Exception("access denied for " . $this->document->getFullPath());
             }
         } else {
             throw new Exception("access denied for " . $this->document->getFullPath());
         }
     }
     // register global locale if the document has the system property "language"
     if ($this->document->getProperty("language")) {
         $locale = new Zend_Locale($this->document->getProperty("language"));
         Zend_Registry::set('Zend_Locale', $locale);
         $this->getResponse()->setHeader("Content-Language", strtolower(str_replace("_", "-", (string) $locale)), true);
     }
     // for editmode
     if ($user) {
         if ($this->_getParam("pimcore_editmode") and !Zend_Registry::isRegistered("pimcore_editmode")) {
             Zend_Registry::set("pimcore_editmode", true);
             // check if there is the document in the session
             $docKey = "document_" . $this->getDocument()->getId();
             $docSession = new Zend_Session_Namespace("pimcore_documents");
             if ($docSession->{$docKey}) {
                 // if there is a document in the session use it
                 $this->setDocument($docSession->{$docKey});
             } else {
                 // set the latest available version for editmode if there is no doc in the session
                 $latestVersion = $this->getDocument()->getLatestVersion();
                 if ($latestVersion) {
                     $latestDoc = $latestVersion->loadData();
                     if ($latestDoc instanceof Document_PageSnippet) {
                         $this->setDocument($latestDoc);
                     }
                 }
             }
             // register editmode plugin
             $front = Zend_Controller_Front::getInstance();
             $front->registerPlugin(new Pimcore_Controller_Plugin_Frontend_Editmode($this), 1000);
         } else {
             Zend_Registry::set("pimcore_editmode", false);
         }
     } else {
         Zend_Registry::set("pimcore_editmode", false);
     }
     // for preview
     if ($user) {
         // document preview
         if ($this->_getParam("pimcore_preview")) {
             // get document from session
             $docKey = "document_" . $this->_getParam("document")->getId();
             $docSession = new Zend_Session_Namespace("pimcore_documents");
             if ($docSession->{$docKey}) {
                 $this->setDocument($docSession->{$docKey});
             }
         }
         // object preview
         if ($this->_getParam("pimcore_object_preview")) {
             $key = "object_" . $this->_getParam("pimcore_object_preview");
             $session = new Zend_Session_Namespace("pimcore_objects");
             if ($session->{$key}) {
                 $object = $session->{$key};
                 // add the object to the registry so every call to Object_Abstract::getById() will return this object instead of the real one
                 Zend_Registry::set("object_" . $object->getId(), $object);
             }
         }
     }
     // for version preview
     if ($this->_getParam("pimcore_version")) {
         if ($user) {
             // only get version data at the first call || because of embedded Snippets ...
             if (!Zend_Registry::isRegistered("pimcore_version_active")) {
                 $version = Version::getById($this->_getParam("pimcore_version"));
                 $this->setDocument($version->getData());
                 Zend_Registry::set("pimcore_version_active", true);
             }
         }
     }
     // for public versions
     if ($this->_getParam("v")) {
         try {
             $version = Version::getById($this->_getParam("v"));
             if ($version->getPublic()) {
                 $this->setDocument($version->getData());
             }
         } catch (Exception $e) {
         }
     }
     // check if document is a wrapped hardlink, if this is the case send a rel=canonical header to the source document
     if ($this->getDocument() instanceof Document_Hardlink_Wrapper_Interface) {
         // get the cononical (source) document
         $hardlinkCanonicalSourceDocument = Document::getById($this->getDocument()->getId());
         $request = $this->getRequest();
         $this->getResponse()->setHeader("Link", '<' . $request->getScheme() . "://" . $request->getHttpHost() . $hardlinkCanonicalSourceDocument->getFullPath() . '>; rel="canonical"');
     }
     // set some parameters
     $this->editmode = Zend_Registry::get("pimcore_editmode");
     $this->view->editmode = Zend_Registry::get("pimcore_editmode");
 }
Example #6
0
    }
}
// complete the pimcore starup tasks (config, framework, modules, plugins ...)
Pimcore::initConfiguration();
sleep(4);
Pimcore::setupFramework();
Pimcore::initLogger();
Pimcore::initModules();
Pimcore::initPlugins();
/*
 * Now the pimcore_phpunit instance is up and running. It is a clean pimcore instance with a fresh database setup and
 * system config. The pimcore source code is identical to the current development unit
 */
//create admin user (normally this would be included in the pimcore install process)
if (!$skipInstall) {
    $user = User::create(array("parentId" => 0, "username" => "admin", "password" => Pimcore_Tool_Authentication::getPasswordHash("admin", "admin"), "hasCredentials" => true, "active" => true));
    $user->setAdmin(true);
    $user->save();
    chdir($pimcoreRoot . "/tests");
}
// set test config to registry - we might need it later
$conf = new Zend_Config_Xml(TESTS_PATH . "/config/testconfig.xml");
Zend_Registry::set("pimcore_config_test", $conf);
try {
    $conf = Zend_Registry::get("pimcore_config_system");
} catch (Exception $e) {
    die("config not present");
}
// set timezone
if ($conf instanceof Zend_Config) {
    if ($conf->general->timezone) {
 public static function getSession()
 {
     return Pimcore_Tool_Authentication::getSession();
 }
Example #8
0
 /**
  * @static
  * @throws Exception|Zend_Controller_Router_Exception
  */
 public static function run()
 {
     self::setSystemRequirements();
     // register shutdown function
     Pimcore_Event::register("pimcore.shutdown", array("Pimcore", "shutdown"), array(), 999);
     // detect frontend (website)
     $frontend = Pimcore_Tool::isFrontend();
     // enable the output-buffer, why? see in self::outputBufferStart()
     //if($frontend) {
     self::outputBufferStart();
     //}
     self::initAutoloader();
     self::initConfiguration();
     self::setupFramework();
     // config is loaded now init the real logger
     self::initLogger();
     // set locale data cache, this must be after self::initLogger() since Pimcore_Model_Cache requires the logger
     // to log if there's something wrong with the cache configuration in cache.xml
     Zend_Locale_Data::setCache(Pimcore_Model_Cache::getInstance());
     // load plugins and modules (=core plugins)
     self::initModules();
     self::initPlugins();
     // init front controller
     $front = Zend_Controller_Front::getInstance();
     $conf = Pimcore_Config::getSystemConfig();
     if (!$conf) {
         // redirect to installer if configuration isn't present
         if (!preg_match("/^\\/install.*/", $_SERVER["REQUEST_URI"])) {
             header("Location: /install/");
             exit;
         }
     }
     $front->registerPlugin(new Pimcore_Controller_Plugin_ErrorHandler(), 1);
     $front->registerPlugin(new Pimcore_Controller_Plugin_Maintenance(), 2);
     // register general pimcore plugins for frontend
     if ($frontend) {
         $front->registerPlugin(new Pimcore_Controller_Plugin_Less(), 799);
     }
     if (Pimcore_Tool::useFrontendOutputFilters(new Zend_Controller_Request_Http())) {
         $front->registerPlugin(new Pimcore_Controller_Plugin_Robotstxt(), 795);
         $front->registerPlugin(new Pimcore_Controller_Plugin_WysiwygAttributes(), 796);
         $front->registerPlugin(new Pimcore_Controller_Plugin_Webmastertools(), 797);
         $front->registerPlugin(new Pimcore_Controller_Plugin_Analytics(), 798);
         $front->registerPlugin(new Pimcore_Controller_Plugin_CssMinify(), 800);
         $front->registerPlugin(new Pimcore_Controller_Plugin_JavascriptMinify(), 801);
         $front->registerPlugin(new Pimcore_Controller_Plugin_ImageDataUri(), 803);
         $front->registerPlugin(new Pimcore_Controller_Plugin_TagManagement(), 804);
         $front->registerPlugin(new Pimcore_Controller_Plugin_HttpErrorLog(), 850);
         $front->registerPlugin(new Pimcore_Controller_Plugin_Cache(), 901);
         // for caching
     }
     self::initControllerFront($front);
     // set router
     $router = $front->getRouter();
     $routeAdmin = new Zend_Controller_Router_Route('admin/:controller/:action/*', array('module' => 'admin', "controller" => "index", "action" => "index"));
     $routeInstall = new Zend_Controller_Router_Route('install/:controller/:action/*', array('module' => 'install', "controller" => "index", "action" => "index"));
     $routeUpdate = new Zend_Controller_Router_Route('admin/update/:controller/:action/*', array('module' => 'update', "controller" => "index", "action" => "index"));
     $routePlugins = new Zend_Controller_Router_Route('admin/plugin/:controller/:action/*', array('module' => 'pluginadmin', "controller" => "index", "action" => "index"));
     $routeExtensions = new Zend_Controller_Router_Route('admin/extensionmanager/:controller/:action/*', array('module' => 'extensionmanager', "controller" => "index", "action" => "index"));
     $routeReports = new Zend_Controller_Router_Route('admin/reports/:controller/:action/*', array('module' => 'reports', "controller" => "index", "action" => "index"));
     $routePlugin = new Zend_Controller_Router_Route('plugin/:module/:controller/:action/*', array("controller" => "index", "action" => "index"));
     $routeWebservice = new Zend_Controller_Router_Route('webservice/:controller/:action/*', array("module" => "webservice", "controller" => "index", "action" => "index"));
     $routeSearchAdmin = new Zend_Controller_Router_Route('admin/search/:controller/:action/*', array("module" => "searchadmin", "controller" => "index", "action" => "index"));
     // website route => custom router which check for a suitable document
     $routeFrontend = new Pimcore_Controller_Router_Route_Frontend();
     $router->addRoute('default', $routeFrontend);
     // only do this if not frontend => performance issue
     if (!$frontend) {
         $router->addRoute("install", $routeInstall);
         $router->addRoute('plugin', $routePlugin);
         $router->addRoute('admin', $routeAdmin);
         $router->addRoute('update', $routeUpdate);
         $router->addRoute('plugins', $routePlugins);
         $router->addRoute('extensionmanager', $routeExtensions);
         $router->addRoute('reports', $routeReports);
         $router->addRoute('searchadmin', $routeSearchAdmin);
         if ($conf instanceof Zend_Config and $conf->webservice and $conf->webservice->enabled) {
             $router->addRoute('webservice', $routeWebservice);
         }
     }
     // check if webdav is configured and add router
     if ($conf instanceof Zend_Config) {
         if ($conf->assets->webdav->hostname) {
             $routeWebdav = new Zend_Controller_Router_Route_Hostname($conf->assets->webdav->hostname, array("module" => "admin", 'controller' => 'asset', 'action' => 'webdav'));
             $router->addRoute('webdav', $routeWebdav);
         }
     }
     $front->setRouter($router);
     Pimcore_API_Plugin_Broker::getInstance()->preDispatch();
     // throw exceptions also when in preview or in editmode (documents) to see it immediately when there's a problem with this page
     $throwExceptions = false;
     if (array_key_exists("pimcore_editmode", $_REQUEST) || array_key_exists("pimcore_preview", $_REQUEST) || array_key_exists("pimcore_admin", $_REQUEST)) {
         $user = Pimcore_Tool_Authentication::authenticateSession();
         if ($user instanceof User) {
             $throwExceptions = true;
         }
     }
     // run dispatcher
     if (!PIMCORE_DEBUG && !$throwExceptions && !PIMCORE_DEVMODE) {
         @ini_set("display_errors", "Off");
         @ini_set("display_startup_errors", "Off");
         $front->dispatch();
     } else {
         @ini_set("display_errors", "On");
         @ini_set("display_startup_errors", "On");
         $front->throwExceptions(true);
         try {
             $front->dispatch();
         } catch (Zend_Controller_Router_Exception $e) {
             header("HTTP/1.0 404 Not Found");
             throw new Zend_Controller_Router_Exception("No route, document, custom route or redirect is matching the request: " . $_SERVER["REQUEST_URI"]);
         } catch (Exception $e) {
             header("HTTP/1.0 500 Internal Server Error");
             throw $e;
         }
     }
 }
 public function installAction()
 {
     // try to establish a mysql connection
     try {
         $db = Zend_Db::factory($this->_getParam("mysql_adapter"), array('host' => $this->_getParam("mysql_host"), 'username' => $this->_getParam("mysql_username"), 'password' => $this->_getParam("mysql_password"), 'dbname' => $this->_getParam("mysql_database"), "port" => $this->_getParam("mysql_port")));
         $db->getConnection();
         // check utf-8 encoding
         $result = $db->fetchRow('SHOW VARIABLES LIKE "character\\_set\\_database"');
         if ($result['Value'] != "utf8") {
             $errors[] = "Database charset is not utf-8";
         }
     } catch (Exception $e) {
         $errors[] = "Couldn't establish connection to mysql: " . $e->getMessage();
     }
     // check username & password
     if (strlen($this->_getParam("admin_password")) < 4 || strlen($this->_getParam("admin_username")) < 4) {
         $errors[] = "Username and password should have at least 4 characters";
     }
     if (empty($errors)) {
         // write configuration file
         $settings = array("general" => array("timezone" => "Europe/Berlin", "language" => "en", "validLanguages" => "en", "debug" => "1", "loginscreenimageservice" => "1", "loglevel" => array("debug" => "1", "info" => "1", "notice" => "1", "warning" => "1", "error" => "1", "critical" => "1", "alert" => "1", "emergency" => "1")), "database" => array("adapter" => $this->_getParam("mysql_adapter"), "params" => array("host" => $this->_getParam("mysql_host"), "username" => $this->_getParam("mysql_username"), "password" => $this->_getParam("mysql_password"), "dbname" => $this->_getParam("mysql_database"), "port" => $this->_getParam("mysql_port"))), "documents" => array("versions" => array("steps" => "10"), "default_controller" => "default", "default_action" => "default", "error_pages" => array("default" => "/"), "createredirectwhenmoved" => "", "allowtrailingslash" => "no", "allowcapitals" => "no"), "objects" => array("versions" => array("steps" => "10")), "assets" => array("versions" => array("steps" => "10")), "services" => array(), "cache" => array("excludeCookie" => "pimcore_admin_sid"), "httpclient" => array("adapter" => "Zend_Http_Client_Adapter_Socket"));
         $config = new Zend_Config($settings, true);
         $writer = new Zend_Config_Writer_Xml(array("config" => $config, "filename" => PIMCORE_CONFIGURATION_SYSTEM));
         $writer->write();
         // insert db dump
         $db = Pimcore_Resource::get();
         $mysqlInstallScript = file_get_contents(PIMCORE_PATH . "/modules/install/mysql/install.sql");
         // remove comments in SQL script
         $mysqlInstallScript = preg_replace("/\\s*(?!<\")\\/\\*[^\\*]+\\*\\/(?!\")\\s*/", "", $mysqlInstallScript);
         // get every command as single part
         $mysqlInstallScripts = explode(";", $mysqlInstallScript);
         // execute every script with a separate call, otherwise this will end in a PDO_Exception "unbufferd queries, ..." seems to be a PDO bug after some googling
         foreach ($mysqlInstallScripts as $m) {
             $sql = trim($m);
             if (strlen($sql) > 0) {
                 $sql .= ";";
                 $db->query($m);
             }
         }
         // get a new database connection
         $db = Pimcore_Resource::reset();
         // insert data into database
         $db->insert("assets", array("id" => 1, "parentId" => 0, "type" => "folder", "filename" => "", "path" => "/", "creationDate" => time(), "modificationDate" => time(), "userOwner" => 1, "userModification" => 1));
         $db->insert("documents", array("id" => 1, "parentId" => 0, "type" => "page", "key" => "", "path" => "/", "index" => 999999, "published" => 1, "creationDate" => time(), "modificationDate" => time(), "userOwner" => 1, "userModification" => 1));
         $db->insert("documents_page", array("id" => 1, "controller" => "", "action" => "", "template" => "", "title" => "", "description" => "", "keywords" => ""));
         $db->insert("objects", array("o_id" => 1, "o_parentId" => 0, "o_type" => "folder", "o_key" => "", "o_path" => "/", "o_index" => 999999, "o_published" => 1, "o_creationDate" => time(), "o_modificationDate" => time(), "o_userOwner" => 1, "o_userModification" => 1));
         $db->insert("users", array("parentId" => 0, "name" => "system", "admin" => 1, "active" => 1));
         $db->update("users", array("id" => 0), $db->quoteInto("name = ?", "system"));
         $userPermissions = array(array("key" => "assets"), array("key" => "classes"), array("key" => "clear_cache"), array("key" => "clear_temp_files"), array("key" => "document_types"), array("key" => "documents"), array("key" => "objects"), array("key" => "plugins"), array("key" => "predefined_properties"), array("key" => "routes"), array("key" => "seemode"), array("key" => "system_settings"), array("key" => "thumbnails"), array("key" => "translations"), array("key" => "redirects"), array("key" => "glossary"), array("key" => "reports"));
         foreach ($userPermissions as $up) {
             $db->insert("users_permission_definitions", $up);
         }
         Pimcore::initConfiguration();
         $user = User::create(array("parentId" => 0, "username" => $this->_getParam("admin_username"), "password" => Pimcore_Tool_Authentication::getPasswordHash($this->_getParam("admin_username"), $this->_getParam("admin_password")), "active" => true));
         $user->setAdmin(true);
         $user->save();
         $this->_helper->json(array("success" => true));
     } else {
         echo implode("<br />", $errors);
         die;
     }
 }
Example #10
0
 *
 * LICENSE
 *
 * This source file is subject to the new BSD license that is bundled
 * with this package in the file LICENSE.txt.
 * It is also available through the world-wide-web at this URL:
 * http://www.pimcore.org/license dsf sdaf asdf asdf
 *
 * @copyright  Copyright (c) 2009-2010 elements.at New Media Solutions GmbH (http://www.elements.at)
 * @license    http://www.pimcore.org/license     New BSD License
 */
$workingDirectory = getcwd();
include "../../../cli/startup.php";
chdir($workingDirectory);
// only for logged in users
$user = Pimcore_Tool_Authentication::authenticateSession();
if (!$user instanceof User) {
    die("Authentication failed!");
}
$conf = Pimcore_Config::getSystemConfig()->database->params;
if (empty($_SERVER["QUERY_STRING"])) {
    header("Location: /pimcore/modules/3rdparty/adminer/index.php?username="******"&db=" . $conf->dbname);
    exit;
}
// adminer plugin
function adminer_object()
{
    // required to run any plugin
    include_once "./plugins/plugin.php";
    // autoloader
    foreach (glob("plugins/*.php") as $filename) {
Example #11
0
 public function updateCurrentUserAction()
 {
     $user = $this->getUser();
     if ($user != null) {
         if ($user->getId() == $this->_getParam("id")) {
             $values = Zend_Json::decode($this->_getParam("data"));
             if (!empty($values["password"])) {
                 $values["password"] = Pimcore_Tool_Authentication::getPasswordHash($user->getUsername(), $values["password"]);
             }
             $user->setValues($values);
             $user->save();
             $this->_helper->json(array("success" => true));
         } else {
             Logger::warn("prevented save current user, because ids do not match. ");
             $this->_helper->json(false);
         }
     } else {
         $this->_helper->json(false);
     }
 }
Example #12
0
 public function init()
 {
     parent::init();
     // log exceptions if handled by error_handler
     $this->checkForErrors();
     // general definitions
     Pimcore::unsetAdminMode();
     Document::setHideUnpublished(true);
     Object_Abstract::setHideUnpublished(true);
     Object_Abstract::setGetInheritedValues(true);
     $adminSession = null;
     // assign variables
     $this->view->controller = $this;
     // init website config
     $config = Pimcore_Config::getWebsiteConfig();
     $this->config = $config;
     $this->view->config = $config;
     if (!$this->_getParam("document")) {
         Zend_Registry::set("pimcore_editmode", false);
         $this->editmode = false;
         $this->view->editmode = false;
         // no document available, continue, ...
         return;
     } else {
         $this->setDocument($this->_getParam("document"));
     }
     if ($this->_getParam("pimcore_editmode") || $this->_getParam("pimcore_version") || $this->_getParam("pimcore_preview") || $this->_getParam("pimcore_admin") || $this->_getParam("pimcore_object_preview")) {
         $specialAdminRequest = true;
         Pimcore_Tool_Authentication::initSession();
         // start admin session
         $adminSession = new Zend_Session_Namespace("pimcore_admin");
     }
     if (!$this->document->isPublished()) {
         if ($specialAdminRequest) {
             if (!$adminSession->user instanceof User) {
                 throw new Exception("access denied for " . $this->document->getFullPath());
             }
         } else {
             throw new Exception("access denied for " . $this->document->getFullPath());
         }
     }
     // register global locale if the document has the system property "language"
     if ($this->document->getProperty("language")) {
         $locale = new Zend_Locale($this->document->getProperty("language"));
         Zend_Registry::set('Zend_Locale', $locale);
     }
     // for editmode
     if ($adminSession && $adminSession->user instanceof User) {
         if ($this->_getParam("pimcore_editmode") and !Zend_Registry::isRegistered("pimcore_editmode")) {
             Zend_Registry::set("pimcore_editmode", true);
             // check if there is the document in the session
             $docKey = "document_" . $this->getDocument()->getId();
             $docSession = new Zend_Session_Namespace("pimcore_documents");
             if ($docSession->{$docKey}) {
                 // if there is a document in the session use it
                 $this->setDocument($docSession->{$docKey});
             } else {
                 // set the latest available version for editmode if there is no doc in the session
                 $latestVersion = $this->getDocument()->getLatestVersion();
                 if ($latestVersion) {
                     $latestDoc = $latestVersion->loadData();
                     if ($latestDoc instanceof Document_PageSnippet) {
                         $this->setDocument($latestDoc);
                     }
                 }
             }
             // register editmode plugin
             $front = Zend_Controller_Front::getInstance();
             $front->registerPlugin(new Pimcore_Controller_Plugin_Frontend_Editmode($this), 1000);
         } else {
             Zend_Registry::set("pimcore_editmode", false);
         }
     } else {
         Zend_Registry::set("pimcore_editmode", false);
     }
     // for preview
     if ($adminSession && $adminSession->user instanceof User) {
         // document preview
         if ($this->_getParam("pimcore_preview")) {
             // get document from session
             $docKey = "document_" . $this->_getParam("document")->getId();
             $docSession = new Zend_Session_Namespace("pimcore_documents");
             if ($docSession->{$docKey}) {
                 $this->setDocument($docSession->{$docKey});
             }
         }
         // object preview
         if ($this->_getParam("pimcore_object_preview")) {
             $key = "object_" . $this->_getParam("pimcore_object_preview");
             $session = new Zend_Session_Namespace("pimcore_objects");
             if ($session->{$key}) {
                 $object = $session->{$key};
                 // add the object to the registry so every call to Object_Abstract::getById() will return this object instead of the real one
                 Zend_Registry::set("object_" . $object->getId(), $object);
             }
         }
     }
     // for version preview
     if ($this->_getParam("pimcore_version")) {
         if ($adminSession && $adminSession->user instanceof User) {
             // only get version data at the first call || because of embedded Snippets ...
             try {
                 Zend_Registry::get("pimcore_version_active");
             } catch (Exception $e) {
                 $version = Version::getById($this->_getParam("pimcore_version"));
                 $this->setDocument($version->getData());
                 Zend_Registry::set("pimcore_version_active", true);
             }
         }
     }
     // for public versions
     if ($this->_getParam("v")) {
         try {
             $version = Version::getById($this->_getParam("v"));
             if ($version->getPublic()) {
                 $this->setDocument($version->getData());
             }
         } catch (Exception $e) {
         }
     }
     // set some parameters
     $this->editmode = Zend_Registry::get("pimcore_editmode");
     $this->view->editmode = Zend_Registry::get("pimcore_editmode");
 }
Example #13
0
    public function postDispatch(Zend_Controller_Request_Abstract $request)
    {
        // add scripts to editmode
        $editmodeLibraries = array("/pimcore/static/js/pimcore/namespace.js", "/pimcore/static/js/lib/prototype-light.js", "/pimcore/static/js/lib/jquery-1.7.1.min.js", "/pimcore/static/js/lib/ext/adapter/jquery/ext-jquery-adapter-debug.js", "/pimcore/static/js/lib/ext/ext-all-debug.js", "/pimcore/static/js/lib/ext-plugins/ux/Spinner.js", "/pimcore/static/js/lib/ext-plugins/ux/SpinnerField.js", "/pimcore/static/js/lib/ext-plugins/ux/MultiSelect.js", "/pimcore/static/js/lib/ext-plugins/ux/Portal.js", "/pimcore/static/js/lib/ext-plugins/ux/PortalColumn.js", "/pimcore/static/js/lib/ext-plugins/ux/Portlet.js", "/pimcore/static/js/lib/ext-plugins/GridRowOrder/roworder.js", "/pimcore/static/js/lib/ckeditor/ckeditor.js", "/pimcore/static/js/lib/ckeditor-plugins/pimcore-image.js", "/pimcore/static/js/lib/ckeditor-plugins/pimcore-link.js", "/pimcore/static/js/pimcore/libfixes.js");
        $editmodeScripts = array("/pimcore/static/js/pimcore/functions.js", "/pimcore/static/js/pimcore/document/edit/helper.js", "/pimcore/static/js/pimcore/document/edit/dnd.js", "/pimcore/static/js/pimcore/document/tag.js", "/pimcore/static/js/pimcore/document/tags/block.js", "/pimcore/static/js/pimcore/document/tags/date.js", "/pimcore/static/js/pimcore/document/tags/href.js", "/pimcore/static/js/pimcore/document/tags/multihref.js", "/pimcore/static/js/pimcore/document/tags/checkbox.js", "/pimcore/static/js/pimcore/document/tags/image.js", "/pimcore/static/js/pimcore/document/tags/input.js", "/pimcore/static/js/pimcore/document/tags/link.js", "/pimcore/static/js/pimcore/document/tags/select.js", "/pimcore/static/js/pimcore/document/tags/snippet.js", "/pimcore/static/js/pimcore/document/tags/textarea.js", "/pimcore/static/js/pimcore/document/tags/numeric.js", "/pimcore/static/js/pimcore/document/tags/wysiwyg.js", "/pimcore/static/js/pimcore/document/tags/renderlet.js", "/pimcore/static/js/pimcore/document/tags/table.js", "/pimcore/static/js/pimcore/document/tags/video.js", "/pimcore/static/js/pimcore/document/tags/multiselect.js", "/pimcore/static/js/pimcore/document/tags/areablock.js", "/pimcore/static/js/pimcore/document/tags/area.js", "/pimcore/static/js/pimcore/document/edit/helper.js");
        $conf = Pimcore_Config::getSystemConfig();
        $themeUrl = "/pimcore/static/js/lib/ext/resources/css/xtheme-blue.css";
        if ($conf->general->theme) {
            $themeUrl = $conf->general->theme;
        }
        $editmodeStylesheets = array("/pimcore/static/js/lib/ext/resources/css/ext-all.css", $themeUrl, "/pimcore/static/css/icons.css", "/pimcore/static/css/editmode.css", "/pimcore/static/js/lib/ext-plugins/ux/css/Spinner.css", "/pimcore/static/js/lib/ext-plugins/ux/css/MultiSelect.css", "/pimcore/static/js/lib/ext-plugins/ux/css/Portal.css");
        //add plugin editmode JS and CSS
        try {
            $pluginConfigs = Pimcore_ExtensionManager::getPluginConfigs();
            $jsPaths = array();
            $cssPaths = array();
            if (!empty($pluginConfigs)) {
                //registering plugins
                foreach ($pluginConfigs as $p) {
                    if (is_array($p['plugin']['pluginDocumentEditmodeJsPaths']['path'])) {
                        $jsPaths = $p['plugin']['pluginDocumentEditmodeJsPaths']['path'];
                    } else {
                        if ($p['plugin']['pluginDocumentEditmodeJsPaths']['path'] != null) {
                            $jsPaths[0] = $p['plugin']['pluginDocumentEditmodeJsPaths']['path'];
                        }
                    }
                    //manipulate path for frontend
                    if (is_array($jsPaths) and count($jsPaths) > 0) {
                        for ($i = 0; $i < count($jsPaths); $i++) {
                            if (is_file(PIMCORE_PLUGINS_PATH . $jsPaths[$i])) {
                                $jsPaths[$i] = "/plugins" . $jsPaths[$i];
                            }
                        }
                    }
                    if (is_array($p['plugin']['pluginDocumentEditmodeCssPaths']['path'])) {
                        $cssPaths = $p['plugin']['pluginDocumentEditmodeCssPaths']['path'];
                    } else {
                        if ($p['plugin']['pluginDocumentEditmodeCssPaths']['path'] != null) {
                            $cssPaths[0] = $p['plugin']['pluginDocumentEditmodeCssPaths']['path'];
                        }
                    }
                    //manipulate path for frontend
                    if (is_array($cssPaths) and count($cssPaths) > 0) {
                        for ($i = 0; $i < count($cssPaths); $i++) {
                            if (is_file(PIMCORE_PLUGINS_PATH . $cssPaths[$i])) {
                                $cssPaths[$i] = "/plugins" . $cssPaths[$i];
                            }
                        }
                    }
                }
            }
            $editmodeScripts = array_merge($editmodeScripts, $jsPaths);
            $editmodeStylesheets = array_merge($editmodeStylesheets, $cssPaths);
        } catch (Exception $e) {
            Logger::alert("there is a problem with the plugin configuration");
            Logger::alert($e);
        }
        $editmodeHeadHtml = "\n\n\n<!-- pimcore editmode -->\n";
        // include stylesheets
        foreach ($editmodeStylesheets as $sheet) {
            $editmodeHeadHtml .= '<link rel="stylesheet" type="text/css" href="' . $sheet . '?_dc=' . Pimcore_Version::$revision . '" />';
            $editmodeHeadHtml .= "\n";
        }
        // include script libraries
        foreach ($editmodeLibraries as $script) {
            $editmodeHeadHtml .= '<script type="text/javascript" src="' . $script . '?_dc=' . Pimcore_Version::$revision . '"></script>';
            $editmodeHeadHtml .= "\n";
        }
        // combine the pimcore scripts in non-devmode
        if ($conf->general->devmode) {
            foreach ($editmodeScripts as $script) {
                $editmodeHeadHtml .= '<script type="text/javascript" src="' . $script . '?_dc=' . Pimcore_Version::$revision . '"></script>';
                $editmodeHeadHtml .= "\n";
            }
        } else {
            $scriptContents = "";
            foreach ($editmodeScripts as $scriptUrl) {
                $scriptContents .= file_get_contents(PIMCORE_DOCUMENT_ROOT . $scriptUrl) . "\n\n\n";
            }
            $editmodeHeadHtml .= '<script type="text/javascript" src="' . Pimcore_Tool_Admin::getMinimizedScriptPath($scriptContents) . '?_dc=' . Pimcore_Version::$revision . '"></script>' . "\n";
        }
        $user = Pimcore_Tool_Authentication::authenticateSession();
        $lang = $user->getLanguage();
        $editmodeHeadHtml .= '<script type="text/javascript" src="/admin/misc/json-translations-system/language/' . $lang . '/?_dc=' . Pimcore_Version::$revision . '"></script>' . "\n";
        $editmodeHeadHtml .= '<script type="text/javascript" src="/admin/misc/json-translations-admin/language/' . $lang . '/?_dc=' . Pimcore_Version::$revision . '"></script>' . "\n";
        $editmodeHeadHtml .= "\n\n";
        // set var for editable configurations which is filled by Document_Tag::admin()
        $editmodeHeadHtml .= '<script type="text/javascript">
            var editableConfigurations = new Array();
            var pimcore_document_id = ' . $request->getParam("document")->getId() . ';
        </script>';
        $editmodeHeadHtml .= "\n\n<!-- /pimcore editmode -->\n\n\n";
        // add html headers for snippets in editmode, so there is no problem with javascript
        $body = $this->getResponse()->getBody();
        if ($this->controller->editmode && strpos($body, "</body>") === false && !$request->getParam("blockAutoHtml")) {
            $body = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
			<html xmlns="http://www.w3.org/1999/xhtml">
			<head></head><body>' . $body . "</body></html>";
            $this->getResponse()->setBody($body);
        }
        // add scripts in html header for pages in editmode
        if ($this->controller->editmode && Document_Service::isValidType($this->controller->document->getType())) {
            //ckogler
            include_once "simple_html_dom.php";
            $body = $this->getResponse()->getBody();
            $html = str_get_html($body);
            if ($html) {
                if ($head = $html->find("head", 0)) {
                    $head->innertext = $head->innertext . "\n\n" . $editmodeHeadHtml;
                    $bodyElement = $html->find("body", 0);
                    $bodyElement->onunload = "pimcoreOnUnload();";
                    $bodyElement->innertext = $bodyElement->innertext . "\n\n" . '<script type="text/javascript" src="/pimcore/static/js/pimcore/document/edit/startup.js?_dc=' . Pimcore_Version::$revision . '"></script>' . "\n\n";
                    $body = $html->save();
                    $this->getResponse()->setBody($body);
                }
            }
        }
    }
 public function logoutAction()
 {
     $adminSession = Pimcore_Tool_Authentication::getSession();
     if ($adminSession->user instanceof User) {
         Pimcore_API_Plugin_Broker::getInstance()->preLogoutUser($adminSession->user);
         $adminSession->user = null;
     }
     Zend_Session::destroy();
     // cleanup pimcore-cookies => 315554400 => strtotime('1980-01-01')
     setcookie("pimcore_opentabs", false, 315554400, "/");
     $this->_redirect("/admin/login/");
 }
 public function updateCurrentUserAction()
 {
     $user = $this->getUser();
     if ($user != null) {
         if ($user->getId() == $this->_getParam("id")) {
             $values = Zend_Json::decode($this->_getParam("data"));
             unset($values["admin"]);
             unset($values["permissions"]);
             unset($values["roles"]);
             unset($values["active"]);
             if (!empty($values["new_password"])) {
                 $oldPasswordCheck = false;
                 if (empty($values["old_password"])) {
                     // if the user want to reset the password, the old password isn't required
                     $adminSession = Pimcore_Tool_Authentication::getSession();
                     if ($adminSession->password_reset) {
                         $oldPasswordCheck = true;
                     }
                 } else {
                     // the password have to match
                     $oldPassword = Pimcore_Tool_Authentication::getPasswordHash($user->getName(), $values["old_password"]);
                     if ($oldPassword == $user->getPassword()) {
                         $oldPasswordCheck = true;
                     }
                 }
                 if ($oldPasswordCheck && $values["new_password"] == $values["retype_password"]) {
                     $values["password"] = Pimcore_Tool_Authentication::getPasswordHash($user->getName(), $values["new_password"]);
                 } else {
                     $this->_helper->json(array("success" => false, "message" => "password_cannot_be_changed"));
                 }
             }
             $user->setValues($values);
             $user->save();
             $this->_helper->json(array("success" => true));
         } else {
             Logger::warn("prevented save current user, because ids do not match. ");
             $this->_helper->json(false);
         }
     } else {
         $this->_helper->json(false);
     }
 }