/** * Authenticate user and initializes the session. * Listens to Login.initSession hook. * * @param Piwik_Event_Notification $notification notification object * @throws Exception */ function initSession($notification) { $info = $notification->getNotificationObject(); $login = $info['login']; $md5Password = $info['md5Password']; $rememberMe = $info['rememberMe']; $tokenAuth = Piwik_UsersManager_API::getInstance()->getTokenAuth($login, $md5Password); $auth = Zend_Registry::get('auth'); $auth->setLogin($login); $auth->setTokenAuth($tokenAuth); $authResult = $auth->authenticate(); $authCookieName = Piwik_Config::getInstance()->General['login_cookie_name']; $authCookieExpiry = $rememberMe ? time() + Piwik_Config::getInstance()->General['login_cookie_expire'] : 0; $authCookiePath = Piwik_Config::getInstance()->General['login_cookie_path']; $cookie = new Piwik_Cookie($authCookieName, $authCookieExpiry, $authCookiePath); if (!$authResult->isValid()) { $cookie->delete(); throw new Exception(Piwik_Translate('Login_LoginPasswordNotCorrect')); } $cookie->set('login', $login); $cookie->set('token_auth', $auth->getHashTokenAuth($login, $authResult->getTokenAuth())); $cookie->setSecure(Piwik::isHttps()); $cookie->setHttpOnly(true); $cookie->save(); @Piwik_Session::regenerateId(); // remove password reset entry if it exists self::removePasswordResetInfo($login); }
/** * Get system information */ public static function getSystemInformation() { global $piwik_minimumPHPVersion; $minimumMemoryLimit = Piwik_Config::getInstance()->General['minimum_memory_limit']; $infos = array(); $infos['general_infos'] = array(); $infos['directories'] = Piwik::checkDirectoriesWritable(); $infos['can_auto_update'] = Piwik::canAutoUpdate(); if (Piwik_Common::isIIS()) { Piwik::createWebConfigFiles(); } else { Piwik::createHtAccessFiles(); } Piwik::createWebRootFiles(); $infos['phpVersion_minimum'] = $piwik_minimumPHPVersion; $infos['phpVersion'] = PHP_VERSION; $infos['phpVersion_ok'] = version_compare($piwik_minimumPHPVersion, $infos['phpVersion']) === -1; // critical errors $extensions = @get_loaded_extensions(); $needed_extensions = array('zlib', 'SPL', 'iconv', 'Reflection'); $infos['needed_extensions'] = $needed_extensions; $infos['missing_extensions'] = array(); foreach ($needed_extensions as $needed_extension) { if (!in_array($needed_extension, $extensions)) { $infos['missing_extensions'][] = $needed_extension; } } $infos['pdo_ok'] = false; if (in_array('PDO', $extensions)) { $infos['pdo_ok'] = true; } $infos['adapters'] = Piwik_Db_Adapter::getAdapters(); $needed_functions = array('debug_backtrace', 'create_function', 'eval', 'gzcompress', 'gzuncompress', 'pack'); $infos['needed_functions'] = $needed_functions; $infos['missing_functions'] = array(); foreach ($needed_functions as $needed_function) { if (!self::functionExists($needed_function)) { $infos['missing_functions'][] = $needed_function; } } // warnings $desired_extensions = array('json', 'libxml', 'dom', 'SimpleXML'); $infos['desired_extensions'] = $desired_extensions; $infos['missing_desired_extensions'] = array(); foreach ($desired_extensions as $desired_extension) { if (!in_array($desired_extension, $extensions)) { $infos['missing_desired_extensions'][] = $desired_extension; } } $desired_functions = array('set_time_limit', 'mail', 'parse_ini_file', 'glob'); $infos['desired_functions'] = $desired_functions; $infos['missing_desired_functions'] = array(); foreach ($desired_functions as $desired_function) { if (!self::functionExists($desired_function)) { $infos['missing_desired_functions'][] = $desired_function; } } $infos['openurl'] = Piwik_Http::getTransportMethod(); $infos['gd_ok'] = Piwik::isGdExtensionEnabled(); $infos['hasMbstring'] = false; $infos['multibyte_ok'] = true; if (function_exists('mb_internal_encoding')) { $infos['hasMbstring'] = true; if ((int) ini_get('mbstring.func_overload') != 0) { $infos['multibyte_ok'] = false; } } $serverSoftware = isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : ''; $infos['serverVersion'] = addslashes($serverSoftware); $infos['serverOs'] = @php_uname(); $infos['serverTime'] = date('H:i:s'); $infos['registerGlobals_ok'] = ini_get('register_globals') == 0; $infos['memoryMinimum'] = $minimumMemoryLimit; $infos['memory_ok'] = true; $infos['memoryCurrent'] = ''; $raised = Piwik::raiseMemoryLimitIfNecessary(); if (($memoryValue = Piwik::getMemoryLimitValue()) > 0) { $infos['memoryCurrent'] = $memoryValue . 'M'; $infos['memory_ok'] = $memoryValue >= $minimumMemoryLimit; } $infos['isWindows'] = Piwik_Common::isWindows(); $integrityInfo = Piwik::getFileIntegrityInformation(); $infos['integrity'] = $integrityInfo[0]; $infos['integrityErrorMessages'] = array(); if (isset($integrityInfo[1])) { if ($infos['integrity'] == false) { $infos['integrityErrorMessages'][] = '<b>' . Piwik_Translate('General_FileIntegrityWarningExplanation') . '</b>'; } $infos['integrityErrorMessages'] = array_merge($infos['integrityErrorMessages'], array_slice($integrityInfo, 1)); } $infos['timezone'] = Piwik::isTimezoneSupportEnabled(); $infos['tracker_status'] = Piwik_Common::getRequestVar('trackerStatus', 0, 'int'); $infos['protocol'] = Piwik_ProxyHeaders::getProtocolInformation(); if (!Piwik::isHttps() && $infos['protocol'] !== null) { $infos['general_infos']['secure_protocol'] = '1'; } if (count($headers = Piwik_ProxyHeaders::getProxyClientHeaders()) > 0) { $infos['general_infos']['proxy_client_headers'] = $headers; } if (count($headers = Piwik_ProxyHeaders::getProxyHostHeaders()) > 0) { $infos['general_infos']['proxy_host_headers'] = $headers; } return $infos; }
/** * Check force_ssl_login and redirect if connection isn't secure and not using a reverse proxy * * @param none * @return void */ protected function checkForceSslLogin() { $forceSslLogin = Zend_Registry::get('config')->General->force_ssl_login; if ($forceSslLogin) { if (!Piwik::isHttps()) { $url = 'https://' . Piwik_Url::getCurrentHost() . Piwik_Url::getCurrentScriptName() . Piwik_Url::getCurrentQueryString(); Piwik_Url::redirectToUrl($url); } } }
/** * Check force_ssl_login and redirect if connection isn't secure and not using a reverse proxy * * @param none * @return void */ protected function checkForceSslLogin() { $forceSslLogin = Piwik_Config::getInstance()->General['force_ssl_login']; if ($forceSslLogin && !Piwik::isHttps()) { $url = 'https://' . Piwik_Url::getCurrentHost() . Piwik_Url::getCurrentScriptName() . Piwik_Url::getCurrentQueryString(); Piwik_Url::redirectToUrl($url); } }
/** * Must be called before dispatch() * - checks that directories are writable, * - loads the configuration file, * - loads the plugin, * - inits the DB connection, * - etc. */ function init() { static $initialized = false; if ($initialized) { return; } $initialized = true; try { Zend_Registry::set('timer', new Piwik_Timer()); $directoriesToCheck = array('/tmp/', '/tmp/templates_c/', '/tmp/cache/', '/tmp/assets/', '/tmp/tcpdf/'); Piwik::checkDirectoriesWritableOrDie($directoriesToCheck); Piwik_Common::assignCliParametersToRequest(); Piwik_Translate::getInstance()->loadEnglishTranslation(); $exceptionToThrow = false; try { Piwik::createConfigObject(); } catch (Exception $e) { Piwik_PostEvent('FrontController.NoConfigurationFile', $e, $info = array(), $pending = true); $exceptionToThrow = $e; } if (Piwik_Session::isFileBasedSessions()) { Piwik_Session::start(); } if (Piwik_Config::getInstance()->General['maintenance_mode'] == 1 && !Piwik_Common::isPhpCliMode()) { $format = Piwik_Common::getRequestVar('format', ''); $exception = new Exception("Piwik is in scheduled maintenance. Please come back later."); if (empty($format)) { throw $exception; } $response = new Piwik_API_ResponseBuilder($format); echo $response->getResponseException($exception); exit; } if (!Piwik_Common::isPhpCliMode() && Piwik_Config::getInstance()->General['force_ssl'] == 1 && !Piwik::isHttps()) { $url = Piwik_Url::getCurrentUrl(); $url = str_replace("http://", "https://", $url); Piwik_Url::redirectToUrl($url); } $pluginsManager = Piwik_PluginsManager::getInstance(); $pluginsToLoad = Piwik_Config::getInstance()->Plugins['Plugins']; $pluginsManager->loadPlugins($pluginsToLoad); if ($exceptionToThrow) { throw $exceptionToThrow; } try { Piwik::createDatabaseObject(); } catch (Exception $e) { if (self::shouldRethrowException()) { throw $e; } Piwik_PostEvent('FrontController.badConfigurationFile', $e, $info = array(), $pending = true); throw $e; } Piwik::createLogObject(); // creating the access object, so that core/Updates/* can enforce Super User and use some APIs Piwik::createAccessObject(); Piwik_PostEvent('FrontController.dispatchCoreAndPluginUpdatesScreen'); Piwik_PluginsManager::getInstance()->installLoadedPlugins(); Piwik::install(); // ensure the current Piwik URL is known for later use if (method_exists('Piwik', 'getPiwikUrl')) { $host = Piwik::getPiwikUrl(); } Piwik_PostEvent('FrontController.initAuthenticationObject'); try { $authAdapter = Zend_Registry::get('auth'); } catch (Exception $e) { throw new Exception("Authentication object cannot be found in the Registry. Maybe the Login plugin is not activated?\n\t\t\t\t\t\t\t\t\t<br />You can activate the plugin by adding:<br />\n\t\t\t\t\t\t\t\t\t<code>Plugins[] = Login</code><br />\n\t\t\t\t\t\t\t\t\tunder the <code>[Plugins]</code> section in your config/config.ini.php"); } Zend_Registry::get('access')->reloadAccess($authAdapter); Piwik::raiseMemoryLimitIfNecessary(); Piwik_Translate::getInstance()->reloadLanguage(); $pluginsManager->postLoadPlugins(); Piwik_PostEvent('FrontController.checkForUpdates'); } catch (Exception $e) { if (self::shouldRethrowException()) { throw $e; } Piwik_ExitWithMessage($e->getMessage(), false, true); } // Piwik::log('End FrontController->init() - Request: '. var_export($_REQUEST, true)); }
/** * Start the session * * @param array|bool $options An array of configuration options; the auto-start (bool) setting is ignored * @return void */ public static function start($options = false) { if (Piwik_Common::isPhpCliMode() || self::$sessionStarted || defined('PIWIK_ENABLE_SESSION_START') && !PIWIK_ENABLE_SESSION_START) { return; } self::$sessionStarted = true; // use cookies to store session id on the client side @ini_set('session.use_cookies', '1'); // prevent attacks involving session ids passed in URLs @ini_set('session.use_only_cookies', '1'); // advise browser that session cookie should only be sent over secure connection if (Piwik::isHttps()) { @ini_set('session.cookie_secure', '1'); } // advise browser that session cookie should only be accessible through the HTTP protocol (i.e., not JavaScript) @ini_set('session.cookie_httponly', '1'); // don't use the default: PHPSESSID $sessionName = defined('PIWIK_SESSION_NAME') ? PIWIK_SESSION_NAME : 'PIWIK_SESSID'; @ini_set('session.name', $sessionName); // proxies may cause the referer check to fail and // incorrectly invalidate the session @ini_set('session.referer_check', ''); $currentSaveHandler = ini_get('session.save_handler'); $config = Piwik_Config::getInstance(); if (self::isFileBasedSessions()) { // Note: this handler doesn't work well in load-balanced environments and may have a concurrency issue with locked session files // for "files", use our own folder to prevent local session file hijacking $sessionPath = PIWIK_USER_PATH . '/tmp/sessions'; // We always call mkdir since it also chmods the directory which might help when permissions were reverted for some reasons Piwik_Common::mkdir($sessionPath); @ini_set('session.save_handler', 'files'); @ini_set('session.save_path', $sessionPath); } else { if ($config->General['session_save_handler'] === 'dbtable' || in_array($currentSaveHandler, array('user', 'mm'))) { // We consider these to be misconfigurations, in that: // - user - we can't verify that user-defined session handler functions have already been set via session_set_save_handler() // - mm - this handler is not recommended, unsupported, not available for Windows, and has a potential concurrency issue $db = Zend_Registry::get('db'); $config = array('name' => Piwik_Common::prefixTable('session'), 'primary' => 'id', 'modifiedColumn' => 'modified', 'dataColumn' => 'data', 'lifetimeColumn' => 'lifetime', 'db' => $db); $saveHandler = new Piwik_Session_SaveHandler_DbTable($config); if ($saveHandler) { self::setSaveHandler($saveHandler); } } } // garbage collection may disabled by default (e.g., Debian) if (ini_get('session.gc_probability') == 0) { @ini_set('session.gc_probability', 1); } try { Zend_Session::start(); register_shutdown_function(array('Zend_Session', 'writeClose'), true); } catch (Exception $e) { Piwik::log('Unable to start session: ' . $e->getMessage()); $enableDbSessions = ''; if (Piwik::isInstalled()) { $enableDbSessions = "<br/>If you still experience issues after trying these changes, \n\t\t\t \t\t\twe recommend that you <a href='http://piwik.org/faq/how-to-install/#faq_133' target='_blank'>enable database session storage</a>."; } $message = 'Error: ' . Piwik_Translate('General_ExceptionUnableToStartSession') . ' ' . Piwik::getErrorMessageMissingPermissions(Piwik_Common::getPathToPiwikRoot() . '/tmp/sessions/') . $enableDbSessions . "\n<pre>Debug: the original error was \n" . $e->getMessage() . "</pre>"; Piwik_ExitWithMessage($message); } }
protected function handleSSLRedirection() { if (!Piwik_Common::isPhpCliMode() && Piwik_Config::getInstance()->General['force_ssl'] == 1 && !Piwik::isHttps() && !(Piwik_Common::getRequestVar('module', '') == 'CoreAdminHome' && Piwik_Common::getRequestVar('action', '') == 'optOut')) { $url = Piwik_Url::getCurrentUrl(); $url = str_replace("http://", "https://", $url); Piwik_Url::redirectToUrl($url); } }