public function init() { parent::init(); // set language try { $locale = Zend_Registry::get("Zend_Locale"); $this->setLanguage($locale->getLanguage()); } catch (Exception $e) { if ($this->_getParam("language")) { $this->setLanguage($this->_getParam("language")); } else { $config = Pimcore_Config::getSystemConfig(); $this->setLanguage($config->general->language); } } try { Zend_Registry::get("pimcore_admin_initialized"); $this->setUser(Zend_Registry::get("pimcore_admin_user")); } catch (Exception $e) { // general definitions Document::setHideUnpublished(false); Object_Abstract::setHideUnpublished(false); Object_Abstract::setGetInheritedValues(false); Pimcore::setAdminMode(); // init translations self::initTranslations($this); // init zend action helpers Zend_Controller_Action_HelperBroker::addPrefix('Pimcore_Controller_Action_Helper'); // authenticate user, first try to authenticate with session information $user = Pimcore_Tool_Authentication::authenticateSession(); if ($user instanceof User) { $this->setUser($user); if ($this->getUser()->getLanguage()) { $this->setLanguage($this->getUser()->getLanguage()); } } else { // try to authenticate with digest, but this is only allowed for WebDAV if ($this->_getParam("module") == "admin" && $this->_getParam("controller") == "asset" && $this->_getParam("action") == "webdav") { $user = Pimcore_Tool_Authentication::authenticateDigest(); if ($user instanceof User) { $this->setUser($user); return; } } } // send a auth header for the client (is covered by the ajax object in javascript) if (!$this->getUser() instanceof User) { $this->getResponse()->setHeader("X-Pimcore-Auth", "required"); } // redirect to the login-page if the user isn't authenticated if (!$this->getUser() instanceof User && !($this->_getParam("module") == "admin" && $this->_getParam("controller") == "login")) { $this->_redirect("/admin/login"); $this->getResponse()->sendResponse(); exit; } Zend_Registry::set("pimcore_admin_user", $this->getUser()); Zend_Registry::set("pimcore_admin_initialized", true); } }
public function init() { parent::init(); // set language if (Zend_Registry::isRegistered("Zend_Locale")) { $locale = Zend_Registry::get("Zend_Locale"); $this->setLanguage($locale->getLanguage()); } else { if ($this->_getParam("language")) { $this->setLanguage($this->_getParam("language")); } else { $config = Pimcore_Config::getSystemConfig(); $this->setLanguage($config->general->language); // try to set browser-language (validation if installed is in $this->setLanguage() ) $this->setLanguage(new Zend_Locale()); } } if (self::$adminInitialized) { // this will be executed on every call to this init() method try { $this->setUser(Zend_Registry::get("pimcore_admin_user")); } catch (Exception $e) { Logger::emerg("adminInitialized was set to true although there was no user set in the registry -> to be save the process was killed"); exit; } } else { // the following code is only called once, even when there are some subcalls (eg. with $this->action, ... ) $this->disableBrowserCache(); // general definitions Document::setHideUnpublished(false); Object_Abstract::setHideUnpublished(false); Object_Abstract::setGetInheritedValues(false); Pimcore::setAdminMode(); // init translations self::initTranslations($this); // init zend action helpers Zend_Controller_Action_HelperBroker::addPrefix('Pimcore_Controller_Action_Helper'); // this is to make it possible to use the session id as a part of the route (ZF default route) used for pixlr.com editors, etc. if ($this->_getParam("pimcore_admin_sid")) { $_REQUEST["pimcore_admin_sid"] = $this->_getParam("pimcore_admin_sid"); } // authenticate user, first try to authenticate with session information $user = Pimcore_Tool_Authentication::authenticateSession(); if ($user instanceof User) { $this->setUser($user); if ($this->getUser()->getLanguage()) { $this->setLanguage($this->getUser()->getLanguage()); } } else { // try to authenticate with digest, but this is only allowed for WebDAV if ($this->_getParam("module") == "admin" && $this->_getParam("controller") == "asset" && $this->_getParam("action") == "webdav") { $user = Pimcore_Tool_Authentication::authenticateDigest(); if ($user instanceof User) { $this->setUser($user); self::$adminInitialized = true; return; } } } // redirect to the login-page if the user isn't authenticated if (!$this->getUser() instanceof User && !($this->_getParam("module") == "admin" && $this->_getParam("controller") == "login")) { // put a detailed message into the debug.log Logger::warn("Prevented access to " . $_SERVER["REQUEST_URI"] . " because there is no user in the session!"); Logger::warn(array("server" => $_SERVER, "get" => $_GET, "post" => $_POST, "session" => $_SESSION, "cookie" => $_COOKIE)); // send a auth header for the client (is covered by the ajax object in javascript) $this->getResponse()->setHeader("X-Pimcore-Auth", "required"); // redirect to login page $this->_redirect("/admin/login"); // exit the execution -> just to be sure exit; } // we're now authenticated so we can remove the default error handler so that we get just the normal PHP errors if ($this->_getParam("controller") != "login") { $front = Zend_Controller_Front::getInstance(); $front->unregisterPlugin("Pimcore_Controller_Plugin_ErrorHandler"); $front->throwExceptions(true); @ini_set("display_errors", "On"); @ini_set("display_startup_errors", "On"); } Zend_Registry::set("pimcore_admin_user", $this->getUser()); self::$adminInitialized = true; } }