public function authenticate() { $rootLogin = Zend_Registry::get('config')->superuser->login; $rootPassword = Zend_Registry::get('config')->superuser->password; $rootToken = Piwik_UsersManager_API::getTokenAuth($rootLogin, $rootPassword); if($this->login == $rootLogin && $this->token_auth == $rootToken) { return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS_SUPERUSER_AUTH_CODE, $this->login, $this->token_auth ); } if($this->token_auth === $rootToken) { return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS_SUPERUSER_AUTH_CODE, $rootLogin, $rootToken ); } $login = Piwik_FetchOne( 'SELECT login FROM '.Piwik::prefixTable('user').' WHERE token_auth = ?', array($this->token_auth) ); if($login !== false) { if(is_null($this->login) || $this->login == $login) { return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS, $login, $this->token_auth ); } } return new Piwik_Auth_Result( Piwik_Auth_Result::FAILURE, $this->login, $this->token_auth ); }
public function authenticate() { // we first try if the user is the super user $rootLogin = Zend_Registry::get('config')->superuser->login; $rootPassword = Zend_Registry::get('config')->superuser->password; $rootToken = Piwik_UsersManager_API::getTokenAuth($rootLogin, $rootPassword); // echo $rootToken; // echo "<br>". $this->_credential;exit; if ($this->_identity == $rootLogin && $this->_credential == $rootToken) { return new Piwik_Auth_Result(Piwik_Auth::SUCCESS_SUPERUSER_AUTH_CODE, $this->_identity, array()); } // we then look if the user is API authenticated // API authentication works without login name, but only with the token // TODO the logic (sql select) should be in the Login plugin, not here // this class should stay simple. Another Login plugin should only have to create an auth entry // of this class in the zend_registry and it should work if (is_null($this->_identity)) { $authenticated = false; if ($this->_credential === $rootToken) { return new Piwik_Auth_Result(Piwik_Auth::SUCCESS_SUPERUSER_AUTH_CODE, $rootLogin, array()); } $login = Zend_Registry::get('db')->fetchOne('SELECT login FROM ' . Piwik::prefixTable('user') . ' WHERE token_auth = ?', array($this->_credential)); if ($login !== false) { return new Piwik_Auth_Result(Zend_Auth_Result::SUCCESS, $login, array()); } else { return new Piwik_Auth_Result(Zend_Auth_Result::FAILURE, $this->_identity, array()); } } // if not then we return the result of the database authentification provided by zend return parent::authenticate(); }
private function _checkUserHasNotChanged($user, $newPassword, $newEmail = null, $newAlias = null) { if (is_null($newEmail)) { $newEmail = $user['email']; } if (is_null($newAlias)) { $newAlias = $user['alias']; } $userAfter = Piwik_UsersManager_API::getUser($user["login"]); unset($userAfter['date_registered']); // we now compute what the token auth should be, it should always be a hash of the login and the current password // if the password has changed then the token_auth has changed! $user['token_auth'] = Piwik_UsersManager_API::getTokenAuth($user["login"], md5($newPassword)); $user['password'] = md5($newPassword); $user['email'] = $newEmail; $user['alias'] = $newAlias; $this->assertEqual($user, $userAfter); }
protected function authenticateAndRedirect($login, $md5Password, $urlToRedirect) { $tokenAuth = Piwik_UsersManager_API::getTokenAuth($login, $md5Password); $auth = Zend_Registry::get('auth'); $auth->setLogin($login); $auth->setTokenAuth($tokenAuth); $authResult = $auth->authenticate(); if ($authResult->isValid()) { $authCookieName = Zend_Registry::get('config')->General->login_cookie_name; $authCookieExpiry = time() + Zend_Registry::get('config')->General->login_cookie_expire; $cookie = new Piwik_Cookie($authCookieName, $authCookieExpiry); $cookie->set('login', $login); $cookie->set('token_auth', $authResult->getTokenAuth()); $cookie->save(); $urlToRedirect = htmlspecialchars_decode($urlToRedirect); Piwik_Url::redirectToUrl($urlToRedirect); } return false; }
/** * Authenticate user and password. Redirect if successful. * * @param string $login (user name) * @param string $md5Password (md5 hash of password) * @param string $urlToRedirect (URL to redirect to, if successfully authenticated) * @return string (failure message if unable to authenticate) */ protected function authenticateAndRedirect($login, $md5Password, $urlToRedirect) { $tokenAuth = Piwik_UsersManager_API::getTokenAuth($login, $md5Password); $auth = Zend_Registry::get('auth'); $auth->setLogin($login); $auth->setTokenAuth($tokenAuth); $authResult = $auth->authenticate(); if (!$authResult->isValid()) { return Piwik_Translate('Login_LoginPasswordNotCorrect'); } $authCookieName = Zend_Registry::get('config')->General->login_cookie_name; $authCookieExpiry = time() + Zend_Registry::get('config')->General->login_cookie_expire; $cookie = new Piwik_Cookie($authCookieName, $authCookieExpiry); $cookie->set('login', $login); $cookie->set('token_auth', $authResult->getTokenAuth()); $cookie->save(); Zend_Session::regenerateId(); Piwik_Url::redirectToUrl($urlToRedirect); }