public function authenticate()
{
$rootLogin = Zend_Registry::get('config')->superuser->login;
$rootPassword = Zend_Registry::get('config')->superuser->password;
$rootToken = Piwik_UsersManager_API::getTokenAuth($rootLogin, $rootPassword);
if($this->login == $rootLogin
&& $this->token_auth == $rootToken)
{
return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS_SUPERUSER_AUTH_CODE, $this->login, $this->token_auth );
}
if($this->token_auth === $rootToken)
{
return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS_SUPERUSER_AUTH_CODE, $rootLogin, $rootToken );
}
$login = Piwik_FetchOne(
'SELECT login FROM '.Piwik::prefixTable('user').' WHERE token_auth = ?',
array($this->token_auth)
);
if($login !== false)
{
if(is_null($this->login)
|| $this->login == $login)
{
return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS, $login, $this->token_auth );
}
}
return new Piwik_Auth_Result( Piwik_Auth_Result::FAILURE, $this->login, $this->token_auth );
}
public function authenticate()
{
// we first try if the user is the super user
$rootLogin = Zend_Registry::get('config')->superuser->login;
$rootPassword = Zend_Registry::get('config')->superuser->password;
$rootToken = Piwik_UsersManager_API::getTokenAuth($rootLogin, $rootPassword);
// echo $rootToken;
// echo "<br>". $this->_credential;exit;
if ($this->_identity == $rootLogin && $this->_credential == $rootToken) {
return new Piwik_Auth_Result(Piwik_Auth::SUCCESS_SUPERUSER_AUTH_CODE, $this->_identity, array());
}
// we then look if the user is API authenticated
// API authentication works without login name, but only with the token
// TODO the logic (sql select) should be in the Login plugin, not here
// this class should stay simple. Another Login plugin should only have to create an auth entry
// of this class in the zend_registry and it should work
if (is_null($this->_identity)) {
$authenticated = false;
if ($this->_credential === $rootToken) {
return new Piwik_Auth_Result(Piwik_Auth::SUCCESS_SUPERUSER_AUTH_CODE, $rootLogin, array());
}
$login = Zend_Registry::get('db')->fetchOne('SELECT login FROM ' . Piwik::prefixTable('user') . ' WHERE token_auth = ?', array($this->_credential));
if ($login !== false) {
return new Piwik_Auth_Result(Zend_Auth_Result::SUCCESS, $login, array());
} else {
return new Piwik_Auth_Result(Zend_Auth_Result::FAILURE, $this->_identity, array());
}
}
// if not then we return the result of the database authentification provided by zend
return parent::authenticate();
}
private function _checkUserHasNotChanged($user, $newPassword, $newEmail = null, $newAlias = null)
{
if (is_null($newEmail)) {
$newEmail = $user['email'];
}
if (is_null($newAlias)) {
$newAlias = $user['alias'];
}
$userAfter = Piwik_UsersManager_API::getUser($user["login"]);
unset($userAfter['date_registered']);
// we now compute what the token auth should be, it should always be a hash of the login and the current password
// if the password has changed then the token_auth has changed!
$user['token_auth'] = Piwik_UsersManager_API::getTokenAuth($user["login"], md5($newPassword));
$user['password'] = md5($newPassword);
$user['email'] = $newEmail;
$user['alias'] = $newAlias;
$this->assertEqual($user, $userAfter);
}
protected function authenticateAndRedirect($login, $md5Password, $urlToRedirect)
{
$tokenAuth = Piwik_UsersManager_API::getTokenAuth($login, $md5Password);
$auth = Zend_Registry::get('auth');
$auth->setLogin($login);
$auth->setTokenAuth($tokenAuth);
$authResult = $auth->authenticate();
if ($authResult->isValid()) {
$authCookieName = Zend_Registry::get('config')->General->login_cookie_name;
$authCookieExpiry = time() + Zend_Registry::get('config')->General->login_cookie_expire;
$cookie = new Piwik_Cookie($authCookieName, $authCookieExpiry);
$cookie->set('login', $login);
$cookie->set('token_auth', $authResult->getTokenAuth());
$cookie->save();
$urlToRedirect = htmlspecialchars_decode($urlToRedirect);
Piwik_Url::redirectToUrl($urlToRedirect);
}
return false;
}
/**
* Authenticate user and password. Redirect if successful.
*
* @param string $login (user name)
* @param string $md5Password (md5 hash of password)
* @param string $urlToRedirect (URL to redirect to, if successfully authenticated)
* @return string (failure message if unable to authenticate)
*/
protected function authenticateAndRedirect($login, $md5Password, $urlToRedirect)
{
$tokenAuth = Piwik_UsersManager_API::getTokenAuth($login, $md5Password);
$auth = Zend_Registry::get('auth');
$auth->setLogin($login);
$auth->setTokenAuth($tokenAuth);
$authResult = $auth->authenticate();
if (!$authResult->isValid()) {
return Piwik_Translate('Login_LoginPasswordNotCorrect');
}
$authCookieName = Zend_Registry::get('config')->General->login_cookie_name;
$authCookieExpiry = time() + Zend_Registry::get('config')->General->login_cookie_expire;
$cookie = new Piwik_Cookie($authCookieName, $authCookieExpiry);
$cookie->set('login', $login);
$cookie->set('token_auth', $authResult->getTokenAuth());
$cookie->save();
Zend_Session::regenerateId();
Piwik_Url::redirectToUrl($urlToRedirect);
}
