/** * @param string $namespace * @param bool $singleInstance */ public function __construct($namespace = 'Default', $singleInstance = false) { if (Common::isPhpCliMode()) { self::$_readable = true; return; } Session::start(); parent::__construct($namespace, $singleInstance); }
/** * Clear session information * * @param none * @return void */ public static function clearSession() { $authCookieName = Config::getInstance()->General['login_cookie_name']; $cookie = new Cookie($authCookieName); $cookie->delete(); Session::expireSessionCookie(); }
private function closeSessionEarlyForFasterUI() { $isDashboardReferrer = !empty($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'module=CoreHome&action=index') !== false; $isAllWebsitesReferrer = !empty($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'module=MultiSites&action=index') !== false; if ($isDashboardReferrer && !empty($_POST['token_auth']) && Common::getRequestVar('widget', 0, 'int') === 1) { Session::close(); } if (($isDashboardReferrer || $isAllWebsitesReferrer) && Common::getRequestVar('viewDataTable', '', 'string') === 'sparkline') { Session::close(); } }
/** * Checks if the filesystem Piwik stores sessions in is NFS or not. This * check is done in order to avoid using file based sessions on NFS system, * since on such a filesystem file locking can make file based sessions * incredibly slow. * * Note: In order to figure this out, we try to run the 'df' program. If * the 'exec' or 'shell_exec' functions are not available, we can't do * the check. * * @return bool True if on an NFS filesystem, false if otherwise or if we * can't use shell_exec or exec. */ public static function checkIfFileSystemIsNFS() { $sessionsPath = Session::getSessionsDirectory(); // this command will display details for the filesystem that holds the $sessionsPath // path, but only if its type is NFS. if not NFS, df will return one or less lines // and the return code 1. if NFS, it will return 0 and at least 2 lines of text. $command = "df -T -t nfs \"{$sessionsPath}\" 2>&1"; if (function_exists('exec')) { $output = $returnCode = null; @exec($command, $output, $returnCode); // check if filesystem is NFS if ($returnCode == 0 && count($output) > 1) { return true; } } else { if (function_exists('shell_exec')) { $output = @shell_exec($command); if ($output) { $output = explode("\n", $output); if (count($output) > 1) { return true; } } } } return false; // not NFS, or we can't run a program to find out }
/** * Redirects the user to the specified URL. * * @param string $url * @api */ public static function redirectToUrl($url) { // Close the session manually. // We should not have to call this because it was registered via register_shutdown_function, // but it is not always called fast enough Session::close(); if (UrlHelper::isLookLikeUrl($url) || strpos($url, 'index.php') === 0) { @header("Location: {$url}"); } else { echo "Invalid URL to redirect to."; } if (Common::isPhpCliMode()) { throw new Exception("If you were using a browser, Piwik would redirect you to this URL: {$url} \n\n"); } exit; }
protected function regenerateSessionId() { Session::regenerateId(); }
protected function prepareDispatch($module, $action, $parameters) { if (is_null($module)) { $module = Common::getRequestVar('module', self::DEFAULT_MODULE, 'string'); } if (is_null($action)) { $action = Common::getRequestVar('action', false); } if (SettingsPiwik::isPiwikInstalled() && ($module !== 'API' || $action && $action !== 'index')) { Session::start(); } if (is_null($parameters)) { $parameters = array(); } if (!ctype_alnum($module)) { throw new Exception("Invalid module name '{$module}'"); } $module = Request::renameModule($module); if (!\Piwik\Plugin\Manager::getInstance()->isPluginActivated($module)) { throw new PluginDeactivatedException($module); } return array($module, $action, $parameters); }
/** * Redirects the user to the specified URL. * * @param string $url * @throws Exception * @api */ public static function redirectToUrl($url) { // Close the session manually. // We should not have to call this because it was registered via register_shutdown_function, // but it is not always called fast enough Session::close(); self::redirectToUrlNoExit($url); exit; }
private static function isEnabled() { return Session::isWritable() && Session::isReadable(); }
/** * Authenticates the user and initializes the session. */ public function initSession($login, $md5Password, $rememberMe) { $tokenAuth = API::getInstance()->getTokenAuth($login, $md5Password); $this->setLogin($login); $this->setTokenAuth($tokenAuth); $authResult = $this->authenticate(); $authCookieName = Config::getInstance()->General['login_cookie_name']; $authCookieExpiry = $rememberMe ? time() + Config::getInstance()->General['login_cookie_expire'] : 0; $authCookiePath = Config::getInstance()->General['login_cookie_path']; $cookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath); if (!$authResult->wasAuthenticationSuccessful()) { $cookie->delete(); throw new Exception(Piwik::translate('Login_LoginPasswordNotCorrect')); } $cookie->set('login', $login); $cookie->set('token_auth', $this->getHashTokenAuth($login, $authResult->getTokenAuth())); $cookie->setSecure(ProxyHttp::isHttps()); $cookie->setHttpOnly(true); $cookie->save(); @Session::regenerateId(); // remove password reset entry if it exists Login::removePasswordResetInfo($login); }
public function initAuthenticationObject($activateCookieAuth = false) { $clientCertificateAPI = ClientCertificatesAPI::getInstance(); $loginAPI = LoginAPI::getInstance(); $dn = $clientCertificateAPI->getUserDN(); $issuer_dn = $clientCertificateAPI->getIssuerDN(); if ($dn != null) { $auth = new CertAuth(); $previousAuth = \Piwik\Registry::get('auth'); \Piwik\Registry::set('auth', $auth); if (!$this->initAuthenticationFromCookie($auth, $activateCookieAuth)) { $result = $clientCertificateAPI->queryGovport($dn, $issuer_dn); if ($result) { $username = $this->getProperty($result, 'uid'); $fullname = $this->getProperty($result, 'fullName'); $email = $this->getProperty($result, 'email'); $firstname = $this->getProperty($result, 'firstName'); $lastname = $this->getProperty($result, 'lastName'); $agency = null; if (property_exists($result, 'grantBy')) { $agency = $result->{'grantBy'}[0]; } if ($agency == null) { if (property_exists($result, 'organizations')) { $agency = $result->{'organizations'}[0]; } if ($agency == null) { $agency = 'N/A'; } } \Piwik\Log::debug("Login PKI Response: {$username}, {$fullname}, {$email}, {$firstname}, {$lastname}, {$agency}"); $auth->setLogin($username); $auth->setUserDN($dn); $auth->setPassword($username . $dn); $auth->setTokenAuth(md5($username . $auth->getTokenAuthSecret())); $auth->setEmail($email); $auth->setAlias($this->getAlias($firstname, $lastname, $fullname)); $authResult = $auth->authenticate(); if ($authResult->wasAuthenticationSuccessful()) { Session::regenerateId(); //Create Cookie $authCookieExpiry = 0; $authCookieName = Config::getInstance()->General['login_cookie_name']; $authCookiePath = Config::getInstance()->General['login_cookie_path']; $cookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath); $cookie->set('login', $authResult->getIdentity()); $cookie->set('token_auth', md5($username . $auth->getTokenAuthSecret())); $cookie->setSecure(ProxyHttp::isHttps()); $cookie->setHttpOnly(true); $cookie->save(); } else { // Error message set by auth result \Piwik\Registry::set('auth', $previousAuth); } } else { \Piwik\Registry::set('auth', $previousAuth); $loginAPI->setErrorMessage("Could not verify user against authorization service"); \Piwik\Log::debug("Could not verify user against authorization service. Falling back on standard auth."); } } } else { $loginAPI->setErrorMessage("No certificate provided"); \Piwik\Log::debug("No certificate provided. Falling back on standard login mechanism."); } }