/** * Redirects to Login form with error message. * Listens to User.isNotAuthorized hook. */ public function noAccess(Exception $exception) { $frontController = FrontController::getInstance(); if (Common::isXmlHttpRequest()) { echo $frontController->dispatch(Piwik::getLoginPluginName(), 'ajaxNoAccess', array($exception->getMessage())); return; } echo $frontController->dispatch(Piwik::getLoginPluginName(), 'login', array($exception->getMessage())); }
function redirectToCoreHomeIndex() { $defaultReport = API::getInstance()->getUserPreference(Piwik::getCurrentUserLogin(), API::PREFERENCE_DEFAULT_REPORT); $module = 'CoreHome'; $action = 'index'; // User preference: default report to load is the All Websites dashboard if ($defaultReport == 'MultiSites' && \Piwik\Plugin\Manager::getInstance()->isPluginActivated('MultiSites')) { $module = 'MultiSites'; } if ($defaultReport == Piwik::getLoginPluginName()) { $module = Piwik::getLoginPluginName(); } $idSite = Common::getRequestVar('idSite', false, 'int'); parent::redirectToIndex($module, $action, $idSite); }
/** * Helper method used to redirect the current HTTP request to another module/action. * * This function will exit immediately after executing. * * @param string $moduleToRedirect The plugin to redirect to, eg. `"MultiSites"`. * @param string $actionToRedirect Action, eg. `"index"`. * @param int|null $websiteId The new idSite query parameter, eg, `1`. * @param string|null $defaultPeriod The new period query parameter, eg, `'day'`. * @param string|null $defaultDate The new date query parameter, eg, `'today'`. * @param array $parameters Other query parameters to append to the URL. * @api */ public function redirectToIndex($moduleToRedirect, $actionToRedirect, $websiteId = null, $defaultPeriod = null, $defaultDate = null, $parameters = array()) { $userPreferences = new UserPreferences(); if (empty($websiteId)) { $websiteId = $userPreferences->getDefaultWebsiteId(); } if (empty($defaultDate)) { $defaultDate = $userPreferences->getDefaultDate(); } if (empty($defaultPeriod)) { $defaultPeriod = $userPreferences->getDefaultPeriod(); } $parametersString = ''; if (!empty($parameters)) { $parametersString = '&' . Url::getQueryStringFromParameters($parameters); } if ($websiteId) { $url = "index.php?module=" . $moduleToRedirect . "&action=" . $actionToRedirect . "&idSite=" . $websiteId . "&period=" . $defaultPeriod . "&date=" . $defaultDate . $parametersString; Url::redirectToUrl($url); exit; } if (Piwik::hasUserSuperUserAccess()) { Piwik_ExitWithMessage("Error: no website was found in this Piwik installation.\n\t\t\t<br />Check the table '" . Common::prefixTable('site') . "' in your database, it should contain your Piwik websites.", false, true); } $currentLogin = Piwik::getCurrentUserLogin(); if (!empty($currentLogin) && $currentLogin != 'anonymous') { $emails = implode(',', Piwik::getAllSuperUserAccessEmailAddresses()); $errorMessage = sprintf(Piwik::translate('CoreHome_NoPrivilegesAskPiwikAdmin'), $currentLogin, "<br/><a href='mailto:" . $emails . "?subject=Access to Piwik for user {$currentLogin}'>", "</a>"); $errorMessage .= "<br /><br /> <b><a href='index.php?module=" . Registry::get('auth')->getName() . "&action=logout'>› " . Piwik::translate('General_Logout') . "</a></b><br />"; Piwik_ExitWithMessage($errorMessage, false, true); } echo FrontController::getInstance()->dispatch(Piwik::getLoginPluginName(), false); exit; }
private function getLoginModule() { return Piwik::getLoginPluginName(); }
/** * The Super User can modify Anonymous user settings * @param View $view */ protected function initViewAnonymousUserSettings($view) { if (!Piwik::hasUserSuperUserAccess()) { return; } $userLogin = '******'; // Which websites are available to the anonymous users? $anonymousSitesAccess = APIUsersManager::getInstance()->getSitesAccessFromUser($userLogin); $anonymousSites = array(); foreach ($anonymousSitesAccess as $info) { $idSite = $info['site']; $site = APISitesManager::getInstance()->getSiteFromId($idSite); // Work around manual website deletion if (!empty($site)) { $anonymousSites[$idSite] = $site; } } $view->anonymousSites = $anonymousSites; // Which report is displayed by default to the anonymous user? $anonymousDefaultReport = APIUsersManager::getInstance()->getUserPreference($userLogin, APIUsersManager::PREFERENCE_DEFAULT_REPORT); if ($anonymousDefaultReport === false) { if (empty($anonymousSites)) { $anonymousDefaultReport = Piwik::getLoginPluginName(); } else { // we manually imitate what would happen, in case the anonymous user logs in // and is redirected to the first website available to him in the list // @see getDefaultWebsiteId() reset($anonymousSites); $anonymousDefaultReport = key($anonymousSites); } } $view->anonymousDefaultReport = $anonymousDefaultReport; $view->anonymousDefaultDate = $this->getDefaultDateForUser($userLogin); }
/** * Password reset confirmation action. Finishes the password reset process. * Users visit this action from a link supplied in an email. */ public function confirmResetPassword() { $errorMessage = null; $login = Common::getRequestVar('login', ''); $resetToken = Common::getRequestVar('resetToken', ''); try { $this->passwordResetter->confirmNewPassword($login, $resetToken); } catch (Exception $ex) { Log::debug($ex); $errorMessage = $ex->getMessage(); } if (is_null($errorMessage)) { // if success, show login w/ success message // have to do this as super user since redirectToIndex checks if there's a default website ID for // the current user and if not, doesn't redirect to the requested action. TODO: this behavior is wrong. somehow. $self = $this; Access::doAsSuperUser(function () use($self) { $self->redirectToIndex(Piwik::getLoginPluginName(), 'resetPasswordSuccess'); }); return null; } else { // show login page w/ error. this will keep the token in the URL return $this->login($errorMessage); } }
/** * Renders the current view. Also sends the stored 'Content-Type' HTML header. * See {@link setContentType()}. * * @return string Generated template. */ public function render() { try { $this->currentModule = Piwik::getModule(); $this->currentAction = Piwik::getAction(); $this->url = Common::sanitizeInputValue(Url::getCurrentUrl()); $this->token_auth = Piwik::getCurrentUserTokenAuth(); $this->userHasSomeAdminAccess = Piwik::isUserHasSomeAdminAccess(); $this->userIsAnonymous = Piwik::isUserIsAnonymous(); $this->userIsSuperUser = Piwik::hasUserSuperUserAccess(); $this->latest_version_available = UpdateCheck::isNewestVersionAvailable(); $this->disableLink = Common::getRequestVar('disableLink', 0, 'int'); $this->isWidget = Common::getRequestVar('widget', 0, 'int'); $piwikAds = StaticContainer::get('Piwik\\ProfessionalServices\\Advertising'); $this->areAdsForProfessionalServicesEnabled = $piwikAds->areAdsForProfessionalServicesEnabled(); if (Development::isEnabled()) { $cacheBuster = rand(0, 10000); } else { $cacheBuster = UIAssetCacheBuster::getInstance()->piwikVersionBasedCacheBuster(); } $this->cacheBuster = $cacheBuster; $this->loginModule = Piwik::getLoginPluginName(); $user = APIUsersManager::getInstance()->getUser($this->userLogin); $this->userAlias = $user['alias']; } catch (Exception $e) { Log::debug($e); // can fail, for example at installation (no plugin loaded yet) } ProxyHttp::overrideCacheControlHeaders('no-store'); Common::sendHeader('Content-Type: ' . $this->contentType); // always sending this header, sometimes empty, to ensure that Dashboard embed loads // - when calling sendHeader() multiple times, the last one prevails Common::sendHeader('X-Frame-Options: ' . (string) $this->xFrameOptions); return $this->renderTwigTemplate(); }
/** * Helper method used to redirect the current HTTP request to another module/action. * * This function will exit immediately after executing. * * @param string $moduleToRedirect The plugin to redirect to, eg. `"MultiSites"`. * @param string $actionToRedirect Action, eg. `"index"`. * @param int|null $websiteId The new idSite query parameter, eg, `1`. * @param string|null $defaultPeriod The new period query parameter, eg, `'day'`. * @param string|null $defaultDate The new date query parameter, eg, `'today'`. * @param array $parameters Other query parameters to append to the URL. * @api */ public function redirectToIndex($moduleToRedirect, $actionToRedirect, $websiteId = null, $defaultPeriod = null, $defaultDate = null, $parameters = array()) { try { $this->doRedirectToUrl($moduleToRedirect, $actionToRedirect, $websiteId, $defaultPeriod, $defaultDate, $parameters); } catch (Exception $e) { // no website ID to default to, so could not redirect } if (Piwik::hasUserSuperUserAccess()) { Piwik_ExitWithMessage("Error: no website was found in this Piwik installation.\n\t\t\t<br />Check the table '" . Common::prefixTable('site') . "' in your database, it should contain your Piwik websites.", false, true); } if (!Piwik::isUserIsAnonymous()) { $emails = implode(',', Piwik::getAllSuperUserAccessEmailAddresses()); $errorMessage = sprintf(Piwik::translate('CoreHome_NoPrivilegesAskPiwikAdmin'), $currentLogin, "<br/><a href='mailto:" . $emails . "?subject=Access to Piwik for user {$currentLogin}'>", "</a>"); $errorMessage .= "<br /><br /> <b><a href='index.php?module=" . Registry::get('auth')->getName() . "&action=logout'>› " . Piwik::translate('General_Logout') . "</a></b><br />"; Piwik_ExitWithMessage($errorMessage, false, true); } echo FrontController::getInstance()->dispatch(Piwik::getLoginPluginName(), false); exit; }
/** * Password reset confirmation action. Finishes the password reset process. * Users visit this action from a link supplied in an email. */ public function confirmResetPassword() { $errorMessage = null; $login = Common::getRequestVar('login', ''); $resetToken = Common::getRequestVar('resetToken', ''); try { // get password reset info & user info $user = self::getUserInformation($login); if ($user === null) { throw new Exception(Piwik::translate('Login_InvalidUsernameEmail')); } // check that the reset token is valid $resetPassword = Login::getPasswordToResetTo($login); if ($resetPassword === false || !self::isValidToken($resetToken, $user)) { throw new Exception(Piwik::translate('Login_InvalidOrExpiredToken')); } // reset password of user $this->setNewUserPassword($user, $resetPassword); } catch (Exception $ex) { $errorMessage = $ex->getMessage(); } if (is_null($errorMessage)) { $this->redirectToIndex(Piwik::getLoginPluginName(), 'resetPasswordSuccess'); return; } else { // show login page w/ error. this will keep the token in the URL return $this->login($errorMessage); } }
/** * Error message shown when an AJAX request has no access * * @param string $errorMessage * @return string */ public function ajaxNoAccess($errorMessage) { return sprintf('<div class="alert alert-danger"> <p><strong>%s:</strong> %s</p> <p><a href="%s">%s</a></p> </div>', Piwik::translate('General_Error'), htmlentities($errorMessage, Common::HTML_ENCODING_QUOTE_STYLE, 'UTF-8', $doubleEncode = false), 'index.php?module=' . Piwik::getLoginPluginName(), Piwik::translate('Login_LogIn')); }
/** * Renders the current view. Also sends the stored 'Content-Type' HTML header. * See {@link setContentType()}. * * @return string Generated template. */ public function render() { try { $this->currentModule = Piwik::getModule(); $this->currentAction = Piwik::getAction(); $this->url = Common::sanitizeInputValue(Url::getCurrentUrl()); $this->token_auth = Piwik::getCurrentUserTokenAuth(); $this->userHasSomeAdminAccess = Piwik::isUserHasSomeAdminAccess(); $this->userIsSuperUser = Piwik::hasUserSuperUserAccess(); $this->latest_version_available = UpdateCheck::isNewestVersionAvailable(); $this->disableLink = Common::getRequestVar('disableLink', 0, 'int'); $this->isWidget = Common::getRequestVar('widget', 0, 'int'); $this->cacheBuster = UIAssetCacheBuster::getInstance()->piwikVersionBasedCacheBuster(); $this->loginModule = Piwik::getLoginPluginName(); $user = APIUsersManager::getInstance()->getUser($this->userLogin); $this->userAlias = $user['alias']; } catch (Exception $e) { // can fail, for example at installation (no plugin loaded yet) } try { $this->totalTimeGeneration = Registry::get('timer')->getTime(); $this->totalNumberOfQueries = Profiler::getQueryCount(); } catch (Exception $e) { $this->totalNumberOfQueries = 0; } ProxyHttp::overrideCacheControlHeaders('no-store'); @header('Content-Type: ' . $this->contentType); // always sending this header, sometimes empty, to ensure that Dashboard embed loads (which could call this header() multiple times, the last one will prevail) @header('X-Frame-Options: ' . (string) $this->xFrameOptions); return $this->renderTwigTemplate(); }
/** * Renders the current view. Also sends the stored 'Content-Type' HTML header. * See {@link setContentType()}. * * @return string Generated template. */ public function render() { try { $this->currentModule = Piwik::getModule(); $this->currentAction = Piwik::getAction(); $userLogin = Piwik::getCurrentUserLogin(); $this->userLogin = $userLogin; $count = SettingsPiwik::getWebsitesCountToDisplay(); $sites = APISitesManager::getInstance()->getSitesWithAtLeastViewAccess($count); usort($sites, function ($site1, $site2) { return strcasecmp($site1["name"], $site2["name"]); }); $this->sites = $sites; $this->url = Common::sanitizeInputValue(Url::getCurrentUrl()); $this->token_auth = Piwik::getCurrentUserTokenAuth(); $this->userHasSomeAdminAccess = Piwik::isUserHasSomeAdminAccess(); $this->userIsSuperUser = Piwik::isUserIsSuperUser(); $this->latest_version_available = UpdateCheck::isNewestVersionAvailable(); $this->disableLink = Common::getRequestVar('disableLink', 0, 'int'); $this->isWidget = Common::getRequestVar('widget', 0, 'int'); if (Config::getInstance()->General['autocomplete_min_sites'] <= count($sites)) { $this->show_autocompleter = true; } else { $this->show_autocompleter = false; } $this->loginModule = Piwik::getLoginPluginName(); $user = APIUsersManager::getInstance()->getUser($userLogin); $this->userAlias = $user['alias']; } catch (Exception $e) { // can fail, for example at installation (no plugin loaded yet) } try { $this->totalTimeGeneration = Registry::get('timer')->getTime(); $this->totalNumberOfQueries = Profiler::getQueryCount(); } catch (Exception $e) { $this->totalNumberOfQueries = 0; } ProxyHttp::overrideCacheControlHeaders('no-store'); @header('Content-Type: ' . $this->contentType); // always sending this header, sometimes empty, to ensure that Dashboard embed loads (which could call this header() multiple times, the last one will prevail) @header('X-Frame-Options: ' . (string) $this->xFrameOptions); return $this->renderTwigTemplate(); }
/** * The Super User can modify Anonymous user settings * @param View $view */ protected function initViewAnonymousUserSettings($view) { if (!Piwik::hasUserSuperUserAccess()) { return; } $userLogin = '******'; // Which websites are available to the anonymous users? $anonymousSitesAccess = Request::processRequest('UsersManager.getSitesAccessFromUser', array('userLogin' => $userLogin)); $anonymousSites = array(); $idSites = array(); foreach ($anonymousSitesAccess as $info) { $idSite = $info['site']; $idSites[] = $idSite; $site = Request::processRequest('SitesManager.getSiteFromId', array('idSite' => $idSite)); // Work around manual website deletion if (!empty($site)) { $anonymousSites[] = array('key' => $idSite, 'value' => $site['name']); } } $view->anonymousSites = $anonymousSites; $anonymousDefaultSite = ''; // Which report is displayed by default to the anonymous user? $anonymousDefaultReport = Request::processRequest('UsersManager.getUserPreference', array('userLogin' => $userLogin, 'preferenceName' => APIUsersManager::PREFERENCE_DEFAULT_REPORT)); if ($anonymousDefaultReport === false) { if (empty($anonymousSites)) { $anonymousDefaultReport = Piwik::getLoginPluginName(); } else { // we manually imitate what would happen, in case the anonymous user logs in // and is redirected to the first website available to him in the list // @see getDefaultWebsiteId() $anonymousDefaultReport = '1'; $anonymousDefaultSite = $anonymousSites[0]['key']; } } if (is_numeric($anonymousDefaultReport)) { $anonymousDefaultSite = $anonymousDefaultReport; $anonymousDefaultReport = '1'; // a website is selected, we make sure "Dashboard for a specific site" gets pre-selected } if ((empty($anonymousDefaultSite) || !in_array($anonymousDefaultSite, $idSites)) && !empty($idSites)) { $anonymousDefaultSite = $anonymousSites[0]['key']; } $view->anonymousDefaultReport = $anonymousDefaultReport; $view->anonymousDefaultSite = $anonymousDefaultSite; $view->anonymousDefaultDate = $this->getDefaultDateForUser($userLogin); $view->defaultReportOptions = array(array('key' => 'Login', 'value' => Piwik::translate('UsersManager_TheLoginScreen')), array('key' => 'MultiSites', 'value' => Piwik::translate('General_AllWebsitesDashboard'), 'disabled' => empty($anonymousSites)), array('key' => '1', 'value' => Piwik::translate('General_DashboardForASpecificWebsite'))); }