/**
* Redirects to Login form with error message.
* Listens to User.isNotAuthorized hook.
*/
public function noAccess(Exception $exception)
{
$frontController = FrontController::getInstance();
if (Common::isXmlHttpRequest()) {
echo $frontController->dispatch(Piwik::getLoginPluginName(), 'ajaxNoAccess', array($exception->getMessage()));
return;
}
echo $frontController->dispatch(Piwik::getLoginPluginName(), 'login', array($exception->getMessage()));
}
function redirectToCoreHomeIndex()
{
$defaultReport = API::getInstance()->getUserPreference(Piwik::getCurrentUserLogin(), API::PREFERENCE_DEFAULT_REPORT);
$module = 'CoreHome';
$action = 'index';
// User preference: default report to load is the All Websites dashboard
if ($defaultReport == 'MultiSites' && \Piwik\Plugin\Manager::getInstance()->isPluginActivated('MultiSites')) {
$module = 'MultiSites';
}
if ($defaultReport == Piwik::getLoginPluginName()) {
$module = Piwik::getLoginPluginName();
}
$idSite = Common::getRequestVar('idSite', false, 'int');
parent::redirectToIndex($module, $action, $idSite);
}
/**
* Helper method used to redirect the current HTTP request to another module/action.
*
* This function will exit immediately after executing.
*
* @param string $moduleToRedirect The plugin to redirect to, eg. `"MultiSites"`.
* @param string $actionToRedirect Action, eg. `"index"`.
* @param int|null $websiteId The new idSite query parameter, eg, `1`.
* @param string|null $defaultPeriod The new period query parameter, eg, `'day'`.
* @param string|null $defaultDate The new date query parameter, eg, `'today'`.
* @param array $parameters Other query parameters to append to the URL.
* @api
*/
public function redirectToIndex($moduleToRedirect, $actionToRedirect, $websiteId = null, $defaultPeriod = null, $defaultDate = null, $parameters = array())
{
$userPreferences = new UserPreferences();
if (empty($websiteId)) {
$websiteId = $userPreferences->getDefaultWebsiteId();
}
if (empty($defaultDate)) {
$defaultDate = $userPreferences->getDefaultDate();
}
if (empty($defaultPeriod)) {
$defaultPeriod = $userPreferences->getDefaultPeriod();
}
$parametersString = '';
if (!empty($parameters)) {
$parametersString = '&' . Url::getQueryStringFromParameters($parameters);
}
if ($websiteId) {
$url = "index.php?module=" . $moduleToRedirect . "&action=" . $actionToRedirect . "&idSite=" . $websiteId . "&period=" . $defaultPeriod . "&date=" . $defaultDate . $parametersString;
Url::redirectToUrl($url);
exit;
}
if (Piwik::hasUserSuperUserAccess()) {
Piwik_ExitWithMessage("Error: no website was found in this Piwik installation.\n\t\t\t<br />Check the table '" . Common::prefixTable('site') . "' in your database, it should contain your Piwik websites.", false, true);
}
$currentLogin = Piwik::getCurrentUserLogin();
if (!empty($currentLogin) && $currentLogin != 'anonymous') {
$emails = implode(',', Piwik::getAllSuperUserAccessEmailAddresses());
$errorMessage = sprintf(Piwik::translate('CoreHome_NoPrivilegesAskPiwikAdmin'), $currentLogin, "<br/><a href='mailto:" . $emails . "?subject=Access to Piwik for user {$currentLogin}'>", "</a>");
$errorMessage .= "<br /><br /> <b><a href='index.php?module=" . Registry::get('auth')->getName() . "&action=logout'>› " . Piwik::translate('General_Logout') . "</a></b><br />";
Piwik_ExitWithMessage($errorMessage, false, true);
}
echo FrontController::getInstance()->dispatch(Piwik::getLoginPluginName(), false);
exit;
}
private function getLoginModule()
{
return Piwik::getLoginPluginName();
}
/**
* The Super User can modify Anonymous user settings
* @param View $view
*/
protected function initViewAnonymousUserSettings($view)
{
if (!Piwik::hasUserSuperUserAccess()) {
return;
}
$userLogin = '******';
// Which websites are available to the anonymous users?
$anonymousSitesAccess = APIUsersManager::getInstance()->getSitesAccessFromUser($userLogin);
$anonymousSites = array();
foreach ($anonymousSitesAccess as $info) {
$idSite = $info['site'];
$site = APISitesManager::getInstance()->getSiteFromId($idSite);
// Work around manual website deletion
if (!empty($site)) {
$anonymousSites[$idSite] = $site;
}
}
$view->anonymousSites = $anonymousSites;
// Which report is displayed by default to the anonymous user?
$anonymousDefaultReport = APIUsersManager::getInstance()->getUserPreference($userLogin, APIUsersManager::PREFERENCE_DEFAULT_REPORT);
if ($anonymousDefaultReport === false) {
if (empty($anonymousSites)) {
$anonymousDefaultReport = Piwik::getLoginPluginName();
} else {
// we manually imitate what would happen, in case the anonymous user logs in
// and is redirected to the first website available to him in the list
// @see getDefaultWebsiteId()
reset($anonymousSites);
$anonymousDefaultReport = key($anonymousSites);
}
}
$view->anonymousDefaultReport = $anonymousDefaultReport;
$view->anonymousDefaultDate = $this->getDefaultDateForUser($userLogin);
}
/**
* Password reset confirmation action. Finishes the password reset process.
* Users visit this action from a link supplied in an email.
*/
public function confirmResetPassword()
{
$errorMessage = null;
$login = Common::getRequestVar('login', '');
$resetToken = Common::getRequestVar('resetToken', '');
try {
$this->passwordResetter->confirmNewPassword($login, $resetToken);
} catch (Exception $ex) {
Log::debug($ex);
$errorMessage = $ex->getMessage();
}
if (is_null($errorMessage)) {
// if success, show login w/ success message
// have to do this as super user since redirectToIndex checks if there's a default website ID for
// the current user and if not, doesn't redirect to the requested action. TODO: this behavior is wrong. somehow.
$self = $this;
Access::doAsSuperUser(function () use($self) {
$self->redirectToIndex(Piwik::getLoginPluginName(), 'resetPasswordSuccess');
});
return null;
} else {
// show login page w/ error. this will keep the token in the URL
return $this->login($errorMessage);
}
}
/**
* Renders the current view. Also sends the stored 'Content-Type' HTML header.
* See {@link setContentType()}.
*
* @return string Generated template.
*/
public function render()
{
try {
$this->currentModule = Piwik::getModule();
$this->currentAction = Piwik::getAction();
$this->url = Common::sanitizeInputValue(Url::getCurrentUrl());
$this->token_auth = Piwik::getCurrentUserTokenAuth();
$this->userHasSomeAdminAccess = Piwik::isUserHasSomeAdminAccess();
$this->userIsAnonymous = Piwik::isUserIsAnonymous();
$this->userIsSuperUser = Piwik::hasUserSuperUserAccess();
$this->latest_version_available = UpdateCheck::isNewestVersionAvailable();
$this->disableLink = Common::getRequestVar('disableLink', 0, 'int');
$this->isWidget = Common::getRequestVar('widget', 0, 'int');
$piwikAds = StaticContainer::get('Piwik\\ProfessionalServices\\Advertising');
$this->areAdsForProfessionalServicesEnabled = $piwikAds->areAdsForProfessionalServicesEnabled();
if (Development::isEnabled()) {
$cacheBuster = rand(0, 10000);
} else {
$cacheBuster = UIAssetCacheBuster::getInstance()->piwikVersionBasedCacheBuster();
}
$this->cacheBuster = $cacheBuster;
$this->loginModule = Piwik::getLoginPluginName();
$user = APIUsersManager::getInstance()->getUser($this->userLogin);
$this->userAlias = $user['alias'];
} catch (Exception $e) {
Log::debug($e);
// can fail, for example at installation (no plugin loaded yet)
}
ProxyHttp::overrideCacheControlHeaders('no-store');
Common::sendHeader('Content-Type: ' . $this->contentType);
// always sending this header, sometimes empty, to ensure that Dashboard embed loads
// - when calling sendHeader() multiple times, the last one prevails
Common::sendHeader('X-Frame-Options: ' . (string) $this->xFrameOptions);
return $this->renderTwigTemplate();
}
/**
* Helper method used to redirect the current HTTP request to another module/action.
*
* This function will exit immediately after executing.
*
* @param string $moduleToRedirect The plugin to redirect to, eg. `"MultiSites"`.
* @param string $actionToRedirect Action, eg. `"index"`.
* @param int|null $websiteId The new idSite query parameter, eg, `1`.
* @param string|null $defaultPeriod The new period query parameter, eg, `'day'`.
* @param string|null $defaultDate The new date query parameter, eg, `'today'`.
* @param array $parameters Other query parameters to append to the URL.
* @api
*/
public function redirectToIndex($moduleToRedirect, $actionToRedirect, $websiteId = null, $defaultPeriod = null, $defaultDate = null, $parameters = array())
{
try {
$this->doRedirectToUrl($moduleToRedirect, $actionToRedirect, $websiteId, $defaultPeriod, $defaultDate, $parameters);
} catch (Exception $e) {
// no website ID to default to, so could not redirect
}
if (Piwik::hasUserSuperUserAccess()) {
Piwik_ExitWithMessage("Error: no website was found in this Piwik installation.\n\t\t\t<br />Check the table '" . Common::prefixTable('site') . "' in your database, it should contain your Piwik websites.", false, true);
}
if (!Piwik::isUserIsAnonymous()) {
$emails = implode(',', Piwik::getAllSuperUserAccessEmailAddresses());
$errorMessage = sprintf(Piwik::translate('CoreHome_NoPrivilegesAskPiwikAdmin'), $currentLogin, "<br/><a href='mailto:" . $emails . "?subject=Access to Piwik for user {$currentLogin}'>", "</a>");
$errorMessage .= "<br /><br /> <b><a href='index.php?module=" . Registry::get('auth')->getName() . "&action=logout'>› " . Piwik::translate('General_Logout') . "</a></b><br />";
Piwik_ExitWithMessage($errorMessage, false, true);
}
echo FrontController::getInstance()->dispatch(Piwik::getLoginPluginName(), false);
exit;
}
/**
* Password reset confirmation action. Finishes the password reset process.
* Users visit this action from a link supplied in an email.
*/
public function confirmResetPassword()
{
$errorMessage = null;
$login = Common::getRequestVar('login', '');
$resetToken = Common::getRequestVar('resetToken', '');
try {
// get password reset info & user info
$user = self::getUserInformation($login);
if ($user === null) {
throw new Exception(Piwik::translate('Login_InvalidUsernameEmail'));
}
// check that the reset token is valid
$resetPassword = Login::getPasswordToResetTo($login);
if ($resetPassword === false || !self::isValidToken($resetToken, $user)) {
throw new Exception(Piwik::translate('Login_InvalidOrExpiredToken'));
}
// reset password of user
$this->setNewUserPassword($user, $resetPassword);
} catch (Exception $ex) {
$errorMessage = $ex->getMessage();
}
if (is_null($errorMessage)) {
$this->redirectToIndex(Piwik::getLoginPluginName(), 'resetPasswordSuccess');
return;
} else {
// show login page w/ error. this will keep the token in the URL
return $this->login($errorMessage);
}
}
/**
* Error message shown when an AJAX request has no access
*
* @param string $errorMessage
* @return string
*/
public function ajaxNoAccess($errorMessage)
{
return sprintf('<div class="alert alert-danger">
<p><strong>%s:</strong> %s</p>
<p><a href="%s">%s</a></p>
</div>', Piwik::translate('General_Error'), htmlentities($errorMessage, Common::HTML_ENCODING_QUOTE_STYLE, 'UTF-8', $doubleEncode = false), 'index.php?module=' . Piwik::getLoginPluginName(), Piwik::translate('Login_LogIn'));
}
/**
* Renders the current view. Also sends the stored 'Content-Type' HTML header.
* See {@link setContentType()}.
*
* @return string Generated template.
*/
public function render()
{
try {
$this->currentModule = Piwik::getModule();
$this->currentAction = Piwik::getAction();
$this->url = Common::sanitizeInputValue(Url::getCurrentUrl());
$this->token_auth = Piwik::getCurrentUserTokenAuth();
$this->userHasSomeAdminAccess = Piwik::isUserHasSomeAdminAccess();
$this->userIsSuperUser = Piwik::hasUserSuperUserAccess();
$this->latest_version_available = UpdateCheck::isNewestVersionAvailable();
$this->disableLink = Common::getRequestVar('disableLink', 0, 'int');
$this->isWidget = Common::getRequestVar('widget', 0, 'int');
$this->cacheBuster = UIAssetCacheBuster::getInstance()->piwikVersionBasedCacheBuster();
$this->loginModule = Piwik::getLoginPluginName();
$user = APIUsersManager::getInstance()->getUser($this->userLogin);
$this->userAlias = $user['alias'];
} catch (Exception $e) {
// can fail, for example at installation (no plugin loaded yet)
}
try {
$this->totalTimeGeneration = Registry::get('timer')->getTime();
$this->totalNumberOfQueries = Profiler::getQueryCount();
} catch (Exception $e) {
$this->totalNumberOfQueries = 0;
}
ProxyHttp::overrideCacheControlHeaders('no-store');
@header('Content-Type: ' . $this->contentType);
// always sending this header, sometimes empty, to ensure that Dashboard embed loads (which could call this header() multiple times, the last one will prevail)
@header('X-Frame-Options: ' . (string) $this->xFrameOptions);
return $this->renderTwigTemplate();
}
/**
* Renders the current view. Also sends the stored 'Content-Type' HTML header.
* See {@link setContentType()}.
*
* @return string Generated template.
*/
public function render()
{
try {
$this->currentModule = Piwik::getModule();
$this->currentAction = Piwik::getAction();
$userLogin = Piwik::getCurrentUserLogin();
$this->userLogin = $userLogin;
$count = SettingsPiwik::getWebsitesCountToDisplay();
$sites = APISitesManager::getInstance()->getSitesWithAtLeastViewAccess($count);
usort($sites, function ($site1, $site2) {
return strcasecmp($site1["name"], $site2["name"]);
});
$this->sites = $sites;
$this->url = Common::sanitizeInputValue(Url::getCurrentUrl());
$this->token_auth = Piwik::getCurrentUserTokenAuth();
$this->userHasSomeAdminAccess = Piwik::isUserHasSomeAdminAccess();
$this->userIsSuperUser = Piwik::isUserIsSuperUser();
$this->latest_version_available = UpdateCheck::isNewestVersionAvailable();
$this->disableLink = Common::getRequestVar('disableLink', 0, 'int');
$this->isWidget = Common::getRequestVar('widget', 0, 'int');
if (Config::getInstance()->General['autocomplete_min_sites'] <= count($sites)) {
$this->show_autocompleter = true;
} else {
$this->show_autocompleter = false;
}
$this->loginModule = Piwik::getLoginPluginName();
$user = APIUsersManager::getInstance()->getUser($userLogin);
$this->userAlias = $user['alias'];
} catch (Exception $e) {
// can fail, for example at installation (no plugin loaded yet)
}
try {
$this->totalTimeGeneration = Registry::get('timer')->getTime();
$this->totalNumberOfQueries = Profiler::getQueryCount();
} catch (Exception $e) {
$this->totalNumberOfQueries = 0;
}
ProxyHttp::overrideCacheControlHeaders('no-store');
@header('Content-Type: ' . $this->contentType);
// always sending this header, sometimes empty, to ensure that Dashboard embed loads (which could call this header() multiple times, the last one will prevail)
@header('X-Frame-Options: ' . (string) $this->xFrameOptions);
return $this->renderTwigTemplate();
}
/**
* The Super User can modify Anonymous user settings
* @param View $view
*/
protected function initViewAnonymousUserSettings($view)
{
if (!Piwik::hasUserSuperUserAccess()) {
return;
}
$userLogin = '******';
// Which websites are available to the anonymous users?
$anonymousSitesAccess = Request::processRequest('UsersManager.getSitesAccessFromUser', array('userLogin' => $userLogin));
$anonymousSites = array();
$idSites = array();
foreach ($anonymousSitesAccess as $info) {
$idSite = $info['site'];
$idSites[] = $idSite;
$site = Request::processRequest('SitesManager.getSiteFromId', array('idSite' => $idSite));
// Work around manual website deletion
if (!empty($site)) {
$anonymousSites[] = array('key' => $idSite, 'value' => $site['name']);
}
}
$view->anonymousSites = $anonymousSites;
$anonymousDefaultSite = '';
// Which report is displayed by default to the anonymous user?
$anonymousDefaultReport = Request::processRequest('UsersManager.getUserPreference', array('userLogin' => $userLogin, 'preferenceName' => APIUsersManager::PREFERENCE_DEFAULT_REPORT));
if ($anonymousDefaultReport === false) {
if (empty($anonymousSites)) {
$anonymousDefaultReport = Piwik::getLoginPluginName();
} else {
// we manually imitate what would happen, in case the anonymous user logs in
// and is redirected to the first website available to him in the list
// @see getDefaultWebsiteId()
$anonymousDefaultReport = '1';
$anonymousDefaultSite = $anonymousSites[0]['key'];
}
}
if (is_numeric($anonymousDefaultReport)) {
$anonymousDefaultSite = $anonymousDefaultReport;
$anonymousDefaultReport = '1';
// a website is selected, we make sure "Dashboard for a specific site" gets pre-selected
}
if ((empty($anonymousDefaultSite) || !in_array($anonymousDefaultSite, $idSites)) && !empty($idSites)) {
$anonymousDefaultSite = $anonymousSites[0]['key'];
}
$view->anonymousDefaultReport = $anonymousDefaultReport;
$view->anonymousDefaultSite = $anonymousDefaultSite;
$view->anonymousDefaultDate = $this->getDefaultDateForUser($userLogin);
$view->defaultReportOptions = array(array('key' => 'Login', 'value' => Piwik::translate('UsersManager_TheLoginScreen')), array('key' => 'MultiSites', 'value' => Piwik::translate('General_AllWebsitesDashboard'), 'disabled' => empty($anonymousSites)), array('key' => '1', 'value' => Piwik::translate('General_DashboardForASpecificWebsite')));
}
