public function loginAction()
{
$userInactive = false;
try {
$user = User::getByName($this->_getParam("username"));
if ($user instanceof User) {
if ($user->isActive()) {
$authenticated = false;
if ($user->getPassword() == Pimcore_Tool_Authentication::getPasswordHash($this->_getParam("username"), $this->_getParam("password"))) {
$authenticated = true;
} else {
if ($this->_getParam("token") and Pimcore_Tool_Authentication::tokenAuthentication($this->_getParam("username"), $this->_getParam("token"), MCRYPT_TRIPLEDES, MCRYPT_MODE_ECB, false)) {
$authenticated = true;
} else {
throw new Exception("User and Password doesn't match");
}
}
if ($authenticated) {
$adminSession = new Zend_Session_Namespace("pimcore_admin");
$adminSession->user = $user;
$adminSession->frozenuser = $user->getAsFrozen();
}
} else {
$userInactive = true;
throw new Exception("User is inactive");
}
} else {
throw new Exception("User doesn't exist");
}
} catch (Exception $e) {
//see if module ore plugin authenticates user
$user = Pimcore_API_Plugin_Broker::getInstance()->authenticateUser($this->_getParam("username"), $this->_getParam("password"));
if ($user instanceof User) {
$adminSession = new Zend_Session_Namespace("pimcore_admin");
$adminSession->user = $user;
$adminSession->frozenuser = $user->getAsFrozen();
$this->_redirect("/admin/?_dc=" . time());
} else {
$this->writeLogFile($this->_getParam("username"), $e->getMessage());
Logger::info("Login Exception" . $e);
$this->_redirect("/admin/login/?auth_failed=true&inactive=" . $userInactive);
$this->getResponse()->sendResponse();
exit;
}
}
$this->_redirect("/admin/?_dc=" . time());
}
}
}
// complete the pimcore starup tasks (config, framework, modules, plugins ...)
Pimcore::initConfiguration();
sleep(4);
Pimcore::setupFramework();
Pimcore::initLogger();
Pimcore::initModules();
Pimcore::initPlugins();
/*
* Now the pimcore_phpunit instance is up and running. It is a clean pimcore instance with a fresh database setup and
* system config. The pimcore source code is identical to the current development unit
*/
//create admin user (normally this would be included in the pimcore install process)
if (!$skipInstall) {
$user = User::create(array("parentId" => 0, "username" => "admin", "password" => Pimcore_Tool_Authentication::getPasswordHash("admin", "admin"), "hasCredentials" => true, "active" => true));
$user->setAdmin(true);
$user->save();
chdir($pimcoreRoot . "/tests");
}
// set test config to registry - we might need it later
$conf = new Zend_Config_Xml(TESTS_PATH . "/config/testconfig.xml");
Zend_Registry::set("pimcore_config_test", $conf);
try {
$conf = Zend_Registry::get("pimcore_config_system");
} catch (Exception $e) {
die("config not present");
}
// set timezone
if ($conf instanceof Zend_Config) {
if ($conf->general->timezone) {
public function installAction()
{
// try to establish a mysql connection
try {
$db = Zend_Db::factory($this->_getParam("mysql_adapter"), array('host' => $this->_getParam("mysql_host"), 'username' => $this->_getParam("mysql_username"), 'password' => $this->_getParam("mysql_password"), 'dbname' => $this->_getParam("mysql_database"), "port" => $this->_getParam("mysql_port")));
$db->getConnection();
// check utf-8 encoding
$result = $db->fetchRow('SHOW VARIABLES LIKE "character\\_set\\_database"');
if ($result['Value'] != "utf8") {
$errors[] = "Database charset is not utf-8";
}
} catch (Exception $e) {
$errors[] = "Couldn't establish connection to mysql: " . $e->getMessage();
}
// check username & password
if (strlen($this->_getParam("admin_password")) < 4 || strlen($this->_getParam("admin_username")) < 4) {
$errors[] = "Username and password should have at least 4 characters";
}
if (empty($errors)) {
// write configuration file
$settings = array("general" => array("timezone" => "Europe/Berlin", "language" => "en", "validLanguages" => "en", "debug" => "1", "loginscreenimageservice" => "1", "loglevel" => array("debug" => "1", "info" => "1", "notice" => "1", "warning" => "1", "error" => "1", "critical" => "1", "alert" => "1", "emergency" => "1")), "database" => array("adapter" => $this->_getParam("mysql_adapter"), "params" => array("host" => $this->_getParam("mysql_host"), "username" => $this->_getParam("mysql_username"), "password" => $this->_getParam("mysql_password"), "dbname" => $this->_getParam("mysql_database"), "port" => $this->_getParam("mysql_port"))), "documents" => array("versions" => array("steps" => "10"), "default_controller" => "default", "default_action" => "default", "error_pages" => array("default" => "/"), "createredirectwhenmoved" => "", "allowtrailingslash" => "no", "allowcapitals" => "no"), "objects" => array("versions" => array("steps" => "10")), "assets" => array("versions" => array("steps" => "10")), "services" => array(), "cache" => array("excludeCookie" => "pimcore_admin_sid"), "httpclient" => array("adapter" => "Zend_Http_Client_Adapter_Socket"));
$config = new Zend_Config($settings, true);
$writer = new Zend_Config_Writer_Xml(array("config" => $config, "filename" => PIMCORE_CONFIGURATION_SYSTEM));
$writer->write();
// insert db dump
$db = Pimcore_Resource::get();
$mysqlInstallScript = file_get_contents(PIMCORE_PATH . "/modules/install/mysql/install.sql");
// remove comments in SQL script
$mysqlInstallScript = preg_replace("/\\s*(?!<\")\\/\\*[^\\*]+\\*\\/(?!\")\\s*/", "", $mysqlInstallScript);
// get every command as single part
$mysqlInstallScripts = explode(";", $mysqlInstallScript);
// execute every script with a separate call, otherwise this will end in a PDO_Exception "unbufferd queries, ..." seems to be a PDO bug after some googling
foreach ($mysqlInstallScripts as $m) {
$sql = trim($m);
if (strlen($sql) > 0) {
$sql .= ";";
$db->query($m);
}
}
// get a new database connection
$db = Pimcore_Resource::reset();
// insert data into database
$db->insert("assets", array("id" => 1, "parentId" => 0, "type" => "folder", "filename" => "", "path" => "/", "creationDate" => time(), "modificationDate" => time(), "userOwner" => 1, "userModification" => 1));
$db->insert("documents", array("id" => 1, "parentId" => 0, "type" => "page", "key" => "", "path" => "/", "index" => 999999, "published" => 1, "creationDate" => time(), "modificationDate" => time(), "userOwner" => 1, "userModification" => 1));
$db->insert("documents_page", array("id" => 1, "controller" => "", "action" => "", "template" => "", "title" => "", "description" => "", "keywords" => ""));
$db->insert("objects", array("o_id" => 1, "o_parentId" => 0, "o_type" => "folder", "o_key" => "", "o_path" => "/", "o_index" => 999999, "o_published" => 1, "o_creationDate" => time(), "o_modificationDate" => time(), "o_userOwner" => 1, "o_userModification" => 1));
$db->insert("users", array("parentId" => 0, "name" => "system", "admin" => 1, "active" => 1));
$db->update("users", array("id" => 0), $db->quoteInto("name = ?", "system"));
$userPermissions = array(array("key" => "assets"), array("key" => "classes"), array("key" => "clear_cache"), array("key" => "clear_temp_files"), array("key" => "document_types"), array("key" => "documents"), array("key" => "objects"), array("key" => "plugins"), array("key" => "predefined_properties"), array("key" => "routes"), array("key" => "seemode"), array("key" => "system_settings"), array("key" => "thumbnails"), array("key" => "translations"), array("key" => "redirects"), array("key" => "glossary"), array("key" => "reports"));
foreach ($userPermissions as $up) {
$db->insert("users_permission_definitions", $up);
}
Pimcore::initConfiguration();
$user = User::create(array("parentId" => 0, "username" => $this->_getParam("admin_username"), "password" => Pimcore_Tool_Authentication::getPasswordHash($this->_getParam("admin_username"), $this->_getParam("admin_password")), "active" => true));
$user->setAdmin(true);
$user->save();
$this->_helper->json(array("success" => true));
} else {
echo implode("<br />", $errors);
die;
}
}
public function updateCurrentUserAction()
{
$user = $this->getUser();
if ($user != null) {
if ($user->getId() == $this->_getParam("id")) {
$values = Zend_Json::decode($this->_getParam("data"));
if (!empty($values["password"])) {
$values["password"] = Pimcore_Tool_Authentication::getPasswordHash($user->getUsername(), $values["password"]);
}
$user->setValues($values);
$user->save();
$this->_helper->json(array("success" => true));
} else {
Logger::warn("prevented save current user, because ids do not match. ");
$this->_helper->json(false);
}
} else {
$this->_helper->json(false);
}
}
public function loginAction()
{
$userInactive = false;
try {
$user = User::getByName($this->_getParam("username"));
if ($user instanceof User) {
if ($user->isActive()) {
$authenticated = false;
if ($user->getPassword() == Pimcore_Tool_Authentication::getPasswordHash($this->_getParam("username"), $this->_getParam("password"))) {
$authenticated = true;
} else {
if ($this->_getParam("token") and Pimcore_Tool_Authentication::tokenAuthentication($this->_getParam("username"), $this->_getParam("token"), MCRYPT_TRIPLEDES, MCRYPT_MODE_ECB, false)) {
$authenticated = true;
// save the information to session when the user want's to reset the password
// this is because otherwise the old password is required => see also PIMCORE-1468
if ($this->_getParam("reset")) {
$adminSession = Pimcore_Tool_Authentication::getSession();
$adminSession->password_reset = true;
}
} else {
throw new Exception("User and Password doesn't match");
}
}
if ($authenticated) {
$adminSession = Pimcore_Tool_Authentication::getSession();
$adminSession->user = $user;
Zend_Session::regenerateId();
}
} else {
$userInactive = true;
throw new Exception("User is inactive");
}
} else {
throw new Exception("User doesn't exist");
}
} catch (Exception $e) {
//see if module or plugin authenticates user
$user = Pimcore_API_Plugin_Broker::getInstance()->authenticateUser($this->_getParam("username"), $this->_getParam("password"));
if ($user instanceof User) {
$adminSession = Pimcore_Tool_Authentication::getSession();
$adminSession->user = $user;
$this->_redirect("/admin/?_dc=" . time());
} else {
$this->writeLogFile($this->_getParam("username"), $e->getMessage());
Logger::info("Login Exception" . $e);
$this->_redirect("/admin/login/?auth_failed=true&inactive=" . $userInactive);
exit;
}
}
$this->_redirect("/admin/?_dc=" . time());
}
public function updateCurrentUserAction()
{
$user = $this->getUser();
if ($user != null) {
if ($user->getId() == $this->_getParam("id")) {
$values = Zend_Json::decode($this->_getParam("data"));
unset($values["admin"]);
unset($values["permissions"]);
unset($values["roles"]);
unset($values["active"]);
if (!empty($values["new_password"])) {
$oldPasswordCheck = false;
if (empty($values["old_password"])) {
// if the user want to reset the password, the old password isn't required
$adminSession = Pimcore_Tool_Authentication::getSession();
if ($adminSession->password_reset) {
$oldPasswordCheck = true;
}
} else {
// the password have to match
$oldPassword = Pimcore_Tool_Authentication::getPasswordHash($user->getName(), $values["old_password"]);
if ($oldPassword == $user->getPassword()) {
$oldPasswordCheck = true;
}
}
if ($oldPasswordCheck && $values["new_password"] == $values["retype_password"]) {
$values["password"] = Pimcore_Tool_Authentication::getPasswordHash($user->getName(), $values["new_password"]);
} else {
$this->_helper->json(array("success" => false, "message" => "password_cannot_be_changed"));
}
}
$user->setValues($values);
$user->save();
$this->_helper->json(array("success" => true));
} else {
Logger::warn("prevented save current user, because ids do not match. ");
$this->_helper->json(false);
}
} else {
$this->_helper->json(false);
}
}
