public function loginAction() { $userInactive = false; try { $user = User::getByName($this->_getParam("username")); if ($user instanceof User) { if ($user->isActive()) { $authenticated = false; if ($user->getPassword() == Pimcore_Tool_Authentication::getPasswordHash($this->_getParam("username"), $this->_getParam("password"))) { $authenticated = true; } else { if ($this->_getParam("token") and Pimcore_Tool_Authentication::tokenAuthentication($this->_getParam("username"), $this->_getParam("token"), MCRYPT_TRIPLEDES, MCRYPT_MODE_ECB, false)) { $authenticated = true; } else { throw new Exception("User and Password doesn't match"); } } if ($authenticated) { $adminSession = new Zend_Session_Namespace("pimcore_admin"); $adminSession->user = $user; $adminSession->frozenuser = $user->getAsFrozen(); } } else { $userInactive = true; throw new Exception("User is inactive"); } } else { throw new Exception("User doesn't exist"); } } catch (Exception $e) { //see if module ore plugin authenticates user $user = Pimcore_API_Plugin_Broker::getInstance()->authenticateUser($this->_getParam("username"), $this->_getParam("password")); if ($user instanceof User) { $adminSession = new Zend_Session_Namespace("pimcore_admin"); $adminSession->user = $user; $adminSession->frozenuser = $user->getAsFrozen(); $this->_redirect("/admin/?_dc=" . time()); } else { $this->writeLogFile($this->_getParam("username"), $e->getMessage()); Logger::info("Login Exception" . $e); $this->_redirect("/admin/login/?auth_failed=true&inactive=" . $userInactive); $this->getResponse()->sendResponse(); exit; } } $this->_redirect("/admin/?_dc=" . time()); }
} } // complete the pimcore starup tasks (config, framework, modules, plugins ...) Pimcore::initConfiguration(); sleep(4); Pimcore::setupFramework(); Pimcore::initLogger(); Pimcore::initModules(); Pimcore::initPlugins(); /* * Now the pimcore_phpunit instance is up and running. It is a clean pimcore instance with a fresh database setup and * system config. The pimcore source code is identical to the current development unit */ //create admin user (normally this would be included in the pimcore install process) if (!$skipInstall) { $user = User::create(array("parentId" => 0, "username" => "admin", "password" => Pimcore_Tool_Authentication::getPasswordHash("admin", "admin"), "hasCredentials" => true, "active" => true)); $user->setAdmin(true); $user->save(); chdir($pimcoreRoot . "/tests"); } // set test config to registry - we might need it later $conf = new Zend_Config_Xml(TESTS_PATH . "/config/testconfig.xml"); Zend_Registry::set("pimcore_config_test", $conf); try { $conf = Zend_Registry::get("pimcore_config_system"); } catch (Exception $e) { die("config not present"); } // set timezone if ($conf instanceof Zend_Config) { if ($conf->general->timezone) {
public function installAction() { // try to establish a mysql connection try { $db = Zend_Db::factory($this->_getParam("mysql_adapter"), array('host' => $this->_getParam("mysql_host"), 'username' => $this->_getParam("mysql_username"), 'password' => $this->_getParam("mysql_password"), 'dbname' => $this->_getParam("mysql_database"), "port" => $this->_getParam("mysql_port"))); $db->getConnection(); // check utf-8 encoding $result = $db->fetchRow('SHOW VARIABLES LIKE "character\\_set\\_database"'); if ($result['Value'] != "utf8") { $errors[] = "Database charset is not utf-8"; } } catch (Exception $e) { $errors[] = "Couldn't establish connection to mysql: " . $e->getMessage(); } // check username & password if (strlen($this->_getParam("admin_password")) < 4 || strlen($this->_getParam("admin_username")) < 4) { $errors[] = "Username and password should have at least 4 characters"; } if (empty($errors)) { // write configuration file $settings = array("general" => array("timezone" => "Europe/Berlin", "language" => "en", "validLanguages" => "en", "debug" => "1", "loginscreenimageservice" => "1", "loglevel" => array("debug" => "1", "info" => "1", "notice" => "1", "warning" => "1", "error" => "1", "critical" => "1", "alert" => "1", "emergency" => "1")), "database" => array("adapter" => $this->_getParam("mysql_adapter"), "params" => array("host" => $this->_getParam("mysql_host"), "username" => $this->_getParam("mysql_username"), "password" => $this->_getParam("mysql_password"), "dbname" => $this->_getParam("mysql_database"), "port" => $this->_getParam("mysql_port"))), "documents" => array("versions" => array("steps" => "10"), "default_controller" => "default", "default_action" => "default", "error_pages" => array("default" => "/"), "createredirectwhenmoved" => "", "allowtrailingslash" => "no", "allowcapitals" => "no"), "objects" => array("versions" => array("steps" => "10")), "assets" => array("versions" => array("steps" => "10")), "services" => array(), "cache" => array("excludeCookie" => "pimcore_admin_sid"), "httpclient" => array("adapter" => "Zend_Http_Client_Adapter_Socket")); $config = new Zend_Config($settings, true); $writer = new Zend_Config_Writer_Xml(array("config" => $config, "filename" => PIMCORE_CONFIGURATION_SYSTEM)); $writer->write(); // insert db dump $db = Pimcore_Resource::get(); $mysqlInstallScript = file_get_contents(PIMCORE_PATH . "/modules/install/mysql/install.sql"); // remove comments in SQL script $mysqlInstallScript = preg_replace("/\\s*(?!<\")\\/\\*[^\\*]+\\*\\/(?!\")\\s*/", "", $mysqlInstallScript); // get every command as single part $mysqlInstallScripts = explode(";", $mysqlInstallScript); // execute every script with a separate call, otherwise this will end in a PDO_Exception "unbufferd queries, ..." seems to be a PDO bug after some googling foreach ($mysqlInstallScripts as $m) { $sql = trim($m); if (strlen($sql) > 0) { $sql .= ";"; $db->query($m); } } // get a new database connection $db = Pimcore_Resource::reset(); // insert data into database $db->insert("assets", array("id" => 1, "parentId" => 0, "type" => "folder", "filename" => "", "path" => "/", "creationDate" => time(), "modificationDate" => time(), "userOwner" => 1, "userModification" => 1)); $db->insert("documents", array("id" => 1, "parentId" => 0, "type" => "page", "key" => "", "path" => "/", "index" => 999999, "published" => 1, "creationDate" => time(), "modificationDate" => time(), "userOwner" => 1, "userModification" => 1)); $db->insert("documents_page", array("id" => 1, "controller" => "", "action" => "", "template" => "", "title" => "", "description" => "", "keywords" => "")); $db->insert("objects", array("o_id" => 1, "o_parentId" => 0, "o_type" => "folder", "o_key" => "", "o_path" => "/", "o_index" => 999999, "o_published" => 1, "o_creationDate" => time(), "o_modificationDate" => time(), "o_userOwner" => 1, "o_userModification" => 1)); $db->insert("users", array("parentId" => 0, "name" => "system", "admin" => 1, "active" => 1)); $db->update("users", array("id" => 0), $db->quoteInto("name = ?", "system")); $userPermissions = array(array("key" => "assets"), array("key" => "classes"), array("key" => "clear_cache"), array("key" => "clear_temp_files"), array("key" => "document_types"), array("key" => "documents"), array("key" => "objects"), array("key" => "plugins"), array("key" => "predefined_properties"), array("key" => "routes"), array("key" => "seemode"), array("key" => "system_settings"), array("key" => "thumbnails"), array("key" => "translations"), array("key" => "redirects"), array("key" => "glossary"), array("key" => "reports")); foreach ($userPermissions as $up) { $db->insert("users_permission_definitions", $up); } Pimcore::initConfiguration(); $user = User::create(array("parentId" => 0, "username" => $this->_getParam("admin_username"), "password" => Pimcore_Tool_Authentication::getPasswordHash($this->_getParam("admin_username"), $this->_getParam("admin_password")), "active" => true)); $user->setAdmin(true); $user->save(); $this->_helper->json(array("success" => true)); } else { echo implode("<br />", $errors); die; } }
public function updateCurrentUserAction() { $user = $this->getUser(); if ($user != null) { if ($user->getId() == $this->_getParam("id")) { $values = Zend_Json::decode($this->_getParam("data")); if (!empty($values["password"])) { $values["password"] = Pimcore_Tool_Authentication::getPasswordHash($user->getUsername(), $values["password"]); } $user->setValues($values); $user->save(); $this->_helper->json(array("success" => true)); } else { Logger::warn("prevented save current user, because ids do not match. "); $this->_helper->json(false); } } else { $this->_helper->json(false); } }
public function loginAction() { $userInactive = false; try { $user = User::getByName($this->_getParam("username")); if ($user instanceof User) { if ($user->isActive()) { $authenticated = false; if ($user->getPassword() == Pimcore_Tool_Authentication::getPasswordHash($this->_getParam("username"), $this->_getParam("password"))) { $authenticated = true; } else { if ($this->_getParam("token") and Pimcore_Tool_Authentication::tokenAuthentication($this->_getParam("username"), $this->_getParam("token"), MCRYPT_TRIPLEDES, MCRYPT_MODE_ECB, false)) { $authenticated = true; // save the information to session when the user want's to reset the password // this is because otherwise the old password is required => see also PIMCORE-1468 if ($this->_getParam("reset")) { $adminSession = Pimcore_Tool_Authentication::getSession(); $adminSession->password_reset = true; } } else { throw new Exception("User and Password doesn't match"); } } if ($authenticated) { $adminSession = Pimcore_Tool_Authentication::getSession(); $adminSession->user = $user; Zend_Session::regenerateId(); } } else { $userInactive = true; throw new Exception("User is inactive"); } } else { throw new Exception("User doesn't exist"); } } catch (Exception $e) { //see if module or plugin authenticates user $user = Pimcore_API_Plugin_Broker::getInstance()->authenticateUser($this->_getParam("username"), $this->_getParam("password")); if ($user instanceof User) { $adminSession = Pimcore_Tool_Authentication::getSession(); $adminSession->user = $user; $this->_redirect("/admin/?_dc=" . time()); } else { $this->writeLogFile($this->_getParam("username"), $e->getMessage()); Logger::info("Login Exception" . $e); $this->_redirect("/admin/login/?auth_failed=true&inactive=" . $userInactive); exit; } } $this->_redirect("/admin/?_dc=" . time()); }
public function updateCurrentUserAction() { $user = $this->getUser(); if ($user != null) { if ($user->getId() == $this->_getParam("id")) { $values = Zend_Json::decode($this->_getParam("data")); unset($values["admin"]); unset($values["permissions"]); unset($values["roles"]); unset($values["active"]); if (!empty($values["new_password"])) { $oldPasswordCheck = false; if (empty($values["old_password"])) { // if the user want to reset the password, the old password isn't required $adminSession = Pimcore_Tool_Authentication::getSession(); if ($adminSession->password_reset) { $oldPasswordCheck = true; } } else { // the password have to match $oldPassword = Pimcore_Tool_Authentication::getPasswordHash($user->getName(), $values["old_password"]); if ($oldPassword == $user->getPassword()) { $oldPasswordCheck = true; } } if ($oldPasswordCheck && $values["new_password"] == $values["retype_password"]) { $values["password"] = Pimcore_Tool_Authentication::getPasswordHash($user->getName(), $values["new_password"]); } else { $this->_helper->json(array("success" => false, "message" => "password_cannot_be_changed")); } } $user->setValues($values); $user->save(); $this->_helper->json(array("success" => true)); } else { Logger::warn("prevented save current user, because ids do not match. "); $this->_helper->json(false); } } else { $this->_helper->json(false); } }