public function loginAction() { $userInactive = false; try { $user = User::getByName($this->_getParam("username")); if ($user instanceof User) { if ($user->isActive()) { $authenticated = false; if ($user->getPassword() == Pimcore_Tool_Authentication::getPasswordHash($this->_getParam("username"), $this->_getParam("password"))) { $authenticated = true; } else { if ($this->_getParam("token") and Pimcore_Tool_Authentication::tokenAuthentication($this->_getParam("username"), $this->_getParam("token"), MCRYPT_TRIPLEDES, MCRYPT_MODE_ECB, false)) { $authenticated = true; } else { throw new Exception("User and Password doesn't match"); } } if ($authenticated) { $adminSession = new Zend_Session_Namespace("pimcore_admin"); $adminSession->user = $user; $adminSession->frozenuser = $user->getAsFrozen(); } } else { $userInactive = true; throw new Exception("User is inactive"); } } else { throw new Exception("User doesn't exist"); } } catch (Exception $e) { //see if module ore plugin authenticates user $user = Pimcore_API_Plugin_Broker::getInstance()->authenticateUser($this->_getParam("username"), $this->_getParam("password")); if ($user instanceof User) { $adminSession = new Zend_Session_Namespace("pimcore_admin"); $adminSession->user = $user; $adminSession->frozenuser = $user->getAsFrozen(); $this->_redirect("/admin/?_dc=" . time()); } else { $this->writeLogFile($this->_getParam("username"), $e->getMessage()); Logger::info("Login Exception" . $e); $this->_redirect("/admin/login/?auth_failed=true&inactive=" . $userInactive); $this->getResponse()->sendResponse(); exit; } } $this->_redirect("/admin/?_dc=" . time()); }
public function loginAction() { $userInactive = false; try { $user = User::getByName($this->_getParam("username")); if ($user instanceof User) { if ($user->isActive()) { $authenticated = false; if ($user->getPassword() == Pimcore_Tool_Authentication::getPasswordHash($this->_getParam("username"), $this->_getParam("password"))) { $authenticated = true; } else { if ($this->_getParam("token") and Pimcore_Tool_Authentication::tokenAuthentication($this->_getParam("username"), $this->_getParam("token"), MCRYPT_TRIPLEDES, MCRYPT_MODE_ECB, false)) { $authenticated = true; // save the information to session when the user want's to reset the password // this is because otherwise the old password is required => see also PIMCORE-1468 if ($this->_getParam("reset")) { $adminSession = Pimcore_Tool_Authentication::getSession(); $adminSession->password_reset = true; } } else { throw new Exception("User and Password doesn't match"); } } if ($authenticated) { $adminSession = Pimcore_Tool_Authentication::getSession(); $adminSession->user = $user; Zend_Session::regenerateId(); } } else { $userInactive = true; throw new Exception("User is inactive"); } } else { throw new Exception("User doesn't exist"); } } catch (Exception $e) { //see if module or plugin authenticates user $user = Pimcore_API_Plugin_Broker::getInstance()->authenticateUser($this->_getParam("username"), $this->_getParam("password")); if ($user instanceof User) { $adminSession = Pimcore_Tool_Authentication::getSession(); $adminSession->user = $user; $this->_redirect("/admin/?_dc=" . time()); } else { $this->writeLogFile($this->_getParam("username"), $e->getMessage()); Logger::info("Login Exception" . $e); $this->_redirect("/admin/login/?auth_failed=true&inactive=" . $userInactive); exit; } } $this->_redirect("/admin/?_dc=" . time()); }