public function loginAction()
{
$userInactive = false;
try {
$user = User::getByName($this->_getParam("username"));
if ($user instanceof User) {
if ($user->isActive()) {
$authenticated = false;
if ($user->getPassword() == Pimcore_Tool_Authentication::getPasswordHash($this->_getParam("username"), $this->_getParam("password"))) {
$authenticated = true;
} else {
if ($this->_getParam("token") and Pimcore_Tool_Authentication::tokenAuthentication($this->_getParam("username"), $this->_getParam("token"), MCRYPT_TRIPLEDES, MCRYPT_MODE_ECB, false)) {
$authenticated = true;
} else {
throw new Exception("User and Password doesn't match");
}
}
if ($authenticated) {
$adminSession = new Zend_Session_Namespace("pimcore_admin");
$adminSession->user = $user;
$adminSession->frozenuser = $user->getAsFrozen();
}
} else {
$userInactive = true;
throw new Exception("User is inactive");
}
} else {
throw new Exception("User doesn't exist");
}
} catch (Exception $e) {
//see if module ore plugin authenticates user
$user = Pimcore_API_Plugin_Broker::getInstance()->authenticateUser($this->_getParam("username"), $this->_getParam("password"));
if ($user instanceof User) {
$adminSession = new Zend_Session_Namespace("pimcore_admin");
$adminSession->user = $user;
$adminSession->frozenuser = $user->getAsFrozen();
$this->_redirect("/admin/?_dc=" . time());
} else {
$this->writeLogFile($this->_getParam("username"), $e->getMessage());
Logger::info("Login Exception" . $e);
$this->_redirect("/admin/login/?auth_failed=true&inactive=" . $userInactive);
$this->getResponse()->sendResponse();
exit;
}
}
$this->_redirect("/admin/?_dc=" . time());
}
public function loginAction()
{
$userInactive = false;
try {
$user = User::getByName($this->_getParam("username"));
if ($user instanceof User) {
if ($user->isActive()) {
$authenticated = false;
if ($user->getPassword() == Pimcore_Tool_Authentication::getPasswordHash($this->_getParam("username"), $this->_getParam("password"))) {
$authenticated = true;
} else {
if ($this->_getParam("token") and Pimcore_Tool_Authentication::tokenAuthentication($this->_getParam("username"), $this->_getParam("token"), MCRYPT_TRIPLEDES, MCRYPT_MODE_ECB, false)) {
$authenticated = true;
// save the information to session when the user want's to reset the password
// this is because otherwise the old password is required => see also PIMCORE-1468
if ($this->_getParam("reset")) {
$adminSession = Pimcore_Tool_Authentication::getSession();
$adminSession->password_reset = true;
}
} else {
throw new Exception("User and Password doesn't match");
}
}
if ($authenticated) {
$adminSession = Pimcore_Tool_Authentication::getSession();
$adminSession->user = $user;
Zend_Session::regenerateId();
}
} else {
$userInactive = true;
throw new Exception("User is inactive");
}
} else {
throw new Exception("User doesn't exist");
}
} catch (Exception $e) {
//see if module or plugin authenticates user
$user = Pimcore_API_Plugin_Broker::getInstance()->authenticateUser($this->_getParam("username"), $this->_getParam("password"));
if ($user instanceof User) {
$adminSession = Pimcore_Tool_Authentication::getSession();
$adminSession->user = $user;
$this->_redirect("/admin/?_dc=" . time());
} else {
$this->writeLogFile($this->_getParam("username"), $e->getMessage());
Logger::info("Login Exception" . $e);
$this->_redirect("/admin/login/?auth_failed=true&inactive=" . $userInactive);
exit;
}
}
$this->_redirect("/admin/?_dc=" . time());
}
