/**
* Authenticate user and initializes the session.
* Listens to Login.initSession hook.
*
* @param Piwik_Event_Notification $notification notification object
* @throws Exception
*/
function initSession($notification)
{
$info = $notification->getNotificationObject();
$login = $info['login'];
$md5Password = $info['md5Password'];
$rememberMe = $info['rememberMe'];
$tokenAuth = Piwik_UsersManager_API::getInstance()->getTokenAuth($login, $md5Password);
$auth = Zend_Registry::get('auth');
$auth->setLogin($login);
$auth->setTokenAuth($tokenAuth);
$authResult = $auth->authenticate();
$authCookieName = Piwik_Config::getInstance()->General['login_cookie_name'];
$authCookieExpiry = $rememberMe ? time() + Piwik_Config::getInstance()->General['login_cookie_expire'] : 0;
$authCookiePath = Piwik_Config::getInstance()->General['login_cookie_path'];
$cookie = new Piwik_Cookie($authCookieName, $authCookieExpiry, $authCookiePath);
if (!$authResult->isValid()) {
$cookie->delete();
throw new Exception(Piwik_Translate('Login_LoginPasswordNotCorrect'));
}
$cookie->set('login', $login);
$cookie->set('token_auth', $auth->getHashTokenAuth($login, $authResult->getTokenAuth()));
$cookie->setSecure(Piwik::isHttps());
$cookie->setHttpOnly(true);
$cookie->save();
@Piwik_Session::regenerateId();
// remove password reset entry if it exists
self::removePasswordResetInfo($login);
}
/**
* Get system information
*/
public static function getSystemInformation()
{
global $piwik_minimumPHPVersion;
$minimumMemoryLimit = Piwik_Config::getInstance()->General['minimum_memory_limit'];
$infos = array();
$infos['general_infos'] = array();
$infos['directories'] = Piwik::checkDirectoriesWritable();
$infos['can_auto_update'] = Piwik::canAutoUpdate();
if (Piwik_Common::isIIS()) {
Piwik::createWebConfigFiles();
} else {
Piwik::createHtAccessFiles();
}
Piwik::createWebRootFiles();
$infos['phpVersion_minimum'] = $piwik_minimumPHPVersion;
$infos['phpVersion'] = PHP_VERSION;
$infos['phpVersion_ok'] = version_compare($piwik_minimumPHPVersion, $infos['phpVersion']) === -1;
// critical errors
$extensions = @get_loaded_extensions();
$needed_extensions = array('zlib', 'SPL', 'iconv', 'Reflection');
$infos['needed_extensions'] = $needed_extensions;
$infos['missing_extensions'] = array();
foreach ($needed_extensions as $needed_extension) {
if (!in_array($needed_extension, $extensions)) {
$infos['missing_extensions'][] = $needed_extension;
}
}
$infos['pdo_ok'] = false;
if (in_array('PDO', $extensions)) {
$infos['pdo_ok'] = true;
}
$infos['adapters'] = Piwik_Db_Adapter::getAdapters();
$needed_functions = array('debug_backtrace', 'create_function', 'eval', 'gzcompress', 'gzuncompress', 'pack');
$infos['needed_functions'] = $needed_functions;
$infos['missing_functions'] = array();
foreach ($needed_functions as $needed_function) {
if (!self::functionExists($needed_function)) {
$infos['missing_functions'][] = $needed_function;
}
}
// warnings
$desired_extensions = array('json', 'libxml', 'dom', 'SimpleXML');
$infos['desired_extensions'] = $desired_extensions;
$infos['missing_desired_extensions'] = array();
foreach ($desired_extensions as $desired_extension) {
if (!in_array($desired_extension, $extensions)) {
$infos['missing_desired_extensions'][] = $desired_extension;
}
}
$desired_functions = array('set_time_limit', 'mail', 'parse_ini_file', 'glob');
$infos['desired_functions'] = $desired_functions;
$infos['missing_desired_functions'] = array();
foreach ($desired_functions as $desired_function) {
if (!self::functionExists($desired_function)) {
$infos['missing_desired_functions'][] = $desired_function;
}
}
$infos['openurl'] = Piwik_Http::getTransportMethod();
$infos['gd_ok'] = Piwik::isGdExtensionEnabled();
$infos['hasMbstring'] = false;
$infos['multibyte_ok'] = true;
if (function_exists('mb_internal_encoding')) {
$infos['hasMbstring'] = true;
if ((int) ini_get('mbstring.func_overload') != 0) {
$infos['multibyte_ok'] = false;
}
}
$serverSoftware = isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : '';
$infos['serverVersion'] = addslashes($serverSoftware);
$infos['serverOs'] = @php_uname();
$infos['serverTime'] = date('H:i:s');
$infos['registerGlobals_ok'] = ini_get('register_globals') == 0;
$infos['memoryMinimum'] = $minimumMemoryLimit;
$infos['memory_ok'] = true;
$infos['memoryCurrent'] = '';
$raised = Piwik::raiseMemoryLimitIfNecessary();
if (($memoryValue = Piwik::getMemoryLimitValue()) > 0) {
$infos['memoryCurrent'] = $memoryValue . 'M';
$infos['memory_ok'] = $memoryValue >= $minimumMemoryLimit;
}
$infos['isWindows'] = Piwik_Common::isWindows();
$integrityInfo = Piwik::getFileIntegrityInformation();
$infos['integrity'] = $integrityInfo[0];
$infos['integrityErrorMessages'] = array();
if (isset($integrityInfo[1])) {
if ($infos['integrity'] == false) {
$infos['integrityErrorMessages'][] = '<b>' . Piwik_Translate('General_FileIntegrityWarningExplanation') . '</b>';
}
$infos['integrityErrorMessages'] = array_merge($infos['integrityErrorMessages'], array_slice($integrityInfo, 1));
}
$infos['timezone'] = Piwik::isTimezoneSupportEnabled();
$infos['tracker_status'] = Piwik_Common::getRequestVar('trackerStatus', 0, 'int');
$infos['protocol'] = Piwik_ProxyHeaders::getProtocolInformation();
if (!Piwik::isHttps() && $infos['protocol'] !== null) {
$infos['general_infos']['secure_protocol'] = '1';
}
if (count($headers = Piwik_ProxyHeaders::getProxyClientHeaders()) > 0) {
$infos['general_infos']['proxy_client_headers'] = $headers;
}
if (count($headers = Piwik_ProxyHeaders::getProxyHostHeaders()) > 0) {
$infos['general_infos']['proxy_host_headers'] = $headers;
}
return $infos;
}
/**
* Check force_ssl_login and redirect if connection isn't secure and not using a reverse proxy
*
* @param none
* @return void
*/
protected function checkForceSslLogin()
{
$forceSslLogin = Zend_Registry::get('config')->General->force_ssl_login;
if ($forceSslLogin) {
if (!Piwik::isHttps()) {
$url = 'https://' . Piwik_Url::getCurrentHost() . Piwik_Url::getCurrentScriptName() . Piwik_Url::getCurrentQueryString();
Piwik_Url::redirectToUrl($url);
}
}
}
/**
* Check force_ssl_login and redirect if connection isn't secure and not using a reverse proxy
*
* @param none
* @return void
*/
protected function checkForceSslLogin()
{
$forceSslLogin = Piwik_Config::getInstance()->General['force_ssl_login'];
if ($forceSslLogin && !Piwik::isHttps()) {
$url = 'https://' . Piwik_Url::getCurrentHost() . Piwik_Url::getCurrentScriptName() . Piwik_Url::getCurrentQueryString();
Piwik_Url::redirectToUrl($url);
}
}
/**
* Must be called before dispatch()
* - checks that directories are writable,
* - loads the configuration file,
* - loads the plugin,
* - inits the DB connection,
* - etc.
*/
function init()
{
static $initialized = false;
if ($initialized) {
return;
}
$initialized = true;
try {
Zend_Registry::set('timer', new Piwik_Timer());
$directoriesToCheck = array('/tmp/', '/tmp/templates_c/', '/tmp/cache/', '/tmp/assets/', '/tmp/tcpdf/');
Piwik::checkDirectoriesWritableOrDie($directoriesToCheck);
Piwik_Common::assignCliParametersToRequest();
Piwik_Translate::getInstance()->loadEnglishTranslation();
$exceptionToThrow = false;
try {
Piwik::createConfigObject();
} catch (Exception $e) {
Piwik_PostEvent('FrontController.NoConfigurationFile', $e, $info = array(), $pending = true);
$exceptionToThrow = $e;
}
if (Piwik_Session::isFileBasedSessions()) {
Piwik_Session::start();
}
if (Piwik_Config::getInstance()->General['maintenance_mode'] == 1 && !Piwik_Common::isPhpCliMode()) {
$format = Piwik_Common::getRequestVar('format', '');
$exception = new Exception("Piwik is in scheduled maintenance. Please come back later.");
if (empty($format)) {
throw $exception;
}
$response = new Piwik_API_ResponseBuilder($format);
echo $response->getResponseException($exception);
exit;
}
if (!Piwik_Common::isPhpCliMode() && Piwik_Config::getInstance()->General['force_ssl'] == 1 && !Piwik::isHttps()) {
$url = Piwik_Url::getCurrentUrl();
$url = str_replace("http://", "https://", $url);
Piwik_Url::redirectToUrl($url);
}
$pluginsManager = Piwik_PluginsManager::getInstance();
$pluginsToLoad = Piwik_Config::getInstance()->Plugins['Plugins'];
$pluginsManager->loadPlugins($pluginsToLoad);
if ($exceptionToThrow) {
throw $exceptionToThrow;
}
try {
Piwik::createDatabaseObject();
} catch (Exception $e) {
if (self::shouldRethrowException()) {
throw $e;
}
Piwik_PostEvent('FrontController.badConfigurationFile', $e, $info = array(), $pending = true);
throw $e;
}
Piwik::createLogObject();
// creating the access object, so that core/Updates/* can enforce Super User and use some APIs
Piwik::createAccessObject();
Piwik_PostEvent('FrontController.dispatchCoreAndPluginUpdatesScreen');
Piwik_PluginsManager::getInstance()->installLoadedPlugins();
Piwik::install();
// ensure the current Piwik URL is known for later use
if (method_exists('Piwik', 'getPiwikUrl')) {
$host = Piwik::getPiwikUrl();
}
Piwik_PostEvent('FrontController.initAuthenticationObject');
try {
$authAdapter = Zend_Registry::get('auth');
} catch (Exception $e) {
throw new Exception("Authentication object cannot be found in the Registry. Maybe the Login plugin is not activated?\n\t\t\t\t\t\t\t\t\t<br />You can activate the plugin by adding:<br />\n\t\t\t\t\t\t\t\t\t<code>Plugins[] = Login</code><br />\n\t\t\t\t\t\t\t\t\tunder the <code>[Plugins]</code> section in your config/config.ini.php");
}
Zend_Registry::get('access')->reloadAccess($authAdapter);
Piwik::raiseMemoryLimitIfNecessary();
Piwik_Translate::getInstance()->reloadLanguage();
$pluginsManager->postLoadPlugins();
Piwik_PostEvent('FrontController.checkForUpdates');
} catch (Exception $e) {
if (self::shouldRethrowException()) {
throw $e;
}
Piwik_ExitWithMessage($e->getMessage(), false, true);
}
// Piwik::log('End FrontController->init() - Request: '. var_export($_REQUEST, true));
}
/**
* Start the session
*
* @param array|bool $options An array of configuration options; the auto-start (bool) setting is ignored
* @return void
*/
public static function start($options = false)
{
if (Piwik_Common::isPhpCliMode() || self::$sessionStarted || defined('PIWIK_ENABLE_SESSION_START') && !PIWIK_ENABLE_SESSION_START) {
return;
}
self::$sessionStarted = true;
// use cookies to store session id on the client side
@ini_set('session.use_cookies', '1');
// prevent attacks involving session ids passed in URLs
@ini_set('session.use_only_cookies', '1');
// advise browser that session cookie should only be sent over secure connection
if (Piwik::isHttps()) {
@ini_set('session.cookie_secure', '1');
}
// advise browser that session cookie should only be accessible through the HTTP protocol (i.e., not JavaScript)
@ini_set('session.cookie_httponly', '1');
// don't use the default: PHPSESSID
$sessionName = defined('PIWIK_SESSION_NAME') ? PIWIK_SESSION_NAME : 'PIWIK_SESSID';
@ini_set('session.name', $sessionName);
// proxies may cause the referer check to fail and
// incorrectly invalidate the session
@ini_set('session.referer_check', '');
$currentSaveHandler = ini_get('session.save_handler');
$config = Piwik_Config::getInstance();
if (self::isFileBasedSessions()) {
// Note: this handler doesn't work well in load-balanced environments and may have a concurrency issue with locked session files
// for "files", use our own folder to prevent local session file hijacking
$sessionPath = PIWIK_USER_PATH . '/tmp/sessions';
// We always call mkdir since it also chmods the directory which might help when permissions were reverted for some reasons
Piwik_Common::mkdir($sessionPath);
@ini_set('session.save_handler', 'files');
@ini_set('session.save_path', $sessionPath);
} else {
if ($config->General['session_save_handler'] === 'dbtable' || in_array($currentSaveHandler, array('user', 'mm'))) {
// We consider these to be misconfigurations, in that:
// - user - we can't verify that user-defined session handler functions have already been set via session_set_save_handler()
// - mm - this handler is not recommended, unsupported, not available for Windows, and has a potential concurrency issue
$db = Zend_Registry::get('db');
$config = array('name' => Piwik_Common::prefixTable('session'), 'primary' => 'id', 'modifiedColumn' => 'modified', 'dataColumn' => 'data', 'lifetimeColumn' => 'lifetime', 'db' => $db);
$saveHandler = new Piwik_Session_SaveHandler_DbTable($config);
if ($saveHandler) {
self::setSaveHandler($saveHandler);
}
}
}
// garbage collection may disabled by default (e.g., Debian)
if (ini_get('session.gc_probability') == 0) {
@ini_set('session.gc_probability', 1);
}
try {
Zend_Session::start();
register_shutdown_function(array('Zend_Session', 'writeClose'), true);
} catch (Exception $e) {
Piwik::log('Unable to start session: ' . $e->getMessage());
$enableDbSessions = '';
if (Piwik::isInstalled()) {
$enableDbSessions = "<br/>If you still experience issues after trying these changes, \n\t\t\t \t\t\twe recommend that you <a href='http://piwik.org/faq/how-to-install/#faq_133' target='_blank'>enable database session storage</a>.";
}
$message = 'Error: ' . Piwik_Translate('General_ExceptionUnableToStartSession') . ' ' . Piwik::getErrorMessageMissingPermissions(Piwik_Common::getPathToPiwikRoot() . '/tmp/sessions/') . $enableDbSessions . "\n<pre>Debug: the original error was \n" . $e->getMessage() . "</pre>";
Piwik_ExitWithMessage($message);
}
}
protected function handleSSLRedirection()
{
if (!Piwik_Common::isPhpCliMode() && Piwik_Config::getInstance()->General['force_ssl'] == 1 && !Piwik::isHttps() && !(Piwik_Common::getRequestVar('module', '') == 'CoreAdminHome' && Piwik_Common::getRequestVar('action', '') == 'optOut')) {
$url = Piwik_Url::getCurrentUrl();
$url = str_replace("http://", "https://", $url);
Piwik_Url::redirectToUrl($url);
}
}
