/** * Authenticate user and initializes the session. * Listens to Login.initSession hook. * * @param Piwik_Event_Notification $notification notification object * @throws Exception */ function initSession($notification) { $info = $notification->getNotificationObject(); $login = $info['login']; $md5Password = $info['md5Password']; $rememberMe = $info['rememberMe']; $tokenAuth = Piwik_UsersManager_API::getInstance()->getTokenAuth($login, $md5Password); $auth = Zend_Registry::get('auth'); $auth->setLogin($login); $auth->setTokenAuth($tokenAuth); $authResult = $auth->authenticate(); $authCookieName = Piwik_Config::getInstance()->General['login_cookie_name']; $authCookieExpiry = $rememberMe ? time() + Piwik_Config::getInstance()->General['login_cookie_expire'] : 0; $authCookiePath = Piwik_Config::getInstance()->General['login_cookie_path']; $cookie = new Piwik_Cookie($authCookieName, $authCookieExpiry, $authCookiePath); if (!$authResult->isValid()) { $cookie->delete(); throw new Exception(Piwik_Translate('Login_LoginPasswordNotCorrect')); } $cookie->set('login', $login); $cookie->set('token_auth', $auth->getHashTokenAuth($login, $authResult->getTokenAuth())); $cookie->setSecure(Piwik::isHttps()); $cookie->setHttpOnly(true); $cookie->save(); @Piwik_Session::regenerateId(); // remove password reset entry if it exists self::removePasswordResetInfo($login); }