/**
* Authenticate user and initializes the session.
* Listens to Login.initSession hook.
*
* @param Piwik_Event_Notification $notification notification object
* @throws Exception
*/
function initSession($notification)
{
$info = $notification->getNotificationObject();
$login = $info['login'];
$md5Password = $info['md5Password'];
$rememberMe = $info['rememberMe'];
$tokenAuth = Piwik_UsersManager_API::getInstance()->getTokenAuth($login, $md5Password);
$auth = Zend_Registry::get('auth');
$auth->setLogin($login);
$auth->setTokenAuth($tokenAuth);
$authResult = $auth->authenticate();
$authCookieName = Piwik_Config::getInstance()->General['login_cookie_name'];
$authCookieExpiry = $rememberMe ? time() + Piwik_Config::getInstance()->General['login_cookie_expire'] : 0;
$authCookiePath = Piwik_Config::getInstance()->General['login_cookie_path'];
$cookie = new Piwik_Cookie($authCookieName, $authCookieExpiry, $authCookiePath);
if (!$authResult->isValid()) {
$cookie->delete();
throw new Exception(Piwik_Translate('Login_LoginPasswordNotCorrect'));
}
$cookie->set('login', $login);
$cookie->set('token_auth', $auth->getHashTokenAuth($login, $authResult->getTokenAuth()));
$cookie->setSecure(Piwik::isHttps());
$cookie->setHttpOnly(true);
$cookie->save();
@Piwik_Session::regenerateId();
// remove password reset entry if it exists
self::removePasswordResetInfo($login);
}
