作者:elavarasan
项目:pimcor
public function loginAction()
{
$user = null;
try {
\Pimcore::getEventManager()->trigger("admin.login.login.authenticate", $this, ["username" => $this->getParam("username"), "password" => $this->getParam("password")]);
$user = $this->getUser();
if (!$user instanceof User) {
if ($this->getParam("password")) {
$user = Tool\Authentication::authenticatePlaintext($this->getParam("username"), $this->getParam("password"));
if (!$user) {
throw new \Exception("Invalid username or password");
}
} else {
if ($this->getParam("token")) {
$user = Tool\Authentication::authenticateToken($this->getParam("username"), $this->getParam("token"));
if (!$user) {
throw new \Exception("Invalid username or token");
}
// save the information to session when the user want's to reset the password
// this is because otherwise the old password is required => see also PIMCORE-1468
if ($this->getParam("reset")) {
Tool\Session::useSession(function ($adminSession) {
$adminSession->password_reset = true;
});
}
} else {
throw new \Exception("Invalid authentication method, must be either password or token");
}
}
}
} catch (\Exception $e) {
//see if module or plugin authenticates user
\Pimcore::getEventManager()->trigger("admin.login.login.failed", $this, ["username" => $this->getParam("username"), "password" => $this->getParam("password")]);
$user = $this->getUser();
if (!$user instanceof User) {
$this->writeLogFile($this->getParam("username"), $e->getMessage());
\Logger::info("Login failed: " . $e);
}
}
if ($user instanceof User && $user->getId() && $user->isActive() && $user->getPassword()) {
Tool\Session::useSession(function ($adminSession) use($user) {
$adminSession->user = $user;
Tool\Session::regenerateId();
});
if ($this->getParam('deeplink')) {
$this->redirect('/admin/login/deeplink/?' . $this->getParam('deeplink'));
} else {
$this->redirect("/admin/?_dc=" . time());
}
} else {
$this->redirect("/admin/login/?auth_failed=true");
exit;
}
}
作者:sgabiso
项目:websit
public function preDispatch()
{
parent::preDispatch();
// do something before the action is called //-> see Zend Framework
\Pimcore\Tool\Authentication::authenticateSession();
$adminSession = new \Zend_Session_Namespace("pimcore_admin");
if (!$adminSession->user instanceof \User) {
$auth = \Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
// We have a login session (user is logged in)
$cached_person = $auth->getIdentity();
$id = $cached_person->getId();
$this->view->person = $this->person = \Object\Person::getById($id);
} else {
$this->forward("form-login", "login");
}
} else {
$this->view->person = $this->person = \Object\Person::getById(590);
}
if ($this->person) {
$this->view->user = $this->user = $this->person;
$this->view->societe = $this->societe = $this->person->getSociete();
$this->view->locations = $this->locations = $this->societe->getLocations();
$this->storeLocation();
}
}
作者:dachcom-digita
项目:pimcore-toolbo
private function installUser(\Pimcore\Model\User\Role $userRole)
{
$userM = new \Pimcore\Model\User();
$user = $userM->getByName('kunde');
if ($user !== FALSE) {
return $user;
}
$user = \Pimcore\Model\User::create(array('parentId' => 0, 'name' => 'kunde', 'password' => \Pimcore\Tool\Authentication::getPasswordHash('kunde', 'kunde'), 'active' => 1, 'language' => 'de', 'admin' => FALSE, 'roles' => array(0 => $userRole->getId())));
$user->save();
return $user;
}
作者:ChristophWurs
项目:pimcor
/**
* @param array $config
*/
public function createOrUpdateUser($config = array())
{
$defaultConfig = array("username" => "admin", "password" => md5(microtime()));
$settings = array_replace_recursive($defaultConfig, $config);
if ($user = Model\User::getByName($settings["username"])) {
$user->delete();
}
$user = Model\User::create(array("parentId" => 0, "username" => $settings["username"], "password" => \Pimcore\Tool\Authentication::getPasswordHash($settings["username"], $settings["password"]), "active" => true));
$user->setAdmin(true);
$user->save();
}
作者:Gerhard1
项目:pimcor
/**
* @throws \Exception
*/
public function init()
{
$conf = Config::getSystemConfig();
if (!$conf->webservice->enabled) {
throw new \Exception("Webservice API isn't enabled");
}
if (!$this->getParam("apikey") && $_COOKIE["pimcore_admin_sid"]) {
$user = Authentication::authenticateSession();
if (!$user instanceof User) {
throw new \Exception("User is not valid");
}
} else {
if (!$this->getParam("apikey")) {
throw new \Exception("API key missing");
} else {
$apikey = $this->getParam("apikey");
$userList = new User\Listing();
$userList->setCondition("apiKey = ? AND type = ? AND active = 1", array($apikey, "user"));
$users = $userList->load();
if (!is_array($users) or count($users) !== 1) {
throw new \Exception("API key error.");
}
if (!$users[0]->getApiKey()) {
throw new \Exception("Couldn't get API key for user.");
}
$user = $users[0];
}
}
\Zend_Registry::set("pimcore_admin_user", $user);
parent::init();
}
作者:solvera
项目:pimcor
protected function execute(InputInterface $input, OutputInterface $output)
{
$user = $input->getOption("user");
if (!$user) {
$this->writeError("No username/ID given");
}
$method = is_numeric($user) ? 'getById' : 'getByName';
$user = User::$method($user);
if (!$user) {
$this->writeError("User with name " . $user . " could not be found. Exiting");
exit;
}
if ($input->getOption("password")) {
$plainPassword = $input->getOption("password");
} else {
$plainPassword = false;
while (empty($plainPassword)) {
$plainPassword = $this->promtSilent();
}
}
$password = \Pimcore\Tool\Authentication::getPasswordHash($user->getName(), $plainPassword);
$user->setPassword($password);
$user->save();
$this->output->writeln("Password for user " . $user->getName() . " reset successfully.");
}
作者:sgabiso
项目:resaExpres
public function preDispatch()
{
parent::preDispatch();
// do something before the action is called //-> see Zend Framework
\Pimcore\Tool\Authentication::authenticateSession();
$adminSession = new \Zend_Session_Namespace("pimcore_admin");
if (!$adminSession->user instanceof \User) {
// $this->forward ( "form-login", "login" );
}
}
作者:jjpeters6
项目:pimcor
public function init()
{
parent::init();
if (is_file(\Pimcore\Config::locateConfigFile("system.php"))) {
// session authentication, only possible if user is logged in
$user = \Pimcore\Tool\Authentication::authenticateSession();
if (!$user instanceof User) {
die("Authentication failed!<br />If you don't have access to the admin interface any more, and you want to find out if the server configuration matches the requirements you have to rename the the system.php for the time of the check.");
}
} elseif ($this->getParam("mysql_adapter")) {
} else {
die("Not possible... no database settings given.<br />Parameters: mysql_adapter,mysql_host,mysql_username,mysql_password,mysql_database");
}
}
作者:emanuel-londo
项目:pimcor
/**
* @param $id
* @param bool $create
* @param bool $returnIdIfEmpty
* @param null $language
* @return array
* @throws \Exception
* @throws \Zend_Exception
*/
public static function getByKeyLocalized($id, $create = false, $returnIdIfEmpty = false, $language = null)
{
if ($user = Tool\Admin::getCurrentUser()) {
$language = $user->getLanguage();
} elseif ($user = Tool\Authentication::authenticateSession()) {
$language = $user->getLanguage();
} elseif (\Zend_Registry::isRegistered("Zend_Locale")) {
$language = (string) \Zend_Registry::get("Zend_Locale");
}
if (!in_array($language, Tool\Admin::getLanguages())) {
$config = \Pimcore\Config::getSystemConfig();
$language = $config->general->language;
}
return self::getByKey($id, $create, $returnIdIfEmpty)->getTranslation($language);
}
作者:ChristophWurs
项目:pimcor
public function scriptAction()
{
// this is just to ensure that the script is only embedded if the user is logged in
// check the login manually
$user = \Pimcore\Tool\Authentication::authenticateSession();
if ($user instanceof Model\User) {
$personas = array();
$list = new Model\Tool\Targeting\Persona\Listing();
foreach ($list->load() as $persona) {
$personas[$persona->getId()] = $persona->getName();
}
header("Content-Type: text/javascript");
echo 'try {
var pimcore = pimcore || {};
pimcore["admin"] = {documentId: ' . $this->getParam("documentId") . '};
pimcore["personas"] = ' . \Zend_Json::encode($personas) . ';
} catch (e) {}';
echo "\n\n\n";
echo file_get_contents(PIMCORE_PATH . "/static6/js/frontend/admin/admin.js");
}
exit;
}
作者:yonetic
项目:pimcore-coreshop-dem
/**
* @param \Zend_Controller_Request_Abstract $request
*/
public function postDispatch(\Zend_Controller_Request_Abstract $request)
{
$conf = Config::getSystemConfig();
// add scripts to editmode
if (\Pimcore\Tool\Admin::isExtJS6()) {
$editmodeLibraries = array("/pimcore/static6/js/pimcore/namespace.js", "/pimcore/static6/js/lib/prototype-light.js", "/pimcore/static6/js/lib/jquery.min.js", "/pimcore/static6/js/lib/ext/ext-all.js", "/pimcore/static6/js/lib/ckeditor/ckeditor.js");
$editmodeScripts = array("/pimcore/static6/js/pimcore/functions.js", "/pimcore/static6/js/pimcore/element/tag/imagehotspotmarkereditor.js", "/pimcore/static6/js/pimcore/element/tag/imagecropper.js", "/pimcore/static6/js/pimcore/document/edit/helper.js", "/pimcore/static6/js/pimcore/document/edit/dnd.js", "/pimcore/static6/js/pimcore/document/tag.js", "/pimcore/static6/js/pimcore/document/tags/block.js", "/pimcore/static6/js/pimcore/document/tags/date.js", "/pimcore/static6/js/pimcore/document/tags/href.js", "/pimcore/static6/js/pimcore/document/tags/multihref.js", "/pimcore/static6/js/pimcore/document/tags/checkbox.js", "/pimcore/static6/js/pimcore/document/tags/image.js", "/pimcore/static6/js/pimcore/document/tags/input.js", "/pimcore/static6/js/pimcore/document/tags/link.js", "/pimcore/static6/js/pimcore/document/tags/select.js", "/pimcore/static6/js/pimcore/document/tags/snippet.js", "/pimcore/static6/js/pimcore/document/tags/textarea.js", "/pimcore/static6/js/pimcore/document/tags/numeric.js", "/pimcore/static6/js/pimcore/document/tags/wysiwyg.js", "/pimcore/static6/js/pimcore/document/tags/renderlet.js", "/pimcore/static6/js/pimcore/document/tags/table.js", "/pimcore/static6/js/pimcore/document/tags/video.js", "/pimcore/static6/js/pimcore/document/tags/multiselect.js", "/pimcore/static6/js/pimcore/document/tags/areablock.js", "/pimcore/static6/js/pimcore/document/tags/area.js", "/pimcore/static6/js/pimcore/document/tags/pdf.js", "/pimcore/static6/js/pimcore/document/edit/helper.js");
$editmodeStylesheets = array("/pimcore/static6/css/icons.css", "/pimcore/static6/css/editmode.css?_dc=" . time());
} else {
$editmodeLibraries = array("/pimcore/static/js/pimcore/namespace.js", "/pimcore/static/js/lib/prototype-light.js", "/pimcore/static/js/lib/jquery.min.js", "/pimcore/static/js/lib/ext/adapter/jquery/ext-jquery-adapter-debug.js", "/pimcore/static/js/lib/ext/ext-all-debug.js", "/pimcore/static/js/lib/ext-plugins/ux/Spinner.js", "/pimcore/static/js/lib/ext-plugins/ux/SpinnerField.js", "/pimcore/static/js/lib/ext-plugins/ux/MultiSelect.js", "/pimcore/static/js/lib/ext-plugins/GridRowOrder/roworder.js", "/pimcore/static/js/lib/ckeditor/ckeditor.js", "/pimcore/static/js/pimcore/libfixes.js");
$editmodeScripts = array("/pimcore/static/js/pimcore/functions.js", "/pimcore/static/js/pimcore/element/tag/imagehotspotmarkereditor.js", "/pimcore/static/js/pimcore/element/tag/imagecropper.js", "/pimcore/static/js/pimcore/document/edit/helper.js", "/pimcore/static/js/pimcore/document/edit/dnd.js", "/pimcore/static/js/pimcore/document/tag.js", "/pimcore/static/js/pimcore/document/tags/block.js", "/pimcore/static/js/pimcore/document/tags/date.js", "/pimcore/static/js/pimcore/document/tags/href.js", "/pimcore/static/js/pimcore/document/tags/multihref.js", "/pimcore/static/js/pimcore/document/tags/checkbox.js", "/pimcore/static/js/pimcore/document/tags/image.js", "/pimcore/static/js/pimcore/document/tags/input.js", "/pimcore/static/js/pimcore/document/tags/link.js", "/pimcore/static/js/pimcore/document/tags/select.js", "/pimcore/static/js/pimcore/document/tags/snippet.js", "/pimcore/static/js/pimcore/document/tags/textarea.js", "/pimcore/static/js/pimcore/document/tags/numeric.js", "/pimcore/static/js/pimcore/document/tags/wysiwyg.js", "/pimcore/static/js/pimcore/document/tags/renderlet.js", "/pimcore/static/js/pimcore/document/tags/table.js", "/pimcore/static/js/pimcore/document/tags/video.js", "/pimcore/static/js/pimcore/document/tags/multiselect.js", "/pimcore/static/js/pimcore/document/tags/areablock.js", "/pimcore/static/js/pimcore/document/tags/area.js", "/pimcore/static/js/pimcore/document/tags/pdf.js", "/pimcore/static/js/pimcore/document/edit/helper.js");
$editmodeStylesheets = array("/pimcore/static/css/icons.css", "/pimcore/static/css/editmode.css?asd=" . time());
}
//add plugin editmode JS and CSS
try {
$pluginConfigs = ExtensionManager::getPluginConfigs();
$jsPaths = array();
$cssPaths = array();
if (!empty($pluginConfigs)) {
//registering plugins
foreach ($pluginConfigs as $p) {
$pluginJsPaths = array();
if (array_key_exists("pluginDocumentEditmodeJsPaths", $p['plugin']) && is_array($p['plugin']['pluginDocumentEditmodeJsPaths']) && isset($p['plugin']['pluginDocumentEditmodeJsPaths']['path'])) {
if (is_array($p['plugin']['pluginDocumentEditmodeJsPaths']['path'])) {
$pluginJsPaths = $p['plugin']['pluginDocumentEditmodeJsPaths']['path'];
} else {
if ($p['plugin']['pluginDocumentEditmodeJsPaths']['path'] != null) {
$pluginJsPaths[] = $p['plugin']['pluginDocumentEditmodeJsPaths']['path'];
}
}
}
//manipulate path for frontend
if (is_array($pluginJsPaths) and count($pluginJsPaths) > 0) {
for ($i = 0; $i < count($pluginJsPaths); $i++) {
if (is_file(PIMCORE_PLUGINS_PATH . $pluginJsPaths[$i])) {
$jsPaths[] = "/plugins" . $pluginJsPaths[$i];
}
}
}
$pluginCssPaths = array();
if (array_key_exists("pluginDocumentEditmodeCssPaths", $p['plugin']) && is_array($p['plugin']['pluginDocumentEditmodeCssPaths']) && isset($p['plugin']['pluginDocumentEditmodeCssPaths']['path'])) {
if (is_array($p['plugin']['pluginDocumentEditmodeCssPaths']['path'])) {
$pluginCssPaths = $p['plugin']['pluginDocumentEditmodeCssPaths']['path'];
} else {
if ($p['plugin']['pluginDocumentEditmodeCssPaths']['path'] != null) {
$pluginCssPaths[] = $p['plugin']['pluginDocumentEditmodeCssPaths']['path'];
}
}
}
//manipulate path for frontend
if (is_array($pluginCssPaths) and count($pluginCssPaths) > 0) {
for ($i = 0; $i < count($pluginCssPaths); $i++) {
if (is_file(PIMCORE_PLUGINS_PATH . $pluginCssPaths[$i])) {
$cssPaths[] = "/plugins" . $pluginCssPaths[$i];
}
}
}
}
}
$editmodeScripts = array_merge($editmodeScripts, $jsPaths);
$editmodeStylesheets = array_merge($editmodeStylesheets, $cssPaths);
} catch (\Exception $e) {
\Logger::alert("there is a problem with the plugin configuration");
\Logger::alert($e);
}
$editmodeHeadHtml = "\n\n\n<!-- pimcore editmode -->\n";
// include stylesheets
foreach ($editmodeStylesheets as $sheet) {
$editmodeHeadHtml .= '<link rel="stylesheet" type="text/css" href="' . $sheet . '?_dc=' . Version::$revision . '" />';
$editmodeHeadHtml .= "\n";
}
$editmodeHeadHtml .= "\n\n";
$editmodeHeadHtml .= '<script type="text/javascript">var jQueryPreviouslyLoaded = (typeof jQuery == "undefined") ? false : true;</script>' . "\n";
// include script libraries
foreach ($editmodeLibraries as $script) {
$editmodeHeadHtml .= '<script type="text/javascript" src="' . $script . '?_dc=' . Version::$revision . '"></script>';
$editmodeHeadHtml .= "\n";
}
// combine the pimcore scripts in non-devmode
if ($conf->general->devmode) {
foreach ($editmodeScripts as $script) {
$editmodeHeadHtml .= '<script type="text/javascript" src="' . $script . '?_dc=' . Version::$revision . '"></script>';
$editmodeHeadHtml .= "\n";
}
} else {
$scriptContents = "";
foreach ($editmodeScripts as $scriptUrl) {
$scriptContents .= file_get_contents(PIMCORE_DOCUMENT_ROOT . $scriptUrl) . "\n\n\n";
}
$editmodeHeadHtml .= '<script type="text/javascript" src="' . \Pimcore\Tool\Admin::getMinimizedScriptPath($scriptContents) . '?_dc=' . Version::$revision . '"></script>' . "\n";
}
$user = \Pimcore\Tool\Authentication::authenticateSession();
$lang = $user->getLanguage();
$editmodeHeadHtml .= '<script type="text/javascript" src="/admin/misc/json-translations-system/language/' . $lang . '/?_dc=' . Version::$revision . '"></script>' . "\n";
$editmodeHeadHtml .= '<script type="text/javascript" src="/admin/misc/json-translations-admin/language/' . $lang . '/?_dc=' . Version::$revision . '"></script>' . "\n";
$editmodeHeadHtml .= "\n\n";
// set var for editable configurations which is filled by Document\Tag::admin()
//.........这里部分代码省略.........
作者:ChristophWurs
项目:pimcor
*
* Linfo is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Linfo. If not, see <http://www.gnu.org/licenses/>.
*
*/
/*######### PIMCORE MODIFICATION #########*/
$workingDirectory = getcwd();
include "../../../cli/startup.php";
chdir($workingDirectory);
// only for logged in users
$user = \Pimcore\Tool\Authentication::authenticateSession();
if (!$user instanceof User) {
die("Authentication failed!");
}
if (!$user->isAdmin()) {
die("Permission denied");
}
@ini_set("display_errors", "Off");
/*######### /PIMCORE MODIFICATION #########*/
// Load libs
require_once dirname(__FILE__) . '/init.php';
// Begin
try {
// Load settings and language
$linfo = new Linfo();
// Run through /proc or wherever and build our list of settings
作者:todod
项目:pimcor
/**
* @throws \Zend_Controller_Router_Exception
*/
public function init()
{
// this is only executed once per request (first request)
if (self::$isInitial) {
\Pimcore::getEventManager()->trigger("frontend.controller.preInit", $this);
}
parent::init();
// log exceptions if handled by error_handler
$this->checkForErrors();
// general definitions
if (self::$isInitial) {
\Pimcore::unsetAdminMode();
Document::setHideUnpublished(true);
Object\AbstractObject::setHideUnpublished(true);
Object\AbstractObject::setGetInheritedValues(true);
Object\Localizedfield::setGetFallbackValues(true);
}
// assign variables
$this->view->controller = $this;
// init website config
$config = Config::getWebsiteConfig();
$this->config = $config;
$this->view->config = $config;
$document = $this->getParam("document");
if (!$document instanceof Document) {
\Zend_Registry::set("pimcore_editmode", false);
$this->editmode = false;
$this->view->editmode = false;
self::$isInitial = false;
// check for a locale first, and set it if available
if ($this->getParam("pimcore_parentDocument")) {
// this is a special exception for renderlets in editmode (ajax request), because they depend on the locale of the parent document
// otherwise there'll be notices like: Notice: 'No translation for the language 'XX' available.'
if ($parentDocument = Document::getById($this->getParam("pimcore_parentDocument"))) {
if ($parentDocument->getProperty("language")) {
$this->setLocaleFromDocument($parentDocument->getProperty("language"));
}
}
}
// no document available, continue, ...
return;
} else {
$this->setDocument($document);
// register global locale if the document has the system property "language"
if ($this->getDocument()->getProperty("language")) {
$this->setLocaleFromDocument($this->getDocument()->getProperty("language"));
}
if (self::$isInitial) {
// append meta-data to the headMeta() view helper, if it is a document-request
if (!Model\Staticroute::getCurrentRoute() && $this->getDocument() instanceof Document\Page) {
if (is_array($this->getDocument()->getMetaData())) {
foreach ($this->getDocument()->getMetaData() as $meta) {
// only name
if (!empty($meta["idName"]) && !empty($meta["idValue"]) && !empty($meta["contentValue"])) {
$method = "append" . ucfirst($meta["idName"]);
$this->view->headMeta()->{$method}($meta["idValue"], $meta["contentValue"]);
}
}
}
}
}
}
// this is only executed once per request (first request)
if (self::$isInitial) {
// contains the logged in user if necessary
$user = null;
// default is to set the editmode to false, is enabled later if necessary
\Zend_Registry::set("pimcore_editmode", false);
if (Tool::isFrontentRequestByAdmin()) {
$this->disableBrowserCache();
// start admin session & get logged in user
$user = Authentication::authenticateSession();
}
if (\Pimcore::inDebugMode()) {
$this->disableBrowserCache();
}
if (!$this->document->isPublished()) {
if (Tool::isFrontentRequestByAdmin()) {
if (!$user) {
throw new \Zend_Controller_Router_Exception("access denied for " . $this->document->getFullPath());
}
} else {
throw new \Zend_Controller_Router_Exception("access denied for " . $this->document->getFullPath());
}
}
// logged in users only
if ($user) {
// set the user to registry so that it is available via \Pimcore\Tool\Admin::getCurrentUser();
\Zend_Registry::set("pimcore_admin_user", $user);
// document editmode
if ($this->getParam("pimcore_editmode")) {
\Zend_Registry::set("pimcore_editmode", true);
// check if there is the document in the session
$docKey = "document_" . $this->getDocument()->getId();
$docSession = Session::getReadOnly("pimcore_documents");
if ($docSession->{$docKey}) {
// if there is a document in the session use it
//.........这里部分代码省略.........
作者:solvera
项目:pimcor
/**
* @throws \Zend_Exception
*/
public function init()
{
parent::init();
// set language
if (\Zend_Registry::isRegistered("Zend_Locale")) {
$locale = (string) \Zend_Registry::get("Zend_Locale");
$this->setLanguage($locale);
} else {
if ($this->getParam("language")) {
$this->setLanguage($this->getParam("language"));
} else {
$config = Config::getSystemConfig();
$this->setLanguage($config->general->language);
// try to set browser-language (validation if installed is in $this->setLanguage() )
$this->setLanguage(new \Zend_Locale());
}
}
if (self::$adminInitialized) {
// this will be executed on every call to this init() method
try {
$this->setUser(\Zend_Registry::get("pimcore_admin_user"));
} catch (\Exception $e) {
\Logger::emerg("adminInitialized was set to true although there was no user set in the registry -> to be save the process was killed");
exit;
}
} else {
// the following code is only called once, even when there are some subcalls (eg. with $this->action, ... )
\Pimcore::getEventManager()->trigger("admin.controller.preInit", $this);
$this->disableBrowserCache();
// general definitions
Model\Document::setHideUnpublished(false);
Model\Object\AbstractObject::setHideUnpublished(false);
Model\Object\AbstractObject::setGetInheritedValues(false);
Model\Object\Localizedfield::setGetFallbackValues(false);
\Pimcore::setAdminMode();
// init translations
self::initTranslations($this);
// init zend action helpers, we need to leave the prefixed class name here as the plugin loader isn't able to handle namespaces
\Zend_Controller_Action_HelperBroker::addPrefix('Pimcore_Controller_Action_Helper');
// this is to make it possible to use the session id as a part of the route (ZF default route) used for external editors, etc.
if ($this->getParam("pimcore_admin_sid")) {
$_REQUEST["pimcore_admin_sid"] = $this->getParam("pimcore_admin_sid");
}
// authenticate user, first try to authenticate with session information
$user = Authentication::authenticateSession();
if ($user instanceof Model\User) {
$this->setUser($user);
if ($this->getUser()->getLanguage()) {
$this->setLanguage($this->getUser()->getLanguage());
}
} else {
// try to authenticate with http basic auth, but this is only allowed for WebDAV
if ($this->getParam("module") == "admin" && $this->getParam("controller") == "asset" && $this->getParam("action") == "webdav") {
$user = Authentication::authenticateHttpBasic();
if ($user instanceof Model\User) {
$this->setUser($user);
\Zend_Registry::set("pimcore_admin_user", $this->getUser());
self::$adminInitialized = true;
return;
}
}
}
// redirect to the login-page if the user isn't authenticated
if (!$this->getUser() instanceof Model\User && !($this->getParam("module") == "admin" && $this->getParam("controller") == "login")) {
// put a detailed message into the debug.log
\Logger::error("Prevented access to " . $_SERVER["REQUEST_URI"] . " because there is no user in the session!", ["server" => $_SERVER, "get" => $_GET, "post" => $_POST, "session" => $_SESSION, "cookie" => $_COOKIE]);
// send a auth header for the client (is covered by the ajax object in javascript)
$this->getResponse()->setHeader("X-Pimcore-Auth", "required");
// redirect to login page
$this->redirect("/admin/login");
// exit the execution -> just to be sure
exit;
}
// we're now authenticated so we can remove the default error handler so that we get just the normal PHP errors
if ($this->getParam("controller") != "login") {
$front = \Zend_Controller_Front::getInstance();
$front->unregisterPlugin("Pimcore\\Controller\\Plugin\\ErrorHandler");
$front->throwExceptions(true);
@ini_set("display_errors", "On");
@ini_set("display_startup_errors", "On");
}
\Zend_Registry::set("pimcore_admin_user", $this->getUser());
self::$adminInitialized = true;
// usage statistics
$this->logUsageStatistics();
\Pimcore::getEventManager()->trigger("admin.controller.postInit", $this);
}
}
作者:pimcor
项目:pimcor
/**
* @param $path
* @param bool $partial
* @return array|bool
*/
public function match($path, $partial = false)
{
// this allows the usage of UTF8 URLs and within static routes
$path = urldecode($path);
$front = \Zend_Controller_Front::getInstance();
$matchFound = false;
$config = Config::getSystemConfig();
$routeingDefaults = Tool::getRoutingDefaults();
$params = array_merge($_GET, $_POST);
$params = array_merge($routeingDefaults, $params);
// set the original path
$originalPath = $path;
// check for password protection (http auth)
if ($config->general->http_auth) {
$username = $config->general->http_auth->username;
$password = $config->general->http_auth->password;
if ($username && $password && (!Tool::isFrontentRequestByAdmin() || !Tool\Authentication::authenticateSession())) {
$adapter = new \Zend_Auth_Adapter_Http(["accept_schemes" => "basic", "realm" => Tool::getHostname()]);
$basicResolver = new \Pimcore\Helper\Auth\Adapter\Http\ResolverStatic($username, $password);
$adapter->setBasicResolver($basicResolver);
$adapter->setRequest($front->getRequest());
$adapter->setResponse($front->getResponse());
$result = $adapter->authenticate();
if (!$result->isValid()) {
// Bad userame/password, or canceled password prompt
echo "Authentication Required";
$front->getResponse()->sendResponse();
exit;
}
}
}
// check for a registered site
try {
// do not initialize a site if it is a "special" admin request
if (!Tool::isFrontentRequestByAdmin()) {
$domain = Tool::getHostname();
$site = \Zend_Registry::isRegistered("pimcore_site") ? \Zend_Registry::get("pimcore_site") : Site::getByDomain($domain);
$path = $site->getRootPath() . $path;
\Zend_Registry::set("pimcore_site", $site);
}
} catch (\Exception $e) {
}
// test if there is a suitable redirect with override = all (=> priority = 99)
$this->checkForRedirect($originalPath, true);
// do not allow requests including /index.php/ => SEO
// this is after the first redirect check, to allow redirects in index.php?xxx
if (preg_match("@^/index.php(.*)@", $_SERVER["REQUEST_URI"], $matches) && strtolower($_SERVER["REQUEST_METHOD"]) == "get") {
$redirectUrl = $matches[1];
$redirectUrl = ltrim($redirectUrl, "/");
$redirectUrl = "/" . $redirectUrl;
header("Location: " . $redirectUrl, true, 301);
exit;
}
// redirect to the main domain if specified
try {
$hostRedirect = null;
if ($config->general->redirect_to_maindomain && $config->general->domain && $config->general->domain != Tool::getHostname() && !Site::isSiteRequest() && !Tool::isFrontentRequestByAdmin()) {
$hostRedirect = $config->general->domain;
}
if (Site::isSiteRequest()) {
$site = Site::getCurrentSite();
if ($site->getRedirectToMainDomain() && $site->getMainDomain() != Tool::getHostname()) {
$hostRedirect = $site->getMainDomain();
}
}
if ($hostRedirect && !isset($_GET["pimcore_disable_host_redirect"])) {
$url = ($front->getRequest()->isSecure() ? "https" : "http") . "://" . $hostRedirect . $_SERVER["REQUEST_URI"];
header("HTTP/1.1 301 Moved Permanently");
header("Location: " . $url, true, 301);
// log all redirects to the redirect log
\Pimcore\Log\Simple::log("redirect", Tool::getAnonymizedClientIp() . " \t Host-Redirect Source: " . $_SERVER["REQUEST_URI"] . " -> " . $url);
exit;
}
} catch (\Exception $e) {
}
// check for direct definition of controller/action
if (!empty($_REQUEST["controller"]) && !empty($_REQUEST["action"])) {
$matchFound = true;
}
// test if there is a suitable page
if (!$matchFound) {
try {
$document = Document::getByPath($path);
// check for a pretty url inside a site
if (!$document && Site::isSiteRequest()) {
$documentService = new Document\Service();
$sitePrettyDocId = $documentService->getDocumentIdByPrettyUrlInSite(Site::getCurrentSite(), $originalPath);
if ($sitePrettyDocId) {
if ($sitePrettyDoc = Document::getById($sitePrettyDocId)) {
$document = $sitePrettyDoc;
// undo the modification of the path by the site detection (prefixing with site root path)
// this is not necessary when using pretty-urls and will cause problems when validating the
// prettyUrl later (redirecting to the prettyUrl in the case the page was called by the real path)
$path = $originalPath;
}
//.........这里部分代码省略.........
作者:ChristophWurs
项目:pimcor
/**
* Enables the test mode. X-pimcore-unit-test-request=true header will be sent.
*/
public function enableTestMode()
{
$this->client->setHeaders("X-pimcore-unit-test-request", "true");
if (!$this->getApiKey()) {
$username = "rest";
$password = $username;
$user = User::getByName("{$username}");
if (!$user) {
$apikey = md5(time()) . md5($username);
$user = User::create(array("parentId" => 0, "username" => "rest", "password" => \Pimcore\Tool\Authentication::getPasswordHash($username, $username), "active" => true, "apiKey" => $apikey, "admin" => true));
}
$apikey = $user->getApiKey();
$this->setApiKey($apikey);
}
$this->setTestMode(true);
}
作者:solvera
项目:pimcor
public function getTokenLoginLinkAction()
{
$user = User::getById($this->getParam("id"));
if ($user->isAdmin() && !$this->getUser()->isAdmin()) {
throw new \Exception("Only admin users are allowed to login as an admin user");
}
if ($user) {
$token = Tool\Authentication::generateToken($user->getName(), $user->getPassword());
$r = $this->getRequest();
$link = $r->getScheme() . "://" . $r->getHttpHost() . "/admin/login/login/?username=" . $user->getName() . "&token=" . $token;
$this->_helper->json(["link" => $link]);
}
}
作者:pdaniel-fr
项目:pimcor
//.........这里部分代码省略.........
if (Tool::useFrontendOutputFilters(new \Zend_Controller_Request_Http())) {
$front->registerPlugin(new Controller\Plugin\HybridAuth(), 792);
$front->registerPlugin(new Controller\Plugin\QrCode(), 793);
$front->registerPlugin(new Controller\Plugin\CommonFilesFilter(), 794);
$front->registerPlugin(new Controller\Plugin\WysiwygAttributes(), 796);
$front->registerPlugin(new Controller\Plugin\Webmastertools(), 797);
$front->registerPlugin(new Controller\Plugin\Analytics(), 798);
$front->registerPlugin(new Controller\Plugin\TagManagement(), 804);
$front->registerPlugin(new Controller\Plugin\Targeting(), 805);
$front->registerPlugin(new Controller\Plugin\EuCookieLawNotice(), 807);
$front->registerPlugin(new Controller\Plugin\HttpErrorLog(), 850);
$front->registerPlugin(new Controller\Plugin\Cache(), 901);
// for caching
}
self::initControllerFront($front);
// set router
$router = $front->getRouter();
$routeAdmin = new \Zend_Controller_Router_Route('admin/:controller/:action/*', array('module' => 'admin', "controller" => "index", "action" => "index"));
$routeInstall = new \Zend_Controller_Router_Route('install/:controller/:action/*', array('module' => 'install', "controller" => "index", "action" => "index"));
$routeUpdate = new \Zend_Controller_Router_Route('admin/update/:controller/:action/*', array('module' => 'update', "controller" => "index", "action" => "index"));
$routePlugins = new \Zend_Controller_Router_Route('admin/plugin/:controller/:action/*', array('module' => 'pluginadmin', "controller" => "index", "action" => "index"));
$routeExtensions = new \Zend_Controller_Router_Route('admin/extensionmanager/:controller/:action/*', array('module' => 'extensionmanager', "controller" => "index", "action" => "index"));
$routeReports = new \Zend_Controller_Router_Route('admin/reports/:controller/:action/*', array('module' => 'reports', "controller" => "index", "action" => "index"));
$routePlugin = new \Zend_Controller_Router_Route('plugin/:module/:controller/:action/*', array("controller" => "index", "action" => "index"));
$routeWebservice = new \Zend_Controller_Router_Route('webservice/:controller/:action/*', array("module" => "webservice", "controller" => "index", "action" => "index"));
$routeSearchAdmin = new \Zend_Controller_Router_Route('admin/search/:controller/:action/*', array("module" => "searchadmin", "controller" => "index", "action" => "index"));
// website route => custom router which check for a suitable document
$routeFrontend = new Controller\Router\Route\Frontend();
$router->addRoute('default', $routeFrontend);
// only do this if not frontend => performance issue
if (!$frontend) {
$router->addRoute("install", $routeInstall);
$router->addRoute('plugin', $routePlugin);
$router->addRoute('admin', $routeAdmin);
$router->addRoute('update', $routeUpdate);
$router->addRoute('plugins', $routePlugins);
$router->addRoute('extensionmanager', $routeExtensions);
$router->addRoute('reports', $routeReports);
$router->addRoute('searchadmin', $routeSearchAdmin);
if ($conf instanceof \Zend_Config and $conf->webservice and $conf->webservice->enabled) {
$router->addRoute('webservice', $routeWebservice);
}
// check if this request routes into a plugin, if so check if the plugin is enabled
if (preg_match("@^/plugin/([^/]+)/.*@", $_SERVER["REQUEST_URI"], $matches)) {
$pluginName = $matches[1];
if (!Pimcore\ExtensionManager::isEnabled("plugin", $pluginName)) {
\Pimcore\Tool::exitWithError("Plugin is disabled. To use this plugin please enable it in the extension manager!");
}
}
// force the main (default) domain for "admin" requests
if ($conf->general->domain && $conf->general->domain != Tool::getHostname()) {
$url = ($_SERVER['HTTPS'] == "on" ? "https" : "http") . "://" . $conf->general->domain . $_SERVER["REQUEST_URI"];
header("HTTP/1.1 301 Moved Permanently");
header("Location: " . $url, true, 301);
exit;
}
}
// check if webdav is configured and add router
if ($conf instanceof \Zend_Config) {
if ($conf->assets->webdav->hostname) {
$routeWebdav = new \Zend_Controller_Router_Route_Hostname($conf->assets->webdav->hostname, array("module" => "admin", 'controller' => 'asset', 'action' => 'webdav'));
$router->addRoute('webdav', $routeWebdav);
}
}
$front->setRouter($router);
self::getEventManager()->trigger("system.startup", $front);
// throw exceptions also when in preview or in editmode (documents) to see it immediately when there's a problem with this page
$throwExceptions = false;
if (Tool::isFrontentRequestByAdmin()) {
$user = \Pimcore\Tool\Authentication::authenticateSession();
if ($user instanceof User) {
$throwExceptions = true;
}
}
// run dispatcher
// this is also standard for /admin/ requests -> error handling is done in Pimcore_Controller_Action_Admin
if (!PIMCORE_DEBUG && !$throwExceptions && !PIMCORE_DEVMODE) {
@ini_set("display_errors", "Off");
@ini_set("display_startup_errors", "Off");
$front->dispatch();
} else {
@ini_set("display_errors", "On");
@ini_set("display_startup_errors", "On");
$front->throwExceptions(true);
try {
$front->dispatch();
} catch (\Zend_Controller_Router_Exception $e) {
if (!headers_sent()) {
header("HTTP/1.0 404 Not Found");
}
\Logger::err($e);
throw new \Zend_Controller_Router_Exception("No route, document, custom route or redirect is matching the request: " . $_SERVER["REQUEST_URI"] . " | \n" . "Specific ERROR: " . $e->getMessage());
} catch (\Exception $e) {
if (!headers_sent()) {
header("HTTP/1.0 500 Internal Server Error");
}
throw $e;
}
}
}
