public static function authenticatePlaintext($username, $password) { $user = User::getByName($username); // user needs to be active, needs a password and an ID (do not allow system user to login, ...) if (self::isValidUser($user)) { if (self::verifyPassword($user, $password)) { return $user; } } return null; }
public function loginAction() { $user = null; try { \Pimcore::getEventManager()->trigger("admin.login.login.authenticate", $this, ["username" => $this->getParam("username"), "password" => $this->getParam("password")]); $user = $this->getUser(); if (!$user instanceof User) { if ($this->getParam("password")) { $user = Tool\Authentication::authenticatePlaintext($this->getParam("username"), $this->getParam("password")); if (!$user) { throw new \Exception("Invalid username or password"); } } else { if ($this->getParam("token")) { $user = Tool\Authentication::authenticateToken($this->getParam("username"), $this->getParam("token")); if (!$user) { throw new \Exception("Invalid username or token"); } // save the information to session when the user want's to reset the password // this is because otherwise the old password is required => see also PIMCORE-1468 if ($this->getParam("reset")) { Tool\Session::useSession(function ($adminSession) { $adminSession->password_reset = true; }); } } else { throw new \Exception("Invalid authentication method, must be either password or token"); } } } } catch (\Exception $e) { //see if module or plugin authenticates user \Pimcore::getEventManager()->trigger("admin.login.login.failed", $this, ["username" => $this->getParam("username"), "password" => $this->getParam("password")]); $user = $this->getUser(); if (!$user instanceof User) { $this->writeLogFile($this->getParam("username"), $e->getMessage()); \Logger::info("Login failed: " . $e); } } if ($user instanceof User && $user->getId() && $user->isActive() && $user->getPassword()) { Tool\Session::useSession(function ($adminSession) use($user) { $adminSession->user = $user; Tool\Session::regenerateId(); }); if ($this->getParam('deeplink')) { $this->redirect('/admin/login/deeplink/?' . $this->getParam('deeplink')); } else { $this->redirect("/admin/?_dc=" . time()); } } else { $this->redirect("/admin/login/?auth_failed=true"); exit; } }