public function loginAction()
{
$user = null;
try {
\Pimcore::getEventManager()->trigger("admin.login.login.authenticate", $this, ["username" => $this->getParam("username"), "password" => $this->getParam("password")]);
$user = $this->getUser();
if (!$user instanceof User) {
if ($this->getParam("password")) {
$user = Tool\Authentication::authenticatePlaintext($this->getParam("username"), $this->getParam("password"));
if (!$user) {
throw new \Exception("Invalid username or password");
}
} elseif ($this->getParam("token")) {
$user = Tool\Authentication::authenticateToken($this->getParam("username"), $this->getParam("token"));
if (!$user) {
throw new \Exception("Invalid username or token");
}
// save the information to session when the user want's to reset the password
// this is because otherwise the old password is required => see also PIMCORE-1468
if ($this->getParam("reset")) {
Tool\Session::useSession(function ($adminSession) {
$adminSession->password_reset = true;
});
}
} else {
throw new \Exception("Invalid authentication method, must be either password or token");
}
}
} catch (\Exception $e) {
//see if module or plugin authenticates user
\Pimcore::getEventManager()->trigger("admin.login.login.failed", $this, ["username" => $this->getParam("username"), "password" => $this->getParam("password")]);
$user = $this->getUser();
if (!$user instanceof User) {
$this->writeLogFile($this->getParam("username"), $e->getMessage());
Logger::info("Login failed: " . $e);
}
}
if ($user instanceof User && $user->getId() && $user->isActive() && $user->getPassword()) {
Tool\Session::useSession(function ($adminSession) use($user) {
$adminSession->user = $user;
Tool\Session::regenerateId();
});
if ($this->getParam('deeplink')) {
$this->redirect('/admin/login/deeplink/?' . $this->getParam('deeplink'));
} else {
$this->redirect("/admin/?_dc=" . time());
}
} else {
$this->redirect("/admin/login/?auth_failed=true");
exit;
}
}