1: <?php
  2: /**
  3:  * Magento
  4:  *
  5:  * NOTICE OF LICENSE
  6:  *
  7:  * This source file is subject to the Open Software License (OSL 3.0)
  8:  * that is bundled with this package in the file LICENSE.txt.
  9:  * It is also available through the world-wide-web at this URL:
 10:  * http://opensource.org/licenses/osl-3.0.php
 11:  * If you did not receive a copy of the license and are unable to
 12:  * obtain it through the world-wide-web, please send an email
 13:  * to license@magentocommerce.com so we can send you a copy immediately.
 14:  *
 15:  * DISCLAIMER
 16:  *
 17:  * Do not edit or add to this file if you wish to upgrade Magento to newer
 18:  * versions in the future. If you wish to customize Magento for your
 19:  * needs please refer to http://www.magentocommerce.com for more information.
 20:  *
 21:  * @category    Mage
 22:  * @package     Mage_Adminhtml
 23:  * @copyright   Copyright (c) 2012 Magento Inc. (http://www.magentocommerce.com)
 24:  * @license     http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
 25:  */
 26: 
 27: /**
 28:  * Index admin controller
 29:  *
 30:  * @category    Mage
 31:  * @package     Mage_Adminhtml
 32:  * @author      Magento Core Team <core@magentocommerce.com>
 33:  */
 34: class Mage_Adminhtml_IndexController extends Mage_Adminhtml_Controller_Action
 35: {
 36:     /**
 37:      * Render specified template
 38:      *
 39:      * @param string $tplName
 40:      * @param array $data parameters required by template
 41:      */
 42:     protected function _outTemplate($tplName, $data = array())
 43:     {
 44:         $this->_initLayoutMessages('adminhtml/session');
 45:         $block = $this->getLayout()->createBlock('adminhtml/template')->setTemplate("$tplName.phtml");
 46:         foreach ($data as $index => $value) {
 47:             $block->assign($index, $value);
 48:         }
 49:         $html = $block->toHtml();
 50:         Mage::getSingleton('core/translate_inline')->processResponseBody($html);
 51:         $this->getResponse()->setBody($html);
 52:     }
 53: 
 54:     /**
 55:      * Admin area entry point
 56:      * Always redirects to the startup page url
 57:      */
 58:     public function indexAction()
 59:     {
 60:         $session = Mage::getSingleton('admin/session');
 61:         $url = $session->getUser()->getStartupPageUrl();
 62:         if ($session->isFirstPageAfterLogin()) {
 63:             // retain the "first page after login" value in session (before redirect)
 64:             $session->setIsFirstPageAfterLogin(true);
 65:         }
 66:         $this->_redirect($url);
 67:     }
 68: 
 69:     /**
 70:      * Administrator login action
 71:      */
 72:     public function loginAction()
 73:     {
 74:         if (Mage::getSingleton('admin/session')->isLoggedIn()) {
 75:             $this->_redirect('*');
 76:             return;
 77:         }
 78:         $loginData = $this->getRequest()->getParam('login');
 79:         $username = (is_array($loginData) && array_key_exists('username', $loginData)) ? $loginData['username'] : null;
 80: 
 81:         $this->loadLayout();
 82:         $this->renderLayout();
 83:     }
 84: 
 85:     /**
 86:      * Administrator logout action
 87:      */
 88:     public function logoutAction()
 89:     {
 90:         /** @var $adminSession Mage_Admin_Model_Session */
 91:         $adminSession = Mage::getSingleton('admin/session');
 92:         $adminSession->unsetAll();
 93:         $adminSession->getCookie()->delete($adminSession->getSessionName());
 94:         $adminSession->addSuccess(Mage::helper('adminhtml')->__('You have logged out.'));
 95: 
 96:         $this->_redirect('*');
 97:     }
 98: 
 99:     /**
100:      * Global Search Action
101:      */
102:     public function globalSearchAction()
103:     {
104:         $searchModules = Mage::getConfig()->getNode("adminhtml/global_search");
105:         $items = array();
106: 
107:         if (!Mage::getSingleton('admin/session')->isAllowed('admin/global_search')) {
108:             $items[] = array(
109:                 'id' => 'error',
110:                 'type' => Mage::helper('adminhtml')->__('Error'),
111:                 'name' => Mage::helper('adminhtml')->__('Access Denied'),
112:                 'description' => Mage::helper('adminhtml')->__('You have not enough permissions to use this functionality.')
113:             );
114:             $totalCount = 1;
115:         } else {
116:             if (empty($searchModules)) {
117:                 $items[] = array(
118:                     'id' => 'error',
119:                     'type' => Mage::helper('adminhtml')->__('Error'),
120:                     'name' => Mage::helper('adminhtml')->__('No search modules were registered'),
121:                     'description' => Mage::helper('adminhtml')->__('Please make sure that all global admin search modules are installed and activated.')
122:                 );
123:                 $totalCount = 1;
124:             } else {
125:                 $start = $this->getRequest()->getParam('start', 1);
126:                 $limit = $this->getRequest()->getParam('limit', 10);
127:                 $query = $this->getRequest()->getParam('query', '');
128:                 foreach ($searchModules->children() as $searchConfig) {
129: 
130:                     if ($searchConfig->acl && !Mage::getSingleton('admin/session')->isAllowed($searchConfig->acl)){
131:                         continue;
132:                     }
133: 
134:                     $className = $searchConfig->getClassName();
135: 
136:                     if (empty($className)) {
137:                         continue;
138:                     }
139:                     $searchInstance = new $className();
140:                     $results = $searchInstance->setStart($start)
141:                         ->setLimit($limit)
142:                         ->setQuery($query)
143:                         ->load()
144:                         ->getResults();
145:                     $items = array_merge_recursive($items, $results);
146:                 }
147:                 $totalCount = sizeof($items);
148:             }
149:         }
150: 
151:         $block = $this->getLayout()->createBlock('adminhtml/template')
152:             ->setTemplate('system/autocomplete.phtml')
153:             ->assign('items', $items);
154: 
155:         $this->getResponse()->setBody($block->toHtml());
156:     }
157: 
158:     /**
159:      * Example action
160:      */
161:     public function exampleAction()
162:     {
163:         $this->_outTemplate('example');
164:     }
165: 
166:     /**
167:      * Test action
168:      */
169:     public function testAction()
170:     {
171:         echo $this->getLayout()->createBlock('core/profiler')->toHtml();
172:     }
173: 
174:     /**
175:      * Change locale action
176:      */
177:     public function changeLocaleAction()
178:     {
179:         $locale = $this->getRequest()->getParam('locale');
180:         if ($locale) {
181:             Mage::getSingleton('adminhtml/session')->setLocale($locale);
182:         }
183:         $this->_redirectReferer();
184:     }
185: 
186:     /**
187:      * Denied JSON action
188:      */
189:     public function deniedJsonAction()
190:     {
191:         $this->getResponse()->setBody($this->_getDeniedJson());
192:     }
193: 
194:     /**
195:      * Retrieve response for deniedJsonAction()
196:      */
197:     protected function _getDeniedJson()
198:     {
199:         return Mage::helper('core')->jsonEncode(array(
200:             'ajaxExpired' => 1,
201:             'ajaxRedirect' => $this->getUrl('*/index/login')
202:         ));
203:     }
204: 
205:     /**
206:      * Denied IFrame action
207:      */
208:     public function deniedIframeAction()
209:     {
210:         $this->getResponse()->setBody($this->_getDeniedIframe());
211:     }
212: 
213:     /**
214:      * Retrieve response for deniedIframeAction()
215:      */
216:     protected function _getDeniedIframe()
217:     {
218:         return '<script type="text/javascript">parent.window.location = \''
219:             . $this->getUrl('*/index/login') . '\';</script>';
220:     }
221: 
222:     /**
223:      * Forgot administrator password action
224:      */
225:     public function forgotpasswordAction()
226:     {
227:         $email = (string) $this->getRequest()->getParam('email');
228:         $params = $this->getRequest()->getParams();
229: 
230:         if (!empty($email) && !empty($params)) {
231:             // Validate received data to be an email address
232:             if (Zend_Validate::is($email, 'EmailAddress')) {
233:                 $collection = Mage::getResourceModel('admin/user_collection');
234:                 /** @var $collection Mage_Admin_Model_Resource_User_Collection */
235:                 $collection->addFieldToFilter('email', $email);
236:                 $collection->load(false);
237: 
238:                 if ($collection->getSize() > 0) {
239:                     foreach ($collection as $item) {
240:                         $user = Mage::getModel('admin/user')->load($item->getId());
241:                         if ($user->getId()) {
242:                             $newResetPasswordLinkToken = Mage::helper('admin')->generateResetPasswordLinkToken();
243:                             $user->changeResetPasswordLinkToken($newResetPasswordLinkToken);
244:                             $user->save();
245:                             $user->sendPasswordResetConfirmationEmail();
246:                         }
247:                         break;
248:                     }
249:                 }
250:                 $this->_getSession()
251:                     ->addSuccess(Mage::helper('adminhtml')->__('If there is an account associated with %s you will receive an email with a link to reset your password.', Mage::helper('adminhtml')->escapeHtml($email)));
252:                 $this->_redirect('*/*/login');
253:                 return;
254:             } else {
255:                 $this->_getSession()->addError($this->__('Invalid email address.'));
256:             }
257:         } elseif (!empty($params)) {
258:             $this->_getSession()->addError(Mage::helper('adminhtml')->__('The email address is empty.'));
259:         }
260:         $this->loadLayout();
261:         $this->renderLayout();
262:     }
263: 
264:     /**
265:      * Display reset forgotten password form
266:      *
267:      * User is redirected on this action when he clicks on the corresponding link in password reset confirmation email
268:      */
269:     public function resetPasswordAction()
270:     {
271:         $resetPasswordLinkToken = (string) $this->getRequest()->getQuery('token');
272:         $userId = (int) $this->getRequest()->getQuery('id');
273:         try {
274:             $this->_validateResetPasswordLinkToken($userId, $resetPasswordLinkToken);
275:             $data = array(
276:                 'userId' => $userId,
277:                 'resetPasswordLinkToken' => $resetPasswordLinkToken
278:             );
279:             $this->_outTemplate('resetforgottenpassword', $data);
280:         } catch (Exception $exception) {
281:             $this->_getSession()->addError(Mage::helper('adminhtml')->__('Your password reset link has expired.'));
282:             $this->_redirect('*/*/forgotpassword', array('_nosecret' => true));
283:         }
284:     }
285: 
286:     /**
287:      * Reset forgotten password
288:      *
289:      * Used to handle data recieved from reset forgotten password form
290:      */
291:     public function resetPasswordPostAction()
292:     {
293:         $resetPasswordLinkToken = (string) $this->getRequest()->getQuery('token');
294:         $userId = (int) $this->getRequest()->getQuery('id');
295:         $password = (string) $this->getRequest()->getPost('password');
296:         $passwordConfirmation = (string) $this->getRequest()->getPost('confirmation');
297: 
298:         try {
299:             $this->_validateResetPasswordLinkToken($userId, $resetPasswordLinkToken);
300:         } catch (Exception $exception) {
301:             $this->_getSession()->addError(Mage::helper('adminhtml')->__('Your password reset link has expired.'));
302:             $this->_redirect('*/*/');
303:             return;
304:         }
305: 
306:         $errorMessages = array();
307:         if (iconv_strlen($password) <= 0) {
308:             array_push($errorMessages, Mage::helper('adminhtml')->__('New password field cannot be empty.'));
309:         }
310:         /** @var $user Mage_Admin_Model_User */
311:         $user = Mage::getModel('admin/user')->load($userId);
312: 
313:         $user->setNewPassword($password);
314:         $user->setPasswordConfirmation($passwordConfirmation);
315:         $validationErrorMessages = $user->validate();
316:         if (is_array($validationErrorMessages)) {
317:             $errorMessages = array_merge($errorMessages, $validationErrorMessages);
318:         }
319: 
320:         if (!empty($errorMessages)) {
321:             foreach ($errorMessages as $errorMessage) {
322:                 $this->_getSession()->addError($errorMessage);
323:             }
324:             $data = array(
325:                 'userId' => $userId,
326:                 'resetPasswordLinkToken' => $resetPasswordLinkToken
327:             );
328:             $this->_outTemplate('resetforgottenpassword', $data);
329:             return;
330:         }
331: 
332:         try {
333:             // Empty current reset password token i.e. invalidate it
334:             $user->setRpToken(null);
335:             $user->setRpTokenCreatedAt(null);
336:             $user->setPasswordConfirmation(null);
337:             $user->save();
338:             $this->_getSession()->addSuccess(Mage::helper('adminhtml')->__('Your password has been updated.'));
339:             $this->_redirect('*/*/login');
340:         } catch (Exception $exception) {
341:             $this->_getSession()->addError($exception->getMessage());
342:             $data = array(
343:                 'userId' => $userId,
344:                 'resetPasswordLinkToken' => $resetPasswordLinkToken
345:             );
346:             $this->_outTemplate('resetforgottenpassword', $data);
347:             return;
348:         }
349:     }
350: 
351:     /**
352:      * Check if password reset token is valid
353:      *
354:      * @param int $userId
355:      * @param string $resetPasswordLinkToken
356:      * @throws Mage_Core_Exception
357:      */
358:     protected function _validateResetPasswordLinkToken($userId, $resetPasswordLinkToken)
359:     {
360:         if (!is_int($userId)
361:             || !is_string($resetPasswordLinkToken)
362:             || empty($resetPasswordLinkToken)
363:             || empty($userId)
364:             || $userId < 0
365:         ) {
366:             throw Mage::exception('Mage_Core', Mage::helper('adminhtml')->__('Invalid password reset token.'));
367:         }
368: 
369:         /** @var $user Mage_Admin_Model_User */
370:         $user = Mage::getModel('admin/user')->load($userId);
371:         if (!$user || !$user->getId()) {
372:             throw Mage::exception('Mage_Core', Mage::helper('adminhtml')->__('Wrong account specified.'));
373:         }
374: 
375:         $userToken = $user->getRpToken();
376:         if (strcmp($userToken, $resetPasswordLinkToken) != 0 || $user->isResetPasswordLinkTokenExpired()) {
377:             throw Mage::exception('Mage_Core', Mage::helper('adminhtml')->__('Your password reset link has expired.'));
378:         }
379:     }
380: 
381:     /**
382:      * Check if user has permissions to access this controller
383:      *
384:      * @return boolean
385:      */
386:     protected function _isAllowed()
387:     {
388:         return true;
389:     }
390: }
391: