*/ class Mage_Adminhtml_IndexController extends Mage_Adminhtml_Controller_Action { /** * Render specified template * * @param string $tplName * @param array $data parameters required by template */ protected function _outTemplate($tplName, $data = array()) { $this->_initLayoutMessages('adminhtml/session'); $block = $this->getLayout()->createBlock('adminhtml/template')->setTemplate("$tplName.phtml"); foreach ($data as $index => $value) { $block->assign($index, $value); } $html = $block->toHtml(); Mage::getSingleton('core/translate_inline')->processResponseBody($html); $this->getResponse()->setBody($html); } /** * Admin area entry point * Always redirects to the startup page url */ public function indexAction() { $session = Mage::getSingleton('admin/session'); $url = $session->getUser()->getStartupPageUrl(); if ($session->isFirstPageAfterLogin()) { // retain the "first page after login" value in session (before redirect) $session->setIsFirstPageAfterLogin(true); } $this->_redirect($url); } /** * Administrator login action */ public function loginAction() { if (Mage::getSingleton('admin/session')->isLoggedIn()) { $this->_redirect('*'); return; } $loginData = $this->getRequest()->getParam('login'); $username = (is_array($loginData) && array_key_exists('username', $loginData)) ? $loginData['username'] : null; $this->loadLayout(); $this->renderLayout(); } /** * Administrator logout action */ public function logoutAction() { /** @var $adminSession Mage_Admin_Model_Session */ $adminSession = Mage::getSingleton('admin/session'); $adminSession->unsetAll(); $adminSession->getCookie()->delete($adminSession->getSessionName()); $adminSession->addSuccess(Mage::helper('adminhtml')->__('You have logged out.')); $this->_redirect('*'); } /** * Global Search Action */ public function globalSearchAction() { $searchModules = Mage::getConfig()->getNode("adminhtml/global_search"); $items = array(); if (!Mage::getSingleton('admin/session')->isAllowed('admin/global_search')) { $items[] = array( 'id' => 'error', 'type' => Mage::helper('adminhtml')->__('Error'), 'name' => Mage::helper('adminhtml')->__('Access Denied'), 'description' => Mage::helper('adminhtml')->__('You have not enough permissions to use this functionality.') ); $totalCount = 1; } else { if (empty($searchModules)) { $items[] = array( 'id' => 'error', 'type' => Mage::helper('adminhtml')->__('Error'), 'name' => Mage::helper('adminhtml')->__('No search modules were registered'), 'description' => Mage::helper('adminhtml')->__('Please make sure that all global admin search modules are installed and activated.') ); $totalCount = 1; } else { $start = $this->getRequest()->getParam('start', 1); $limit = $this->getRequest()->getParam('limit', 10); $query = $this->getRequest()->getParam('query', ''); foreach ($searchModules->children() as $searchConfig) { if ($searchConfig->acl && !Mage::getSingleton('admin/session')->isAllowed($searchConfig->acl)){ continue; } $className = $searchConfig->getClassName(); if (empty($className)) { continue; } $searchInstance = new $className(); $results = $searchInstance->setStart($start) ->setLimit($limit) ->setQuery($query) ->load() ->getResults(); $items = array_merge_recursive($items, $results); } $totalCount = sizeof($items); } } $block = $this->getLayout()->createBlock('adminhtml/template') ->setTemplate('system/autocomplete.phtml') ->assign('items', $items); $this->getResponse()->setBody($block->toHtml()); } /** * Example action */ public function exampleAction() { $this->_outTemplate('example'); } /** * Test action */ public function testAction() { echo $this->getLayout()->createBlock('core/profiler')->toHtml(); } /** * Change locale action */ public function changeLocaleAction() { $locale = $this->getRequest()->getParam('locale'); if ($locale) { Mage::getSingleton('adminhtml/session')->setLocale($locale); } $this->_redirectReferer(); } /** * Denied JSON action */ public function deniedJsonAction() { $this->getResponse()->setBody($this->_getDeniedJson()); } /** * Retrieve response for deniedJsonAction() */ protected function _getDeniedJson() { return Mage::helper('core')->jsonEncode(array( 'ajaxExpired' => 1, 'ajaxRedirect' => $this->getUrl('*/index/login') )); } /** * Denied IFrame action */ public function deniedIframeAction() { $this->getResponse()->setBody($this->_getDeniedIframe()); } /** * Retrieve response for deniedIframeAction() */ protected function _getDeniedIframe() { return ''; } /** * Forgot administrator password action */ public function forgotpasswordAction() { $email = (string) $this->getRequest()->getParam('email'); $params = $this->getRequest()->getParams(); if (!empty($email) && !empty($params)) { // Validate received data to be an email address if (Zend_Validate::is($email, 'EmailAddress')) { $collection = Mage::getResourceModel('admin/user_collection'); /** @var $collection Mage_Admin_Model_Resource_User_Collection */ $collection->addFieldToFilter('email', $email); $collection->load(false); if ($collection->getSize() > 0) { foreach ($collection as $item) { $user = Mage::getModel('admin/user')->load($item->getId()); if ($user->getId()) { $newResetPasswordLinkToken = Mage::helper('admin')->generateResetPasswordLinkToken(); $user->changeResetPasswordLinkToken($newResetPasswordLinkToken); $user->save(); $user->sendPasswordResetConfirmationEmail(); } break; } } $this->_getSession() ->addSuccess(Mage::helper('adminhtml')->__('If there is an account associated with %s you will receive an email with a link to reset your password.', Mage::helper('adminhtml')->escapeHtml($email))); $this->_redirect('*/*/login'); return; } else { $this->_getSession()->addError($this->__('Invalid email address.')); } } elseif (!empty($params)) { $this->_getSession()->addError(Mage::helper('adminhtml')->__('The email address is empty.')); } $this->loadLayout(); $this->renderLayout(); } /** * Display reset forgotten password form * * User is redirected on this action when he clicks on the corresponding link in password reset confirmation email */ public function resetPasswordAction() { $resetPasswordLinkToken = (string) $this->getRequest()->getQuery('token'); $userId = (int) $this->getRequest()->getQuery('id'); try { $this->_validateResetPasswordLinkToken($userId, $resetPasswordLinkToken); $data = array( 'userId' => $userId, 'resetPasswordLinkToken' => $resetPasswordLinkToken ); $this->_outTemplate('resetforgottenpassword', $data); } catch (Exception $exception) { $this->_getSession()->addError(Mage::helper('adminhtml')->__('Your password reset link has expired.')); $this->_redirect('*/*/forgotpassword', array('_nosecret' => true)); } } /** * Reset forgotten password * * Used to handle data recieved from reset forgotten password form */ public function resetPasswordPostAction() { $resetPasswordLinkToken = (string) $this->getRequest()->getQuery('token'); $userId = (int) $this->getRequest()->getQuery('id'); $password = (string) $this->getRequest()->getPost('password'); $passwordConfirmation = (string) $this->getRequest()->getPost('confirmation'); try { $this->_validateResetPasswordLinkToken($userId, $resetPasswordLinkToken); } catch (Exception $exception) { $this->_getSession()->addError(Mage::helper('adminhtml')->__('Your password reset link has expired.')); $this->_redirect('*/*/'); return; } $errorMessages = array(); if (iconv_strlen($password) <= 0) { array_push($errorMessages, Mage::helper('adminhtml')->__('New password field cannot be empty.')); } /** @var $user Mage_Admin_Model_User */ $user = Mage::getModel('admin/user')->load($userId); $user->setNewPassword($password); $user->setPasswordConfirmation($passwordConfirmation); $validationErrorMessages = $user->validate(); if (is_array($validationErrorMessages)) { $errorMessages = array_merge($errorMessages, $validationErrorMessages); } if (!empty($errorMessages)) { foreach ($errorMessages as $errorMessage) { $this->_getSession()->addError($errorMessage); } $data = array( 'userId' => $userId, 'resetPasswordLinkToken' => $resetPasswordLinkToken ); $this->_outTemplate('resetforgottenpassword', $data); return; } try { // Empty current reset password token i.e. invalidate it $user->setRpToken(null); $user->setRpTokenCreatedAt(null); $user->setPasswordConfirmation(null); $user->save(); $this->_getSession()->addSuccess(Mage::helper('adminhtml')->__('Your password has been updated.')); $this->_redirect('*/*/login'); } catch (Exception $exception) { $this->_getSession()->addError($exception->getMessage()); $data = array( 'userId' => $userId, 'resetPasswordLinkToken' => $resetPasswordLinkToken ); $this->_outTemplate('resetforgottenpassword', $data); return; } } /** * Check if password reset token is valid * * @param int $userId * @param string $resetPasswordLinkToken * @throws Mage_Core_Exception */ protected function _validateResetPasswordLinkToken($userId, $resetPasswordLinkToken) { if (!is_int($userId) || !is_string($resetPasswordLinkToken) || empty($resetPasswordLinkToken) || empty($userId) || $userId < 0 ) { throw Mage::exception('Mage_Core', Mage::helper('adminhtml')->__('Invalid password reset token.')); } /** @var $user Mage_Admin_Model_User */ $user = Mage::getModel('admin/user')->load($userId); if (!$user || !$user->getId()) { throw Mage::exception('Mage_Core', Mage::helper('adminhtml')->__('Wrong account specified.')); } $userToken = $user->getRpToken(); if (strcmp($userToken, $resetPasswordLinkToken) != 0 || $user->isResetPasswordLinkTokenExpired()) { throw Mage::exception('Mage_Core', Mage::helper('adminhtml')->__('Your password reset link has expired.')); } } /** * Check if user has permissions to access this controller * * @return boolean */ protected function _isAllowed() { return true; } }