API
5 years ago
Access
5 years ago
Application
5 years ago
Archive
5 years ago
ArchiveProcessor
5 years ago
Archiver
5 years ago
AssetManager
5 years ago
Auth
5 years ago
Category
5 years ago
CliMulti
5 years ago
Columns
5 years ago
Composer
5 years ago
Concurrency
5 years ago
Config
5 years ago
Container
5 years ago
CronArchive
5 years ago
DataAccess
5 years ago
DataFiles
5 years ago
DataTable
5 years ago
Db
5 years ago
DeviceDetector
5 years ago
Email
5 years ago
Exception
5 years ago
Http
5 years ago
Intl
5 years ago
Mail
5 years ago
Measurable
5 years ago
Menu
5 years ago
Metrics
5 years ago
Notification
5 years ago
Period
5 years ago
Plugin
5 years ago
ProfessionalServices
5 years ago
Report
5 years ago
ReportRenderer
5 years ago
Scheduler
5 years ago
Segment
5 years ago
Session
5 years ago
Settings
5 years ago
Tracker
5 years ago
Translation
5 years ago
UpdateCheck
5 years ago
Updater
5 years ago
Updates
5 years ago
Validators
5 years ago
View
5 years ago
ViewDataTable
5 years ago
Visualization
5 years ago
Widget
5 years ago
.htaccess
6 years ago
Access.php
5 years ago
Archive.php
5 years ago
ArchiveProcessor.php
5 years ago
AssetManager.php
5 years ago
Auth.php
5 years ago
AuthResult.php
5 years ago
BaseFactory.php
5 years ago
Cache.php
5 years ago
CacheId.php
5 years ago
CliMulti.php
5 years ago
Common.php
5 years ago
Config.php
5 years ago
Console.php
5 years ago
Context.php
5 years ago
Cookie.php
5 years ago
CronArchive.php
5 years ago
DataArray.php
5 years ago
DataTable.php
5 years ago
Date.php
5 years ago
Db.php
5 years ago
DbHelper.php
5 years ago
Development.php
5 years ago
ErrorHandler.php
5 years ago
EventDispatcher.php
5 years ago
ExceptionHandler.php
5 years ago
FileIntegrity.php
5 years ago
Filechecks.php
5 years ago
Filesystem.php
5 years ago
FrontController.php
5 years ago
Http.php
5 years ago
IP.php
5 years ago
Log.php
5 years ago
LogDeleter.php
5 years ago
Mail.php
5 years ago
Metrics.php
5 years ago
NoAccessException.php
5 years ago
Nonce.php
5 years ago
Notification.php
5 years ago
NumberFormatter.php
5 years ago
Option.php
5 years ago
Period.php
5 years ago
Piwik.php
5 years ago
Plugin.php
5 years ago
Profiler.php
5 years ago
ProxyHeaders.php
5 years ago
ProxyHttp.php
5 years ago
QuickForm2.php
5 years ago
RankingQuery.php
5 years ago
ReportRenderer.php
5 years ago
Segment.php
5 years ago
Sequence.php
5 years ago
Session.php
5 years ago
SettingsPiwik.php
5 years ago
SettingsServer.php
5 years ago
Singleton.php
5 years ago
Site.php
5 years ago
SupportedBrowser.php
5 years ago
TCPDF.php
5 years ago
Theme.php
5 years ago
Timer.php
5 years ago
Tracker.php
5 years ago
Twig.php
5 years ago
Unzip.php
5 years ago
UpdateCheck.php
5 years ago
Updater.php
5 years ago
UpdaterErrorException.php
5 years ago
Updates.php
5 years ago
Url.php
5 years ago
UrlHelper.php
5 years ago
Version.php
5 years ago
View.php
5 years ago
bootstrap.php
5 years ago
dispatch.php
5 years ago
testMinimumPhpVersion.php
5 years ago
FrontController.php
801 lines
| 1 | <?php |
| 2 | /** |
| 3 | * Matomo - free/libre analytics platform |
| 4 | * |
| 5 | * @link https://matomo.org |
| 6 | * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later |
| 7 | * |
| 8 | */ |
| 9 | |
| 10 | namespace Piwik; |
| 11 | |
| 12 | use Exception; |
| 13 | use Piwik\API\Request; |
| 14 | use Piwik\Container\StaticContainer; |
| 15 | use Piwik\Exception\AuthenticationFailedException; |
| 16 | use Piwik\Exception\DatabaseSchemaIsNewerThanCodebaseException; |
| 17 | use Piwik\Exception\PluginDeactivatedException; |
| 18 | use Piwik\Exception\PluginRequiresInternetException; |
| 19 | use Piwik\Exception\StylesheetLessCompileException; |
| 20 | use Piwik\Http\ControllerResolver; |
| 21 | use Piwik\Http\Router; |
| 22 | use Piwik\Plugins\CoreAdminHome\CustomLogo; |
| 23 | use Piwik\Session\SessionAuth; |
| 24 | use Piwik\Session\SessionInitializer; |
| 25 | use Piwik\SupportedBrowser; |
| 26 | use Psr\Log\LoggerInterface; |
| 27 | |
| 28 | /** |
| 29 | * This singleton dispatches requests to the appropriate plugin Controller. |
| 30 | * |
| 31 | * Piwik uses this class for all requests that go through **index.php**. Plugins can |
| 32 | * use it to call controller actions of other plugins. |
| 33 | * |
| 34 | * ### Examples |
| 35 | * |
| 36 | * **Forwarding controller requests** |
| 37 | * |
| 38 | * public function myConfiguredRealtimeMap() |
| 39 | * { |
| 40 | * $_GET['changeVisitAlpha'] = false; |
| 41 | * $_GET['removeOldVisits'] = false; |
| 42 | * $_GET['showFooterMessage'] = false; |
| 43 | * return FrontController::getInstance()->dispatch('UserCountryMap', 'realtimeMap'); |
| 44 | * } |
| 45 | * |
| 46 | * **Using other plugin controller actions** |
| 47 | * |
| 48 | * public function myPopupWithRealtimeMap() |
| 49 | * { |
| 50 | * $_GET['changeVisitAlpha'] = false; |
| 51 | * $_GET['removeOldVisits'] = false; |
| 52 | * $_GET['showFooterMessage'] = false; |
| 53 | * $realtimeMap = FrontController::getInstance()->dispatch('UserCountryMap', 'realtimeMap'); |
| 54 | * |
| 55 | * $view = new View('@MyPlugin/myPopupWithRealtimeMap.twig'); |
| 56 | * $view->realtimeMap = $realtimeMap; |
| 57 | * return $realtimeMap->render(); |
| 58 | * } |
| 59 | * |
| 60 | * For a detailed explanation, see the documentation [here](https://developer.piwik.org/guides/how-piwik-works). |
| 61 | * |
| 62 | * @method static \Piwik\FrontController getInstance() |
| 63 | */ |
| 64 | class FrontController extends Singleton |
| 65 | { |
| 66 | const DEFAULT_MODULE = 'CoreHome'; |
| 67 | const DEFAULT_LOGIN = 'anonymous'; |
| 68 | const DEFAULT_TOKEN_AUTH = 'anonymous'; |
| 69 | |
| 70 | // public for tests |
| 71 | public static $requestId = null; |
| 72 | |
| 73 | /** |
| 74 | * Set to false and the Front Controller will not dispatch the request |
| 75 | * |
| 76 | * @var bool |
| 77 | */ |
| 78 | public static $enableDispatch = true; |
| 79 | |
| 80 | /** |
| 81 | * @var bool |
| 82 | */ |
| 83 | private $initialized = false; |
| 84 | |
| 85 | /** |
| 86 | * @param $lastError |
| 87 | * @return string |
| 88 | * @throws AuthenticationFailedException |
| 89 | * @throws Exception |
| 90 | */ |
| 91 | private static function generateSafeModeOutputFromError($lastError) |
| 92 | { |
| 93 | Common::sendResponseCode(500); |
| 94 | |
| 95 | $controller = FrontController::getInstance(); |
| 96 | try { |
| 97 | $controller->init(); |
| 98 | $message = $controller->dispatch('CorePluginsAdmin', 'safemode', array($lastError)); |
| 99 | } catch(Exception $e) { |
| 100 | // may fail in safe mode (eg. global.ini.php not found) |
| 101 | $message = sprintf("Matomo encountered an error: %s (which lead to: %s)", $lastError['message'], $e->getMessage()); |
| 102 | } |
| 103 | |
| 104 | return $message; |
| 105 | } |
| 106 | |
| 107 | /** |
| 108 | * @param Exception $e |
| 109 | * @return string |
| 110 | */ |
| 111 | public static function generateSafeModeOutputFromException($e) |
| 112 | { |
| 113 | StaticContainer::get(LoggerInterface::class)->error('Uncaught exception: {exception}', [ |
| 114 | 'exception' => $e, |
| 115 | 'ignoreInScreenWriter' => true, |
| 116 | ]); |
| 117 | |
| 118 | $error = array( |
| 119 | 'message' => $e->getMessage(), |
| 120 | 'file' => $e->getFile(), |
| 121 | 'line' => $e->getLine(), |
| 122 | ); |
| 123 | |
| 124 | if (isset(self::$requestId)) { |
| 125 | $error['request_id'] = self::$requestId; |
| 126 | } |
| 127 | |
| 128 | $error['backtrace'] = ' on ' . $error['file'] . '(' . $error['line'] . ")\n"; |
| 129 | $error['backtrace'] .= $e->getTraceAsString(); |
| 130 | |
| 131 | $exception = $e; |
| 132 | while ($exception = $exception->getPrevious()) { |
| 133 | $error['backtrace'] .= "\ncaused by: " . $exception->getMessage(); |
| 134 | $error['backtrace'] .= ' on ' . $exception->getFile() . '(' . $exception->getLine() . ")\n"; |
| 135 | $error['backtrace'] .= $exception->getTraceAsString(); |
| 136 | } |
| 137 | |
| 138 | return self::generateSafeModeOutputFromError($error); |
| 139 | } |
| 140 | |
| 141 | /** |
| 142 | * Executes the requested plugin controller method. |
| 143 | * |
| 144 | * @throws Exception|\Piwik\Exception\PluginDeactivatedException in case the plugin doesn't exist, the action doesn't exist, |
| 145 | * there is not enough permission, etc. |
| 146 | * |
| 147 | * @param string $module The name of the plugin whose controller to execute, eg, `'UserCountryMap'`. |
| 148 | * @param string $action The controller method name, eg, `'realtimeMap'`. |
| 149 | * @param array $parameters Array of parameters to pass to the controller method. |
| 150 | * @return void|mixed The returned value of the call. This is the output of the controller method. |
| 151 | * @api |
| 152 | */ |
| 153 | public function dispatch($module = null, $action = null, $parameters = null) |
| 154 | { |
| 155 | if (self::$enableDispatch === false) { |
| 156 | return; |
| 157 | } |
| 158 | |
| 159 | $filter = new Router(); |
| 160 | $redirection = $filter->filterUrl(Url::getCurrentUrl()); |
| 161 | if ($redirection !== null) { |
| 162 | Url::redirectToUrl($redirection); |
| 163 | return; |
| 164 | } |
| 165 | |
| 166 | try { |
| 167 | $result = $this->doDispatch($module, $action, $parameters); |
| 168 | return $result; |
| 169 | } catch (NoAccessException $exception) { |
| 170 | Log::debug($exception); |
| 171 | |
| 172 | /** |
| 173 | * Triggered when a user with insufficient access permissions tries to view some resource. |
| 174 | * |
| 175 | * This event can be used to customize the error that occurs when a user is denied access |
| 176 | * (for example, displaying an error message, redirecting to a page other than login, etc.). |
| 177 | * |
| 178 | * @param \Piwik\NoAccessException $exception The exception that was caught. |
| 179 | */ |
| 180 | Piwik::postEvent('User.isNotAuthorized', array($exception), $pending = true); |
| 181 | } catch (\Twig\Error\RuntimeError $e) { |
| 182 | echo $this->generateSafeModeOutputFromException($e); |
| 183 | exit; |
| 184 | } catch(StylesheetLessCompileException $e) { |
| 185 | echo $this->generateSafeModeOutputFromException($e); |
| 186 | exit; |
| 187 | } catch(\Error $e) { |
| 188 | echo $this->generateSafeModeOutputFromException($e); |
| 189 | exit; |
| 190 | } |
| 191 | } |
| 192 | |
| 193 | /** |
| 194 | * Executes the requested plugin controller method and returns the data, capturing anything the |
| 195 | * method `echo`s. |
| 196 | * |
| 197 | * _Note: If the plugin controller returns something, the return value is returned instead |
| 198 | * of whatever is in the output buffer._ |
| 199 | * |
| 200 | * @param string $module The name of the plugin whose controller to execute, eg, `'UserCountryMap'`. |
| 201 | * @param string $actionName The controller action name, eg, `'realtimeMap'`. |
| 202 | * @param array $parameters Array of parameters to pass to the controller action method. |
| 203 | * @return string The `echo`'d data or the return value of the controller action. |
| 204 | */ |
| 205 | public function fetchDispatch($module = null, $actionName = null, $parameters = null) |
| 206 | { |
| 207 | ob_start(); |
| 208 | $output = $this->dispatch($module, $actionName, $parameters); |
| 209 | // if nothing returned we try to load something that was printed on the screen |
| 210 | if (empty($output)) { |
| 211 | $output = ob_get_contents(); |
| 212 | } else { |
| 213 | // if something was returned, flush output buffer as it is meant to be written to the screen |
| 214 | ob_flush(); |
| 215 | } |
| 216 | ob_end_clean(); |
| 217 | return $output; |
| 218 | } |
| 219 | |
| 220 | /** |
| 221 | * Called at the end of the page generation |
| 222 | */ |
| 223 | public function __destruct() |
| 224 | { |
| 225 | try { |
| 226 | if (class_exists('Piwik\\Profiler') |
| 227 | && !SettingsServer::isTrackerApiRequest() |
| 228 | ) { |
| 229 | // in tracker mode Piwik\Tracker\Db\Pdo\Mysql does currently not implement profiling |
| 230 | Profiler::displayDbProfileReport(); |
| 231 | Profiler::printQueryCount(); |
| 232 | } |
| 233 | } catch (Exception $e) { |
| 234 | Log::debug($e); |
| 235 | } |
| 236 | } |
| 237 | |
| 238 | // Should we show exceptions messages directly rather than display an html error page? |
| 239 | public static function shouldRethrowException() |
| 240 | { |
| 241 | // If we are in no dispatch mode, eg. a script reusing Piwik libs, |
| 242 | // then we should return the exception directly, rather than trigger the event "bad config file" |
| 243 | // which load the HTML page of the installer with the error. |
| 244 | return (defined('PIWIK_ENABLE_DISPATCH') && !PIWIK_ENABLE_DISPATCH) |
| 245 | || Common::isPhpCliMode() |
| 246 | || SettingsServer::isArchivePhpTriggered(); |
| 247 | } |
| 248 | |
| 249 | public static function setUpSafeMode() |
| 250 | { |
| 251 | register_shutdown_function(array('\\Piwik\\FrontController', 'triggerSafeModeWhenError')); |
| 252 | } |
| 253 | |
| 254 | public static function triggerSafeModeWhenError() |
| 255 | { |
| 256 | $lastError = error_get_last(); |
| 257 | |
| 258 | if (!empty($lastError) && isset(self::$requestId)) { |
| 259 | $lastError['request_id'] = self::$requestId; |
| 260 | } |
| 261 | |
| 262 | if (!empty($lastError) && $lastError['type'] == E_ERROR) { |
| 263 | $lastError['backtrace'] = ' on ' . $lastError['file'] . '(' . $lastError['line'] . ")\n" |
| 264 | . ErrorHandler::getFatalErrorPartialBacktrace(); |
| 265 | |
| 266 | StaticContainer::get(LoggerInterface::class)->error('Fatal error encountered: {exception}', [ |
| 267 | 'exception' => $lastError, |
| 268 | 'ignoreInScreenWriter' => true, |
| 269 | ]); |
| 270 | |
| 271 | $message = self::generateSafeModeOutputFromError($lastError); |
| 272 | echo $message; |
| 273 | } |
| 274 | } |
| 275 | |
| 276 | /** |
| 277 | * Must be called before dispatch() |
| 278 | * - checks that directories are writable, |
| 279 | * - loads the configuration file, |
| 280 | * - loads the plugin, |
| 281 | * - inits the DB connection, |
| 282 | * - etc. |
| 283 | * |
| 284 | * @throws Exception |
| 285 | * @return void |
| 286 | */ |
| 287 | public function init() |
| 288 | { |
| 289 | if ($this->initialized) { |
| 290 | return; |
| 291 | } |
| 292 | |
| 293 | self::setRequestIdHeader(); |
| 294 | |
| 295 | $this->initialized = true; |
| 296 | |
| 297 | $tmpPath = StaticContainer::get('path.tmp'); |
| 298 | |
| 299 | $directoriesToCheck = array( |
| 300 | $tmpPath, |
| 301 | $tmpPath . '/assets/', |
| 302 | $tmpPath . '/cache/', |
| 303 | $tmpPath . '/logs/', |
| 304 | $tmpPath . '/tcpdf/', |
| 305 | $tmpPath . '/templates_c/', |
| 306 | ); |
| 307 | |
| 308 | Filechecks::dieIfDirectoriesNotWritable($directoriesToCheck); |
| 309 | |
| 310 | $this->handleMaintenanceMode(); |
| 311 | $this->handleProfiler(); |
| 312 | $this->handleSSLRedirection(); |
| 313 | |
| 314 | Plugin\Manager::getInstance()->loadPluginTranslations(); |
| 315 | Plugin\Manager::getInstance()->loadActivatedPlugins(); |
| 316 | |
| 317 | // try to connect to the database |
| 318 | try { |
| 319 | Db::createDatabaseObject(); |
| 320 | Db::fetchAll("SELECT DATABASE()"); |
| 321 | } catch (Exception $exception) { |
| 322 | if (self::shouldRethrowException()) { |
| 323 | throw $exception; |
| 324 | } |
| 325 | |
| 326 | Log::debug($exception); |
| 327 | |
| 328 | /** |
| 329 | * Triggered when Piwik cannot connect to the database. |
| 330 | * |
| 331 | * This event can be used to start the installation process or to display a custom error |
| 332 | * message. |
| 333 | * |
| 334 | * @param Exception $exception The exception thrown from creating and testing the database |
| 335 | * connection. |
| 336 | */ |
| 337 | Piwik::postEvent('Db.cannotConnectToDb', array($exception), $pending = true); |
| 338 | |
| 339 | throw $exception; |
| 340 | } |
| 341 | |
| 342 | // try to get an option (to check if data can be queried) |
| 343 | try { |
| 344 | Option::get('TestingIfDatabaseConnectionWorked'); |
| 345 | } catch (Exception $exception) { |
| 346 | if (self::shouldRethrowException()) { |
| 347 | throw $exception; |
| 348 | } |
| 349 | |
| 350 | Log::debug($exception); |
| 351 | |
| 352 | /** |
| 353 | * Triggered when Piwik cannot access database data. |
| 354 | * |
| 355 | * This event can be used to start the installation process or to display a custom error |
| 356 | * message. |
| 357 | * |
| 358 | * @param Exception $exception The exception thrown from trying to get an option value. |
| 359 | */ |
| 360 | Piwik::postEvent('Config.badConfigurationFile', array($exception), $pending = true); |
| 361 | |
| 362 | throw $exception; |
| 363 | } |
| 364 | |
| 365 | // Init the Access object, so that eg. core/Updates/* can enforce Super User and use some APIs |
| 366 | Access::getInstance(); |
| 367 | |
| 368 | /** |
| 369 | * Triggered just after the platform is initialized and plugins are loaded. |
| 370 | * |
| 371 | * This event can be used to do early initialization. |
| 372 | * |
| 373 | * _Note: At this point the user is not authenticated yet._ |
| 374 | */ |
| 375 | Piwik::postEvent('Request.dispatchCoreAndPluginUpdatesScreen'); |
| 376 | |
| 377 | $this->throwIfPiwikVersionIsOlderThanDBSchema(); |
| 378 | |
| 379 | $module = Piwik::getModule(); |
| 380 | $action = Piwik::getAction(); |
| 381 | |
| 382 | if (empty($module) |
| 383 | || empty($action) |
| 384 | || $module !== 'Installation' |
| 385 | || !in_array($action, array('getInstallationCss', 'getInstallationJs'))) { |
| 386 | \Piwik\Plugin\Manager::getInstance()->installLoadedPlugins(); |
| 387 | } |
| 388 | |
| 389 | // ensure the current Piwik URL is known for later use |
| 390 | if (method_exists('Piwik\SettingsPiwik', 'getPiwikUrl')) { |
| 391 | SettingsPiwik::getPiwikUrl(); |
| 392 | } |
| 393 | |
| 394 | $loggedIn = false; |
| 395 | |
| 396 | // don't use sessionauth in cli mode |
| 397 | // try authenticating w/ session first... |
| 398 | $sessionAuth = $this->makeSessionAuthenticator(); |
| 399 | if ($sessionAuth) { |
| 400 | $loggedIn = Access::getInstance()->reloadAccess($sessionAuth); |
| 401 | } |
| 402 | |
| 403 | // ... if session auth fails try normal auth (which will login the anonymous user) |
| 404 | if (!$loggedIn) { |
| 405 | $authAdapter = $this->makeAuthenticator(); |
| 406 | $success = Access::getInstance()->reloadAccess($authAdapter); |
| 407 | |
| 408 | if ($success |
| 409 | && Piwik::isUserIsAnonymous() |
| 410 | && $authAdapter->getLogin() === 'anonymous' //double checking the login |
| 411 | && Piwik::isUserHasSomeViewAccess() |
| 412 | && Session::isSessionStarted()) { // only if session was started, don't do it eg for API |
| 413 | // usually the session would be started when someone logs in using login controller. But in this |
| 414 | // case we need to init session here for anoynymous users |
| 415 | $init = StaticContainer::get(SessionInitializer::class); |
| 416 | $init->initSession($authAdapter); |
| 417 | } |
| 418 | } else { |
| 419 | $this->makeAuthenticator($sessionAuth); // Piwik\Auth must be set to the correct Login plugin |
| 420 | } |
| 421 | |
| 422 | if ($this->isSupportedBrowserCheckNeeded()) { |
| 423 | SupportedBrowser::checkIfBrowserSupported(); |
| 424 | } |
| 425 | |
| 426 | // Force the auth to use the token_auth if specified, so that embed dashboard |
| 427 | // and all other non widgetized controller methods works fine |
| 428 | if (Common::getRequestVar('token_auth', '', 'string') !== '' |
| 429 | && Request::shouldReloadAuthUsingTokenAuth(null) |
| 430 | ) { |
| 431 | Request::reloadAuthUsingTokenAuth(); |
| 432 | Request::checkTokenAuthIsNotLimited($module, $action); |
| 433 | } |
| 434 | |
| 435 | SettingsServer::raiseMemoryLimitIfNecessary(); |
| 436 | |
| 437 | \Piwik\Plugin\Manager::getInstance()->postLoadPlugins(); |
| 438 | |
| 439 | /** |
| 440 | * Triggered after the platform is initialized and after the user has been authenticated, but |
| 441 | * before the platform has handled the request. |
| 442 | * |
| 443 | * Piwik uses this event to check for updates to Piwik. |
| 444 | */ |
| 445 | Piwik::postEvent('Platform.initialized'); |
| 446 | } |
| 447 | |
| 448 | protected function prepareDispatch($module, $action, $parameters) |
| 449 | { |
| 450 | if (is_null($module)) { |
| 451 | $module = Common::getRequestVar('module', self::DEFAULT_MODULE, 'string'); |
| 452 | } |
| 453 | |
| 454 | if (is_null($action)) { |
| 455 | $action = Common::getRequestVar('action', false); |
| 456 | } |
| 457 | |
| 458 | if (Session::isSessionStarted()) { |
| 459 | $this->closeSessionEarlyForFasterUI(); |
| 460 | } |
| 461 | |
| 462 | if (is_null($parameters)) { |
| 463 | $parameters = array(); |
| 464 | } |
| 465 | |
| 466 | if (!ctype_alnum($module)) { |
| 467 | throw new Exception("Invalid module name '$module'"); |
| 468 | } |
| 469 | |
| 470 | list($module, $action) = Request::getRenamedModuleAndAction($module, $action); |
| 471 | |
| 472 | if (!SettingsPiwik::isInternetEnabled() && \Piwik\Plugin\Manager::getInstance()->doesPluginRequireInternetConnection($module)) { |
| 473 | throw new PluginRequiresInternetException($module); |
| 474 | } |
| 475 | |
| 476 | if (!\Piwik\Plugin\Manager::getInstance()->isPluginActivated($module)) { |
| 477 | throw new PluginDeactivatedException($module); |
| 478 | } |
| 479 | |
| 480 | return array($module, $action, $parameters); |
| 481 | } |
| 482 | |
| 483 | protected function handleMaintenanceMode() |
| 484 | { |
| 485 | if ((Config::getInstance()->General['maintenance_mode'] != 1) || Common::isPhpCliMode()) { |
| 486 | return; |
| 487 | } |
| 488 | Common::sendResponseCode(503); |
| 489 | |
| 490 | $logoUrl = 'plugins/Morpheus/images/logo.svg'; |
| 491 | $faviconUrl = 'plugins/CoreHome/images/favicon.png'; |
| 492 | try { |
| 493 | $logo = new CustomLogo(); |
| 494 | if ($logo->hasSVGLogo()) { |
| 495 | $logoUrl = $logo->getSVGLogoUrl(); |
| 496 | } else { |
| 497 | $logoUrl = $logo->getHeaderLogoUrl(); |
| 498 | } |
| 499 | $faviconUrl = $logo->getPathUserFavicon(); |
| 500 | } catch (Exception $ex) { |
| 501 | } |
| 502 | |
| 503 | $recordStatistics = Config::getInstance()->Tracker['record_statistics']; |
| 504 | $trackMessage = ''; |
| 505 | |
| 506 | if ($recordStatistics) { |
| 507 | $trackMessage = 'Your analytics data will continue to be tracked as normal.'; |
| 508 | } else { |
| 509 | $trackMessage = 'While the maintenance mode is active, data tracking is disabled.'; |
| 510 | } |
| 511 | |
| 512 | $page = file_get_contents(PIWIK_INCLUDE_PATH . '/plugins/Morpheus/templates/maintenance.tpl'); |
| 513 | $page = str_replace('%logoUrl%', $logoUrl, $page); |
| 514 | $page = str_replace('%faviconUrl%', $faviconUrl, $page); |
| 515 | $page = str_replace('%piwikTitle%', Piwik::getRandomTitle(), $page); |
| 516 | |
| 517 | $page = str_replace('%trackMessage%', $trackMessage, $page); |
| 518 | |
| 519 | echo $page; |
| 520 | exit; |
| 521 | } |
| 522 | |
| 523 | protected function handleSSLRedirection() |
| 524 | { |
| 525 | // Specifically disable for the opt out iframe |
| 526 | if (Piwik::getModule() == 'CoreAdminHome' && Piwik::getAction() == 'optOut') { |
| 527 | return; |
| 528 | } |
| 529 | // Disable Https for VisitorGenerator |
| 530 | if (Piwik::getModule() == 'VisitorGenerator') { |
| 531 | return; |
| 532 | } |
| 533 | if (Common::isPhpCliMode()) { |
| 534 | return; |
| 535 | } |
| 536 | // proceed only when force_ssl = 1 |
| 537 | if (!SettingsPiwik::isHttpsForced()) { |
| 538 | return; |
| 539 | } |
| 540 | Url::redirectToHttps(); |
| 541 | } |
| 542 | |
| 543 | private function closeSessionEarlyForFasterUI() |
| 544 | { |
| 545 | $isDashboardReferrer = !empty($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'module=CoreHome&action=index') !== false; |
| 546 | $isAllWebsitesReferrer = !empty($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'module=MultiSites&action=index') !== false; |
| 547 | |
| 548 | if ($isDashboardReferrer |
| 549 | && !empty($_POST['token_auth']) |
| 550 | && Common::getRequestVar('widget', 0, 'int') === 1 |
| 551 | ) { |
| 552 | Session::close(); |
| 553 | } |
| 554 | |
| 555 | if (($isDashboardReferrer || $isAllWebsitesReferrer) |
| 556 | && Common::getRequestVar('viewDataTable', '', 'string') === 'sparkline' |
| 557 | ) { |
| 558 | Session::close(); |
| 559 | } |
| 560 | } |
| 561 | |
| 562 | private function handleProfiler() |
| 563 | { |
| 564 | $profilerEnabled = Config::getInstance()->Debug['enable_php_profiler'] == 1; |
| 565 | if (!$profilerEnabled) { |
| 566 | return; |
| 567 | } |
| 568 | |
| 569 | if (!empty($_GET['xhprof'])) { |
| 570 | $mainRun = $_GET['xhprof'] == 1; // core:archive command sets xhprof=2 |
| 571 | Profiler::setupProfilerXHProf($mainRun); |
| 572 | } |
| 573 | } |
| 574 | |
| 575 | /** |
| 576 | * @param $module |
| 577 | * @param $action |
| 578 | * @param $parameters |
| 579 | * @return mixed |
| 580 | */ |
| 581 | private function doDispatch($module, $action, $parameters) |
| 582 | { |
| 583 | list($module, $action, $parameters) = $this->prepareDispatch($module, $action, $parameters); |
| 584 | |
| 585 | /** |
| 586 | * Triggered directly before controller actions are dispatched. |
| 587 | * |
| 588 | * This event can be used to modify the parameters passed to one or more controller actions |
| 589 | * and can be used to change the controller action being dispatched to. |
| 590 | * |
| 591 | * @param string &$module The name of the plugin being dispatched to. |
| 592 | * @param string &$action The name of the controller method being dispatched to. |
| 593 | * @param array &$parameters The arguments passed to the controller action. |
| 594 | */ |
| 595 | Piwik::postEvent('Request.dispatch', array(&$module, &$action, &$parameters)); |
| 596 | |
| 597 | /** @var ControllerResolver $controllerResolver */ |
| 598 | $controllerResolver = StaticContainer::get('Piwik\Http\ControllerResolver'); |
| 599 | |
| 600 | $controller = $controllerResolver->getController($module, $action, $parameters); |
| 601 | |
| 602 | /** |
| 603 | * Triggered directly before controller actions are dispatched. |
| 604 | * |
| 605 | * This event exists for convenience and is triggered directly after the {@hook Request.dispatch} |
| 606 | * event is triggered. |
| 607 | * |
| 608 | * It can be used to do the same things as the {@hook Request.dispatch} event, but for one controller |
| 609 | * action only. Using this event will result in a little less code than {@hook Request.dispatch}. |
| 610 | * |
| 611 | * @param array &$parameters The arguments passed to the controller action. |
| 612 | */ |
| 613 | Piwik::postEvent(sprintf('Controller.%s.%s', $module, $action), array(&$parameters)); |
| 614 | |
| 615 | $result = call_user_func_array($controller, $parameters); |
| 616 | |
| 617 | /** |
| 618 | * Triggered after a controller action is successfully called. |
| 619 | * |
| 620 | * This event exists for convenience and is triggered immediately before the {@hook Request.dispatch.end} |
| 621 | * event is triggered. |
| 622 | * |
| 623 | * It can be used to do the same things as the {@hook Request.dispatch.end} event, but for one |
| 624 | * controller action only. Using this event will result in a little less code than |
| 625 | * {@hook Request.dispatch.end}. |
| 626 | * |
| 627 | * @param mixed &$result The result of the controller action. |
| 628 | * @param array $parameters The arguments passed to the controller action. |
| 629 | */ |
| 630 | Piwik::postEvent(sprintf('Controller.%s.%s.end', $module, $action), array(&$result, $parameters)); |
| 631 | |
| 632 | /** |
| 633 | * Triggered after a controller action is successfully called. |
| 634 | * |
| 635 | * This event can be used to modify controller action output (if any) before the output is returned. |
| 636 | * |
| 637 | * @param mixed &$result The controller action result. |
| 638 | * @param array $parameters The arguments passed to the controller action. |
| 639 | */ |
| 640 | Piwik::postEvent('Request.dispatch.end', array(&$result, $module, $action, $parameters)); |
| 641 | |
| 642 | return $result; |
| 643 | } |
| 644 | |
| 645 | /** |
| 646 | * This method ensures that Piwik Platform cannot be running when using a NEWER database. |
| 647 | */ |
| 648 | private function throwIfPiwikVersionIsOlderThanDBSchema() |
| 649 | { |
| 650 | // When developing this situation happens often when switching branches |
| 651 | if (Development::isEnabled()) { |
| 652 | return; |
| 653 | } |
| 654 | |
| 655 | if (!StaticContainer::get('EnableDbVersionCheck')) { |
| 656 | return; |
| 657 | } |
| 658 | |
| 659 | $updater = new Updater(); |
| 660 | |
| 661 | $dbSchemaVersion = $updater->getCurrentComponentVersion('core'); |
| 662 | $current = Version::VERSION; |
| 663 | if (-1 === version_compare($current, $dbSchemaVersion)) { |
| 664 | $messages = array( |
| 665 | Piwik::translate('General_ExceptionDatabaseVersionNewerThanCodebase', array($current, $dbSchemaVersion)), |
| 666 | Piwik::translate('General_ExceptionDatabaseVersionNewerThanCodebaseWait'), |
| 667 | // we cannot fill in the Super User emails as we are failing before Authentication was ready |
| 668 | Piwik::translate('General_ExceptionContactSupportGeneric', array('', '')) |
| 669 | ); |
| 670 | throw new DatabaseSchemaIsNewerThanCodebaseException(implode(" ", $messages)); |
| 671 | } |
| 672 | } |
| 673 | |
| 674 | private function makeSessionAuthenticator() |
| 675 | { |
| 676 | if (Common::isPhpClimode() |
| 677 | && !defined('PIWIK_TEST_MODE') |
| 678 | ) { // don't use the session auth during CLI requests |
| 679 | return null; |
| 680 | } |
| 681 | |
| 682 | if (Common::getRequestVar('token_auth', '', 'string') !== '' && !Common::getRequestVar('force_api_session', 0)) { |
| 683 | return null; |
| 684 | } |
| 685 | |
| 686 | $module = Common::getRequestVar('module', self::DEFAULT_MODULE, 'string'); |
| 687 | $action = Common::getRequestVar('action', false); |
| 688 | |
| 689 | // the session must be started before using the session authenticator, |
| 690 | // so we do it here, if this is not an API request. |
| 691 | if (SettingsPiwik::isMatomoInstalled() |
| 692 | && ($module !== 'API' || ($action && $action !== 'index')) |
| 693 | ) { |
| 694 | /** |
| 695 | * @ignore |
| 696 | */ |
| 697 | Piwik::postEvent('Session.beforeSessionStart'); |
| 698 | |
| 699 | Session::start(); |
| 700 | return StaticContainer::get(SessionAuth::class); |
| 701 | } |
| 702 | |
| 703 | return null; |
| 704 | } |
| 705 | |
| 706 | private function makeAuthenticator(SessionAuth $auth = null) |
| 707 | { |
| 708 | /** |
| 709 | * Triggered before the user is authenticated, when the global authentication object |
| 710 | * should be created. |
| 711 | * |
| 712 | * Plugins that provide their own authentication implementation should use this event |
| 713 | * to set the global authentication object (which must derive from {@link Piwik\Auth}). |
| 714 | * |
| 715 | * **Example** |
| 716 | * |
| 717 | * Piwik::addAction('Request.initAuthenticationObject', function() { |
| 718 | * StaticContainer::getContainer()->set('Piwik\Auth', new MyAuthImplementation()); |
| 719 | * }); |
| 720 | */ |
| 721 | Piwik::postEvent('Request.initAuthenticationObject'); |
| 722 | try { |
| 723 | $authAdapter = StaticContainer::get('Piwik\Auth'); |
| 724 | } catch (Exception $e) { |
| 725 | $message = "Authentication object cannot be found in the container. Maybe the Login plugin is not activated? |
| 726 | <br />You can activate the plugin by adding:<br /> |
| 727 | <code>Plugins[] = Login</code><br /> |
| 728 | under the <code>[Plugins]</code> section in your config/config.ini.php"; |
| 729 | |
| 730 | $ex = new AuthenticationFailedException($message); |
| 731 | $ex->setIsHtmlMessage(); |
| 732 | |
| 733 | throw $ex; |
| 734 | } |
| 735 | |
| 736 | if ($auth) { |
| 737 | $authAdapter->setLogin($auth->getLogin()); |
| 738 | $authAdapter->setTokenAuth($auth->getTokenAuth()); |
| 739 | } else { |
| 740 | $authAdapter->setLogin(self::DEFAULT_LOGIN); |
| 741 | $authAdapter->setTokenAuth(self::DEFAULT_TOKEN_AUTH); |
| 742 | } |
| 743 | |
| 744 | return $authAdapter; |
| 745 | } |
| 746 | |
| 747 | public static function getUniqueRequestId() |
| 748 | { |
| 749 | if (self::$requestId === null) { |
| 750 | self::$requestId = substr(Common::generateUniqId(), 0, 5); |
| 751 | } |
| 752 | return self::$requestId; |
| 753 | } |
| 754 | |
| 755 | private static function setRequestIdHeader() |
| 756 | { |
| 757 | $requestId = self::getUniqueRequestId(); |
| 758 | Common::sendHeader("X-Matomo-Request-Id: $requestId"); |
| 759 | } |
| 760 | |
| 761 | private function isSupportedBrowserCheckNeeded() |
| 762 | { |
| 763 | if (defined('PIWIK_ENABLE_DISPATCH') && !PIWIK_ENABLE_DISPATCH) { |
| 764 | return false; |
| 765 | } |
| 766 | |
| 767 | $userAgent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; |
| 768 | if ($userAgent === '') { |
| 769 | return false; |
| 770 | } |
| 771 | |
| 772 | $isTestMode = defined('PIWIK_TEST_MODE') && PIWIK_TEST_MODE; |
| 773 | if (!$isTestMode && Common::isPhpCliMode() === true) { |
| 774 | return false; |
| 775 | } |
| 776 | |
| 777 | if (Piwik::getModule() === 'API' && (empty(Piwik::getAction()) || Piwik::getAction() === 'index' || Piwik::getAction() === 'glossary')) { |
| 778 | return false; |
| 779 | } |
| 780 | |
| 781 | if (Piwik::getModule() === 'Widgetize') { |
| 782 | return true; |
| 783 | } |
| 784 | |
| 785 | $generalConfig = Config::getInstance()->General; |
| 786 | if ($generalConfig['enable_framed_pages'] == '1' || $generalConfig['enable_framed_settings'] == '1') { |
| 787 | return true; |
| 788 | } |
| 789 | |
| 790 | if (Common::getRequestVar('token_auth', '', 'string') !== '') { |
| 791 | return true; |
| 792 | } |
| 793 | |
| 794 | if (Piwik::isUserIsAnonymous()) { |
| 795 | return true; |
| 796 | } |
| 797 | |
| 798 | return false; |
| 799 | } |
| 800 | } |
| 801 |