Refs #3080

* Make sure a Port change results in warning message * Disabling trusted host chek should disable the Nonce check (otherwise login will still fail) * Displayed message in header.tpl rather than index,tpl since other "top menus" don't display 'index.tpl' * Login will never work when trusted host warning is displayed (because of Nonce check) so let's be clear and suggest a clear fix for this issue git-svn-id: http://dev.piwik.org/svn/trunk@7301 59fd770c-687e-43c8-a1e3-f5a4ff64c105

Refs #3080
492da7b5 · mattpiwik · ac310375 · 492da7b5 · 492da7b5 · 492da7b5
--- a/core/Controller.php
+++ b/core/Controller.php
@@ -525,7 +525,7 @@ abstract class Piwik_Controller
 			$warningStart = Piwik_Translate('CoreHome_InjectedHostWarningIntro', array(
 				'<strong>'.$invalidUrl.'</strong>',
 				'<strong>'.$validUrl.'</strong>'
-			));
+			)) . ' <br/>';
 			
 			if (Piwik::isUserIsSuperUser())
 			{
@@ -534,7 +534,7 @@ abstract class Piwik_Controller
 						"<a href=\"$changeTrustedHostsUrl\">",
 						$invalidHost,
 						'</a>',
-						"<a href=\"$validUrl\">",
+						"<br/><a href=\"$validUrl\">",
 						$validHost,
 						'</a>'
 					));
@@ -543,13 +543,17 @@ abstract class Piwik_Controller
 			{
 				$view->invalidHostMessage = $warningStart . ' '
 					. Piwik_Translate('CoreHome_InjectedHostNonSuperUserWarning', array(
-						"<a href=\"$validUrl\">",
+						"<br/><a href=\"$validUrl\">",
 						'</a>',
 						$mailLinkStart,
 						'</a>'
 					));
 			}
-			
+			$view->invalidHostMessageHowToFix = '<b>How do I fix this problem and how do I login again?</b><br/> The Piwik Super User can manually edit the file piwik/config/config.ini.php
+						and add the following lines: <pre>[General]'."\n".'trusted_hosts[] = "'.$validHost.'"</pre><br/>After making the change, you will be able to login again.<br/><br/>
+						You may also <i>disable this security feature (not recommended)</i>. To do so edit config/config.ini.php and add:
+						<pre>[General]'."\n".'enable_trusted_host_check=0</pre>';
+
 			$view->invalidHost = $invalidHost; // for UserSettings warning
 			$view->invalidHostMailLinkStart = $mailLinkStart;
 		}

--- a/core/Url.php
+++ b/core/Url.php
@@ -191,7 +191,6 @@ class Piwik_Url
 				return true;
 			}
 		}
-		
 		// if host is in hardcoded whitelist, assume it's valid
 		if (in_array($host, self::$alwaysTrustedHosts))
 		{
@@ -199,7 +198,6 @@ class Piwik_Url
 		}
 		
 		$trustedHosts = @Piwik_Config::getInstance()->General['trusted_hosts'];
-		
 		// if no trusted hosts, just assume it's valid
 		if (empty($trustedHosts))
 		{
@@ -219,16 +217,17 @@ class Piwik_Url
 		{
 			return false;
 		}
-		
+
 		foreach ($trustedHosts as &$trustedHost)
 		{
 			$trustedHost = preg_quote($trustedHost);
 		}
-
 		$untrustedHost = Piwik_Common::mb_strtolower($host);
-		$hostRegex     = Piwik_Common::mb_strtolower('/(^|.)' . implode('|', $trustedHosts) . '(:[0-9]+)?$/');
-
-		return 0 !== preg_match($hostRegex, rtrim($untrustedHost, '.'));
+		$untrustedHost = rtrim($untrustedHost, '.');
+		$hostRegex     = Piwik_Common::mb_strtolower('/(^|.)' . implode('|', $trustedHosts) . '$/');
+		$result = preg_match($hostRegex, $untrustedHost);
+//		var_dump($hostRegex);var_dump($untrustedHost);var_dump($result);
+		return 0 !== $result;
 	}

 	/**
@@ -248,7 +247,7 @@ class Piwik_Url
 		{
 			return $host;
 		}
-		
+
 		// HTTP/1.0 request doesn't include Host: header
 		if (isset($_SERVER['SERVER_ADDR']))
 		{
@@ -442,11 +441,12 @@ class Piwik_Url
 		// drop port numbers from hostnames and IP addresses
 		$hosts = array_map(array('Piwik_IP', 'sanitizeIp'), $hosts);

+		$disableHostCheck = Piwik_Config::getInstance()->General['enable_trusted_host_check'] == 0;
 		// compare scheme and host
 		$parsedUrl = @parse_url($url);
 		$host = Piwik_IP::sanitizeIp(@$parsedUrl['host']);
 		return     !empty($host)
-				&& in_array($host, $hosts)
+				&& ($disableHostCheck || in_array($host, $hosts))
 				&& !empty($parsedUrl['scheme'])
 				&& in_array($parsedUrl['scheme'], array('http', 'https'));
 	}

--- a/plugins/CoreHome/templates/header.tpl
+++ b/plugins/CoreHome/templates/header.tpl
@@ -27,4 +27,13 @@
 <div class="ui-confirm" id="alert">
    <h2></h2>
    <input id="yes" type="button" value="{'General_Ok'|translate}" />
-</div>
\ No newline at end of file
+</div>
+
+{* untrusted host warning *}
+{if isset($isValidHost) && isset($invalidHostMessage) && !$isValidHost}
+	<div class="ajaxSuccess" style='clear:both;width:800px'>
+		<a style="float:right" href="http://piwik.org/faq/troubleshooting/#faq_171" target="_blank"><img src="themes/default/images/help_grey.png" /></a>
+		<strong>{'General_Warning'|translate}:&nbsp;</strong>{$invalidHostMessage}
+	</div>
+{/if}
+
--- a/plugins/CoreHome/templates/index.tpl
+++ b/plugins/CoreHome/templates/index.tpl
@@ -12,14 +12,6 @@
        {include file="CoreHome/templates/header_message.tpl"}
 	    {ajaxRequestErrorDiv}
    </div>
-    
-	{* untrusted host warning *}
-	{if isset($isValidHost) && isset($invalidHostMessage) && !$isValidHost}
-	<div class="ajaxSuccess">
-		<a style="float:right" href="http://piwik.org/faq/troubleshooting/#faq_171" target="_blank"><img src="themes/default/images/help_grey.png" /></a>
-		<strong>{'General_Warning'|translate}:&nbsp;</strong>{$invalidHostMessage}
-	</div>
-	{/if}

    {ajaxLoadingDiv}
    

--- a/plugins/Login/templates/login.tpl
+++ b/plugins/Login/templates/login.tpl
@@ -4,11 +4,15 @@

 {* untrusted host warning *}
 {if isset($isValidHost) && isset($invalidHostMessage) && !$isValidHost}
-<div id="login_error">
+<div id="login_error" style='width:400px'>
 	<strong>{'General_Warning'|translate}:&nbsp;</strong>{$invalidHostMessage}
-</div>
-{/if}

+	<br><br>{$invalidHostMessageHowToFix}
+	<br/><br/><a style="float:right" href="http://piwik.org/faq/troubleshooting/#faq_171" target="_blank">{'General_Help'|translate} <img style='vertical-align: bottom' src="themes/default/images/help_grey.png" /></a><br/>
+
+
+</div>
+{else}
 <div id="message_container">
 	{if $form_data.errors}
 	<div id="login_error">	
@@ -47,7 +51,6 @@
 	</p>
 </form>

-{if isset($isValidHost) && $isValidHost}
 <form id="reset_form" style="display:none;">
 	<p>
 		<label>{'Login_LoginOrEmail'|translate}:<br />
@@ -73,13 +76,10 @@
 	<input type="hidden" name="module" value="Login"/>
 	<input type="hidden" name="action" value="resetPassword"/>
 </form>
-{/if}

 <p id="nav">
-{if isset($isValidHost) && $isValidHost}
 <a id="login_form_nav" href="#" title="{'Login_LostYourPassword'|translate}">{'Login_LostYourPassword'|translate}</a>
 <a id="alternate_reset_nav" href="#" style="display:none;" title="{'Login_LogIn'|translate}">{'Login_LogIn'|translate}</a>
-{/if}
 <a id="reset_form_nav" href="#" style="display:none;" title="{'Mobile_NavigationBack'|translate}">{'General_Cancel'|translate}</a>
 </p>
 {if isset($smarty.capture.poweredByPiwik)}
@@ -91,7 +91,7 @@
 <div id="lost_password_instructions" style="display:none;">
 	<p class="message">{'Login_ResetPasswordInstructions'|translate}</p>
 </div>
-
+{/if}
 </div>
 </body>
 </html>