[TASK] Reports module uses internal data of salted passwords
[Packages/TYPO3.CMS.git] / typo3 / sysext / saltedpasswords / classes / class.tx_saltedpasswords_div.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) Marcus Krause (marcus#exp2009@t3sec.info)
6 * (c) Steffen Ritter (info@rs-websystems.de)
7 * All rights reserved
8 *
9 * This script is part of the TYPO3 project. The TYPO3 project is
10 * free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * The GNU General Public License can be found at
16 * http://www.gnu.org/copyleft/gpl.html.
17 * A copy is found in the textfile GPL.txt and important notices to the license
18 * from the author is found in LICENSE.txt distributed with these scripts.
19 *
20 *
21 * This script is distributed in the hope that it will be useful,
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 * GNU General Public License for more details.
25 *
26 * This copyright notice MUST APPEAR in all copies of the script!
27 ***************************************************************/
28 /**
29 * Contains class "tx_saltedpasswords_div"
30 * that provides various helper functions.
31 */
32
33 /**
34 * General library class.
35 *
36 * @author Marcus Krause <marcus#exp2009@t3sec.info>
37 * @author Steffen Ritter <info@rs-websystems.de>
38 *
39 * @since 2009-06-14
40 * @package TYPO3
41 * @subpackage tx_saltedpasswords
42 */
43 class tx_saltedpasswords_div {
44 /**
45 * Keeps this extension's key.
46 */
47 const EXTKEY = 'saltedpasswords';
48
49 /**
50 * Calculates number of backend users, who have no saltedpasswords
51 * protection.
52 *
53 * @static
54 * @return int
55 */
56 public static function getNumberOfBackendUsersWithInsecurePassword() {
57 $userCount = $GLOBALS['TYPO3_DB']->exec_SELECTcountRows(
58 '*',
59 'be_users',
60 'password NOT LIKE ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('$%', 'be_users')
61 . ' AND password NOT LIKE ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('M$%', 'be_users')
62 );
63 return $userCount;
64 }
65
66 /**
67 * Returns extension configuration data from $TYPO3_CONF_VARS (configurable in Extension Manager)
68 *
69 * @author Rainer Kuhn <kuhn@punkt.de>
70 * @author Marcus Krause <marcus#exp2009@t3sec.info>
71 *
72 * @param string TYPO3_MODE, wether Configuration for Frontend or Backend should be delivered
73 * @return array extension configuration data
74 */
75 public static function returnExtConf($mode = TYPO3_MODE) {
76 $currentConfiguration = self::returnExtConfDefaults();
77
78 if (isset($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'])) {
79 $extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords']);
80
81 // Merge default configuration with modified configuration:
82 if (isset($extensionConfiguration[$mode . '.'])) {
83 $currentConfiguration = array_merge(
84 $currentConfiguration,
85 $extensionConfiguration[$mode . '.']
86 );
87 }
88 }
89
90 return $currentConfiguration;
91 }
92
93 /**
94 * Hook function for felogin "forgotPassword" functionality
95 * encrypts the new password before storing in database
96 *
97 * @param array $params: Parameter the hook delivers
98 * @param tx_felogin_pi1 $pObj: Parent Object from which the hook is called
99 * @return void
100 *
101 */
102 public function feloginForgotPasswordHook(array &$params, tx_felogin_pi1 $pObj) {
103 if (self::isUsageEnabled('FE')) {
104 $this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance();
105 $params['newPassword'] = $this->objInstanceSaltedPW->getHashedPassword($params['newPassword']);
106 }
107 }
108
109 /**
110 * Returns default configuration of this extension.
111 *
112 * @return array default extension configuration data for localconf.php
113 */
114 public static function returnExtConfDefaults() {
115 return array(
116 'onlyAuthService' => '0',
117 'forceSalted' => '0',
118 'updatePasswd' => '1',
119 'saltedPWHashingMethod' => 'tx_saltedpasswords_salts_phpass',
120 'enabled' => '1',
121 );
122 }
123
124 /**
125 * Function determines the default(=configured) type of
126 * salted hashing method to be used.
127 *
128 * @param string $mode: (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
129 * @return string classname of object to be used
130 */
131 public static function getDefaultSaltingHashingMethod($mode = TYPO3_MODE) {
132
133 $extConf = self::returnExtConf($mode);
134 $classNameToUse = 'tx_saltedpasswords_salts_md5';
135 if (in_array($extConf['saltedPWHashingMethod'], array_keys($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods']))) {
136 $classNameToUse = $extConf['saltedPWHashingMethod'];
137 }
138
139 return $classNameToUse;
140 }
141
142 /**
143 * Returns information if salted password hashes are
144 * indeed used in the TYPO3_MODE.
145 *
146 * @param string $mode: (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
147 * @return boolean TRUE, if salted password hashes are used in the TYPO3_MODE, otherwise FALSE
148 */
149 public static function isUsageEnabled($mode = TYPO3_MODE) {
150 // Login Security Level Recognition
151 $extConf = self::returnExtConf($mode);
152 $securityLevel = $GLOBALS['TYPO3_CONF_VARS'][$mode]['loginSecurityLevel'];
153 if ($mode == 'BE' && $extConf['enabled']) {
154 return (($securityLevel =='normal' && $GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] > 0) || $securityLevel == 'rsa');
155 } elseif ($mode =='FE' && $extConf['enabled']) {
156 return t3lib_div::inList('normal,rsa', $securityLevel);
157 }
158
159 return FALSE;
160 }
161 }
162
163 ?>