[TASK] Use a reference variable to pass $this into hooks
[Packages/TYPO3.CMS.git] / typo3 / sysext / felogin / Classes / Controller / FrontendLoginController.php
1 <?php
2 namespace TYPO3\CMS\Felogin\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Symfony\Component\Mime\Address;
18 use TYPO3\CMS\Core\Authentication\LoginType;
19 use TYPO3\CMS\Core\Context\Context;
20 use TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
21 use TYPO3\CMS\Core\Crypto\Random;
22 use TYPO3\CMS\Core\Database\Connection;
23 use TYPO3\CMS\Core\Database\ConnectionPool;
24 use TYPO3\CMS\Core\Database\Query\Restriction\FrontendRestrictionContainer;
25 use TYPO3\CMS\Core\Mail\MailMessage;
26 use TYPO3\CMS\Core\Session\SessionManager;
27 use TYPO3\CMS\Core\Site\SiteFinder;
28 use TYPO3\CMS\Core\Utility\GeneralUtility;
29 use TYPO3\CMS\Core\Utility\HttpUtility;
30 use TYPO3\CMS\Core\Utility\MailUtility;
31 use TYPO3\CMS\Frontend\Plugin\AbstractPlugin;
32 use TYPO3\CMS\FrontendLogin\Validation\RedirectUrlValidator;
33
34 /**
35 * Plugin 'Website User Login' for the 'felogin' extension.
36 *
37 * @internal this is a concrete TYPO3 implementation and solely used for EXT:felogin and not part of TYPO3's Core API.
38 */
39 class FrontendLoginController extends AbstractPlugin
40 {
41 /**
42 * Same as class name
43 *
44 * @var string
45 */
46 public $prefixId = 'tx_felogin_pi1';
47
48 /**
49 * The extension key.
50 *
51 * @var string
52 */
53 public $extKey = 'felogin';
54
55 /**
56 * Is user logged in?
57 *
58 * @var bool
59 */
60 protected $userIsLoggedIn;
61
62 /**
63 * Holds the template for FE rendering
64 *
65 * @var string
66 */
67 protected $template;
68
69 /**
70 * URL for the redirect
71 *
72 * @var string
73 */
74 protected $redirectUrl = '';
75
76 /**
77 * Flag for disable the redirect
78 *
79 * @var bool
80 */
81 protected $noRedirect = false;
82
83 /**
84 * Logintype (given as GPvar), possible: login, logout
85 *
86 * @var string
87 */
88 protected $logintype;
89
90 /**
91 * A list of page UIDs, either an integer or a comma-separated list of integers
92 *
93 * @var string
94 */
95 public $spid;
96
97 /**
98 * Referrer
99 *
100 * @var string
101 */
102 public $referer;
103
104 /**
105 * @var RedirectUrlValidator
106 */
107 protected $urlValidator;
108
109 /**
110 * The main method of the plugin
111 *
112 * @param string $content The PlugIn content
113 * @param array $conf The PlugIn configuration
114 * @return string The content that is displayed on the website
115 * @throws \RuntimeException when no storage PID was configured.
116 */
117 public function main($content, $conf)
118 {
119 $this->urlValidator = GeneralUtility::makeInstance(
120 RedirectUrlValidator::class,
121 GeneralUtility::makeInstance(SiteFinder::class),
122 (int)$this->frontendController->id
123 );
124
125 // Loading TypoScript array into object variable:
126 $this->conf = $conf;
127 // Loading default pivars
128 $this->pi_setPiVarDefaults();
129 // Loading language-labels
130 $this->pi_loadLL('EXT:felogin/Resources/Private/Language/locallang.xlf');
131 // Init FlexForm configuration for plugin:
132 $this->pi_initPIflexForm();
133 $this->mergeflexFormValuesIntoConf();
134 // Get storage PIDs:
135 if ((bool)($GLOBALS['TYPO3_CONF_VARS']['FE']['checkFeUserPid'] ?? false) === false) {
136 $this->spid = 0;
137 } elseif ($this->conf['storagePid']) {
138 if ((int)$this->conf['recursive']) {
139 $this->spid = $this->pi_getPidList($this->conf['storagePid'], (int)$this->conf['recursive']);
140 } else {
141 $this->spid = $this->conf['storagePid'];
142 }
143 } else {
144 throw new \RuntimeException('No storage folder (option storagePid) for frontend users given.', 1450904202);
145 }
146 // GPvars:
147 $this->logintype = GeneralUtility::_GP('logintype');
148
149 if ($this->urlValidator->isValid((string)GeneralUtility::_GP('referer'))) {
150 $this->referer = GeneralUtility::_GP('referer');
151 } else {
152 $this->referer = '';
153 }
154 $this->noRedirect = $this->piVars['noredirect'] || $this->conf['redirectDisable'];
155 // If config.typolinkLinkAccessRestrictedPages is set, the var is return_url
156 $this->redirectUrl = GeneralUtility::_GP('return_url') ?: (string)GeneralUtility::_GP('redirect_url');
157 $this->redirectUrl = $this->urlValidator->isValid($this->redirectUrl) ? $this->redirectUrl : '';
158 // Get Template
159 $templateFile = $this->conf['templateFile'] ?: 'EXT:felogin/Resources/Private/Templates/FrontendLogin.html';
160 $template = GeneralUtility::getFileAbsFileName($templateFile);
161 if ($template !== '' && file_exists($template)) {
162 $this->template = file_get_contents($template);
163 }
164 // Is user logged in?
165 $this->userIsLoggedIn = GeneralUtility::makeInstance(Context::class)->getPropertyFromAspect('frontend.user', 'isLoggedIn');
166 // Redirect
167 if ($this->conf['redirectMode'] && !$this->conf['redirectDisable'] && !$this->noRedirect) {
168 $redirectUrl = $this->processRedirect();
169 if (!empty($redirectUrl)) {
170 $this->redirectUrl = $this->conf['redirectFirstMethod'] ? array_shift($redirectUrl) : array_pop($redirectUrl);
171 } else {
172 $this->redirectUrl = '';
173 }
174 }
175 // What to display
176 $content = '';
177 if ($this->piVars['forgot'] && $this->conf['showForgotPasswordLink']) {
178 $content .= $this->showForgot();
179 } elseif ($this->piVars['forgothash']) {
180 $content .= $this->changePassword();
181 } else {
182 if ($this->userIsLoggedIn && !$this->logintype) {
183 $content .= $this->showLogout();
184 } else {
185 $content .= $this->showLogin();
186 }
187 }
188 // Process the redirect
189 if (($this->logintype === LoginType::LOGIN || $this->logintype === LoginType::LOGOUT) && $this->redirectUrl && !$this->noRedirect) {
190 if (!$this->frontendController->fe_user->isCookieSet() && $this->userIsLoggedIn) {
191 $content .= $this->cObj->stdWrap($this->pi_getLL('cookie_warning'), $this->conf['cookieWarning_stdWrap.']);
192 } else {
193 // Add hook for extra processing before redirect
194 $_params = [
195 'loginType' => $this->logintype,
196 'redirectUrl' => &$this->redirectUrl
197 ];
198 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'] ?? [] as $_funcRef) {
199 if ($_funcRef) {
200 $ref = $this; // introduced for phpstan to not lose type information when passing $this into callUserFunction
201 GeneralUtility::callUserFunction($_funcRef, $_params, $ref);
202 }
203 }
204 \TYPO3\CMS\Core\Utility\HttpUtility::redirect($this->redirectUrl);
205 }
206 }
207 // Adds hook for processing of extra item markers / special
208 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'] ?? [] as $_funcRef) {
209 $_params = [
210 'content' => $content
211 ];
212 $ref = $this; // introduced for phpstan to not lose type information when passing $this into callUserFunction
213 $content = GeneralUtility::callUserFunction($_funcRef, $_params, $ref);
214 }
215 return $this->conf['wrapContentInBaseClass'] ? $this->pi_wrapInBaseClass($content) : $content;
216 }
217
218 /**
219 * Shows the forgot password form
220 *
221 * @return string Content
222 */
223 protected function showForgot()
224 {
225 $markerArray = [];
226 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_FORGOT###');
227 $subpartArray = ($linkpartArray = []);
228 $postData = GeneralUtility::_POST($this->prefixId);
229 if ($postData['forgot_email']) {
230 // Get hashes for compare
231 $postedHash = $postData['forgot_hash'];
232 $hashData = $this->frontendController->fe_user->getKey('ses', 'forgot_hash');
233 if ($postedHash === $hashData['forgot_hash']) {
234 $userTable = $this->frontendController->fe_user->user_table;
235 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
236 $queryBuilder->setRestrictions(GeneralUtility::makeInstance(FrontendRestrictionContainer::class));
237 $row = $queryBuilder
238 ->select('*')
239 ->from($userTable)
240 ->where(
241 $queryBuilder->expr()->orX(
242 $queryBuilder->expr()->eq(
243 'email',
244 $queryBuilder->createNamedParameter($this->piVars['forgot_email'], \PDO::PARAM_STR)
245 ),
246 $queryBuilder->expr()->eq(
247 'username',
248 $queryBuilder->createNamedParameter($this->piVars['forgot_email'], \PDO::PARAM_STR)
249 )
250 ),
251 $queryBuilder->expr()->in(
252 'pid',
253 $queryBuilder->createNamedParameter(
254 GeneralUtility::intExplode(',', $this->spid),
255 Connection::PARAM_INT_ARRAY
256 )
257 )
258 )
259 ->execute()
260 ->fetch();
261
262 $error = null;
263 if ($row) {
264 // Generate an email with the hashed link
265 $error = $this->generateAndSendHash($row);
266 } elseif ($this->conf['exposeNonexistentUserInForgotPasswordDialog']) {
267 $error = $this->pi_getLL('forgot_reset_message_error');
268 }
269 // Generate message
270 if ($error) {
271 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($error, $this->conf['forgotErrorMessage_stdWrap.']);
272 } else {
273 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap(
274 $this->pi_getLL('forgot_reset_message_emailSent'),
275 $this->conf['forgotResetMessageEmailSentMessage_stdWrap.']
276 );
277 }
278 $subpartArray['###FORGOT_FORM###'] = '';
279 } else {
280 // Wrong email
281 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
282 $markerArray['###BACKLINK_LOGIN###'] = '';
283 }
284 } else {
285 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
286 $markerArray['###BACKLINK_LOGIN###'] = '';
287 }
288 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(htmlspecialchars($this->pi_getLL('forgot_header_backToLogin')), []);
289 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('forgot_header', $this->conf['forgotHeader_stdWrap.']);
290 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('legend', $this->pi_getLL('reset_password')));
291 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [$this->prefixId . '[forgot]' => 1], true);
292 $markerArray['###EMAIL_LABEL###'] = htmlspecialchars($this->pi_getLL('your_email'));
293 $markerArray['###FORGOT_PASSWORD_ENTEREMAIL###'] = htmlspecialchars($this->pi_getLL('forgot_password_enterEmail'));
294 $markerArray['###FORGOT_EMAIL###'] = $this->prefixId . '[forgot_email]';
295 $markerArray['###SEND_PASSWORD###'] = htmlspecialchars($this->pi_getLL('reset_password'));
296 $markerArray['###DATA_LABEL###'] = htmlspecialchars($this->pi_getLL('enter_your_data'));
297 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
298 // Generate hash
299 $hash = md5($this->generatePassword(3));
300 $markerArray['###FORGOTHASH###'] = $hash;
301 // Set hash in feuser session
302 $this->frontendController->fe_user->setKey('ses', 'forgot_hash', ['forgot_hash' => $hash]);
303 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
304 }
305
306 /**
307 * This function checks the hash from link and checks the validity. If it's valid it shows the form for
308 * changing the password and process the change of password after submit, if not valid it returns the error message
309 *
310 * @return string The content.
311 */
312 protected function changePassword()
313 {
314 $markerArray = [];
315 $subpartArray = ($linkpartArray = []);
316 $done = false;
317 $minLength = (int)$this->conf['newPasswordMinLength'] ?: 6;
318 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_CHANGEPASSWORD###');
319 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('change_password_header', $this->conf['changePasswordHeader_stdWrap.']);
320 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
321 'change_password_message',
322 $this->conf['changePasswordMessage_stdWrap.']
323 ), $minLength);
324
325 $markerArray['###BACKLINK_LOGIN###'] = '';
326 $uid = $this->piVars['user'];
327 $piHash = $this->piVars['forgothash'];
328 $hash = explode('|', rawurldecode($piHash));
329 if ((int)$uid === 0) {
330 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
331 'change_password_notvalid_message',
332 $this->conf['changePasswordNotValidMessage_stdWrap.']
333 );
334 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
335 } else {
336 $user = $this->pi_getRecord('fe_users', (int)$uid);
337 $userHash = $user['felogin_forgotHash'];
338 $compareHash = explode('|', $userHash);
339 if (strlen($compareHash[1]) === 40) {
340 $hashEquals = hash_equals($compareHash[1], GeneralUtility::hmac((string)$hash[1]));
341 } else {
342 // backward-compatibility for previous MD5 hashes
343 $hashEquals = hash_equals($compareHash[1], md5($hash[1]));
344 }
345 if (!$compareHash || !$compareHash[1] || $compareHash[0] < time() || !hash_equals($compareHash[0], $hash[0]) || !$hashEquals) {
346 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
347 'change_password_notvalid_message',
348 $this->conf['changePasswordNotValidMessage_stdWrap.']
349 );
350 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
351 } else {
352 // All is fine, continue with new password
353 $postData = GeneralUtility::_POST($this->prefixId);
354 if (isset($postData['changepasswordsubmit'])) {
355 if (strlen($postData['password1']) < $minLength) {
356 $markerArray['###STATUS_MESSAGE###'] = sprintf(
357 $this->getDisplayText(
358 'change_password_tooshort_message',
359 $this->conf['changePasswordTooShortMessage_stdWrap.']
360 ),
361 $minLength
362 );
363 } elseif ($postData['password1'] != $postData['password2']) {
364 $markerArray['###STATUS_MESSAGE###'] = sprintf(
365 $this->getDisplayText(
366 'change_password_notequal_message',
367 $this->conf['changePasswordNotEqualMessage_stdWrap.']
368 ),
369 $minLength
370 );
371 } else {
372 // Hash password using configured salted passwords hash mechanism for FE
373 $hashInstance = GeneralUtility::makeInstance(PasswordHashFactory::class)->getDefaultHashInstance('FE');
374 $newPass = $hashInstance->getHashedPassword($postData['password1']);
375
376 // Call a hook for further password processing
377 $hookPasswordValid = true;
378 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
379 $_params = [
380 'user' => $user,
381 'newPassword' => $newPass,
382 'newPasswordUnencrypted' => $postData['password1'],
383 'passwordValid' => true,
384 'passwordInvalidMessage' => '',
385 ];
386 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
387 if ($_funcRef) {
388 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
389 }
390 }
391 $newPass = $_params['newPassword'];
392 $hookPasswordValid = $_params['passwordValid'];
393
394 if (!$hookPasswordValid) {
395 $markerArray['###STATUS_MESSAGE###'] = $_params['passwordInvalidMessage'];
396 }
397 }
398
399 // Change Password only if Hook returns valid
400 if ($hookPasswordValid) {
401 // Save new password and clear DB-hash
402 $userTable = $this->frontendController->fe_user->user_table;
403 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
404 $queryBuilder->getRestrictions()->removeAll();
405 $queryBuilder->update($userTable)
406 ->set('password', $newPass)
407 ->set('felogin_forgotHash', '')
408 ->set('tstamp', (int)$GLOBALS['EXEC_TIME'])
409 ->where(
410 $queryBuilder->expr()->eq(
411 'uid',
412 $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT)
413 )
414 )
415 ->execute();
416 $this->invalidateUserSessions((int)$user['uid']);
417
418 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
419 'change_password_done_message',
420 $this->conf['changePasswordDoneMessage_stdWrap.']
421 );
422 $done = true;
423 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
424 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(
425 htmlspecialchars($this->pi_getLL('forgot_header_backToLogin')),
426 [$this->prefixId . '[redirectReferrer]' => 'off']
427 );
428 }
429 }
430 }
431 if (!$done) {
432 // Change password form
433 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [
434 $this->prefixId . '[user]' => $user['uid'],
435 $this->prefixId . '[forgothash]' => $piHash
436 ], true);
437 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('change_password'));
438 $markerArray['###NEWPASSWORD1_LABEL###'] = htmlspecialchars($this->pi_getLL('newpassword_label1'));
439 $markerArray['###NEWPASSWORD2_LABEL###'] = htmlspecialchars($this->pi_getLL('newpassword_label2'));
440 $markerArray['###NEWPASSWORD1###'] = $this->prefixId . '[password1]';
441 $markerArray['###NEWPASSWORD2###'] = $this->prefixId . '[password2]';
442 $markerArray['###STORAGE_PID###'] = $this->spid;
443 $markerArray['###SEND_PASSWORD###'] = htmlspecialchars($this->pi_getLL('change_password'));
444 $markerArray['###FORGOTHASH###'] = $piHash;
445 }
446 }
447 }
448 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
449 }
450
451 /**
452 * Generates a hashed link and send it with email
453 *
454 * @param array $user Contains user data
455 * @return string Empty string with success, error message with no success
456 */
457 protected function generateAndSendHash($user)
458 {
459 $hours = (int)$this->conf['forgotLinkHashValidTime'] > 0 ? (int)$this->conf['forgotLinkHashValidTime'] : 24;
460 $validEnd = time() + 3600 * $hours;
461 $validEndString = date($this->conf['dateFormat'], $validEnd);
462 $hash = md5(GeneralUtility::makeInstance(Random::class)->generateRandomBytes(64));
463 $randHash = $validEnd . '|' . $hash;
464 $randHashDB = $validEnd . '|' . GeneralUtility::hmac($hash);
465
466 // Write hash to DB
467 $userTable = $this->frontendController->fe_user->user_table;
468 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
469 $queryBuilder->getRestrictions()->removeAll();
470 $queryBuilder->update($userTable)
471 ->set('felogin_forgotHash', $randHashDB)
472 ->where(
473 $queryBuilder->expr()->eq(
474 'uid',
475 $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT)
476 )
477 )
478 ->execute();
479
480 // Send hashlink to user
481 $this->conf['linkPrefix'] = -1;
482 $isAbsRefPrefix = !empty($this->frontendController->absRefPrefix);
483 $isBaseURL = !empty($this->frontendController->baseUrl);
484 $isFeloginBaseURL = !empty($this->conf['feloginBaseURL']);
485 $link = $this->pi_getPageLink($this->frontendController->id, '', [
486 $this->prefixId . '[user]' => $user['uid'],
487 $this->prefixId . '[forgothash]' => $randHash
488 ]);
489 // Prefix link if necessary
490 if ($isFeloginBaseURL) {
491 // First priority, use specific base URL
492 // "absRefPrefix" must be removed first, otherwise URL will be prepended twice
493 if ($isAbsRefPrefix) {
494 $link = substr($link, strlen($this->frontendController->absRefPrefix));
495 }
496 $link = $this->conf['feloginBaseURL'] . $link;
497 } elseif ($isAbsRefPrefix) {
498 // Second priority
499 // absRefPrefix must not necessarily contain a hostname and URL scheme, so add it if needed
500 $link = GeneralUtility::locationHeaderUrl($link);
501 } elseif ($isBaseURL) {
502 // Third priority
503 // Add the global base URL to the link
504 $link = $this->frontendController->baseUrlWrap($link);
505 } else {
506 // No prefix is set, return the error
507 return $this->pi_getLL('change_password_nolinkprefix_message');
508 }
509 $msg = sprintf($this->pi_getLL('forgot_validate_reset_password'), $user['username'], $link, $validEndString);
510 // Add hook for extra processing of mail message
511 $params = [
512 'message' => &$msg,
513 'user' => &$user
514 ];
515 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'] ?? [] as $reference) {
516 if ($reference) {
517 GeneralUtility::callUserFunction($reference, $params, $this);
518 }
519 }
520 if ($user['email']) {
521 $this->sendMail($msg, $user['email'], '', $this->conf['email_from'] ?? '', $this->conf['email_fromName'] ?? '', $this->conf['replyTo'] ?? '');
522 }
523
524 return '';
525 }
526
527 /**
528 * Shows logout form
529 *
530 * @return string The content.
531 */
532 protected function showLogout()
533 {
534 $markerArray = [];
535 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_LOGOUT###');
536 $subpartArray = ($linkpartArray = []);
537 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('status_header', $this->conf['logoutHeader_stdWrap.']);
538 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('status_message', $this->conf['logoutMessage_stdWrap.']);
539 $this->cObj->stdWrap($this->flexFormValue('message', 's_status'), $this->conf['logoutMessage_stdWrap.']);
540 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('logout'));
541 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [], true);
542 $markerArray['###LOGOUT_LABEL###'] = htmlspecialchars($this->pi_getLL('logout'));
543 $markerArray['###NAME###'] = htmlspecialchars($this->frontendController->fe_user->user['name']);
544 $markerArray['###STORAGE_PID###'] = $this->spid;
545 $markerArray['###USERNAME###'] = htmlspecialchars($this->frontendController->fe_user->user['username']);
546 $markerArray['###USERNAME_LABEL###'] = htmlspecialchars($this->pi_getLL('username'));
547 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
548 $markerArray['###PREFIXID###'] = $this->prefixId;
549 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
550 if ($this->redirectUrl) {
551 // Use redirectUrl for action tag because of possible access restricted pages
552 $markerArray['###ACTION_URI###'] = htmlspecialchars($this->redirectUrl);
553 $this->redirectUrl = '';
554 }
555 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
556 }
557
558 /**
559 * Shows login form
560 *
561 * @return string Content
562 */
563 protected function showLogin()
564 {
565 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_LOGIN###');
566 $subpartArray = ($linkpartArray = ($markerArray = []));
567 $gpRedirectUrl = '';
568 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('oLabel_header_welcome'));
569 if ($this->logintype === LoginType::LOGIN) {
570 if ($this->userIsLoggedIn) {
571 // login success
572 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('success_header', $this->conf['successHeader_stdWrap.']);
573 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('success_message', $this->conf['successMessage_stdWrap.']);
574 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
575 $subpartArray['###LOGIN_FORM###'] = '';
576 // Hook for general actions after after login has been confirmed (by Thomas Danzl <thomas@danzl.org>)
577 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed'] ?? [] as $_funcRef) {
578 $_params = [];
579 if ($_funcRef) {
580 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
581 }
582 }
583 // show logout form directly
584 if ($this->conf['showLogoutFormAfterLogin']) {
585 $this->redirectUrl = '';
586 return $this->showLogout();
587 }
588 } else {
589 // Hook for general actions on login error
590 $params = [];
591 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'] ?? [] as $funcRef) {
592 if ($funcRef) {
593 GeneralUtility::callUserFunction($funcRef, $params, $this);
594 }
595 }
596 // login error
597 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('error_header', $this->conf['errorHeader_stdWrap.']);
598 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('error_message', $this->conf['errorMessage_stdWrap.']);
599 $gpRedirectUrl = GeneralUtility::_GP('redirect_url');
600 }
601 } else {
602 if ($this->logintype === LoginType::LOGOUT) {
603 // login form after logout
604 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('logout_header', $this->conf['logoutHeader_stdWrap.']);
605 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('logout_message', $this->conf['logoutMessage_stdWrap.']);
606 } else {
607 // login form
608 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('welcome_header', $this->conf['welcomeHeader_stdWrap.']);
609 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('welcome_message', $this->conf['welcomeMessage_stdWrap.']);
610 }
611 }
612
613 // This hook allows to call User JS functions.
614 // The methods should also set the required JS functions to get included
615 $onSubmit = '';
616 $extraHidden = '';
617 $onSubmitAr = [];
618 $extraHiddenAr = [];
619 // Check for referer redirect method. if present, save referer in form field
620 if (GeneralUtility::inList($this->conf['redirectMode'], 'referer') || GeneralUtility::inList($this->conf['redirectMode'], 'refererDomains')) {
621 $referer = $this->referer ?: GeneralUtility::getIndpEnv('HTTP_REFERER');
622 if ($referer) {
623 $extraHiddenAr[] = '<input type="hidden" name="referer" value="' . htmlspecialchars($referer) . '" />';
624 if ($this->piVars['redirectReferrer'] === 'off') {
625 $extraHiddenAr[] = '<input type="hidden" name="' . $this->prefixId . '[redirectReferrer]" value="off" />';
626 }
627 }
628 }
629 $_params = [];
630 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] ?? [] as $funcRef) {
631 [$onSub, $hid] = GeneralUtility::callUserFunction($funcRef, $_params, $this);
632 $onSubmitAr[] = $onSub;
633 $extraHiddenAr[] = $hid;
634 }
635 if (!empty($onSubmitAr)) {
636 $onSubmit = implode('; ', $onSubmitAr) . '; return true;';
637 }
638 if (!empty($extraHiddenAr)) {
639 $extraHidden = implode(LF, $extraHiddenAr);
640 }
641 if (!$gpRedirectUrl && $this->redirectUrl) {
642 $gpRedirectUrl = $this->redirectUrl;
643 }
644 // Login form
645 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [], true);
646 // Used by kb_md5fepw extension...
647 $markerArray['###EXTRA_HIDDEN###'] = $extraHidden;
648 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('login'));
649 $markerArray['###LOGIN_LABEL###'] = htmlspecialchars($this->pi_getLL('login'));
650 // Used by kb_md5fepw extension...
651 $markerArray['###ON_SUBMIT###'] = $onSubmit;
652 $markerArray['###PASSWORD_LABEL###'] = htmlspecialchars($this->pi_getLL('password'));
653 $markerArray['###STORAGE_PID###'] = $this->spid;
654 $markerArray['###USERNAME_LABEL###'] = htmlspecialchars($this->pi_getLL('username'));
655 $markerArray['###REDIRECT_URL###'] = htmlspecialchars($gpRedirectUrl);
656 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
657 $markerArray['###PREFIXID###'] = $this->prefixId;
658 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
659 if ($this->conf['showForgotPasswordLink']) {
660 $linkpartArray['###FORGOT_PASSWORD_LINK###'] = explode('|', $this->getPageLink('|', [$this->prefixId . '[forgot]' => 1]));
661 $markerArray['###FORGOT_PASSWORD###'] = htmlspecialchars($this->pi_getLL('forgot_header'));
662 } else {
663 $subpartArray['###FORGOTP_VALID###'] = '';
664 }
665 // The permanent login checkbox should only be shown if permalogin is not deactivated (-1),
666 // not forced to be always active (2) and lifetime is greater than 0
667 $permalogin = (int)$GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'];
668 if (
669 $this->conf['showPermaLogin']
670 && ($permalogin === 0 || $permalogin === 1)
671 && $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'] > 0
672 ) {
673 $markerArray['###PERMALOGIN###'] = htmlspecialchars($this->pi_getLL('permalogin'));
674 if ($permalogin === 1) {
675 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = 'disabled="disabled"';
676 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = 'checked="checked"';
677 } else {
678 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = '';
679 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = '';
680 }
681 } else {
682 $subpartArray['###PERMALOGIN_VALID###'] = '';
683 }
684 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
685 }
686
687 /**
688 * Process redirect methods. The function searches for a redirect url using all configured methods.
689 *
690 * @return array Redirect URLs
691 */
692 protected function processRedirect()
693 {
694 $redirect_url = [];
695 if ($this->conf['redirectMode']) {
696 $redirectMethods = GeneralUtility::trimExplode(',', $this->conf['redirectMode'], true);
697 foreach ($redirectMethods as $redirMethod) {
698 if ($this->userIsLoggedIn && $this->logintype === LoginType::LOGIN) {
699 // Logintype is needed because the login-page wouldn't be accessible anymore after a login (would always redirect)
700 switch ($redirMethod) {
701 case 'groupLogin':
702 // taken from dkd_redirect_at_login written by Ingmar Schlecht; database-field changed
703 $groupData = $this->frontendController->fe_user->groupData;
704 if (!empty($groupData['uid'])) {
705
706 // take the first group with a redirect page
707 $userGroupTable = $this->frontendController->fe_user->usergroup_table;
708 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userGroupTable);
709 $queryBuilder->getRestrictions()->removeAll();
710 $row = $queryBuilder
711 ->select('felogin_redirectPid')
712 ->from($userGroupTable)
713 ->where(
714 $queryBuilder->expr()->neq(
715 'felogin_redirectPid',
716 $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)
717 ),
718 $queryBuilder->expr()->in(
719 'uid',
720 $queryBuilder->createNamedParameter(
721 $groupData['uid'],
722 Connection::PARAM_INT_ARRAY
723 )
724 )
725 )
726 ->execute()
727 ->fetch();
728
729 if ($row) {
730 $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
731 }
732 }
733 break;
734 case 'userLogin':
735
736 $userTable = $this->frontendController->fe_user->user_table;
737 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
738 $queryBuilder->getRestrictions()->removeAll();
739 $row = $queryBuilder
740 ->select('felogin_redirectPid')
741 ->from($userTable)
742 ->where(
743 $queryBuilder->expr()->neq(
744 'felogin_redirectPid',
745 $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)
746 ),
747 $queryBuilder->expr()->eq(
748 $this->frontendController->fe_user->userid_column,
749 $queryBuilder->createNamedParameter(
750 $this->frontendController->fe_user->user['uid'],
751 \PDO::PARAM_INT
752 )
753 )
754 )
755 ->execute()
756 ->fetch();
757
758 if ($row) {
759 $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
760 }
761
762 break;
763 case 'login':
764 if ($this->conf['redirectPageLogin']) {
765 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogin']);
766 }
767 break;
768 case 'getpost':
769 $redirect_url[] = $this->redirectUrl;
770 break;
771 case 'referer':
772 // Avoid redirect when logging in after changing password
773 if ($this->piVars['redirectReferrer'] !== 'off') {
774 // Avoid forced logout, when trying to login immediately after a logout
775 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $this->referer);
776 }
777 break;
778 case 'refererDomains':
779 // Auto redirect.
780 // Feature to redirect to the page where the user came from (HTTP_REFERER).
781 // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
782 // Thanks to plan2.net / Martin Kutschker for implementing this feature.
783 // also avoid redirect when logging in after changing password
784 if (isset($this->conf['domains']) && $this->conf['domains']
785 && (!isset($this->piVars['redirectReferrer']) || $this->piVars['redirectReferrer'] !== 'off')
786 ) {
787 $url = $this->referer;
788 // Is referring url allowed to redirect?
789 $match = [];
790 if (preg_match('#^http://([[:alnum:]._-]+)/#', $url, $match)) {
791 $redirect_domain = $match[1];
792 $found = false;
793 foreach (GeneralUtility::trimExplode(',', $this->conf['domains'], true) as $d) {
794 if (preg_match('/(?:^|\\.)' . $d . '$/', $redirect_domain)) {
795 $found = true;
796 break;
797 }
798 }
799 if (!$found) {
800 $url = '';
801 }
802 }
803 // Avoid forced logout, when trying to login immediately after a logout
804 if ($url) {
805 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url);
806 }
807 }
808 break;
809 }
810 } elseif ($this->logintype === LoginType::LOGIN) {
811 // after login-error
812 switch ($redirMethod) {
813 case 'loginError':
814 if ($this->conf['redirectPageLoginError']) {
815 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLoginError']);
816 }
817 break;
818 }
819 } elseif ($this->logintype == '' && $redirMethod === 'login' && $this->conf['redirectPageLogin']) {
820 // If login and page not accessible
821 $this->cObj->typoLink('', [
822 'parameter' => $this->conf['redirectPageLogin'],
823 'linkAccessRestrictedPages' => true
824 ]);
825 $redirect_url[] = $this->cObj->lastTypoLinkUrl;
826 } elseif ($this->logintype == '' && $redirMethod === 'logout' && $this->conf['redirectPageLogout'] && $this->userIsLoggedIn) {
827 // If logout and page not accessible
828 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
829 } elseif ($this->logintype === LoginType::LOGOUT) {
830 // after logout
831 // Hook for general actions after after logout has been confirmed
832 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed'] ?? [] as $_funcRef) {
833 $_params = [];
834 if ($_funcRef) {
835 $ref = $this; // introduced for phpstan to not lose type information when passing $this into callUserFunction
836 GeneralUtility::callUserFunction($_funcRef, $_params, $ref);
837 }
838 }
839 switch ($redirMethod) {
840 case 'logout':
841 if ($this->conf['redirectPageLogout']) {
842 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
843 }
844 break;
845 }
846 } else {
847 // not logged in
848 // Placeholder for maybe future options
849 switch ($redirMethod) {
850 case 'getpost':
851 // Preserve the get/post value
852 $redirect_url[] = $this->redirectUrl;
853 break;
854 }
855 }
856 }
857 }
858 // Remove empty values, but keep "0" as value (that's why "strlen" is used as second parameter)
859 if (!empty($redirect_url)) {
860 return array_filter($redirect_url, 'strlen');
861 }
862 return [];
863 }
864
865 /**
866 * Reads flexform configuration and merge it with $this->conf
867 */
868 protected function mergeflexFormValuesIntoConf()
869 {
870 $flex = [];
871 if ($this->flexFormValue('showForgotPassword', 'sDEF')) {
872 $flex['showForgotPasswordLink'] = $this->flexFormValue('showForgotPassword', 'sDEF');
873 }
874 if ($this->flexFormValue('showPermaLogin', 'sDEF')) {
875 $flex['showPermaLogin'] = $this->flexFormValue('showPermaLogin', 'sDEF');
876 }
877 if ($this->flexFormValue('showLogoutFormAfterLogin', 'sDEF')) {
878 $flex['showLogoutFormAfterLogin'] = $this->flexFormValue('showLogoutFormAfterLogin', 'sDEF');
879 }
880 if ($this->flexFormValue('pages', 'sDEF')) {
881 $flex['pages'] = $this->flexFormValue('pages', 'sDEF');
882 }
883 if ($this->flexFormValue('recursive', 'sDEF')) {
884 $flex['recursive'] = $this->flexFormValue('recursive', 'sDEF');
885 }
886 if ($this->flexFormValue('redirectMode', 's_redirect')) {
887 $flex['redirectMode'] = $this->flexFormValue('redirectMode', 's_redirect');
888 }
889 if ($this->flexFormValue('redirectFirstMethod', 's_redirect')) {
890 $flex['redirectFirstMethod'] = $this->flexFormValue('redirectFirstMethod', 's_redirect');
891 }
892 if ($this->flexFormValue('redirectDisable', 's_redirect')) {
893 $flex['redirectDisable'] = $this->flexFormValue('redirectDisable', 's_redirect');
894 }
895 if ($this->flexFormValue('redirectPageLogin', 's_redirect')) {
896 $flex['redirectPageLogin'] = $this->flexFormValue('redirectPageLogin', 's_redirect');
897 }
898 if ($this->flexFormValue('redirectPageLoginError', 's_redirect')) {
899 $flex['redirectPageLoginError'] = $this->flexFormValue('redirectPageLoginError', 's_redirect');
900 }
901 if ($this->flexFormValue('redirectPageLogout', 's_redirect')) {
902 $flex['redirectPageLogout'] = $this->flexFormValue('redirectPageLogout', 's_redirect');
903 }
904 $pid = $flex['pages'] ? $this->pi_getPidList($flex['pages'], $flex['recursive']) : 0;
905 if ($pid > 0) {
906 $flex['storagePid'] = $pid;
907 }
908 $this->conf = array_merge($this->conf, $flex);
909 }
910
911 /**
912 * Loads a variable from the flexform
913 *
914 * @param string $var Name of variable
915 * @param string $sheet Name of sheet
916 * @return string Value of var
917 */
918 protected function flexFormValue($var, $sheet)
919 {
920 return $this->pi_getFFvalue($this->cObj->data['pi_flexform'], 'settings.' . $var, $sheet);
921 }
922
923 /**
924 * Generate link with typolink function
925 *
926 * @param string $label Linktext
927 * @param array $piVars Link vars
928 * @param bool $returnUrl TRUE: returns only url FALSE (default) returns the link)
929 * @return string Link or url
930 */
931 protected function getPageLink($label, $piVars, $returnUrl = false)
932 {
933 $additionalParams = is_array($piVars) && !empty($piVars) ? $piVars : [];
934 // Should GETvars be preserved?
935 if ($this->conf['preserveGETvars']) {
936 $additionalParams = array_merge_recursive($additionalParams, $this->getPreserveGetVars());
937 }
938 $this->conf['linkConfig.']['parameter'] = $this->frontendController->id;
939 if (!empty($additionalParams)) {
940 $this->conf['linkConfig.']['additionalParams'] = HttpUtility::buildQueryString($additionalParams, '&');
941 }
942 if ($returnUrl) {
943 return htmlspecialchars($this->cObj->typoLink_URL($this->conf['linkConfig.']));
944 }
945 return $this->cObj->typoLink($label, $this->conf['linkConfig.']);
946 }
947
948 /**
949 * Add additional parameters for links according to TS setting preserveGETvars.
950 * Possible values are "all" or a comma separated list of allowed GET-vars.
951 * Supports multi-dimensional GET-vars.
952 * Some hardcoded values are dropped.
953 *
954 * @return array additionalParams-array
955 */
956 protected function getPreserveGetVars()
957 {
958 $getVars = GeneralUtility::_GET();
959 unset(
960 $getVars['id'],
961 $getVars['no_cache'],
962 $getVars['logintype'],
963 $getVars['redirect_url'],
964 $getVars['cHash'],
965 $getVars[$this->prefixId]
966 );
967 if ($this->conf['preserveGETvars'] === 'all') {
968 $preserveQueryParts = $getVars;
969 } else {
970 $preserveQueryStringProperties = GeneralUtility::trimExplode(',', $this->conf['preserveGETvars']);
971 $preserveQueryParts = [];
972 parse_str(implode('=1&', $preserveQueryStringProperties) . '=1', $preserveQueryParts);
973 $preserveQueryParts = \TYPO3\CMS\Core\Utility\ArrayUtility::intersectRecursive($getVars, $preserveQueryParts);
974 }
975 return $preserveQueryParts;
976 }
977
978 /**
979 * Is used by forgot password - function with md5 option.
980 * @param int $len Length of new password
981 * @return string New password
982 */
983 protected function generatePassword($len)
984 {
985 $pass = '';
986 while ($len--) {
987 $char = random_int(0, 35);
988 if ($char < 10) {
989 $pass .= '' . $char;
990 } else {
991 $pass .= chr($char - 10 + 97);
992 }
993 }
994 return $pass;
995 }
996
997 /**
998 * Returns the header / message value from flexform if present, else from locallang.xlf
999 *
1000 * @param string $label label name
1001 * @param array $stdWrapArray TS stdWrap array
1002 * @return string label text
1003 */
1004 protected function getDisplayText($label, $stdWrapArray = [])
1005 {
1006 $text = $this->flexFormValue($label, 's_messages') ? $this->cObj->stdWrap($this->flexFormValue($label, 's_messages'), $stdWrapArray) : $this->cObj->stdWrap($this->pi_getLL($label), $stdWrapArray);
1007 $replace = $this->getUserFieldMarkers();
1008 return strtr($text, $replace);
1009 }
1010
1011 /**
1012 * Returns Array of markers filled with user fields
1013 *
1014 * @return array Marker array
1015 */
1016 protected function getUserFieldMarkers()
1017 {
1018 $marker = [];
1019 // replace markers with fe_user data
1020 if ($this->frontendController->fe_user->user) {
1021 // All fields of fe_user will be replaced, scheme is ###FEUSER_FIELDNAME###
1022 foreach ($this->frontendController->fe_user->user as $field => $value) {
1023 $conf = $this->conf['userfields.'][$field . '.'] ?? [];
1024 $conf = array_replace_recursive(['htmlSpecialChars' => '1'], $conf);
1025 $marker['###FEUSER_' . strtoupper($field) . '###'] = $this->cObj->stdWrap($value, $conf);
1026 }
1027 // Add ###USER### for compatibility
1028 $marker['###USER###'] = $marker['###FEUSER_USERNAME###'];
1029 }
1030 return $marker;
1031 }
1032
1033 /**
1034 * Invalidate all frontend user sessions by given user id
1035 *
1036 * @param int $userId the user UID
1037 */
1038 protected function invalidateUserSessions(int $userId)
1039 {
1040 $sessionManager = GeneralUtility::makeInstance(SessionManager::class);
1041 $sessionBackend = $sessionManager->getSessionBackend('FE');
1042 $sessionManager->invalidateAllSessionsByUserId($sessionBackend, $userId, $this->frontendController->fe_user);
1043 }
1044
1045 /**
1046 * Sends "forgot password" mail
1047 *
1048 * @param string $message The message content. If blank, no email is sent.
1049 * @param string $recipients Comma list of recipient email addresses
1050 * @param string $cc Email address of recipient of an extra mail. The same mail will be sent ONCE more; not using a CC header but sending twice.
1051 * @param string $senderAddress "From" email address
1052 * @param string $senderName Optional "From" name
1053 * @param string $replyTo Optional "Reply-To" header email address.
1054 * @return bool Returns TRUE if sent
1055 */
1056 protected function sendMail(string $message, string $recipients, string $cc, string $senderAddress, string $senderName = '', string $replyTo = ''): bool
1057 {
1058 if (trim($message) === '') {
1059 return false;
1060 }
1061
1062 $mail = GeneralUtility::makeInstance(MailMessage::class);
1063 $senderName = trim($senderName);
1064 $senderAddress = trim($senderAddress);
1065 if ($senderAddress !== '') {
1066 $mail->from(new Address($senderAddress, $senderName));
1067 }
1068 $parsedReplyTo = MailUtility::parseAddresses($replyTo);
1069 if (!empty($parsedReplyTo)) {
1070 $mail->replyTo($parsedReplyTo);
1071 }
1072 // First line is subject
1073 $messageParts = explode(LF, trim($message), 2);
1074 $subject = trim($messageParts[0]);
1075 $plainMessage = trim($messageParts[1]);
1076 $parsedRecipients = MailUtility::parseAddresses($recipients);
1077 if (!empty($parsedRecipients)) {
1078 $mail->to(...$parsedRecipients)
1079 ->subject($subject)
1080 ->text($plainMessage);
1081 $mail->send();
1082 }
1083 $parsedCc = MailUtility::parseAddresses($cc);
1084 if (!empty($parsedCc)) {
1085 $from = $mail->getFrom();
1086 /** @var MailMessage $mail */
1087 $mail = GeneralUtility::makeInstance(MailMessage::class);
1088 if (!empty($parsedReplyTo)) {
1089 $mail->replyTo($parsedReplyTo);
1090 }
1091 $mail->from($from)
1092 ->to(...$parsedCc)
1093 ->subject($subject)
1094 ->text($plainMessage);
1095 $mail->send();
1096 }
1097 return true;
1098 }
1099 }