13bc4c5190dbf10af41cce44360edf1d81f86b88
[Packages/TYPO3.CMS.git] / typo3 / sysext / setup / Classes / Controller / SetupModuleController.php
1 <?php
2 namespace TYPO3\CMS\Setup\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
19 use TYPO3\CMS\Backend\Backend\Avatar\DefaultAvatarProvider;
20 use TYPO3\CMS\Backend\Module\ModuleLoader;
21 use TYPO3\CMS\Backend\Routing\UriBuilder;
22 use TYPO3\CMS\Backend\Template\ModuleTemplate;
23 use TYPO3\CMS\Backend\Utility\BackendUtility;
24 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
25 use TYPO3\CMS\Core\Compatibility\PublicPropertyDeprecationTrait;
26 use TYPO3\CMS\Core\Core\Environment;
27 use TYPO3\CMS\Core\Database\ConnectionPool;
28 use TYPO3\CMS\Core\DataHandling\DataHandler;
29 use TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
30 use TYPO3\CMS\Core\Http\HtmlResponse;
31 use TYPO3\CMS\Core\Imaging\Icon;
32 use TYPO3\CMS\Core\Imaging\IconFactory;
33 use TYPO3\CMS\Core\Localization\Locales;
34 use TYPO3\CMS\Core\Messaging\FlashMessage;
35 use TYPO3\CMS\Core\Messaging\FlashMessageService;
36 use TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException;
37 use TYPO3\CMS\Core\Resource\ResourceFactory;
38 use TYPO3\CMS\Core\Utility\GeneralUtility;
39 use TYPO3\CMS\Saltedpasswords\Exception\InvalidSaltException;
40 use TYPO3\CMS\Saltedpasswords\Salt\SaltFactory;
41
42 /**
43 * Script class for the Setup module
44 */
45 class SetupModuleController
46 {
47 use PublicPropertyDeprecationTrait;
48
49 /**
50 * Flag if password has not been updated
51 */
52 const PASSWORD_NOT_UPDATED = 0;
53
54 /**
55 * Flag if password has been updated
56 */
57 const PASSWORD_UPDATED = 1;
58
59 /**
60 * Flag if both new passwords do not match
61 */
62 const PASSWORD_NOT_THE_SAME = 2;
63
64 /**
65 * Flag if the current password given was not identical to the real
66 * current password
67 */
68 const PASSWORD_OLD_WRONG = 3;
69
70 /**
71 * Properties which have been moved to protected status from public
72 *
73 * @var array
74 */
75 protected $deprecatedPublicProperties = [
76 'OLD_BE_USER' => 'Using $OLD_BE_USER of class SetupModuleController from the outside is discouraged, the variable will be removed.',
77 'MOD_MENU' => 'Using $MOD_MENU of class SetupModuleController from the outside is discouraged, the variable will be removed.',
78 'MOD_SETTINGS' => 'Using $MOD_SETTINGS of class SetupModuleController from the outside is discouraged, the variable will be removed.',
79 'content' => 'Using $content of class SetupModuleController from the outside is discouraged, as this variable is only used for internal storage.',
80 'overrideConf' => 'Using $overrideConf of class SetupModuleController from the outside is discouraged, as this variable is only used for internal storage.',
81 'languageUpdate' => 'Using $languageUpdate of class SetupModuleController from the outside is discouraged, as this variable is only used for internal storage.',
82 ];
83
84 /**
85 * @var array
86 */
87 protected $MOD_MENU = [];
88
89 /**
90 * @var array
91 */
92 protected $MOD_SETTINGS = [];
93
94 /**
95 * @var string
96 */
97 protected $content;
98
99 /**
100 * @var array
101 */
102 protected $overrideConf;
103
104 /**
105 * @deprecated will be removed in TYPO3 v10
106 */
107 protected $OLD_BE_USER;
108
109 /**
110 * @var bool
111 */
112 protected $languageUpdate;
113
114 /**
115 * @var bool
116 */
117 protected $pagetreeNeedsRefresh = false;
118
119 /**
120 * @var bool
121 */
122 protected $isAdmin;
123
124 /**
125 * @var array
126 */
127 protected $tsFieldConf;
128
129 /**
130 * @var bool
131 */
132 protected $saveData = false;
133
134 /**
135 * @var int
136 */
137 protected $passwordIsUpdated = self::PASSWORD_NOT_UPDATED;
138
139 /**
140 * @var bool
141 */
142 protected $passwordIsSubmitted = false;
143
144 /**
145 * @var bool
146 */
147 protected $setupIsUpdated = false;
148
149 /**
150 * @var bool
151 */
152 protected $settingsAreResetToDefault = false;
153
154 /**
155 * Form protection instance
156 *
157 * @var \TYPO3\CMS\Core\FormProtection\BackendFormProtection
158 */
159 protected $formProtection;
160
161 /**
162 * @var string
163 */
164 protected $simulateSelector = '';
165
166 /**
167 * @var int
168 */
169 protected $simUser;
170
171 /**
172 * The name of the module
173 *
174 * @var string
175 */
176 protected $moduleName = 'user_setup';
177
178 /**
179 * ModuleTemplate object
180 *
181 * @var ModuleTemplate
182 */
183 protected $moduleTemplate;
184
185 /**
186 * Instantiate the form protection before a simulated user is initialized.
187 */
188 public function __construct()
189 {
190 $this->moduleTemplate = GeneralUtility::makeInstance(ModuleTemplate::class);
191 $this->formProtection = FormProtectionFactory::get();
192 $pageRenderer = $this->moduleTemplate->getPageRenderer();
193 $pageRenderer->loadRequireJsModule('TYPO3/CMS/Backend/Modal');
194 $pageRenderer->loadRequireJsModule('TYPO3/CMS/Backend/FormEngine');
195 $pageRenderer->addInlineSetting('FormEngine', 'formName', 'editform');
196 $pageRenderer->addInlineLanguageLabelArray([
197 'FormEngine.remainingCharacters' => 'LLL:EXT:core/Resources/Private/Language/locallang_core.xlf:labels.remainingCharacters',
198 ], true);
199 }
200
201 /**
202 * Getter for the form protection instance.
203 *
204 * @return \TYPO3\CMS\Core\FormProtection\BackendFormProtection
205 * @deprecated and will be removed in TYPO3 v10.0.
206 */
207 public function getFormProtection()
208 {
209 trigger_error('Method will be removed in TYPO3 v10', E_USER_DEPRECATED);
210 return $this->formProtection;
211 }
212
213 /**
214 * If settings are submitted to _POST[DATA], store them
215 * NOTICE: This method is called before the \TYPO3\CMS\Backend\Template\ModuleTemplate
216 * is included. See bottom of document.
217 */
218 public function storeIncomingData()
219 {
220 // First check if something is submitted in the data-array from POST vars
221 $d = GeneralUtility::_POST('data');
222 $columns = $GLOBALS['TYPO3_USER_SETTINGS']['columns'];
223 $backendUser = $this->getBackendUser();
224 $beUserId = $backendUser->user['uid'];
225 $storeRec = [];
226 $fieldList = $this->getFieldsFromShowItem();
227 if (is_array($d) && $this->formProtection->validateToken((string)GeneralUtility::_POST('formToken'), 'BE user setup', 'edit')) {
228 // UC hashed before applying changes
229 $save_before = md5(serialize($backendUser->uc));
230 // PUT SETTINGS into the ->uc array:
231 // Reload left frame when switching BE language
232 if (isset($d['lang']) && $d['lang'] != $backendUser->uc['lang']) {
233 $this->languageUpdate = true;
234 }
235 // Reload pagetree if the title length is changed
236 if (isset($d['titleLen']) && $d['titleLen'] !== $backendUser->uc['titleLen']) {
237 $this->pagetreeNeedsRefresh = true;
238 }
239 if ($d['setValuesToDefault']) {
240 // If every value should be default
241 $backendUser->resetUC();
242 $this->settingsAreResetToDefault = true;
243 } elseif ($d['save']) {
244 // Save all submitted values if they are no array (arrays are with table=be_users) and exists in $GLOBALS['TYPO3_USER_SETTINGS'][columns]
245 foreach ($columns as $field => $config) {
246 if (!in_array($field, $fieldList)) {
247 continue;
248 }
249 if ($config['table']) {
250 if ($config['table'] === 'be_users' && !in_array($field, ['password', 'password2', 'passwordCurrent', 'email', 'realName', 'admin', 'avatar'])) {
251 if (!isset($config['access']) || $this->checkAccess($config) && $backendUser->user[$field] !== $d['be_users'][$field]) {
252 if ($config['type'] === 'check') {
253 $fieldValue = isset($d['be_users'][$field]) ? 1 : 0;
254 } else {
255 $fieldValue = $d['be_users'][$field];
256 }
257 $storeRec['be_users'][$beUserId][$field] = $fieldValue;
258 $backendUser->user[$field] = $fieldValue;
259 }
260 }
261 }
262 if ($config['type'] === 'check') {
263 $backendUser->uc[$field] = isset($d[$field]) ? 1 : 0;
264 } else {
265 $backendUser->uc[$field] = htmlspecialchars($d[$field]);
266 }
267 }
268 // Personal data for the users be_user-record (email, name, password...)
269 // If email and name is changed, set it in the users record:
270 $be_user_data = $d['be_users'];
271 // Possibility to modify the transmitted values. Useful to do transformations, like RSA password decryption
272 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['modifyUserDataBeforeSave'] ?? [] as $function) {
273 $params = ['be_user_data' => &$be_user_data];
274 GeneralUtility::callUserFunction($function, $params, $this);
275 }
276 $this->passwordIsSubmitted = (string)$be_user_data['password'] !== '';
277 $passwordIsConfirmed = $this->passwordIsSubmitted && $be_user_data['password'] === $be_user_data['password2'];
278 // Update the real name:
279 if ($be_user_data['realName'] !== $backendUser->user['realName']) {
280 $backendUser->user['realName'] = ($storeRec['be_users'][$beUserId]['realName'] = substr($be_user_data['realName'], 0, 80));
281 }
282 // Update the email address:
283 if ($be_user_data['email'] !== $backendUser->user['email']) {
284 $backendUser->user['email'] = ($storeRec['be_users'][$beUserId]['email'] = substr($be_user_data['email'], 0, 80));
285 }
286 // Update the password:
287 if ($passwordIsConfirmed) {
288 if ($this->isAdmin) {
289 $passwordOk = true;
290 } else {
291 $currentPasswordHashed = $GLOBALS['BE_USER']->user['password'];
292 $passwordOk = false;
293 $saltFactory = GeneralUtility::makeInstance(SaltFactory::class);
294 try {
295 $hashInstance = $saltFactory->get($currentPasswordHashed, 'BE');
296 $passwordOk = $hashInstance->checkPassword($be_user_data['passwordCurrent'], $currentPasswordHashed);
297 } catch (InvalidSaltException $e) {
298 // Could not find hash class responsible for existing password. This is a
299 // misconfiguration and user can not change its password.
300 }
301 }
302 if ($passwordOk) {
303 $this->passwordIsUpdated = self::PASSWORD_UPDATED;
304 $storeRec['be_users'][$beUserId]['password'] = $be_user_data['password'];
305 } else {
306 $this->passwordIsUpdated = self::PASSWORD_OLD_WRONG;
307 }
308 } else {
309 $this->passwordIsUpdated = self::PASSWORD_NOT_THE_SAME;
310 }
311
312 $this->setAvatarFileUid($beUserId, $be_user_data['avatar'], $storeRec);
313
314 $this->saveData = true;
315 }
316 // Inserts the overriding values.
317 $backendUser->overrideUC();
318 $save_after = md5(serialize($backendUser->uc));
319 // If something in the uc-array of the user has changed, we save the array...
320 if ($save_before != $save_after) {
321 $backendUser->writeUC($backendUser->uc);
322 $backendUser->writelog(254, 1, 0, 1, 'Personal settings changed', []);
323 $this->setupIsUpdated = true;
324 }
325 // Persist data if something has changed:
326 if (!empty($storeRec) && $this->saveData) {
327 // Make instance of TCE for storing the changes.
328 $dataHandler = GeneralUtility::makeInstance(DataHandler::class);
329 $dataHandler->start($storeRec, []);
330 $dataHandler->admin = true;
331 // This is to make sure that the users record can be updated even if in another workspace. This is tolerated.
332 $dataHandler->bypassWorkspaceRestrictions = true;
333 $dataHandler->process_datamap();
334 if ($this->passwordIsUpdated === self::PASSWORD_NOT_UPDATED || count($storeRec['be_users'][$beUserId]) > 1) {
335 $this->setupIsUpdated = true;
336 }
337 BackendUtility::setUpdateSignal('updateTopbar');
338 }
339 }
340 }
341
342 /**
343 * Initializes the module for display of the settings form.
344 */
345 public function init()
346 {
347 $this->getLanguageService()->includeLLFile('EXT:setup/Resources/Private/Language/locallang.xlf');
348 $backendUser = $this->getBackendUser();
349 $this->isAdmin = $backendUser->isAdmin();
350 // Getting the 'override' values as set might be set in User TSconfig
351 $this->overrideConf = $backendUser->getTSConfig()['setup.']['override.'] ?? null;
352 // Getting the disabled fields might be set in User TSconfig (eg setup.fields.password.disabled=1)
353 $this->tsFieldConf = $backendUser->getTSConfig()['setup.']['fields.'] ?? null;
354 // id password is disabled, disable repeat of password too (password2)
355 if (isset($this->tsFieldConf['password.']) && $this->tsFieldConf['password.']['disabled']) {
356 $this->tsFieldConf['password2.']['disabled'] = 1;
357 $this->tsFieldConf['passwordCurrent.']['disabled'] = 1;
358 }
359 }
360
361 /**
362 * Generate necessary JavaScript
363 *
364 * @return string
365 */
366 protected function getJavaScript()
367 {
368 $javaScript = '';
369 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['setupScriptHook'] ?? [] as $function) {
370 $params = [];
371 $javaScript .= GeneralUtility::callUserFunction($function, $params, $this);
372 }
373 return $javaScript;
374 }
375
376 /**
377 * Generate the main settings form:
378 */
379 public function main()
380 {
381 $uriBuilder = GeneralUtility::makeInstance(UriBuilder::class);
382 $this->content .= '<form action="' . (string)$uriBuilder->buildUriFromRoute('user_setup') . '" method="post" id="SetupModuleController" name="usersetup" enctype="multipart/form-data">';
383 if ($this->languageUpdate) {
384 $this->moduleTemplate->addJavaScriptCode('languageUpdate', '
385 if (top && top.TYPO3.ModuleMenu.App) {
386 top.TYPO3.ModuleMenu.App.refreshMenu();
387 }
388 ');
389 }
390 if ($this->pagetreeNeedsRefresh) {
391 BackendUtility::setUpdateSignal('updatePageTree');
392 }
393 // Start page:
394 $this->moduleTemplate->getPageRenderer()->addJsFile('EXT:backend/Resources/Public/JavaScript/md5.js');
395 // Use a wrapper div
396 $this->content .= '<div id="user-setup-wrapper">';
397 $this->content .= $this->moduleTemplate->header($this->getLanguageService()->getLL('UserSettings'));
398 $this->addFlashMessages();
399
400 // Render the menu items
401 $menuItems = $this->renderUserSetup();
402 $this->content .= $this->moduleTemplate->getDynamicTabMenu($menuItems, 'user-setup', 1, false, false);
403 $formToken = $this->formProtection->generateToken('BE user setup', 'edit');
404 $this->content .= '<div>';
405 $this->content .= '<input type="hidden" name="simUser" value="' . (int)$this->simUser . '" />
406 <input type="hidden" name="formToken" value="' . htmlspecialchars($formToken) . '" />
407 <input type="hidden" value="1" name="data[save]" />
408 <input type="hidden" name="data[setValuesToDefault]" value="0" id="setValuesToDefault" />';
409 $this->content .= '</div>';
410 // End of wrapper div
411 $this->content .= '</div>';
412 // Setting up the buttons and markers for docheader
413 $this->getButtons();
414 // Build the <body> for the module
415 // Renders the module page
416 $this->moduleTemplate->setContent($this->content);
417 $this->content .= '</form>';
418 }
419
420 /**
421 * Injects the request object for the current request or subrequest
422 * Simply calls main() and init() and writes the content to the response
423 *
424 * @param ServerRequestInterface $request the current request
425 * @return ResponseInterface the response with the content
426 */
427 public function mainAction(ServerRequestInterface $request): ResponseInterface
428 {
429 $this->init();
430 $this->storeIncomingData();
431 $this->main();
432 return new HtmlResponse($this->moduleTemplate->renderContent());
433 }
434
435 /**
436 * Create the panel of buttons for submitting the form or otherwise perform operations.
437 */
438 protected function getButtons()
439 {
440 $buttonBar = $this->moduleTemplate->getDocHeaderComponent()->getButtonBar();
441 $cshButton = $buttonBar->makeHelpButton()
442 ->setModuleName('_MOD_user_setup')
443 ->setFieldName('');
444 $buttonBar->addButton($cshButton);
445
446 $saveButton = $buttonBar->makeInputButton()
447 ->setName('data[save]')
448 ->setTitle($this->getLanguageService()->sL('LLL:EXT:core/Resources/Private/Language/locallang_core.xlf:rm.saveDoc'))
449 ->setValue('1')
450 ->setForm('SetupModuleController')
451 ->setShowLabelText(true)
452 ->setIcon($this->moduleTemplate->getIconFactory()->getIcon('actions-document-save', Icon::SIZE_SMALL));
453
454 $buttonBar->addButton($saveButton);
455 $shortcutButton = $buttonBar->makeShortcutButton()
456 ->setModuleName($this->moduleName);
457 $buttonBar->addButton($shortcutButton);
458 }
459
460 /******************************
461 *
462 * Render module
463 *
464 ******************************/
465
466 /**
467 * renders the data for all tabs in the user setup and returns
468 * everything that is needed with tabs and dyntab menu
469 *
470 * @return array Ready to use for the dyntabmenu itemarray
471 */
472 protected function renderUserSetup()
473 {
474 $backendUser = $this->getBackendUser();
475 $html = '';
476 $result = [];
477 $firstTabLabel = '';
478 $code = [];
479 $fieldArray = $this->getFieldsFromShowItem();
480 $tabLabel = '';
481 foreach ($fieldArray as $fieldName) {
482 $config = $GLOBALS['TYPO3_USER_SETTINGS']['columns'][$fieldName];
483 if (isset($config['access']) && !$this->checkAccess($config)) {
484 continue;
485 }
486
487 if (substr($fieldName, 0, 8) === '--div--;') {
488 if ($firstTabLabel === '') {
489 // First tab
490 $tabLabel = $this->getLabel(substr($fieldName, 8), '', false);
491 $firstTabLabel = $tabLabel;
492 } else {
493 $result[] = [
494 'label' => $tabLabel,
495 'content' => count($code) ? implode(LF, $code) : ''
496 ];
497 $tabLabel = $this->getLabel(substr($fieldName, 8), '', false);
498 $code = [];
499 }
500 continue;
501 }
502 $label = $this->getLabel($config['label'], $fieldName);
503 $label = $this->getCSH($config['csh'] ?: $fieldName, $label);
504 $type = $config['type'];
505 $class = $config['class'];
506 if ($type !== 'check') {
507 $class .= ' form-control';
508 }
509 $more = '';
510 if ($class) {
511 $more .= ' class="' . htmlspecialchars($class) . '"';
512 }
513 $style = $config['style'];
514 if ($style) {
515 $more .= ' style="' . htmlspecialchars($style) . '"';
516 }
517 if (isset($this->overrideConf[$fieldName])) {
518 $more .= ' disabled="disabled"';
519 }
520 $value = $config['table'] === 'be_users' ? $backendUser->user[$fieldName] : $backendUser->uc[$fieldName];
521 if (!$value && isset($config['default'])) {
522 $value = $config['default'];
523 }
524 $dataAdd = '';
525 if ($config['table'] === 'be_users') {
526 $dataAdd = '[be_users]';
527 }
528
529 switch ($type) {
530 case 'text':
531 case 'number':
532 case 'email':
533 case 'password':
534 $noAutocomplete = '';
535
536 $maxLength = $config['max'] ?? 0;
537 if ((int)$maxLength > 0) {
538 $more .= ' maxlength="' . (int)$maxLength . '"';
539 }
540
541 if ($type === 'password') {
542 $value = '';
543 $noAutocomplete = 'autocomplete="off" ';
544 $more .= ' data-rsa-encryption=""';
545 }
546 $html = '<input id="field_' . htmlspecialchars($fieldName) . '"
547 type="' . htmlspecialchars($type) . '"
548 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']" ' .
549 $noAutocomplete .
550 'value="' . htmlspecialchars($value) . '" ' .
551 $more .
552 ' />';
553 break;
554 case 'check':
555 $html = $label . '<div class="checkbox"><label><input id="field_' . htmlspecialchars($fieldName) . '"
556 type="checkbox"
557 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' .
558 ($value ? ' checked="checked"' : '') .
559 $more .
560 ' /></label></div>';
561 $label = '';
562 break;
563 case 'select':
564 if ($config['itemsProcFunc']) {
565 $html = GeneralUtility::callUserFunction($config['itemsProcFunc'], $config, $this);
566 } else {
567 $html = '<select id="field_' . htmlspecialchars($fieldName) . '"
568 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' .
569 $more . '>' . LF;
570 foreach ($config['items'] as $key => $optionLabel) {
571 $html .= '<option value="' . htmlspecialchars($key) . '"' . ($value == $key ? ' selected="selected"' : '') . '>' . $this->getLabel($optionLabel, '', false) . '</option>' . LF;
572 }
573 $html .= '</select>';
574 }
575 break;
576 case 'user':
577 $html = GeneralUtility::callUserFunction($config['userFunc'], $config, $this);
578 break;
579 case 'button':
580 if ($config['onClick']) {
581 $onClick = $config['onClick'];
582 if ($config['onClickLabels']) {
583 foreach ($config['onClickLabels'] as $key => $labelclick) {
584 $config['onClickLabels'][$key] = $this->getLabel($labelclick, '', false);
585 }
586 $onClick = vsprintf($onClick, $config['onClickLabels']);
587 }
588 $html = '<br><input class="btn btn-default" type="button"
589 value="' . $this->getLabel($config['buttonlabel'], '', false) . '"
590 onclick="' . $onClick . '" />';
591 }
592 if (!empty($config['confirm'])) {
593 $confirmData = $config['confirmData'];
594 $html = '<br><input class="btn btn-default t3js-modal-trigger" type="button"'
595 . ' value="' . $this->getLabel($config['buttonlabel'], '', false) . '"'
596 . ' data-href="javascript:' . htmlspecialchars($confirmData['jsCodeAfterOk']) . '"'
597 . ' data-severity="warning"'
598 . ' data-title="' . $this->getLabel($config['label'], '', false) . '"'
599 . ' data-content="' . $this->getLabel($confirmData['message'], '', false) . '" />';
600 }
601 break;
602 case 'avatar':
603 // Get current avatar image
604 $html = '<br>';
605 $avatarFileUid = $this->getAvatarFileUid($backendUser->user['uid']);
606
607 if ($avatarFileUid) {
608 $defaultAvatarProvider = GeneralUtility::makeInstance(DefaultAvatarProvider::class);
609 $avatarImage = $defaultAvatarProvider->getImage($backendUser->user, 32);
610 if ($avatarImage) {
611 $icon = '<span class="avatar"><span class="avatar-image">' .
612 '<img src="' . htmlspecialchars($avatarImage->getUrl(true)) . '"' .
613 ' width="' . (int)$avatarImage->getWidth() . '" ' .
614 'height="' . (int)$avatarImage->getHeight() . '" />' .
615 '</span></span>';
616 $html .= '<span class="pull-left" style="padding-right: 10px" id="image_' . htmlspecialchars($fieldName) . '">' . $icon . ' </span>';
617 }
618 }
619 $html .= '<input id="field_' . htmlspecialchars($fieldName) . '" type="hidden" ' .
620 'name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' . $more .
621 ' value="' . (int)$avatarFileUid . '" />';
622
623 $html .= '<div class="btn-group">';
624 $iconFactory = GeneralUtility::makeInstance(IconFactory::class);
625 if ($avatarFileUid) {
626 $html .=
627 '<a id="clear_button_' . htmlspecialchars($fieldName) . '" '
628 . 'onclick="clearExistingImage(); return false;" class="btn btn-default">'
629 . $iconFactory->getIcon('actions-delete', Icon::SIZE_SMALL)
630 . '</a>';
631 }
632 $html .=
633 '<a id="add_button_' . htmlspecialchars($fieldName) . '" class="btn btn-default btn-add-avatar"'
634 . ' onclick="openFileBrowser();return false;">'
635 . $iconFactory->getIcon('actions-insert-record', Icon::SIZE_SMALL)
636 . '</a></div>';
637
638 $this->addAvatarButtonJs($fieldName);
639 break;
640 default:
641 $html = '';
642 }
643
644 $code[] = '<div class="form-section"><div class="row"><div class="form-group t3js-formengine-field-item col-md-12">' .
645 $label .
646 $html .
647 '</div></div></div>';
648 }
649
650 $result[] = [
651 'label' => $tabLabel,
652 'content' => count($code) ? implode(LF, $code) : ''
653 ];
654 return $result;
655 }
656
657 /**
658 * Return a select with available languages
659 *
660 * @return string Complete select as HTML string or warning box if something went wrong.
661 */
662 public function renderLanguageSelect()
663 {
664 $backendUser = $this->getBackendUser();
665 $language = $this->getLanguageService();
666 $languageOptions = [];
667 // Compile the languages dropdown
668 $langDefault = htmlspecialchars($language->getLL('lang_default'));
669 $languageOptions[$langDefault] = '<option value=""' . ($backendUser->uc['lang'] === '' ? ' selected="selected"' : '') . '>' . $langDefault . '</option>';
670 // Traverse the number of languages
671 $locales = GeneralUtility::makeInstance(Locales::class);
672 $languages = $locales->getLanguages();
673 foreach ($languages as $locale => $name) {
674 if ($locale !== 'default') {
675 $defaultName = isset($GLOBALS['LOCAL_LANG']['default']['lang_' . $locale]) ? $GLOBALS['LOCAL_LANG']['default']['lang_' . $locale][0]['source'] : $name;
676 $localizedName = htmlspecialchars($language->getLL('lang_' . $locale));
677 if ($localizedName === '') {
678 $localizedName = htmlspecialchars($name);
679 }
680 $localLabel = ' - [' . htmlspecialchars($defaultName) . ']';
681 $available = is_dir(Environment::getLegacyConfigPath() . '/l10n/' . $locale);
682 if ($available) {
683 $languageOptions[$defaultName] = '<option value="' . $locale . '"' . ($backendUser->uc['lang'] === $locale ? ' selected="selected"' : '') . '>' . $localizedName . $localLabel . '</option>';
684 }
685 }
686 }
687 ksort($languageOptions);
688 $languageCode = '
689 <select id="field_lang" name="data[lang]" class="form-control">' . implode('', $languageOptions) . '
690 </select>';
691 if ($backendUser->uc['lang'] && !@is_dir(Environment::getLegacyConfigPath() . '/l10n/' . $backendUser->uc['lang'])) {
692 // TODO: The text constants have to be moved into language files
693 $languageUnavailableWarning = 'The selected language "' . htmlspecialchars($language->getLL('lang_' . $backendUser->uc['lang'])) . '" is not available before the language files are installed.&nbsp;&nbsp;<br />&nbsp;&nbsp;' . ($backendUser->isAdmin() ? 'You can use the Language module to easily download new language files.' : 'Please ask your system administrator to do this.');
694 $languageCode = '<br /><span class="label label-danger">' . $languageUnavailableWarning . '</span><br /><br />' . $languageCode;
695 }
696 return $languageCode;
697 }
698
699 /**
700 * Returns a select with all modules for startup
701 *
702 * @return string Complete select as HTML string
703 */
704 public function renderStartModuleSelect()
705 {
706 // Load available backend modules
707 $backendUser = $this->getBackendUser();
708 $language = $this->getLanguageService();
709 $loadModules = GeneralUtility::makeInstance(ModuleLoader::class);
710 $loadModules->observeWorkspaces = true;
711 $loadModules->load($GLOBALS['TBE_MODULES']);
712 $startModuleSelect = '<option value="">' . htmlspecialchars($language->getLL('startModule.firstInMenu')) . '</option>';
713 foreach ($loadModules->modules as $mainMod => $modData) {
714 if (!empty($modData['sub']) && is_array($modData['sub'])) {
715 $modules = '';
716 foreach ($modData['sub'] as $subData) {
717 $modName = $subData['name'];
718 $modules .= '<option value="' . htmlspecialchars($modName) . '"';
719 $modules .= $backendUser->uc['startModule'] === $modName ? ' selected="selected"' : '';
720 $modules .= '>' . htmlspecialchars($language->sL($loadModules->getLabelsForModule($modName)['title'])) . '</option>';
721 }
722 $groupLabel = htmlspecialchars($language->sL($loadModules->getLabelsForModule($mainMod)['title']));
723 $startModuleSelect .= '<optgroup label="' . htmlspecialchars($groupLabel) . '">' . $modules . '</optgroup>';
724 }
725 }
726 return '<select id="field_startModule" name="data[startModule]" class="form-control">' . $startModuleSelect . '</select>';
727 }
728
729 /**
730 * Will make the simulate-user selector if the logged in user is administrator.
731 * It will also set the GLOBAL(!) BE_USER to the simulated user selected if any (and set $this->OLD_BE_USER to logged in user)
732 *
733 * @deprecated and will be removed in TYPO3 v10.0.
734 */
735 public function simulateUser()
736 {
737 trigger_error('Method will be removed in TYPO3 v10', E_USER_DEPRECATED);
738 // If admin, allow simulation of another user
739 $this->simUser = 0;
740 $this->simulateSelector = '';
741 unset($this->OLD_BE_USER);
742 $currentBeUser = $this->getBackendUser();
743 if ($currentBeUser->isAdmin()) {
744 $this->simUser = (int)GeneralUtility::_GP('simUser');
745 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_users');
746 $users = $queryBuilder
747 ->select('*')
748 ->from('be_users')
749 ->where(
750 $queryBuilder->expr()->neq(
751 'uid',
752 $queryBuilder->createNamedParameter($currentBeUser->user['uid'], \PDO::PARAM_INT)
753 ),
754 $queryBuilder->expr()->notLike(
755 'username',
756 $queryBuilder->createNamedParameter(
757 $queryBuilder->escapeLikeWildcards('_cli_') . '%',
758 \PDO::PARAM_STR
759 )
760 )
761 )
762 ->orderBy('username')
763 ->execute()
764 ->fetchAll();
765 $opt = [];
766 foreach ($users as $rr) {
767 $label = $rr['username'] . ($rr['realName'] ? ' (' . $rr['realName'] . ')' : '');
768 $opt[] = '<option value="' . (int)$rr['uid'] . '"' . ($this->simUser === (int)$rr['uid'] ? ' selected="selected"' : '') . '>' . htmlspecialchars($label) . '</option>';
769 }
770 if (!empty($opt)) {
771 $uriBuilder = GeneralUtility::makeInstance(UriBuilder::class);
772 $this->simulateSelector = '<select id="field_simulate" class="form-control" name="simulateUser" onchange="window.location.href=' . GeneralUtility::quoteJSvalue((string)$uriBuilder->buildUriFromRoute('user_setup') . '&simUser=') . '+this.options[this.selectedIndex].value;"><option></option>' . implode('', $opt) . '</select>';
773 }
774 }
775 // This can only be set if the previous code was executed.
776 if ($this->simUser > 0) {
777 // Save old user...
778 $this->OLD_BE_USER = $currentBeUser;
779 // Unset current
780 // New backend user object
781 $currentBeUser = GeneralUtility::makeInstance(BackendUserAuthentication::class);
782 $currentBeUser->setBeUserByUid($this->simUser);
783 $currentBeUser->fetchGroupData();
784 $currentBeUser->backendSetUC();
785 }
786 }
787
788 /**
789 * Returns access check (currently only "admin" is supported)
790 *
791 * @param array $config Configuration of the field, access mode is defined in key 'access'
792 * @return bool Whether it is allowed to modify the given field
793 */
794 protected function checkAccess(array $config)
795 {
796 $access = $config['access'];
797
798 if (isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['setup']['accessLevelCheck'][$access])) {
799 if (class_exists($access)) {
800 $accessObject = GeneralUtility::makeInstance($access);
801 if (method_exists($accessObject, 'accessLevelCheck')) {
802 // Initialize vars. If method fails, $set will be set to FALSE
803 return $accessObject->accessLevelCheck($config);
804 }
805 }
806 } elseif ($access === 'admin') {
807 return $this->isAdmin;
808 }
809
810 return false;
811 }
812
813 /**
814 * Returns the label $str from getLL() and grays out the value if the $str/$key is found in $this->overrideConf array
815 *
816 * @param string $str Locallang key
817 * @param string $key Alternative override-config key
818 * @param bool $addLabelTag Defines whether the string should be wrapped in a <label> tag.
819 * @return string HTML output.
820 */
821 protected function getLabel($str, $key = '', $addLabelTag = true)
822 {
823 if (substr($str, 0, 4) === 'LLL:') {
824 $out = htmlspecialchars($this->getLanguageService()->sL($str));
825 } else {
826 $out = htmlspecialchars($str);
827 }
828 if (isset($this->overrideConf[$key ?: $str])) {
829 $out = '<span style="color:#999999">' . $out . '</span>';
830 }
831 if ($addLabelTag) {
832 $out = '<label>' . $out . '</label>';
833 }
834 return $out;
835 }
836
837 /**
838 * Returns the CSH Icon for given string
839 *
840 * @param string $str Locallang key
841 * @param string $label The label to be used, that should be wrapped in help
842 * @return string HTML output.
843 */
844 protected function getCSH($str, $label)
845 {
846 $context = '_MOD_user_setup';
847 $field = $str;
848 $strParts = explode(':', $str);
849 if (count($strParts) > 1) {
850 // Setting comes from another extension
851 $context = $strParts[0];
852 $field = $strParts[1];
853 } elseif ($str !== 'language' && $str !== 'simuser' && $str !== 'reset') {
854 $field = 'option_' . $str;
855 }
856 return BackendUtility::wrapInHelp($context, $field, $label);
857 }
858
859 /**
860 * Returns array with fields defined in $GLOBALS['TYPO3_USER_SETTINGS']['showitem']
861 * Remove fields which are disabled by user TSconfig
862 *
863 * @return string[] Array with field names visible in form
864 */
865 protected function getFieldsFromShowItem()
866 {
867 $allowedFields = GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_USER_SETTINGS']['showitem'], true);
868 // do not ask for current password if admin (unknown for other users and no security gain)
869 if ($this->isAdmin) {
870 $key = array_search('passwordCurrent', $allowedFields);
871 if ($key !== false) {
872 unset($allowedFields[$key]);
873 }
874 }
875 if (!is_array($this->tsFieldConf)) {
876 return $allowedFields;
877 }
878 foreach ($this->tsFieldConf as $fieldName => $userTsFieldConfig) {
879 if (!empty($userTsFieldConfig['disabled'])) {
880 $fieldName = rtrim($fieldName, '.');
881 $key = array_search($fieldName, $allowedFields);
882 if ($key !== false) {
883 unset($allowedFields[$key]);
884 }
885 }
886 }
887 return $allowedFields;
888 }
889
890 /**
891 * Get Avatar fileUid
892 *
893 * @param int $beUserId
894 * @return int
895 */
896 protected function getAvatarFileUid($beUserId)
897 {
898 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('sys_file_reference');
899 $file = $queryBuilder
900 ->select('uid_local')
901 ->from('sys_file_reference')
902 ->where(
903 $queryBuilder->expr()->eq(
904 'tablenames',
905 $queryBuilder->createNamedParameter('be_users', \PDO::PARAM_STR)
906 ),
907 $queryBuilder->expr()->eq(
908 'fieldname',
909 $queryBuilder->createNamedParameter('avatar', \PDO::PARAM_STR)
910 ),
911 $queryBuilder->expr()->eq(
912 'table_local',
913 $queryBuilder->createNamedParameter('sys_file', \PDO::PARAM_STR)
914 ),
915 $queryBuilder->expr()->eq(
916 'uid_foreign',
917 $queryBuilder->createNamedParameter($beUserId, \PDO::PARAM_INT)
918 )
919 )
920 ->execute()
921 ->fetchColumn();
922 return (int)$file;
923 }
924
925 /**
926 * Set avatar fileUid for backend user
927 *
928 * @param int $beUserId
929 * @param int $fileUid
930 * @param array $storeRec
931 */
932 protected function setAvatarFileUid($beUserId, $fileUid, array &$storeRec)
933 {
934
935 // Update is only needed when new fileUid is set
936 if ((int)$fileUid === $this->getAvatarFileUid($beUserId)) {
937 return;
938 }
939
940 // If user is not allowed to modify avatar $fileUid is empty - so don't overwrite existing avatar
941 if (empty($fileUid)) {
942 return;
943 }
944
945 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('sys_file_reference');
946 $queryBuilder->getRestrictions()->removeAll();
947 $queryBuilder
948 ->delete('sys_file_reference')
949 ->where(
950 $queryBuilder->expr()->eq(
951 'tablenames',
952 $queryBuilder->createNamedParameter('be_users', \PDO::PARAM_STR)
953 ),
954 $queryBuilder->expr()->eq(
955 'fieldname',
956 $queryBuilder->createNamedParameter('avatar', \PDO::PARAM_STR)
957 ),
958 $queryBuilder->expr()->eq(
959 'table_local',
960 $queryBuilder->createNamedParameter('sys_file', \PDO::PARAM_STR)
961 ),
962 $queryBuilder->expr()->eq(
963 'uid_foreign',
964 $queryBuilder->createNamedParameter($beUserId, \PDO::PARAM_INT)
965 )
966 )
967 ->execute();
968
969 // If Avatar is marked for delete => set it to empty string so it will be updated properly
970 if ($fileUid === 'delete') {
971 $fileUid = '';
972 }
973
974 // Create new reference
975 if ($fileUid) {
976
977 // Get file object
978 try {
979 $file = ResourceFactory::getInstance()->getFileObject($fileUid);
980 } catch (FileDoesNotExistException $e) {
981 $file = false;
982 }
983
984 // Check if user is allowed to use the image (only when not in simulation mode)
985 if ($file && $this->simUser === 0 && !$file->getStorage()->checkFileActionPermission('read', $file)) {
986 $file = false;
987 }
988
989 // Check if extension is allowed
990 if ($file && GeneralUtility::inList($GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext'], $file->getExtension())) {
991
992 // Create new file reference
993 $storeRec['sys_file_reference']['NEW1234'] = [
994 'uid_local' => (int)$fileUid,
995 'uid_foreign' => (int)$beUserId,
996 'tablenames' => 'be_users',
997 'fieldname' => 'avatar',
998 'pid' => 0,
999 'table_local' => 'sys_file',
1000 ];
1001 $storeRec['be_users'][(int)$beUserId]['avatar'] = 'NEW1234';
1002 }
1003 }
1004 }
1005
1006 /**
1007 * Add JavaScript to for browse files button
1008 *
1009 * @param string $fieldName
1010 */
1011 protected function addAvatarButtonJs($fieldName)
1012 {
1013 $uriBuilder = GeneralUtility::makeInstance(UriBuilder::class);
1014 $this->moduleTemplate->addJavaScriptCode('avatar-button', '
1015 var browserWin="";
1016
1017 function openFileBrowser() {
1018 var url = ' . GeneralUtility::quoteJSvalue((string)$uriBuilder->buildUriFromRoute('wizard_element_browser', ['mode' => 'file', 'bparams' => '||||dummy|setFileUid'])) . ';
1019 browserWin = window.open(url,"Typo3WinBrowser","height=650,width=800,status=0,menubar=0,resizable=1,scrollbars=1");
1020 browserWin.focus();
1021 }
1022
1023 function clearExistingImage() {
1024 $(' . GeneralUtility::quoteJSvalue('#image_' . htmlspecialchars($fieldName)) . ').hide();
1025 $(' . GeneralUtility::quoteJSvalue('#clear_button_' . htmlspecialchars($fieldName)) . ').hide();
1026 $(' . GeneralUtility::quoteJSvalue('#field_' . htmlspecialchars($fieldName)) . ').val(\'delete\');
1027 }
1028
1029 function setFileUid(field, value, fileUid) {
1030 clearExistingImage();
1031 $(' . GeneralUtility::quoteJSvalue('#field_' . htmlspecialchars($fieldName)) . ').val(fileUid);
1032 $(' . GeneralUtility::quoteJSvalue('#add_button_' . htmlspecialchars($fieldName)) . ').removeClass(\'btn-default\').addClass(\'btn-info\');
1033
1034 browserWin.close();
1035 }
1036 ');
1037 }
1038
1039 /**
1040 * Returns the current BE user.
1041 *
1042 * @return \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
1043 */
1044 protected function getBackendUser()
1045 {
1046 return $GLOBALS['BE_USER'];
1047 }
1048
1049 /**
1050 * Returns LanguageService
1051 *
1052 * @return \TYPO3\CMS\Core\Localization\LanguageService
1053 */
1054 protected function getLanguageService()
1055 {
1056 return $GLOBALS['LANG'];
1057 }
1058
1059 /**
1060 * Add FlashMessages for various actions
1061 */
1062 protected function addFlashMessages()
1063 {
1064 $flashMessages = [];
1065
1066 // Show if setup was saved
1067 if ($this->setupIsUpdated && !$this->settingsAreResetToDefault) {
1068 $flashMessages[] = $this->getFlashMessage('setupWasUpdated', 'UserSettings');
1069 }
1070
1071 // Show if temporary data was cleared
1072 if ($this->settingsAreResetToDefault) {
1073 $flashMessages[] = $this->getFlashMessage('settingsAreReset', 'resetConfiguration');
1074 }
1075
1076 // Notice
1077 if ($this->setupIsUpdated || $this->settingsAreResetToDefault) {
1078 $flashMessages[] = $this->getFlashMessage('activateChanges', '', FlashMessage::INFO);
1079 }
1080
1081 // If password is updated, output whether it failed or was OK.
1082 if ($this->passwordIsSubmitted) {
1083 $flashMessage = null;
1084 switch ($this->passwordIsUpdated) {
1085 case self::PASSWORD_OLD_WRONG:
1086 $flashMessages[] = $this->getFlashMessage('oldPassword_failed', 'newPassword', FlashMessage::ERROR);
1087 break;
1088 case self::PASSWORD_NOT_THE_SAME:
1089 $flashMessages[] = $this->getFlashMessage('newPassword_failed', 'newPassword', FlashMessage::ERROR);
1090 break;
1091 case self::PASSWORD_UPDATED:
1092 $flashMessages[] = $this->getFlashMessage('newPassword_ok', 'newPassword');
1093 break;
1094 }
1095 }
1096 if (!empty($flashMessages)) {
1097 $this->enqueueFlashMessages($flashMessages);
1098 }
1099 }
1100
1101 /**
1102 * @param array $flashMessages
1103 * @throws \TYPO3\CMS\Core\Exception
1104 */
1105 protected function enqueueFlashMessages(array $flashMessages)
1106 {
1107 $flashMessageService = GeneralUtility::makeInstance(FlashMessageService::class);
1108 $defaultFlashMessageQueue = $flashMessageService->getMessageQueueByIdentifier();
1109 foreach ($flashMessages as $flashMessage) {
1110 $defaultFlashMessageQueue->enqueue($flashMessage);
1111 }
1112 }
1113
1114 /**
1115 * @param string $message
1116 * @param string $title
1117 * @param int $severity
1118 * @return FlashMessage
1119 */
1120 protected function getFlashMessage($message, $title, $severity = FlashMessage::OK)
1121 {
1122 $title = !empty($title) ? $this->getLanguageService()->getLL($title) : ' ';
1123 return GeneralUtility::makeInstance(
1124 FlashMessage::class,
1125 $this->getLanguageService()->getLL($message),
1126 $title,
1127 $severity
1128 );
1129 }
1130 }