Cleanup: Updated copyright comments
[Packages/TYPO3.CMS.git] / typo3 / sysext / felogin / pi1 / class.tx_felogin_pi1.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2007-2011 Steffen Kamper <info@sk-typo3.de>
6 * Based on Newloginbox (c) 2002-2004 Kasper Skårhøj <kasper@typo3.com>
7 *
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 *
19 * This script is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * This copyright notice MUST APPEAR in all copies of the script!
25 *
26 * The code was adapted from newloginbox, see manual for detailed description
27 ***************************************************************/
28 /**
29 * Plugin 'Website User Login' for the 'felogin' extension.
30 *
31 * @author Steffen Kamper <info@sk-typo3.de>
32 * @package TYPO3
33 * @subpackage tx_felogin
34 */
35 class tx_felogin_pi1 extends tslib_pibase {
36 var $prefixId = 'tx_felogin_pi1'; // Same as class name
37 var $scriptRelPath = 'pi1/class.tx_felogin_pi1.php'; // Path to this script relative to the extension dir.
38 var $extKey = 'felogin'; // The extension key.
39 public $pi_checkCHash = false;
40 public $pi_USER_INT_obj = true;
41
42 protected $userIsLoggedIn; // Is user logged in?
43 protected $template; // holds the template for FE rendering
44 protected $uploadDir; // upload dir, used for flexform template files
45 protected $redirectUrl; // URL for the redirect
46 protected $noRedirect = false; // flag for disable the redirect
47 protected $logintype; // logintype (given as GPvar), possible: login, logout
48
49 /**
50 * The main method of the plugin
51 *
52 * @param string $content: The PlugIn content
53 * @param array $conf: The PlugIn configuration
54 *
55 * @return string The content that is displayed on the website
56 */
57 public function main($content,$conf) {
58
59 // Loading TypoScript array into object variable:
60 $this->conf = $conf;
61 $this->uploadDir = 'uploads/tx_felogin/';
62
63 // Loading default pivars
64 $this->pi_setPiVarDefaults();
65
66 // Loading language-labels
67 $this->pi_loadLL();
68
69 // Init FlexForm configuration for plugin:
70 $this->pi_initPIflexForm();
71 $this->mergeflexFormValuesIntoConf();
72
73
74 // Get storage PIDs:
75 if ($this->conf['storagePid']) {
76 if (intval($this->conf['recursive'])) {
77 $this->spid = $this->pi_getPidList($this->conf['storagePid'], intval($this->conf['recursive']));
78 } else {
79 $this->spid = $this->conf['storagePid'];
80 }
81 } else {
82 $pids = $GLOBALS['TSFE']->getStorageSiterootPids();
83 $this->spid = $pids['_STORAGE_PID'];
84 }
85
86 // GPvars:
87 $this->logintype = t3lib_div::_GP('logintype');
88 $this->referer = $this->validateRedirectUrl(t3lib_div::_GP('referer'));
89 $this->noRedirect = ($this->piVars['noredirect'] || $this->conf['redirectDisable']);
90
91 // if config.typolinkLinkAccessRestrictedPages is set, the var is return_url
92 $returnUrl = t3lib_div::_GP('return_url');
93 if ($returnUrl) {
94 $this->redirectUrl = $returnUrl;
95 } else {
96 $this->redirectUrl = t3lib_div::_GP('redirect_url');
97 }
98 $this->redirectUrl = $this->validateRedirectUrl($this->redirectUrl);
99
100 // Get Template
101 $templateFile = $this->conf['templateFile'] ? $this->conf['templateFile'] : 'EXT:felogin/template.html';
102 $this->template = $this->cObj->fileResource($templateFile);
103
104 // Is user logged in?
105 $this->userIsLoggedIn = $GLOBALS['TSFE']->loginUser;
106
107 // Redirect
108 if ($this->conf['redirectMode'] && !$this->conf['redirectDisable'] && !$this->noRedirect) {
109 $redirectUrl = $this->processRedirect();
110 if (count($redirectUrl)) {
111 $this->redirectUrl = $this->conf['redirectFirstMethod'] ? array_shift($redirectUrl) : array_pop($redirectUrl);
112 } else {
113 $this->redirectUrl = '';
114 }
115 }
116
117 // What to display
118 $content='';
119 if ($this->piVars['forgot']) {
120 $content .= $this->showForgot();
121 } elseif ($this->piVars['forgothash']) {
122 $content .= $this->changePassword();
123 } else {
124 if($this->userIsLoggedIn && !$this->logintype) {
125 $content .= $this->showLogout();
126 } else {
127 $content .= $this->showLogin();
128 }
129 }
130
131 // Process the redirect
132 if (($this->logintype === 'login' || $this->logintype === 'logout') && $this->redirectUrl && !$this->noRedirect) {
133 if (!$GLOBALS['TSFE']->fe_user->cookieId) {
134 $content .= $this->cObj->stdWrap($this->pi_getLL('cookie_warning', '', 1), $this->conf['cookieWarning_stdWrap.']);
135 } else {
136 t3lib_utility_Http::redirect($this->redirectUrl);
137 }
138 }
139
140 // Adds hook for processing of extra item markers / special
141 if (isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent']) && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'])) {
142 $_params = array(
143 'content' => $content
144 );
145 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'] as $_funcRef) {
146 $content = t3lib_div::callUserFunction($_funcRef, $_params, $this);
147 }
148 }
149
150 return $this->conf['wrapContentInBaseClass'] ? $this->pi_wrapInBaseClass($content) : $content;
151
152 }
153
154 /**
155 * Shows the forgot password form
156 *
157 * @return string content
158 */
159 protected function showForgot() {
160 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_FORGOT###');
161 $subpartArray = $linkpartArray = array();
162 $postData = t3lib_div::_POST($this->prefixId);
163
164 if ($postData['forgot_email']) {
165
166 // get hashes for compare
167 $postedHash = $postData['forgot_hash'];
168 $hashData = $GLOBALS['TSFE']->fe_user->getKey('ses', 'forgot_hash');
169
170
171 if ($postedHash === $hashData['forgot_hash']) {
172 $row = FALSE;
173
174 // look for user record
175 $data = $GLOBALS['TYPO3_DB']->fullQuoteStr($this->piVars['forgot_email'], 'fe_users');
176 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
177 'uid, username, password, email',
178 'fe_users',
179 '(email=' . $data .' OR username=' . $data . ') AND pid IN ('.$GLOBALS['TYPO3_DB']->cleanIntList($this->spid).') '.$this->cObj->enableFields('fe_users')
180 );
181
182 if ($GLOBALS['TYPO3_DB']->sql_num_rows($res)) {
183 $row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res);
184 }
185
186 if ($row) {
187 // generate an email with the hashed link
188 $error = $this->generateAndSendHash($row);
189 }
190 // generate message
191 if ($error) {
192 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($error, $this->conf['forgotMessage_stdWrap.']);
193 } else {
194 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($this->pi_getLL('ll_forgot_reset_message_emailSent', '', 1), $this->conf['forgotMessage_stdWrap.']);
195 }
196 $subpartArray['###FORGOT_FORM###'] = '';
197
198
199 } else {
200 //wrong email
201 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
202 $markerArray['###BACKLINK_LOGIN###'] = '';
203 }
204 } else {
205 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
206 $markerArray['###BACKLINK_LOGIN###'] = '';
207 }
208
209 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink($this->pi_getLL('ll_forgot_header_backToLogin', '', 1), array());
210 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('forgot_header', $this->conf['forgotHeader_stdWrap.']);
211
212 $markerArray['###LEGEND###'] = $this->pi_getLL('reset_password', '', 1);
213 $markerArray['###ACTION_URI###'] = $this->getPageLink('', array($this->prefixId . '[forgot]'=>1), true);
214 $markerArray['###EMAIL_LABEL###'] = $this->pi_getLL('your_email', '', 1);
215 $markerArray['###FORGOT_PASSWORD_ENTEREMAIL###'] = $this->pi_getLL('forgot_password_enterEmail', '', 1);
216 $markerArray['###FORGOT_EMAIL###'] = $this->prefixId.'[forgot_email]';
217 $markerArray['###SEND_PASSWORD###'] = $this->pi_getLL('reset_password', '', 1);
218
219 $markerArray['###DATA_LABEL###'] = $this->pi_getLL('ll_enter_your_data', '', 1);
220
221
222
223 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
224
225 // generate hash
226 $hash = md5($this->generatePassword(3));
227 $markerArray['###FORGOTHASH###'] = $hash;
228 // set hash in feuser session
229 $GLOBALS['TSFE']->fe_user->setKey('ses', 'forgot_hash', array('forgot_hash' => $hash));
230
231
232 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
233 }
234
235 /**
236 * This function checks the hash from link and checks the validity. If it's valid it shows the form for
237 * changing the password and process the change of password after submit, if not valid it returns the error message
238 *
239 * @return string The content.
240 */
241 protected function changePassword() {
242
243 $subpartArray = $linkpartArray = array();
244 $done = false;
245
246 $minLength = intval($this->conf['newPasswordMinLength']) ? intval($this->conf['newPasswordMinLength']) : 6;
247
248 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_CHANGEPASSWORD###');
249
250 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('change_password_header', $this->conf['changePasswordHeader_stdWrap.']);
251 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText('change_password_message', $this->conf['changePasswordMessage_stdWrap.']), $minLength);
252
253 $markerArray['###BACKLINK_LOGIN###'] = '';
254 $uid = $this->piVars['user'];
255 $piHash = $this->piVars['forgothash'];
256
257 $hash = explode('|', $piHash);
258 if (intval($uid) == 0) {
259 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('change_password_notvalid_message', $this->conf['changePasswordMessage_stdWrap.']);
260 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
261 } else {
262 $user = $this->pi_getRecord('fe_users', intval($uid));
263 $userHash = $user['felogin_forgotHash'];
264 $compareHash = explode('|', $userHash);
265
266 if (!$compareHash || !$compareHash[1] || $compareHash[0] < time() || $hash[0] != $compareHash[0] || md5($hash[1]) != $compareHash[1]) {
267 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('change_password_notvalid_message',$this->conf['changePasswordMessage_stdWrap.']);
268 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
269 } else {
270 // all is fine, continue with new password
271 $postData = t3lib_div::_POST($this->prefixId);
272
273 if (isset($postData['changepasswordsubmit'])) {
274 if (strlen($postData['password1']) < $minLength) {
275 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText('change_password_tooshort_message', $this->conf['changePasswordMessage_stdWrap.']), $minLength);
276 } elseif ($postData['password1'] != $postData['password2']) {
277 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText('change_password_notequal_message', $this->conf['changePasswordMessage_stdWrap.']), $minLength);
278 } else {
279 $newPass = $postData['password1'];
280
281 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
282 $_params = array(
283 'user' => $user,
284 'newPassword' => $newPass,
285 );
286 foreach($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
287 if ($_funcRef) {
288 t3lib_div::callUserFunction($_funcRef, $_params, $this);
289 }
290 }
291 $newPass = $_params['newPassword'];
292 }
293
294 // save new password and clear DB-hash
295 $res = $GLOBALS['TYPO3_DB']->exec_UPDATEquery(
296 'fe_users',
297 'uid=' . $user['uid'],
298 array('password' => $newPass, 'felogin_forgotHash' => '')
299 );
300 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('change_password_done_message', $this->conf['changePasswordMessage_stdWrap.']);
301 $done = true;
302 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
303 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink($this->pi_getLL('ll_forgot_header_backToLogin', '', 1), array());
304 }
305 }
306
307 if (!$done) {
308 // Change password form
309 $markerArray['###ACTION_URI###'] = $this->pi_getPageLink($GLOBALS['TSFE']->id, '', array(
310 $this->prefixId . '[user]' => $user['uid'],
311 $this->prefixId . '[forgothash]' => $piHash
312 ));
313 $markerArray['###LEGEND###'] = $this->pi_getLL('change_password', '', 1);
314 $markerArray['###NEWPASSWORD1_LABEL###'] = $this->pi_getLL('newpassword_label1', '', 1);
315 $markerArray['###NEWPASSWORD2_LABEL###'] = $this->pi_getLL('newpassword_label2', '', 1);
316 $markerArray['###NEWPASSWORD1###'] = $this->prefixId . '[password1]';
317 $markerArray['###NEWPASSWORD2###'] = $this->prefixId . '[password2]';
318 $markerArray['###STORAGE_PID###'] = $this->spid;
319 $markerArray['###SEND_PASSWORD###'] = $this->pi_getLL('change_password', '', 1);
320 $markerArray['###FORGOTHASH###'] = $piHash;
321 }
322 }
323 }
324
325 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
326 }
327
328 /**
329 * generates a hashed link and send it with email
330 *
331 * @param array $user contains user data
332 * @return string Empty string with success, error message with no success
333 */
334 protected function generateAndSendHash($user) {
335 $hours = intval($this->conf['forgotLinkHashValidTime']) > 0 ? intval($this->conf['forgotLinkHashValidTime']) : 24;
336 $validEnd = time() + 3600 * $hours;
337 $validEndString = date($this->conf['dateFormat'], $validEnd);
338
339 $hash = md5(t3lib_div::generateRandomBytes(64));
340 $randHash = $validEnd . '|' . $hash;
341 $randHashDB = $validEnd . '|' . md5($hash);
342
343 //write hash to DB
344 $res = $GLOBALS['TYPO3_DB']->exec_UPDATEquery('fe_users', 'uid=' . $user['uid'], array('felogin_forgotHash' => $randHashDB));
345
346 // send hashlink to user
347 $this->conf['linkPrefix'] = -1;
348 $isAbsRelPrefix = !empty($GLOBALS['TSFE']->absRefPrefix);
349 $isBaseURL = !empty($GLOBALS['TSFE']->baseUrl);
350 $isFeloginBaseURL = !empty($this->conf['feloginBaseURL']);
351
352 if ($isFeloginBaseURL) {
353 // first priority
354 $this->conf['linkPrefix'] = $this->conf['feloginBaseURL'];
355 } else {
356 if ($isBaseURL) {
357 // 3rd priority
358 $this->conf['linkPrefix'] = $GLOBALS['TSFE']->baseUrl;
359 }
360 }
361
362 if ($this->conf['linkPrefix'] == -1 && !$isAbsRelPrefix) {
363 // no preix is set, return the error
364 return $this->pi_getLL('ll_change_password_nolinkprefix_message');
365 }
366
367 $link = ($isAbsRelPrefix ? '' : $this->conf['linkPrefix']) . $this->pi_getPageLink($GLOBALS['TSFE']->id, '', array(
368 $this->prefixId . '[user]' => $user['uid'],
369 $this->prefixId . '[forgothash]' => $randHash
370 ));
371
372 $msg = sprintf($this->pi_getLL('ll_forgot_validate_reset_password', '', 0), $user['username'], $link, $validEndString);
373
374 // no RDCT - Links for security reasons
375 $oldSetting = $GLOBALS['TSFE']->config['config']['notification_email_urlmode'];
376 $GLOBALS['TSFE']->config['config']['notification_email_urlmode'] = 0;
377 // send the email
378 $this->cObj->sendNotifyEmail($msg, $user['email'], '', $this->conf['email_from'], $this->conf['email_fromName'], $this->conf['replyTo']);
379 // restore settings
380 $GLOBALS['TSFE']->config['config']['notification_email_urlmode'] = $oldSetting;
381
382 return '';
383 }
384
385 /**
386 * Shows logout form
387 *
388 * @return string The content.
389 */
390 protected function showLogout() {
391 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGOUT###');
392 $subpartArray = $linkpartArray = array();
393
394 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('status_header',$this->conf['logoutHeader_stdWrap.']);
395 $markerArray['###STATUS_MESSAGE###']=$this->getDisplayText('status_message',$this->conf['logoutMessage_stdWrap.']);$this->cObj->stdWrap($this->flexFormValue('message','s_status'),$this->conf['logoutMessage_stdWrap.']);
396
397 $markerArray['###LEGEND###'] = $this->pi_getLL('logout', '', 1);
398 $markerArray['###ACTION_URI###'] = $this->getPageLink('',array(),true);
399 $markerArray['###LOGOUT_LABEL###'] = $this->pi_getLL('logout', '', 1);
400 $markerArray['###NAME###'] = htmlspecialchars($GLOBALS['TSFE']->fe_user->user['name']);
401 $markerArray['###STORAGE_PID###'] = $this->spid;
402 $markerArray['###USERNAME###'] = htmlspecialchars($GLOBALS['TSFE']->fe_user->user['username']);
403 $markerArray['###USERNAME_LABEL###'] = $this->pi_getLL('username', '', 1);
404 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
405 $markerArray['###PREFIXID###'] = $this->prefixId;
406 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
407
408 if ($this->redirectUrl) {
409 // use redirectUrl for action tag because of possible access restricted pages
410 $markerArray['###ACTION_URI###'] = htmlspecialchars($this->redirectUrl);
411 $this->redirectUrl = '';
412 }
413 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
414 }
415
416 /**
417 * Shows login form
418 *
419 * @return string content
420 */
421 protected function showLogin() {
422 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGIN###');
423 $subpartArray = $linkpartArray = array();
424
425 $gpRedirectUrl = '';
426
427 $markerArray['###LEGEND###'] = $this->pi_getLL('oLabel_header_welcome', '', 1);
428
429 if($this->logintype === 'login') {
430 if($this->userIsLoggedIn) {
431 // login success
432 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('success_header',$this->conf['successHeader_stdWrap.']);
433 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('success_message', $this->conf['successMessage_stdWrap.']);
434 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
435 $subpartArray['###LOGIN_FORM###'] = '';
436
437 // Hook for general actions after after login has been confirmed (by Thomas Danzl <thomas@danzl.org>)
438 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed']) {
439 $_params = array();
440 foreach($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed'] as $_funcRef) {
441 if ($_funcRef) {
442 t3lib_div::callUserFunction($_funcRef, $_params, $this);
443 }
444 }
445 }
446 // show logout form directly
447 if ($this->conf['showLogoutFormAfterLogin']) {
448 $this->redirectUrl = '';
449 return $this->showLogout();
450 }
451 } else {
452 // login error
453 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('error_header',$this->conf['errorHeader_stdWrap.']);
454 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('error_message',$this->conf['errorMessage_stdWrap.']);
455 $gpRedirectUrl = t3lib_div::_GP('redirect_url');
456 }
457 } else {
458 if($this->logintype === 'logout') {
459 // login form after logout
460 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('logout_header',$this->conf['welcomeHeader_stdWrap.']);
461 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('logout_message',$this->conf['welcomeMessage_stdWrap.']);
462 } else {
463 // login form
464 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('welcome_header',$this->conf['welcomeHeader_stdWrap.']);
465 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('welcome_message',$this->conf['welcomeMessage_stdWrap.']);
466 }
467 }
468
469
470 // Hook (used by kb_md5fepw extension by Kraft Bernhard <kraftb@gmx.net>)
471 // This hook allows to call User JS functions.
472 // The methods should also set the required JS functions to get included
473 $onSubmit = '';
474 $extraHidden = '';
475 $onSubmitAr = array();
476 $extraHiddenAr = array();
477
478 // check for referer redirect method. if present, save referer in form field
479 if (t3lib_div::inList($this->conf['redirectMode'], 'referer') || t3lib_div::inList($this->conf['redirectMode'], 'refererDomains')) {
480 $referer = $this->referer ? $this->referer : t3lib_div::getIndpEnv('HTTP_REFERER');
481 if ($referer) {
482 $extraHiddenAr[] = '<input type="hidden" name="referer" value="' . htmlspecialchars($referer) . '" />';
483 }
484 }
485
486 if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'])) {
487 $_params = array();
488 foreach($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] as $funcRef) {
489 list($onSub, $hid) = t3lib_div::callUserFunction($funcRef, $_params, $this);
490 $onSubmitAr[] = $onSub;
491 $extraHiddenAr[] = $hid;
492 }
493 }
494 if (count($onSubmitAr)) {
495 $onSubmit = implode('; ', $onSubmitAr).'; return true;';
496 }
497 if (count($extraHiddenAr)) {
498 $extraHidden = implode(LF, $extraHiddenAr);
499 }
500
501 if (!$gpRedirectUrl && $this->redirectUrl) {
502 $gpRedirectUrl = $this->redirectUrl;
503 }
504
505 // Login form
506 $markerArray['###ACTION_URI###'] = $this->getPageLink('',array(),true);
507 $markerArray['###EXTRA_HIDDEN###'] = $extraHidden; // used by kb_md5fepw extension...
508 $markerArray['###LEGEND###'] = $this->pi_getLL('login', '', 1);
509 $markerArray['###LOGIN_LABEL###'] = $this->pi_getLL('login', '', 1);
510 $markerArray['###ON_SUBMIT###'] = $onSubmit; // used by kb_md5fepw extension...
511 $markerArray['###PASSWORD_LABEL###'] = $this->pi_getLL('password', '', 1);
512 $markerArray['###STORAGE_PID###'] = $this->spid;
513 $markerArray['###USERNAME_LABEL###'] = $this->pi_getLL('username', '', 1);
514 $markerArray['###REDIRECT_URL###'] = htmlspecialchars($gpRedirectUrl);
515 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
516 $markerArray['###PREFIXID###'] = $this->prefixId;
517 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
518
519 if ($this->flexFormValue('showForgotPassword','sDEF') || $this->conf['showForgotPasswordLink']) {
520 $linkpartArray['###FORGOT_PASSWORD_LINK###'] = explode('|',$this->getPageLink('|',array($this->prefixId.'[forgot]'=>1)));
521 $markerArray['###FORGOT_PASSWORD###'] = $this->pi_getLL('ll_forgot_header', '', 1);
522 } else {
523 $subpartArray['###FORGOTP_VALID###'] = '';
524 }
525
526
527 // The permanent login checkbox should only be shown if permalogin is not deactivated (-1), not forced to be always active (2) and lifetime is greater than 0
528 if ($this->conf['showPermaLogin'] && t3lib_div::inList('0,1', $GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin']) && $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'] > 0) {
529 $markerArray['###PERMALOGIN###'] = $this->pi_getLL('permalogin', '', 1);
530 if($GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'] == 1) {
531 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = 'disabled="disabled"';
532 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = 'checked="checked"';
533 } else {
534 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = '';
535 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = '';
536 }
537 } else {
538 $subpartArray['###PERMALOGIN_VALID###'] = '';
539 }
540 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
541 }
542
543 /**
544 * Process redirect methods. The function searches for a redirect url using all configured methods.
545 *
546 * @return string redirect url
547 */
548 protected function processRedirect() {
549 $redirect_url = array();
550 if ($this->conf['redirectMode']) {
551 $redirectMethods = t3lib_div::trimExplode(',', $this->conf['redirectMode'], TRUE);
552 foreach ($redirectMethods as $redirMethod) {
553 if ($GLOBALS['TSFE']->loginUser && $this->logintype === 'login') {
554 // logintype is needed because the login-page wouldn't be accessible anymore after a login (would always redirect)
555 switch ($redirMethod) {
556 case 'groupLogin': // taken from dkd_redirect_at_login written by Ingmar Schlecht; database-field changed
557 $groupData = $GLOBALS['TSFE']->fe_user->groupData;
558 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
559 'felogin_redirectPid',
560 $GLOBALS['TSFE']->fe_user->usergroup_table,
561 'felogin_redirectPid!="" AND uid IN (' . implode(',', $groupData['uid']) . ')'
562 );
563 if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_row($res)) {
564 $redirect_url[] = $this->pi_getPageLink($row[0]); // take the first group with a redirect page
565 }
566 break;
567 case 'userLogin':
568 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
569 'felogin_redirectPid',
570 $GLOBALS['TSFE']->fe_user->user_table,
571 $GLOBALS['TSFE']->fe_user->userid_column . '=' . $GLOBALS['TSFE']->fe_user->user['uid'] . ' AND felogin_redirectPid!=""'
572 );
573 if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_row($res)) {
574 $redirect_url[] = $this->pi_getPageLink($row[0]);
575 }
576 break;
577 case 'login':
578 if ($this->conf['redirectPageLogin']) {
579 $redirect_url[] = $this->pi_getPageLink(intval($this->conf['redirectPageLogin']));
580 }
581 break;
582 case 'getpost':
583 $redirect_url[] = $this->redirectUrl;
584 break;
585 case 'referer':
586 // avoid forced logout, when trying to login immediatly after a logout
587 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $this->referer);
588 break;
589 case 'refererDomains':
590 // Auto redirect.
591 // Feature to redirect to the page where the user came from (HTTP_REFERER).
592 // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
593 // Thanks to plan2.net / Martin Kutschker for implementing this feature.
594 if ($this->conf['domains']) {
595 $url = $this->referer;
596 // is referring url allowed to redirect?
597 $match = array();
598 if (preg_match('/^http://([[:alnum:]._-]+)//', $url, $match)) {
599 $redirect_domain = $match[1];
600 $found = false;
601 foreach(t3lib_div::trimExplode(',', $this->conf['domains'], TRUE) as $d) {
602 if (preg_match('/(^|\.)/'.$d.'$', $redirect_domain)) {
603 $found = true;
604 break;
605 }
606 }
607 if (!$found) {
608 $url = '';
609 }
610 }
611
612 // Avoid forced logout, when trying to login immediatly after a logout
613 if ($url) {
614 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url);
615 }
616 }
617 break;
618 }
619 } else if ($this->logintype === 'login') { // after login-error
620 switch ($redirMethod) {
621 case 'loginError':
622 if ($this->conf['redirectPageLoginError']) {
623 $redirect_url[] = $this->pi_getPageLink(intval($this->conf['redirectPageLoginError']));
624 }
625 break;
626 }
627 } elseif (($this->logintype == '') && ($redirMethod == 'login') && $this->conf['redirectPageLogin']) {
628 // if login and page not accessible
629 $this->cObj->typolink('', array(
630 'parameter' => $this->conf['redirectPageLogin'],
631 'linkAccessRestrictedPages' => TRUE,
632 ));
633 $redirect_url[] = $this->cObj->lastTypoLinkUrl;
634
635 } elseif (($this->logintype == '') && ($redirMethod == 'logout') && $this->conf['redirectPageLogout'] && $GLOBALS['TSFE']->loginUser) {
636 // if logout and page not accessible
637 $redirect_url[] = $this->pi_getPageLink(intval($this->conf['redirectPageLogout']));
638
639 } elseif ($this->logintype === 'logout') { // after logout
640
641 // Hook for general actions after after logout has been confirmed
642 if ($this->logintype === 'logout' && $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed']) {
643 $_params = array();
644 foreach($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed'] as $_funcRef) {
645 if ($_funcRef) {
646 t3lib_div::callUserFunction($_funcRef, $_params, $this);
647 }
648 }
649 }
650
651 switch ($redirMethod) {
652 case 'logout':
653 if ($this->conf['redirectPageLogout']) {
654 $redirect_url[] = $this->pi_getPageLink(intval($this->conf['redirectPageLogout']));
655 }
656 break;
657 }
658 } else { // not logged in
659 // Placeholder for maybe future options
660 switch ($redirMethod) {
661 case 'getpost':
662 // preserve the get/post value
663 $redirect_url[] = $this->redirectUrl;
664 break;
665 }
666 }
667
668 }
669 }
670 // remove empty values
671 if (count($redirect_url)) {
672 return t3lib_div::trimExplode(',', implode(',', $redirect_url), TRUE);
673 } else {
674 return array();
675 }
676 }
677
678 /**
679 * Reads flexform configuration and merge it with $this->conf
680 *
681 * @return void
682 */
683 protected function mergeflexFormValuesIntoConf() {
684 $flex = array();
685 if ($this->flexFormValue('showForgotPassword', 'sDEF')) {
686 $flex['showForgotPassword'] = $this->flexFormValue('showForgotPassword','sDEF');
687 }
688
689 if ($this->flexFormValue('showPermaLogin', 'sDEF')) {
690 $flex['showPermaLogin'] = $this->flexFormValue('showPermaLogin', 'sDEF');
691 }
692
693 if ($this->flexFormValue('showLogoutFormAfterLogin', 'sDEF')) {
694 $flex['showLogoutFormAfterLogin'] = $this->flexFormValue('showLogoutFormAfterLogin', 'sDEF');
695 }
696
697 if ($this->flexFormValue('pages', 'sDEF')) {
698 $flex['pages'] = $this->flexFormValue('pages', 'sDEF');
699 }
700
701 if ($this->flexFormValue('recursive', 'sDEF')) {
702 $flex['recursive'] = $this->flexFormValue('recursive', 'sDEF');
703 }
704
705 if ($this->flexFormValue('templateFile', 'sDEF')) {
706 $flex['templateFile'] = $this->uploadDir . $this->flexFormValue('templateFile', 'sDEF');
707 }
708
709 if ($this->flexFormValue('redirectMode', 's_redirect')) {
710 $flex['redirectMode'] = $this->flexFormValue('redirectMode', 's_redirect');
711 }
712
713 if ($this->flexFormValue('redirectFirstMethod', 's_redirect')) {
714 $flex['redirectFirstMethod'] = $this->flexFormValue('redirectFirstMethod', 's_redirect');
715 }
716
717 if ($this->flexFormValue('redirectDisable', 's_redirect')) {
718 $flex['redirectDisable'] = $this->flexFormValue('redirectDisable', 's_redirect');
719 }
720
721 if ($this->flexFormValue('redirectPageLogin', 's_redirect')) {
722 $flex['redirectPageLogin'] = $this->flexFormValue('redirectPageLogin', 's_redirect');
723 }
724
725 if ($this->flexFormValue('redirectPageLoginError', 's_redirect')) {
726 $flex['redirectPageLoginError'] = $this->flexFormValue('redirectPageLoginError','s_redirect');
727 }
728
729 if ($this->flexFormValue('redirectPageLogout', 's_redirect')) {
730 $flex['redirectPageLogout'] = $this->flexFormValue('redirectPageLogout', 's_redirect');
731 }
732
733 $pid = $flex['pages'] ? $this->pi_getPidList($flex['pages'], $flex['recursive']) : 0;
734 if ($pid > 0) {
735 $flex['storagePid'] = $pid;
736 }
737
738 $this->conf = array_merge($this->conf, $flex);
739 }
740
741 /**
742 * Loads a variable from the flexform
743 *
744 * @param string name of variable
745 * @param string name of sheet
746 * @return string value of var
747 */
748 protected function flexFormValue($var, $sheet) {
749 return $this->pi_getFFvalue($this->cObj->data['pi_flexform'], $var,$sheet);
750 }
751
752 /**
753 * Generate link with typolink function
754 *
755 * @param string linktext
756 * @param array link vars
757 * @param boolean true: returns only url false (default) returns the link)
758 *
759 * @return string link or url
760 */
761 protected function getPageLink($label, $piVars,$returnUrl = false) {
762 $additionalParams = '';
763
764 if (count($piVars)) {
765 foreach($piVars as $key=>$val) {
766 $additionalParams .= '&' . $key . '=' . $val;
767 }
768 }
769 // should GETvars be preserved?
770 if ($this->conf['preserveGETvars']) {
771 $additionalParams .= $this->getPreserveGetVars();
772 }
773
774 $this->conf['linkConfig.']['parameter'] = $GLOBALS['TSFE']->id;
775 if ($additionalParams) {
776 $this->conf['linkConfig.']['additionalParams'] = $additionalParams;
777 }
778
779 if ($returnUrl) {
780 return htmlspecialchars($this->cObj->typolink_url($this->conf['linkConfig.']));
781 } else {
782 return $this->cObj->typolink($label,$this->conf['linkConfig.']);
783 }
784 }
785
786 /**
787 * Is used by TS-setting preserveGETvars
788 * possible values are "all" or a commaseperated list of GET-vars
789 * they are used as additionalParams for link generation
790 *
791 * @return string additionalParams-string
792 */
793 protected function getPreserveGetVars() {
794
795 $params = '';
796 $preserveVars =! ($this->conf['preserveGETvars'] || $this->conf['preserveGETvars']=='all' ? array() : implode(',', (array)$this->conf['preserveGETvars']));
797 $getVars = t3lib_div::_GET();
798
799 foreach ($getVars as $key => $val) {
800 if (stristr($key,$this->prefixId) === false) {
801 if (is_array($val)) {
802 foreach ($val as $key1 => $val1) {
803 if ($this->conf['preserveGETvars'] == 'all' || in_array($key . '[' . $key1 .']', $preserveVars)) {
804 $params .= '&' . $key . '[' . $key1 . ']=' . $val1;
805 }
806 }
807 } else {
808 if (!in_array($key, array('id','no_cache','logintype','redirect_url','cHash'))) {
809 $params .= '&' . $key . '=' . $val;
810 }
811 }
812 }
813 }
814 return $params;
815 }
816
817 /**
818 * Is used by forgot password - function with md5 option.
819 *
820 * @author Bernhard Kraft
821 *
822 * @param int length of new password
823 * @return string new password
824 */
825 protected function generatePassword($len) {
826 $pass = '';
827 while ($len--) {
828 $char = rand(0,35);
829 if ($char < 10) {
830 $pass .= '' . $char;
831 } else {
832 $pass .= chr($char - 10 + 97);
833 }
834 }
835 return $pass;
836 }
837
838 /**
839 * Returns the header / message value from flexform if present, else from locallang.xml
840 *
841 * @param string label name
842 * @param string TS stdWrap array
843 * @return string label text
844 */
845 protected function getDisplayText($label, $stdWrapArray=array()) {
846 $text = $this->flexFormValue($label, 's_messages') ? $this->cObj->stdWrap($this->flexFormValue($label, 's_messages'), $stdWrapArray) : $this->cObj->stdWrap($this->pi_getLL('ll_'.$label, '', 1), $stdWrapArray);
847 $replace = $this->getUserFieldMarkers();
848 return strtr($text, $replace);
849 }
850
851 /**
852 * Returns Array of markers filled with user fields
853 *
854 * @return array marker array
855 */
856 protected function getUserFieldMarkers() {
857 $marker = array();
858 // replace markers with fe_user data
859 if ($GLOBALS['TSFE']->fe_user->user) {
860 // all fields of fe_user will be replaced, scheme is ###FEUSER_FIELDNAME###
861 foreach ($GLOBALS['TSFE']->fe_user->user as $field => $value) {
862 $marker['###FEUSER_' . t3lib_div::strtoupper($field) . '###'] = $this->cObj->stdWrap($value, $this->conf['userfields.'][$field . '.']);
863 }
864 // add ###USER### for compatibility
865 $marker['###USER###'] = $marker['###FEUSER_USERNAME###'];
866 }
867 return $marker;
868 }
869
870 /**
871 * Returns a valid and XSS cleaned url for redirect, checked against configuration "allowedRedirectHosts"
872 *
873 * @param string $url
874 * @return string cleaned referer or empty string if not valid
875 */
876 protected function validateRedirectUrl($url) {
877 $url = strval($url);
878 if ($url === '') {
879 return '';
880 }
881
882 $decodedUrl = rawurldecode($url);
883 $sanitizedUrl = t3lib_div::removeXSS($decodedUrl);
884
885 if ($decodedUrl !== $sanitizedUrl || preg_match('#["<>\\\]+#', $url)) {
886 t3lib_div::sysLog(sprintf($this->pi_getLL('xssAttackDetected'), $url), 'felogin', t3lib_div::SYSLOG_SEVERITY_WARNING);
887 return '';
888 }
889
890 // Validate the URL:
891 if ($this->isRelativeUrl($url) || $this->isInCurrentDomain($url) || $this->isInLocalDomain($url)) {
892 return $url;
893 }
894
895 // URL is not allowed
896 t3lib_div::sysLog(sprintf($this->pi_getLL('noValidRedirectUrl'), $url), 'felogin', t3lib_div::SYSLOG_SEVERITY_WARNING);
897 return '';
898 }
899
900 /**
901 * Determines whether the URL is on the current host
902 * and belongs to the current TYPO3 installation.
903 *
904 * @param string $url URL to be checked
905 * @return boolean Whether the URL belongs to the current TYPO3 installation
906 */
907 protected function isInCurrentDomain($url) {
908 return (t3lib_div::isOnCurrentHost($url) && t3lib_div::isFirstPartOfStr($url, t3lib_div::getIndpEnv('TYPO3_SITE_URL')));
909 }
910
911 /**
912 * Determines whether the URL matches a domain
913 * in the sys_domain databse table.
914 *
915 * @param string $url Absolute URL which needs to be checked
916 * @return boolean Whether the URL is considered to be local
917 */
918 protected function isInLocalDomain($url) {
919 $result = FALSE;
920
921 if (t3lib_div::isValidUrl($url)) {
922 $parsedUrl = parse_url($url);
923 if ($parsedUrl['scheme'] === 'http' || $parsedUrl['scheme'] === 'https' ) {
924 $host = $parsedUrl['host'];
925 // Removes the last path segment and slash sequences like /// (if given):
926 $path = preg_replace('#/+[^/]*$#', '', $parsedUrl['path']);
927
928 $localDomains = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows(
929 'domainName',
930 'sys_domain',
931 '1=1' . $this->cObj->enableFields('sys_domain')
932 );
933 if (is_array($localDomains)) {
934 foreach ($localDomains as $localDomain) {
935 // strip trailing slashes (if given)
936 $domainName = rtrim($localDomain['domainName'], '/');
937 if (t3lib_div::isFirstPartOfStr($host. $path . '/', $domainName . '/')) {
938 $result = TRUE;
939 break;
940 }
941 }
942 }
943 }
944 }
945 return $result;
946 }
947
948 /**
949 * Determines wether the URL is relative to the
950 * current TYPO3 installation.
951 *
952 * @param string $url URL which needs to be checked
953 * @return boolean Whether the URL is considered to be relative
954 */
955 protected function isRelativeUrl($url) {
956 $parsedUrl = @parse_url($url);
957 if ($parsedUrl !== FALSE && !isset($parsedUrl['scheme']) && !isset($parsedUrl['host'])) {
958 // If the relative URL starts with a slash, we need to check if it's within the current site path
959 return (!t3lib_div::isFirstPartOfStr($parsedUrl['path'], '/') || t3lib_div::isFirstPartOfStr($parsedUrl['path'], t3lib_div::getIndpEnv('TYPO3_SITE_PATH')));
960 }
961 return FALSE;
962 }
963 }
964
965
966
967 if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/felogin/pi1/class.tx_felogin_pi1.php'])) {
968 include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/felogin/pi1/class.tx_felogin_pi1.php']);
969 }
970
971 ?>