[BUGFIX] Check default salting method first
[Packages/TYPO3.CMS.git] / typo3 / sysext / saltedpasswords / Classes / Utility / SaltedPasswordsUtility.php
1 <?php
2 namespace TYPO3\CMS\Saltedpasswords\Utility;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) Marcus Krause (marcus#exp2009@t3sec.info)
8 * (c) Steffen Ritter (info@rs-websystems.de)
9 * All rights reserved
10 *
11 * This script is part of the TYPO3 project. The TYPO3 project is
12 * free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
16 *
17 * The GNU General Public License can be found at
18 * http://www.gnu.org/copyleft/gpl.html.
19 * A copy is found in the text file GPL.txt and important notices to the license
20 * from the author is found in LICENSE.txt distributed with these scripts.
21 *
22 *
23 * This script is distributed in the hope that it will be useful,
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
26 * GNU General Public License for more details.
27 *
28 * This copyright notice MUST APPEAR in all copies of the script!
29 ***************************************************************/
30
31 /**
32 * General library class.
33 *
34 * @author Marcus Krause <marcus#exp2009@t3sec.info>
35 * @author Steffen Ritter <info@rs-websystems.de>
36 */
37 class SaltedPasswordsUtility {
38
39 /**
40 * Keeps this extension's key.
41 */
42 const EXTKEY = 'saltedpasswords';
43
44 /**
45 * Calculates number of backend users, who have no saltedpasswords
46 * protection.
47 *
48 * @return integer
49 */
50 static public function getNumberOfBackendUsersWithInsecurePassword() {
51 $userCount = $GLOBALS['TYPO3_DB']->exec_SELECTcountRows(
52 '*',
53 'be_users',
54 'password != ""'
55 . ' AND password NOT LIKE ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('$%', 'be_users')
56 . ' AND password NOT LIKE ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('M$%', 'be_users')
57 );
58 return $userCount;
59 }
60
61 /**
62 * Returns extension configuration data from $TYPO3_CONF_VARS (configurable in Extension Manager)
63 *
64 * @author Rainer Kuhn <kuhn@punkt.de>
65 * @author Marcus Krause <marcus#exp2009@t3sec.info>
66 * @param string $mode TYPO3_MODE, whether Configuration for Frontend or Backend should be delivered
67 * @return array Extension configuration data
68 */
69 static public function returnExtConf($mode = TYPO3_MODE) {
70 $currentConfiguration = self::returnExtConfDefaults();
71 if (isset($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'])) {
72 $extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords']);
73 // Merge default configuration with modified configuration:
74 if (isset($extensionConfiguration[$mode . '.'])) {
75 $currentConfiguration = array_merge($currentConfiguration, $extensionConfiguration[$mode . '.']);
76 }
77 }
78 return $currentConfiguration;
79 }
80
81 /**
82 * Hook function for felogin "forgotPassword" functionality
83 * encrypts the new password before storing in database
84 *
85 * @param array $params Parameter the hook delivers
86 * @param \TYPO3\CMS\Felogin\Controller\FrontendLoginController $pObj Parent Object from which the hook is called
87 * @return void
88 */
89 public function feloginForgotPasswordHook(array &$params, \TYPO3\CMS\Felogin\Controller\FrontendLoginController $pObj) {
90 if (self::isUsageEnabled('FE')) {
91 $objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance();
92 $params['newPassword'] = $objInstanceSaltedPW->getHashedPassword($params['newPassword']);
93 }
94 }
95
96 /**
97 * Returns default configuration of this extension.
98 *
99 * @return array Default extension configuration data for localconf.php
100 */
101 static public function returnExtConfDefaults() {
102 return array(
103 'onlyAuthService' => '0',
104 'forceSalted' => '0',
105 'updatePasswd' => '1',
106 'saltedPWHashingMethod' => 'TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt',
107 'enabled' => '1'
108 );
109 }
110
111 /**
112 * Function determines the default(=configured) type of
113 * salted hashing method to be used.
114 *
115 * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
116 * @return string Classname of object to be used
117 */
118 static public function getDefaultSaltingHashingMethod($mode = TYPO3_MODE) {
119 $extConf = self::returnExtConf($mode);
120 $classNameToUse = 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt';
121 if (in_array($extConf['saltedPWHashingMethod'], array_keys(\TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getRegisteredSaltedHashingMethods()))) {
122 $classNameToUse = $extConf['saltedPWHashingMethod'];
123 }
124 return $classNameToUse;
125 }
126
127 /**
128 * Returns information if salted password hashes are
129 * indeed used in the TYPO3_MODE.
130 *
131 * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
132 * @return boolean TRUE, if salted password hashes are used in the TYPO3_MODE, otherwise FALSE
133 */
134 static public function isUsageEnabled($mode = TYPO3_MODE) {
135 // Login Security Level Recognition
136 $extConf = self::returnExtConf($mode);
137 $securityLevel = $GLOBALS['TYPO3_CONF_VARS'][$mode]['loginSecurityLevel'];
138 if ($mode == 'BE') {
139 return TRUE;
140 } elseif ($mode == 'FE' && $extConf['enabled']) {
141 return \TYPO3\CMS\Core\Utility\GeneralUtility::inList('normal,rsa', $securityLevel);
142 }
143 return FALSE;
144 }
145
146 }