Fixed bug #16574: PHP notices from XCLASS inclusions
[Packages/TYPO3.CMS.git] / typo3 / sysext / sv / class.tx_sv_loginformhook.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2009-2010 Dmitry Dulepov <dmitry@typo3.org>
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 *
17 * This script is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
21 *
22 * This copyright notice MUST APPEAR in all copies of the script!
23 ***************************************************************/
24
25 /**
26 * [CLASS/FUNCTION INDEX of SCRIPT]
27 *
28 * $Id$
29 */
30
31
32 /**
33 * This class contains a BE login form hook. It adds all necessary JavaScript
34 * for the superchallenged authentication.
35 *
36 * @author Dmitry Dulepov <dmitry@typo3.org>
37 * @package TYPO3
38 * @subpackage tx_sv
39 */
40 class tx_sv_loginformhook {
41
42 /**
43 * Provides form code for the superchallenged authentication.
44 *
45 * @param array $params Parameters to the script
46 * @param SC_index $pObj Calling object
47 * @return string The code for the login form
48 */
49 public function getLoginFormTag(array $params, SC_index &$pObj) {
50 // Get the code according to the login level
51 switch ($pObj->loginSecurityLevel) {
52 case 'challenged':
53 case 'superchallenged':
54 $_SESSION['login_challenge'] = $this->getChallenge();
55 $content = '<form action="index.php" method="post" name="loginform" ' .
56 'onsubmit="doChallengeResponse(' .
57 ($pObj->loginSecurityLevel == 'challenged' ? 0 : 1) . ');">' .
58 '<input type="hidden" name="challenge" value="' .
59 htmlspecialchars($_SESSION['login_challenge']) . '" />';
60 break;
61 case 'normal':
62 $content = '<form action="index.php" method="post" name="loginform" onsubmit="document.loginform.userident.value=document.loginform.p_field.value;document.loginform.p_field.value=\'\';return true;">';
63 break;
64 default:
65 // No code for unknown level!
66 $content = '';
67 }
68
69 return $content;
70 }
71
72 /**
73 * Provides form code for the superchallenged authentication.
74 *
75 * @param array $params Parameters to the script
76 * @param SC_index $pObj Calling object
77 * @return string The code for the login form
78 */
79 public function getLoginScripts(array $params, SC_index &$pObj) {
80 $content = '';
81
82 if ($pObj->loginSecurityLevel == 'superchallenged' ||
83 $pObj->loginSecurityLevel == 'challenged') {
84 $content = '
85 <script type="text/javascript" src="md5.js"></script>
86 ' . $GLOBALS['TBE_TEMPLATE']->wrapScriptTags('
87 function doChallengeResponse(superchallenged) { //
88 password = document.loginform.p_field.value;
89 if (password) {
90 if (superchallenged) {
91 password = MD5(password); // this makes it superchallenged!!
92 }
93 str = document.loginform.username.value+":"+password+":"+document.loginform.challenge.value;
94 document.loginform.userident.value = MD5(str);
95 document.loginform.p_field.value = "";
96 return true;
97 }
98 }
99 ');
100 }
101
102 return $content;
103 }
104
105
106 /**
107 * Create a random challenge string
108 *
109 * @return string Challenge value
110 */
111 protected function getChallenge() {
112 $challenge = md5(uniqid('') . getmypid());
113 return $challenge;
114 }
115
116 }
117
118 if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/sv/class.tx_sv_loginformhook.php'])) {
119 include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/sv/class.tx_sv_loginformhook.php']);
120 }
121
122 ?>