[TASK] Re-work/simplify copyright header in PHP files - Part 9
[Packages/TYPO3.CMS.git] / typo3 / sysext / sv / Classes / LoginFormHook.php
1 <?php
2 namespace TYPO3\CMS\Sv;
3
4 /**
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16 /**
17 * This class contains a BE login form hook. It adds all necessary JavaScript
18 * for the superchallenged authentication.
19 *
20 * @author Dmitry Dulepov <dmitry@typo3.org>
21 */
22 class LoginFormHook {
23
24 /**
25 * Provides form code for the superchallenged authentication.
26 *
27 * @param array $params Parameters to the script
28 * @param \TYPO3\CMS\Backend\Controller\LoginController $pObj Calling object
29 * @return string The code for the login form
30 */
31 public function getLoginFormTag(array $params, \TYPO3\CMS\Backend\Controller\LoginController &$pObj) {
32 // Get the code according to the login level
33 switch ($pObj->loginSecurityLevel) {
34 case 'challenged':
35
36 case 'superchallenged':
37 $_SESSION['login_challenge'] = $this->getChallenge();
38 $content = '<form action="index.php" method="post" name="loginform" ' . 'onsubmit="doChallengeResponse(' . ($pObj->loginSecurityLevel == 'challenged' ? 0 : 1) . ');">' . '<input type="hidden" name="challenge" value="' . htmlspecialchars($_SESSION['login_challenge']) . '" />';
39 break;
40 case 'normal':
41 $content = '<form action="index.php" method="post" name="loginform" onsubmit="document.loginform.userident.value=document.loginform.p_field.value;document.loginform.p_field.value=\'\';return true;">';
42 break;
43 default:
44 // No code for unknown level!
45 $content = '';
46 }
47 return $content;
48 }
49
50 /**
51 * Provides form code for the superchallenged authentication.
52 *
53 * @param array $params Parameters to the script
54 * @param \TYPO3\CMS\Backend\Controller\LoginController $pObj Calling object
55 * @return string The code for the login form
56 */
57 public function getLoginScripts(array $params, \TYPO3\CMS\Backend\Controller\LoginController &$pObj) {
58 $content = '';
59 if ($pObj->loginSecurityLevel == 'superchallenged' || $pObj->loginSecurityLevel == 'challenged') {
60 $content = '
61 <script type="text/javascript" src="sysext/backend/Resources/Public/JavaScript/md5.js"></script>
62 ' . $GLOBALS['TBE_TEMPLATE']->wrapScriptTags('
63 function doChallengeResponse(superchallenged) { //
64 password = document.loginform.p_field.value;
65 if (password) {
66 if (superchallenged) {
67 password = MD5(password); // this makes it superchallenged!!
68 }
69 str = document.loginform.username.value+":"+password+":"+document.loginform.challenge.value;
70 document.loginform.userident.value = MD5(str);
71 document.loginform.p_field.value = "";
72 return true;
73 }
74 }
75 ');
76 }
77 return $content;
78 }
79
80 /**
81 * Create a random challenge string
82 *
83 * @return string Challenge value
84 */
85 protected function getChallenge() {
86 $challenge = md5(uniqid('') . getmypid());
87 return $challenge;
88 }
89
90 }