380be5b468e6538a081edd43f5fdf57518e2ad8b
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Controller / LoginController.php
1 <?php
2 namespace TYPO3\CMS\Backend\Controller;
3
4 /**
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Backend\Utility\BackendUtility;
18 use TYPO3\CMS\Backend\Utility\IconUtility;
19 use TYPO3\CMS\Core\Html\HtmlParser;
20 use TYPO3\CMS\Core\Messaging\FlashMessage;
21 use TYPO3\CMS\Core\Utility\GeneralUtility;
22 use TYPO3\CMS\Core\Utility\HttpUtility;
23
24 /**
25 * Script Class for rendering the login form
26 *
27 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
28 */
29 class LoginController {
30
31 const SIGNAL_RenderLoginForm = 'renderLoginForm';
32
33 // Internal, GPvars:
34 // GPvar: redirect_url; The URL to redirect to after login.
35 /**
36 * @todo Define visibility
37 */
38 public $redirect_url;
39
40 // GPvar: Defines which interface to load (from interface selector)
41 /**
42 * @todo Define visibility
43 */
44 public $GPinterface;
45
46 // GPvar: preset username
47 /**
48 * @todo Define visibility
49 */
50 public $u;
51
52 // GPvar: preset password
53 /**
54 * @todo Define visibility
55 */
56 public $p;
57
58 /**
59 * OpenID URL submitted by form
60 */
61 protected $openIdUrl;
62
63 // GPvar: If "L" is "OUT", then any logged in used is logged out. If redirect_url is given, we redirect to it
64 /**
65 * @todo Define visibility
66 */
67 public $L;
68
69 // Login-refresh boolean; The backend will call this script with this value set when the login is close to being expired and the form needs to be redrawn.
70 /**
71 * @todo Define visibility
72 */
73 public $loginRefresh;
74
75 // Value of forms submit button for login.
76 /**
77 * @todo Define visibility
78 */
79 public $commandLI;
80
81 // Internal, static:
82 // Set to the redirect URL of the form (may be redirect_url or "backend.php")
83 /**
84 * @todo Define visibility
85 */
86 public $redirectToURL;
87
88 // Internal, dynamic:
89 // Content accumulation
90 /**
91 * @todo Define visibility
92 */
93 public $content;
94
95 // A selector box for selecting value for "interface" may be rendered into this variable
96 /**
97 * @todo Define visibility
98 */
99 public $interfaceSelector;
100
101 // A selector box for selecting value for "interface" may be rendered into this variable
102 // this will have an onchange action which will redirect the user to the selected interface right away
103 /**
104 * @todo Define visibility
105 */
106 public $interfaceSelector_jump;
107
108 // A hidden field, if the interface is not set.
109 /**
110 * @todo Define visibility
111 */
112 public $interfaceSelector_hidden;
113
114 // Additional hidden fields to be placed at the login form
115 /**
116 * @todo Define visibility
117 */
118 public $addFields_hidden = '';
119
120 // sets the level of security. *'normal' = clear-text. 'challenged' = hashed
121 // password/username from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username.
122 /**
123 * @todo Define visibility
124 */
125 public $loginSecurityLevel = 'superchallenged';
126
127 /**
128 * @var \TYPO3\CMS\Extbase\SignalSlot\Dispatcher
129 */
130 protected $signalSlotDispatcher;
131
132 /**
133 * Constructor
134 */
135 public function __construct() {
136 $this->init();
137 }
138
139 /**
140 * Initialize the login box. Will also react on a &L=OUT flag and exit.
141 *
142 * @return void
143 * @todo Define visibility
144 */
145 public function init() {
146 // We need a PHP session session for most login levels
147 session_start();
148 $this->redirect_url = GeneralUtility::sanitizeLocalUrl(GeneralUtility::_GP('redirect_url'));
149 $this->GPinterface = GeneralUtility::_GP('interface');
150 // Grabbing preset username and password, for security reasons this feature only works if SSL is used
151 if (GeneralUtility::getIndpEnv('TYPO3_SSL')) {
152 $this->u = GeneralUtility::_GP('u');
153 $this->p = GeneralUtility::_GP('p');
154 $this->openIdUrl = GeneralUtility::_GP('openid_url');
155 }
156 // If "L" is "OUT", then any logged in is logged out. If redirect_url is given, we redirect to it
157 $this->L = GeneralUtility::_GP('L');
158 // Login
159 $this->loginRefresh = GeneralUtility::_GP('loginRefresh');
160 // Value of "Login" button. If set, the login button was pressed.
161 $this->commandLI = GeneralUtility::_GP('commandLI');
162 // Sets the level of security from conf vars
163 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel']) {
164 $this->loginSecurityLevel = $GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'];
165 }
166 // Try to get the preferred browser language
167 $preferredBrowserLanguage = $GLOBALS['LANG']->csConvObj->getPreferredClientLanguage(GeneralUtility::getIndpEnv('HTTP_ACCEPT_LANGUAGE'));
168 // If we found a $preferredBrowserLanguage and it is not the default language and no be_user is logged in
169 // initialize $GLOBALS['LANG'] again with $preferredBrowserLanguage
170 if ($preferredBrowserLanguage !== 'default' && empty($GLOBALS['BE_USER']->user['uid'])) {
171 $GLOBALS['LANG']->init($preferredBrowserLanguage);
172 }
173 $GLOBALS['LANG']->includeLLFile('EXT:lang/locallang_login.xlf');
174 // Setting the redirect URL to "backend.php" if no alternative input is given
175 $this->redirectToURL = $this->redirect_url ?: 'backend.php';
176 // Do a logout if the command is set
177 if ($this->L == 'OUT' && is_object($GLOBALS['BE_USER'])) {
178 $GLOBALS['BE_USER']->logoff();
179 if ($this->redirect_url) {
180 HttpUtility::redirect($this->redirect_url);
181 }
182 die;
183 }
184 }
185
186 /**
187 * Main function - creating the login/logout form
188 *
189 * @return void
190 * @todo Define visibility
191 */
192 public function main() {
193 // Initialize template object:
194 $GLOBALS['TBE_TEMPLATE']->bodyTagAdditions = ' onload="startUp();"';
195 $GLOBALS['TBE_TEMPLATE']->moduleTemplate = $GLOBALS['TBE_TEMPLATE']->getHtmlTemplate('EXT:backend/Resources/Private/Templates/login.html');
196 /** @var $pageRenderer \TYPO3\CMS\Core\Page\PageRenderer */
197 $pageRenderer = $GLOBALS['TBE_TEMPLATE']->getPageRenderer();
198 $pageRenderer->loadExtJS();
199 $pageRenderer->loadPrototype();
200 $pageRenderer->loadScriptaculous();
201 // Set JavaScript for creating a MD5 hash of the password:
202 $GLOBALS['TBE_TEMPLATE']->JScode .= $this->getJScode();
203 // Checking, if we should make a redirect.
204 // Might set JavaScript in the header to close window.
205 $this->checkRedirect();
206 // Initialize interface selectors:
207 $this->makeInterfaceSelectorBox();
208 // Creating form based on whether there is a login or not:
209 if (empty($GLOBALS['BE_USER']->user['uid'])) {
210 $GLOBALS['TBE_TEMPLATE']->form = $this->startForm();
211 $loginForm = $this->makeLoginForm();
212 } else {
213 $GLOBALS['TBE_TEMPLATE']->form = '
214 <form action="index.php" method="post" name="loginform">
215 <input type="hidden" name="login_status" value="logout" />
216 ';
217 $loginForm = $this->makeLogoutForm();
218 }
219 // Starting page:
220 $this->content .= $GLOBALS['TBE_TEMPLATE']->startPage('TYPO3 CMS Login: ' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], FALSE);
221 // Add login form:
222 $this->content .= $this->wrapLoginForm($loginForm);
223 $this->content .= $GLOBALS['TBE_TEMPLATE']->endPage();
224 }
225
226 /**
227 * Outputting the accumulated content to screen
228 *
229 * @return void
230 * @todo Define visibility
231 */
232 public function printContent() {
233 echo $this->content;
234 }
235
236 /*****************************
237 *
238 * Various functions
239 *
240 ******************************/
241 /**
242 * Creates the login form
243 * This is drawn when NO login exists.
244 *
245 * @return string HTML output
246 * @todo Define visibility
247 */
248 public function makeLoginForm() {
249 $content = HtmlParser::getSubpart($GLOBALS['TBE_TEMPLATE']->moduleTemplate, '###LOGIN_FORM###');
250 $markers = array(
251 'VALUE_USERNAME' => htmlspecialchars($this->u),
252 'VALUE_PASSWORD' => htmlspecialchars($this->p),
253 'VALUE_OPENID_URL' => htmlspecialchars($this->openIdUrl),
254 'VALUE_SUBMIT' => $GLOBALS['LANG']->getLL('labels.submitLogin', TRUE)
255 );
256 // Show an error message if the login command was successful already, otherwise remove the subpart
257 if (!$this->isLoginInProgress()) {
258 $content = HtmlParser::substituteSubpart($content, '###LOGIN_ERROR###', '');
259 } else {
260 $markers['ERROR_MESSAGE'] = $GLOBALS['LANG']->getLL('error.login', TRUE);
261 $markers['ERROR_LOGIN_TITLE'] = $GLOBALS['LANG']->getLL('error.login.title', TRUE);
262 $markers['ERROR_LOGIN_DESCRIPTION'] = $GLOBALS['LANG']->getLL('error.login.description', TRUE);
263 }
264 // Remove the interface selector markers if it's not available
265 if (!($this->interfaceSelector && !$this->loginRefresh)) {
266 $content = HtmlParser::substituteSubpart($content, '###INTERFACE_SELECTOR###', '');
267 } else {
268 $markers['LABEL_INTERFACE'] = $GLOBALS['LANG']->getLL('labels.interface', TRUE);
269 $markers['VALUE_INTERFACE'] = $this->interfaceSelector;
270 }
271 return HtmlParser::substituteMarkerArray($content, $markers, '###|###');
272 }
273
274 /**
275 * Creates the logout form
276 * This is drawn if a user login already exists.
277 *
278 * @return string HTML output
279 * @todo Define visibility
280 */
281 public function makeLogoutForm() {
282 $content = HtmlParser::getSubpart($GLOBALS['TBE_TEMPLATE']->moduleTemplate, '###LOGOUT_FORM###');
283 $markers = array(
284 'LABEL_USERNAME' => $GLOBALS['LANG']->getLL('labels.username', TRUE),
285 'VALUE_USERNAME' => htmlspecialchars($GLOBALS['BE_USER']->user['username']),
286 'VALUE_SUBMIT' => $GLOBALS['LANG']->getLL('labels.submitLogout', TRUE)
287 );
288 // Remove the interface selector markers if it's not available
289 if (!$this->interfaceSelector_jump) {
290 $content = HtmlParser::substituteSubpart($content, '###INTERFACE_SELECTOR###', '');
291 } else {
292 $markers['LABEL_INTERFACE'] = $GLOBALS['LANG']->getLL('labels.interface', TRUE);
293 $markers['VALUE_INTERFACE'] = $this->interfaceSelector_jump;
294 }
295 return HtmlParser::substituteMarkerArray($content, $markers, '###|###');
296 }
297
298 /**
299 * Wrapping the login form table in another set of tables etc:
300 *
301 * @param string $content HTML content for the login form
302 * @return string The HTML for the page.
303 * @todo Define visibility
304 */
305 public function wrapLoginForm($content) {
306 $mainContent = HtmlParser::getSubpart($GLOBALS['TBE_TEMPLATE']->moduleTemplate, '###PAGE###');
307 if ($GLOBALS['TBE_STYLES']['logo_login']) {
308 $logo = '<img src="' . htmlspecialchars(($GLOBALS['BACK_PATH'] . $GLOBALS['TBE_STYLES']['logo_login'])) . '" alt="" class="t3-login-logo" />';
309 } else {
310 $logo = '<img' . IconUtility::skinImg($GLOBALS['BACK_PATH'], 'gfx/typo3logo.gif', 'width="123" height="34"') . ' alt="" class="t3-login-logo" />';
311 }
312 /** @var $browserWarning \TYPO3\CMS\Core\Messaging\FlashMessage */
313 $browserWarning = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $GLOBALS['LANG']->getLL('warning.incompatibleBrowser') . ' ' . $GLOBALS['LANG']->getLL('warning.incompatibleBrowserInternetExplorer'), $GLOBALS['LANG']->getLL('warning.incompatibleBrowserHeadline'), FlashMessage::ERROR);
314 $browserWarning = $browserWarning->render();
315 $additionalCssClasses = array();
316 if ($this->isLoginInProgress()) {
317 $additionalCssClasses[] = 'error';
318 }
319 if ($this->loginRefresh) {
320 $additionalCssClasses[] = 'refresh';
321 }
322 $markers = array(
323 'LOGO' => $logo,
324 'LOGINBOX_IMAGE' => '',
325 'FORM' => $content,
326 'NEWS' => $this->makeLoginNews(),
327 'COPYRIGHT' => BackendUtility::TYPO3_copyRightNotice($GLOBALS['TYPO3_CONF_VARS']['SYS']['loginCopyrightShowVersion']),
328 'CSS_CLASSES' => !empty($additionalCssClasses) ? 'class="' . implode(' ', $additionalCssClasses) . '"' : '',
329 'CSS_OPENIDCLASS' => 't3-login-openid-' . (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('openid') ? 'enabled' : 'disabled'),
330 // The labels will be replaced later on, thus the other parts above
331 // can use these markers as well and it will be replaced
332 'HEADLINE' => $GLOBALS['LANG']->getLL('headline', TRUE),
333 'INFO_ABOUT' => $GLOBALS['LANG']->getLL('info.about', TRUE),
334 'INFO_RELOAD' => $GLOBALS['LANG']->getLL('info.reset', TRUE),
335 'INFO' => $GLOBALS['LANG']->getLL('info.cookies_and_js', TRUE),
336 'WARNING_BROWSER_INCOMPATIBLE' => $browserWarning,
337 'ERROR_JAVASCRIPT' => $GLOBALS['LANG']->getLL('error.javascript', TRUE),
338 'ERROR_COOKIES' => $GLOBALS['LANG']->getLL('error.cookies', TRUE),
339 'ERROR_COOKIES_IGNORE' => $GLOBALS['LANG']->getLL('error.cookies_ignore', TRUE),
340 'ERROR_CAPSLOCK' => $GLOBALS['LANG']->getLL('error.capslock', TRUE),
341 'ERROR_FURTHERHELP' => $GLOBALS['LANG']->getLL('error.furtherInformation', TRUE),
342 'LABEL_DONATELINK' => $GLOBALS['LANG']->getLL('labels.donate', TRUE),
343 'LABEL_USERNAME' => $GLOBALS['LANG']->getLL('labels.username', TRUE),
344 'LABEL_OPENID' => $GLOBALS['LANG']->getLL('labels.openId', TRUE),
345 'LABEL_PASSWORD' => $GLOBALS['LANG']->getLL('labels.password', TRUE),
346 'LABEL_WHATISOPENID' => $GLOBALS['LANG']->getLL('labels.whatIsOpenId', TRUE),
347 'LABEL_SWITCHOPENID' => $GLOBALS['LANG']->getLL('labels.switchToOpenId', TRUE),
348 'LABEL_SWITCHDEFAULT' => $GLOBALS['LANG']->getLL('labels.switchToDefault', TRUE),
349 'CLEAR' => $GLOBALS['LANG']->getLL('clear', TRUE),
350 'LOGIN_PROCESS' => $GLOBALS['LANG']->getLL('login_process', TRUE),
351 'SITELINK' => '<a href="/">###SITENAME###</a>',
352 // Global variables will now be replaced (at last)
353 'SITENAME' => htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'])
354 );
355 $markers = $this->emitRenderLoginFormSignal($markers);
356 return HtmlParser::substituteMarkerArray($mainContent, $markers, '###|###');
357 }
358
359 /**
360 * Checking, if we should perform some sort of redirection OR closing of windows.
361 *
362 * @return void
363 * @todo Define visibility
364 */
365 public function checkRedirect() {
366 // Do redirect:
367 // If a user is logged in AND a) if either the login is just done (isLoginInProgress) or b) a loginRefresh is done or c) the interface-selector is NOT enabled (If it is on the other hand, it should not just load an interface, because people has to choose then...)
368 if (!empty($GLOBALS['BE_USER']->user['uid']) && ($this->isLoginInProgress() || $this->loginRefresh || !$this->interfaceSelector)) {
369 // If no cookie has been set previously we tell people that this is a problem. This assumes that a cookie-setting script (like this one) has been hit at least once prior to this instance.
370 if (!$_COOKIE[\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName()]) {
371 if ($this->commandLI == 'setCookie') {
372 // we tried it a second time but still no cookie
373 // 26/4 2005: This does not work anymore, because the saving of challenge values in $_SESSION means the system will act as if the password was wrong.
374 throw new \RuntimeException('Login-error: Yeah, that\'s a classic. No cookies, no TYPO3.<br /><br />Please accept cookies from TYPO3 - otherwise you\'ll not be able to use the system.', 1294586846);
375 } else {
376 // try it once again - that might be needed for auto login
377 $this->redirectToURL = 'index.php?commandLI=setCookie';
378 }
379 }
380 if ($redirectToURL = (string) $GLOBALS['BE_USER']->getTSConfigVal('auth.BE.redirectToURL')) {
381 $this->redirectToURL = $redirectToURL;
382 $this->GPinterface = '';
383 }
384 // store interface
385 $GLOBALS['BE_USER']->uc['interfaceSetup'] = $this->GPinterface;
386 $GLOBALS['BE_USER']->writeUC();
387 // Based on specific setting of interface we set the redirect script:
388 switch ($this->GPinterface) {
389 case 'backend':
390
391 case 'backend_old':
392 $this->redirectToURL = 'backend.php';
393 break;
394 case 'frontend':
395 $this->redirectToURL = '../';
396 break;
397 }
398 /** @var $formProtection \TYPO3\CMS\Core\FormProtection\BackendFormProtection */
399 $formProtection = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get();
400 // If there is a redirect URL AND if loginRefresh is not set...
401 if (!$this->loginRefresh) {
402 $formProtection->storeSessionTokenInRegistry();
403 HttpUtility::redirect($this->redirectToURL);
404 } else {
405 $formProtection->setSessionTokenFromRegistry();
406 $formProtection->persistSessionToken();
407 $GLOBALS['TBE_TEMPLATE']->JScode .= $GLOBALS['TBE_TEMPLATE']->wrapScriptTags('
408 if (parent.opener && (parent.opener.busy || parent.opener.TYPO3.loginRefresh)) {
409 if (parent.opener.TYPO3.loginRefresh) {
410 parent.opener.TYPO3.loginRefresh.startTimer();
411 } else {
412 parent.opener.busy.loginRefreshed();
413 }
414 parent.close();
415 }
416 ');
417 }
418 } elseif (empty($GLOBALS['BE_USER']->user['uid']) && $this->isLoginInProgress()) {
419 // Wrong password, wait for 5 seconds
420 sleep(5);
421 }
422 }
423
424 /**
425 * Making interface selector:
426 *
427 * @return void
428 * @todo Define visibility
429 */
430 public function makeInterfaceSelectorBox() {
431 // Reset variables:
432 $this->interfaceSelector = '';
433 $this->interfaceSelector_hidden = '';
434 $this->interfaceSelector_jump = '';
435 // If interfaces are defined AND no input redirect URL in GET vars:
436 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces'] && ($this->isLoginInProgress() || !$this->redirect_url)) {
437 $parts = GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces']);
438 // Only if more than one interface is defined will we show the selector:
439 if (count($parts) > 1) {
440 // Initialize:
441 $labels = array();
442 $labels['backend'] = $GLOBALS['LANG']->getLL('interface.backend');
443 $labels['backend_old'] = $GLOBALS['LANG']->getLL('interface.backend_old');
444 $labels['frontend'] = $GLOBALS['LANG']->getLL('interface.frontend');
445 $jumpScript = array();
446 $jumpScript['backend'] = 'backend.php';
447 $jumpScript['backend_old'] = 'backend.php';
448 $jumpScript['frontend'] = '../';
449 // Traverse the interface keys:
450 foreach ($parts as $valueStr) {
451 $this->interfaceSelector .= '
452 <option value="' . htmlspecialchars($valueStr) . '"' . (GeneralUtility::_GP('interface') == htmlspecialchars($valueStr) ? ' selected="selected"' : '') . '>' . htmlspecialchars($labels[$valueStr]) . '</option>';
453 $this->interfaceSelector_jump .= '
454 <option value="' . htmlspecialchars($jumpScript[$valueStr]) . '">' . htmlspecialchars($labels[$valueStr]) . '</option>';
455 }
456 $this->interfaceSelector = '
457 <select id="t3-interfaceselector" name="interface" class="c-interfaceselector" tabindex="3">' . $this->interfaceSelector . '
458 </select>';
459 $this->interfaceSelector_jump = '
460 <select id="t3-interfaceselector" name="interface" class="c-interfaceselector" tabindex="3" onchange="window.location.href=this.options[this.selectedIndex].value;">' . $this->interfaceSelector_jump . '
461 </select>';
462 } elseif (!$this->redirect_url) {
463 // If there is only ONE interface value set and no redirect_url is present:
464 $this->interfaceSelector_hidden = '<input type="hidden" name="interface" value="' . trim($GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces']) . '" />';
465 }
466 }
467 }
468
469 /**
470 * Returns the login box image, whether the default or an image from the rotation folder.
471 *
472 * @return string HTML image tag.
473 * @deprecated since 6.3, will be removed
474 */
475 public function makeLoginBoxImage() {
476 GeneralUtility::logDeprecatedFunction();
477 return '';
478 }
479
480 /**
481 * Make login news - renders the HTML content for a list of news shown under
482 * the login form. News data is added through sys_news records
483 *
484 * @return string HTML content
485 * @credits Idea by Jan-Hendrik Heuing
486 * @todo Define visibility
487 */
488 public function makeLoginNews() {
489 $newsContent = '';
490 $systemNews = $this->getSystemNews();
491 // Traverse news array IF there are records in it:
492 if (is_array($systemNews) && count($systemNews) && !GeneralUtility::_GP('loginRefresh')) {
493 /** @var $htmlParser \TYPO3\CMS\Core\Html\RteHtmlParser */
494 $htmlParser = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Html\\RteHtmlParser');
495 $htmlParser->procOptions['dontHSC_rte'] = TRUE;
496
497 // Get the main news template, and replace the subpart after looped through
498 $newsContent = HtmlParser::getSubpart($GLOBALS['TBE_TEMPLATE']->moduleTemplate, '###LOGIN_NEWS###');
499 $newsItemTemplate = HtmlParser::getSubpart($newsContent, '###NEWS_ITEM###');
500 $newsItem = '';
501 $count = 1;
502 foreach ($systemNews as $newsItemData) {
503 $additionalClass = '';
504 if ($count == 1) {
505 $additionalClass = ' first-item';
506 } elseif ($count == count($systemNews)) {
507 $additionalClass = ' last-item';
508 }
509 $newsItemContent = $htmlParser->TS_transform_rte($htmlParser->TS_links_rte($newsItemData['content']));
510 $newsItemMarker = array(
511 '###HEADER###' => htmlspecialchars($newsItemData['header']),
512 '###DATE###' => htmlspecialchars($newsItemData['date']),
513 '###CONTENT###' => $newsItemContent,
514 '###CLASS###' => $additionalClass
515 );
516 $count++;
517 $newsItem .= HtmlParser::substituteMarkerArray($newsItemTemplate, $newsItemMarker);
518 }
519 $title = $GLOBALS['TYPO3_CONF_VARS']['BE']['loginNewsTitle'] ? $GLOBALS['TYPO3_CONF_VARS']['BE']['loginNewsTitle'] : $GLOBALS['LANG']->getLL('newsheadline');
520 $newsContent = HtmlParser::substituteMarker($newsContent, '###NEWS_HEADLINE###', htmlspecialchars($title));
521 $newsContent = HtmlParser::substituteSubpart($newsContent, '###NEWS_ITEM###', $newsItem);
522 }
523 return $newsContent;
524 }
525
526 /**
527 * Gets news from sys_news and converts them into a format suitable for
528 * showing them at the login screen.
529 *
530 * @return array An array of login news.
531 */
532 protected function getSystemNews() {
533 $systemNewsTable = 'sys_news';
534 $systemNews = array();
535 $systemNewsRecords = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('title, content, crdate', $systemNewsTable, '1=1' . BackendUtility::BEenableFields($systemNewsTable) . BackendUtility::deleteClause($systemNewsTable), '', 'crdate DESC');
536 foreach ($systemNewsRecords as $systemNewsRecord) {
537 $systemNews[] = array(
538 'date' => date($GLOBALS['TYPO3_CONF_VARS']['SYS']['ddmmyy'], $systemNewsRecord['crdate']),
539 'header' => $systemNewsRecord['title'],
540 'content' => $systemNewsRecord['content']
541 );
542 }
543 return $systemNews;
544 }
545
546 /**
547 * Returns the form tag
548 *
549 * @return string Opening form tag string
550 * @todo Define visibility
551 */
552 public function startForm() {
553 $output = '';
554 // The form defaults to 'no login'. This prevents plain
555 // text logins to the Backend. The 'sv' extension changes the form to
556 // use superchallenged method and rsaauth extension makes rsa authetication.
557 $form = '<form action="index.php" method="post" name="loginform" ' . 'onsubmit="alert(\'No authentication methods available. Please, ' . 'contact your TYPO3 administrator.\');return false">';
558 // Call hooks. If they do not return anything, we fail to login
559 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/index.php']['loginFormHook'])) {
560 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/index.php']['loginFormHook'] as $function) {
561 $params = array();
562 $formCode = GeneralUtility::callUserFunction($function, $params, $this);
563 if ($formCode) {
564 $form = $formCode;
565 break;
566 }
567 }
568 }
569 $output .= $form . '<input type="hidden" name="login_status" value="login" />' . '<input type="hidden" name="userident" value="" />' . '<input type="hidden" name="redirect_url" value="' . htmlspecialchars($this->redirectToURL) . '" />' . '<input type="hidden" name="loginRefresh" value="' . htmlspecialchars($this->loginRefresh) . '" />' . $this->interfaceSelector_hidden . $this->addFields_hidden;
570 return $output;
571 }
572
573 /**
574 * Creates JavaScript for the login form
575 *
576 * @return string JavaScript code
577 * @todo Define visibility
578 */
579 public function getJScode() {
580 $JSCode = '';
581 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/index.php']['loginScriptHook'])) {
582 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/index.php']['loginScriptHook'] as $function) {
583 $params = array();
584 $JSCode = GeneralUtility::callUserFunction($function, $params, $this);
585 if ($JSCode) {
586 break;
587 }
588 }
589 }
590 $JSCode .= $GLOBALS['TBE_TEMPLATE']->wrapScriptTags('
591 function startUp() {
592 // If the login screen is shown in the login_frameset window for re-login, then try to get the username of the current/former login from opening windows main frame:
593 try {
594 if (parent.opener && parent.opener.TS && parent.opener.TS.username && document.loginform && document.loginform.username) {
595 document.loginform.username.value = parent.opener.TS.username;
596 }
597 }
598 catch(error) {
599 //continue
600 }
601
602 // Wait a few millisecons before calling checkFocus(). This might be necessary because some browsers need some time to auto-fill in the form fields
603 window.setTimeout("checkFocus()", 50);
604 }
605
606 // This moves focus to the right input field:
607 function checkFocus() {
608 // If for some reason there already is a username in the username form field, move focus to the password field:
609 if (document.loginform.username && document.loginform.username.value == "") {
610 document.loginform.username.focus();
611 } else if (document.loginform.p_field && document.loginform.p_field.type!="hidden") {
612 document.loginform.p_field.focus();
613 }
614 }
615
616 // This function shows a warning, if user has capslock enabled
617 // parameter showWarning: shows warning if TRUE and capslock active, otherwise only hides warning, if capslock gets inactive
618 function checkCapslock(e, showWarning) {
619 if (!isCapslock(e)) {
620 document.getElementById(\'t3-capslock\').style.display = \'none\';
621 } else if (showWarning) {
622 document.getElementById(\'t3-capslock\').style.display = \'block\';
623 }
624 }
625
626 // Checks weather capslock is enabled (returns TRUE if enabled, false otherwise)
627 // thanks to http://24ways.org/2007/capturing-caps-lock
628
629 function isCapslock(e) {
630 var ev = e ? e : window.event;
631 if (!ev) {
632 return;
633 }
634 var targ = ev.target ? ev.target : ev.srcElement;
635 // get key pressed
636 var which = -1;
637 if (ev.which) {
638 which = ev.which;
639 } else if (ev.keyCode) {
640 which = ev.keyCode;
641 }
642 // get shift status
643 var shift_status = false;
644 if (ev.shiftKey) {
645 shift_status = ev.shiftKey;
646 } else if (ev.modifiers) {
647 shift_status = !!(ev.modifiers & 4);
648 }
649 return (((which >= 65 && which <= 90) && !shift_status) ||
650 ((which >= 97 && which <= 122) && shift_status));
651 }
652
653 // prevent opening the login form in the backend frameset
654 if (top.location.href != self.location.href) {
655 top.location.href = self.location.href;
656 }
657
658 ');
659 return $JSCode;
660 }
661
662 /**
663 * Checks if login credentials are currently submitted
664 *
665 * @return boolean
666 */
667 protected function isLoginInProgress() {
668 $username = GeneralUtility::_GP('username');
669 return !(empty($username) && empty($this->commandLI));
670 }
671
672 /**
673 * Emits the render login form signal
674 *
675 * @param array $markers Array with markers for the login form
676 * @return array Modified markers array
677 */
678 protected function emitRenderLoginFormSignal(array $markers) {
679 $signalArguments = $this->getSignalSlotDispatcher()->dispatch('TYPO3\\CMS\\Backend\\Controller\\LoginController', self::SIGNAL_RenderLoginForm, array($this, $markers));
680 return $signalArguments[1];
681 }
682
683 /**
684 * Get the SignalSlot dispatcher
685 *
686 * @return \TYPO3\CMS\Extbase\SignalSlot\Dispatcher
687 */
688 protected function getSignalSlotDispatcher() {
689 if (!isset($this->signalSlotDispatcher)) {
690 $this->signalSlotDispatcher = $this->getObjectManager()->get('TYPO3\\CMS\\Extbase\\SignalSlot\\Dispatcher');
691 }
692 return $this->signalSlotDispatcher;
693 }
694
695 /**
696 * Get the ObjectManager
697 *
698 * @return \TYPO3\CMS\Extbase\Object\ObjectManager
699 */
700 protected function getObjectManager() {
701 return GeneralUtility::makeInstance('TYPO3\\CMS\\Extbase\\Object\\ObjectManager');
702 }
703
704 }