3ac5cc29889686c707da0399f8c1f8b3017ade56
[Packages/TYPO3.CMS.git] / typo3 / sysext / felogin / pi1 / class.tx_felogin_pi1.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2007-2011 Steffen Kamper <info@sk-typo3.de>
6 * Based on Newloginbox (c) 2002-2004 Kasper Skårhøj <kasper@typo3.com>
7 *
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 *
19 * This script is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * This copyright notice MUST APPEAR in all copies of the script!
25 *
26 * The code was adapted from newloginbox, see manual for detailed description
27 ***************************************************************/
28 /**
29 * Plugin 'Website User Login' for the 'felogin' extension.
30 *
31 * @author Steffen Kamper <info@sk-typo3.de>
32 * @package TYPO3
33 * @subpackage tx_felogin
34 */
35 class tx_felogin_pi1 extends tslib_pibase {
36 var $prefixId = 'tx_felogin_pi1'; // Same as class name
37 var $scriptRelPath = 'pi1/class.tx_felogin_pi1.php'; // Path to this script relative to the extension dir.
38 var $extKey = 'felogin'; // The extension key.
39 public $pi_checkCHash = FALSE;
40 public $pi_USER_INT_obj = TRUE;
41
42 protected $userIsLoggedIn; // Is user logged in?
43 protected $template; // holds the template for FE rendering
44 protected $uploadDir; // upload dir, used for flexform template files
45 protected $redirectUrl; // URL for the redirect
46 protected $noRedirect = FALSE; // flag for disable the redirect
47 protected $logintype; // logintype (given as GPvar), possible: login, logout
48
49 /**
50 * The main method of the plugin
51 *
52 * @param string $content: The PlugIn content
53 * @param array $conf: The PlugIn configuration
54 *
55 * @return string The content that is displayed on the website
56 */
57 public function main($content, $conf) {
58
59 // Loading TypoScript array into object variable:
60 $this->conf = $conf;
61 $this->uploadDir = 'uploads/tx_felogin/';
62
63 // Loading default pivars
64 $this->pi_setPiVarDefaults();
65
66 // Loading language-labels
67 $this->pi_loadLL();
68
69 // Init FlexForm configuration for plugin:
70 $this->pi_initPIflexForm();
71 $this->mergeflexFormValuesIntoConf();
72
73 // Get storage PIDs:
74 if ($this->conf['storagePid']) {
75 if (intval($this->conf['recursive'])) {
76 $this->spid = $this->pi_getPidList($this->conf['storagePid'], intval($this->conf['recursive']));
77 } else {
78 $this->spid = $this->conf['storagePid'];
79 }
80 } else {
81 $pids = $GLOBALS['TSFE']->getStorageSiterootPids();
82 $this->spid = $pids['_STORAGE_PID'];
83 }
84
85 // GPvars:
86 $this->logintype = t3lib_div::_GP('logintype');
87 $this->referer = $this->validateRedirectUrl(t3lib_div::_GP('referer'));
88 $this->noRedirect = ($this->piVars['noredirect'] || $this->conf['redirectDisable']);
89
90 // if config.typolinkLinkAccessRestrictedPages is set, the var is return_url
91 $returnUrl = t3lib_div::_GP('return_url');
92 if ($returnUrl) {
93 $this->redirectUrl = $returnUrl;
94 } else {
95 $this->redirectUrl = t3lib_div::_GP('redirect_url');
96 }
97 $this->redirectUrl = $this->validateRedirectUrl($this->redirectUrl);
98
99 // Get Template
100 $templateFile = $this->conf['templateFile'] ? $this->conf['templateFile'] : 'EXT:felogin/template.html';
101 $this->template = $this->cObj->fileResource($templateFile);
102
103 // Is user logged in?
104 $this->userIsLoggedIn = $GLOBALS['TSFE']->loginUser;
105
106 // Redirect
107 if ($this->conf['redirectMode'] && !$this->conf['redirectDisable'] && !$this->noRedirect) {
108 $redirectUrl = $this->processRedirect();
109 if (count($redirectUrl)) {
110 $this->redirectUrl = $this->conf['redirectFirstMethod'] ? array_shift($redirectUrl) : array_pop($redirectUrl);
111 } else {
112 $this->redirectUrl = '';
113 }
114 }
115
116 // What to display
117 $content='';
118 if ($this->piVars['forgot']) {
119 $content .= $this->showForgot();
120 } elseif ($this->piVars['forgothash']) {
121 $content .= $this->changePassword();
122 } else {
123 if($this->userIsLoggedIn && !$this->logintype) {
124 $content .= $this->showLogout();
125 } else {
126 $content .= $this->showLogin();
127 }
128 }
129
130 // Process the redirect
131 if (($this->logintype === 'login' || $this->logintype === 'logout') && $this->redirectUrl && !$this->noRedirect) {
132 if (!$GLOBALS['TSFE']->fe_user->cookieId) {
133 $content .= $this->cObj->stdWrap($this->pi_getLL('cookie_warning', '', 1), $this->conf['cookieWarning_stdWrap.']);
134 } else {
135 // Add hook for extra processing before redirect
136 if (isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect']) && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'])) {
137 $_params = array(
138 'loginType' => $this->logintype,
139 'redirectUrl' => &$this->redirectUrl,
140 );
141 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'] as $_funcRef) {
142 if ($_funcRef) {
143 t3lib_div::callUserFunction($_funcRef, $_params, $this);
144 }
145 }
146 }
147 t3lib_utility_Http::redirect($this->redirectUrl);
148 }
149 }
150
151 // Adds hook for processing of extra item markers / special
152 if (isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent']) && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'])) {
153 $_params = array(
154 'content' => $content
155 );
156 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'] as $_funcRef) {
157 $content = t3lib_div::callUserFunction($_funcRef, $_params, $this);
158 }
159 }
160
161 return $this->conf['wrapContentInBaseClass'] ? $this->pi_wrapInBaseClass($content) : $content;
162 }
163
164 /**
165 * Shows the forgot password form
166 *
167 * @return string content
168 */
169 protected function showForgot() {
170 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_FORGOT###');
171 $subpartArray = $linkpartArray = array();
172 $postData = t3lib_div::_POST($this->prefixId);
173
174 if ($postData['forgot_email']) {
175
176 // get hashes for compare
177 $postedHash = $postData['forgot_hash'];
178 $hashData = $GLOBALS['TSFE']->fe_user->getKey('ses', 'forgot_hash');
179
180 if ($postedHash === $hashData['forgot_hash']) {
181 $row = FALSE;
182
183 // look for user record
184 $data = $GLOBALS['TYPO3_DB']->fullQuoteStr($this->piVars['forgot_email'], 'fe_users');
185 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
186 'uid, username, password, email',
187 'fe_users',
188 '(email=' . $data .' OR username=' . $data . ') AND pid IN ('.$GLOBALS['TYPO3_DB']->cleanIntList($this->spid).') '.$this->cObj->enableFields('fe_users')
189 );
190
191 if ($GLOBALS['TYPO3_DB']->sql_num_rows($res)) {
192 $row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res);
193 }
194
195 $error = NULL;
196 if ($row) {
197 // generate an email with the hashed link
198 $error = $this->generateAndSendHash($row);
199 } elseif ($this->conf['exposeNonexistentUserInForgotPasswordDialog']) {
200 $error = $this->pi_getLL('ll_forgot_reset_message_error');
201 }
202
203 // generate message
204 if ($error) {
205 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($error, $this->conf['forgotErrorMessage_stdWrap.']);
206 } else {
207 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($this->pi_getLL('ll_forgot_reset_message_emailSent', '', 1), $this->conf['forgotResetMessageEmailSentMessage_stdWrap.']);
208 }
209 $subpartArray['###FORGOT_FORM###'] = '';
210 } else {
211 //wrong email
212 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
213 $markerArray['###BACKLINK_LOGIN###'] = '';
214 }
215 } else {
216 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
217 $markerArray['###BACKLINK_LOGIN###'] = '';
218 }
219
220 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink($this->pi_getLL('ll_forgot_header_backToLogin', '', 1), array());
221 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('forgot_header', $this->conf['forgotHeader_stdWrap.']);
222 $markerArray['###LEGEND###'] = $this->pi_getLL('legend', $this->pi_getLL('reset_password', '', 1), 1);
223 $markerArray['###ACTION_URI###'] = $this->getPageLink('', array($this->prefixId . '[forgot]'=>1), TRUE);
224 $markerArray['###EMAIL_LABEL###'] = $this->pi_getLL('your_email', '', 1);
225 $markerArray['###FORGOT_PASSWORD_ENTEREMAIL###'] = $this->pi_getLL('forgot_password_enterEmail', '', 1);
226 $markerArray['###FORGOT_EMAIL###'] = $this->prefixId.'[forgot_email]';
227 $markerArray['###SEND_PASSWORD###'] = $this->pi_getLL('reset_password', '', 1);
228 $markerArray['###DATA_LABEL###'] = $this->pi_getLL('ll_enter_your_data', '', 1);
229
230 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
231
232 // generate hash
233 $hash = md5($this->generatePassword(3));
234 $markerArray['###FORGOTHASH###'] = $hash;
235 // set hash in feuser session
236 $GLOBALS['TSFE']->fe_user->setKey('ses', 'forgot_hash', array('forgot_hash' => $hash));
237
238 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
239 }
240
241 /**
242 * This function checks the hash from link and checks the validity. If it's valid it shows the form for
243 * changing the password and process the change of password after submit, if not valid it returns the error message
244 *
245 * @return string The content.
246 */
247 protected function changePassword() {
248
249 $subpartArray = $linkpartArray = array();
250 $done = FALSE;
251
252 $minLength = intval($this->conf['newPasswordMinLength']) ? intval($this->conf['newPasswordMinLength']) : 6;
253
254 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_CHANGEPASSWORD###');
255
256 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('change_password_header', $this->conf['changePasswordHeader_stdWrap.']);
257 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText('change_password_message', $this->conf['changePasswordMessage_stdWrap.']), $minLength);
258
259 $markerArray['###BACKLINK_LOGIN###'] = '';
260 $uid = $this->piVars['user'];
261 $piHash = $this->piVars['forgothash'];
262
263 $hash = explode('|', $piHash);
264 if (intval($uid) == 0) {
265 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('change_password_notvalid_message', $this->conf['changePasswordNotValidMessage_stdWrap.']);
266 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
267 } else {
268 $user = $this->pi_getRecord('fe_users', intval($uid));
269 $userHash = $user['felogin_forgotHash'];
270 $compareHash = explode('|', $userHash);
271
272 if (!$compareHash || !$compareHash[1] || $compareHash[0] < time() || $hash[0] != $compareHash[0] || md5($hash[1]) != $compareHash[1]) {
273 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('change_password_notvalid_message', $this->conf['changePasswordNotValidMessage_stdWrap.']);
274 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
275 } else {
276 // all is fine, continue with new password
277 $postData = t3lib_div::_POST($this->prefixId);
278
279 if (isset($postData['changepasswordsubmit'])) {
280 if (strlen($postData['password1']) < $minLength) {
281 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText('change_password_tooshort_message', $this->conf['changePasswordTooShortMessage_stdWrap.']), $minLength);
282 } elseif ($postData['password1'] != $postData['password2']) {
283 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText('change_password_notequal_message', $this->conf['changePasswordNotEqualMessage_stdWrap.']), $minLength);
284 } else {
285 $newPass = $postData['password1'];
286
287 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
288 $_params = array(
289 'user' => $user,
290 'newPassword' => $newPass,
291 );
292 foreach($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
293 if ($_funcRef) {
294 t3lib_div::callUserFunction($_funcRef, $_params, $this);
295 }
296 }
297 $newPass = $_params['newPassword'];
298 }
299
300 // save new password and clear DB-hash
301 $res = $GLOBALS['TYPO3_DB']->exec_UPDATEquery(
302 'fe_users',
303 'uid=' . $user['uid'],
304 array('password' => $newPass, 'felogin_forgotHash' => '')
305 );
306 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('change_password_done_message', $this->conf['changePasswordDoneMessage_stdWrap.']);
307 $done = TRUE;
308 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
309 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(
310 $this->pi_getLL('ll_forgot_header_backToLogin', '', 1),
311 array($this->prefixId . '[redirectReferrer]' => 'off')
312 );
313 }
314 }
315
316 if (!$done) {
317 // Change password form
318 $markerArray['###ACTION_URI###'] = $this->pi_getPageLink($GLOBALS['TSFE']->id, '', array(
319 $this->prefixId . '[user]' => $user['uid'],
320 $this->prefixId . '[forgothash]' => $piHash
321 ));
322 $markerArray['###LEGEND###'] = $this->pi_getLL('change_password', '', 1);
323 $markerArray['###NEWPASSWORD1_LABEL###'] = $this->pi_getLL('newpassword_label1', '', 1);
324 $markerArray['###NEWPASSWORD2_LABEL###'] = $this->pi_getLL('newpassword_label2', '', 1);
325 $markerArray['###NEWPASSWORD1###'] = $this->prefixId . '[password1]';
326 $markerArray['###NEWPASSWORD2###'] = $this->prefixId . '[password2]';
327 $markerArray['###STORAGE_PID###'] = $this->spid;
328 $markerArray['###SEND_PASSWORD###'] = $this->pi_getLL('change_password', '', 1);
329 $markerArray['###FORGOTHASH###'] = $piHash;
330 }
331 }
332 }
333
334 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
335 }
336
337 /**
338 * generates a hashed link and send it with email
339 *
340 * @param array $user contains user data
341 * @return string Empty string with success, error message with no success
342 */
343 protected function generateAndSendHash($user) {
344 $hours = intval($this->conf['forgotLinkHashValidTime']) > 0 ? intval($this->conf['forgotLinkHashValidTime']) : 24;
345 $validEnd = time() + 3600 * $hours;
346 $validEndString = date($this->conf['dateFormat'], $validEnd);
347
348 $hash = md5(t3lib_div::generateRandomBytes(64));
349 $randHash = $validEnd . '|' . $hash;
350 $randHashDB = $validEnd . '|' . md5($hash);
351
352 //write hash to DB
353 $res = $GLOBALS['TYPO3_DB']->exec_UPDATEquery('fe_users', 'uid=' . $user['uid'], array('felogin_forgotHash' => $randHashDB));
354
355 // send hashlink to user
356 $this->conf['linkPrefix'] = -1;
357 $isAbsRelPrefix = !empty($GLOBALS['TSFE']->absRefPrefix);
358 $isBaseURL = !empty($GLOBALS['TSFE']->baseUrl);
359 $isFeloginBaseURL = !empty($this->conf['feloginBaseURL']);
360
361 $link = $this->pi_getPageLink($GLOBALS['TSFE']->id, '', array(
362 $this->prefixId . '[user]' => $user['uid'],
363 $this->prefixId . '[forgothash]' => $randHash
364 ));
365
366 // Prefix link if necessary
367 if ($isFeloginBaseURL) {
368 // First priority, use specific base URL
369 // "absRefPrefix" must be removed first, otherwise URL will be prepended twice
370 if (!empty($GLOBALS['TSFE']->absRefPrefix)) {
371 $link = substr($link, strlen($GLOBALS['TSFE']->absRefPrefix));
372 }
373 $link = $this->conf['feloginBaseURL'] . $link;
374 } elseif ($isAbsRelPrefix) {
375 // Second priority
376 // absRefPrefix must not necessarily contain a hostname and URL scheme, so add it if needed
377 $link = t3lib_div::locationHeaderUrl($link);
378 } elseif ($isBaseURL) {
379 // Third priority
380 // Add the global base URL to the link
381 $link = $GLOBALS['TSFE']->baseUrlWrap($link);
382 } else {
383 // no prefix is set, return the error
384 return $this->pi_getLL('ll_change_password_nolinkprefix_message');
385 }
386
387 $msg = sprintf($this->pi_getLL('ll_forgot_validate_reset_password', '', 0), $user['username'], $link, $validEndString);
388
389 // Add hook for extra processing of mail message
390 if (isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail']) &&
391 is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'])
392 ) {
393 $params = array(
394 'message' => &$msg,
395 'user' => &$user,
396 );
397 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'] as $reference) {
398 if ($reference) {
399 t3lib_div::callUserFunction($reference, $params, $this);
400 }
401 }
402 }
403
404 // no RDCT - Links for security reasons
405 $oldSetting = $GLOBALS['TSFE']->config['config']['notification_email_urlmode'];
406 $GLOBALS['TSFE']->config['config']['notification_email_urlmode'] = 0;
407 // send the email
408 $this->cObj->sendNotifyEmail($msg, $user['email'], '', $this->conf['email_from'], $this->conf['email_fromName'], $this->conf['replyTo']);
409 // restore settings
410 $GLOBALS['TSFE']->config['config']['notification_email_urlmode'] = $oldSetting;
411
412 return '';
413 }
414
415 /**
416 * Shows logout form
417 *
418 * @return string The content.
419 */
420 protected function showLogout() {
421 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGOUT###');
422 $subpartArray = $linkpartArray = array();
423
424 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('status_header', $this->conf['logoutHeader_stdWrap.']);
425 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('status_message', $this->conf['logoutMessage_stdWrap.']);
426 $this->cObj->stdWrap($this->flexFormValue('message', 's_status'), $this->conf['logoutMessage_stdWrap.']);
427
428 $markerArray['###LEGEND###'] = $this->pi_getLL('logout', '', 1);
429 $markerArray['###ACTION_URI###'] = $this->getPageLink('', array(), TRUE);
430 $markerArray['###LOGOUT_LABEL###'] = $this->pi_getLL('logout', '', 1);
431 $markerArray['###NAME###'] = htmlspecialchars($GLOBALS['TSFE']->fe_user->user['name']);
432 $markerArray['###STORAGE_PID###'] = $this->spid;
433 $markerArray['###USERNAME###'] = htmlspecialchars($GLOBALS['TSFE']->fe_user->user['username']);
434 $markerArray['###USERNAME_LABEL###'] = $this->pi_getLL('username', '', 1);
435 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
436 $markerArray['###PREFIXID###'] = $this->prefixId;
437 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
438
439 if ($this->redirectUrl) {
440 // use redirectUrl for action tag because of possible access restricted pages
441 $markerArray['###ACTION_URI###'] = htmlspecialchars($this->redirectUrl);
442 $this->redirectUrl = '';
443 }
444 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
445 }
446
447 /**
448 * Shows login form
449 *
450 * @return string content
451 */
452 protected function showLogin() {
453 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGIN###');
454 $subpartArray = $linkpartArray = $markerArray = array();
455
456 $gpRedirectUrl = '';
457
458 $markerArray['###LEGEND###'] = $this->pi_getLL('oLabel_header_welcome', '', 1);
459
460 if($this->logintype === 'login') {
461 if($this->userIsLoggedIn) {
462 // login success
463 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('success_header', $this->conf['successHeader_stdWrap.']);
464 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('success_message', $this->conf['successMessage_stdWrap.']);
465 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
466 $subpartArray['###LOGIN_FORM###'] = '';
467
468 // Hook for general actions after after login has been confirmed (by Thomas Danzl <thomas@danzl.org>)
469 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed']) {
470 $_params = array();
471 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed'] as $_funcRef) {
472 if ($_funcRef) {
473 t3lib_div::callUserFunction($_funcRef, $_params, $this);
474 }
475 }
476 }
477 // show logout form directly
478 if ($this->conf['showLogoutFormAfterLogin']) {
479 $this->redirectUrl = '';
480 return $this->showLogout();
481 }
482 } else {
483 // Hook for general actions on login error
484 if (isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error']) &&
485 is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'])) {
486 $params = array();
487 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'] as $funcRef) {
488 if ($funcRef) {
489 t3lib_div::callUserFunction($funcRef, $params, $this);
490 }
491 }
492 }
493 // login error
494 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('error_header', $this->conf['errorHeader_stdWrap.']);
495 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('error_message', $this->conf['errorMessage_stdWrap.']);
496 $gpRedirectUrl = t3lib_div::_GP('redirect_url');
497 }
498 } else {
499 if($this->logintype === 'logout') {
500 // login form after logout
501 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('logout_header', $this->conf['logoutHeader_stdWrap.']);
502 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('logout_message', $this->conf['logoutMessage_stdWrap.']);
503 } else {
504 // login form
505 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('welcome_header', $this->conf['welcomeHeader_stdWrap.']);
506 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('welcome_message', $this->conf['welcomeMessage_stdWrap.']);
507 }
508 }
509
510 // Hook (used by kb_md5fepw extension by Kraft Bernhard <kraftb@gmx.net>)
511 // This hook allows to call User JS functions.
512 // The methods should also set the required JS functions to get included
513 $onSubmit = '';
514 $extraHidden = '';
515 $onSubmitAr = array();
516 $extraHiddenAr = array();
517
518 // check for referer redirect method. if present, save referer in form field
519 if (t3lib_div::inList($this->conf['redirectMode'], 'referer') || t3lib_div::inList($this->conf['redirectMode'], 'refererDomains')) {
520 $referer = $this->referer ? $this->referer : t3lib_div::getIndpEnv('HTTP_REFERER');
521 if ($referer) {
522 $extraHiddenAr[] = '<input type="hidden" name="referer" value="' . htmlspecialchars($referer) . '" />';
523 if ($this->piVars['redirectReferrer'] === 'off') {
524 $extraHiddenAr[] = '<input type="hidden" name="' . $this->prefixId . '[redirectReferrer]" value="off" />';
525 }
526 }
527 }
528
529 if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'])) {
530 $_params = array();
531 foreach($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] as $funcRef) {
532 list($onSub, $hid) = t3lib_div::callUserFunction($funcRef, $_params, $this);
533 $onSubmitAr[] = $onSub;
534 $extraHiddenAr[] = $hid;
535 }
536 }
537 if (count($onSubmitAr)) {
538 $onSubmit = implode('; ', $onSubmitAr).'; return true;';
539 }
540 if (count($extraHiddenAr)) {
541 $extraHidden = implode(LF, $extraHiddenAr);
542 }
543
544 if (!$gpRedirectUrl && $this->redirectUrl) {
545 $gpRedirectUrl = $this->redirectUrl;
546 }
547
548 // Login form
549 $markerArray['###ACTION_URI###'] = $this->getPageLink('', array(), TRUE);
550 $markerArray['###EXTRA_HIDDEN###'] = $extraHidden; // used by kb_md5fepw extension...
551 $markerArray['###LEGEND###'] = $this->pi_getLL('login', '', 1);
552 $markerArray['###LOGIN_LABEL###'] = $this->pi_getLL('login', '', 1);
553 $markerArray['###ON_SUBMIT###'] = $onSubmit; // used by kb_md5fepw extension...
554 $markerArray['###PASSWORD_LABEL###'] = $this->pi_getLL('password', '', 1);
555 $markerArray['###STORAGE_PID###'] = $this->spid;
556 $markerArray['###USERNAME_LABEL###'] = $this->pi_getLL('username', '', 1);
557 $markerArray['###REDIRECT_URL###'] = htmlspecialchars($gpRedirectUrl);
558 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
559 $markerArray['###PREFIXID###'] = $this->prefixId;
560 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
561
562 if ($this->flexFormValue('showForgotPassword', 'sDEF') || $this->conf['showForgotPasswordLink']) {
563 $linkpartArray['###FORGOT_PASSWORD_LINK###'] = explode('|', $this->getPageLink('|', array($this->prefixId.'[forgot]'=>1)));
564 $markerArray['###FORGOT_PASSWORD###'] = $this->pi_getLL('ll_forgot_header', '', 1);
565 } else {
566 $subpartArray['###FORGOTP_VALID###'] = '';
567 }
568
569 // The permanent login checkbox should only be shown if permalogin is not deactivated (-1), not forced to be always active (2) and lifetime is greater than 0
570 if ($this->conf['showPermaLogin'] && t3lib_div::inList('0,1', $GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin']) && $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'] > 0) {
571 $markerArray['###PERMALOGIN###'] = $this->pi_getLL('permalogin', '', 1);
572 if($GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'] == 1) {
573 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = 'disabled="disabled"';
574 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = 'checked="checked"';
575 } else {
576 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = '';
577 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = '';
578 }
579 } else {
580 $subpartArray['###PERMALOGIN_VALID###'] = '';
581 }
582 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
583 }
584
585 /**
586 * Process redirect methods. The function searches for a redirect url using all configured methods.
587 *
588 * @return string redirect url
589 */
590 protected function processRedirect() {
591 $redirect_url = array();
592 if ($this->conf['redirectMode']) {
593 $redirectMethods = t3lib_div::trimExplode(',', $this->conf['redirectMode'], TRUE);
594 foreach ($redirectMethods as $redirMethod) {
595 if ($GLOBALS['TSFE']->loginUser && $this->logintype === 'login') {
596 // logintype is needed because the login-page wouldn't be accessible anymore after a login (would always redirect)
597 switch ($redirMethod) {
598 case 'groupLogin': // taken from dkd_redirect_at_login written by Ingmar Schlecht; database-field changed
599 $groupData = $GLOBALS['TSFE']->fe_user->groupData;
600 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
601 'felogin_redirectPid',
602 $GLOBALS['TSFE']->fe_user->usergroup_table,
603 'felogin_redirectPid<>\'\' AND uid IN (' . implode(',', $groupData['uid']) . ')'
604 );
605 if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_row($res)) {
606 $redirect_url[] = $this->pi_getPageLink($row[0]); // take the first group with a redirect page
607 }
608 break;
609 case 'userLogin':
610 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
611 'felogin_redirectPid',
612 $GLOBALS['TSFE']->fe_user->user_table,
613 $GLOBALS['TSFE']->fe_user->userid_column . '=' . $GLOBALS['TSFE']->fe_user->user['uid'] . ' AND felogin_redirectPid<>\'\''
614 );
615 if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_row($res)) {
616 $redirect_url[] = $this->pi_getPageLink($row[0]);
617 }
618 break;
619 case 'login':
620 if ($this->conf['redirectPageLogin']) {
621 $redirect_url[] = $this->pi_getPageLink(intval($this->conf['redirectPageLogin']));
622 }
623 break;
624 case 'getpost':
625 $redirect_url[] = $this->redirectUrl;
626 break;
627 case 'referer':
628 // avoid redirect when logging in after changing password
629 if ($this->piVars['redirectReferrer'] !== 'off') {
630 // avoid forced logout, when trying to login immediatly after a logout
631 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $this->referer);
632 }
633 break;
634 case 'refererDomains':
635 // Auto redirect.
636 // Feature to redirect to the page where the user came from (HTTP_REFERER).
637 // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
638 // Thanks to plan2.net / Martin Kutschker for implementing this feature.
639 // also avoid redirect when logging in after changing password
640 if ($this->conf['domains'] && $this->piVars['redirectReferrer'] !== 'off') {
641 $url = $this->referer;
642 // is referring url allowed to redirect?
643 $match = array();
644 if (preg_match('/^http://([[:alnum:]._-]+)//', $url, $match)) {
645 $redirect_domain = $match[1];
646 $found = FALSE;
647 foreach(t3lib_div::trimExplode(',', $this->conf['domains'], TRUE) as $d) {
648 if (preg_match('/(^|\.)/'.$d.'$', $redirect_domain)) {
649 $found = TRUE;
650 break;
651 }
652 }
653 if (!$found) {
654 $url = '';
655 }
656 }
657
658 // Avoid forced logout, when trying to login immediatly after a logout
659 if ($url) {
660 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url);
661 }
662 }
663 break;
664 }
665 } elseif ($this->logintype === 'login') { // after login-error
666 switch ($redirMethod) {
667 case 'loginError':
668 if ($this->conf['redirectPageLoginError']) {
669 $redirect_url[] = $this->pi_getPageLink(intval($this->conf['redirectPageLoginError']));
670 }
671 break;
672 }
673 } elseif (($this->logintype == '') && ($redirMethod == 'login') && $this->conf['redirectPageLogin']) {
674 // if login and page not accessible
675 $this->cObj->typolink('', array(
676 'parameter' => $this->conf['redirectPageLogin'],
677 'linkAccessRestrictedPages' => TRUE,
678 ));
679 $redirect_url[] = $this->cObj->lastTypoLinkUrl;
680
681 } elseif (($this->logintype == '') && ($redirMethod == 'logout') && $this->conf['redirectPageLogout'] && $GLOBALS['TSFE']->loginUser) {
682 // if logout and page not accessible
683 $redirect_url[] = $this->pi_getPageLink(intval($this->conf['redirectPageLogout']));
684
685 } elseif ($this->logintype === 'logout') { // after logout
686
687 // Hook for general actions after after logout has been confirmed
688 if ($this->logintype === 'logout' && $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed']) {
689 $_params = array();
690 foreach($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed'] as $_funcRef) {
691 if ($_funcRef) {
692 t3lib_div::callUserFunction($_funcRef, $_params, $this);
693 }
694 }
695 }
696
697 switch ($redirMethod) {
698 case 'logout':
699 if ($this->conf['redirectPageLogout']) {
700 $redirect_url[] = $this->pi_getPageLink(intval($this->conf['redirectPageLogout']));
701 }
702 break;
703 }
704 } else { // not logged in
705 // Placeholder for maybe future options
706 switch ($redirMethod) {
707 case 'getpost':
708 // preserve the get/post value
709 $redirect_url[] = $this->redirectUrl;
710 break;
711 }
712 }
713 }
714 }
715 // remove empty values
716 if (count($redirect_url)) {
717 return t3lib_div::trimExplode(',', implode(',', $redirect_url), TRUE);
718 } else {
719 return array();
720 }
721 }
722
723 /**
724 * Reads flexform configuration and merge it with $this->conf
725 *
726 * @return void
727 */
728 protected function mergeflexFormValuesIntoConf() {
729 $flex = array();
730 if ($this->flexFormValue('showForgotPassword', 'sDEF')) {
731 $flex['showForgotPassword'] = $this->flexFormValue('showForgotPassword','sDEF');
732 }
733
734 if ($this->flexFormValue('showPermaLogin', 'sDEF')) {
735 $flex['showPermaLogin'] = $this->flexFormValue('showPermaLogin', 'sDEF');
736 }
737
738 if ($this->flexFormValue('showLogoutFormAfterLogin', 'sDEF')) {
739 $flex['showLogoutFormAfterLogin'] = $this->flexFormValue('showLogoutFormAfterLogin', 'sDEF');
740 }
741
742 if ($this->flexFormValue('pages', 'sDEF')) {
743 $flex['pages'] = $this->flexFormValue('pages', 'sDEF');
744 }
745
746 if ($this->flexFormValue('recursive', 'sDEF')) {
747 $flex['recursive'] = $this->flexFormValue('recursive', 'sDEF');
748 }
749
750 if ($this->flexFormValue('templateFile', 'sDEF')) {
751 $flex['templateFile'] = $this->uploadDir . $this->flexFormValue('templateFile', 'sDEF');
752 }
753
754 if ($this->flexFormValue('redirectMode', 's_redirect')) {
755 $flex['redirectMode'] = $this->flexFormValue('redirectMode', 's_redirect');
756 }
757
758 if ($this->flexFormValue('redirectFirstMethod', 's_redirect')) {
759 $flex['redirectFirstMethod'] = $this->flexFormValue('redirectFirstMethod', 's_redirect');
760 }
761
762 if ($this->flexFormValue('redirectDisable', 's_redirect')) {
763 $flex['redirectDisable'] = $this->flexFormValue('redirectDisable', 's_redirect');
764 }
765
766 if ($this->flexFormValue('redirectPageLogin', 's_redirect')) {
767 $flex['redirectPageLogin'] = $this->flexFormValue('redirectPageLogin', 's_redirect');
768 }
769
770 if ($this->flexFormValue('redirectPageLoginError', 's_redirect')) {
771 $flex['redirectPageLoginError'] = $this->flexFormValue('redirectPageLoginError', 's_redirect');
772 }
773
774 if ($this->flexFormValue('redirectPageLogout', 's_redirect')) {
775 $flex['redirectPageLogout'] = $this->flexFormValue('redirectPageLogout', 's_redirect');
776 }
777
778 $pid = $flex['pages'] ? $this->pi_getPidList($flex['pages'], $flex['recursive']) : 0;
779 if ($pid > 0) {
780 $flex['storagePid'] = $pid;
781 }
782
783 $this->conf = array_merge($this->conf, $flex);
784 }
785
786 /**
787 * Loads a variable from the flexform
788 *
789 * @param string name of variable
790 * @param string name of sheet
791 * @return string value of var
792 */
793 protected function flexFormValue($var, $sheet) {
794 return $this->pi_getFFvalue($this->cObj->data['pi_flexform'], $var,$sheet);
795 }
796
797 /**
798 * Generate link with typolink function
799 *
800 * @param string linktext
801 * @param array link vars
802 * @param boolean TRUE: returns only url FALSE (default) returns the link)
803 *
804 * @return string link or url
805 */
806 protected function getPageLink($label, $piVars, $returnUrl = FALSE) {
807 $additionalParams = '';
808
809 if (count($piVars)) {
810 foreach($piVars as $key=>$val) {
811 $additionalParams .= '&' . $key . '=' . $val;
812 }
813 }
814 // should GETvars be preserved?
815 if ($this->conf['preserveGETvars']) {
816 $additionalParams .= $this->getPreserveGetVars();
817 }
818
819 $this->conf['linkConfig.']['parameter'] = $GLOBALS['TSFE']->id;
820 if ($additionalParams) {
821 $this->conf['linkConfig.']['additionalParams'] = $additionalParams;
822 }
823
824 if ($returnUrl) {
825 return htmlspecialchars($this->cObj->typolink_url($this->conf['linkConfig.']));
826 } else {
827 return $this->cObj->typolink($label, $this->conf['linkConfig.']);
828 }
829 }
830
831 /**
832 * Is used by TS-setting preserveGETvars
833 * possible values are "all" or a commaseperated list of GET-vars
834 * they are used as additionalParams for link generation
835 *
836 * @return string additionalParams-string
837 */
838 protected function getPreserveGetVars() {
839
840 $params = '';
841 $preserveVars =! ($this->conf['preserveGETvars'] || $this->conf['preserveGETvars']=='all' ? array() : implode(',', (array)$this->conf['preserveGETvars']));
842 $getVars = t3lib_div::_GET();
843
844 foreach ($getVars as $key => $val) {
845 if (stristr($key, $this->prefixId) === FALSE) {
846 if (is_array($val)) {
847 foreach ($val as $key1 => $val1) {
848 if ($this->conf['preserveGETvars'] == 'all' || in_array($key . '[' . $key1 .']', $preserveVars)) {
849 $params .= '&' . $key . '[' . $key1 . ']=' . $val1;
850 }
851 }
852 } else {
853 if (!in_array($key, array('id', 'no_cache', 'logintype', 'redirect_url', 'cHash'))) {
854 $params .= '&' . $key . '=' . $val;
855 }
856 }
857 }
858 }
859 return $params;
860 }
861
862 /**
863 * Is used by forgot password - function with md5 option.
864 *
865 * @author Bernhard Kraft
866 *
867 * @param int length of new password
868 * @return string new password
869 */
870 protected function generatePassword($len) {
871 $pass = '';
872 while ($len--) {
873 $char = rand(0, 35);
874 if ($char < 10) {
875 $pass .= '' . $char;
876 } else {
877 $pass .= chr($char - 10 + 97);
878 }
879 }
880 return $pass;
881 }
882
883 /**
884 * Returns the header / message value from flexform if present, else from locallang.xml
885 *
886 * @param string label name
887 * @param string TS stdWrap array
888 * @return string label text
889 */
890 protected function getDisplayText($label, $stdWrapArray=array()) {
891 $text = $this->flexFormValue($label, 's_messages') ? $this->cObj->stdWrap($this->flexFormValue($label, 's_messages'), $stdWrapArray) : $this->cObj->stdWrap($this->pi_getLL('ll_'.$label, '', 1), $stdWrapArray);
892 $replace = $this->getUserFieldMarkers();
893 return strtr($text, $replace);
894 }
895
896 /**
897 * Returns Array of markers filled with user fields
898 *
899 * @return array marker array
900 */
901 protected function getUserFieldMarkers() {
902 $marker = array();
903 // replace markers with fe_user data
904 if ($GLOBALS['TSFE']->fe_user->user) {
905 // all fields of fe_user will be replaced, scheme is ###FEUSER_FIELDNAME###
906 foreach ($GLOBALS['TSFE']->fe_user->user as $field => $value) {
907 $marker['###FEUSER_' . t3lib_div::strtoupper($field) . '###'] = $this->cObj->stdWrap($value, $this->conf['userfields.'][$field . '.']);
908 }
909 // add ###USER### for compatibility
910 $marker['###USER###'] = $marker['###FEUSER_USERNAME###'];
911 }
912 return $marker;
913 }
914
915 /**
916 * Returns a valid and XSS cleaned url for redirect, checked against configuration "allowedRedirectHosts"
917 *
918 * @param string $url
919 * @return string cleaned referer or empty string if not valid
920 */
921 protected function validateRedirectUrl($url) {
922 $url = strval($url);
923 if ($url === '') {
924 return '';
925 }
926
927 $decodedUrl = rawurldecode($url);
928 $sanitizedUrl = t3lib_div::removeXSS($decodedUrl);
929
930 if ($decodedUrl !== $sanitizedUrl || preg_match('#["<>\\\]+#', $url)) {
931 t3lib_div::sysLog(sprintf($this->pi_getLL('xssAttackDetected'), $url), 'felogin', t3lib_div::SYSLOG_SEVERITY_WARNING);
932 return '';
933 }
934
935 // Validate the URL:
936 if ($this->isRelativeUrl($url) || $this->isInCurrentDomain($url) || $this->isInLocalDomain($url)) {
937 return $url;
938 }
939
940 // URL is not allowed
941 t3lib_div::sysLog(sprintf($this->pi_getLL('noValidRedirectUrl'), $url), 'felogin', t3lib_div::SYSLOG_SEVERITY_WARNING);
942 return '';
943 }
944
945 /**
946 * Determines whether the URL is on the current host
947 * and belongs to the current TYPO3 installation.
948 *
949 * @param string $url URL to be checked
950 * @return boolean Whether the URL belongs to the current TYPO3 installation
951 */
952 protected function isInCurrentDomain($url) {
953 return (t3lib_div::isOnCurrentHost($url) && t3lib_div::isFirstPartOfStr($url, t3lib_div::getIndpEnv('TYPO3_SITE_URL')));
954 }
955
956 /**
957 * Determines whether the URL matches a domain
958 * in the sys_domain databse table.
959 *
960 * @param string $url Absolute URL which needs to be checked
961 * @return boolean Whether the URL is considered to be local
962 */
963 protected function isInLocalDomain($url) {
964 $result = FALSE;
965
966 if (t3lib_div::isValidUrl($url)) {
967 $parsedUrl = parse_url($url);
968 if ($parsedUrl['scheme'] === 'http' || $parsedUrl['scheme'] === 'https' ) {
969 $host = $parsedUrl['host'];
970 // Removes the last path segment and slash sequences like /// (if given):
971 $path = preg_replace('#/+[^/]*$#', '', $parsedUrl['path']);
972
973 $localDomains = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows(
974 'domainName',
975 'sys_domain',
976 '1=1' . $this->cObj->enableFields('sys_domain')
977 );
978 if (is_array($localDomains)) {
979 foreach ($localDomains as $localDomain) {
980 // strip trailing slashes (if given)
981 $domainName = rtrim($localDomain['domainName'], '/');
982 if (t3lib_div::isFirstPartOfStr($host. $path . '/', $domainName . '/')) {
983 $result = TRUE;
984 break;
985 }
986 }
987 }
988 }
989 }
990 return $result;
991 }
992
993 /**
994 * Determines wether the URL is relative to the
995 * current TYPO3 installation.
996 *
997 * @param string $url URL which needs to be checked
998 * @return boolean Whether the URL is considered to be relative
999 */
1000 protected function isRelativeUrl($url) {
1001 $parsedUrl = @parse_url($url);
1002 if ($parsedUrl !== FALSE && !isset($parsedUrl['scheme']) && !isset($parsedUrl['host'])) {
1003 // If the relative URL starts with a slash, we need to check if it's within the current site path
1004 return (!t3lib_div::isFirstPartOfStr($parsedUrl['path'], '/') || t3lib_div::isFirstPartOfStr($parsedUrl['path'], t3lib_div::getIndpEnv('TYPO3_SITE_PATH')));
1005 }
1006 return FALSE;
1007 }
1008 }
1009 ?>