[!!!][TASK] Streamline felogin locallang keys
[Packages/TYPO3.CMS.git] / typo3 / sysext / felogin / Classes / Controller / FrontendLoginController.php
1 <?php
2 namespace TYPO3\CMS\Felogin\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Authentication\LoginType;
18 use TYPO3\CMS\Core\Context\Context;
19 use TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
20 use TYPO3\CMS\Core\Crypto\Random;
21 use TYPO3\CMS\Core\Database\Connection;
22 use TYPO3\CMS\Core\Database\ConnectionPool;
23 use TYPO3\CMS\Core\Database\Query\Restriction\FrontendRestrictionContainer;
24 use TYPO3\CMS\Core\Session\SessionManager;
25 use TYPO3\CMS\Core\Site\SiteFinder;
26 use TYPO3\CMS\Core\Utility\GeneralUtility;
27 use TYPO3\CMS\Core\Utility\HttpUtility;
28 use TYPO3\CMS\Felogin\Validation\RedirectUrlValidator;
29 use TYPO3\CMS\Frontend\Plugin\AbstractPlugin;
30
31 /**
32 * Plugin 'Website User Login' for the 'felogin' extension.
33 *
34 * @internal this is a concrete TYPO3 implementation and solely used for EXT:felogin and not part of TYPO3's Core API.
35 */
36 class FrontendLoginController extends AbstractPlugin
37 {
38 /**
39 * Same as class name
40 *
41 * @var string
42 */
43 public $prefixId = 'tx_felogin_pi1';
44
45 /**
46 * The extension key.
47 *
48 * @var string
49 */
50 public $extKey = 'felogin';
51
52 /**
53 * @var bool
54 */
55 public $pi_checkCHash = false;
56
57 /**
58 * @var bool
59 */
60 public $pi_USER_INT_obj = true;
61
62 /**
63 * Is user logged in?
64 *
65 * @var bool
66 */
67 protected $userIsLoggedIn;
68
69 /**
70 * Holds the template for FE rendering
71 *
72 * @var string
73 */
74 protected $template;
75
76 /**
77 * URL for the redirect
78 *
79 * @var string
80 */
81 protected $redirectUrl = '';
82
83 /**
84 * Flag for disable the redirect
85 *
86 * @var bool
87 */
88 protected $noRedirect = false;
89
90 /**
91 * Logintype (given as GPvar), possible: login, logout
92 *
93 * @var string
94 */
95 protected $logintype;
96
97 /**
98 * A list of page UIDs, either an integer or a comma-separated list of integers
99 *
100 * @var string
101 */
102 public $spid;
103
104 /**
105 * Referrer
106 *
107 * @var string
108 */
109 public $referer;
110
111 /**
112 * @var RedirectUrlValidator
113 */
114 protected $urlValidator;
115
116 /**
117 * The main method of the plugin
118 *
119 * @param string $content The PlugIn content
120 * @param array $conf The PlugIn configuration
121 * @return string The content that is displayed on the website
122 * @throws \RuntimeException when no storage PID was configured.
123 */
124 public function main($content, $conf)
125 {
126 $this->urlValidator = GeneralUtility::makeInstance(
127 RedirectUrlValidator::class,
128 GeneralUtility::makeInstance(SiteFinder::class),
129 (int)$this->frontendController->id
130 );
131
132 // Loading TypoScript array into object variable:
133 $this->conf = $conf;
134 // Loading default pivars
135 $this->pi_setPiVarDefaults();
136 // Loading language-labels
137 $this->pi_loadLL('EXT:felogin/Resources/Private/Language/locallang.xlf');
138 // Init FlexForm configuration for plugin:
139 $this->pi_initPIflexForm();
140 $this->mergeflexFormValuesIntoConf();
141 // Get storage PIDs:
142 if ($this->conf['storagePid']) {
143 if ((int)$this->conf['recursive']) {
144 $this->spid = $this->pi_getPidList($this->conf['storagePid'], (int)$this->conf['recursive']);
145 } else {
146 $this->spid = $this->conf['storagePid'];
147 }
148 } else {
149 throw new \RuntimeException('No storage folder (option storagePid) for frontend users given.', 1450904202);
150 }
151 // GPvars:
152 $this->logintype = GeneralUtility::_GP('logintype');
153
154 if ($this->urlValidator->isValid((string)GeneralUtility::_GP('referer'))) {
155 $this->referer = GeneralUtility::_GP('referer');
156 } else {
157 $this->referer = '';
158 }
159 $this->noRedirect = $this->piVars['noredirect'] || $this->conf['redirectDisable'];
160 // If config.typolinkLinkAccessRestrictedPages is set, the var is return_url
161 $this->redirectUrl = GeneralUtility::_GP('return_url') ?: (string)GeneralUtility::_GP('redirect_url');
162 $this->redirectUrl = $this->urlValidator->isValid($this->redirectUrl) ? $this->redirectUrl : '';
163 // Get Template
164 $templateFile = $this->conf['templateFile'] ?: 'EXT:felogin/Resources/Private/Templates/FrontendLogin.html';
165 $template = GeneralUtility::getFileAbsFileName($templateFile);
166 if ($template !== '' && file_exists($template)) {
167 $this->template = file_get_contents($template);
168 }
169 // Is user logged in?
170 $this->userIsLoggedIn = GeneralUtility::makeInstance(Context::class)->getPropertyFromAspect('frontend.user', 'isLoggedIn');
171 // Redirect
172 if ($this->conf['redirectMode'] && !$this->conf['redirectDisable'] && !$this->noRedirect) {
173 $redirectUrl = $this->processRedirect();
174 if (!empty($redirectUrl)) {
175 $this->redirectUrl = $this->conf['redirectFirstMethod'] ? array_shift($redirectUrl) : array_pop($redirectUrl);
176 } else {
177 $this->redirectUrl = '';
178 }
179 }
180 // What to display
181 $content = '';
182 if ($this->piVars['forgot'] && $this->conf['showForgotPasswordLink']) {
183 $content .= $this->showForgot();
184 } elseif ($this->piVars['forgothash']) {
185 $content .= $this->changePassword();
186 } else {
187 if ($this->userIsLoggedIn && !$this->logintype) {
188 $content .= $this->showLogout();
189 } else {
190 $content .= $this->showLogin();
191 }
192 }
193 // Process the redirect
194 if (($this->logintype === LoginType::LOGIN || $this->logintype === LoginType::LOGOUT) && $this->redirectUrl && !$this->noRedirect) {
195 if (!$this->frontendController->fe_user->isCookieSet() && $this->userIsLoggedIn) {
196 $content .= $this->cObj->stdWrap($this->pi_getLL('cookie_warning'), $this->conf['cookieWarning_stdWrap.']);
197 } else {
198 // Add hook for extra processing before redirect
199 $_params = [
200 'loginType' => $this->logintype,
201 'redirectUrl' => &$this->redirectUrl
202 ];
203 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'] ?? [] as $_funcRef) {
204 if ($_funcRef) {
205 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
206 }
207 }
208 \TYPO3\CMS\Core\Utility\HttpUtility::redirect($this->redirectUrl);
209 }
210 }
211 // Adds hook for processing of extra item markers / special
212 $_params = [
213 'content' => $content
214 ];
215 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'] ?? [] as $_funcRef) {
216 $content = GeneralUtility::callUserFunction($_funcRef, $_params, $this);
217 }
218 return $this->conf['wrapContentInBaseClass'] ? $this->pi_wrapInBaseClass($content) : $content;
219 }
220
221 /**
222 * Shows the forgot password form
223 *
224 * @return string Content
225 */
226 protected function showForgot()
227 {
228 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_FORGOT###');
229 $subpartArray = ($linkpartArray = []);
230 $postData = GeneralUtility::_POST($this->prefixId);
231 if ($postData['forgot_email']) {
232 // Get hashes for compare
233 $postedHash = $postData['forgot_hash'];
234 $hashData = $this->frontendController->fe_user->getKey('ses', 'forgot_hash');
235 if ($postedHash === $hashData['forgot_hash']) {
236 $userTable = $this->frontendController->fe_user->user_table;
237 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
238 $queryBuilder->setRestrictions(GeneralUtility::makeInstance(FrontendRestrictionContainer::class));
239 $row = $queryBuilder
240 ->select('*')
241 ->from($userTable)
242 ->where(
243 $queryBuilder->expr()->orX(
244 $queryBuilder->expr()->eq(
245 'email',
246 $queryBuilder->createNamedParameter($this->piVars['forgot_email'], \PDO::PARAM_STR)
247 ),
248 $queryBuilder->expr()->eq(
249 'username',
250 $queryBuilder->createNamedParameter($this->piVars['forgot_email'], \PDO::PARAM_STR)
251 )
252 ),
253 $queryBuilder->expr()->in(
254 'pid',
255 $queryBuilder->createNamedParameter(
256 GeneralUtility::intExplode(',', $this->spid),
257 Connection::PARAM_INT_ARRAY
258 )
259 )
260 )
261 ->execute()
262 ->fetch();
263
264 $error = null;
265 if ($row) {
266 // Generate an email with the hashed link
267 $error = $this->generateAndSendHash($row);
268 } elseif ($this->conf['exposeNonexistentUserInForgotPasswordDialog']) {
269 $error = $this->pi_getLL('forgot_reset_message_error');
270 }
271 // Generate message
272 if ($error) {
273 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($error, $this->conf['forgotErrorMessage_stdWrap.']);
274 } else {
275 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap(
276 $this->pi_getLL('forgot_reset_message_emailSent'),
277 $this->conf['forgotResetMessageEmailSentMessage_stdWrap.']
278 );
279 }
280 $subpartArray['###FORGOT_FORM###'] = '';
281 } else {
282 // Wrong email
283 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
284 $markerArray['###BACKLINK_LOGIN###'] = '';
285 }
286 } else {
287 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
288 $markerArray['###BACKLINK_LOGIN###'] = '';
289 }
290 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(htmlspecialchars($this->pi_getLL('forgot_header_backToLogin')), []);
291 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('forgot_header', $this->conf['forgotHeader_stdWrap.']);
292 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('legend', $this->pi_getLL('reset_password')));
293 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [$this->prefixId . '[forgot]' => 1], true);
294 $markerArray['###EMAIL_LABEL###'] = htmlspecialchars($this->pi_getLL('your_email'));
295 $markerArray['###FORGOT_PASSWORD_ENTEREMAIL###'] = htmlspecialchars($this->pi_getLL('forgot_password_enterEmail'));
296 $markerArray['###FORGOT_EMAIL###'] = $this->prefixId . '[forgot_email]';
297 $markerArray['###SEND_PASSWORD###'] = htmlspecialchars($this->pi_getLL('reset_password'));
298 $markerArray['###DATA_LABEL###'] = htmlspecialchars($this->pi_getLL('enter_your_data'));
299 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
300 // Generate hash
301 $hash = md5($this->generatePassword(3));
302 $markerArray['###FORGOTHASH###'] = $hash;
303 // Set hash in feuser session
304 $this->frontendController->fe_user->setKey('ses', 'forgot_hash', ['forgot_hash' => $hash]);
305 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
306 }
307
308 /**
309 * This function checks the hash from link and checks the validity. If it's valid it shows the form for
310 * changing the password and process the change of password after submit, if not valid it returns the error message
311 *
312 * @return string The content.
313 */
314 protected function changePassword()
315 {
316 $subpartArray = ($linkpartArray = []);
317 $done = false;
318 $minLength = (int)$this->conf['newPasswordMinLength'] ?: 6;
319 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_CHANGEPASSWORD###');
320 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('change_password_header', $this->conf['changePasswordHeader_stdWrap.']);
321 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
322 'change_password_message',
323 $this->conf['changePasswordMessage_stdWrap.']
324 ), $minLength);
325
326 $markerArray['###BACKLINK_LOGIN###'] = '';
327 $uid = $this->piVars['user'];
328 $piHash = $this->piVars['forgothash'];
329 $hash = explode('|', rawurldecode($piHash));
330 if ((int)$uid === 0) {
331 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
332 'change_password_notvalid_message',
333 $this->conf['changePasswordNotValidMessage_stdWrap.']
334 );
335 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
336 } else {
337 $user = $this->pi_getRecord('fe_users', (int)$uid);
338 $userHash = $user['felogin_forgotHash'];
339 $compareHash = explode('|', $userHash);
340 if (!$compareHash || !$compareHash[1] || $compareHash[0] < time() || $hash[0] != $compareHash[0] || md5($hash[1]) != $compareHash[1]) {
341 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
342 'change_password_notvalid_message',
343 $this->conf['changePasswordNotValidMessage_stdWrap.']
344 );
345 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
346 } else {
347 // All is fine, continue with new password
348 $postData = GeneralUtility::_POST($this->prefixId);
349 if (isset($postData['changepasswordsubmit'])) {
350 if (strlen($postData['password1']) < $minLength) {
351 $markerArray['###STATUS_MESSAGE###'] = sprintf(
352 $this->getDisplayText(
353 'change_password_tooshort_message',
354 $this->conf['changePasswordTooShortMessage_stdWrap.']
355 ),
356 $minLength
357 );
358 } elseif ($postData['password1'] != $postData['password2']) {
359 $markerArray['###STATUS_MESSAGE###'] = sprintf(
360 $this->getDisplayText(
361 'change_password_notequal_message',
362 $this->conf['changePasswordNotEqualMessage_stdWrap.']
363 ),
364 $minLength
365 );
366 } else {
367 // Hash password using configured salted passwords hash mechanism for FE
368 $hashInstance = GeneralUtility::makeInstance(PasswordHashFactory::class)->getDefaultHashInstance('FE');
369 $newPass = $hashInstance->getHashedPassword($postData['password1']);
370
371 // Call a hook for further password processing
372 $hookPasswordValid = true;
373 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
374 $_params = [
375 'user' => $user,
376 'newPassword' => $newPass,
377 'newPasswordUnencrypted' => $postData['password1'],
378 'passwordValid' => true,
379 'passwordInvalidMessage' => '',
380 ];
381 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
382 if ($_funcRef) {
383 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
384 }
385 }
386 $newPass = $_params['newPassword'];
387 $hookPasswordValid = $_params['passwordValid'];
388
389 if (!$hookPasswordValid) {
390 $markerArray['###STATUS_MESSAGE###'] = $_params['passwordInvalidMessage'];
391 }
392 }
393
394 // Change Password only if Hook returns valid
395 if ($hookPasswordValid) {
396 // Save new password and clear DB-hash
397 $userTable = $this->frontendController->fe_user->user_table;
398 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
399 $queryBuilder->getRestrictions()->removeAll();
400 $queryBuilder->update($userTable)
401 ->set('password', $newPass)
402 ->set('felogin_forgotHash', '')
403 ->set('tstamp', (int)$GLOBALS['EXEC_TIME'])
404 ->where(
405 $queryBuilder->expr()->eq(
406 'uid',
407 $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT)
408 )
409 )
410 ->execute();
411 $this->invalidateUserSessions((int)$user['uid']);
412
413 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
414 'change_password_done_message',
415 $this->conf['changePasswordDoneMessage_stdWrap.']
416 );
417 $done = true;
418 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
419 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(
420 htmlspecialchars($this->pi_getLL('forgot_header_backToLogin')),
421 [$this->prefixId . '[redirectReferrer]' => 'off']
422 );
423 }
424 }
425 }
426 if (!$done) {
427 // Change password form
428 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [
429 $this->prefixId . '[user]' => $user['uid'],
430 $this->prefixId . '[forgothash]' => $piHash
431 ], true);
432 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('change_password'));
433 $markerArray['###NEWPASSWORD1_LABEL###'] = htmlspecialchars($this->pi_getLL('newpassword_label1'));
434 $markerArray['###NEWPASSWORD2_LABEL###'] = htmlspecialchars($this->pi_getLL('newpassword_label2'));
435 $markerArray['###NEWPASSWORD1###'] = $this->prefixId . '[password1]';
436 $markerArray['###NEWPASSWORD2###'] = $this->prefixId . '[password2]';
437 $markerArray['###STORAGE_PID###'] = $this->spid;
438 $markerArray['###SEND_PASSWORD###'] = htmlspecialchars($this->pi_getLL('change_password'));
439 $markerArray['###FORGOTHASH###'] = $piHash;
440 }
441 }
442 }
443 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
444 }
445
446 /**
447 * Generates a hashed link and send it with email
448 *
449 * @param array $user Contains user data
450 * @return string Empty string with success, error message with no success
451 */
452 protected function generateAndSendHash($user)
453 {
454 $hours = (int)$this->conf['forgotLinkHashValidTime'] > 0 ? (int)$this->conf['forgotLinkHashValidTime'] : 24;
455 $validEnd = time() + 3600 * $hours;
456 $validEndString = date($this->conf['dateFormat'], $validEnd);
457 $hash = md5(GeneralUtility::makeInstance(Random::class)->generateRandomBytes(64));
458 $randHash = $validEnd . '|' . $hash;
459 $randHashDB = $validEnd . '|' . md5($hash);
460
461 // Write hash to DB
462 $userTable = $this->frontendController->fe_user->user_table;
463 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
464 $queryBuilder->getRestrictions()->removeAll();
465 $queryBuilder->update($userTable)
466 ->set('felogin_forgotHash', $randHashDB)
467 ->where(
468 $queryBuilder->expr()->eq(
469 'uid',
470 $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT)
471 )
472 )
473 ->execute();
474
475 // Send hashlink to user
476 $this->conf['linkPrefix'] = -1;
477 $isAbsRefPrefix = !empty($this->frontendController->absRefPrefix);
478 $isBaseURL = !empty($this->frontendController->baseUrl);
479 $isFeloginBaseURL = !empty($this->conf['feloginBaseURL']);
480 $link = $this->pi_getPageLink($this->frontendController->id, '', [
481 $this->prefixId . '[user]' => $user['uid'],
482 $this->prefixId . '[forgothash]' => $randHash
483 ]);
484 // Prefix link if necessary
485 if ($isFeloginBaseURL) {
486 // First priority, use specific base URL
487 // "absRefPrefix" must be removed first, otherwise URL will be prepended twice
488 if ($isAbsRefPrefix) {
489 $link = substr($link, strlen($this->frontendController->absRefPrefix));
490 }
491 $link = $this->conf['feloginBaseURL'] . $link;
492 } elseif ($isAbsRefPrefix) {
493 // Second priority
494 // absRefPrefix must not necessarily contain a hostname and URL scheme, so add it if needed
495 $link = GeneralUtility::locationHeaderUrl($link);
496 } elseif ($isBaseURL) {
497 // Third priority
498 // Add the global base URL to the link
499 $link = $this->frontendController->baseUrlWrap($link);
500 } else {
501 // No prefix is set, return the error
502 return $this->pi_getLL('change_password_nolinkprefix_message');
503 }
504 $msg = sprintf($this->pi_getLL('forgot_validate_reset_password'), $user['username'], $link, $validEndString);
505 // Add hook for extra processing of mail message
506 $params = [
507 'message' => &$msg,
508 'user' => &$user
509 ];
510 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'] ?? [] as $reference) {
511 if ($reference) {
512 GeneralUtility::callUserFunction($reference, $params, $this);
513 }
514 }
515 if ($user['email']) {
516 $this->cObj->sendNotifyEmail($msg, $user['email'], '', $this->conf['email_from'], $this->conf['email_fromName'], $this->conf['replyTo']);
517 }
518
519 return '';
520 }
521
522 /**
523 * Shows logout form
524 *
525 * @return string The content.
526 */
527 protected function showLogout()
528 {
529 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_LOGOUT###');
530 $subpartArray = ($linkpartArray = []);
531 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('status_header', $this->conf['logoutHeader_stdWrap.']);
532 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('status_message', $this->conf['logoutMessage_stdWrap.']);
533 $this->cObj->stdWrap($this->flexFormValue('message', 's_status'), $this->conf['logoutMessage_stdWrap.']);
534 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('logout'));
535 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [], true);
536 $markerArray['###LOGOUT_LABEL###'] = htmlspecialchars($this->pi_getLL('logout'));
537 $markerArray['###NAME###'] = htmlspecialchars($this->frontendController->fe_user->user['name']);
538 $markerArray['###STORAGE_PID###'] = $this->spid;
539 $markerArray['###USERNAME###'] = htmlspecialchars($this->frontendController->fe_user->user['username']);
540 $markerArray['###USERNAME_LABEL###'] = htmlspecialchars($this->pi_getLL('username'));
541 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
542 $markerArray['###PREFIXID###'] = $this->prefixId;
543 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
544 if ($this->redirectUrl) {
545 // Use redirectUrl for action tag because of possible access restricted pages
546 $markerArray['###ACTION_URI###'] = htmlspecialchars($this->redirectUrl);
547 $this->redirectUrl = '';
548 }
549 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
550 }
551
552 /**
553 * Shows login form
554 *
555 * @return string Content
556 */
557 protected function showLogin()
558 {
559 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_LOGIN###');
560 $subpartArray = ($linkpartArray = ($markerArray = []));
561 $gpRedirectUrl = '';
562 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('oLabel_header_welcome'));
563 if ($this->logintype === LoginType::LOGIN) {
564 if ($this->userIsLoggedIn) {
565 // login success
566 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('success_header', $this->conf['successHeader_stdWrap.']);
567 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('success_message', $this->conf['successMessage_stdWrap.']);
568 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
569 $subpartArray['###LOGIN_FORM###'] = '';
570 // Hook for general actions after after login has been confirmed (by Thomas Danzl <thomas@danzl.org>)
571 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed'] ?? [] as $_funcRef) {
572 $_params = [];
573 if ($_funcRef) {
574 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
575 }
576 }
577 // show logout form directly
578 if ($this->conf['showLogoutFormAfterLogin']) {
579 $this->redirectUrl = '';
580 return $this->showLogout();
581 }
582 } else {
583 // Hook for general actions on login error
584 $params = [];
585 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'] ?? [] as $funcRef) {
586 if ($funcRef) {
587 GeneralUtility::callUserFunction($funcRef, $params, $this);
588 }
589 }
590 // login error
591 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('error_header', $this->conf['errorHeader_stdWrap.']);
592 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('error_message', $this->conf['errorMessage_stdWrap.']);
593 $gpRedirectUrl = GeneralUtility::_GP('redirect_url');
594 }
595 } else {
596 if ($this->logintype === LoginType::LOGOUT) {
597 // login form after logout
598 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('logout_header', $this->conf['logoutHeader_stdWrap.']);
599 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('logout_message', $this->conf['logoutMessage_stdWrap.']);
600 } else {
601 // login form
602 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('welcome_header', $this->conf['welcomeHeader_stdWrap.']);
603 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('welcome_message', $this->conf['welcomeMessage_stdWrap.']);
604 }
605 }
606
607 // This hook allows to call User JS functions.
608 // The methods should also set the required JS functions to get included
609 $onSubmit = '';
610 $extraHidden = '';
611 $onSubmitAr = [];
612 $extraHiddenAr = [];
613 // Check for referer redirect method. if present, save referer in form field
614 if (GeneralUtility::inList($this->conf['redirectMode'], 'referer') || GeneralUtility::inList($this->conf['redirectMode'], 'refererDomains')) {
615 $referer = $this->referer ? $this->referer : GeneralUtility::getIndpEnv('HTTP_REFERER');
616 if ($referer) {
617 $extraHiddenAr[] = '<input type="hidden" name="referer" value="' . htmlspecialchars($referer) . '" />';
618 if ($this->piVars['redirectReferrer'] === 'off') {
619 $extraHiddenAr[] = '<input type="hidden" name="' . $this->prefixId . '[redirectReferrer]" value="off" />';
620 }
621 }
622 }
623 $_params = [];
624 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] ?? [] as $funcRef) {
625 list($onSub, $hid) = GeneralUtility::callUserFunction($funcRef, $_params, $this);
626 $onSubmitAr[] = $onSub;
627 $extraHiddenAr[] = $hid;
628 }
629 if (!empty($onSubmitAr)) {
630 $onSubmit = implode('; ', $onSubmitAr) . '; return true;';
631 }
632 if (!empty($extraHiddenAr)) {
633 $extraHidden = implode(LF, $extraHiddenAr);
634 }
635 if (!$gpRedirectUrl && $this->redirectUrl) {
636 $gpRedirectUrl = $this->redirectUrl;
637 }
638 // Login form
639 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [], true);
640 // Used by kb_md5fepw extension...
641 $markerArray['###EXTRA_HIDDEN###'] = $extraHidden;
642 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('login'));
643 $markerArray['###LOGIN_LABEL###'] = htmlspecialchars($this->pi_getLL('login'));
644 // Used by kb_md5fepw extension...
645 $markerArray['###ON_SUBMIT###'] = $onSubmit;
646 $markerArray['###PASSWORD_LABEL###'] = htmlspecialchars($this->pi_getLL('password'));
647 $markerArray['###STORAGE_PID###'] = $this->spid;
648 $markerArray['###USERNAME_LABEL###'] = htmlspecialchars($this->pi_getLL('username'));
649 $markerArray['###REDIRECT_URL###'] = htmlspecialchars($gpRedirectUrl);
650 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
651 $markerArray['###PREFIXID###'] = $this->prefixId;
652 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
653 if ($this->conf['showForgotPasswordLink']) {
654 $linkpartArray['###FORGOT_PASSWORD_LINK###'] = explode('|', $this->getPageLink('|', [$this->prefixId . '[forgot]' => 1]));
655 $markerArray['###FORGOT_PASSWORD###'] = htmlspecialchars($this->pi_getLL('forgot_header'));
656 } else {
657 $subpartArray['###FORGOTP_VALID###'] = '';
658 }
659 // The permanent login checkbox should only be shown if permalogin is not deactivated (-1),
660 // not forced to be always active (2) and lifetime is greater than 0
661 $permalogin = (int)$GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'];
662 if (
663 $this->conf['showPermaLogin']
664 && ($permalogin === 0 || $permalogin === 1)
665 && $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'] > 0
666 ) {
667 $markerArray['###PERMALOGIN###'] = htmlspecialchars($this->pi_getLL('permalogin'));
668 if ($permalogin === 1) {
669 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = 'disabled="disabled"';
670 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = 'checked="checked"';
671 } else {
672 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = '';
673 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = '';
674 }
675 } else {
676 $subpartArray['###PERMALOGIN_VALID###'] = '';
677 }
678 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
679 }
680
681 /**
682 * Process redirect methods. The function searches for a redirect url using all configured methods.
683 *
684 * @return array Redirect URLs
685 */
686 protected function processRedirect()
687 {
688 $redirect_url = [];
689 if ($this->conf['redirectMode']) {
690 $redirectMethods = GeneralUtility::trimExplode(',', $this->conf['redirectMode'], true);
691 foreach ($redirectMethods as $redirMethod) {
692 if ($this->userIsLoggedIn && $this->logintype === LoginType::LOGIN) {
693 // Logintype is needed because the login-page wouldn't be accessible anymore after a login (would always redirect)
694 switch ($redirMethod) {
695 case 'groupLogin':
696 // taken from dkd_redirect_at_login written by Ingmar Schlecht; database-field changed
697 $groupData = $this->frontendController->fe_user->groupData;
698 if (!empty($groupData['uid'])) {
699
700 // take the first group with a redirect page
701 $userGroupTable = $this->frontendController->fe_user->usergroup_table;
702 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userGroupTable);
703 $queryBuilder->getRestrictions()->removeAll();
704 $row = $queryBuilder
705 ->select('felogin_redirectPid')
706 ->from($userGroupTable)
707 ->where(
708 $queryBuilder->expr()->neq(
709 'felogin_redirectPid',
710 $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)
711 ),
712 $queryBuilder->expr()->in(
713 'uid',
714 $queryBuilder->createNamedParameter(
715 $groupData['uid'],
716 Connection::PARAM_INT_ARRAY
717 )
718 )
719 )
720 ->execute()
721 ->fetch();
722
723 if ($row) {
724 $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
725 }
726 }
727 break;
728 case 'userLogin':
729
730 $userTable = $this->frontendController->fe_user->user_table;
731 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
732 $queryBuilder->getRestrictions()->removeAll();
733 $row = $queryBuilder
734 ->select('felogin_redirectPid')
735 ->from($userTable)
736 ->where(
737 $queryBuilder->expr()->neq(
738 'felogin_redirectPid',
739 $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)
740 ),
741 $queryBuilder->expr()->eq(
742 $this->frontendController->fe_user->userid_column,
743 $queryBuilder->createNamedParameter(
744 $this->frontendController->fe_user->user['uid'],
745 \PDO::PARAM_INT
746 )
747 )
748 )
749 ->execute()
750 ->fetch();
751
752 if ($row) {
753 $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
754 }
755
756 break;
757 case 'login':
758 if ($this->conf['redirectPageLogin']) {
759 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogin']);
760 }
761 break;
762 case 'getpost':
763 $redirect_url[] = $this->redirectUrl;
764 break;
765 case 'referer':
766 // Avoid redirect when logging in after changing password
767 if ($this->piVars['redirectReferrer'] !== 'off') {
768 // Avoid forced logout, when trying to login immediately after a logout
769 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $this->referer);
770 }
771 break;
772 case 'refererDomains':
773 // Auto redirect.
774 // Feature to redirect to the page where the user came from (HTTP_REFERER).
775 // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
776 // Thanks to plan2.net / Martin Kutschker for implementing this feature.
777 // also avoid redirect when logging in after changing password
778 if (isset($this->conf['domains']) && $this->conf['domains']
779 && (!isset($this->piVars['redirectReferrer']) || $this->piVars['redirectReferrer'] !== 'off')
780 ) {
781 $url = $this->referer;
782 // Is referring url allowed to redirect?
783 $match = [];
784 if (preg_match('#^http://([[:alnum:]._-]+)/#', $url, $match)) {
785 $redirect_domain = $match[1];
786 $found = false;
787 foreach (GeneralUtility::trimExplode(',', $this->conf['domains'], true) as $d) {
788 if (preg_match('/(?:^|\\.)' . $d . '$/', $redirect_domain)) {
789 $found = true;
790 break;
791 }
792 }
793 if (!$found) {
794 $url = '';
795 }
796 }
797 // Avoid forced logout, when trying to login immediately after a logout
798 if ($url) {
799 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url);
800 }
801 }
802 break;
803 }
804 } elseif ($this->logintype === LoginType::LOGIN) {
805 // after login-error
806 switch ($redirMethod) {
807 case 'loginError':
808 if ($this->conf['redirectPageLoginError']) {
809 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLoginError']);
810 }
811 break;
812 }
813 } elseif ($this->logintype == '' && $redirMethod === 'login' && $this->conf['redirectPageLogin']) {
814 // If login and page not accessible
815 $this->cObj->typoLink('', [
816 'parameter' => $this->conf['redirectPageLogin'],
817 'linkAccessRestrictedPages' => true
818 ]);
819 $redirect_url[] = $this->cObj->lastTypoLinkUrl;
820 } elseif ($this->logintype == '' && $redirMethod === 'logout' && $this->conf['redirectPageLogout'] && $this->userIsLoggedIn) {
821 // If logout and page not accessible
822 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
823 } elseif ($this->logintype === LoginType::LOGOUT) {
824 // after logout
825 // Hook for general actions after after logout has been confirmed
826 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed'] ?? [] as $_funcRef) {
827 $_params = [];
828 if ($_funcRef) {
829 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
830 }
831 }
832 switch ($redirMethod) {
833 case 'logout':
834 if ($this->conf['redirectPageLogout']) {
835 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
836 }
837 break;
838 }
839 } else {
840 // not logged in
841 // Placeholder for maybe future options
842 switch ($redirMethod) {
843 case 'getpost':
844 // Preserve the get/post value
845 $redirect_url[] = $this->redirectUrl;
846 break;
847 }
848 }
849 }
850 }
851 // Remove empty values, but keep "0" as value (that's why "strlen" is used as second parameter)
852 if (!empty($redirect_url)) {
853 return array_filter($redirect_url, 'strlen');
854 }
855 return [];
856 }
857
858 /**
859 * Reads flexform configuration and merge it with $this->conf
860 */
861 protected function mergeflexFormValuesIntoConf()
862 {
863 $flex = [];
864 if ($this->flexFormValue('showForgotPassword', 'sDEF')) {
865 $flex['showForgotPasswordLink'] = $this->flexFormValue('showForgotPassword', 'sDEF');
866 }
867 if ($this->flexFormValue('showPermaLogin', 'sDEF')) {
868 $flex['showPermaLogin'] = $this->flexFormValue('showPermaLogin', 'sDEF');
869 }
870 if ($this->flexFormValue('showLogoutFormAfterLogin', 'sDEF')) {
871 $flex['showLogoutFormAfterLogin'] = $this->flexFormValue('showLogoutFormAfterLogin', 'sDEF');
872 }
873 if ($this->flexFormValue('pages', 'sDEF')) {
874 $flex['pages'] = $this->flexFormValue('pages', 'sDEF');
875 }
876 if ($this->flexFormValue('recursive', 'sDEF')) {
877 $flex['recursive'] = $this->flexFormValue('recursive', 'sDEF');
878 }
879 if ($this->flexFormValue('redirectMode', 's_redirect')) {
880 $flex['redirectMode'] = $this->flexFormValue('redirectMode', 's_redirect');
881 }
882 if ($this->flexFormValue('redirectFirstMethod', 's_redirect')) {
883 $flex['redirectFirstMethod'] = $this->flexFormValue('redirectFirstMethod', 's_redirect');
884 }
885 if ($this->flexFormValue('redirectDisable', 's_redirect')) {
886 $flex['redirectDisable'] = $this->flexFormValue('redirectDisable', 's_redirect');
887 }
888 if ($this->flexFormValue('redirectPageLogin', 's_redirect')) {
889 $flex['redirectPageLogin'] = $this->flexFormValue('redirectPageLogin', 's_redirect');
890 }
891 if ($this->flexFormValue('redirectPageLoginError', 's_redirect')) {
892 $flex['redirectPageLoginError'] = $this->flexFormValue('redirectPageLoginError', 's_redirect');
893 }
894 if ($this->flexFormValue('redirectPageLogout', 's_redirect')) {
895 $flex['redirectPageLogout'] = $this->flexFormValue('redirectPageLogout', 's_redirect');
896 }
897 $pid = $flex['pages'] ? $this->pi_getPidList($flex['pages'], $flex['recursive']) : 0;
898 if ($pid > 0) {
899 $flex['storagePid'] = $pid;
900 }
901 $this->conf = array_merge($this->conf, $flex);
902 }
903
904 /**
905 * Loads a variable from the flexform
906 *
907 * @param string $var Name of variable
908 * @param string $sheet Name of sheet
909 * @return string Value of var
910 */
911 protected function flexFormValue($var, $sheet)
912 {
913 return $this->pi_getFFvalue($this->cObj->data['pi_flexform'], 'settings.' . $var, $sheet);
914 }
915
916 /**
917 * Generate link with typolink function
918 *
919 * @param string $label Linktext
920 * @param array $piVars Link vars
921 * @param bool $returnUrl TRUE: returns only url FALSE (default) returns the link)
922 * @return string Link or url
923 */
924 protected function getPageLink($label, $piVars, $returnUrl = false)
925 {
926 $additionalParams = is_array($piVars) && !empty($piVars) ? $piVars : [];
927 // Should GETvars be preserved?
928 if ($this->conf['preserveGETvars']) {
929 $additionalParams = array_merge_recursive($additionalParams, $this->getPreserveGetVars());
930 }
931 $this->conf['linkConfig.']['parameter'] = $this->frontendController->id;
932 if (!empty($additionalParams)) {
933 $this->conf['linkConfig.']['additionalParams'] = HttpUtility::buildQueryString($additionalParams, '&');
934 }
935 if ($returnUrl) {
936 return htmlspecialchars($this->cObj->typoLink_URL($this->conf['linkConfig.']));
937 }
938 return $this->cObj->typoLink($label, $this->conf['linkConfig.']);
939 }
940
941 /**
942 * Add additional parameters for links according to TS setting preserveGETvars.
943 * Possible values are "all" or a comma separated list of allowed GET-vars.
944 * Supports multi-dimensional GET-vars.
945 * Some hardcoded values are dropped.
946 *
947 * @return array additionalParams-array
948 */
949 protected function getPreserveGetVars()
950 {
951 $getVars = GeneralUtility::_GET();
952 unset(
953 $getVars['id'],
954 $getVars['no_cache'],
955 $getVars['logintype'],
956 $getVars['redirect_url'],
957 $getVars['cHash'],
958 $getVars[$this->prefixId]
959 );
960 if ($this->conf['preserveGETvars'] === 'all') {
961 $preserveQueryParts = $getVars;
962 } else {
963 $preserveQueryStringProperties = GeneralUtility::trimExplode(',', $this->conf['preserveGETvars']);
964 $preserveQueryParts = [];
965 parse_str(implode('=1&', $preserveQueryStringProperties) . '=1', $preserveQueryParts);
966 $preserveQueryParts = \TYPO3\CMS\Core\Utility\ArrayUtility::intersectRecursive($getVars, $preserveQueryParts);
967 }
968 return $preserveQueryParts;
969 }
970
971 /**
972 * Is used by forgot password - function with md5 option.
973 * @param int $len Length of new password
974 * @return string New password
975 */
976 protected function generatePassword($len)
977 {
978 $pass = '';
979 while ($len--) {
980 $char = rand(0, 35);
981 if ($char < 10) {
982 $pass .= '' . $char;
983 } else {
984 $pass .= chr($char - 10 + 97);
985 }
986 }
987 return $pass;
988 }
989
990 /**
991 * Returns the header / message value from flexform if present, else from locallang.xlf
992 *
993 * @param string $label label name
994 * @param array $stdWrapArray TS stdWrap array
995 * @return string label text
996 */
997 protected function getDisplayText($label, $stdWrapArray = [])
998 {
999 $text = $this->flexFormValue($label, 's_messages') ? $this->cObj->stdWrap($this->flexFormValue($label, 's_messages'), $stdWrapArray) : $this->cObj->stdWrap($this->pi_getLL($label), $stdWrapArray);
1000 $replace = $this->getUserFieldMarkers();
1001 return strtr($text, $replace);
1002 }
1003
1004 /**
1005 * Returns Array of markers filled with user fields
1006 *
1007 * @return array Marker array
1008 */
1009 protected function getUserFieldMarkers()
1010 {
1011 $marker = [];
1012 // replace markers with fe_user data
1013 if ($this->frontendController->fe_user->user) {
1014 // All fields of fe_user will be replaced, scheme is ###FEUSER_FIELDNAME###
1015 foreach ($this->frontendController->fe_user->user as $field => $value) {
1016 $conf = $this->conf['userfields.'][$field . '.'] ?? [];
1017 $conf = array_replace_recursive(['htmlSpecialChars' => '1'], $conf);
1018 $marker['###FEUSER_' . strtoupper($field) . '###'] = $this->cObj->stdWrap($value, $conf);
1019 }
1020 // Add ###USER### for compatibility
1021 $marker['###USER###'] = $marker['###FEUSER_USERNAME###'];
1022 }
1023 return $marker;
1024 }
1025
1026 /**
1027 * Invalidate all frontend user sessions by given user id
1028 *
1029 * @param int $userId the user UID
1030 */
1031 protected function invalidateUserSessions(int $userId)
1032 {
1033 $sessionManager = GeneralUtility::makeInstance(SessionManager::class);
1034 $sessionBackend = $sessionManager->getSessionBackend('FE');
1035 $sessionManager->invalidateAllSessionsByUserId($sessionBackend, $userId, $this->frontendController->fe_user);
1036 }
1037 }