[TASK] Turn todos into @todo to find them easier
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / AjaxLoginHandler.php
1 <?php
2 namespace TYPO3\CMS\Backend;
3
4 /**
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 /**
18 * This is the ajax handler for backend login after timeout.
19 *
20 * @author Christoph Koehler <christoph@webempoweredchurch.org>
21 */
22 class AjaxLoginHandler {
23
24 /**
25 * Handles the actual login process, more specifically it defines the response.
26 * The login details were sent in as part of the ajax request and automatically logged in
27 * the user inside the init.php part of the ajax call. If that was successful, we have
28 * a BE user and reset the timer and hide the login window.
29 * If it was unsuccessful, we display that and show the login box again.
30 *
31 * @param array $parameters Parameters (not used)
32 * @param \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj The calling parent AJAX object
33 * @return void
34 */
35 public function login(array $parameters, \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj) {
36 if ($this->isAuthorizedBackendSession()) {
37 $json = array('success' => TRUE);
38 if ($this->hasLoginBeenProcessed()) {
39 $formProtection = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get();
40 $formProtection->setSessionTokenFromRegistry();
41 $formProtection->persistSessionToken();
42 }
43 } else {
44 $json = array('success' => FALSE);
45 }
46 $ajaxObj->addContent('login', $json);
47 $ajaxObj->setContentFormat('json');
48 }
49
50 /**
51 * Checks if a user is logged in and the session is active.
52 *
53 * @return bool
54 */
55 protected function isAuthorizedBackendSession() {
56 return isset($GLOBALS['BE_USER']) && $GLOBALS['BE_USER'] instanceof \TYPO3\CMS\Core\Authentication\BackendUserAuthentication && isset($GLOBALS['BE_USER']->user['uid']);
57 }
58
59 /**
60 * Check whether the user was already authorized or not
61 *
62 * @return bool
63 */
64 protected function hasLoginBeenProcessed() {
65 $loginFormData = $GLOBALS['BE_USER']->getLoginFormData();
66 return $loginFormData['status'] === 'login' && !empty($loginFormData['uname']) && !empty($loginFormData['uident']);
67 }
68
69 /**
70 * Logs out the current BE user
71 *
72 * @param array $parameters Parameters (not used)
73 * @param \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj The calling parent AJAX object
74 * @return void
75 */
76 public function logout(array $parameters, \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj) {
77 $GLOBALS['BE_USER']->logoff();
78 if (isset($GLOBALS['BE_USER']->user['uid'])) {
79 $ajaxObj->addContent('logout', array('success' => FALSE));
80 } else {
81 $ajaxObj->addContent('logout', array('success' => TRUE));
82 }
83 $ajaxObj->setContentFormat('json');
84 }
85
86 /**
87 * Refreshes the login without needing login information. We just refresh the session.
88 *
89 * @param array $parameters Parameters (not used)
90 * @param \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj The calling parent AJAX object
91 * @return void
92 */
93 public function refreshLogin(array $parameters, \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj) {
94 $GLOBALS['BE_USER']->checkAuthentication();
95 $ajaxObj->addContent('refresh', array('success' => TRUE));
96 $ajaxObj->setContentFormat('json');
97 }
98
99 /**
100 * Checks if the user session is expired yet
101 *
102 * @param array $parameters Parameters (not used)
103 * @param \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj The calling parent AJAX object
104 * @return void
105 */
106 public function isTimedOut(array $parameters, \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj) {
107 $ajaxObj->setContentFormat('json');
108 if (@is_file((PATH_typo3conf . 'LOCK_BACKEND'))) {
109 $ajaxObj->addContent('login', array('will_time_out' => FALSE, 'locked' => TRUE));
110 } elseif (!isset($GLOBALS['BE_USER']->user['uid'])) {
111 $ajaxObj->addContent('login', array('timed_out' => TRUE));
112 } else {
113 $GLOBALS['BE_USER']->fetchUserSession(TRUE);
114 $ses_tstamp = $GLOBALS['BE_USER']->user['ses_tstamp'];
115 $timeout = $GLOBALS['BE_USER']->auth_timeout_field;
116 // If 120 seconds from now is later than the session timeout, we need to show the refresh dialog.
117 // 120 is somewhat arbitrary to allow for a little room during the countdown and load times, etc.
118 if ($GLOBALS['EXEC_TIME'] >= $ses_tstamp + $timeout - 120) {
119 $ajaxObj->addContent('login', array('will_time_out' => TRUE));
120 } else {
121 $ajaxObj->addContent('login', array('will_time_out' => FALSE));
122 }
123 }
124 }
125
126 /**
127 * Gets a MD5 challenge.
128 *
129 * @param array $parameters Parameters (not used)
130 * @param \TYPO3\CMS\Core\Http\AjaxRequestHandler $parent The calling parent AJAX object
131 * @return void
132 */
133 public function getChallenge(array $parameters, \TYPO3\CMS\Core\Http\AjaxRequestHandler $parent) {
134 session_start();
135 $_SESSION['login_challenge'] = md5(uniqid('', TRUE) . getmypid());
136 session_commit();
137 $parent->addContent('challenge', $_SESSION['login_challenge']);
138 $parent->setContentFormat('json');
139 }
140
141 }