[BUGFIX] Enable add markers in LoginController signal
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Controller / LoginController.php
1 <?php
2 namespace TYPO3\CMS\Backend\Controller;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 1999-2013 Kasper Skårhøj (kasperYYYY@typo3.com)
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 * A copy is found in the textfile GPL.txt and important notices to the license
19 * from the author is found in LICENSE.txt distributed with these scripts.
20 *
21 *
22 * This script is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
26 *
27 * This copyright notice MUST APPEAR in all copies of the script!
28 ***************************************************************/
29
30 use TYPO3\CMS\Backend\Utility\BackendUtility;
31 use TYPO3\CMS\Backend\Utility\IconUtility;
32 use TYPO3\CMS\Core\Html\HtmlParser;
33 use TYPO3\CMS\Core\Messaging\FlashMessage;
34 use TYPO3\CMS\Core\Utility\GeneralUtility;
35 use TYPO3\CMS\Core\Utility\HttpUtility;
36
37 /**
38 * Script Class for rendering the login form
39 *
40 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
41 */
42 class LoginController {
43
44 const SIGNAL_RenderLoginForm = 'renderLoginForm';
45
46 // Internal, GPvars:
47 // GPvar: redirect_url; The URL to redirect to after login.
48 /**
49 * @todo Define visibility
50 */
51 public $redirect_url;
52
53 // GPvar: Defines which interface to load (from interface selector)
54 /**
55 * @todo Define visibility
56 */
57 public $GPinterface;
58
59 // GPvar: preset username
60 /**
61 * @todo Define visibility
62 */
63 public $u;
64
65 // GPvar: preset password
66 /**
67 * @todo Define visibility
68 */
69 public $p;
70
71 // GPvar: If "L" is "OUT", then any logged in used is logged out. If redirect_url is given, we redirect to it
72 /**
73 * @todo Define visibility
74 */
75 public $L;
76
77 // Login-refresh boolean; The backend will call this script with this value set when the login is close to being expired and the form needs to be redrawn.
78 /**
79 * @todo Define visibility
80 */
81 public $loginRefresh;
82
83 // Value of forms submit button for login.
84 /**
85 * @todo Define visibility
86 */
87 public $commandLI;
88
89 // Internal, static:
90 // Set to the redirect URL of the form (may be redirect_url or "backend.php")
91 /**
92 * @todo Define visibility
93 */
94 public $redirectToURL;
95
96 // Internal, dynamic:
97 // Content accumulation
98 /**
99 * @todo Define visibility
100 */
101 public $content;
102
103 // A selector box for selecting value for "interface" may be rendered into this variable
104 /**
105 * @todo Define visibility
106 */
107 public $interfaceSelector;
108
109 // A selector box for selecting value for "interface" may be rendered into this variable
110 // this will have an onchange action which will redirect the user to the selected interface right away
111 /**
112 * @todo Define visibility
113 */
114 public $interfaceSelector_jump;
115
116 // A hidden field, if the interface is not set.
117 /**
118 * @todo Define visibility
119 */
120 public $interfaceSelector_hidden;
121
122 // Additional hidden fields to be placed at the login form
123 /**
124 * @todo Define visibility
125 */
126 public $addFields_hidden = '';
127
128 // sets the level of security. *'normal' = clear-text. 'challenged' = hashed
129 // password/username from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username.
130 /**
131 * @todo Define visibility
132 */
133 public $loginSecurityLevel = 'superchallenged';
134
135 /**
136 * @var \TYPO3\CMS\Extbase\SignalSlot\Dispatcher
137 */
138 protected $signalSlotDispatcher;
139
140 /**
141 * Constructor
142 */
143 public function __construct() {
144 $this->init();
145 }
146
147 /**
148 * Initialize the login box. Will also react on a &L=OUT flag and exit.
149 *
150 * @return void
151 * @todo Define visibility
152 */
153 public function init() {
154 // We need a PHP session session for most login levels
155 session_start();
156 $this->redirect_url = GeneralUtility::sanitizeLocalUrl(GeneralUtility::_GP('redirect_url'));
157 $this->GPinterface = GeneralUtility::_GP('interface');
158 // Grabbing preset username and password, for security reasons this feature only works if SSL is used
159 if (GeneralUtility::getIndpEnv('TYPO3_SSL')) {
160 $this->u = GeneralUtility::_GP('u');
161 $this->p = GeneralUtility::_GP('p');
162 }
163 // If "L" is "OUT", then any logged in is logged out. If redirect_url is given, we redirect to it
164 $this->L = GeneralUtility::_GP('L');
165 // Login
166 $this->loginRefresh = GeneralUtility::_GP('loginRefresh');
167 // Value of "Login" button. If set, the login button was pressed.
168 $this->commandLI = GeneralUtility::_GP('commandLI');
169 // Sets the level of security from conf vars
170 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel']) {
171 $this->loginSecurityLevel = $GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'];
172 }
173 // Try to get the preferred browser language
174 $preferredBrowserLanguage = $GLOBALS['LANG']->csConvObj->getPreferredClientLanguage(GeneralUtility::getIndpEnv('HTTP_ACCEPT_LANGUAGE'));
175 // If we found a $preferredBrowserLanguage and it is not the default language and no be_user is logged in
176 // initialize $GLOBALS['LANG'] again with $preferredBrowserLanguage
177 if ($preferredBrowserLanguage != 'default' && !$GLOBALS['BE_USER']->user['uid']) {
178 $GLOBALS['LANG']->init($preferredBrowserLanguage);
179 }
180 $GLOBALS['LANG']->includeLLFile('EXT:lang/locallang_login.xlf');
181 // Setting the redirect URL to "backend.php" if no alternative input is given
182 $this->redirectToURL = $this->redirect_url ? $this->redirect_url : 'backend.php';
183 // Do a logout if the command is set
184 if ($this->L == 'OUT' && is_object($GLOBALS['BE_USER'])) {
185 $GLOBALS['BE_USER']->logoff();
186 if ($this->redirect_url) {
187 HttpUtility::redirect($this->redirect_url);
188 }
189 die;
190 }
191 }
192
193 /**
194 * Main function - creating the login/logout form
195 *
196 * @return void
197 * @todo Define visibility
198 */
199 public function main() {
200 // Initialize template object:
201 $GLOBALS['TBE_TEMPLATE']->bodyTagAdditions = ' onload="startUp();"';
202 $GLOBALS['TBE_TEMPLATE']->moduleTemplate = $GLOBALS['TBE_TEMPLATE']->getHtmlTemplate('EXT:backend/Resources/Private/Templates/login.html');
203 $GLOBALS['TBE_TEMPLATE']->getPageRenderer()->loadExtJS();
204 $GLOBALS['TBE_TEMPLATE']->getPageRenderer()->loadPrototype();
205 $GLOBALS['TBE_TEMPLATE']->getPageRenderer()->loadScriptaculous();
206 // Set JavaScript for creating a MD5 hash of the password:
207 $GLOBALS['TBE_TEMPLATE']->JScode .= $this->getJScode();
208 // Checking, if we should make a redirect.
209 // Might set JavaScript in the header to close window.
210 $this->checkRedirect();
211 // Initialize interface selectors:
212 $this->makeInterfaceSelectorBox();
213 // Creating form based on whether there is a login or not:
214 if (!$GLOBALS['BE_USER']->user['uid']) {
215 $GLOBALS['TBE_TEMPLATE']->form = $this->startForm();
216 $loginForm = $this->makeLoginForm();
217 } else {
218 $GLOBALS['TBE_TEMPLATE']->form = '
219 <form action="index.php" method="post" name="loginform">
220 <input type="hidden" name="login_status" value="logout" />
221 ';
222 $loginForm = $this->makeLogoutForm();
223 }
224 // Starting page:
225 $this->content .= $GLOBALS['TBE_TEMPLATE']->startPage('TYPO3 Login: ' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], FALSE);
226 // Add login form:
227 $this->content .= $this->wrapLoginForm($loginForm);
228 $this->content .= $GLOBALS['TBE_TEMPLATE']->endPage();
229 }
230
231 /**
232 * Outputting the accumulated content to screen
233 *
234 * @return void
235 * @todo Define visibility
236 */
237 public function printContent() {
238 echo $this->content;
239 }
240
241 /*****************************
242 *
243 * Various functions
244 *
245 ******************************/
246 /**
247 * Creates the login form
248 * This is drawn when NO login exists.
249 *
250 * @return string HTML output
251 * @todo Define visibility
252 */
253 public function makeLoginForm() {
254 $content = HtmlParser::getSubpart($GLOBALS['TBE_TEMPLATE']->moduleTemplate, '###LOGIN_FORM###');
255 $markers = array(
256 'VALUE_USERNAME' => htmlspecialchars($this->u),
257 'VALUE_PASSWORD' => htmlspecialchars($this->p),
258 'VALUE_SUBMIT' => $GLOBALS['LANG']->getLL('labels.submitLogin', TRUE)
259 );
260 // Show an error message if the login command was successful already, otherwise remove the subpart
261 if (!$this->isLoginInProgress()) {
262 $content = HtmlParser::substituteSubpart($content, '###LOGIN_ERROR###', '');
263 } else {
264 $markers['ERROR_MESSAGE'] = $GLOBALS['LANG']->getLL('error.login', TRUE);
265 $markers['ERROR_LOGIN_TITLE'] = $GLOBALS['LANG']->getLL('error.login.title', TRUE);
266 $markers['ERROR_LOGIN_DESCRIPTION'] = $GLOBALS['LANG']->getLL('error.login.description', TRUE);
267 }
268 // Remove the interface selector markers if it's not available
269 if (!($this->interfaceSelector && !$this->loginRefresh)) {
270 $content = HtmlParser::substituteSubpart($content, '###INTERFACE_SELECTOR###', '');
271 } else {
272 $markers['LABEL_INTERFACE'] = $GLOBALS['LANG']->getLL('labels.interface', TRUE);
273 $markers['VALUE_INTERFACE'] = $this->interfaceSelector;
274 }
275 return HtmlParser::substituteMarkerArray($content, $markers, '###|###');
276 }
277
278 /**
279 * Creates the logout form
280 * This is drawn if a user login already exists.
281 *
282 * @return string HTML output
283 * @todo Define visibility
284 */
285 public function makeLogoutForm() {
286 $content = HtmlParser::getSubpart($GLOBALS['TBE_TEMPLATE']->moduleTemplate, '###LOGOUT_FORM###');
287 $markers = array(
288 'LABEL_USERNAME' => $GLOBALS['LANG']->getLL('labels.username', TRUE),
289 'VALUE_USERNAME' => htmlspecialchars($GLOBALS['BE_USER']->user['username']),
290 'VALUE_SUBMIT' => $GLOBALS['LANG']->getLL('labels.submitLogout', TRUE)
291 );
292 // Remove the interface selector markers if it's not available
293 if (!$this->interfaceSelector_jump) {
294 $content = HtmlParser::substituteSubpart($content, '###INTERFACE_SELECTOR###', '');
295 } else {
296 $markers['LABEL_INTERFACE'] = $GLOBALS['LANG']->getLL('labels.interface', TRUE);
297 $markers['VALUE_INTERFACE'] = $this->interfaceSelector_jump;
298 }
299 return HtmlParser::substituteMarkerArray($content, $markers, '###|###');
300 }
301
302 /**
303 * Wrapping the login form table in another set of tables etc:
304 *
305 * @param string $content HTML content for the login form
306 * @return string The HTML for the page.
307 * @todo Define visibility
308 */
309 public function wrapLoginForm($content) {
310 $mainContent = HtmlParser::getSubpart($GLOBALS['TBE_TEMPLATE']->moduleTemplate, '###PAGE###');
311 if ($GLOBALS['TBE_STYLES']['logo_login']) {
312 $logo = '<img src="' . htmlspecialchars(($GLOBALS['BACK_PATH'] . $GLOBALS['TBE_STYLES']['logo_login'])) . '" alt="" class="t3-login-logo" />';
313 } else {
314 $logo = '<img' . IconUtility::skinImg($GLOBALS['BACK_PATH'], 'gfx/typo3logo.gif', 'width="123" height="34"') . ' alt="" class="t3-login-logo" />';
315 }
316 /** @var $browserWarning \TYPO3\CMS\Core\Messaging\FlashMessage */
317 $browserWarning = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $GLOBALS['LANG']->getLL('warning.incompatibleBrowser') . ' ' . $GLOBALS['LANG']->getLL('warning.incompatibleBrowserInternetExplorer'), $GLOBALS['LANG']->getLL('warning.incompatibleBrowserHeadline'), FlashMessage::ERROR);
318 $browserWarning = $browserWarning->render();
319 $additionalCssClasses = array();
320 if ($this->isLoginInProgress()) {
321 $additionalCssClasses[] = 'error';
322 }
323 if ($this->loginRefresh) {
324 $additionalCssClasses[] = 'refresh';
325 }
326 $markers = array(
327 'LOGO' => $logo,
328 'LOGINBOX_IMAGE' => $this->makeLoginBoxImage(),
329 'FORM' => $content,
330 'NEWS' => $this->makeLoginNews(),
331 'COPYRIGHT' => BackendUtility::TYPO3_copyRightNotice($GLOBALS['TYPO3_CONF_VARS']['SYS']['loginCopyrightShowVersion']),
332 'CSS_CLASSES' => !empty($additionalCssClasses) ? 'class="' . implode(' ', $additionalCssClasses) . '"' : '',
333 'CSS_OPENIDCLASS' => 't3-login-openid-' . (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('openid') ? 'enabled' : 'disabled'),
334 // The labels will be replaced later on, thus the other parts above
335 // can use these markers as well and it will be replaced
336 'HEADLINE' => $GLOBALS['LANG']->getLL('headline', TRUE),
337 'INFO_ABOUT' => $GLOBALS['LANG']->getLL('info.about', TRUE),
338 'INFO_RELOAD' => $GLOBALS['LANG']->getLL('info.reset', TRUE),
339 'INFO' => $GLOBALS['LANG']->getLL('info.cookies_and_js', TRUE),
340 'WARNING_BROWSER_INCOMPATIBLE' => $browserWarning,
341 'ERROR_JAVASCRIPT' => $GLOBALS['LANG']->getLL('error.javascript', TRUE),
342 'ERROR_COOKIES' => $GLOBALS['LANG']->getLL('error.cookies', TRUE),
343 'ERROR_COOKIES_IGNORE' => $GLOBALS['LANG']->getLL('error.cookies_ignore', TRUE),
344 'ERROR_CAPSLOCK' => $GLOBALS['LANG']->getLL('error.capslock', TRUE),
345 'ERROR_FURTHERHELP' => $GLOBALS['LANG']->getLL('error.furtherInformation', TRUE),
346 'LABEL_DONATELINK' => $GLOBALS['LANG']->getLL('labels.donate', TRUE),
347 'LABEL_USERNAME' => $GLOBALS['LANG']->getLL('labels.username', TRUE),
348 'LABEL_OPENID' => $GLOBALS['LANG']->getLL('labels.openId', TRUE),
349 'LABEL_PASSWORD' => $GLOBALS['LANG']->getLL('labels.password', TRUE),
350 'LABEL_WHATISOPENID' => $GLOBALS['LANG']->getLL('labels.whatIsOpenId', TRUE),
351 'LABEL_SWITCHOPENID' => $GLOBALS['LANG']->getLL('labels.switchToOpenId', TRUE),
352 'LABEL_SWITCHDEFAULT' => $GLOBALS['LANG']->getLL('labels.switchToDefault', TRUE),
353 'CLEAR' => $GLOBALS['LANG']->getLL('clear', TRUE),
354 'LOGIN_PROCESS' => $GLOBALS['LANG']->getLL('login_process', TRUE),
355 'SITELINK' => '<a href="/">###SITENAME###</a>',
356 // Global variables will now be replaced (at last)
357 'SITENAME' => htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'])
358 );
359 $this->emitRenderLoginFormSignal($markers);
360 return HtmlParser::substituteMarkerArray($mainContent, $markers, '###|###');
361 }
362
363 /**
364 * Checking, if we should perform some sort of redirection OR closing of windows.
365 *
366 * @return void
367 * @todo Define visibility
368 */
369 public function checkRedirect() {
370 // Do redirect:
371 // If a user is logged in AND a) if either the login is just done (isLoginInProgress) or b) a loginRefresh is done or c) the interface-selector is NOT enabled (If it is on the other hand, it should not just load an interface, because people has to choose then...)
372 if ($GLOBALS['BE_USER']->user['uid'] && ($this->isLoginInProgress() || $this->loginRefresh || !$this->interfaceSelector)) {
373 // If no cookie has been set previously we tell people that this is a problem. This assumes that a cookie-setting script (like this one) has been hit at least once prior to this instance.
374 if (!$_COOKIE[\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName()]) {
375 if ($this->commandLI == 'setCookie') {
376 // we tried it a second time but still no cookie
377 // 26/4 2005: This does not work anymore, because the saving of challenge values in $_SESSION means the system will act as if the password was wrong.
378 throw new \RuntimeException('Login-error: Yeah, that\'s a classic. No cookies, no TYPO3.<br /><br />Please accept cookies from TYPO3 - otherwise you\'ll not be able to use the system.', 1294586846);
379 } else {
380 // try it once again - that might be needed for auto login
381 $this->redirectToURL = 'index.php?commandLI=setCookie';
382 }
383 }
384 if ($redirectToURL = (string) $GLOBALS['BE_USER']->getTSConfigVal('auth.BE.redirectToURL')) {
385 $this->redirectToURL = $redirectToURL;
386 $this->GPinterface = '';
387 }
388 // store interface
389 $GLOBALS['BE_USER']->uc['interfaceSetup'] = $this->GPinterface;
390 $GLOBALS['BE_USER']->writeUC();
391 // Based on specific setting of interface we set the redirect script:
392 switch ($this->GPinterface) {
393 case 'backend':
394
395 case 'backend_old':
396 $this->redirectToURL = 'backend.php';
397 break;
398 case 'frontend':
399 $this->redirectToURL = '../';
400 break;
401 }
402 /** @var $formProtection \TYPO3\CMS\Core\FormProtection\BackendFormProtection */
403 $formProtection = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get();
404 // If there is a redirect URL AND if loginRefresh is not set...
405 if (!$this->loginRefresh) {
406 $formProtection->storeSessionTokenInRegistry();
407 HttpUtility::redirect($this->redirectToURL);
408 } else {
409 $formProtection->setSessionTokenFromRegistry();
410 $formProtection->persistSessionToken();
411 $GLOBALS['TBE_TEMPLATE']->JScode .= $GLOBALS['TBE_TEMPLATE']->wrapScriptTags('
412 if (parent.opener && (parent.opener.busy || parent.opener.TYPO3.loginRefresh)) {
413 if (parent.opener.TYPO3.loginRefresh) {
414 parent.opener.TYPO3.loginRefresh.startTimer();
415 } else {
416 parent.opener.busy.loginRefreshed();
417 }
418 parent.close();
419 }
420 ');
421 }
422 } elseif (!$GLOBALS['BE_USER']->user['uid'] && $this->isLoginInProgress()) {
423 // Wrong password, wait for 5 seconds
424 sleep(5);
425 }
426 }
427
428 /**
429 * Making interface selector:
430 *
431 * @return void
432 * @todo Define visibility
433 */
434 public function makeInterfaceSelectorBox() {
435 // Reset variables:
436 $this->interfaceSelector = '';
437 $this->interfaceSelector_hidden = '';
438 $this->interfaceSelector_jump = '';
439 // If interfaces are defined AND no input redirect URL in GET vars:
440 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces'] && ($this->isLoginInProgress() || !$this->redirect_url)) {
441 $parts = GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces']);
442 // Only if more than one interface is defined will we show the selector:
443 if (count($parts) > 1) {
444 // Initialize:
445 $labels = array();
446 $labels['backend'] = $GLOBALS['LANG']->getLL('interface.backend');
447 $labels['backend_old'] = $GLOBALS['LANG']->getLL('interface.backend_old');
448 $labels['frontend'] = $GLOBALS['LANG']->getLL('interface.frontend');
449 $jumpScript = array();
450 $jumpScript['backend'] = 'backend.php';
451 $jumpScript['backend_old'] = 'backend.php';
452 $jumpScript['frontend'] = '../';
453 // Traverse the interface keys:
454 foreach ($parts as $valueStr) {
455 $this->interfaceSelector .= '
456 <option value="' . htmlspecialchars($valueStr) . '"' . (GeneralUtility::_GP('interface') == htmlspecialchars($valueStr) ? ' selected="selected"' : '') . '>' . htmlspecialchars($labels[$valueStr]) . '</option>';
457 $this->interfaceSelector_jump .= '
458 <option value="' . htmlspecialchars($jumpScript[$valueStr]) . '">' . htmlspecialchars($labels[$valueStr]) . '</option>';
459 }
460 $this->interfaceSelector = '
461 <select id="t3-interfaceselector" name="interface" class="c-interfaceselector" tabindex="3">' . $this->interfaceSelector . '
462 </select>';
463 $this->interfaceSelector_jump = '
464 <select id="t3-interfaceselector" name="interface" class="c-interfaceselector" tabindex="3" onchange="window.location.href=this.options[this.selectedIndex].value;">' . $this->interfaceSelector_jump . '
465 </select>';
466 } elseif (!$this->redirect_url) {
467 // If there is only ONE interface value set and no redirect_url is present:
468 $this->interfaceSelector_hidden = '<input type="hidden" name="interface" value="' . trim($GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces']) . '" />';
469 }
470 }
471 }
472
473 /**
474 * COPYRIGHT notice
475 *
476 * Warning:
477 * DO NOT prevent this notice from being shown in ANY WAY.
478 * According to the GPL license an interactive application must show such a notice on start-up ('If the program is interactive, make it output a short notice... ' - see GPL.txt)
479 * Therefore preventing this notice from being properly shown is a violation of the license, regardless of whether you remove it or use a stylesheet to obstruct the display.
480 *
481 * @return string Text/Image (HTML) for copyright notice.
482 *
483 * @todo Define visibility
484 * @deprecated since TYPO3 6.0, will be removed in TYPO3 6.2
485 * @see \TYPO3\CMS\Backend\Utility\BackendUtility::TYPO3_copyRightNotice()
486 */
487 public function makeCopyrightNotice() {
488 GeneralUtility::logDeprecatedFunction();
489 return BackendUtility::TYPO3_copyRightNotice();
490 }
491
492 /**
493 * Returns the login box image, whether the default or an image from the rotation folder.
494 *
495 * @return string HTML image tag.
496 * @todo Define visibility
497 */
498 public function makeLoginBoxImage() {
499 $loginboxImage = '';
500 // Look for rotation image folder:
501 if ($GLOBALS['TBE_STYLES']['loginBoxImage_rotationFolder']) {
502 $absPath = GeneralUtility::resolveBackPath(PATH_typo3 . $GLOBALS['TBE_STYLES']['loginBoxImage_rotationFolder']);
503 // Get rotation folder:
504 $dir = GeneralUtility::getFileAbsFileName($absPath);
505 if ($dir && @is_dir($dir)) {
506 // Get files for rotation into array:
507 $files = GeneralUtility::getFilesInDir($dir, 'png,jpg,gif');
508 // Pick random file:
509 $randImg = array_rand($files, 1);
510 // Get size of random file:
511 $imgSize = @getimagesize(($dir . $files[$randImg]));
512 $imgAuthor = is_array($GLOBALS['TBE_STYLES']['loginBoxImage_author']) && $GLOBALS['TBE_STYLES']['loginBoxImage_author'][$files[$randImg]] ? htmlspecialchars($GLOBALS['TBE_STYLES']['loginBoxImage_author'][$files[$randImg]]) : '';
513 // Create image tag:
514 if (is_array($imgSize)) {
515 $loginboxImage = '<img src="' . htmlspecialchars(($GLOBALS['TBE_STYLES']['loginBoxImage_rotationFolder'] . $files[$randImg])) . '" ' . $imgSize[3] . ' id="loginbox-image" alt="' . $imgAuthor . '" title="' . $imgAuthor . '" />';
516 }
517 }
518 } else {
519 // If no rotation folder configured, print default image:
520 // Development version
521 if (strstr(TYPO3_version, '-dev')) {
522 $loginImage = 'loginbox_image_dev.png';
523 $imagecopy = 'You are running a development version of TYPO3 ' . TYPO3_branch;
524 } else {
525 $loginImage = 'loginbox_image.jpg';
526 $imagecopy = 'Photo by J.C. Franca (www.digitalphoto.com.br)';
527 }
528 $loginboxImage = '<img' . IconUtility::skinImg($GLOBALS['BACK_PATH'], ('gfx/' . $loginImage), 'width="200" height="133"') . ' id="loginbox-image" alt="' . $imagecopy . '" title="' . $imagecopy . '" />';
529 }
530 // Return image tag:
531 return $loginboxImage;
532 }
533
534 /**
535 * Make login news - renders the HTML content for a list of news shown under
536 * the login form. News data is added through sys_news records
537 *
538 * @return string HTML content
539 * @credits Idea by Jan-Hendrik Heuing
540 * @todo Define visibility
541 */
542 public function makeLoginNews() {
543 $newsContent = '';
544 $systemNews = $this->getSystemNews();
545 // Traverse news array IF there are records in it:
546 if (is_array($systemNews) && count($systemNews) && !GeneralUtility::_GP('loginRefresh')) {
547 /** @var $htmlParser \TYPO3\CMS\Core\Html\RteHtmlParser */
548 $htmlParser = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Html\\RteHtmlParser');
549 // Get the main news template, and replace the subpart after looped through
550 $newsContent = HtmlParser::getSubpart($GLOBALS['TBE_TEMPLATE']->moduleTemplate, '###LOGIN_NEWS###');
551 $newsItemTemplate = HtmlParser::getSubpart($newsContent, '###NEWS_ITEM###');
552 $newsItem = '';
553 $count = 1;
554 foreach ($systemNews as $newsItemData) {
555 $additionalClass = '';
556 if ($count == 1) {
557 $additionalClass = ' first-item';
558 } elseif ($count == count($systemNews)) {
559 $additionalClass = ' last-item';
560 }
561 $newsItemContent = $htmlParser->TS_transform_rte($htmlParser->TS_links_rte($newsItemData['content']));
562 $newsItemMarker = array(
563 '###HEADER###' => htmlspecialchars($newsItemData['header']),
564 '###DATE###' => htmlspecialchars($newsItemData['date']),
565 '###CONTENT###' => $newsItemContent,
566 '###CLASS###' => $additionalClass
567 );
568 $count++;
569 $newsItem .= HtmlParser::substituteMarkerArray($newsItemTemplate, $newsItemMarker);
570 }
571 $title = $GLOBALS['TYPO3_CONF_VARS']['BE']['loginNewsTitle'] ? $GLOBALS['TYPO3_CONF_VARS']['BE']['loginNewsTitle'] : $GLOBALS['LANG']->getLL('newsheadline');
572 $newsContent = HtmlParser::substituteMarker($newsContent, '###NEWS_HEADLINE###', htmlspecialchars($title));
573 $newsContent = HtmlParser::substituteSubpart($newsContent, '###NEWS_ITEM###', $newsItem);
574 }
575 return $newsContent;
576 }
577
578 /**
579 * Gets news from sys_news and converts them into a format suitable for
580 * showing them at the login screen.
581 *
582 * @return array An array of login news.
583 */
584 protected function getSystemNews() {
585 $systemNewsTable = 'sys_news';
586 $systemNews = array();
587 $systemNewsRecords = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('title, content, crdate', $systemNewsTable, '1=1' . BackendUtility::BEenableFields($systemNewsTable) . BackendUtility::deleteClause($systemNewsTable), '', 'crdate DESC');
588 foreach ($systemNewsRecords as $systemNewsRecord) {
589 $systemNews[] = array(
590 'date' => date($GLOBALS['TYPO3_CONF_VARS']['SYS']['ddmmyy'], $systemNewsRecord['crdate']),
591 'header' => $systemNewsRecord['title'],
592 'content' => $systemNewsRecord['content']
593 );
594 }
595 return $systemNews;
596 }
597
598 /**
599 * Returns the form tag
600 *
601 * @return string Opening form tag string
602 * @todo Define visibility
603 */
604 public function startForm() {
605 $output = '';
606 // The form defaults to 'no login'. This prevents plain
607 // text logins to the Backend. The 'sv' extension changes the form to
608 // use superchallenged method and rsaauth extension makes rsa authetication.
609 $form = '<form action="index.php" method="post" name="loginform" ' . 'onsubmit="alert(\'No authentication methods available. Please, ' . 'contact your TYPO3 administrator.\');return false">';
610 // Call hooks. If they do not return anything, we fail to login
611 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/index.php']['loginFormHook'])) {
612 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/index.php']['loginFormHook'] as $function) {
613 $params = array();
614 $formCode = GeneralUtility::callUserFunction($function, $params, $this);
615 if ($formCode) {
616 $form = $formCode;
617 break;
618 }
619 }
620 }
621 $output .= $form . '<input type="hidden" name="login_status" value="login" />' . '<input type="hidden" name="userident" value="" />' . '<input type="hidden" name="redirect_url" value="' . htmlspecialchars($this->redirectToURL) . '" />' . '<input type="hidden" name="loginRefresh" value="' . htmlspecialchars($this->loginRefresh) . '" />' . $this->interfaceSelector_hidden . $this->addFields_hidden;
622 return $output;
623 }
624
625 /**
626 * Creates JavaScript for the login form
627 *
628 * @return string JavaScript code
629 * @todo Define visibility
630 */
631 public function getJScode() {
632 $JSCode = '';
633 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/index.php']['loginScriptHook'])) {
634 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/index.php']['loginScriptHook'] as $function) {
635 $params = array();
636 $JSCode = GeneralUtility::callUserFunction($function, $params, $this);
637 if ($JSCode) {
638 break;
639 }
640 }
641 }
642 $JSCode .= $GLOBALS['TBE_TEMPLATE']->wrapScriptTags('
643 function startUp() {
644 // If the login screen is shown in the login_frameset window for re-login, then try to get the username of the current/former login from opening windows main frame:
645 try {
646 if (parent.opener && parent.opener.TS && parent.opener.TS.username && document.loginform && document.loginform.username) {
647 document.loginform.username.value = parent.opener.TS.username;
648 }
649 }
650 catch(error) {
651 //continue
652 }
653
654 // Wait a few millisecons before calling checkFocus(). This might be necessary because some browsers need some time to auto-fill in the form fields
655 window.setTimeout("checkFocus()", 50);
656 }
657
658 // This moves focus to the right input field:
659 function checkFocus() {
660 // If for some reason there already is a username in the username form field, move focus to the password field:
661 if (document.loginform.username && document.loginform.username.value == "") {
662 document.loginform.username.focus();
663 } else if (document.loginform.p_field && document.loginform.p_field.type!="hidden") {
664 document.loginform.p_field.focus();
665 }
666 }
667
668 // This function shows a warning, if user has capslock enabled
669 // parameter showWarning: shows warning if TRUE and capslock active, otherwise only hides warning, if capslock gets inactive
670 function checkCapslock(e, showWarning) {
671 if (!isCapslock(e)) {
672 document.getElementById(\'t3-capslock\').style.display = \'none\';
673 } else if (showWarning) {
674 document.getElementById(\'t3-capslock\').style.display = \'block\';
675 }
676 }
677
678 // Checks weather capslock is enabled (returns TRUE if enabled, false otherwise)
679 // thanks to http://24ways.org/2007/capturing-caps-lock
680
681 function isCapslock(e) {
682 var ev = e ? e : window.event;
683 if (!ev) {
684 return;
685 }
686 var targ = ev.target ? ev.target : ev.srcElement;
687 // get key pressed
688 var which = -1;
689 if (ev.which) {
690 which = ev.which;
691 } else if (ev.keyCode) {
692 which = ev.keyCode;
693 }
694 // get shift status
695 var shift_status = false;
696 if (ev.shiftKey) {
697 shift_status = ev.shiftKey;
698 } else if (ev.modifiers) {
699 shift_status = !!(ev.modifiers & 4);
700 }
701 return (((which >= 65 && which <= 90) && !shift_status) ||
702 ((which >= 97 && which <= 122) && shift_status));
703 }
704
705 // prevent opening the login form in the backend frameset
706 if (top.location.href != self.location.href) {
707 top.location.href = self.location.href;
708 }
709
710 ');
711 return $JSCode;
712 }
713
714 /**
715 * Checks if login credentials are currently submitted
716 *
717 * @return boolean
718 */
719 protected function isLoginInProgress() {
720 $username = GeneralUtility::_GP('username');
721 return !(empty($username) && empty($this->commandLI));
722 }
723
724 /**
725 * Emits the render login form signal
726 *
727 * @param array $markers Array with markers for the login form
728 * @return void
729 */
730 protected function emitRenderLoginFormSignal(array &$markers) {
731 $signalArguments = $this->getSignalSlotDispatcher()->dispatch('TYPO3\\CMS\\Backend\\Controller\\LoginController', self::SIGNAL_RenderLoginForm, array($this, $markers));
732 $markers = $signalArguments[1];
733 }
734
735 /**
736 * Get the SignalSlot dispatcher
737 *
738 * @return \TYPO3\CMS\Extbase\SignalSlot\Dispatcher
739 */
740 protected function getSignalSlotDispatcher() {
741 if (!isset($this->signalSlotDispatcher)) {
742 $this->signalSlotDispatcher = $this->getObjectManager()->get('TYPO3\\CMS\\Extbase\\SignalSlot\\Dispatcher');
743 }
744 return $this->signalSlotDispatcher;
745 }
746
747 /**
748 * Get the ObjectManager
749 *
750 * @return \TYPO3\CMS\Extbase\Object\ObjectManager
751 */
752 protected function getObjectManager() {
753 return GeneralUtility::makeInstance('TYPO3\\CMS\\Extbase\\Object\\ObjectManager');
754 }
755
756 }