[TASK] Move JavaScript files to EXT: backend
[Packages/TYPO3.CMS.git] / typo3 / sysext / sv / Classes / LoginFormHook.php
1 <?php
2 namespace TYPO3\CMS\Sv;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 2009-2013 Dmitry Dulepov <dmitry@typo3.org>
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 *
19 * This script is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * This copyright notice MUST APPEAR in all copies of the script!
25 ***************************************************************/
26 /**
27 * This class contains a BE login form hook. It adds all necessary JavaScript
28 * for the superchallenged authentication.
29 *
30 * @author Dmitry Dulepov <dmitry@typo3.org>
31 */
32 class LoginFormHook {
33
34 /**
35 * Provides form code for the superchallenged authentication.
36 *
37 * @param array $params Parameters to the script
38 * @param \TYPO3\CMS\Backend\Controller\LoginController $pObj Calling object
39 * @return string The code for the login form
40 */
41 public function getLoginFormTag(array $params, \TYPO3\CMS\Backend\Controller\LoginController &$pObj) {
42 // Get the code according to the login level
43 switch ($pObj->loginSecurityLevel) {
44 case 'challenged':
45
46 case 'superchallenged':
47 $_SESSION['login_challenge'] = $this->getChallenge();
48 $content = '<form action="index.php" method="post" name="loginform" ' . 'onsubmit="doChallengeResponse(' . ($pObj->loginSecurityLevel == 'challenged' ? 0 : 1) . ');">' . '<input type="hidden" name="challenge" value="' . htmlspecialchars($_SESSION['login_challenge']) . '" />';
49 break;
50 case 'normal':
51 $content = '<form action="index.php" method="post" name="loginform" onsubmit="document.loginform.userident.value=document.loginform.p_field.value;document.loginform.p_field.value=\'\';return true;">';
52 break;
53 default:
54 // No code for unknown level!
55 $content = '';
56 }
57 return $content;
58 }
59
60 /**
61 * Provides form code for the superchallenged authentication.
62 *
63 * @param array $params Parameters to the script
64 * @param \TYPO3\CMS\Backend\Controller\LoginController $pObj Calling object
65 * @return string The code for the login form
66 */
67 public function getLoginScripts(array $params, \TYPO3\CMS\Backend\Controller\LoginController &$pObj) {
68 $content = '';
69 if ($pObj->loginSecurityLevel == 'superchallenged' || $pObj->loginSecurityLevel == 'challenged') {
70 $content = '
71 <script type="text/javascript" src="sysext/backend/Resources/Public/JavaScript/md5.js"></script>
72 ' . $GLOBALS['TBE_TEMPLATE']->wrapScriptTags('
73 function doChallengeResponse(superchallenged) { //
74 password = document.loginform.p_field.value;
75 if (password) {
76 if (superchallenged) {
77 password = MD5(password); // this makes it superchallenged!!
78 }
79 str = document.loginform.username.value+":"+password+":"+document.loginform.challenge.value;
80 document.loginform.userident.value = MD5(str);
81 document.loginform.p_field.value = "";
82 return true;
83 }
84 }
85 ');
86 }
87 return $content;
88 }
89
90 /**
91 * Create a random challenge string
92 *
93 * @return string Challenge value
94 */
95 protected function getChallenge() {
96 $challenge = md5(uniqid('') . getmypid());
97 return $challenge;
98 }
99
100 }
101
102
103 ?>