69432110cf1c921cba311d167fda31077255306e
[Packages/TYPO3.CMS.git] / typo3 / sysext / felogin / Classes / Controller / FrontendLoginController.php
1 <?php
2 namespace TYPO3\CMS\Felogin\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Utility\GeneralUtility;
18 use TYPO3\CMS\Core\Utility\StringUtility;
19
20 /**
21 * Plugin 'Website User Login' for the 'felogin' extension.
22 *
23 * @author Steffen Kamper <info@sk-typo3.de>
24 */
25 class FrontendLoginController extends \TYPO3\CMS\Frontend\Plugin\AbstractPlugin {
26
27 /**
28 * Same as class name
29 *
30 * @var string
31 */
32 public $prefixId = 'tx_felogin_pi1';
33
34 /**
35 * Path to this script relative to the extension dir.
36 *
37 * @var string
38 * @TODO This is still set to the "old" class location since the locallang.xlf file in the same dir is loaded by pi_loadLL
39 */
40 public $scriptRelPath = 'pi1/class.tx_felogin_pi1.php';
41
42 /**
43 * The extension key.
44 *
45 * @var string
46 */
47 public $extKey = 'felogin';
48
49 /**
50 * @var bool
51 */
52 public $pi_checkCHash = FALSE;
53
54 /**
55 * @var bool
56 */
57 public $pi_USER_INT_obj = TRUE;
58
59 /**
60 * Is user logged in?
61 *
62 * @var bool
63 */
64 protected $userIsLoggedIn;
65
66 /**
67 * Holds the template for FE rendering
68 *
69 * @var string
70 */
71 protected $template;
72
73 /**
74 * Upload directory, used for flexform template files
75 *
76 * @var string
77 */
78 protected $uploadDir;
79
80 /**
81 * URL for the redirect
82 *
83 * @var string
84 */
85 protected $redirectUrl;
86
87 /**
88 * Flag for disable the redirect
89 *
90 * @var bool
91 */
92 protected $noRedirect = FALSE;
93
94 /**
95 * Logintype (given as GPvar), possible: login, logout
96 *
97 * @var string
98 */
99 protected $logintype;
100
101 /**
102 * The main method of the plugin
103 *
104 * @param string $content The PlugIn content
105 * @param array $conf The PlugIn configuration
106 * @return string The content that is displayed on the website
107 */
108 public function main($content, $conf) {
109 // Loading TypoScript array into object variable:
110 $this->conf = $conf;
111 $this->uploadDir = 'uploads/tx_felogin/';
112 // Loading default pivars
113 $this->pi_setPiVarDefaults();
114 // Loading language-labels
115 $this->pi_loadLL();
116 // Init FlexForm configuration for plugin:
117 $this->pi_initPIflexForm();
118 $this->mergeflexFormValuesIntoConf();
119 // Get storage PIDs:
120 if ($this->conf['storagePid']) {
121 if ((int)$this->conf['recursive']) {
122 $this->spid = $this->pi_getPidList($this->conf['storagePid'], (int)$this->conf['recursive']);
123 } else {
124 $this->spid = $this->conf['storagePid'];
125 }
126 } else {
127 $pids = $GLOBALS['TSFE']->getStorageSiterootPids();
128 $this->spid = $pids['_STORAGE_PID'];
129 }
130 // GPvars:
131 $this->logintype = GeneralUtility::_GP('logintype');
132 $this->referer = $this->validateRedirectUrl(GeneralUtility::_GP('referer'));
133 $this->noRedirect = $this->piVars['noredirect'] || $this->conf['redirectDisable'];
134 // If config.typolinkLinkAccessRestrictedPages is set, the var is return_url
135 $returnUrl = GeneralUtility::_GP('return_url');
136 if ($returnUrl) {
137 $this->redirectUrl = $returnUrl;
138 } else {
139 $this->redirectUrl = GeneralUtility::_GP('redirect_url');
140 }
141 $this->redirectUrl = $this->validateRedirectUrl($this->redirectUrl);
142 // Get Template
143 $templateFile = $this->conf['templateFile'] ?: 'EXT:felogin/template.html';
144 $this->template = $this->cObj->fileResource($templateFile);
145 // Is user logged in?
146 $this->userIsLoggedIn = $GLOBALS['TSFE']->loginUser;
147 // Redirect
148 if ($this->conf['redirectMode'] && !$this->conf['redirectDisable'] && !$this->noRedirect) {
149 $redirectUrl = $this->processRedirect();
150 if (count($redirectUrl)) {
151 $this->redirectUrl = $this->conf['redirectFirstMethod'] ? array_shift($redirectUrl) : array_pop($redirectUrl);
152 } else {
153 $this->redirectUrl = '';
154 }
155 }
156 // What to display
157 $content = '';
158 if ($this->piVars['forgot'] && $this->conf['showForgotPasswordLink']) {
159 $content .= $this->showForgot();
160 } elseif ($this->piVars['forgothash']) {
161 $content .= $this->changePassword();
162 } else {
163 if ($this->userIsLoggedIn && !$this->logintype) {
164 $content .= $this->showLogout();
165 } else {
166 $content .= $this->showLogin();
167 }
168 }
169 // Process the redirect
170 if (($this->logintype === 'login' || $this->logintype === 'logout') && $this->redirectUrl && !$this->noRedirect) {
171 if (!$GLOBALS['TSFE']->fe_user->isCookieSet() && $this->userIsLoggedIn) {
172 $content .= $this->cObj->stdWrap($this->pi_getLL('cookie_warning', '', TRUE), $this->conf['cookieWarning_stdWrap.']);
173 } else {
174 // Add hook for extra processing before redirect
175 if (
176 isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect']) &&
177 is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'])
178 ) {
179 $_params = array(
180 'loginType' => $this->logintype,
181 'redirectUrl' => &$this->redirectUrl
182 );
183 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'] as $_funcRef) {
184 if ($_funcRef) {
185 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
186 }
187 }
188 }
189 \TYPO3\CMS\Core\Utility\HttpUtility::redirect($this->redirectUrl);
190 }
191 }
192 // Adds hook for processing of extra item markers / special
193 if (
194 isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'])
195 && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'])
196 ) {
197 $_params = array(
198 'content' => $content
199 );
200 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'] as $_funcRef) {
201 $content = GeneralUtility::callUserFunction($_funcRef, $_params, $this);
202 }
203 }
204 return $this->conf['wrapContentInBaseClass'] ? $this->pi_wrapInBaseClass($content) : $content;
205 }
206
207 /**
208 * Shows the forgot password form
209 *
210 * @return string Content
211 */
212 protected function showForgot() {
213 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_FORGOT###');
214 $subpartArray = ($linkpartArray = array());
215 $postData = GeneralUtility::_POST($this->prefixId);
216 if ($postData['forgot_email']) {
217 // Get hashes for compare
218 $postedHash = $postData['forgot_hash'];
219 $hashData = $GLOBALS['TSFE']->fe_user->getKey('ses', 'forgot_hash');
220 if ($postedHash === $hashData['forgot_hash']) {
221 $row = FALSE;
222 // Look for user record
223 $data = $GLOBALS['TYPO3_DB']->fullQuoteStr($this->piVars['forgot_email'], 'fe_users');
224 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
225 'uid, username, password, email',
226 'fe_users',
227 '(email=' . $data . ' OR username=' . $data . ') AND pid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($this->spid) . ') ' . $this->cObj->enableFields('fe_users')
228 );
229 if ($GLOBALS['TYPO3_DB']->sql_num_rows($res)) {
230 $row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res);
231 }
232 $error = NULL;
233 if ($row) {
234 // Generate an email with the hashed link
235 $error = $this->generateAndSendHash($row);
236 } elseif ($this->conf['exposeNonexistentUserInForgotPasswordDialog']) {
237 $error = $this->pi_getLL('ll_forgot_reset_message_error');
238 }
239 // Generate message
240 if ($error) {
241 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($error, $this->conf['forgotErrorMessage_stdWrap.']);
242 } else {
243 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap(
244 $this->pi_getLL('ll_forgot_reset_message_emailSent', '', TRUE),
245 $this->conf['forgotResetMessageEmailSentMessage_stdWrap.']
246 );
247 }
248 $subpartArray['###FORGOT_FORM###'] = '';
249 } else {
250 // Wrong email
251 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
252 $markerArray['###BACKLINK_LOGIN###'] = '';
253 }
254 } else {
255 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
256 $markerArray['###BACKLINK_LOGIN###'] = '';
257 }
258 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink($this->pi_getLL('ll_forgot_header_backToLogin', '', TRUE), array());
259 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('forgot_header', $this->conf['forgotHeader_stdWrap.']);
260 $markerArray['###LEGEND###'] = $this->pi_getLL('legend', $this->pi_getLL('reset_password', '', TRUE), TRUE);
261 $markerArray['###ACTION_URI###'] = $this->getPageLink('', array($this->prefixId . '[forgot]' => 1), TRUE);
262 $markerArray['###EMAIL_LABEL###'] = $this->pi_getLL('your_email', '', TRUE);
263 $markerArray['###FORGOT_PASSWORD_ENTEREMAIL###'] = $this->pi_getLL('forgot_password_enterEmail', '', TRUE);
264 $markerArray['###FORGOT_EMAIL###'] = $this->prefixId . '[forgot_email]';
265 $markerArray['###SEND_PASSWORD###'] = $this->pi_getLL('reset_password', '', TRUE);
266 $markerArray['###DATA_LABEL###'] = $this->pi_getLL('ll_enter_your_data', '', TRUE);
267 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
268 // Generate hash
269 $hash = md5($this->generatePassword(3));
270 $markerArray['###FORGOTHASH###'] = $hash;
271 // Set hash in feuser session
272 $GLOBALS['TSFE']->fe_user->setKey('ses', 'forgot_hash', array('forgot_hash' => $hash));
273 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
274 }
275
276 /**
277 * This function checks the hash from link and checks the validity. If it's valid it shows the form for
278 * changing the password and process the change of password after submit, if not valid it returns the error message
279 *
280 * @return string The content.
281 */
282 protected function changePassword() {
283 $subpartArray = ($linkpartArray = array());
284 $done = FALSE;
285 $minLength = (int)$this->conf['newPasswordMinLength'] ?: 6;
286 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_CHANGEPASSWORD###');
287 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('change_password_header', $this->conf['changePasswordHeader_stdWrap.']);
288 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
289 'change_password_message',
290 $this->conf['changePasswordMessage_stdWrap.']
291 ), $minLength);
292
293 $markerArray['###BACKLINK_LOGIN###'] = '';
294 $uid = $this->piVars['user'];
295 $piHash = $this->piVars['forgothash'];
296 $hash = explode('|', $piHash);
297 if ((int)$uid === 0) {
298 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
299 'change_password_notvalid_message',
300 $this->conf['changePasswordNotValidMessage_stdWrap.']
301 );
302 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
303 } else {
304 $user = $this->pi_getRecord('fe_users', (int)$uid);
305 $userHash = $user['felogin_forgotHash'];
306 $compareHash = explode('|', $userHash);
307 if (!$compareHash || !$compareHash[1] || $compareHash[0] < time() || $hash[0] != $compareHash[0] || md5($hash[1]) != $compareHash[1]) {
308 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
309 'change_password_notvalid_message',
310 $this->conf['changePasswordNotValidMessage_stdWrap.']
311 );
312 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
313 } else {
314 // All is fine, continue with new password
315 $postData = GeneralUtility::_POST($this->prefixId);
316 if (isset($postData['changepasswordsubmit'])) {
317 if (strlen($postData['password1']) < $minLength) {
318 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
319 'change_password_tooshort_message',
320 $this->conf['changePasswordTooShortMessage_stdWrap.']),
321 $minLength
322 );
323 } elseif ($postData['password1'] != $postData['password2']) {
324 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
325 'change_password_notequal_message',
326 $this->conf['changePasswordNotEqualMessage_stdWrap.']),
327 $minLength
328 );
329 } else {
330 $newPass = $postData['password1'];
331 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
332 $_params = array(
333 'user' => $user,
334 'newPassword' => $newPass
335 );
336 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
337 if ($_funcRef) {
338 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
339 }
340 }
341 $newPass = $_params['newPassword'];
342 }
343 // Save new password and clear DB-hash
344 $res = $GLOBALS['TYPO3_DB']->exec_UPDATEquery(
345 'fe_users',
346 'uid=' . $user['uid'],
347 array('password' => $newPass, 'felogin_forgotHash' => '', 'tstamp' => $GLOBALS['EXEC_TIME'])
348 );
349 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
350 'change_password_done_message',
351 $this->conf['changePasswordDoneMessage_stdWrap.']
352 );
353 $done = TRUE;
354 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
355 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(
356 $this->pi_getLL('ll_forgot_header_backToLogin', '', TRUE),
357 array($this->prefixId . '[redirectReferrer]' => 'off')
358 );
359 }
360 }
361 if (!$done) {
362 // Change password form
363 $markerArray['###ACTION_URI###'] = $this->pi_getPageLink($GLOBALS['TSFE']->id, '', array(
364 $this->prefixId . '[user]' => $user['uid'],
365 $this->prefixId . '[forgothash]' => $piHash
366 ));
367 $markerArray['###LEGEND###'] = $this->pi_getLL('change_password', '', TRUE);
368 $markerArray['###NEWPASSWORD1_LABEL###'] = $this->pi_getLL('newpassword_label1', '', TRUE);
369 $markerArray['###NEWPASSWORD2_LABEL###'] = $this->pi_getLL('newpassword_label2', '', TRUE);
370 $markerArray['###NEWPASSWORD1###'] = $this->prefixId . '[password1]';
371 $markerArray['###NEWPASSWORD2###'] = $this->prefixId . '[password2]';
372 $markerArray['###STORAGE_PID###'] = $this->spid;
373 $markerArray['###SEND_PASSWORD###'] = $this->pi_getLL('change_password', '', TRUE);
374 $markerArray['###FORGOTHASH###'] = $piHash;
375 }
376 }
377 }
378 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
379 }
380
381 /**
382 * Generates a hashed link and send it with email
383 *
384 * @param array $user Contains user data
385 * @return string Empty string with success, error message with no success
386 */
387 protected function generateAndSendHash($user) {
388 $hours = (int)$this->conf['forgotLinkHashValidTime'] > 0 ? (int)$this->conf['forgotLinkHashValidTime'] : 24;
389 $validEnd = time() + 3600 * $hours;
390 $validEndString = date($this->conf['dateFormat'], $validEnd);
391 $hash = md5(GeneralUtility::generateRandomBytes(64));
392 $randHash = $validEnd . '|' . $hash;
393 $randHashDB = $validEnd . '|' . md5($hash);
394 // Write hash to DB
395 $res = $GLOBALS['TYPO3_DB']->exec_UPDATEquery('fe_users', 'uid=' . $user['uid'], array('felogin_forgotHash' => $randHashDB));
396 // Send hashlink to user
397 $this->conf['linkPrefix'] = -1;
398 $isAbsRelPrefix = !empty($GLOBALS['TSFE']->absRefPrefix);
399 $isBaseURL = !empty($GLOBALS['TSFE']->baseUrl);
400 $isFeloginBaseURL = !empty($this->conf['feloginBaseURL']);
401 $link = $this->pi_getPageLink($GLOBALS['TSFE']->id, '', array(
402 rawurlencode($this->prefixId . '[user]') => $user['uid'],
403 rawurlencode($this->prefixId . '[forgothash]') => $randHash
404 ));
405 // Prefix link if necessary
406 if ($isFeloginBaseURL) {
407 // First priority, use specific base URL
408 // "absRefPrefix" must be removed first, otherwise URL will be prepended twice
409 if (!empty($GLOBALS['TSFE']->absRefPrefix)) {
410 $link = substr($link, strlen($GLOBALS['TSFE']->absRefPrefix));
411 }
412 $link = $this->conf['feloginBaseURL'] . $link;
413 } elseif ($isAbsRelPrefix) {
414 // Second priority
415 // absRefPrefix must not necessarily contain a hostname and URL scheme, so add it if needed
416 $link = GeneralUtility::locationHeaderUrl($link);
417 } elseif ($isBaseURL) {
418 // Third priority
419 // Add the global base URL to the link
420 $link = $GLOBALS['TSFE']->baseUrlWrap($link);
421 } else {
422 // No prefix is set, return the error
423 return $this->pi_getLL('ll_change_password_nolinkprefix_message');
424 }
425 $msg = sprintf($this->pi_getLL('ll_forgot_validate_reset_password'), $user['username'], $link, $validEndString);
426 // Add hook for extra processing of mail message
427 if (
428 isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'])
429 && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'])
430 ) {
431 $params = array(
432 'message' => &$msg,
433 'user' => &$user
434 );
435 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'] as $reference) {
436 if ($reference) {
437 GeneralUtility::callUserFunction($reference, $params, $this);
438 }
439 }
440 }
441 if ($user['email']) {
442 $this->cObj->sendNotifyEmail($msg, $user['email'], '', $this->conf['email_from'], $this->conf['email_fromName'], $this->conf['replyTo']);
443 }
444
445 return '';
446 }
447
448 /**
449 * Shows logout form
450 *
451 * @return string The content.
452 */
453 protected function showLogout() {
454 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGOUT###');
455 $subpartArray = ($linkpartArray = array());
456 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('status_header', $this->conf['logoutHeader_stdWrap.']);
457 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('status_message', $this->conf['logoutMessage_stdWrap.']);
458 $this->cObj->stdWrap($this->flexFormValue('message', 's_status'), $this->conf['logoutMessage_stdWrap.']);
459 $markerArray['###LEGEND###'] = $this->pi_getLL('logout', '', TRUE);
460 $markerArray['###ACTION_URI###'] = $this->getPageLink('', array(), TRUE);
461 $markerArray['###LOGOUT_LABEL###'] = $this->pi_getLL('logout', '', TRUE);
462 $markerArray['###NAME###'] = htmlspecialchars($GLOBALS['TSFE']->fe_user->user['name']);
463 $markerArray['###STORAGE_PID###'] = $this->spid;
464 $markerArray['###USERNAME###'] = htmlspecialchars($GLOBALS['TSFE']->fe_user->user['username']);
465 $markerArray['###USERNAME_LABEL###'] = $this->pi_getLL('username', '', TRUE);
466 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
467 $markerArray['###PREFIXID###'] = $this->prefixId;
468 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
469 if ($this->redirectUrl) {
470 // Use redirectUrl for action tag because of possible access restricted pages
471 $markerArray['###ACTION_URI###'] = htmlspecialchars($this->redirectUrl);
472 $this->redirectUrl = '';
473 }
474 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
475 }
476
477 /**
478 * Shows login form
479 *
480 * @return string Content
481 */
482 protected function showLogin() {
483 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGIN###');
484 $subpartArray = ($linkpartArray = ($markerArray = array()));
485 $gpRedirectUrl = '';
486 $markerArray['###LEGEND###'] = $this->pi_getLL('oLabel_header_welcome', '', TRUE);
487 if ($this->logintype === 'login') {
488 if ($this->userIsLoggedIn) {
489 // login success
490 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('success_header', $this->conf['successHeader_stdWrap.']);
491 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('success_message', $this->conf['successMessage_stdWrap.']);
492 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
493 $subpartArray['###LOGIN_FORM###'] = '';
494 // Hook for general actions after after login has been confirmed (by Thomas Danzl <thomas@danzl.org>)
495 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed']) {
496 $_params = array();
497 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed'] as $_funcRef) {
498 if ($_funcRef) {
499 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
500 }
501 }
502 }
503 // show logout form directly
504 if ($this->conf['showLogoutFormAfterLogin']) {
505 $this->redirectUrl = '';
506 return $this->showLogout();
507 }
508 } else {
509 // Hook for general actions on login error
510 if (
511 isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'])
512 && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'])
513 ) {
514 $params = array();
515 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'] as $funcRef) {
516 if ($funcRef) {
517 GeneralUtility::callUserFunction($funcRef, $params, $this);
518 }
519 }
520 }
521 // login error
522 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('error_header', $this->conf['errorHeader_stdWrap.']);
523 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('error_message', $this->conf['errorMessage_stdWrap.']);
524 $gpRedirectUrl = GeneralUtility::_GP('redirect_url');
525 }
526 } else {
527 if ($this->logintype === 'logout') {
528 // login form after logout
529 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('logout_header', $this->conf['logoutHeader_stdWrap.']);
530 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('logout_message', $this->conf['logoutMessage_stdWrap.']);
531 } else {
532 // login form
533 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('welcome_header', $this->conf['welcomeHeader_stdWrap.']);
534 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('welcome_message', $this->conf['welcomeMessage_stdWrap.']);
535 }
536 }
537
538 // This hook allows to call User JS functions.
539 // The methods should also set the required JS functions to get included
540 $onSubmit = '';
541 $extraHidden = '';
542 $onSubmitAr = array();
543 $extraHiddenAr = array();
544 // Check for referer redirect method. if present, save referer in form field
545 if (GeneralUtility::inList($this->conf['redirectMode'], 'referer') || GeneralUtility::inList($this->conf['redirectMode'], 'refererDomains')) {
546 $referer = $this->referer ? $this->referer : GeneralUtility::getIndpEnv('HTTP_REFERER');
547 if ($referer) {
548 $extraHiddenAr[] = '<input type="hidden" name="referer" value="' . htmlspecialchars($referer) . '" />';
549 if ($this->piVars['redirectReferrer'] === 'off') {
550 $extraHiddenAr[] = '<input type="hidden" name="' . $this->prefixId . '[redirectReferrer]" value="off" />';
551 }
552 }
553 }
554 if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'])) {
555 $_params = array();
556 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] as $funcRef) {
557 list($onSub, $hid) = GeneralUtility::callUserFunction($funcRef, $_params, $this);
558 $onSubmitAr[] = $onSub;
559 $extraHiddenAr[] = $hid;
560 }
561 }
562 if (count($onSubmitAr)) {
563 $onSubmit = implode('; ', $onSubmitAr) . '; return true;';
564 }
565 if (count($extraHiddenAr)) {
566 $extraHidden = implode(LF, $extraHiddenAr);
567 }
568 if (!$gpRedirectUrl && $this->redirectUrl) {
569 $gpRedirectUrl = $this->redirectUrl;
570 }
571 // Login form
572 $markerArray['###ACTION_URI###'] = $this->getPageLink('', array(), TRUE);
573 // Used by kb_md5fepw extension...
574 $markerArray['###EXTRA_HIDDEN###'] = $extraHidden;
575 $markerArray['###LEGEND###'] = $this->pi_getLL('login', '', TRUE);
576 $markerArray['###LOGIN_LABEL###'] = $this->pi_getLL('login', '', TRUE);
577 // Used by kb_md5fepw extension...
578 $markerArray['###ON_SUBMIT###'] = $onSubmit;
579 $markerArray['###PASSWORD_LABEL###'] = $this->pi_getLL('password', '', TRUE);
580 $markerArray['###STORAGE_PID###'] = $this->spid;
581 $markerArray['###USERNAME_LABEL###'] = $this->pi_getLL('username', '', TRUE);
582 $markerArray['###REDIRECT_URL###'] = htmlspecialchars($gpRedirectUrl);
583 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
584 $markerArray['###PREFIXID###'] = $this->prefixId;
585 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
586 if ($this->conf['showForgotPasswordLink']) {
587 $linkpartArray['###FORGOT_PASSWORD_LINK###'] = explode('|', $this->getPageLink('|', array($this->prefixId . '[forgot]' => 1)));
588 $markerArray['###FORGOT_PASSWORD###'] = $this->pi_getLL('ll_forgot_header', '', TRUE);
589 } else {
590 $subpartArray['###FORGOTP_VALID###'] = '';
591 }
592 // The permanent login checkbox should only be shown if permalogin is not deactivated (-1),
593 // not forced to be always active (2) and lifetime is greater than 0
594 if (
595 $this->conf['showPermaLogin']
596 && GeneralUtility::inList('0,1', $GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'])
597 && $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'] > 0
598 ) {
599 $markerArray['###PERMALOGIN###'] = $this->pi_getLL('permalogin', '', TRUE);
600 if ($GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'] == 1) {
601 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = 'disabled="disabled"';
602 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = 'checked="checked"';
603 } else {
604 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = '';
605 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = '';
606 }
607 } else {
608 $subpartArray['###PERMALOGIN_VALID###'] = '';
609 }
610 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
611 }
612
613 /**
614 * Process redirect methods. The function searches for a redirect url using all configured methods.
615 *
616 * @return string Redirect url
617 */
618 protected function processRedirect() {
619 $redirect_url = array();
620 if ($this->conf['redirectMode']) {
621 $redirectMethods = GeneralUtility::trimExplode(',', $this->conf['redirectMode'], TRUE);
622 foreach ($redirectMethods as $redirMethod) {
623 if ($GLOBALS['TSFE']->loginUser && $this->logintype === 'login') {
624 // Logintype is needed because the login-page wouldn't be accessible anymore after a login (would always redirect)
625 switch ($redirMethod) {
626 case 'groupLogin':
627 // taken from dkd_redirect_at_login written by Ingmar Schlecht; database-field changed
628 $groupData = $GLOBALS['TSFE']->fe_user->groupData;
629 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
630 'felogin_redirectPid',
631 $GLOBALS['TSFE']->fe_user->usergroup_table,
632 'felogin_redirectPid<>\'\' AND uid IN (' . implode(',', $groupData['uid']) . ')'
633 );
634 if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_row($res)) {
635 // take the first group with a redirect page
636 $redirect_url[] = $this->pi_getPageLink($row[0]);
637 }
638 break;
639 case 'userLogin':
640 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
641 'felogin_redirectPid',
642 $GLOBALS['TSFE']->fe_user->user_table,
643 $GLOBALS['TSFE']->fe_user->userid_column . '=' . $GLOBALS['TSFE']->fe_user->user['uid'] . ' AND felogin_redirectPid<>\'\''
644 );
645 if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_row($res)) {
646 $redirect_url[] = $this->pi_getPageLink($row[0]);
647 }
648 break;
649 case 'login':
650 if ($this->conf['redirectPageLogin']) {
651 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogin']);
652 }
653 break;
654 case 'getpost':
655 $redirect_url[] = $this->redirectUrl;
656 break;
657 case 'referer':
658 // Avoid redirect when logging in after changing password
659 if ($this->piVars['redirectReferrer'] !== 'off') {
660 // Avoid forced logout, when trying to login immediately after a logout
661 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $this->referer);
662 }
663 break;
664 case 'refererDomains':
665 // Auto redirect.
666 // Feature to redirect to the page where the user came from (HTTP_REFERER).
667 // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
668 // Thanks to plan2.net / Martin Kutschker for implementing this feature.
669 // also avoid redirect when logging in after changing password
670 if ($this->conf['domains'] && $this->piVars['redirectReferrer'] !== 'off') {
671 $url = $this->referer;
672 // Is referring url allowed to redirect?
673 $match = array();
674 if (preg_match('#^http://([[:alnum:]._-]+)/#', $url, $match)) {
675 $redirect_domain = $match[1];
676 $found = FALSE;
677 foreach (GeneralUtility::trimExplode(',', $this->conf['domains'], TRUE) as $d) {
678 if (preg_match('/(^|\\.)/' . $d . '$', $redirect_domain)) {
679 $found = TRUE;
680 break;
681 }
682 }
683 if (!$found) {
684 $url = '';
685 }
686 }
687 // Avoid forced logout, when trying to login immediately after a logout
688 if ($url) {
689 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url);
690 }
691 }
692 break;
693 }
694 } elseif ($this->logintype === 'login') {
695 // after login-error
696 switch ($redirMethod) {
697 case 'loginError':
698 if ($this->conf['redirectPageLoginError']) {
699 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLoginError']);
700 }
701 break;
702 }
703 } elseif ($this->logintype == '' && $redirMethod == 'login' && $this->conf['redirectPageLogin']) {
704 // If login and page not accessible
705 $this->cObj->typolink('', array(
706 'parameter' => $this->conf['redirectPageLogin'],
707 'linkAccessRestrictedPages' => TRUE
708 ));
709 $redirect_url[] = $this->cObj->lastTypoLinkUrl;
710 } elseif ($this->logintype == '' && $redirMethod == 'logout' && $this->conf['redirectPageLogout'] && $GLOBALS['TSFE']->loginUser) {
711 // If logout and page not accessible
712 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
713 } elseif ($this->logintype === 'logout') {
714 // after logout
715 // Hook for general actions after after logout has been confirmed
716 if ($this->logintype === 'logout' && $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed']) {
717 $_params = array();
718 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed'] as $_funcRef) {
719 if ($_funcRef) {
720 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
721 }
722 }
723 }
724 switch ($redirMethod) {
725 case 'logout':
726 if ($this->conf['redirectPageLogout']) {
727 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
728 }
729 break;
730 }
731 } else {
732 // not logged in
733 // Placeholder for maybe future options
734 switch ($redirMethod) {
735 case 'getpost':
736 // Preserve the get/post value
737 $redirect_url[] = $this->redirectUrl;
738 break;
739 }
740 }
741 }
742 }
743 // Remove empty values
744 if (count($redirect_url)) {
745 return GeneralUtility::trimExplode(',', implode(',', $redirect_url), TRUE);
746 } else {
747 return array();
748 }
749 }
750
751 /**
752 * Reads flexform configuration and merge it with $this->conf
753 *
754 * @return void
755 */
756 protected function mergeflexFormValuesIntoConf() {
757 $flex = array();
758 if ($this->flexFormValue('showForgotPassword', 'sDEF')) {
759 $flex['showForgotPasswordLink'] = $this->flexFormValue('showForgotPassword', 'sDEF');
760 }
761 if ($this->flexFormValue('showPermaLogin', 'sDEF')) {
762 $flex['showPermaLogin'] = $this->flexFormValue('showPermaLogin', 'sDEF');
763 }
764 if ($this->flexFormValue('showLogoutFormAfterLogin', 'sDEF')) {
765 $flex['showLogoutFormAfterLogin'] = $this->flexFormValue('showLogoutFormAfterLogin', 'sDEF');
766 }
767 if ($this->flexFormValue('pages', 'sDEF')) {
768 $flex['pages'] = $this->flexFormValue('pages', 'sDEF');
769 }
770 if ($this->flexFormValue('recursive', 'sDEF')) {
771 $flex['recursive'] = $this->flexFormValue('recursive', 'sDEF');
772 }
773 if ($this->flexFormValue('templateFile', 'sDEF')) {
774 $flex['templateFile'] = $this->uploadDir . $this->flexFormValue('templateFile', 'sDEF');
775 }
776 if ($this->flexFormValue('redirectMode', 's_redirect')) {
777 $flex['redirectMode'] = $this->flexFormValue('redirectMode', 's_redirect');
778 }
779 if ($this->flexFormValue('redirectFirstMethod', 's_redirect')) {
780 $flex['redirectFirstMethod'] = $this->flexFormValue('redirectFirstMethod', 's_redirect');
781 }
782 if ($this->flexFormValue('redirectDisable', 's_redirect')) {
783 $flex['redirectDisable'] = $this->flexFormValue('redirectDisable', 's_redirect');
784 }
785 if ($this->flexFormValue('redirectPageLogin', 's_redirect')) {
786 $flex['redirectPageLogin'] = $this->flexFormValue('redirectPageLogin', 's_redirect');
787 }
788 if ($this->flexFormValue('redirectPageLoginError', 's_redirect')) {
789 $flex['redirectPageLoginError'] = $this->flexFormValue('redirectPageLoginError', 's_redirect');
790 }
791 if ($this->flexFormValue('redirectPageLogout', 's_redirect')) {
792 $flex['redirectPageLogout'] = $this->flexFormValue('redirectPageLogout', 's_redirect');
793 }
794 $pid = $flex['pages'] ? $this->pi_getPidList($flex['pages'], $flex['recursive']) : 0;
795 if ($pid > 0) {
796 $flex['storagePid'] = $pid;
797 }
798 $this->conf = array_merge($this->conf, $flex);
799 }
800
801 /**
802 * Loads a variable from the flexform
803 *
804 * @param string $var Name of variable
805 * @param string $sheet Name of sheet
806 * @return string Value of var
807 */
808 protected function flexFormValue($var, $sheet) {
809 return $this->pi_getFFvalue($this->cObj->data['pi_flexform'], $var, $sheet);
810 }
811
812 /**
813 * Generate link with typolink function
814 *
815 * @param string $label Linktext
816 * @param array $piVars Link vars
817 * @param bool $returnUrl TRUE: returns only url FALSE (default) returns the link)
818 * @return string Link or url
819 */
820 protected function getPageLink($label, $piVars, $returnUrl = FALSE) {
821 $additionalParams = '';
822 if (count($piVars)) {
823 foreach ($piVars as $key => $val) {
824 $additionalParams .= '&' . $key . '=' . $val;
825 }
826 }
827 // Should GETvars be preserved?
828 if ($this->conf['preserveGETvars']) {
829 $additionalParams .= $this->getPreserveGetVars();
830 }
831 $this->conf['linkConfig.']['parameter'] = $GLOBALS['TSFE']->id;
832 if ($additionalParams) {
833 $this->conf['linkConfig.']['additionalParams'] = $additionalParams;
834 }
835 if ($returnUrl) {
836 return htmlspecialchars($this->cObj->typolink_url($this->conf['linkConfig.']));
837 } else {
838 return $this->cObj->typolink($label, $this->conf['linkConfig.']);
839 }
840 }
841
842 /**
843 * Add additional parameters for links according to TS setting preserveGETvars.
844 * Possible values are "all" or a comma separated list of allowed GET-vars.
845 * Supports multi-dimensional GET-vars.
846 * Some hardcoded values are dropped.
847 *
848 * @return string additionalParams-string
849 */
850 protected function getPreserveGetVars() {
851 $getVars = GeneralUtility::_GET();
852 unset(
853 $getVars['id'],
854 $getVars['no_cache'],
855 $getVars['logintype'],
856 $getVars['redirect_url'],
857 $getVars['cHash'],
858 $getVars[$this->prefixId]
859 );
860 if ($this->conf['preserveGETvars'] === 'all') {
861 $preserveQueryParts = $getVars;
862 } else {
863 $preserveQueryParts = GeneralUtility::trimExplode(',', $this->conf['preserveGETvars']);
864 $preserveQueryParts = GeneralUtility::explodeUrl2Array(implode('=1&', $preserveQueryParts) . '=1', TRUE);
865 $preserveQueryParts = \TYPO3\CMS\Core\Utility\ArrayUtility::intersectRecursive($getVars, $preserveQueryParts);
866 }
867 $parameters = GeneralUtility::implodeArrayForUrl('', $preserveQueryParts);
868 return $parameters;
869 }
870
871 /**
872 * Is used by forgot password - function with md5 option.
873 *
874 * @author Bernhard Kraft
875 * @param int $len Length of new password
876 * @return string New password
877 */
878 protected function generatePassword($len) {
879 $pass = '';
880 while ($len--) {
881 $char = rand(0, 35);
882 if ($char < 10) {
883 $pass .= '' . $char;
884 } else {
885 $pass .= chr($char - 10 + 97);
886 }
887 }
888 return $pass;
889 }
890
891 /**
892 * Returns the header / message value from flexform if present, else from locallang.xlf
893 *
894 * @param string $label label name
895 * @param array $stdWrapArray TS stdWrap array
896 * @return string label text
897 */
898 protected function getDisplayText($label, $stdWrapArray = array()) {
899 $text = $this->flexFormValue($label, 's_messages') ? $this->cObj->stdWrap($this->flexFormValue($label, 's_messages'), $stdWrapArray) : $this->cObj->stdWrap($this->pi_getLL('ll_' . $label, '', TRUE), $stdWrapArray);
900 $replace = $this->getUserFieldMarkers();
901 return strtr($text, $replace);
902 }
903
904 /**
905 * Returns Array of markers filled with user fields
906 *
907 * @return array Marker array
908 */
909 protected function getUserFieldMarkers() {
910 $marker = array();
911 // replace markers with fe_user data
912 if ($GLOBALS['TSFE']->fe_user->user) {
913 // All fields of fe_user will be replaced, scheme is ###FEUSER_FIELDNAME###
914 foreach ($GLOBALS['TSFE']->fe_user->user as $field => $value) {
915 $marker['###FEUSER_' . GeneralUtility::strtoupper($field) . '###'] = $this->cObj->stdWrap($value, $this->conf['userfields.'][$field . '.']);
916 }
917 // Add ###USER### for compatibility
918 $marker['###USER###'] = $marker['###FEUSER_USERNAME###'];
919 }
920 return $marker;
921 }
922
923 /**
924 * Returns a valid and XSS cleaned url for redirect, checked against configuration "allowedRedirectHosts"
925 *
926 * @param string $url
927 * @return string cleaned referer or empty string if not valid
928 */
929 protected function validateRedirectUrl($url) {
930 $url = strval($url);
931 if ($url === '') {
932 return '';
933 }
934 $decodedUrl = rawurldecode($url);
935 $sanitizedUrl = GeneralUtility::removeXSS($decodedUrl);
936 if ($decodedUrl !== $sanitizedUrl || preg_match('#["<>\\\\]+#', $url)) {
937 GeneralUtility::sysLog(sprintf($this->pi_getLL('xssAttackDetected'), $url), 'felogin', GeneralUtility::SYSLOG_SEVERITY_WARNING);
938 return '';
939 }
940 // Validate the URL:
941 if ($this->isRelativeUrl($url) || $this->isInCurrentDomain($url) || $this->isInLocalDomain($url)) {
942 return $url;
943 }
944 // URL is not allowed
945 GeneralUtility::sysLog(sprintf($this->pi_getLL('noValidRedirectUrl'), $url), 'felogin', GeneralUtility::SYSLOG_SEVERITY_WARNING);
946 return '';
947 }
948
949 /**
950 * Determines whether the URL is on the current host and belongs to the
951 * current TYPO3 installation. The scheme part is ignored in the comparison.
952 *
953 * @param string $url URL to be checked
954 * @return bool Whether the URL belongs to the current TYPO3 installation
955 */
956 protected function isInCurrentDomain($url) {
957 $urlWithoutSchema = preg_replace('#^https?://#', '', $url);
958 $siteUrlWithoutSchema = preg_replace('#^https?://#', '', GeneralUtility::getIndpEnv('TYPO3_SITE_URL'));
959 return StringUtility::beginsWith($urlWithoutSchema . '/', GeneralUtility::getIndpEnv('HTTP_HOST') . '/')
960 && StringUtility::beginsWith($urlWithoutSchema, $siteUrlWithoutSchema);
961 }
962
963 /**
964 * Determines whether the URL matches a domain
965 * in the sys_domain database table.
966 *
967 * @param string $url Absolute URL which needs to be checked
968 * @return bool Whether the URL is considered to be local
969 */
970 protected function isInLocalDomain($url) {
971 $result = FALSE;
972 if (GeneralUtility::isValidUrl($url)) {
973 $parsedUrl = parse_url($url);
974 if ($parsedUrl['scheme'] === 'http' || $parsedUrl['scheme'] === 'https') {
975 $host = $parsedUrl['host'];
976 // Removes the last path segment and slash sequences like /// (if given):
977 $path = preg_replace('#/+[^/]*$#', '', $parsedUrl['path']);
978 $localDomains = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('domainName', 'sys_domain', '1=1' . $this->cObj->enableFields('sys_domain'));
979 if (is_array($localDomains)) {
980 foreach ($localDomains as $localDomain) {
981 // strip trailing slashes (if given)
982 $domainName = rtrim($localDomain['domainName'], '/');
983 if (GeneralUtility::isFirstPartOfStr($host . $path . '/', $domainName . '/')) {
984 $result = TRUE;
985 break;
986 }
987 }
988 }
989 }
990 }
991 return $result;
992 }
993
994 /**
995 * Determines whether the URL is relative to the
996 * current TYPO3 installation.
997 *
998 * @param string $url URL which needs to be checked
999 * @return bool Whether the URL is considered to be relative
1000 */
1001 protected function isRelativeUrl($url) {
1002 $parsedUrl = @parse_url($url);
1003 if ($parsedUrl !== FALSE && !isset($parsedUrl['scheme']) && !isset($parsedUrl['host'])) {
1004 // If the relative URL starts with a slash, we need to check if it's within the current site path
1005 return $parsedUrl['path'][0] !== '/' || GeneralUtility::isFirstPartOfStr($parsedUrl['path'], GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'));
1006 }
1007 return FALSE;
1008 }
1009
1010 }