6c1fc7b307f57befd95aaa620bd1db32107afdd2
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Controller / LoginController.php
1 <?php
2 namespace TYPO3\CMS\Backend\Controller;
3
4 /**
5 * Script Class for rendering the login form
6 *
7 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
8 */
9 class LoginController {
10
11 const SIGNAL_RenderLoginForm = 'renderLoginForm';
12 // Internal, GPvars:
13 // GPvar: redirect_url; The URL to redirect to after login.
14 /**
15 * @todo Define visibility
16 */
17 public $redirect_url;
18
19 // GPvar: Defines which interface to load (from interface selector)
20 /**
21 * @todo Define visibility
22 */
23 public $GPinterface;
24
25 // GPvar: preset username
26 /**
27 * @todo Define visibility
28 */
29 public $u;
30
31 // GPvar: preset password
32 /**
33 * @todo Define visibility
34 */
35 public $p;
36
37 // GPvar: If "L" is "OUT", then any logged in used is logged out. If redirect_url is given, we redirect to it
38 /**
39 * @todo Define visibility
40 */
41 public $L;
42
43 // Login-refresh boolean; The backend will call this script with this value set when the login is close to being expired and the form needs to be redrawn.
44 /**
45 * @todo Define visibility
46 */
47 public $loginRefresh;
48
49 // Value of forms submit button for login.
50 /**
51 * @todo Define visibility
52 */
53 public $commandLI;
54
55 // Internal, static:
56 // Set to the redirect URL of the form (may be redirect_url or "backend.php")
57 /**
58 * @todo Define visibility
59 */
60 public $redirectToURL;
61
62 // Internal, dynamic:
63 // Content accumulation
64 /**
65 * @todo Define visibility
66 */
67 public $content;
68
69 // A selector box for selecting value for "interface" may be rendered into this variable
70 /**
71 * @todo Define visibility
72 */
73 public $interfaceSelector;
74
75 // A selector box for selecting value for "interface" may be rendered into this variable
76 // this will have an onchange action which will redirect the user to the selected interface right away
77 /**
78 * @todo Define visibility
79 */
80 public $interfaceSelector_jump;
81
82 // A hidden field, if the interface is not set.
83 /**
84 * @todo Define visibility
85 */
86 public $interfaceSelector_hidden;
87
88 // Additional hidden fields to be placed at the login form
89 /**
90 * @todo Define visibility
91 */
92 public $addFields_hidden = '';
93
94 // sets the level of security. *'normal' = clear-text. 'challenged' = hashed
95 // password/username from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username.
96 /**
97 * @todo Define visibility
98 */
99 public $loginSecurityLevel = 'superchallenged';
100
101 /**
102 * @var \TYPO3\CMS\Extbase\SignalSlot\Dispatcher
103 */
104 protected $signalSlotDispatcher;
105
106 /**
107 * Initialize the login box. Will also react on a &L=OUT flag and exit.
108 *
109 * @return void
110 * @todo Define visibility
111 */
112 public function init() {
113 // We need a PHP session session for most login levels
114 session_start();
115 $this->redirect_url = \TYPO3\CMS\Core\Utility\GeneralUtility::sanitizeLocalUrl(\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('redirect_url'));
116 $this->GPinterface = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('interface');
117 // Grabbing preset username and password, for security reasons this feature only works if SSL is used
118 if (\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SSL')) {
119 $this->u = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('u');
120 $this->p = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('p');
121 }
122 // If "L" is "OUT", then any logged in is logged out. If redirect_url is given, we redirect to it
123 $this->L = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('L');
124 // Login
125 $this->loginRefresh = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('loginRefresh');
126 // Value of "Login" button. If set, the login button was pressed.
127 $this->commandLI = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('commandLI');
128 // Sets the level of security from conf vars
129 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel']) {
130 $this->loginSecurityLevel = $GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'];
131 }
132 // Try to get the preferred browser language
133 $preferredBrowserLanguage = $GLOBALS['LANG']->csConvObj->getPreferredClientLanguage(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('HTTP_ACCEPT_LANGUAGE'));
134 // If we found a $preferredBrowserLanguage and it is not the default language and no be_user is logged in
135 // initialize $GLOBALS['LANG'] again with $preferredBrowserLanguage
136 if ($preferredBrowserLanguage != 'default' && !$GLOBALS['BE_USER']->user['uid']) {
137 $GLOBALS['LANG']->init($preferredBrowserLanguage);
138 }
139 $GLOBALS['LANG']->includeLLFile('EXT:lang/locallang_login.xml');
140 // Setting the redirect URL to "backend.php" if no alternative input is given
141 $this->redirectToURL = $this->redirect_url ? $this->redirect_url : 'backend.php';
142 // Do a logout if the command is set
143 if ($this->L == 'OUT' && is_object($GLOBALS['BE_USER'])) {
144 $GLOBALS['BE_USER']->logoff();
145 if ($this->redirect_url) {
146 \TYPO3\CMS\Core\Utility\HttpUtility::redirect($this->redirect_url);
147 }
148 die;
149 }
150 }
151
152 /**
153 * Main function - creating the login/logout form
154 *
155 * @return void
156 * @todo Define visibility
157 */
158 public function main() {
159 // Initialize template object:
160 $GLOBALS['TBE_TEMPLATE']->bodyTagAdditions = ' onload="startUp();"';
161 $GLOBALS['TBE_TEMPLATE']->moduleTemplate = $GLOBALS['TBE_TEMPLATE']->getHtmlTemplate('templates/login.html');
162 $GLOBALS['TBE_TEMPLATE']->getPageRenderer()->loadExtJS();
163 $GLOBALS['TBE_TEMPLATE']->getPageRenderer()->loadPrototype();
164 $GLOBALS['TBE_TEMPLATE']->getPageRenderer()->loadScriptaculous();
165 // Set JavaScript for creating a MD5 hash of the password:
166 $GLOBALS['TBE_TEMPLATE']->JScode .= $this->getJScode();
167 // Checking, if we should make a redirect.
168 // Might set JavaScript in the header to close window.
169 $this->checkRedirect();
170 // Initialize interface selectors:
171 $this->makeInterfaceSelectorBox();
172 // Creating form based on whether there is a login or not:
173 if (!$GLOBALS['BE_USER']->user['uid']) {
174 $GLOBALS['TBE_TEMPLATE']->form = $this->startForm();
175 $loginForm = $this->makeLoginForm();
176 } else {
177 $GLOBALS['TBE_TEMPLATE']->form = '
178 <form action="index.php" method="post" name="loginform">
179 <input type="hidden" name="login_status" value="logout" />
180 ';
181 $loginForm = $this->makeLogoutForm();
182 }
183 // Starting page:
184 $this->content .= $GLOBALS['TBE_TEMPLATE']->startPage('TYPO3 Login: ' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], FALSE);
185 // Add login form:
186 $this->content .= $this->wrapLoginForm($loginForm);
187 $this->content .= $GLOBALS['TBE_TEMPLATE']->endPage();
188 }
189
190 /**
191 * Outputting the accumulated content to screen
192 *
193 * @return void
194 * @todo Define visibility
195 */
196 public function printContent() {
197 echo $this->content;
198 }
199
200 /*****************************
201 *
202 * Various functions
203 *
204 ******************************/
205 /**
206 * Creates the login form
207 * This is drawn when NO login exists.
208 *
209 * @return string HTML output
210 * @todo Define visibility
211 */
212 public function makeLoginForm() {
213 $content = \TYPO3\CMS\Core\Html\HtmlParser::getSubpart($GLOBALS['TBE_TEMPLATE']->moduleTemplate, '###LOGIN_FORM###');
214 $markers = array(
215 'VALUE_USERNAME' => htmlspecialchars($this->u),
216 'VALUE_PASSWORD' => htmlspecialchars($this->p),
217 'VALUE_SUBMIT' => $GLOBALS['LANG']->getLL('labels.submitLogin', TRUE)
218 );
219 // Show an error message if the login command was successful already, otherwise remove the subpart
220 if (!$this->isLoginInProgress()) {
221 $content = \TYPO3\CMS\Core\Html\HtmlParser::substituteSubpart($content, '###LOGIN_ERROR###', '');
222 } else {
223 $markers['ERROR_MESSAGE'] = $GLOBALS['LANG']->getLL('error.login', TRUE);
224 $markers['ERROR_LOGIN_TITLE'] = $GLOBALS['LANG']->getLL('error.login.title', TRUE);
225 $markers['ERROR_LOGIN_DESCRIPTION'] = $GLOBALS['LANG']->getLL('error.login.description', TRUE);
226 }
227 // Remove the interface selector markers if it's not available
228 if (!($this->interfaceSelector && !$this->loginRefresh)) {
229 $content = \TYPO3\CMS\Core\Html\HtmlParser::substituteSubpart($content, '###INTERFACE_SELECTOR###', '');
230 } else {
231 $markers['LABEL_INTERFACE'] = $GLOBALS['LANG']->getLL('labels.interface', TRUE);
232 $markers['VALUE_INTERFACE'] = $this->interfaceSelector;
233 }
234 return \TYPO3\CMS\Core\Html\HtmlParser::substituteMarkerArray($content, $markers, '###|###');
235 }
236
237 /**
238 * Creates the logout form
239 * This is drawn if a user login already exists.
240 *
241 * @return string HTML output
242 * @todo Define visibility
243 */
244 public function makeLogoutForm() {
245 $content = \TYPO3\CMS\Core\Html\HtmlParser::getSubpart($GLOBALS['TBE_TEMPLATE']->moduleTemplate, '###LOGOUT_FORM###');
246 $markers = array(
247 'LABEL_USERNAME' => $GLOBALS['LANG']->getLL('labels.username', TRUE),
248 'VALUE_USERNAME' => htmlspecialchars($GLOBALS['BE_USER']->user['username']),
249 'VALUE_SUBMIT' => $GLOBALS['LANG']->getLL('labels.submitLogout', TRUE)
250 );
251 // Remove the interface selector markers if it's not available
252 if (!$this->interfaceSelector_jump) {
253 $content = \TYPO3\CMS\Core\Html\HtmlParser::substituteSubpart($content, '###INTERFACE_SELECTOR###', '');
254 } else {
255 $markers['LABEL_INTERFACE'] = $GLOBALS['LANG']->getLL('labels.interface', TRUE);
256 $markers['VALUE_INTERFACE'] = $this->interfaceSelector_jump;
257 }
258 return \TYPO3\CMS\Core\Html\HtmlParser::substituteMarkerArray($content, $markers, '###|###');
259 }
260
261 /**
262 * Wrapping the login form table in another set of tables etc:
263 *
264 * @param string $content HTML content for the login form
265 * @return string The HTML for the page.
266 * @todo Define visibility
267 */
268 public function wrapLoginForm($content) {
269 $mainContent = \TYPO3\CMS\Core\Html\HtmlParser::getSubpart($GLOBALS['TBE_TEMPLATE']->moduleTemplate, '###PAGE###');
270 if ($GLOBALS['TBE_STYLES']['logo_login']) {
271 $logo = '<img src="' . htmlspecialchars(($GLOBALS['BACK_PATH'] . $GLOBALS['TBE_STYLES']['logo_login'])) . '" alt="" class="t3-login-logo" />';
272 } else {
273 $logo = '<img' . \TYPO3\CMS\Backend\Utility\IconUtility::skinImg($GLOBALS['BACK_PATH'], 'gfx/typo3logo.gif', 'width="123" height="34"') . ' alt="" class="t3-login-logo" />';
274 }
275 /** @var $browserWarning \TYPO3\CMS\Core\Messaging\FlashMessage */
276 $browserWarning = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $GLOBALS['LANG']->getLL('warning.incompatibleBrowser') . ' ' . $GLOBALS['LANG']->getLL('warning.incompatibleBrowserInternetExplorer'), $GLOBALS['LANG']->getLL('warning.incompatibleBrowserHeadline'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);
277 $browserWarning = $browserWarning->render();
278 $additionalCssClasses = array();
279 if ($this->isLoginInProgress()) {
280 $additionalCssClasses[] = 'error';
281 }
282 if ($this->loginRefresh) {
283 $additionalCssClasses[] = 'refresh';
284 }
285 $markers = array(
286 'LOGO' => $logo,
287 'LOGINBOX_IMAGE' => $this->makeLoginBoxImage(),
288 'FORM' => $content,
289 'NEWS' => $this->makeLoginNews(),
290 'COPYRIGHT' => \TYPO3\CMS\Backend\Utility\BackendUtility::TYPO3_copyRightNotice($GLOBALS['TYPO3_CONF_VARS']['SYS']['loginCopyrightShowVersion']),
291 'CSS_CLASSES' => !empty($additionalCssClasses) ? 'class="' . implode(' ', $additionalCssClasses) . '"' : '',
292 'CSS_OPENIDCLASS' => 't3-login-openid-' . (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('openid') ? 'enabled' : 'disabled'),
293 // The labels will be replaced later on, thus the other parts above
294 // can use these markers as well and it will be replaced
295 'HEADLINE' => $GLOBALS['LANG']->getLL('headline', TRUE),
296 'INFO_ABOUT' => $GLOBALS['LANG']->getLL('info.about', TRUE),
297 'INFO_RELOAD' => $GLOBALS['LANG']->getLL('info.reset', TRUE),
298 'INFO' => $GLOBALS['LANG']->getLL('info.cookies_and_js', TRUE),
299 'WARNING_BROWSER_INCOMPATIBLE' => $browserWarning,
300 'ERROR_JAVASCRIPT' => $GLOBALS['LANG']->getLL('error.javascript', TRUE),
301 'ERROR_COOKIES' => $GLOBALS['LANG']->getLL('error.cookies', TRUE),
302 'ERROR_COOKIES_IGNORE' => $GLOBALS['LANG']->getLL('error.cookies_ignore', TRUE),
303 'ERROR_CAPSLOCK' => $GLOBALS['LANG']->getLL('error.capslock', TRUE),
304 'ERROR_FURTHERHELP' => $GLOBALS['LANG']->getLL('error.furtherInformation', TRUE),
305 'LABEL_DONATELINK' => $GLOBALS['LANG']->getLL('labels.donate', TRUE),
306 'LABEL_USERNAME' => $GLOBALS['LANG']->getLL('labels.username', TRUE),
307 'LABEL_OPENID' => $GLOBALS['LANG']->getLL('labels.openId', TRUE),
308 'LABEL_PASSWORD' => $GLOBALS['LANG']->getLL('labels.password', TRUE),
309 'LABEL_WHATISOPENID' => $GLOBALS['LANG']->getLL('labels.whatIsOpenId', TRUE),
310 'LABEL_SWITCHOPENID' => $GLOBALS['LANG']->getLL('labels.switchToOpenId', TRUE),
311 'LABEL_SWITCHDEFAULT' => $GLOBALS['LANG']->getLL('labels.switchToDefault', TRUE),
312 'CLEAR' => $GLOBALS['LANG']->getLL('clear', TRUE),
313 'LOGIN_PROCESS' => $GLOBALS['LANG']->getLL('login_process', TRUE),
314 'SITELINK' => '<a href="/">###SITENAME###</a>',
315 // Global variables will now be replaced (at last)
316 'SITENAME' => htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'])
317 );
318 $this->emitRenderLoginFormSignal($markers);
319 return \TYPO3\CMS\Core\Html\HtmlParser::substituteMarkerArray($mainContent, $markers, '###|###');
320 }
321
322 /**
323 * Checking, if we should perform some sort of redirection OR closing of windows.
324 *
325 * @return void
326 * @todo Define visibility
327 */
328 public function checkRedirect() {
329 // Do redirect:
330 // If a user is logged in AND a) if either the login is just done (isLoginInProgress) or b) a loginRefresh is done or c) the interface-selector is NOT enabled (If it is on the other hand, it should not just load an interface, because people has to choose then...)
331 if ($GLOBALS['BE_USER']->user['uid'] && ($this->isLoginInProgress() || $this->loginRefresh || !$this->interfaceSelector)) {
332 // If no cookie has been set previously we tell people that this is a problem. This assumes that a cookie-setting script (like this one) has been hit at least once prior to this instance.
333 if (!$_COOKIE[\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName()]) {
334 if ($this->commandLI == 'setCookie') {
335 // we tried it a second time but still no cookie
336 // 26/4 2005: This does not work anymore, because the saving of challenge values in $_SESSION means the system will act as if the password was wrong.
337 throw new \RuntimeException('Login-error: Yeah, that\'s a classic. No cookies, no TYPO3.<br /><br />Please accept cookies from TYPO3 - otherwise you\'ll not be able to use the system.', 1294586846);
338 } else {
339 // try it once again - that might be needed for auto login
340 $this->redirectToURL = 'index.php?commandLI=setCookie';
341 }
342 }
343 if ($redirectToURL = (string) $GLOBALS['BE_USER']->getTSConfigVal('auth.BE.redirectToURL')) {
344 $this->redirectToURL = $redirectToURL;
345 $this->GPinterface = '';
346 }
347 // store interface
348 $GLOBALS['BE_USER']->uc['interfaceSetup'] = $this->GPinterface;
349 $GLOBALS['BE_USER']->writeUC();
350 // Based on specific setting of interface we set the redirect script:
351 switch ($this->GPinterface) {
352 case 'backend':
353
354 case 'backend_old':
355 $this->redirectToURL = 'backend.php';
356 break;
357 case 'frontend':
358 $this->redirectToURL = '../';
359 break;
360 }
361 /** @var $formProtection \TYPO3\CMS\Core\FormProtection\BackendFormProtection */
362 $formProtection = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get();
363 // If there is a redirect URL AND if loginRefresh is not set...
364 if (!$this->loginRefresh) {
365 $formProtection->storeSessionTokenInRegistry();
366 \TYPO3\CMS\Core\Utility\HttpUtility::redirect($this->redirectToURL);
367 } else {
368 $formProtection->setSessionTokenFromRegistry();
369 $formProtection->persistSessionToken();
370 $GLOBALS['TBE_TEMPLATE']->JScode .= $GLOBALS['TBE_TEMPLATE']->wrapScriptTags('
371 if (parent.opener && (parent.opener.busy || parent.opener.TYPO3.loginRefresh)) {
372 if (parent.opener.TYPO3.loginRefresh) {
373 parent.opener.TYPO3.loginRefresh.startTimer();
374 } else {
375 parent.opener.busy.loginRefreshed();
376 }
377 parent.close();
378 }
379 ');
380 }
381 } elseif (!$GLOBALS['BE_USER']->user['uid'] && $this->isLoginInProgress()) {
382 // Wrong password, wait for 5 seconds
383 sleep(5);
384 }
385 }
386
387 /**
388 * Making interface selector:
389 *
390 * @return void
391 * @todo Define visibility
392 */
393 public function makeInterfaceSelectorBox() {
394 // Reset variables:
395 $this->interfaceSelector = '';
396 $this->interfaceSelector_hidden = '';
397 $this->interfaceSelector_jump = '';
398 // If interfaces are defined AND no input redirect URL in GET vars:
399 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces'] && ($this->isLoginInProgress() || !$this->redirect_url)) {
400 $parts = \TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces']);
401 // Only if more than one interface is defined will we show the selector:
402 if (count($parts) > 1) {
403 // Initialize:
404 $labels = array();
405 $labels['backend'] = $GLOBALS['LANG']->getLL('interface.backend');
406 $labels['backend_old'] = $GLOBALS['LANG']->getLL('interface.backend_old');
407 $labels['frontend'] = $GLOBALS['LANG']->getLL('interface.frontend');
408 $jumpScript = array();
409 $jumpScript['backend'] = 'backend.php';
410 $jumpScript['backend_old'] = 'backend.php';
411 $jumpScript['frontend'] = '../';
412 // Traverse the interface keys:
413 foreach ($parts as $valueStr) {
414 $this->interfaceSelector .= '
415 <option value="' . htmlspecialchars($valueStr) . '"' . (\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('interface') == htmlspecialchars($valueStr) ? ' selected="selected"' : '') . '>' . htmlspecialchars($labels[$valueStr]) . '</option>';
416 $this->interfaceSelector_jump .= '
417 <option value="' . htmlspecialchars($jumpScript[$valueStr]) . '">' . htmlspecialchars($labels[$valueStr]) . '</option>';
418 }
419 $this->interfaceSelector = '
420 <select id="t3-interfaceselector" name="interface" class="c-interfaceselector" tabindex="3">' . $this->interfaceSelector . '
421 </select>';
422 $this->interfaceSelector_jump = '
423 <select id="t3-interfaceselector" name="interface" class="c-interfaceselector" tabindex="3" onchange="window.location.href=this.options[this.selectedIndex].value;">' . $this->interfaceSelector_jump . '
424 </select>';
425 } elseif (!$this->redirect_url) {
426 // If there is only ONE interface value set and no redirect_url is present:
427 $this->interfaceSelector_hidden = '<input type="hidden" name="interface" value="' . trim($GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces']) . '" />';
428 }
429 }
430 }
431
432 /**
433 * COPYRIGHT notice
434 *
435 * Warning:
436 * DO NOT prevent this notice from being shown in ANY WAY.
437 * According to the GPL license an interactive application must show such a notice on start-up ('If the program is interactive, make it output a short notice... ' - see GPL.txt)
438 * Therefore preventing this notice from being properly shown is a violation of the license, regardless of whether you remove it or use a stylesheet to obstruct the display.
439 *
440 * @return string Text/Image (HTML) for copyright notice.
441 *
442 * @todo Define visibility
443 * @deprecated since TYPO3 6.0, will be removed in TYPO3 6.2
444 * @see \TYPO3\CMS\Backend\Utility\BackendUtility::TYPO3_copyRightNotice()
445 */
446 public function makeCopyrightNotice() {
447 \TYPO3\CMS\Core\Utility\GeneralUtility::logDeprecatedFunction();
448 return \TYPO3\CMS\Backend\Utility\BackendUtility::TYPO3_copyRightNotice();
449 }
450
451 /**
452 * Returns the login box image, whether the default or an image from the rotation folder.
453 *
454 * @return string HTML image tag.
455 * @todo Define visibility
456 */
457 public function makeLoginBoxImage() {
458 $loginboxImage = '';
459 // Look for rotation image folder:
460 if ($GLOBALS['TBE_STYLES']['loginBoxImage_rotationFolder']) {
461 $absPath = \TYPO3\CMS\Core\Utility\GeneralUtility::resolveBackPath(PATH_typo3 . $GLOBALS['TBE_STYLES']['loginBoxImage_rotationFolder']);
462 // Get rotation folder:
463 $dir = \TYPO3\CMS\Core\Utility\GeneralUtility::getFileAbsFileName($absPath);
464 if ($dir && @is_dir($dir)) {
465 // Get files for rotation into array:
466 $files = \TYPO3\CMS\Core\Utility\GeneralUtility::getFilesInDir($dir, 'png,jpg,gif');
467 // Pick random file:
468 $randImg = array_rand($files, 1);
469 // Get size of random file:
470 $imgSize = @getimagesize(($dir . $files[$randImg]));
471 $imgAuthor = is_array($GLOBALS['TBE_STYLES']['loginBoxImage_author']) && $GLOBALS['TBE_STYLES']['loginBoxImage_author'][$files[$randImg]] ? htmlspecialchars($GLOBALS['TBE_STYLES']['loginBoxImage_author'][$files[$randImg]]) : '';
472 // Create image tag:
473 if (is_array($imgSize)) {
474 $loginboxImage = '<img src="' . htmlspecialchars(($GLOBALS['TBE_STYLES']['loginBoxImage_rotationFolder'] . $files[$randImg])) . '" ' . $imgSize[3] . ' id="loginbox-image" alt="' . $imgAuthor . '" title="' . $imgAuthor . '" />';
475 }
476 }
477 } else {
478 // If no rotation folder configured, print default image:
479 // Development version
480 if (strstr(TYPO3_version, '-dev')) {
481 $loginImage = 'loginbox_image_dev.png';
482 $imagecopy = 'You are running a development version of TYPO3 ' . TYPO3_branch;
483 } else {
484 $loginImage = 'loginbox_image.jpg';
485 $imagecopy = 'Photo by J.C. Franca (www.digitalphoto.com.br)';
486 }
487 $loginboxImage = '<img' . \TYPO3\CMS\Backend\Utility\IconUtility::skinImg($GLOBALS['BACK_PATH'], ('gfx/' . $loginImage), 'width="200" height="133"') . ' id="loginbox-image" alt="' . $imagecopy . '" title="' . $imagecopy . '" />';
488 }
489 // Return image tag:
490 return $loginboxImage;
491 }
492
493 /**
494 * Make login news - renders the HTML content for a list of news shown under
495 * the login form. News data is added through $GLOBALS['TYPO3_CONF_VARS']
496 *
497 * @return string HTML content
498 * @credits Idea by Jan-Hendrik Heuing
499 * @todo Define visibility
500 */
501 public function makeLoginNews() {
502 $newsContent = '';
503 $systemNews = $this->getSystemNews();
504 // Traverse news array IF there are records in it:
505 if (is_array($systemNews) && count($systemNews) && !\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('loginRefresh')) {
506 /** @var $htmlParser \TYPO3\CMS\Core\Html\RteHtmlParser */
507 $htmlParser = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Html\\RteHtmlParser');
508 // Get the main news template, and replace the subpart after looped through
509 $newsContent = \TYPO3\CMS\Core\Html\HtmlParser::getSubpart($GLOBALS['TBE_TEMPLATE']->moduleTemplate, '###LOGIN_NEWS###');
510 $newsItemTemplate = \TYPO3\CMS\Core\Html\HtmlParser::getSubpart($newsContent, '###NEWS_ITEM###');
511 $newsItem = '';
512 $count = 1;
513 foreach ($systemNews as $newsItemData) {
514 $additionalClass = '';
515 if ($count == 1) {
516 $additionalClass = ' first-item';
517 } elseif ($count == count($systemNews)) {
518 $additionalClass = ' last-item';
519 }
520 $newsItemContent = $htmlParser->TS_transform_rte($htmlParser->TS_links_rte($newsItemData['content']));
521 $newsItemMarker = array(
522 '###HEADER###' => htmlspecialchars($newsItemData['header']),
523 '###DATE###' => htmlspecialchars($newsItemData['date']),
524 '###CONTENT###' => $newsItemContent,
525 '###CLASS###' => $additionalClass
526 );
527 $count++;
528 $newsItem .= \TYPO3\CMS\Core\Html\HtmlParser::substituteMarkerArray($newsItemTemplate, $newsItemMarker);
529 }
530 $title = $GLOBALS['TYPO3_CONF_VARS']['BE']['loginNewsTitle'] ? $GLOBALS['TYPO3_CONF_VARS']['BE']['loginNewsTitle'] : $GLOBALS['LANG']->getLL('newsheadline');
531 $newsContent = \TYPO3\CMS\Core\Html\HtmlParser::substituteMarker($newsContent, '###NEWS_HEADLINE###', htmlspecialchars($title));
532 $newsContent = \TYPO3\CMS\Core\Html\HtmlParser::substituteSubpart($newsContent, '###NEWS_ITEM###', $newsItem);
533 }
534 return $newsContent;
535 }
536
537 /**
538 * Gets news from sys_news and converts them into a format suitable for
539 * showing them at the login screen.
540 *
541 * @return array An array of login news.
542 */
543 protected function getSystemNews() {
544 $systemNewsTable = 'sys_news';
545 $systemNews = array();
546 $systemNewsRecords = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('title, content, crdate', $systemNewsTable, '1=1' . \TYPO3\CMS\Backend\Utility\BackendUtility::BEenableFields($systemNewsTable) . \TYPO3\CMS\Backend\Utility\BackendUtility::deleteClause($systemNewsTable), '', 'crdate DESC');
547 foreach ($systemNewsRecords as $systemNewsRecord) {
548 $systemNews[] = array(
549 'date' => date($GLOBALS['TYPO3_CONF_VARS']['SYS']['ddmmyy'], $systemNewsRecord['crdate']),
550 'header' => $systemNewsRecord['title'],
551 'content' => $systemNewsRecord['content']
552 );
553 }
554 return $systemNews;
555 }
556
557 /**
558 * Returns the form tag
559 *
560 * @return string Opening form tag string
561 * @todo Define visibility
562 */
563 public function startForm() {
564 $output = '';
565 // The form defaults to 'no login'. This prevents plain
566 // text logins to the Backend. The 'sv' extension changes the form to
567 // use superchallenged method and rsaauth extension makes rsa authetication.
568 $form = '<form action="index.php" method="post" name="loginform" ' . 'onsubmit="alert(\'No authentication methods available. Please, ' . 'contact your TYPO3 administrator.\');return false">';
569 // Call hooks. If they do not return anything, we fail to login
570 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/index.php']['loginFormHook'])) {
571 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/index.php']['loginFormHook'] as $function) {
572 $params = array();
573 $formCode = \TYPO3\CMS\Core\Utility\GeneralUtility::callUserFunction($function, $params, $this);
574 if ($formCode) {
575 $form = $formCode;
576 break;
577 }
578 }
579 }
580 $output .= $form . '<input type="hidden" name="login_status" value="login" />' . '<input type="hidden" name="userident" value="" />' . '<input type="hidden" name="redirect_url" value="' . htmlspecialchars($this->redirectToURL) . '" />' . '<input type="hidden" name="loginRefresh" value="' . htmlspecialchars($this->loginRefresh) . '" />' . $this->interfaceSelector_hidden . $this->addFields_hidden;
581 return $output;
582 }
583
584 /**
585 * Creates JavaScript for the login form
586 *
587 * @return string JavaScript code
588 * @todo Define visibility
589 */
590 public function getJScode() {
591 $JSCode = '';
592 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/index.php']['loginScriptHook'])) {
593 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/index.php']['loginScriptHook'] as $function) {
594 $params = array();
595 $JSCode = \TYPO3\CMS\Core\Utility\GeneralUtility::callUserFunction($function, $params, $this);
596 if ($JSCode) {
597 break;
598 }
599 }
600 }
601 $JSCode .= $GLOBALS['TBE_TEMPLATE']->wrapScriptTags('
602 function startUp() {
603 // If the login screen is shown in the login_frameset window for re-login, then try to get the username of the current/former login from opening windows main frame:
604 try {
605 if (parent.opener && parent.opener.TS && parent.opener.TS.username && document.loginform && document.loginform.username) {
606 document.loginform.username.value = parent.opener.TS.username;
607 }
608 }
609 catch(error) {
610 //continue
611 }
612
613 // Wait a few millisecons before calling checkFocus(). This might be necessary because some browsers need some time to auto-fill in the form fields
614 window.setTimeout("checkFocus()", 50);
615 }
616
617 // This moves focus to the right input field:
618 function checkFocus() {
619 // If for some reason there already is a username in the username form field, move focus to the password field:
620 if (document.loginform.username && document.loginform.username.value == "") {
621 document.loginform.username.focus();
622 } else if (document.loginform.p_field && document.loginform.p_field.type!="hidden") {
623 document.loginform.p_field.focus();
624 }
625 }
626
627 // This function shows a warning, if user has capslock enabled
628 // parameter showWarning: shows warning if TRUE and capslock active, otherwise only hides warning, if capslock gets inactive
629 function checkCapslock(e, showWarning) {
630 if (!isCapslock(e)) {
631 document.getElementById(\'t3-capslock\').style.display = \'none\';
632 } else if (showWarning) {
633 document.getElementById(\'t3-capslock\').style.display = \'block\';
634 }
635 }
636
637 // Checks weather capslock is enabled (returns TRUE if enabled, false otherwise)
638 // thanks to http://24ways.org/2007/capturing-caps-lock
639
640 function isCapslock(e) {
641 var ev = e ? e : window.event;
642 if (!ev) {
643 return;
644 }
645 var targ = ev.target ? ev.target : ev.srcElement;
646 // get key pressed
647 var which = -1;
648 if (ev.which) {
649 which = ev.which;
650 } else if (ev.keyCode) {
651 which = ev.keyCode;
652 }
653 // get shift status
654 var shift_status = false;
655 if (ev.shiftKey) {
656 shift_status = ev.shiftKey;
657 } else if (ev.modifiers) {
658 shift_status = !!(ev.modifiers & 4);
659 }
660 return (((which >= 65 && which <= 90) && !shift_status) ||
661 ((which >= 97 && which <= 122) && shift_status));
662 }
663
664 // prevent opening the login form in the backend frameset
665 if (top.location.href != self.location.href) {
666 top.location.href = self.location.href;
667 }
668
669 ');
670 return $JSCode;
671 }
672
673 /**
674 * Checks if login credentials are currently submitted
675 *
676 * @return boolean
677 */
678 protected function isLoginInProgress() {
679 $username = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('username');
680 return !(empty($username) && empty($this->commandLI));
681 }
682
683 /**
684 * Emits the render login form signal
685 *
686 * @param array $markers Array with markers for the login form
687 * @return void
688 */
689 protected function emitRenderLoginFormSignal(array &$markers) {
690 $this->getSignalSlotDispatcher()->dispatch('TYPO3\\CMS\\Backend\\Controller\\LoginController', self::SIGNAL_RenderLoginForm, array($this, $markers));
691 }
692
693 /**
694 * Get the SignalSlot dispatcher
695 *
696 * @return \TYPO3\CMS\Extbase\SignalSlot\Dispatcher
697 */
698 protected function getSignalSlotDispatcher() {
699 if (!isset($this->signalSlotDispatcher)) {
700 $this->signalSlotDispatcher = $this->getObjectManager()->get('TYPO3\\CMS\\Extbase\\SignalSlot\\Dispatcher');
701 }
702 return $this->signalSlotDispatcher;
703 }
704
705 /**
706 * Get the ObjectManager
707 *
708 * @return \TYPO3\CMS\Extbase\Object\ObjectManager
709 */
710 protected function getObjectManager() {
711 return \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Extbase\\Object\\ObjectManager');
712 }
713
714 }
715
716
717 ?>