[!!!][TASK] Remove sys_domain and LegacyDomains
[Packages/TYPO3.CMS.git] / typo3 / sysext / felogin / Classes / Controller / FrontendLoginController.php
1 <?php
2 namespace TYPO3\CMS\Felogin\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Log\LoggerAwareInterface;
18 use Psr\Log\LoggerAwareTrait;
19 use TYPO3\CMS\Core\Authentication\LoginType;
20 use TYPO3\CMS\Core\Context\Context;
21 use TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
22 use TYPO3\CMS\Core\Crypto\Random;
23 use TYPO3\CMS\Core\Database\Connection;
24 use TYPO3\CMS\Core\Database\ConnectionPool;
25 use TYPO3\CMS\Core\Database\Query\Restriction\FrontendRestrictionContainer;
26 use TYPO3\CMS\Core\Exception\SiteNotFoundException;
27 use TYPO3\CMS\Core\Site\SiteFinder;
28 use TYPO3\CMS\Core\Utility\GeneralUtility;
29 use TYPO3\CMS\Core\Utility\HttpUtility;
30 use TYPO3\CMS\Frontend\Plugin\AbstractPlugin;
31
32 /**
33 * Plugin 'Website User Login' for the 'felogin' extension.
34 *
35 * @internal this is a concrete TYPO3 implementation and solely used for EXT:felogin and not part of TYPO3's Core API.
36 */
37 class FrontendLoginController extends AbstractPlugin implements LoggerAwareInterface
38 {
39 use LoggerAwareTrait;
40
41 /**
42 * Same as class name
43 *
44 * @var string
45 */
46 public $prefixId = 'tx_felogin_pi1';
47
48 /**
49 * The extension key.
50 *
51 * @var string
52 */
53 public $extKey = 'felogin';
54
55 /**
56 * @var bool
57 */
58 public $pi_checkCHash = false;
59
60 /**
61 * @var bool
62 */
63 public $pi_USER_INT_obj = true;
64
65 /**
66 * Is user logged in?
67 *
68 * @var bool
69 */
70 protected $userIsLoggedIn;
71
72 /**
73 * Holds the template for FE rendering
74 *
75 * @var string
76 */
77 protected $template;
78
79 /**
80 * URL for the redirect
81 *
82 * @var string
83 */
84 protected $redirectUrl;
85
86 /**
87 * Flag for disable the redirect
88 *
89 * @var bool
90 */
91 protected $noRedirect = false;
92
93 /**
94 * Logintype (given as GPvar), possible: login, logout
95 *
96 * @var string
97 */
98 protected $logintype;
99
100 /** @var SiteFinder */
101 protected $siteFinder;
102
103 /**
104 * A list of page UIDs, either an integer or a comma-separated list of integers
105 *
106 * @var string
107 */
108 public $spid;
109
110 /**
111 * Referrer
112 *
113 * @var string
114 */
115 public $referer;
116
117 /**
118 * The main method of the plugin
119 *
120 * @param string $content The PlugIn content
121 * @param array $conf The PlugIn configuration
122 * @return string The content that is displayed on the website
123 * @throws \RuntimeException when no storage PID was configured.
124 */
125 public function main($content, $conf)
126 {
127 $this->siteFinder = GeneralUtility::makeInstance(SiteFinder::class);
128
129 // Loading TypoScript array into object variable:
130 $this->conf = $conf;
131 // Loading default pivars
132 $this->pi_setPiVarDefaults();
133 // Loading language-labels
134 $this->pi_loadLL('EXT:felogin/Resources/Private/Language/locallang.xlf');
135 // Init FlexForm configuration for plugin:
136 $this->pi_initPIflexForm();
137 $this->mergeflexFormValuesIntoConf();
138 // Get storage PIDs:
139 if ($this->conf['storagePid']) {
140 if ((int)$this->conf['recursive']) {
141 $this->spid = $this->pi_getPidList($this->conf['storagePid'], (int)$this->conf['recursive']);
142 } else {
143 $this->spid = $this->conf['storagePid'];
144 }
145 } else {
146 throw new \RuntimeException('No storage folder (option storagePid) for frontend users given.', 1450904202);
147 }
148 // GPvars:
149 $this->logintype = GeneralUtility::_GP('logintype');
150 $this->referer = $this->validateRedirectUrl(GeneralUtility::_GP('referer'));
151 $this->noRedirect = $this->piVars['noredirect'] || $this->conf['redirectDisable'];
152 // If config.typolinkLinkAccessRestrictedPages is set, the var is return_url
153 $returnUrl = GeneralUtility::_GP('return_url');
154 if ($returnUrl) {
155 $this->redirectUrl = $returnUrl;
156 } else {
157 $this->redirectUrl = GeneralUtility::_GP('redirect_url');
158 }
159 $this->redirectUrl = $this->validateRedirectUrl($this->redirectUrl);
160 // Get Template
161 $templateFile = $this->conf['templateFile'] ?: 'EXT:felogin/Resources/Private/Templates/FrontendLogin.html';
162 $template = GeneralUtility::getFileAbsFileName($templateFile);
163 if ($template !== '' && file_exists($template)) {
164 $this->template = file_get_contents($template);
165 }
166 // Is user logged in?
167 $this->userIsLoggedIn = GeneralUtility::makeInstance(Context::class)->getPropertyFromAspect('frontend.user', 'isLoggedIn');
168 // Redirect
169 if ($this->conf['redirectMode'] && !$this->conf['redirectDisable'] && !$this->noRedirect) {
170 $redirectUrl = $this->processRedirect();
171 if (!empty($redirectUrl)) {
172 $this->redirectUrl = $this->conf['redirectFirstMethod'] ? array_shift($redirectUrl) : array_pop($redirectUrl);
173 } else {
174 $this->redirectUrl = '';
175 }
176 }
177 // What to display
178 $content = '';
179 if ($this->piVars['forgot'] && $this->conf['showForgotPasswordLink']) {
180 $content .= $this->showForgot();
181 } elseif ($this->piVars['forgothash']) {
182 $content .= $this->changePassword();
183 } else {
184 if ($this->userIsLoggedIn && !$this->logintype) {
185 $content .= $this->showLogout();
186 } else {
187 $content .= $this->showLogin();
188 }
189 }
190 // Process the redirect
191 if (($this->logintype === LoginType::LOGIN || $this->logintype === LoginType::LOGOUT) && $this->redirectUrl && !$this->noRedirect) {
192 if (!$this->frontendController->fe_user->isCookieSet() && $this->userIsLoggedIn) {
193 $content .= $this->cObj->stdWrap($this->pi_getLL('cookie_warning'), $this->conf['cookieWarning_stdWrap.']);
194 } else {
195 // Add hook for extra processing before redirect
196 $_params = [
197 'loginType' => $this->logintype,
198 'redirectUrl' => &$this->redirectUrl
199 ];
200 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'] ?? [] as $_funcRef) {
201 if ($_funcRef) {
202 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
203 }
204 }
205 \TYPO3\CMS\Core\Utility\HttpUtility::redirect($this->redirectUrl);
206 }
207 }
208 // Adds hook for processing of extra item markers / special
209 $_params = [
210 'content' => $content
211 ];
212 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'] ?? [] as $_funcRef) {
213 $content = GeneralUtility::callUserFunction($_funcRef, $_params, $this);
214 }
215 return $this->conf['wrapContentInBaseClass'] ? $this->pi_wrapInBaseClass($content) : $content;
216 }
217
218 /**
219 * Shows the forgot password form
220 *
221 * @return string Content
222 */
223 protected function showForgot()
224 {
225 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_FORGOT###');
226 $subpartArray = ($linkpartArray = []);
227 $postData = GeneralUtility::_POST($this->prefixId);
228 if ($postData['forgot_email']) {
229 // Get hashes for compare
230 $postedHash = $postData['forgot_hash'];
231 $hashData = $this->frontendController->fe_user->getKey('ses', 'forgot_hash');
232 if ($postedHash === $hashData['forgot_hash']) {
233 $userTable = $this->frontendController->fe_user->user_table;
234 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
235 $queryBuilder->setRestrictions(GeneralUtility::makeInstance(FrontendRestrictionContainer::class));
236 $row = $queryBuilder
237 ->select('*')
238 ->from($userTable)
239 ->where(
240 $queryBuilder->expr()->orX(
241 $queryBuilder->expr()->eq(
242 'email',
243 $queryBuilder->createNamedParameter($this->piVars['forgot_email'], \PDO::PARAM_STR)
244 ),
245 $queryBuilder->expr()->eq(
246 'username',
247 $queryBuilder->createNamedParameter($this->piVars['forgot_email'], \PDO::PARAM_STR)
248 )
249 ),
250 $queryBuilder->expr()->in(
251 'pid',
252 $queryBuilder->createNamedParameter(
253 GeneralUtility::intExplode(',', $this->spid),
254 Connection::PARAM_INT_ARRAY
255 )
256 )
257 )
258 ->execute()
259 ->fetch();
260
261 $error = null;
262 if ($row) {
263 // Generate an email with the hashed link
264 $error = $this->generateAndSendHash($row);
265 } elseif ($this->conf['exposeNonexistentUserInForgotPasswordDialog']) {
266 $error = $this->pi_getLL('ll_forgot_reset_message_error');
267 }
268 // Generate message
269 if ($error) {
270 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($error, $this->conf['forgotErrorMessage_stdWrap.']);
271 } else {
272 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap(
273 $this->pi_getLL('ll_forgot_reset_message_emailSent'),
274 $this->conf['forgotResetMessageEmailSentMessage_stdWrap.']
275 );
276 }
277 $subpartArray['###FORGOT_FORM###'] = '';
278 } else {
279 // Wrong email
280 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
281 $markerArray['###BACKLINK_LOGIN###'] = '';
282 }
283 } else {
284 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
285 $markerArray['###BACKLINK_LOGIN###'] = '';
286 }
287 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(htmlspecialchars($this->pi_getLL('ll_forgot_header_backToLogin')), []);
288 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('forgot_header', $this->conf['forgotHeader_stdWrap.']);
289 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('legend', $this->pi_getLL('reset_password')));
290 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [$this->prefixId . '[forgot]' => 1], true);
291 $markerArray['###EMAIL_LABEL###'] = htmlspecialchars($this->pi_getLL('your_email'));
292 $markerArray['###FORGOT_PASSWORD_ENTEREMAIL###'] = htmlspecialchars($this->pi_getLL('forgot_password_enterEmail'));
293 $markerArray['###FORGOT_EMAIL###'] = $this->prefixId . '[forgot_email]';
294 $markerArray['###SEND_PASSWORD###'] = htmlspecialchars($this->pi_getLL('reset_password'));
295 $markerArray['###DATA_LABEL###'] = htmlspecialchars($this->pi_getLL('ll_enter_your_data'));
296 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
297 // Generate hash
298 $hash = md5($this->generatePassword(3));
299 $markerArray['###FORGOTHASH###'] = $hash;
300 // Set hash in feuser session
301 $this->frontendController->fe_user->setKey('ses', 'forgot_hash', ['forgot_hash' => $hash]);
302 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
303 }
304
305 /**
306 * This function checks the hash from link and checks the validity. If it's valid it shows the form for
307 * changing the password and process the change of password after submit, if not valid it returns the error message
308 *
309 * @return string The content.
310 */
311 protected function changePassword()
312 {
313 $subpartArray = ($linkpartArray = []);
314 $done = false;
315 $minLength = (int)$this->conf['newPasswordMinLength'] ?: 6;
316 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_CHANGEPASSWORD###');
317 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('change_password_header', $this->conf['changePasswordHeader_stdWrap.']);
318 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
319 'change_password_message',
320 $this->conf['changePasswordMessage_stdWrap.']
321 ), $minLength);
322
323 $markerArray['###BACKLINK_LOGIN###'] = '';
324 $uid = $this->piVars['user'];
325 $piHash = $this->piVars['forgothash'];
326 $hash = explode('|', rawurldecode($piHash));
327 if ((int)$uid === 0) {
328 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
329 'change_password_notvalid_message',
330 $this->conf['changePasswordNotValidMessage_stdWrap.']
331 );
332 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
333 } else {
334 $user = $this->pi_getRecord('fe_users', (int)$uid);
335 $userHash = $user['felogin_forgotHash'];
336 $compareHash = explode('|', $userHash);
337 if (!$compareHash || !$compareHash[1] || $compareHash[0] < time() || $hash[0] != $compareHash[0] || md5($hash[1]) != $compareHash[1]) {
338 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
339 'change_password_notvalid_message',
340 $this->conf['changePasswordNotValidMessage_stdWrap.']
341 );
342 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
343 } else {
344 // All is fine, continue with new password
345 $postData = GeneralUtility::_POST($this->prefixId);
346 if (isset($postData['changepasswordsubmit'])) {
347 if (strlen($postData['password1']) < $minLength) {
348 $markerArray['###STATUS_MESSAGE###'] = sprintf(
349 $this->getDisplayText(
350 'change_password_tooshort_message',
351 $this->conf['changePasswordTooShortMessage_stdWrap.']
352 ),
353 $minLength
354 );
355 } elseif ($postData['password1'] != $postData['password2']) {
356 $markerArray['###STATUS_MESSAGE###'] = sprintf(
357 $this->getDisplayText(
358 'change_password_notequal_message',
359 $this->conf['changePasswordNotEqualMessage_stdWrap.']
360 ),
361 $minLength
362 );
363 } else {
364 // Hash password using configured salted passwords hash mechanism for FE
365 $hashInstance = GeneralUtility::makeInstance(PasswordHashFactory::class)->getDefaultHashInstance('FE');
366 $newPass = $hashInstance->getHashedPassword($postData['password1']);
367
368 // Call a hook for further password processing
369 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
370 $_params = [
371 'user' => $user,
372 'newPassword' => $newPass,
373 'newPasswordUnencrypted' => $postData['password1']
374 ];
375 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
376 if ($_funcRef) {
377 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
378 }
379 }
380 $newPass = $_params['newPassword'];
381 }
382
383 // Save new password and clear DB-hash
384 $userTable = $this->frontendController->fe_user->user_table;
385 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
386 $queryBuilder->getRestrictions()->removeAll();
387 $queryBuilder->update($userTable)
388 ->set('password', $newPass)
389 ->set('felogin_forgotHash', '')
390 ->set('tstamp', (int)$GLOBALS['EXEC_TIME'])
391 ->where(
392 $queryBuilder->expr()->eq(
393 'uid',
394 $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT)
395 )
396 )
397 ->execute();
398
399 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
400 'change_password_done_message',
401 $this->conf['changePasswordDoneMessage_stdWrap.']
402 );
403 $done = true;
404 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
405 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(
406 htmlspecialchars($this->pi_getLL('ll_forgot_header_backToLogin')),
407 [$this->prefixId . '[redirectReferrer]' => 'off']
408 );
409 }
410 }
411 if (!$done) {
412 // Change password form
413 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [
414 $this->prefixId . '[user]' => $user['uid'],
415 $this->prefixId . '[forgothash]' => $piHash
416 ], true);
417 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('change_password'));
418 $markerArray['###NEWPASSWORD1_LABEL###'] = htmlspecialchars($this->pi_getLL('newpassword_label1'));
419 $markerArray['###NEWPASSWORD2_LABEL###'] = htmlspecialchars($this->pi_getLL('newpassword_label2'));
420 $markerArray['###NEWPASSWORD1###'] = $this->prefixId . '[password1]';
421 $markerArray['###NEWPASSWORD2###'] = $this->prefixId . '[password2]';
422 $markerArray['###STORAGE_PID###'] = $this->spid;
423 $markerArray['###SEND_PASSWORD###'] = htmlspecialchars($this->pi_getLL('change_password'));
424 $markerArray['###FORGOTHASH###'] = $piHash;
425 }
426 }
427 }
428 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
429 }
430
431 /**
432 * Generates a hashed link and send it with email
433 *
434 * @param array $user Contains user data
435 * @return string Empty string with success, error message with no success
436 */
437 protected function generateAndSendHash($user)
438 {
439 $hours = (int)$this->conf['forgotLinkHashValidTime'] > 0 ? (int)$this->conf['forgotLinkHashValidTime'] : 24;
440 $validEnd = time() + 3600 * $hours;
441 $validEndString = date($this->conf['dateFormat'], $validEnd);
442 $hash = md5(GeneralUtility::makeInstance(Random::class)->generateRandomBytes(64));
443 $randHash = $validEnd . '|' . $hash;
444 $randHashDB = $validEnd . '|' . md5($hash);
445
446 // Write hash to DB
447 $userTable = $this->frontendController->fe_user->user_table;
448 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
449 $queryBuilder->getRestrictions()->removeAll();
450 $queryBuilder->update($userTable)
451 ->set('felogin_forgotHash', $randHashDB)
452 ->where(
453 $queryBuilder->expr()->eq(
454 'uid',
455 $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT)
456 )
457 )
458 ->execute();
459
460 // Send hashlink to user
461 $this->conf['linkPrefix'] = -1;
462 $isAbsRefPrefix = !empty($this->frontendController->absRefPrefix);
463 $isBaseURL = !empty($this->frontendController->baseUrl);
464 $isFeloginBaseURL = !empty($this->conf['feloginBaseURL']);
465 $link = $this->pi_getPageLink($this->frontendController->id, '', [
466 rawurlencode($this->prefixId . '[user]') => $user['uid'],
467 rawurlencode($this->prefixId . '[forgothash]') => $randHash
468 ]);
469 // Prefix link if necessary
470 if ($isFeloginBaseURL) {
471 // First priority, use specific base URL
472 // "absRefPrefix" must be removed first, otherwise URL will be prepended twice
473 if ($isAbsRefPrefix) {
474 $link = substr($link, strlen($this->frontendController->absRefPrefix));
475 }
476 $link = $this->conf['feloginBaseURL'] . $link;
477 } elseif ($isAbsRefPrefix) {
478 // Second priority
479 // absRefPrefix must not necessarily contain a hostname and URL scheme, so add it if needed
480 $link = GeneralUtility::locationHeaderUrl($link);
481 } elseif ($isBaseURL) {
482 // Third priority
483 // Add the global base URL to the link
484 $link = $this->frontendController->baseUrlWrap($link);
485 } else {
486 // No prefix is set, return the error
487 return $this->pi_getLL('ll_change_password_nolinkprefix_message');
488 }
489 $msg = sprintf($this->pi_getLL('ll_forgot_validate_reset_password'), $user['username'], $link, $validEndString);
490 // Add hook for extra processing of mail message
491 $params = [
492 'message' => &$msg,
493 'user' => &$user
494 ];
495 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'] ?? [] as $reference) {
496 if ($reference) {
497 GeneralUtility::callUserFunction($reference, $params, $this);
498 }
499 }
500 if ($user['email']) {
501 $this->cObj->sendNotifyEmail($msg, $user['email'], '', $this->conf['email_from'], $this->conf['email_fromName'], $this->conf['replyTo']);
502 }
503
504 return '';
505 }
506
507 /**
508 * Shows logout form
509 *
510 * @return string The content.
511 */
512 protected function showLogout()
513 {
514 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_LOGOUT###');
515 $subpartArray = ($linkpartArray = []);
516 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('status_header', $this->conf['logoutHeader_stdWrap.']);
517 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('status_message', $this->conf['logoutMessage_stdWrap.']);
518 $this->cObj->stdWrap($this->flexFormValue('message', 's_status'), $this->conf['logoutMessage_stdWrap.']);
519 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('logout'));
520 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [], true);
521 $markerArray['###LOGOUT_LABEL###'] = htmlspecialchars($this->pi_getLL('logout'));
522 $markerArray['###NAME###'] = htmlspecialchars($this->frontendController->fe_user->user['name']);
523 $markerArray['###STORAGE_PID###'] = $this->spid;
524 $markerArray['###USERNAME###'] = htmlspecialchars($this->frontendController->fe_user->user['username']);
525 $markerArray['###USERNAME_LABEL###'] = htmlspecialchars($this->pi_getLL('username'));
526 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
527 $markerArray['###PREFIXID###'] = $this->prefixId;
528 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
529 if ($this->redirectUrl) {
530 // Use redirectUrl for action tag because of possible access restricted pages
531 $markerArray['###ACTION_URI###'] = htmlspecialchars($this->redirectUrl);
532 $this->redirectUrl = '';
533 }
534 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
535 }
536
537 /**
538 * Shows login form
539 *
540 * @return string Content
541 */
542 protected function showLogin()
543 {
544 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_LOGIN###');
545 $subpartArray = ($linkpartArray = ($markerArray = []));
546 $gpRedirectUrl = '';
547 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('oLabel_header_welcome'));
548 if ($this->logintype === LoginType::LOGIN) {
549 if ($this->userIsLoggedIn) {
550 // login success
551 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('success_header', $this->conf['successHeader_stdWrap.']);
552 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('success_message', $this->conf['successMessage_stdWrap.']);
553 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
554 $subpartArray['###LOGIN_FORM###'] = '';
555 // Hook for general actions after after login has been confirmed (by Thomas Danzl <thomas@danzl.org>)
556 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed'] ?? [] as $_funcRef) {
557 $_params = [];
558 if ($_funcRef) {
559 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
560 }
561 }
562 // show logout form directly
563 if ($this->conf['showLogoutFormAfterLogin']) {
564 $this->redirectUrl = '';
565 return $this->showLogout();
566 }
567 } else {
568 // Hook for general actions on login error
569 $params = [];
570 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'] ?? [] as $funcRef) {
571 if ($funcRef) {
572 GeneralUtility::callUserFunction($funcRef, $params, $this);
573 }
574 }
575 // login error
576 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('error_header', $this->conf['errorHeader_stdWrap.']);
577 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('error_message', $this->conf['errorMessage_stdWrap.']);
578 $gpRedirectUrl = GeneralUtility::_GP('redirect_url');
579 }
580 } else {
581 if ($this->logintype === LoginType::LOGOUT) {
582 // login form after logout
583 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('logout_header', $this->conf['logoutHeader_stdWrap.']);
584 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('logout_message', $this->conf['logoutMessage_stdWrap.']);
585 } else {
586 // login form
587 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('welcome_header', $this->conf['welcomeHeader_stdWrap.']);
588 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('welcome_message', $this->conf['welcomeMessage_stdWrap.']);
589 }
590 }
591
592 // This hook allows to call User JS functions.
593 // The methods should also set the required JS functions to get included
594 $onSubmit = '';
595 $extraHidden = '';
596 $onSubmitAr = [];
597 $extraHiddenAr = [];
598 // Check for referer redirect method. if present, save referer in form field
599 if (GeneralUtility::inList($this->conf['redirectMode'], 'referer') || GeneralUtility::inList($this->conf['redirectMode'], 'refererDomains')) {
600 $referer = $this->referer ? $this->referer : GeneralUtility::getIndpEnv('HTTP_REFERER');
601 if ($referer) {
602 $extraHiddenAr[] = '<input type="hidden" name="referer" value="' . htmlspecialchars($referer) . '" />';
603 if ($this->piVars['redirectReferrer'] === 'off') {
604 $extraHiddenAr[] = '<input type="hidden" name="' . $this->prefixId . '[redirectReferrer]" value="off" />';
605 }
606 }
607 }
608 $_params = [];
609 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] ?? [] as $funcRef) {
610 list($onSub, $hid) = GeneralUtility::callUserFunction($funcRef, $_params, $this);
611 $onSubmitAr[] = $onSub;
612 $extraHiddenAr[] = $hid;
613 }
614 if (!empty($onSubmitAr)) {
615 $onSubmit = implode('; ', $onSubmitAr) . '; return true;';
616 }
617 if (!empty($extraHiddenAr)) {
618 $extraHidden = implode(LF, $extraHiddenAr);
619 }
620 if (!$gpRedirectUrl && $this->redirectUrl) {
621 $gpRedirectUrl = $this->redirectUrl;
622 }
623 // Login form
624 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [], true);
625 // Used by kb_md5fepw extension...
626 $markerArray['###EXTRA_HIDDEN###'] = $extraHidden;
627 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('login'));
628 $markerArray['###LOGIN_LABEL###'] = htmlspecialchars($this->pi_getLL('login'));
629 // Used by kb_md5fepw extension...
630 $markerArray['###ON_SUBMIT###'] = $onSubmit;
631 $markerArray['###PASSWORD_LABEL###'] = htmlspecialchars($this->pi_getLL('password'));
632 $markerArray['###STORAGE_PID###'] = $this->spid;
633 $markerArray['###USERNAME_LABEL###'] = htmlspecialchars($this->pi_getLL('username'));
634 $markerArray['###REDIRECT_URL###'] = htmlspecialchars($gpRedirectUrl);
635 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
636 $markerArray['###PREFIXID###'] = $this->prefixId;
637 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
638 if ($this->conf['showForgotPasswordLink']) {
639 $linkpartArray['###FORGOT_PASSWORD_LINK###'] = explode('|', $this->getPageLink('|', [$this->prefixId . '[forgot]' => 1]));
640 $markerArray['###FORGOT_PASSWORD###'] = htmlspecialchars($this->pi_getLL('ll_forgot_header'));
641 } else {
642 $subpartArray['###FORGOTP_VALID###'] = '';
643 }
644 // The permanent login checkbox should only be shown if permalogin is not deactivated (-1),
645 // not forced to be always active (2) and lifetime is greater than 0
646 $permalogin = (int)$GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'];
647 if (
648 $this->conf['showPermaLogin']
649 && ($permalogin === 0 || $permalogin === 1)
650 && $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'] > 0
651 ) {
652 $markerArray['###PERMALOGIN###'] = htmlspecialchars($this->pi_getLL('permalogin'));
653 if ($permalogin === 1) {
654 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = 'disabled="disabled"';
655 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = 'checked="checked"';
656 } else {
657 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = '';
658 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = '';
659 }
660 } else {
661 $subpartArray['###PERMALOGIN_VALID###'] = '';
662 }
663 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
664 }
665
666 /**
667 * Process redirect methods. The function searches for a redirect url using all configured methods.
668 *
669 * @return array Redirect URLs
670 */
671 protected function processRedirect()
672 {
673 $redirect_url = [];
674 if ($this->conf['redirectMode']) {
675 $redirectMethods = GeneralUtility::trimExplode(',', $this->conf['redirectMode'], true);
676 foreach ($redirectMethods as $redirMethod) {
677 if ($this->userIsLoggedIn && $this->logintype === LoginType::LOGIN) {
678 // Logintype is needed because the login-page wouldn't be accessible anymore after a login (would always redirect)
679 switch ($redirMethod) {
680 case 'groupLogin':
681 // taken from dkd_redirect_at_login written by Ingmar Schlecht; database-field changed
682 $groupData = $this->frontendController->fe_user->groupData;
683 if (!empty($groupData['uid'])) {
684
685 // take the first group with a redirect page
686 $userGroupTable = $this->frontendController->fe_user->usergroup_table;
687 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userGroupTable);
688 $queryBuilder->getRestrictions()->removeAll();
689 $row = $queryBuilder
690 ->select('felogin_redirectPid')
691 ->from($userGroupTable)
692 ->where(
693 $queryBuilder->expr()->neq(
694 'felogin_redirectPid',
695 $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)
696 ),
697 $queryBuilder->expr()->in(
698 'uid',
699 $queryBuilder->createNamedParameter(
700 $groupData['uid'],
701 Connection::PARAM_INT_ARRAY
702 )
703 )
704 )
705 ->execute()
706 ->fetch();
707
708 if ($row) {
709 $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
710 }
711 }
712 break;
713 case 'userLogin':
714
715 $userTable = $this->frontendController->fe_user->user_table;
716 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
717 $queryBuilder->getRestrictions()->removeAll();
718 $row = $queryBuilder
719 ->select('felogin_redirectPid')
720 ->from($userTable)
721 ->where(
722 $queryBuilder->expr()->neq(
723 'felogin_redirectPid',
724 $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)
725 ),
726 $queryBuilder->expr()->eq(
727 $this->frontendController->fe_user->userid_column,
728 $queryBuilder->createNamedParameter(
729 $this->frontendController->fe_user->user['uid'],
730 \PDO::PARAM_INT
731 )
732 )
733 )
734 ->execute()
735 ->fetch();
736
737 if ($row) {
738 $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
739 }
740
741 break;
742 case 'login':
743 if ($this->conf['redirectPageLogin']) {
744 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogin']);
745 }
746 break;
747 case 'getpost':
748 $redirect_url[] = $this->redirectUrl;
749 break;
750 case 'referer':
751 // Avoid redirect when logging in after changing password
752 if ($this->piVars['redirectReferrer'] !== 'off') {
753 // Avoid forced logout, when trying to login immediately after a logout
754 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $this->referer);
755 }
756 break;
757 case 'refererDomains':
758 // Auto redirect.
759 // Feature to redirect to the page where the user came from (HTTP_REFERER).
760 // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
761 // Thanks to plan2.net / Martin Kutschker for implementing this feature.
762 // also avoid redirect when logging in after changing password
763 if (isset($this->conf['domains']) && $this->conf['domains']
764 && (!isset($this->piVars['redirectReferrer']) || $this->piVars['redirectReferrer'] !== 'off')
765 ) {
766 $url = $this->referer;
767 // Is referring url allowed to redirect?
768 $match = [];
769 if (preg_match('#^http://([[:alnum:]._-]+)/#', $url, $match)) {
770 $redirect_domain = $match[1];
771 $found = false;
772 foreach (GeneralUtility::trimExplode(',', $this->conf['domains'], true) as $d) {
773 if (preg_match('/(?:^|\\.)' . $d . '$/', $redirect_domain)) {
774 $found = true;
775 break;
776 }
777 }
778 if (!$found) {
779 $url = '';
780 }
781 }
782 // Avoid forced logout, when trying to login immediately after a logout
783 if ($url) {
784 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url);
785 }
786 }
787 break;
788 }
789 } elseif ($this->logintype === LoginType::LOGIN) {
790 // after login-error
791 switch ($redirMethod) {
792 case 'loginError':
793 if ($this->conf['redirectPageLoginError']) {
794 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLoginError']);
795 }
796 break;
797 }
798 } elseif ($this->logintype == '' && $redirMethod === 'login' && $this->conf['redirectPageLogin']) {
799 // If login and page not accessible
800 $this->cObj->typoLink('', [
801 'parameter' => $this->conf['redirectPageLogin'],
802 'linkAccessRestrictedPages' => true
803 ]);
804 $redirect_url[] = $this->cObj->lastTypoLinkUrl;
805 } elseif ($this->logintype == '' && $redirMethod === 'logout' && $this->conf['redirectPageLogout'] && $this->userIsLoggedIn) {
806 // If logout and page not accessible
807 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
808 } elseif ($this->logintype === LoginType::LOGOUT) {
809 // after logout
810 // Hook for general actions after after logout has been confirmed
811 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed'] ?? [] as $_funcRef) {
812 $_params = [];
813 if ($_funcRef) {
814 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
815 }
816 }
817 switch ($redirMethod) {
818 case 'logout':
819 if ($this->conf['redirectPageLogout']) {
820 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
821 }
822 break;
823 }
824 } else {
825 // not logged in
826 // Placeholder for maybe future options
827 switch ($redirMethod) {
828 case 'getpost':
829 // Preserve the get/post value
830 $redirect_url[] = $this->redirectUrl;
831 break;
832 }
833 }
834 }
835 }
836 // Remove empty values, but keep "0" as value (that's why "strlen" is used as second parameter)
837 if (!empty($redirect_url)) {
838 return array_filter($redirect_url, 'strlen');
839 }
840 return [];
841 }
842
843 /**
844 * Reads flexform configuration and merge it with $this->conf
845 */
846 protected function mergeflexFormValuesIntoConf()
847 {
848 $flex = [];
849 if ($this->flexFormValue('showForgotPassword', 'sDEF')) {
850 $flex['showForgotPasswordLink'] = $this->flexFormValue('showForgotPassword', 'sDEF');
851 }
852 if ($this->flexFormValue('showPermaLogin', 'sDEF')) {
853 $flex['showPermaLogin'] = $this->flexFormValue('showPermaLogin', 'sDEF');
854 }
855 if ($this->flexFormValue('showLogoutFormAfterLogin', 'sDEF')) {
856 $flex['showLogoutFormAfterLogin'] = $this->flexFormValue('showLogoutFormAfterLogin', 'sDEF');
857 }
858 if ($this->flexFormValue('pages', 'sDEF')) {
859 $flex['pages'] = $this->flexFormValue('pages', 'sDEF');
860 }
861 if ($this->flexFormValue('recursive', 'sDEF')) {
862 $flex['recursive'] = $this->flexFormValue('recursive', 'sDEF');
863 }
864 if ($this->flexFormValue('redirectMode', 's_redirect')) {
865 $flex['redirectMode'] = $this->flexFormValue('redirectMode', 's_redirect');
866 }
867 if ($this->flexFormValue('redirectFirstMethod', 's_redirect')) {
868 $flex['redirectFirstMethod'] = $this->flexFormValue('redirectFirstMethod', 's_redirect');
869 }
870 if ($this->flexFormValue('redirectDisable', 's_redirect')) {
871 $flex['redirectDisable'] = $this->flexFormValue('redirectDisable', 's_redirect');
872 }
873 if ($this->flexFormValue('redirectPageLogin', 's_redirect')) {
874 $flex['redirectPageLogin'] = $this->flexFormValue('redirectPageLogin', 's_redirect');
875 }
876 if ($this->flexFormValue('redirectPageLoginError', 's_redirect')) {
877 $flex['redirectPageLoginError'] = $this->flexFormValue('redirectPageLoginError', 's_redirect');
878 }
879 if ($this->flexFormValue('redirectPageLogout', 's_redirect')) {
880 $flex['redirectPageLogout'] = $this->flexFormValue('redirectPageLogout', 's_redirect');
881 }
882 $pid = $flex['pages'] ? $this->pi_getPidList($flex['pages'], $flex['recursive']) : 0;
883 if ($pid > 0) {
884 $flex['storagePid'] = $pid;
885 }
886 $this->conf = array_merge($this->conf, $flex);
887 }
888
889 /**
890 * Loads a variable from the flexform
891 *
892 * @param string $var Name of variable
893 * @param string $sheet Name of sheet
894 * @return string Value of var
895 */
896 protected function flexFormValue($var, $sheet)
897 {
898 return $this->pi_getFFvalue($this->cObj->data['pi_flexform'], $var, $sheet);
899 }
900
901 /**
902 * Generate link with typolink function
903 *
904 * @param string $label Linktext
905 * @param array $piVars Link vars
906 * @param bool $returnUrl TRUE: returns only url FALSE (default) returns the link)
907 * @return string Link or url
908 */
909 protected function getPageLink($label, $piVars, $returnUrl = false)
910 {
911 $additionalParams = is_array($piVars) && !empty($piVars) ? $piVars : [];
912 // Should GETvars be preserved?
913 if ($this->conf['preserveGETvars']) {
914 $additionalParams = array_merge_recursive($additionalParams, $this->getPreserveGetVars());
915 }
916 $this->conf['linkConfig.']['parameter'] = $this->frontendController->id;
917 if (!empty($additionalParams)) {
918 $this->conf['linkConfig.']['additionalParams'] = HttpUtility::buildQueryString($additionalParams, '&');
919 }
920 if ($returnUrl) {
921 return htmlspecialchars($this->cObj->typoLink_URL($this->conf['linkConfig.']));
922 }
923 return $this->cObj->typoLink($label, $this->conf['linkConfig.']);
924 }
925
926 /**
927 * Add additional parameters for links according to TS setting preserveGETvars.
928 * Possible values are "all" or a comma separated list of allowed GET-vars.
929 * Supports multi-dimensional GET-vars.
930 * Some hardcoded values are dropped.
931 *
932 * @return array additionalParams-array
933 */
934 protected function getPreserveGetVars()
935 {
936 $getVars = GeneralUtility::_GET();
937 unset(
938 $getVars['id'],
939 $getVars['no_cache'],
940 $getVars['logintype'],
941 $getVars['redirect_url'],
942 $getVars['cHash'],
943 $getVars[$this->prefixId]
944 );
945 if ($this->conf['preserveGETvars'] === 'all') {
946 $preserveQueryParts = $getVars;
947 } else {
948 $preserveQueryStringProperties = GeneralUtility::trimExplode(',', $this->conf['preserveGETvars']);
949 $preserveQueryParts = [];
950 parse_str(implode('=1&', $preserveQueryStringProperties) . '=1', $preserveQueryParts);
951 $preserveQueryParts = \TYPO3\CMS\Core\Utility\ArrayUtility::intersectRecursive($getVars, $preserveQueryParts);
952 }
953 return $preserveQueryParts;
954 }
955
956 /**
957 * Is used by forgot password - function with md5 option.
958 * @param int $len Length of new password
959 * @return string New password
960 */
961 protected function generatePassword($len)
962 {
963 $pass = '';
964 while ($len--) {
965 $char = rand(0, 35);
966 if ($char < 10) {
967 $pass .= '' . $char;
968 } else {
969 $pass .= chr($char - 10 + 97);
970 }
971 }
972 return $pass;
973 }
974
975 /**
976 * Returns the header / message value from flexform if present, else from locallang.xlf
977 *
978 * @param string $label label name
979 * @param array $stdWrapArray TS stdWrap array
980 * @return string label text
981 */
982 protected function getDisplayText($label, $stdWrapArray = [])
983 {
984 $text = $this->flexFormValue($label, 's_messages') ? $this->cObj->stdWrap($this->flexFormValue($label, 's_messages'), $stdWrapArray) : $this->cObj->stdWrap($this->pi_getLL('ll_' . $label), $stdWrapArray);
985 $replace = $this->getUserFieldMarkers();
986 return strtr($text, $replace);
987 }
988
989 /**
990 * Returns Array of markers filled with user fields
991 *
992 * @return array Marker array
993 */
994 protected function getUserFieldMarkers()
995 {
996 $marker = [];
997 // replace markers with fe_user data
998 if ($this->frontendController->fe_user->user) {
999 // All fields of fe_user will be replaced, scheme is ###FEUSER_FIELDNAME###
1000 foreach ($this->frontendController->fe_user->user as $field => $value) {
1001 $conf = $this->conf['userfields.'][$field . '.'] ?? [];
1002 $conf = array_replace_recursive(['htmlSpecialChars' => '1'], $conf);
1003 $marker['###FEUSER_' . strtoupper($field) . '###'] = $this->cObj->stdWrap($value, $conf);
1004 }
1005 // Add ###USER### for compatibility
1006 $marker['###USER###'] = $marker['###FEUSER_USERNAME###'];
1007 }
1008 return $marker;
1009 }
1010
1011 /**
1012 * Returns a valid and XSS cleaned url for redirect, checked against configuration "allowedRedirectHosts"
1013 *
1014 * @param string $url
1015 * @return string cleaned referer or empty string if not valid
1016 */
1017 protected function validateRedirectUrl($url)
1018 {
1019 $url = strval($url);
1020 if ($url === '') {
1021 return '';
1022 }
1023 // Validate the URL:
1024 if ($this->isRelativeUrl($url) || $this->isInCurrentDomain($url) || $this->isInLocalDomain($url)) {
1025 return $url;
1026 }
1027 // URL is not allowed
1028 $this->logger->warning('Url "' . $url . '" for redirect was not accepted!');
1029 return '';
1030 }
1031
1032 /**
1033 * Determines whether the URL is on the current host and belongs to the
1034 * current TYPO3 installation. The scheme part is ignored in the comparison.
1035 *
1036 * @param string $url URL to be checked
1037 * @return bool Whether the URL belongs to the current TYPO3 installation
1038 */
1039 protected function isInCurrentDomain($url)
1040 {
1041 $urlWithoutSchema = preg_replace('#^https?://#', '', $url);
1042 $siteUrlWithoutSchema = preg_replace('#^https?://#', '', GeneralUtility::getIndpEnv('TYPO3_SITE_URL'));
1043 return strpos($urlWithoutSchema . '/', GeneralUtility::getIndpEnv('HTTP_HOST') . '/') === 0
1044 && strpos($urlWithoutSchema, $siteUrlWithoutSchema) === 0;
1045 }
1046
1047 /**
1048 * Determines whether the URL matches a domain
1049 * in the sys_domain database table.
1050 *
1051 * @param string $url Absolute URL which needs to be checked
1052 * @return bool Whether the URL is considered to be local
1053 */
1054 protected function isInLocalDomain($url)
1055 {
1056 $result = false;
1057 if (GeneralUtility::isValidUrl($url)) {
1058 $parsedUrl = parse_url($url);
1059 if ($parsedUrl['scheme'] === 'http' || $parsedUrl['scheme'] === 'https') {
1060 $host = $parsedUrl['host'];
1061
1062 try {
1063 $site = $this->siteFinder->getSiteByPageId((int)$this->frontendController->id);
1064 return $site->getBase()->getHost() === $host;
1065 } catch (SiteNotFoundException $e) {
1066 // nothing found
1067 }
1068 }
1069 }
1070
1071 return $result;
1072 }
1073
1074 /**
1075 * Determines whether the URL is relative to the
1076 * current TYPO3 installation.
1077 *
1078 * @param string $url URL which needs to be checked
1079 * @return bool Whether the URL is considered to be relative
1080 */
1081 protected function isRelativeUrl($url)
1082 {
1083 $url = GeneralUtility::sanitizeLocalUrl($url);
1084 if (!empty($url)) {
1085 $parsedUrl = @parse_url($url);
1086 if ($parsedUrl !== false && !isset($parsedUrl['scheme']) && !isset($parsedUrl['host'])) {
1087 // If the relative URL starts with a slash, we need to check if it's within the current site path
1088 return $parsedUrl['path'][0] !== '/' || GeneralUtility::isFirstPartOfStr($parsedUrl['path'], GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'));
1089 }
1090 }
1091 return false;
1092 }
1093 }