7710576ab17b0df995dafa72f4fb3bb27926041d
[Packages/TYPO3.CMS.git] / typo3 / sysext / setup / Classes / Controller / SetupModuleController.php
1 <?php
2 namespace TYPO3\CMS\Setup\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
19 use TYPO3\CMS\Backend\Backend\Avatar\DefaultAvatarProvider;
20 use TYPO3\CMS\Backend\Utility\BackendUtility;
21 use TYPO3\CMS\Core\Imaging\Icon;
22 use TYPO3\CMS\Core\Imaging\IconFactory;
23 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
24 use TYPO3\CMS\Core\Database\DatabaseConnection;
25 use TYPO3\CMS\Core\DataHandling\DataHandler;
26 use TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
27 use TYPO3\CMS\Core\Messaging\FlashMessage;
28 use TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException;
29 use TYPO3\CMS\Core\Resource\ResourceFactory;
30 use TYPO3\CMS\Core\Utility\GeneralUtility;
31
32 /**
33 * Script class for the Setup module
34 */
35 class SetupModuleController
36 {
37 const PASSWORD_NOT_UPDATED = 0;
38 const PASSWORD_UPDATED = 1;
39 const PASSWORD_NOT_THE_SAME = 2;
40 const PASSWORD_OLD_WRONG = 3;
41
42 /**
43 * @var array
44 */
45 public $MOD_MENU = array();
46
47 /**
48 * @var array
49 */
50 public $MOD_SETTINGS = array();
51
52 /**
53 * @var \TYPO3\CMS\Backend\Template\DocumentTemplate
54 */
55 public $doc;
56
57 /**
58 * @var string
59 */
60 public $content;
61
62 /**
63 * @var array
64 */
65 public $overrideConf;
66
67 /**
68 * backend user object, set during simulate-user operation
69 *
70 * @var \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
71 */
72 public $OLD_BE_USER;
73
74 /**
75 * @var bool
76 */
77 public $languageUpdate;
78
79 /**
80 * @var bool
81 */
82 protected $pagetreeNeedsRefresh = false;
83
84 /**
85 * @var bool
86 */
87 protected $isAdmin;
88
89 /**
90 * @var array
91 */
92 protected $tsFieldConf;
93
94 /**
95 * @var bool
96 */
97 protected $saveData = false;
98
99 /**
100 * @var int
101 */
102 protected $passwordIsUpdated = self::PASSWORD_NOT_UPDATED;
103
104 /**
105 * @var bool
106 */
107 protected $passwordIsSubmitted = false;
108
109 /**
110 * @var bool
111 */
112 protected $setupIsUpdated = false;
113
114 /**
115 * @var bool
116 */
117 protected $tempDataIsCleared = false;
118
119 /**
120 * @var bool
121 */
122 protected $settingsAreResetToDefault = false;
123
124 /**
125 * Form protection instance
126 *
127 * @var \TYPO3\CMS\Core\FormProtection\BackendFormProtection
128 */
129 protected $formProtection;
130
131 /**
132 * @var string
133 */
134 protected $simulateSelector = '';
135
136 /**
137 * @var string
138 */
139 protected $simUser = '';
140
141 /**
142 * The name of the module
143 *
144 * @var string
145 */
146 protected $moduleName = 'user_setup';
147
148 /**
149 * Instantiate the form protection before a simulated user is initialized.
150 */
151 public function __construct()
152 {
153 $this->formProtection = FormProtectionFactory::get();
154 }
155
156 /**
157 * Getter for the form protection instance.
158 *
159 * @return \TYPO3\CMS\Core\FormProtection\BackendFormProtection
160 */
161 public function getFormProtection()
162 {
163 return $this->formProtection;
164 }
165
166 /**
167 * If settings are submitted to _POST[DATA], store them
168 * NOTICE: This method is called before the \TYPO3\CMS\Backend\Template\DocumentTemplate
169 * is included. See bottom of document.
170 *
171 * @see \TYPO3\CMS\Backend\Template\DocumentTemplate
172 */
173 public function storeIncomingData()
174 {
175 // First check if something is submitted in the data-array from POST vars
176 $d = GeneralUtility::_POST('data');
177 $columns = $GLOBALS['TYPO3_USER_SETTINGS']['columns'];
178 $beUser = $this->getBackendUser();
179 $beUserId = $beUser->user['uid'];
180 $storeRec = array();
181 $fieldList = $this->getFieldsFromShowItem();
182 if (is_array($d) && $this->formProtection->validateToken((string)GeneralUtility::_POST('formToken'), 'BE user setup', 'edit')) {
183 // UC hashed before applying changes
184 $save_before = md5(serialize($beUser->uc));
185 // PUT SETTINGS into the ->uc array:
186 // Reload left frame when switching BE language
187 if (isset($d['lang']) && $d['lang'] != $beUser->uc['lang']) {
188 $this->languageUpdate = true;
189 }
190 // Reload pagetree if the title length is changed
191 if (isset($d['titleLen']) && $d['titleLen'] !== $beUser->uc['titleLen']) {
192 $this->pagetreeNeedsRefresh = true;
193 }
194 if ($d['setValuesToDefault']) {
195 // If every value should be default
196 $beUser->resetUC();
197 $this->settingsAreResetToDefault = true;
198 } elseif ($d['clearSessionVars']) {
199 foreach ($beUser->uc as $key => $value) {
200 if (!isset($columns[$key])) {
201 unset($beUser->uc[$key]);
202 }
203 }
204 $this->tempDataIsCleared = true;
205 } elseif ($d['save']) {
206 // Save all submitted values if they are no array (arrays are with table=be_users) and exists in $GLOBALS['TYPO3_USER_SETTINGS'][columns]
207 foreach ($columns as $field => $config) {
208 if (!in_array($field, $fieldList)) {
209 continue;
210 }
211 if ($config['table']) {
212 if ($config['table'] === 'be_users' && !in_array($field, array('password', 'password2', 'passwordCurrent', 'email', 'realName', 'admin', 'avatar'))) {
213 if (!isset($config['access']) || $this->checkAccess($config) && $beUser->user[$field] !== $d['be_users'][$field]) {
214 if ($config['type'] === 'check') {
215 $fieldValue = isset($d['be_users'][$field]) ? 1 : 0;
216 } else {
217 $fieldValue = $d['be_users'][$field];
218 }
219 $storeRec['be_users'][$beUserId][$field] = $fieldValue;
220 $beUser->user[$field] = $fieldValue;
221 }
222 }
223 }
224 if ($config['type'] === 'check') {
225 $beUser->uc[$field] = isset($d[$field]) ? 1 : 0;
226 } else {
227 $beUser->uc[$field] = htmlspecialchars($d[$field]);
228 }
229 }
230 // Personal data for the users be_user-record (email, name, password...)
231 // If email and name is changed, set it in the users record:
232 $be_user_data = $d['be_users'];
233 // Possibility to modify the transmitted values. Useful to do transformations, like RSA password decryption
234 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['modifyUserDataBeforeSave'])) {
235 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['modifyUserDataBeforeSave'] as $function) {
236 $params = array('be_user_data' => &$be_user_data);
237 GeneralUtility::callUserFunction($function, $params, $this);
238 }
239 }
240 $this->passwordIsSubmitted = (string)$be_user_data['password'] !== '';
241 $passwordIsConfirmed = $this->passwordIsSubmitted && $be_user_data['password'] === $be_user_data['password2'];
242 // Update the real name:
243 if ($be_user_data['realName'] !== $beUser->user['realName']) {
244 $beUser->user['realName'] = ($storeRec['be_users'][$beUserId]['realName'] = substr($be_user_data['realName'], 0, 80));
245 }
246 // Update the email address:
247 if ($be_user_data['email'] !== $beUser->user['email']) {
248 $beUser->user['email'] = ($storeRec['be_users'][$beUserId]['email'] = substr($be_user_data['email'], 0, 80));
249 }
250 // Update the password:
251 if ($passwordIsConfirmed) {
252 $currentPasswordHashed = $GLOBALS['BE_USER']->user['password'];
253 $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($currentPasswordHashed);
254 if ($saltFactory->checkPassword($be_user_data['passwordCurrent'], $currentPasswordHashed)) {
255 $this->passwordIsUpdated = self::PASSWORD_UPDATED;
256 $storeRec['be_users'][$beUserId]['password'] = $be_user_data['password'];
257 } else {
258 $this->passwordIsUpdated = self::PASSWORD_OLD_WRONG;
259 }
260 } else {
261 $this->passwordIsUpdated = self::PASSWORD_NOT_THE_SAME;
262 }
263
264 $this->setAvatarFileUid($beUserId, $be_user_data['avatar'], $storeRec);
265
266 $this->saveData = true;
267 }
268 // Inserts the overriding values.
269 $beUser->overrideUC();
270 $save_after = md5(serialize($beUser->uc));
271 // If something in the uc-array of the user has changed, we save the array...
272 if ($save_before != $save_after) {
273 $beUser->writeUC($beUser->uc);
274 $beUser->writelog(254, 1, 0, 1, 'Personal settings changed', array());
275 $this->setupIsUpdated = true;
276 }
277 // If the temporary data has been cleared, lets make a log note about it
278 if ($this->tempDataIsCleared) {
279 $beUser->writelog(254, 1, 0, 1, $this->getLanguageService()->getLL('tempDataClearedLog'), array());
280 }
281 // Persist data if something has changed:
282 if (!empty($storeRec) && $this->saveData) {
283 // Make instance of TCE for storing the changes.
284 /** @var DataHandler $dataHandler */
285 $dataHandler = GeneralUtility::makeInstance(DataHandler::class);
286 $dataHandler->stripslashes_values = false;
287 // This is so the user can actually update his user record.
288 $isAdmin = $beUser->user['admin'];
289 $beUser->user['admin'] = 1;
290 $dataHandler->start($storeRec, array(), $beUser);
291 // This is to make sure that the users record can be updated even if in another workspace. This is tolerated.
292 $dataHandler->bypassWorkspaceRestrictions = true;
293 $dataHandler->process_datamap();
294 unset($tce);
295 if ($this->passwordIsUpdated === self::PASSWORD_NOT_UPDATED || count($storeRec['be_users'][$beUserId]) > 1) {
296 $this->setupIsUpdated = true;
297 }
298 // Restore admin status after processing
299 $beUser->user['admin'] = $isAdmin;
300 }
301 }
302 }
303
304 /******************************
305 *
306 * Rendering module
307 *
308 ******************************/
309 /**
310 * Initializes the module for display of the settings form.
311 *
312 * @return void
313 */
314 public function init()
315 {
316 $this->getLanguageService()->includeLLFile('EXT:setup/Resources/Private/Language/locallang.xlf');
317
318 // Returns the script user - that is the REAL logged in user! ($GLOBALS[BE_USER] might be another user due to simulation!)
319 $scriptUser = $this->getRealScriptUserObj();
320
321 $this->isAdmin = $scriptUser->isAdmin();
322 // Getting the 'override' values as set might be set in User TSconfig
323 $this->overrideConf = $this->getBackendUser()->getTSConfigProp('setup.override');
324 // Getting the disabled fields might be set in User TSconfig (eg setup.fields.password.disabled=1)
325 $this->tsFieldConf = $this->getBackendUser()->getTSConfigProp('setup.fields');
326 // id password is disabled, disable repeat of password too (password2)
327 if (isset($this->tsFieldConf['password.']) && $this->tsFieldConf['password.']['disabled']) {
328 $this->tsFieldConf['password2.']['disabled'] = 1;
329 $this->tsFieldConf['passwordCurrent.']['disabled'] = 1;
330 }
331 // Create instance of object for output of data
332 $this->doc = GeneralUtility::makeInstance(\TYPO3\CMS\Backend\Template\DocumentTemplate::class);
333 $this->doc->setModuleTemplate('EXT:setup/Resources/Private/Templates/setup.html');
334 $this->doc->form = '<form action="' . BackendUtility::getModuleUrl('user_setup') . '" method="post" name="usersetup" enctype="multipart/form-data">';
335 $this->doc->JScode .= $this->getJavaScript();
336 }
337
338 /**
339 * Generate necessary JavaScript
340 *
341 * @return string
342 */
343 protected function getJavaScript()
344 {
345 $javaScript = '';
346 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['setupScriptHook'])) {
347 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['setupScriptHook'] as $function) {
348 $params = array();
349 $javaScript .= GeneralUtility::callUserFunction($function, $params, $this);
350 }
351 }
352 return $javaScript;
353 }
354
355 /**
356 * Generate the main settings form:
357 *
358 * @return void
359 */
360 public function main()
361 {
362 if ($this->languageUpdate) {
363 $this->doc->JScodeArray['languageUpdate'] .= '
364 if (top.refreshMenu) {
365 top.refreshMenu();
366 } else {
367 top.TYPO3ModuleMenu.refreshMenu();
368 }
369 ';
370 }
371 if ($this->pagetreeNeedsRefresh) {
372 BackendUtility::setUpdateSignal('updatePageTree');
373 }
374 // Start page:
375 $this->doc->loadJavascriptLib('sysext/backend/Resources/Public/JavaScript/md5.js');
376 // Use a wrapper div
377 $this->content .= '<div id="user-setup-wrapper">';
378 // Load available backend modules
379 $this->loadModules = GeneralUtility::makeInstance(\TYPO3\CMS\Backend\Module\ModuleLoader::class);
380 $this->loadModules->observeWorkspaces = true;
381 $this->loadModules->load($GLOBALS['TBE_MODULES']);
382 $this->content .= $this->doc->header($this->getLanguageService()->getLL('UserSettings'));
383 // Show if setup was saved
384 if ($this->setupIsUpdated && !$this->tempDataIsCleared && !$this->settingsAreResetToDefault) {
385 $flashMessage = GeneralUtility::makeInstance(FlashMessage::class, $this->getLanguageService()->getLL('setupWasUpdated'), $this->getLanguageService()->getLL('UserSettings'));
386 $this->content .= $flashMessage->render();
387 }
388
389 // Show if temporary data was cleared
390 if ($this->tempDataIsCleared) {
391 $flashMessage = GeneralUtility::makeInstance(FlashMessage::class, $this->getLanguageService()->getLL('tempDataClearedFlashMessage'), $this->getLanguageService()->getLL('tempDataCleared'));
392 $this->content .= $flashMessage->render();
393 }
394
395 // Show if temporary data was cleared
396 if ($this->settingsAreResetToDefault) {
397 $flashMessage = GeneralUtility::makeInstance(FlashMessage::class, $this->getLanguageService()->getLL('settingsAreReset'), $this->getLanguageService()->getLL('resetConfiguration'));
398 $this->content .= $flashMessage->render();
399 }
400
401 // Notice
402 if ($this->setupIsUpdated || $this->settingsAreResetToDefault) {
403 $flashMessage = GeneralUtility::makeInstance(FlashMessage::class, $this->getLanguageService()->getLL('activateChanges'), '', FlashMessage::INFO);
404 $this->content .= $flashMessage->render();
405 }
406
407 // If password is updated, output whether it failed or was OK.
408 if ($this->passwordIsSubmitted) {
409 $flashMessage = null;
410 switch ($this->passwordIsUpdated) {
411 case self::PASSWORD_OLD_WRONG:
412 $flashMessage = GeneralUtility::makeInstance(FlashMessage::class, $this->getLanguageService()->getLL('oldPassword_failed'), $this->getLanguageService()->getLL('newPassword'), FlashMessage::ERROR);
413 break;
414 case self::PASSWORD_NOT_THE_SAME:
415 $flashMessage = GeneralUtility::makeInstance(FlashMessage::class, $this->getLanguageService()->getLL('newPassword_failed'), $this->getLanguageService()->getLL('newPassword'), FlashMessage::ERROR);
416 break;
417 case self::PASSWORD_UPDATED:
418 $flashMessage = GeneralUtility::makeInstance(FlashMessage::class, $this->getLanguageService()->getLL('newPassword_ok'), $this->getLanguageService()->getLL('newPassword'));
419 break;
420 }
421 if ($flashMessage) {
422 $this->content .= $flashMessage->render();
423 }
424 }
425
426 // Render user switch
427 $this->content .= $this->renderSimulateUserSelectAndLabel();
428
429 // Render the menu items
430 $menuItems = $this->renderUserSetup();
431 $this->content .= $this->doc->getDynamicTabMenu($menuItems, 'user-setup', 1, false, false);
432 $formToken = $this->formProtection->generateToken('BE user setup', 'edit');
433 $this->content .= $this->doc->section('', '<input type="hidden" name="simUser" value="' . $this->simUser . '" />
434 <input type="hidden" name="formToken" value="' . $formToken . '" />
435 <input type="hidden" value="1" name="data[save]" />
436 <input type="hidden" name="data[setValuesToDefault]" value="0" id="setValuesToDefault" />
437 <input type="hidden" name="data[clearSessionVars]" value="0" id="clearSessionVars" />');
438 // End of wrapper div
439 $this->content .= '</div>';
440 // Setting up the buttons and markers for docheader
441 $docHeaderButtons = $this->getButtons();
442 $markers['CSH'] = $docHeaderButtons['csh'];
443 $markers['CONTENT'] = $this->content;
444 // Build the <body> for the module
445 $this->content = $this->doc->moduleBody($this->pageinfo, $docHeaderButtons, $markers);
446 // Renders the module page
447 $this->content = $this->doc->render($this->getLanguageService()->getLL('UserSettings'), $this->content);
448 }
449
450
451 /**
452 * Injects the request object for the current request or subrequest
453 * Simply calls main() and init() and writes the content to the response
454 *
455 * @param ServerRequestInterface $request the current request
456 * @param ResponseInterface $response
457 * @return ResponseInterface the response with the content
458 */
459 public function mainAction(ServerRequestInterface $request, ResponseInterface $response)
460 {
461 $GLOBALS['SOBE'] = $this;
462 $this->simulateUser();
463 $this->storeIncomingData();
464 $this->init();
465 $this->main();
466
467 $response->getBody()->write($this->content);
468 return $response;
469 }
470
471 /**
472 * Prints the content / ends page
473 *
474 * @return void
475 * @deprecated since TYPO3 CMS 7, will be removed in TYPO3 CMS 8
476 */
477 public function printContent()
478 {
479 GeneralUtility::logDeprecatedFunction();
480 echo $this->content;
481 }
482
483 /**
484 * Create the panel of buttons for submitting the form or otherwise perform operations.
485 *
486 * @return array All available buttons as an assoc. array
487 */
488 protected function getButtons()
489 {
490 /** @var IconFactory $iconFactory */
491 $iconFactory = GeneralUtility::makeInstance(IconFactory::class);
492 $buttons = array(
493 'csh' => '',
494 'save' => '',
495 'shortcut' => ''
496 );
497 $buttons['csh'] = BackendUtility::cshItem('_MOD_user_setup', '');
498 $buttons['save'] = '<button class="c-inputButton" name="data[save]" title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:rm.saveDoc', true) . '">'
499 . $iconFactory->getIcon('actions-document-save', Icon::SIZE_SMALL)->render()
500 . '</button>';
501 if ($this->getBackendUser()->mayMakeShortcut()) {
502 $buttons['shortcut'] = $this->doc->makeShortcutIcon('', '', $this->moduleName);
503 }
504 return $buttons;
505 }
506
507 /******************************
508 *
509 * Render module
510 *
511 ******************************/
512
513 /**
514 * renders the data for all tabs in the user setup and returns
515 * everything that is needed with tabs and dyntab menu
516 *
517 * @return array Ready to use for the dyntabmenu itemarray
518 */
519 protected function renderUserSetup()
520 {
521 $result = array();
522 $firstTabLabel = '';
523 $code = array();
524 $i = 0;
525 $fieldArray = $this->getFieldsFromShowItem();
526 $tabLabel = '';
527 foreach ($fieldArray as $fieldName) {
528 $more = '';
529 if (substr($fieldName, 0, 8) === '--div--;') {
530 if ($firstTabLabel === '') {
531 // First tab
532 $tabLabel = $this->getLabel(substr($fieldName, 8), '', false);
533 $firstTabLabel = $tabLabel;
534 } else {
535 $result[] = array(
536 'label' => $tabLabel,
537 'content' => count($code) ? implode(LF, $code) : ''
538 );
539 $tabLabel = $this->getLabel(substr($fieldName, 8), '', false);
540 $i = 0;
541 $code = array();
542 }
543 continue;
544 }
545 $config = $GLOBALS['TYPO3_USER_SETTINGS']['columns'][$fieldName];
546
547 // Field my be disabled in setup.fields
548 if (isset($this->tsFieldConf[$fieldName . '.']['disabled']) && $this->tsFieldConf[$fieldName . '.']['disabled'] == 1) {
549 continue;
550 }
551 if (isset($config['access']) && !$this->checkAccess($config)) {
552 continue;
553 }
554 $label = $this->getLabel($config['label'], $fieldName);
555 $label = $this->getCSH($config['csh'] ?: $fieldName, $label);
556 $type = $config['type'];
557 $class = $config['class'];
558
559 if ($type !== 'check') {
560 $class .= ' form-control';
561 }
562
563 $style = $config['style'];
564 if ($class) {
565 $more .= ' class="' . $class . '"';
566 }
567 if ($style) {
568 $more .= ' style="' . $style . '"';
569 }
570 if (isset($this->overrideConf[$fieldName])) {
571 $more .= ' disabled="disabled"';
572 }
573 $value = $config['table'] === 'be_users' ? $this->getBackendUser()->user[$fieldName] : $this->getBackendUser()->uc[$fieldName];
574 if (!$value && isset($config['default'])) {
575 $value = $config['default'];
576 }
577 $dataAdd = '';
578 if ($config['table'] === 'be_users') {
579 $dataAdd = '[be_users]';
580 }
581
582 switch ($type) {
583 case 'text':
584 case 'email':
585 case 'password':
586 $noAutocomplete = '';
587 if ($type === 'password') {
588 $value = '';
589 $noAutocomplete = 'autocomplete="off" ';
590 $more .= ' data-rsa-encryption=""';
591 }
592 $html = '<input id="field_' . $fieldName . '"
593 type="' . $type . '"
594 name="data' . $dataAdd . '[' . $fieldName . ']" ' .
595 $noAutocomplete .
596 'value="' . htmlspecialchars($value) . '" ' .
597 $more .
598 ' />';
599 break;
600 case 'check':
601 $html = $label . '<div class="checkbox"><label><input id="field_' . $fieldName . '"
602 type="checkbox"
603 name="data' . $dataAdd . '[' . $fieldName . ']"' .
604 ($value ? ' checked="checked"' : '') .
605 $more .
606 ' /></label></div>';
607 $label = '';
608 break;
609 case 'select':
610 if ($config['itemsProcFunc']) {
611 $html = GeneralUtility::callUserFunction($config['itemsProcFunc'], $config, $this, '');
612 } else {
613 $html = '<select id="field_' . $fieldName . '"
614 name="data' . $dataAdd . '[' . $fieldName . ']"' .
615 $more . '>' . LF;
616 foreach ($config['items'] as $key => $optionLabel) {
617 $html .= '<option value="' . $key . '"' . ($value == $key ? ' selected="selected"' : '') . '>' . $this->getLabel($optionLabel, '', false) . '</option>' . LF;
618 }
619 $html .= '</select>';
620 }
621 break;
622 case 'user':
623 $html = GeneralUtility::callUserFunction($config['userFunc'], $config, $this, '');
624 break;
625 case 'button':
626 if ($config['onClick']) {
627 $onClick = $config['onClick'];
628 if ($config['onClickLabels']) {
629 foreach ($config['onClickLabels'] as $key => $labelclick) {
630 $config['onClickLabels'][$key] = $this->getLabel($labelclick, '', false);
631 }
632 $onClick = vsprintf($onClick, $config['onClickLabels']);
633 }
634 $html = '<br><input class="btn btn-default" type="button"
635 value="' . $this->getLabel($config['buttonlabel'], '', false) . '"
636 onclick="' . $onClick . '" />';
637 }
638 break;
639 case 'avatar':
640 // Get current avatar image
641 $html = '<br>';
642 $avatarFileUid = $this->getAvatarFileUid($this->getBackendUser()->user['uid']);
643
644 if ($avatarFileUid) {
645 $defaultAvatarProvider = GeneralUtility::makeInstance(DefaultAvatarProvider::class);
646 $avatarImage = $defaultAvatarProvider->getImage($this->getBackendUser()->user, 32);
647 if ($avatarImage) {
648 $icon = '<span class="avatar"><span class="avatar-image">' .
649 '<img src="' . htmlspecialchars($avatarImage->getUrl(true)) . '"' .
650 'width="' . (int)$avatarImage->getWidth() . '" ' .
651 'height="' . (int)$avatarImage->getHeight() . '" />' .
652 '</span></span>';
653 $html .= '<span class="pull-left" style="padding-right: 10px" id="image_' . htmlspecialchars($fieldName) . '">' . $icon . ' </span>';
654 }
655 }
656 $html .= '<input id="field_' . htmlspecialchars($fieldName) . '" type="hidden" ' .
657 'name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' . $more .
658 ' value="' . $avatarFileUid . '" />';
659
660 $html .= '<div class="btn-group">';
661 if ($avatarFileUid) {
662 $html .= '<a id="clear_button_' . htmlspecialchars($fieldName) . '" onclick="clearExistingImage(); return false;" class="btn btn-default"><span class="t3-icon fa t3-icon fa fa-remove"> </span></a>';
663 }
664 $html .= '<a id="add_button_' . htmlspecialchars($fieldName) . '" class="btn btn-default btn-add-avatar" onclick="openFileBrowser();return false;"><span class="t3-icon t3-icon-actions t3-icon-actions-insert t3-icon-insert-record"> </span></a>' .
665 '</div>';
666
667 $this->addAvatarButtonJs($fieldName);
668 break;
669 default:
670 $html = '';
671 }
672
673 $code[] = '<div class="form-section"><div class="form-group">' .
674 $label .
675 $html .
676 '</div></div>';
677 }
678
679 $result[] = array(
680 'label' => $tabLabel,
681 'content' => count($code) ? implode(LF, $code) : ''
682 );
683 return $result;
684 }
685
686 /******************************
687 *
688 * Helper functions
689 *
690 ******************************/
691 /**
692 * Returns the backend user object, either the global OR the $this->OLD_BE_USER which is set during simulate-user operation.
693 * Anyway: The REAL user is returned - the one logged in.
694 *
695 * @return BackendUserAuthentication The REAL user is returned - the one logged in.
696 */
697 protected function getRealScriptUserObj()
698 {
699 return is_object($this->OLD_BE_USER) ? $this->OLD_BE_USER : $this->getBackendUser();
700 }
701
702 /**
703 * Return a select with available languages
704 *
705 * @return string Complete select as HTML string or warning box if something went wrong.
706 */
707 public function renderLanguageSelect($params, $pObj)
708 {
709 $languageOptions = array();
710 // Compile the languages dropdown
711 $langDefault = $this->getLanguageService()->getLL('lang_default', true);
712 $languageOptions[$langDefault] = '<option value=""' . ($this->getBackendUser()->uc['lang'] === '' ? ' selected="selected"' : '') . '>' . $langDefault . '</option>';
713 // Traverse the number of languages
714 /** @var $locales \TYPO3\CMS\Core\Localization\Locales */
715 $locales = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Localization\Locales::class);
716 $languages = $locales->getLanguages();
717 foreach ($languages as $locale => $name) {
718 if ($locale !== 'default') {
719 $defaultName = isset($GLOBALS['LOCAL_LANG']['default']['lang_' . $locale]) ? $GLOBALS['LOCAL_LANG']['default']['lang_' . $locale][0]['source'] : $name;
720 $localizedName = $this->getLanguageService()->getLL('lang_' . $locale, true);
721 if ($localizedName === '') {
722 $localizedName = htmlspecialchars($name);
723 }
724 $localLabel = ' - [' . htmlspecialchars($defaultName) . ']';
725 $available = is_dir(PATH_typo3conf . 'l10n/' . $locale);
726 if ($available) {
727 $languageOptions[$defaultName] = '<option value="' . $locale . '"' . ($this->getBackendUser()->uc['lang'] === $locale ? ' selected="selected"' : '') . '>' . $localizedName . $localLabel . '</option>';
728 }
729 }
730 }
731 ksort($languageOptions);
732 $languageCode = '
733 <select id="field_lang" name="data[lang]" class="form-control">' . implode('', $languageOptions) . '
734 </select>';
735 if ($this->getBackendUser()->uc['lang'] && !@is_dir((PATH_typo3conf . 'l10n/' . $this->getBackendUser()->uc['lang']))) {
736 $languageUnavailableWarning = 'The selected language "' . $this->getLanguageService()->getLL(('lang_' . $this->getBackendUser()->uc['lang']), true) . '" is not available before the language files are installed.<br />' . ($this->getBackendUser()->isAdmin() ? 'You can use the Language module to easily download new language files.' : 'Please ask your system administrator to do this.');
737 $languageUnavailableMessage = GeneralUtility::makeInstance(FlashMessage::class, $languageUnavailableWarning, '', FlashMessage::WARNING);
738 $languageCode = $languageUnavailableMessage->render() . $languageCode;
739 }
740 return $languageCode;
741 }
742
743 /**
744 * Returns a select with all modules for startup
745 *
746 * @return string Complete select as HTML string
747 */
748 public function renderStartModuleSelect($params, $pObj)
749 {
750 $startModuleSelect = '<option value="">' . $this->getLanguageService()->getLL('startModule.firstInMenu', true) . '</option>';
751 foreach ($pObj->loadModules->modules as $mainMod => $modData) {
752 if (!empty($modData['sub']) && is_array($modData['sub'])) {
753 $modules = '';
754 foreach ($modData['sub'] as $subData) {
755 $modName = $subData['name'];
756 $modules .= '<option value="' . htmlspecialchars($modName) . '"';
757 $modules .= $this->getBackendUser()->uc['startModule'] === $modName ? ' selected="selected"' : '';
758 $modules .= '>' . $this->getLanguageService()->moduleLabels['tabs'][$modName . '_tab'] . '</option>';
759 }
760 $groupLabel = $this->getLanguageService()->moduleLabels['tabs'][$mainMod . '_tab'];
761 $startModuleSelect .= '<optgroup label="' . htmlspecialchars($groupLabel) . '">' . $modules . '</optgroup>';
762 }
763 }
764 return '<select id="field_startModule" name="data[startModule]" class="form-control">' . $startModuleSelect . '</select>';
765 }
766
767 /**
768 * Will make the simulate-user selector if the logged in user is administrator.
769 * It will also set the GLOBAL(!) BE_USER to the simulated user selected if any (and set $this->OLD_BE_USER to logged in user)
770 *
771 * @return void
772 */
773 public function simulateUser()
774 {
775 // If admin, allow simulation of another user
776 $this->simUser = 0;
777 $this->simulateSelector = '';
778 unset($this->OLD_BE_USER);
779 if ($this->getBackendUser()->isAdmin()) {
780 $this->simUser = (int)GeneralUtility::_GP('simUser');
781 // Make user-selector:
782 $db = $this->getDatabaseConnection();
783 $where = 'AND username NOT LIKE ' . $db->fullQuoteStr($db->escapeStrForLike('_cli_', 'be_users') . '%', 'be_users');
784 $where .= ' AND uid <> ' . (int)$this->getBackendUser()->user['uid'] . BackendUtility::BEenableFields('be_users');
785 $users = BackendUtility::getUserNames('username,usergroup,usergroup_cached_list,uid,realName', $where);
786 $opt = array();
787 foreach ($users as $rr) {
788 $label = htmlspecialchars(($rr['username'] . ($rr['realName'] ? ' (' . $rr['realName'] . ')' : '')));
789 $opt[] = '<option value="' . $rr['uid'] . '"' . ($this->simUser == $rr['uid'] ? ' selected="selected"' : '') . '>' . $label . '</option>';
790 }
791 if (!empty($opt)) {
792 $this->simulateSelector = '<select id="field_simulate" name="simulateUser" onchange="window.location.href=' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('user_setup') . '&simUser=') . '+this.options[this.selectedIndex].value;"><option></option>' . implode('', $opt) . '</select>';
793 }
794 }
795 // This can only be set if the previous code was executed.
796 if ($this->simUser > 0) {
797 // Save old user...
798 $this->OLD_BE_USER = $this->getBackendUser();
799 unset($GLOBALS['BE_USER']);
800 // Unset current
801 // New backend user object
802 $BE_USER = GeneralUtility::makeInstance(BackendUserAuthentication::class);
803 $BE_USER->setBeUserByUid($this->simUser);
804 $BE_USER->fetchGroupData();
805 $BE_USER->backendSetUC();
806 // Must do this, because unsetting $BE_USER before apparently unsets the reference to the global variable by this name!
807 $GLOBALS['BE_USER'] = $BE_USER;
808 }
809 }
810
811 /**
812 * Render simulate user select and label
813 *
814 * @return string
815 */
816 protected function renderSimulateUserSelectAndLabel()
817 {
818 if ($this->simulateSelector === '') {
819 return '';
820 }
821
822 return '<p>' .
823 '<label for="field_simulate" style="margin-right: 20px;">' .
824 $this->getLanguageService()->sL('LLL:EXT:setup/Resources/Private/Language/locallang.xlf:simulate') .
825 '</label>' .
826 $this->simulateSelector .
827 '</p>';
828 }
829
830 /**
831 * Returns access check (currently only "admin" is supported)
832 *
833 * @param array $config Configuration of the field, access mode is defined in key 'access'
834 * @return bool Whether it is allowed to modify the given field
835 */
836 protected function checkAccess(array $config)
837 {
838 $access = $config['access'];
839
840 if (isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['setup']['accessLevelCheck'][$access])) {
841 if (class_exists($access)) {
842 $accessObject = GeneralUtility::makeInstance($access);
843 if (method_exists($accessObject, 'accessLevelCheck')) {
844 // Initialize vars. If method fails, $set will be set to FALSE
845 return $accessObject->accessLevelCheck($config);
846 }
847 }
848 } elseif ($access == 'admin') {
849 return $this->isAdmin;
850 }
851
852 return false;
853 }
854
855 /**
856 * Returns the label $str from getLL() and grays out the value if the $str/$key is found in $this->overrideConf array
857 *
858 * @param string $str Locallang key
859 * @param string $key Alternative override-config key
860 * @param bool $addLabelTag Defines whether the string should be wrapped in a <label> tag.
861 * @param string $altLabelTagId Alternative id for use in "for" attribute of <label> tag. By default the $str key is used prepended with "field_".
862 * @return string HTML output.
863 */
864 protected function getLabel($str, $key = '', $addLabelTag = true, $altLabelTagId = '')
865 {
866 if (substr($str, 0, 4) === 'LLL:') {
867 $out = $this->getLanguageService()->sL($str);
868 } else {
869 $out = htmlspecialchars($str);
870 }
871 if (isset($this->overrideConf[$key ?: $str])) {
872 $out = '<span style="color:#999999">' . $out . '</span>';
873 }
874 if ($addLabelTag) {
875 $out = '<label for="' . ($altLabelTagId ?: 'field_' . $key) . '">' . $out . '</label>';
876 }
877 return $out;
878 }
879
880 /**
881 * Returns the CSH Icon for given string
882 *
883 * @param string $str Locallang key
884 * @param string $label The label to be used, that should be wrapped in help
885 * @return string HTML output.
886 */
887 protected function getCSH($str, $label)
888 {
889 $context = '_MOD_user_setup';
890 $field = $str;
891 $strParts = explode(':', $str);
892 if (count($strParts) > 1) {
893 // Setting comes from another extension
894 $context = $strParts[0];
895 $field = $strParts[1];
896 } elseif (!GeneralUtility::inList('language,simuser,reset', $str)) {
897 $field = 'option_' . $str;
898 }
899 return BackendUtility::wrapInHelp($context, $field, $label);
900 }
901
902 /**
903 * Returns array with fields defined in $GLOBALS['TYPO3_USER_SETTINGS']['showitem']
904 *
905 * @return array Array with fieldnames visible in form
906 */
907 protected function getFieldsFromShowItem()
908 {
909 return GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_USER_SETTINGS']['showitem'], true);
910 }
911
912 /**
913 * Get Avatar fileUid
914 *
915 * @param int $beUserId
916 * @return int
917 */
918 protected function getAvatarFileUid($beUserId)
919 {
920 $file = $this->getDatabaseConnection()->exec_SELECTgetSingleRow(
921 'uid_local',
922 'sys_file_reference',
923 'tablenames = \'be_users\' AND fieldname = \'avatar\' AND ' .
924 'table_local = \'sys_file\' AND uid_foreign = ' . (int)$beUserId .
925 BackendUtility::BEenableFields('sys_file_reference') . BackendUtility::deleteClause('sys_file_reference')
926 );
927 return $file ? $file['uid_local'] : 0;
928 }
929
930 /**
931 * Set avatar fileUid for backend user
932 *
933 * @param int $beUserId
934 * @param int $fileUid
935 * @param array $storeRec
936 */
937 protected function setAvatarFileUid($beUserId, $fileUid, array &$storeRec)
938 {
939
940 // Update is only needed when new fileUid is set
941 if ((int)$fileUid === $this->getAvatarFileUid($beUserId)) {
942 return;
943 }
944
945 // Delete old file reference
946 $this->getDatabaseConnection()->exec_DELETEquery(
947 'sys_file_reference',
948 'tablenames = \'be_users\' AND fieldname = \'avatar\' AND ' .
949 'table_local = \'sys_file\' AND uid_foreign = ' . (int)$beUserId
950 );
951
952 // Create new reference
953 if ($fileUid) {
954
955 // Get file object
956 try {
957 $file = ResourceFactory::getInstance()->getFileObject($fileUid);
958 } catch (FileDoesNotExistException $e) {
959 $file = false;
960 }
961
962 // Check if user is allowed to use the image (only when not in simulation mode)
963 if ($file && $this->simUser === 0 && !$file->getStorage()->checkFileActionPermission('read', $file)) {
964 $file = false;
965 }
966
967 // Check if extension is allowed
968 if ($file && GeneralUtility::inList($GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext'], $file->getExtension())) {
969
970 // Create new file reference
971 $storeRec['sys_file_reference']['NEW1234'] = array(
972 'uid_local' => $fileUid,
973 'uid_foreign' => $beUserId,
974 'tablenames' => 'be_users',
975 'fieldname' => 'avatar',
976 'pid' => 0,
977 'table_local' => 'sys_file',
978 );
979 $storeRec['be_users'][(int)$beUserId]['avatar'] = 'NEW1234';
980 }
981 }
982 }
983
984 /**
985 * Add JavaScript to for browse files button
986 *
987 * @param string $fieldName
988 */
989 protected function addAvatarButtonJs($fieldName)
990 {
991 $this->doc->JScodeArray['avatar-button'] = '
992 var browserWin="";
993
994 function openFileBrowser() {
995 var url = ' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('wizard_element_browser', ['mode' => 'file', 'bparams' => '||||dummy|setFileUid'])) . ';
996 browserWin = window.open(url,"Typo3WinBrowser","height=650,width=800,status=0,menubar=0,resizable=1,scrollbars=1");
997 browserWin.focus();
998 }
999
1000 function clearExistingImage() {
1001 TYPO3.jQuery(\'#image_' . htmlspecialchars($fieldName) . '\').hide();
1002 TYPO3.jQuery(\'#clear_button_' . htmlspecialchars($fieldName) . '\').hide();
1003 TYPO3.jQuery(\'#field_' . htmlspecialchars($fieldName) . '\').val(\'\');
1004 }
1005
1006 function setFileUid(field, value, fileUid) {
1007 clearExistingImage();
1008 TYPO3.jQuery(\'#field_' . htmlspecialchars($fieldName) . '\').val(fileUid);
1009 TYPO3.jQuery(\'#add_button_' . htmlspecialchars($fieldName) . '\').removeClass(\'btn-default\').addClass(\'btn-info\');
1010
1011 browserWin.close();
1012 }
1013 ';
1014 }
1015
1016 /**
1017 * Returns the current BE user.
1018 *
1019 * @return \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
1020 */
1021 protected function getBackendUser()
1022 {
1023 return $GLOBALS['BE_USER'];
1024 }
1025
1026 /**
1027 * Returns LanguageService
1028 *
1029 * @return \TYPO3\CMS\Lang\LanguageService
1030 */
1031 protected function getLanguageService()
1032 {
1033 return $GLOBALS['LANG'];
1034 }
1035
1036 /**
1037 * @return DatabaseConnection
1038 */
1039 protected function getDatabaseConnection()
1040 {
1041 return $GLOBALS['TYPO3_DB'];
1042 }
1043 }