7db44131b2ae894ffeeae0e187efdb859f0e7a07
[Packages/TYPO3.CMS.git] / typo3 / sysext / setup / Classes / Controller / SetupModuleController.php
1 <?php
2 namespace TYPO3\CMS\Setup\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
19 use TYPO3\CMS\Backend\Backend\Avatar\DefaultAvatarProvider;
20 use TYPO3\CMS\Backend\Module\AbstractModule;
21 use TYPO3\CMS\Backend\Module\ModuleLoader;
22 use TYPO3\CMS\Backend\Utility\BackendUtility;
23 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
24 use TYPO3\CMS\Core\Database\ConnectionPool;
25 use TYPO3\CMS\Core\DataHandling\DataHandler;
26 use TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
27 use TYPO3\CMS\Core\Imaging\Icon;
28 use TYPO3\CMS\Core\Imaging\IconFactory;
29 use TYPO3\CMS\Core\Messaging\FlashMessage;
30 use TYPO3\CMS\Core\Messaging\FlashMessageService;
31 use TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException;
32 use TYPO3\CMS\Core\Resource\ResourceFactory;
33 use TYPO3\CMS\Core\Utility\GeneralUtility;
34
35 /**
36 * Script class for the Setup module
37 */
38 class SetupModuleController extends AbstractModule
39 {
40 /**
41 * Flag if password has not been updated
42 */
43 const PASSWORD_NOT_UPDATED = 0;
44
45 /**
46 * Flag if password has been updated
47 */
48 const PASSWORD_UPDATED = 1;
49
50 /**
51 * Flag if both new passwords do not match
52 */
53 const PASSWORD_NOT_THE_SAME = 2;
54
55 /**
56 * Flag if the current password given was not identical to the real
57 * current password
58 */
59 const PASSWORD_OLD_WRONG = 3;
60
61 /**
62 * @var array
63 */
64 public $MOD_MENU = [];
65
66 /**
67 * @var array
68 */
69 public $MOD_SETTINGS = [];
70
71 /**
72 * @var string
73 */
74 public $content;
75
76 /**
77 * @var array
78 */
79 public $overrideConf;
80
81 /**
82 * backend user object, set during simulate-user operation
83 *
84 * @var \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
85 */
86 public $OLD_BE_USER;
87
88 /**
89 * @var bool
90 */
91 public $languageUpdate;
92
93 /**
94 * @var bool
95 */
96 protected $pagetreeNeedsRefresh = false;
97
98 /**
99 * @var bool
100 */
101 protected $isAdmin;
102
103 /**
104 * @var array
105 */
106 protected $tsFieldConf;
107
108 /**
109 * @var bool
110 */
111 protected $saveData = false;
112
113 /**
114 * @var int
115 */
116 protected $passwordIsUpdated = self::PASSWORD_NOT_UPDATED;
117
118 /**
119 * @var bool
120 */
121 protected $passwordIsSubmitted = false;
122
123 /**
124 * @var bool
125 */
126 protected $setupIsUpdated = false;
127
128 /**
129 * @var bool
130 */
131 protected $settingsAreResetToDefault = false;
132
133 /**
134 * Form protection instance
135 *
136 * @var \TYPO3\CMS\Core\FormProtection\BackendFormProtection
137 */
138 protected $formProtection;
139
140 /**
141 * @var string
142 */
143 protected $simulateSelector = '';
144
145 /**
146 * @var int
147 */
148 protected $simUser;
149
150 /**
151 * The name of the module
152 *
153 * @var string
154 */
155 protected $moduleName = 'user_setup';
156
157 /**
158 * @var ModuleLoader
159 */
160 protected $loadModules;
161
162 /**
163 * @var BackendUserAuthentication
164 */
165 protected $beUser;
166
167 /**
168 * Instantiate the form protection before a simulated user is initialized.
169 */
170 public function __construct()
171 {
172 parent::__construct();
173 $this->formProtection = FormProtectionFactory::get();
174 $pageRenderer = $this->moduleTemplate->getPageRenderer();
175 $pageRenderer->loadRequireJsModule('TYPO3/CMS/Backend/Modal');
176 $pageRenderer->loadRequireJsModule('TYPO3/CMS/Backend/FormEngine');
177 $pageRenderer->addInlineSetting('FormEngine', 'formName', 'editform');
178 $pageRenderer->addInlineLanguageLabelArray([
179 'FormEngine.remainingCharacters' => 'LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:labels.remainingCharacters',
180 ], true);
181 }
182
183 /**
184 * Getter for the form protection instance.
185 *
186 * @return \TYPO3\CMS\Core\FormProtection\BackendFormProtection
187 */
188 public function getFormProtection()
189 {
190 return $this->formProtection;
191 }
192
193 /**
194 * If settings are submitted to _POST[DATA], store them
195 * NOTICE: This method is called before the \TYPO3\CMS\Backend\Template\ModuleTemplate
196 * is included. See bottom of document.
197 */
198 public function storeIncomingData()
199 {
200 // First check if something is submitted in the data-array from POST vars
201 $d = GeneralUtility::_POST('data');
202 $columns = $GLOBALS['TYPO3_USER_SETTINGS']['columns'];
203 $beUserId = $this->beUser->user['uid'];
204 $storeRec = [];
205 $fieldList = $this->getFieldsFromShowItem();
206 if (is_array($d) && $this->formProtection->validateToken((string)GeneralUtility::_POST('formToken'), 'BE user setup', 'edit')) {
207 // UC hashed before applying changes
208 $save_before = md5(serialize($this->beUser->uc));
209 // PUT SETTINGS into the ->uc array:
210 // Reload left frame when switching BE language
211 if (isset($d['lang']) && $d['lang'] != $this->beUser->uc['lang']) {
212 $this->languageUpdate = true;
213 }
214 // Reload pagetree if the title length is changed
215 if (isset($d['titleLen']) && $d['titleLen'] !== $this->beUser->uc['titleLen']) {
216 $this->pagetreeNeedsRefresh = true;
217 }
218 if ($d['setValuesToDefault']) {
219 // If every value should be default
220 $this->beUser->resetUC();
221 $this->settingsAreResetToDefault = true;
222 } elseif ($d['save']) {
223 // Save all submitted values if they are no array (arrays are with table=be_users) and exists in $GLOBALS['TYPO3_USER_SETTINGS'][columns]
224 foreach ($columns as $field => $config) {
225 if (!in_array($field, $fieldList)) {
226 continue;
227 }
228 if ($config['table']) {
229 if ($config['table'] === 'be_users' && !in_array($field, ['password', 'password2', 'passwordCurrent', 'email', 'realName', 'admin', 'avatar'])) {
230 if (!isset($config['access']) || $this->checkAccess($config) && $this->beUser->user[$field] !== $d['be_users'][$field]) {
231 if ($config['type'] === 'check') {
232 $fieldValue = isset($d['be_users'][$field]) ? 1 : 0;
233 } else {
234 $fieldValue = $d['be_users'][$field];
235 }
236 $storeRec['be_users'][$beUserId][$field] = $fieldValue;
237 $this->beUser->user[$field] = $fieldValue;
238 }
239 }
240 }
241 if ($config['type'] === 'check') {
242 $this->beUser->uc[$field] = isset($d[$field]) ? 1 : 0;
243 } else {
244 $this->beUser->uc[$field] = htmlspecialchars($d[$field]);
245 }
246 }
247 // Personal data for the users be_user-record (email, name, password...)
248 // If email and name is changed, set it in the users record:
249 $be_user_data = $d['be_users'];
250 // Possibility to modify the transmitted values. Useful to do transformations, like RSA password decryption
251 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['modifyUserDataBeforeSave'])) {
252 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['modifyUserDataBeforeSave'] as $function) {
253 $params = ['be_user_data' => &$be_user_data];
254 GeneralUtility::callUserFunction($function, $params, $this);
255 }
256 }
257 $this->passwordIsSubmitted = (string)$be_user_data['password'] !== '';
258 $passwordIsConfirmed = $this->passwordIsSubmitted && $be_user_data['password'] === $be_user_data['password2'];
259 // Update the real name:
260 if ($be_user_data['realName'] !== $this->beUser->user['realName']) {
261 $this->beUser->user['realName'] = ($storeRec['be_users'][$beUserId]['realName'] = substr($be_user_data['realName'], 0, 80));
262 }
263 // Update the email address:
264 if ($be_user_data['email'] !== $this->beUser->user['email']) {
265 $this->beUser->user['email'] = ($storeRec['be_users'][$beUserId]['email'] = substr($be_user_data['email'], 0, 80));
266 }
267 // Update the password:
268 if ($passwordIsConfirmed) {
269 $currentPasswordHashed = $GLOBALS['BE_USER']->user['password'];
270 $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($currentPasswordHashed);
271 if ($saltFactory->checkPassword($be_user_data['passwordCurrent'], $currentPasswordHashed)) {
272 $this->passwordIsUpdated = self::PASSWORD_UPDATED;
273 $storeRec['be_users'][$beUserId]['password'] = $be_user_data['password'];
274 } else {
275 $this->passwordIsUpdated = self::PASSWORD_OLD_WRONG;
276 }
277 } else {
278 $this->passwordIsUpdated = self::PASSWORD_NOT_THE_SAME;
279 }
280
281 $this->setAvatarFileUid($beUserId, $be_user_data['avatar'], $storeRec);
282
283 $this->saveData = true;
284 }
285 // Inserts the overriding values.
286 $this->beUser->overrideUC();
287 $save_after = md5(serialize($this->beUser->uc));
288 // If something in the uc-array of the user has changed, we save the array...
289 if ($save_before != $save_after) {
290 $this->beUser->writeUC($this->beUser->uc);
291 $this->beUser->writelog(254, 1, 0, 1, 'Personal settings changed', []);
292 $this->setupIsUpdated = true;
293 }
294 // Persist data if something has changed:
295 if (!empty($storeRec) && $this->saveData) {
296 // Make instance of TCE for storing the changes.
297 /** @var DataHandler $dataHandler */
298 $dataHandler = GeneralUtility::makeInstance(DataHandler::class);
299 // This is so the user can actually update his user record.
300 $realUser = $this->getRealScriptUserObj();
301 $isAdmin = $realUser->user['admin'];
302 $realUser->user['admin'] = 1;
303 $dataHandler->start($storeRec, [], $realUser);
304 // This is to make sure that the users record can be updated even if in another workspace. This is tolerated.
305 $dataHandler->bypassWorkspaceRestrictions = true;
306 $dataHandler->process_datamap();
307 unset($tce);
308 if ($this->passwordIsUpdated === self::PASSWORD_NOT_UPDATED || count($storeRec['be_users'][$beUserId]) > 1) {
309 $this->setupIsUpdated = true;
310 }
311 // Restore admin status after processing
312 $realUser->user['admin'] = $isAdmin;
313
314 BackendUtility::setUpdateSignal('updateTopbar');
315 }
316 }
317 }
318
319 /******************************
320 *
321 * Rendering module
322 *
323 ******************************/
324 /**
325 * Initializes the module for display of the settings form.
326 */
327 public function init()
328 {
329 $this->getLanguageService()->includeLLFile('EXT:setup/Resources/Private/Language/locallang.xlf');
330
331 // Returns the script user - that is the REAL logged in user! ($GLOBALS[BE_USER] might be another user due to simulation!)
332 $scriptUser = $this->getRealScriptUserObj();
333
334 $this->isAdmin = $scriptUser->isAdmin();
335 // Getting the 'override' values as set might be set in User TSconfig
336 $this->overrideConf = $this->beUser->getTSConfigProp('setup.override');
337 // Getting the disabled fields might be set in User TSconfig (eg setup.fields.password.disabled=1)
338 $this->tsFieldConf = $this->beUser->getTSConfigProp('setup.fields');
339 // id password is disabled, disable repeat of password too (password2)
340 if (isset($this->tsFieldConf['password.']) && $this->tsFieldConf['password.']['disabled']) {
341 $this->tsFieldConf['password2.']['disabled'] = 1;
342 $this->tsFieldConf['passwordCurrent.']['disabled'] = 1;
343 }
344 }
345
346 /**
347 * Generate necessary JavaScript
348 *
349 * @return string
350 */
351 protected function getJavaScript()
352 {
353 $javaScript = '';
354 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['setupScriptHook'])) {
355 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['setupScriptHook'] as $function) {
356 $params = [];
357 $javaScript .= GeneralUtility::callUserFunction($function, $params, $this);
358 }
359 }
360 return $javaScript;
361 }
362
363 /**
364 * Generate the main settings form:
365 */
366 public function main()
367 {
368 $this->content .= '<form action="' . BackendUtility::getModuleUrl('user_setup') . '" method="post" id="SetupModuleController" name="usersetup" enctype="multipart/form-data">';
369 if ($this->languageUpdate) {
370 $this->moduleTemplate->addJavaScriptCode('languageUpdate', '
371 if (top && top.TYPO3.ModuleMenu.App) {
372 top.TYPO3.ModuleMenu.App.refreshMenu();
373 }
374 ');
375 }
376 if ($this->pagetreeNeedsRefresh) {
377 BackendUtility::setUpdateSignal('updatePageTree');
378 }
379 // Start page:
380 $this->moduleTemplate->getPageRenderer()->addJsFile('EXT:backend/Resources/Public/JavaScript/md5.js');
381 // Use a wrapper div
382 $this->content .= '<div id="user-setup-wrapper">';
383 // Load available backend modules
384 $this->loadModules = GeneralUtility::makeInstance(ModuleLoader::class);
385 $this->loadModules->observeWorkspaces = true;
386 $this->loadModules->load($GLOBALS['TBE_MODULES']);
387 $this->content .= $this->moduleTemplate->header($this->getLanguageService()->getLL('UserSettings'));
388 $this->addFlashMessages();
389
390 // Render user switch
391 $this->content .= $this->renderSimulateUserSelectAndLabel();
392
393 // Render the menu items
394 $menuItems = $this->renderUserSetup();
395 $this->content .= $this->moduleTemplate->getDynamicTabMenu($menuItems, 'user-setup', 1, false, false);
396 $formToken = $this->formProtection->generateToken('BE user setup', 'edit');
397 $this->content .= '<div>';
398 $this->content .= '<input type="hidden" name="simUser" value="' . (int)$this->simUser . '" />
399 <input type="hidden" name="formToken" value="' . htmlspecialchars($formToken) . '" />
400 <input type="hidden" value="1" name="data[save]" />
401 <input type="hidden" name="data[setValuesToDefault]" value="0" id="setValuesToDefault" />';
402 $this->content .= '</div>';
403 // End of wrapper div
404 $this->content .= '</div>';
405 // Setting up the buttons and markers for docheader
406 $this->getButtons();
407 // Build the <body> for the module
408 // Renders the module page
409 $this->moduleTemplate->setContent($this->content);
410 $this->content .= '</form>';
411 }
412
413 /**
414 * Injects the request object for the current request or subrequest
415 * Simply calls main() and init() and writes the content to the response
416 *
417 * @param ServerRequestInterface $request the current request
418 * @param ResponseInterface $response
419 * @return ResponseInterface the response with the content
420 */
421 public function mainAction(ServerRequestInterface $request, ResponseInterface $response)
422 {
423 $GLOBALS['SOBE'] = $this;
424 $this->simulateUser();
425 $this->init();
426 $this->storeIncomingData();
427 $this->main();
428
429 $response->getBody()->write($this->moduleTemplate->renderContent());
430 return $response;
431 }
432
433 /**
434 * Create the panel of buttons for submitting the form or otherwise perform operations.
435 */
436 protected function getButtons()
437 {
438 $buttonBar = $this->moduleTemplate->getDocHeaderComponent()->getButtonBar();
439 $cshButton = $buttonBar->makeHelpButton()
440 ->setModuleName('_MOD_user_setup')
441 ->setFieldName('');
442 $buttonBar->addButton($cshButton);
443
444 $saveButton = $buttonBar->makeInputButton()
445 ->setName('data[save]')
446 ->setTitle($this->getLanguageService()->sL('LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:rm.saveDoc'))
447 ->setValue('1')
448 ->setForm('SetupModuleController')
449 ->setShowLabelText(true)
450 ->setIcon($this->moduleTemplate->getIconFactory()->getIcon('actions-document-save', Icon::SIZE_SMALL));
451
452 $buttonBar->addButton($saveButton);
453 $shortcutButton = $buttonBar->makeShortcutButton()
454 ->setModuleName($this->moduleName);
455 $buttonBar->addButton($shortcutButton);
456 }
457
458 /******************************
459 *
460 * Render module
461 *
462 ******************************/
463
464 /**
465 * renders the data for all tabs in the user setup and returns
466 * everything that is needed with tabs and dyntab menu
467 *
468 * @return array Ready to use for the dyntabmenu itemarray
469 */
470 protected function renderUserSetup()
471 {
472 $html = '';
473 $result = [];
474 $firstTabLabel = '';
475 $code = [];
476 $fieldArray = $this->getFieldsFromShowItem();
477 $tabLabel = '';
478 foreach ($fieldArray as $fieldName) {
479 $config = $GLOBALS['TYPO3_USER_SETTINGS']['columns'][$fieldName];
480 if (isset($config['access']) && !$this->checkAccess($config)) {
481 continue;
482 }
483
484 if (substr($fieldName, 0, 8) === '--div--;') {
485 if ($firstTabLabel === '') {
486 // First tab
487 $tabLabel = $this->getLabel(substr($fieldName, 8), '', false);
488 $firstTabLabel = $tabLabel;
489 } else {
490 $result[] = [
491 'label' => $tabLabel,
492 'content' => count($code) ? implode(LF, $code) : ''
493 ];
494 $tabLabel = $this->getLabel(substr($fieldName, 8), '', false);
495 $code = [];
496 }
497 continue;
498 }
499 $label = $this->getLabel($config['label'], $fieldName);
500 $label = $this->getCSH($config['csh'] ?: $fieldName, $label);
501 $type = $config['type'];
502 $class = $config['class'];
503 if ($type !== 'check') {
504 $class .= ' form-control';
505 }
506 $more = '';
507 if ($class) {
508 $more .= ' class="' . htmlspecialchars($class) . '"';
509 }
510 $style = $config['style'];
511 if ($style) {
512 $more .= ' style="' . htmlspecialchars($style) . '"';
513 }
514 if (isset($this->overrideConf[$fieldName])) {
515 $more .= ' disabled="disabled"';
516 }
517 $value = $config['table'] === 'be_users' ? $this->beUser->user[$fieldName] : $this->beUser->uc[$fieldName];
518 if (!$value && isset($config['default'])) {
519 $value = $config['default'];
520 }
521 $dataAdd = '';
522 if ($config['table'] === 'be_users') {
523 $dataAdd = '[be_users]';
524 }
525
526 switch ($type) {
527 case 'text':
528 case 'email':
529 case 'password':
530 $noAutocomplete = '';
531
532 $maxLength = $config['max'] ?? 0;
533 if ((int)$maxLength > 0) {
534 $more .= ' maxlength="' . (int)$maxLength . '"';
535 }
536
537 if ($type === 'password') {
538 $value = '';
539 $noAutocomplete = 'autocomplete="off" ';
540 $more .= ' data-rsa-encryption=""';
541 }
542 $html = '<input id="field_' . htmlspecialchars($fieldName) . '"
543 type="' . htmlspecialchars($type) . '"
544 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']" ' .
545 $noAutocomplete .
546 'value="' . htmlspecialchars($value) . '" ' .
547 $more .
548 ' />';
549 break;
550 case 'check':
551 $html = $label . '<div class="checkbox"><label><input id="field_' . htmlspecialchars($fieldName) . '"
552 type="checkbox"
553 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' .
554 ($value ? ' checked="checked"' : '') .
555 $more .
556 ' /></label></div>';
557 $label = '';
558 break;
559 case 'select':
560 if ($config['itemsProcFunc']) {
561 $html = GeneralUtility::callUserFunction($config['itemsProcFunc'], $config, $this);
562 } else {
563 $html = '<select id="field_' . htmlspecialchars($fieldName) . '"
564 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' .
565 $more . '>' . LF;
566 foreach ($config['items'] as $key => $optionLabel) {
567 $html .= '<option value="' . htmlspecialchars($key) . '"' . ($value == $key ? ' selected="selected"' : '') . '>' . $this->getLabel($optionLabel, '', false) . '</option>' . LF;
568 }
569 $html .= '</select>';
570 }
571 break;
572 case 'user':
573 $html = GeneralUtility::callUserFunction($config['userFunc'], $config, $this);
574 break;
575 case 'button':
576 if ($config['onClick']) {
577 $onClick = $config['onClick'];
578 if ($config['onClickLabels']) {
579 foreach ($config['onClickLabels'] as $key => $labelclick) {
580 $config['onClickLabels'][$key] = $this->getLabel($labelclick, '', false);
581 }
582 $onClick = vsprintf($onClick, $config['onClickLabels']);
583 }
584 $html = '<br><input class="btn btn-default" type="button"
585 value="' . $this->getLabel($config['buttonlabel'], '', false) . '"
586 onclick="' . $onClick . '" />';
587 }
588 if (!empty($config['confirm'])) {
589 $confirmData = $config['confirmData'];
590 $html = '<br><input class="btn btn-default t3js-modal-trigger" type="button"'
591 . ' value="' . $this->getLabel($config['buttonlabel'], '', false) . '"'
592 . ' data-href="javascript:' . htmlspecialchars($confirmData['jsCodeAfterOk']) . '"'
593 . ' data-severity="warning"'
594 . ' data-title="' . $this->getLabel($config['label'], '', false) . '"'
595 . ' data-content="' . $this->getLabel($confirmData['message'], '', false) . '" />';
596 }
597 break;
598 case 'avatar':
599 // Get current avatar image
600 $html = '<br>';
601 $avatarFileUid = $this->getAvatarFileUid($this->beUser->user['uid']);
602
603 if ($avatarFileUid) {
604 $defaultAvatarProvider = GeneralUtility::makeInstance(DefaultAvatarProvider::class);
605 $avatarImage = $defaultAvatarProvider->getImage($this->beUser->user, 32);
606 if ($avatarImage) {
607 $icon = '<span class="avatar"><span class="avatar-image">' .
608 '<img src="' . htmlspecialchars($avatarImage->getUrl(true)) . '"' .
609 ' width="' . (int)$avatarImage->getWidth() . '" ' .
610 'height="' . (int)$avatarImage->getHeight() . '" />' .
611 '</span></span>';
612 $html .= '<span class="pull-left" style="padding-right: 10px" id="image_' . htmlspecialchars($fieldName) . '">' . $icon . ' </span>';
613 }
614 }
615 $html .= '<input id="field_' . htmlspecialchars($fieldName) . '" type="hidden" ' .
616 'name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' . $more .
617 ' value="' . (int)$avatarFileUid . '" />';
618
619 $html .= '<div class="btn-group">';
620 $iconFactory = GeneralUtility::makeInstance(IconFactory::class);
621 if ($avatarFileUid) {
622 $html .=
623 '<a id="clear_button_' . htmlspecialchars($fieldName) . '" '
624 . 'onclick="clearExistingImage(); return false;" class="btn btn-default">'
625 . $iconFactory->getIcon('actions-delete', Icon::SIZE_SMALL)
626 . '</a>';
627 }
628 $html .=
629 '<a id="add_button_' . htmlspecialchars($fieldName) . '" class="btn btn-default btn-add-avatar"'
630 . ' onclick="openFileBrowser();return false;">'
631 . $iconFactory->getIcon('actions-insert-record', Icon::SIZE_SMALL)
632 . '</a></div>';
633
634 $this->addAvatarButtonJs($fieldName);
635 break;
636 default:
637 $html = '';
638 }
639
640 $code[] = '<div class="form-section"><div class="row"><div class="form-group t3js-formengine-field-item col-md-12">' .
641 $label .
642 $html .
643 '</div></div></div>';
644 }
645
646 $result[] = [
647 'label' => $tabLabel,
648 'content' => count($code) ? implode(LF, $code) : ''
649 ];
650 return $result;
651 }
652
653 /******************************
654 *
655 * Helper functions
656 *
657 ******************************/
658 /**
659 * Returns the backend user object, either the global OR the $this->OLD_BE_USER which is set during simulate-user operation.
660 * Anyway: The REAL user is returned - the one logged in.
661 *
662 * @return BackendUserAuthentication The REAL user is returned - the one logged in.
663 */
664 protected function getRealScriptUserObj()
665 {
666 return is_object($this->OLD_BE_USER) ? $this->OLD_BE_USER : $this->beUser;
667 }
668
669 /**
670 * Return a select with available languages
671 *
672 * @param array $params unused
673 * @param SetupModuleController $controller
674 * @return string Complete select as HTML string or warning box if something went wrong.
675 */
676 public function renderLanguageSelect(array $params, $controller)
677 {
678 $languageOptions = [];
679 // Compile the languages dropdown
680 $langDefault = htmlspecialchars($this->getLanguageService()->getLL('lang_default'));
681 $languageOptions[$langDefault] = '<option value=""' . ($controller->beUser->uc['lang'] === '' ? ' selected="selected"' : '') . '>' . $langDefault . '</option>';
682 // Traverse the number of languages
683 /** @var $locales \TYPO3\CMS\Core\Localization\Locales */
684 $locales = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Localization\Locales::class);
685 $languages = $locales->getLanguages();
686 foreach ($languages as $locale => $name) {
687 if ($locale !== 'default') {
688 $defaultName = isset($GLOBALS['LOCAL_LANG']['default']['lang_' . $locale]) ? $GLOBALS['LOCAL_LANG']['default']['lang_' . $locale][0]['source'] : $name;
689 $localizedName = htmlspecialchars($this->getLanguageService()->getLL('lang_' . $locale));
690 if ($localizedName === '') {
691 $localizedName = htmlspecialchars($name);
692 }
693 $localLabel = ' - [' . htmlspecialchars($defaultName) . ']';
694 $available = is_dir(PATH_typo3conf . 'l10n/' . $locale);
695 if ($available) {
696 $languageOptions[$defaultName] = '<option value="' . $locale . '"' . ($controller->beUser->uc['lang'] === $locale ? ' selected="selected"' : '') . '>' . $localizedName . $localLabel . '</option>';
697 }
698 }
699 }
700 ksort($languageOptions);
701 $languageCode = '
702 <select id="field_lang" name="data[lang]" class="form-control">' . implode('', $languageOptions) . '
703 </select>';
704 if ($controller->beUser->uc['lang'] && !@is_dir((PATH_typo3conf . 'l10n/' . $controller->beUser->uc['lang']))) {
705 // TODO: The text constants have to be moved into language files
706 $languageUnavailableWarning = 'The selected language "' . htmlspecialchars($this->getLanguageService()->getLL('lang_' . $controller->beUser->uc['lang'])) . '" is not available before the language files are installed.&nbsp;&nbsp;<br />&nbsp;&nbsp;' . ($controller->beUser->isAdmin() ? 'You can use the Language module to easily download new language files.' : 'Please ask your system administrator to do this.');
707 $languageCode = '<br /><span class="label label-danger">' . $languageUnavailableWarning . '</span><br /><br />' . $languageCode;
708 }
709 return $languageCode;
710 }
711
712 /**
713 * Returns a select with all modules for startup
714 *
715 * @param array $params
716 * @param SetupModuleController $pObj
717 *
718 * @return string Complete select as HTML string
719 */
720 public function renderStartModuleSelect($params, $pObj)
721 {
722 // Load available backend modules
723 $this->loadModules = GeneralUtility::makeInstance(ModuleLoader::class);
724 $this->loadModules->observeWorkspaces = true;
725 $this->loadModules->load($GLOBALS['TBE_MODULES']);
726 $startModuleSelect = '<option value="">' . htmlspecialchars($this->getLanguageService()->getLL('startModule.firstInMenu')) . '</option>';
727 foreach ($pObj->loadModules->modules as $mainMod => $modData) {
728 if (!empty($modData['sub']) && is_array($modData['sub'])) {
729 $modules = '';
730 foreach ($modData['sub'] as $subData) {
731 $modName = $subData['name'];
732 $modules .= '<option value="' . htmlspecialchars($modName) . '"';
733 $modules .= $pObj->beUser->uc['startModule'] === $modName ? ' selected="selected"' : '';
734 $modules .= '>' . htmlspecialchars($this->getLanguageService()->sL($this->loadModules->getLabelsForModule($modName)['title'])) . '</option>';
735 }
736 $groupLabel = htmlspecialchars($this->getLanguageService()->sL($this->loadModules->getLabelsForModule($mainMod)['title']));
737 $startModuleSelect .= '<optgroup label="' . htmlspecialchars($groupLabel) . '">' . $modules . '</optgroup>';
738 }
739 }
740 return '<select id="field_startModule" name="data[startModule]" class="form-control">' . $startModuleSelect . '</select>';
741 }
742
743 /**
744 * Will make the simulate-user selector if the logged in user is administrator.
745 * It will also set the GLOBAL(!) BE_USER to the simulated user selected if any (and set $this->OLD_BE_USER to logged in user)
746 */
747 public function simulateUser()
748 {
749 // If admin, allow simulation of another user
750 $this->simUser = 0;
751 $this->simulateSelector = '';
752 unset($this->OLD_BE_USER);
753 $currentBeUser = $this->getBackendUser();
754 if ($currentBeUser->isAdmin()) {
755 $this->simUser = (int)GeneralUtility::_GP('simUser');
756 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_users');
757 $users = $queryBuilder
758 ->select('*')
759 ->from('be_users')
760 ->where(
761 $queryBuilder->expr()->neq(
762 'uid',
763 $queryBuilder->createNamedParameter($currentBeUser->user['uid'], \PDO::PARAM_INT)
764 ),
765 $queryBuilder->expr()->notLike(
766 'username',
767 $queryBuilder->createNamedParameter(
768 $queryBuilder->escapeLikeWildcards('_cli_') . '%',
769 \PDO::PARAM_STR
770 )
771 )
772 )
773 ->orderBy('username')
774 ->execute()
775 ->fetchAll();
776 $opt = [];
777 foreach ($users as $rr) {
778 $label = $rr['username'] . ($rr['realName'] ? ' (' . $rr['realName'] . ')' : '');
779 $opt[] = '<option value="' . (int)$rr['uid'] . '"' . ($this->simUser === (int)$rr['uid'] ? ' selected="selected"' : '') . '>' . htmlspecialchars($label) . '</option>';
780 }
781 if (!empty($opt)) {
782 $this->simulateSelector = '<select id="field_simulate" class="form-control" name="simulateUser" onchange="window.location.href=' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('user_setup') . '&simUser=') . '+this.options[this.selectedIndex].value;"><option></option>' . implode('', $opt) . '</select>';
783 }
784 }
785 // This can only be set if the previous code was executed.
786 if ($this->simUser > 0) {
787 // Save old user...
788 $this->OLD_BE_USER = $currentBeUser;
789 // Unset current
790 // New backend user object
791 $currentBeUser = GeneralUtility::makeInstance(BackendUserAuthentication::class);
792 $currentBeUser->setBeUserByUid($this->simUser);
793 $currentBeUser->fetchGroupData();
794 $currentBeUser->backendSetUC();
795 }
796 $this->beUser = $currentBeUser;
797 }
798
799 /**
800 * Render simulate user select and label
801 *
802 * @return string
803 */
804 protected function renderSimulateUserSelectAndLabel()
805 {
806 if ($this->simulateSelector === '') {
807 return '';
808 }
809
810 return '<div class="form-inline"><div class="form-group"><p>'
811 . '<label for="field_simulate" style="margin-right: 20px;">'
812 . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:setup/Resources/Private/Language/locallang.xlf:simulate'))
813 . '</label>'
814 . $this->simulateSelector
815 . '</p></div></div>';
816 }
817
818 /**
819 * Returns access check (currently only "admin" is supported)
820 *
821 * @param array $config Configuration of the field, access mode is defined in key 'access'
822 * @return bool Whether it is allowed to modify the given field
823 */
824 protected function checkAccess(array $config)
825 {
826 $access = $config['access'];
827
828 if (isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['setup']['accessLevelCheck'][$access])) {
829 if (class_exists($access)) {
830 $accessObject = GeneralUtility::makeInstance($access);
831 if (method_exists($accessObject, 'accessLevelCheck')) {
832 // Initialize vars. If method fails, $set will be set to FALSE
833 return $accessObject->accessLevelCheck($config);
834 }
835 }
836 } elseif ($access === 'admin') {
837 return $this->isAdmin;
838 }
839
840 return false;
841 }
842
843 /**
844 * Returns the label $str from getLL() and grays out the value if the $str/$key is found in $this->overrideConf array
845 *
846 * @param string $str Locallang key
847 * @param string $key Alternative override-config key
848 * @param bool $addLabelTag Defines whether the string should be wrapped in a <label> tag.
849 * @return string HTML output.
850 */
851 protected function getLabel($str, $key = '', $addLabelTag = true)
852 {
853 if (substr($str, 0, 4) === 'LLL:') {
854 $out = htmlspecialchars($this->getLanguageService()->sL($str));
855 } else {
856 $out = htmlspecialchars($str);
857 }
858 if (isset($this->overrideConf[$key ?: $str])) {
859 $out = '<span style="color:#999999">' . $out . '</span>';
860 }
861 if ($addLabelTag) {
862 $out = '<label>' . $out . '</label>';
863 }
864 return $out;
865 }
866
867 /**
868 * Returns the CSH Icon for given string
869 *
870 * @param string $str Locallang key
871 * @param string $label The label to be used, that should be wrapped in help
872 * @return string HTML output.
873 */
874 protected function getCSH($str, $label)
875 {
876 $context = '_MOD_user_setup';
877 $field = $str;
878 $strParts = explode(':', $str);
879 if (count($strParts) > 1) {
880 // Setting comes from another extension
881 $context = $strParts[0];
882 $field = $strParts[1];
883 } elseif ($str !== 'language' && $str !== 'simuser' && $str !== 'reset') {
884 $field = 'option_' . $str;
885 }
886 return BackendUtility::wrapInHelp($context, $field, $label);
887 }
888
889 /**
890 * Returns array with fields defined in $GLOBALS['TYPO3_USER_SETTINGS']['showitem']
891 * Remove fields which are disabled by user TSconfig
892 *
893 * @return string[] Array with field names visible in form
894 */
895 protected function getFieldsFromShowItem()
896 {
897 $allowedFields = GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_USER_SETTINGS']['showitem'], true);
898 if (!is_array($this->tsFieldConf)) {
899 return $allowedFields;
900 }
901 foreach ($this->tsFieldConf as $fieldName => $userTsFieldConfig) {
902 if (!empty($userTsFieldConfig['disabled'])) {
903 $fieldName = rtrim($fieldName, '.');
904 $key = array_search($fieldName, $allowedFields);
905 if ($key !== false) {
906 unset($allowedFields[$key]);
907 }
908 }
909 }
910 return $allowedFields;
911 }
912
913 /**
914 * Get Avatar fileUid
915 *
916 * @param int $beUserId
917 * @return int
918 */
919 protected function getAvatarFileUid($beUserId)
920 {
921 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('sys_file_reference');
922 $file = $queryBuilder
923 ->select('uid_local')
924 ->from('sys_file_reference')
925 ->where(
926 $queryBuilder->expr()->eq(
927 'tablenames',
928 $queryBuilder->createNamedParameter('be_users', \PDO::PARAM_STR)
929 ),
930 $queryBuilder->expr()->eq(
931 'fieldname',
932 $queryBuilder->createNamedParameter('avatar', \PDO::PARAM_STR)
933 ),
934 $queryBuilder->expr()->eq(
935 'table_local',
936 $queryBuilder->createNamedParameter('sys_file', \PDO::PARAM_STR)
937 ),
938 $queryBuilder->expr()->eq(
939 'uid_foreign',
940 $queryBuilder->createNamedParameter($beUserId, \PDO::PARAM_INT)
941 )
942 )
943 ->execute()
944 ->fetchColumn();
945 return (int)$file;
946 }
947
948 /**
949 * Set avatar fileUid for backend user
950 *
951 * @param int $beUserId
952 * @param int $fileUid
953 * @param array $storeRec
954 */
955 protected function setAvatarFileUid($beUserId, $fileUid, array &$storeRec)
956 {
957
958 // Update is only needed when new fileUid is set
959 if ((int)$fileUid === $this->getAvatarFileUid($beUserId)) {
960 return;
961 }
962
963 // If user is not allowed to modify avatar $fileUid is empty - so don't overwrite existing avatar
964 if (empty($fileUid)) {
965 return;
966 }
967
968 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('sys_file_reference');
969 $queryBuilder->getRestrictions()->removeAll();
970 $queryBuilder
971 ->delete('sys_file_reference')
972 ->where(
973 $queryBuilder->expr()->eq(
974 'tablenames',
975 $queryBuilder->createNamedParameter('be_users', \PDO::PARAM_STR)
976 ),
977 $queryBuilder->expr()->eq(
978 'fieldname',
979 $queryBuilder->createNamedParameter('avatar', \PDO::PARAM_STR)
980 ),
981 $queryBuilder->expr()->eq(
982 'table_local',
983 $queryBuilder->createNamedParameter('sys_file', \PDO::PARAM_STR)
984 ),
985 $queryBuilder->expr()->eq(
986 'uid_foreign',
987 $queryBuilder->createNamedParameter($beUserId, \PDO::PARAM_INT)
988 )
989 )
990 ->execute();
991
992 // If Avatar is marked for delete => set it to empty string so it will be updated properly
993 if ($fileUid === 'delete') {
994 $fileUid = '';
995 }
996
997 // Create new reference
998 if ($fileUid) {
999
1000 // Get file object
1001 try {
1002 $file = ResourceFactory::getInstance()->getFileObject($fileUid);
1003 } catch (FileDoesNotExistException $e) {
1004 $file = false;
1005 }
1006
1007 // Check if user is allowed to use the image (only when not in simulation mode)
1008 if ($file && $this->simUser === 0 && !$file->getStorage()->checkFileActionPermission('read', $file)) {
1009 $file = false;
1010 }
1011
1012 // Check if extension is allowed
1013 if ($file && GeneralUtility::inList($GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext'], $file->getExtension())) {
1014
1015 // Create new file reference
1016 $storeRec['sys_file_reference']['NEW1234'] = [
1017 'uid_local' => (int)$fileUid,
1018 'uid_foreign' => (int)$beUserId,
1019 'tablenames' => 'be_users',
1020 'fieldname' => 'avatar',
1021 'pid' => 0,
1022 'table_local' => 'sys_file',
1023 ];
1024 $storeRec['be_users'][(int)$beUserId]['avatar'] = 'NEW1234';
1025 }
1026 }
1027 }
1028
1029 /**
1030 * Add JavaScript to for browse files button
1031 *
1032 * @param string $fieldName
1033 */
1034 protected function addAvatarButtonJs($fieldName)
1035 {
1036 $this->moduleTemplate->addJavaScriptCode('avatar-button', '
1037 var browserWin="";
1038
1039 function openFileBrowser() {
1040 var url = ' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('wizard_element_browser', ['mode' => 'file', 'bparams' => '||||dummy|setFileUid'])) . ';
1041 browserWin = window.open(url,"Typo3WinBrowser","height=650,width=800,status=0,menubar=0,resizable=1,scrollbars=1");
1042 browserWin.focus();
1043 }
1044
1045 function clearExistingImage() {
1046 $(' . GeneralUtility::quoteJSvalue('#image_' . htmlspecialchars($fieldName)) . ').hide();
1047 $(' . GeneralUtility::quoteJSvalue('#clear_button_' . htmlspecialchars($fieldName)) . ').hide();
1048 $(' . GeneralUtility::quoteJSvalue('#field_' . htmlspecialchars($fieldName)) . ').val(\'delete\');
1049 }
1050
1051 function setFileUid(field, value, fileUid) {
1052 clearExistingImage();
1053 $(' . GeneralUtility::quoteJSvalue('#field_' . htmlspecialchars($fieldName)) . ').val(fileUid);
1054 $(' . GeneralUtility::quoteJSvalue('#add_button_' . htmlspecialchars($fieldName)) . ').removeClass(\'btn-default\').addClass(\'btn-info\');
1055
1056 browserWin.close();
1057 }
1058 ');
1059 }
1060
1061 /**
1062 * Returns the current BE user.
1063 *
1064 * @return \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
1065 */
1066 protected function getBackendUser()
1067 {
1068 return $GLOBALS['BE_USER'];
1069 }
1070
1071 /**
1072 * Returns LanguageService
1073 *
1074 * @return \TYPO3\CMS\Lang\LanguageService
1075 */
1076 protected function getLanguageService()
1077 {
1078 return $GLOBALS['LANG'];
1079 }
1080
1081 /**
1082 * Add FlashMessages for various actions
1083 */
1084 protected function addFlashMessages()
1085 {
1086 $flashMessages = [];
1087
1088 // Show if setup was saved
1089 if ($this->setupIsUpdated && !$this->settingsAreResetToDefault) {
1090 $flashMessages[] = $this->getFlashMessage('setupWasUpdated', 'UserSettings');
1091 }
1092
1093 // Show if temporary data was cleared
1094 if ($this->settingsAreResetToDefault) {
1095 $flashMessages[] = $this->getFlashMessage('settingsAreReset', 'resetConfiguration');
1096 }
1097
1098 // Notice
1099 if ($this->setupIsUpdated || $this->settingsAreResetToDefault) {
1100 $flashMessages[] = $this->getFlashMessage('activateChanges', '', FlashMessage::INFO);
1101 }
1102
1103 // If password is updated, output whether it failed or was OK.
1104 if ($this->passwordIsSubmitted) {
1105 $flashMessage = null;
1106 switch ($this->passwordIsUpdated) {
1107 case self::PASSWORD_OLD_WRONG:
1108 $flashMessages[] = $this->getFlashMessage('oldPassword_failed', 'newPassword', FlashMessage::ERROR);
1109 break;
1110 case self::PASSWORD_NOT_THE_SAME:
1111 $flashMessages[] = $this->getFlashMessage('newPassword_failed', 'newPassword', FlashMessage::ERROR);
1112 break;
1113 case self::PASSWORD_UPDATED:
1114 $flashMessages[] = $this->getFlashMessage('newPassword_ok', 'newPassword');
1115 break;
1116 }
1117 }
1118 if (!empty($flashMessages)) {
1119 $this->enqueueFlashMessages($flashMessages);
1120 }
1121 }
1122
1123 /**
1124 * @param array $flashMessages
1125 * @throws \TYPO3\CMS\Core\Exception
1126 */
1127 protected function enqueueFlashMessages(array $flashMessages)
1128 {
1129 $flashMessageService = GeneralUtility::makeInstance(FlashMessageService::class);
1130 $defaultFlashMessageQueue = $flashMessageService->getMessageQueueByIdentifier();
1131 foreach ($flashMessages as $flashMessage) {
1132 $defaultFlashMessageQueue->enqueue($flashMessage);
1133 }
1134 }
1135
1136 /**
1137 * @param string $message
1138 * @param string $title
1139 * @param int $severity
1140 * @return FlashMessage
1141 */
1142 protected function getFlashMessage($message, $title, $severity = FlashMessage::OK)
1143 {
1144 $title = !empty($title) ? $this->getLanguageService()->getLL($title) : ' ';
1145 return GeneralUtility::makeInstance(
1146 FlashMessage::class,
1147 $this->getLanguageService()->getLL($message),
1148 $title,
1149 $severity
1150 );
1151 }
1152 }