[TASK] Use SiteFinder in EXT:felogin
[Packages/TYPO3.CMS.git] / typo3 / sysext / felogin / Classes / Controller / FrontendLoginController.php
1 <?php
2 namespace TYPO3\CMS\Felogin\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Log\LoggerAwareInterface;
18 use Psr\Log\LoggerAwareTrait;
19 use TYPO3\CMS\Core\Authentication\LoginType;
20 use TYPO3\CMS\Core\Context\Context;
21 use TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
22 use TYPO3\CMS\Core\Crypto\Random;
23 use TYPO3\CMS\Core\Database\Connection;
24 use TYPO3\CMS\Core\Database\ConnectionPool;
25 use TYPO3\CMS\Core\Database\Query\Restriction\FrontendRestrictionContainer;
26 use TYPO3\CMS\Core\Exception\SiteNotFoundException;
27 use TYPO3\CMS\Core\Site\SiteFinder;
28 use TYPO3\CMS\Core\Utility\GeneralUtility;
29 use TYPO3\CMS\Frontend\Plugin\AbstractPlugin;
30
31 /**
32 * Plugin 'Website User Login' for the 'felogin' extension.
33 */
34 class FrontendLoginController extends AbstractPlugin implements LoggerAwareInterface
35 {
36 use LoggerAwareTrait;
37
38 /**
39 * Same as class name
40 *
41 * @var string
42 */
43 public $prefixId = 'tx_felogin_pi1';
44
45 /**
46 * The extension key.
47 *
48 * @var string
49 */
50 public $extKey = 'felogin';
51
52 /**
53 * @var bool
54 */
55 public $pi_checkCHash = false;
56
57 /**
58 * @var bool
59 */
60 public $pi_USER_INT_obj = true;
61
62 /**
63 * Is user logged in?
64 *
65 * @var bool
66 */
67 protected $userIsLoggedIn;
68
69 /**
70 * Holds the template for FE rendering
71 *
72 * @var string
73 */
74 protected $template;
75
76 /**
77 * URL for the redirect
78 *
79 * @var string
80 */
81 protected $redirectUrl;
82
83 /**
84 * Flag for disable the redirect
85 *
86 * @var bool
87 */
88 protected $noRedirect = false;
89
90 /**
91 * Logintype (given as GPvar), possible: login, logout
92 *
93 * @var string
94 */
95 protected $logintype;
96
97 /** @var SiteFinder */
98 protected $siteFinder;
99
100 /**
101 * A list of page UIDs, either an integer or a comma-separated list of integers
102 *
103 * @var string
104 */
105 public $spid;
106
107 /**
108 * Referrer
109 *
110 * @var string
111 */
112 public $referer;
113
114 /**
115 * The main method of the plugin
116 *
117 * @param string $content The PlugIn content
118 * @param array $conf The PlugIn configuration
119 * @return string The content that is displayed on the website
120 * @throws \RuntimeException when no storage PID was configured.
121 */
122 public function main($content, $conf)
123 {
124 $this->siteFinder = GeneralUtility::makeInstance(SiteFinder::class);
125
126 // Loading TypoScript array into object variable:
127 $this->conf = $conf;
128 // Loading default pivars
129 $this->pi_setPiVarDefaults();
130 // Loading language-labels
131 $this->pi_loadLL('EXT:felogin/Resources/Private/Language/locallang.xlf');
132 // Init FlexForm configuration for plugin:
133 $this->pi_initPIflexForm();
134 $this->mergeflexFormValuesIntoConf();
135 // Get storage PIDs:
136 if ($this->conf['storagePid']) {
137 if ((int)$this->conf['recursive']) {
138 $this->spid = $this->pi_getPidList($this->conf['storagePid'], (int)$this->conf['recursive']);
139 } else {
140 $this->spid = $this->conf['storagePid'];
141 }
142 } else {
143 throw new \RuntimeException('No storage folder (option storagePid) for frontend users given.', 1450904202);
144 }
145 // GPvars:
146 $this->logintype = GeneralUtility::_GP('logintype');
147 $this->referer = $this->validateRedirectUrl(GeneralUtility::_GP('referer'));
148 $this->noRedirect = $this->piVars['noredirect'] || $this->conf['redirectDisable'];
149 // If config.typolinkLinkAccessRestrictedPages is set, the var is return_url
150 $returnUrl = GeneralUtility::_GP('return_url');
151 if ($returnUrl) {
152 $this->redirectUrl = $returnUrl;
153 } else {
154 $this->redirectUrl = GeneralUtility::_GP('redirect_url');
155 }
156 $this->redirectUrl = $this->validateRedirectUrl($this->redirectUrl);
157 // Get Template
158 $templateFile = $this->conf['templateFile'] ?: 'EXT:felogin/Resources/Private/Templates/FrontendLogin.html';
159 $template = GeneralUtility::getFileAbsFileName($templateFile);
160 if ($template !== '' && file_exists($template)) {
161 $this->template = file_get_contents($template);
162 }
163 // Is user logged in?
164 $this->userIsLoggedIn = GeneralUtility::makeInstance(Context::class)->getPropertyFromAspect('frontend.user', 'isLoggedIn');
165 // Redirect
166 if ($this->conf['redirectMode'] && !$this->conf['redirectDisable'] && !$this->noRedirect) {
167 $redirectUrl = $this->processRedirect();
168 if (!empty($redirectUrl)) {
169 $this->redirectUrl = $this->conf['redirectFirstMethod'] ? array_shift($redirectUrl) : array_pop($redirectUrl);
170 } else {
171 $this->redirectUrl = '';
172 }
173 }
174 // What to display
175 $content = '';
176 if ($this->piVars['forgot'] && $this->conf['showForgotPasswordLink']) {
177 $content .= $this->showForgot();
178 } elseif ($this->piVars['forgothash']) {
179 $content .= $this->changePassword();
180 } else {
181 if ($this->userIsLoggedIn && !$this->logintype) {
182 $content .= $this->showLogout();
183 } else {
184 $content .= $this->showLogin();
185 }
186 }
187 // Process the redirect
188 if (($this->logintype === LoginType::LOGIN || $this->logintype === LoginType::LOGOUT) && $this->redirectUrl && !$this->noRedirect) {
189 if (!$this->frontendController->fe_user->isCookieSet() && $this->userIsLoggedIn) {
190 $content .= $this->cObj->stdWrap($this->pi_getLL('cookie_warning'), $this->conf['cookieWarning_stdWrap.']);
191 } else {
192 // Add hook for extra processing before redirect
193 $_params = [
194 'loginType' => $this->logintype,
195 'redirectUrl' => &$this->redirectUrl
196 ];
197 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'] ?? [] as $_funcRef) {
198 if ($_funcRef) {
199 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
200 }
201 }
202 \TYPO3\CMS\Core\Utility\HttpUtility::redirect($this->redirectUrl);
203 }
204 }
205 // Adds hook for processing of extra item markers / special
206 $_params = [
207 'content' => $content
208 ];
209 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'] ?? [] as $_funcRef) {
210 $content = GeneralUtility::callUserFunction($_funcRef, $_params, $this);
211 }
212 return $this->conf['wrapContentInBaseClass'] ? $this->pi_wrapInBaseClass($content) : $content;
213 }
214
215 /**
216 * Shows the forgot password form
217 *
218 * @return string Content
219 */
220 protected function showForgot()
221 {
222 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_FORGOT###');
223 $subpartArray = ($linkpartArray = []);
224 $postData = GeneralUtility::_POST($this->prefixId);
225 if ($postData['forgot_email']) {
226 // Get hashes for compare
227 $postedHash = $postData['forgot_hash'];
228 $hashData = $this->frontendController->fe_user->getKey('ses', 'forgot_hash');
229 if ($postedHash === $hashData['forgot_hash']) {
230 $userTable = $this->frontendController->fe_user->user_table;
231 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
232 $queryBuilder->setRestrictions(GeneralUtility::makeInstance(FrontendRestrictionContainer::class));
233 $row = $queryBuilder
234 ->select('*')
235 ->from($userTable)
236 ->where(
237 $queryBuilder->expr()->orX(
238 $queryBuilder->expr()->eq(
239 'email',
240 $queryBuilder->createNamedParameter($this->piVars['forgot_email'], \PDO::PARAM_STR)
241 ),
242 $queryBuilder->expr()->eq(
243 'username',
244 $queryBuilder->createNamedParameter($this->piVars['forgot_email'], \PDO::PARAM_STR)
245 )
246 ),
247 $queryBuilder->expr()->in(
248 'pid',
249 $queryBuilder->createNamedParameter(
250 GeneralUtility::intExplode(',', $this->spid),
251 Connection::PARAM_INT_ARRAY
252 )
253 )
254 )
255 ->execute()
256 ->fetch();
257
258 $error = null;
259 if ($row) {
260 // Generate an email with the hashed link
261 $error = $this->generateAndSendHash($row);
262 } elseif ($this->conf['exposeNonexistentUserInForgotPasswordDialog']) {
263 $error = $this->pi_getLL('ll_forgot_reset_message_error');
264 }
265 // Generate message
266 if ($error) {
267 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($error, $this->conf['forgotErrorMessage_stdWrap.']);
268 } else {
269 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap(
270 $this->pi_getLL('ll_forgot_reset_message_emailSent'),
271 $this->conf['forgotResetMessageEmailSentMessage_stdWrap.']
272 );
273 }
274 $subpartArray['###FORGOT_FORM###'] = '';
275 } else {
276 // Wrong email
277 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
278 $markerArray['###BACKLINK_LOGIN###'] = '';
279 }
280 } else {
281 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
282 $markerArray['###BACKLINK_LOGIN###'] = '';
283 }
284 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(htmlspecialchars($this->pi_getLL('ll_forgot_header_backToLogin')), []);
285 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('forgot_header', $this->conf['forgotHeader_stdWrap.']);
286 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('legend', $this->pi_getLL('reset_password')));
287 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [$this->prefixId . '[forgot]' => 1], true);
288 $markerArray['###EMAIL_LABEL###'] = htmlspecialchars($this->pi_getLL('your_email'));
289 $markerArray['###FORGOT_PASSWORD_ENTEREMAIL###'] = htmlspecialchars($this->pi_getLL('forgot_password_enterEmail'));
290 $markerArray['###FORGOT_EMAIL###'] = $this->prefixId . '[forgot_email]';
291 $markerArray['###SEND_PASSWORD###'] = htmlspecialchars($this->pi_getLL('reset_password'));
292 $markerArray['###DATA_LABEL###'] = htmlspecialchars($this->pi_getLL('ll_enter_your_data'));
293 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
294 // Generate hash
295 $hash = md5($this->generatePassword(3));
296 $markerArray['###FORGOTHASH###'] = $hash;
297 // Set hash in feuser session
298 $this->frontendController->fe_user->setKey('ses', 'forgot_hash', ['forgot_hash' => $hash]);
299 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
300 }
301
302 /**
303 * This function checks the hash from link and checks the validity. If it's valid it shows the form for
304 * changing the password and process the change of password after submit, if not valid it returns the error message
305 *
306 * @return string The content.
307 */
308 protected function changePassword()
309 {
310 $subpartArray = ($linkpartArray = []);
311 $done = false;
312 $minLength = (int)$this->conf['newPasswordMinLength'] ?: 6;
313 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_CHANGEPASSWORD###');
314 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('change_password_header', $this->conf['changePasswordHeader_stdWrap.']);
315 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
316 'change_password_message',
317 $this->conf['changePasswordMessage_stdWrap.']
318 ), $minLength);
319
320 $markerArray['###BACKLINK_LOGIN###'] = '';
321 $uid = $this->piVars['user'];
322 $piHash = $this->piVars['forgothash'];
323 $hash = explode('|', rawurldecode($piHash));
324 if ((int)$uid === 0) {
325 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
326 'change_password_notvalid_message',
327 $this->conf['changePasswordNotValidMessage_stdWrap.']
328 );
329 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
330 } else {
331 $user = $this->pi_getRecord('fe_users', (int)$uid);
332 $userHash = $user['felogin_forgotHash'];
333 $compareHash = explode('|', $userHash);
334 if (!$compareHash || !$compareHash[1] || $compareHash[0] < time() || $hash[0] != $compareHash[0] || md5($hash[1]) != $compareHash[1]) {
335 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
336 'change_password_notvalid_message',
337 $this->conf['changePasswordNotValidMessage_stdWrap.']
338 );
339 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
340 } else {
341 // All is fine, continue with new password
342 $postData = GeneralUtility::_POST($this->prefixId);
343 if (isset($postData['changepasswordsubmit'])) {
344 if (strlen($postData['password1']) < $minLength) {
345 $markerArray['###STATUS_MESSAGE###'] = sprintf(
346 $this->getDisplayText(
347 'change_password_tooshort_message',
348 $this->conf['changePasswordTooShortMessage_stdWrap.']
349 ),
350 $minLength
351 );
352 } elseif ($postData['password1'] != $postData['password2']) {
353 $markerArray['###STATUS_MESSAGE###'] = sprintf(
354 $this->getDisplayText(
355 'change_password_notequal_message',
356 $this->conf['changePasswordNotEqualMessage_stdWrap.']
357 ),
358 $minLength
359 );
360 } else {
361 // Hash password using configured salted passwords hash mechanism for FE
362 $hashInstance = GeneralUtility::makeInstance(PasswordHashFactory::class)->getDefaultHashInstance('FE');
363 $newPass = $hashInstance->getHashedPassword($postData['password1']);
364
365 // Call a hook for further password processing
366 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
367 $_params = [
368 'user' => $user,
369 'newPassword' => $newPass,
370 'newPasswordUnencrypted' => $postData['password1']
371 ];
372 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
373 if ($_funcRef) {
374 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
375 }
376 }
377 $newPass = $_params['newPassword'];
378 }
379
380 // Save new password and clear DB-hash
381 $userTable = $this->frontendController->fe_user->user_table;
382 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
383 $queryBuilder->getRestrictions()->removeAll();
384 $queryBuilder->update($userTable)
385 ->set('password', $newPass)
386 ->set('felogin_forgotHash', '')
387 ->set('tstamp', (int)$GLOBALS['EXEC_TIME'])
388 ->where(
389 $queryBuilder->expr()->eq(
390 'uid',
391 $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT)
392 )
393 )
394 ->execute();
395
396 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
397 'change_password_done_message',
398 $this->conf['changePasswordDoneMessage_stdWrap.']
399 );
400 $done = true;
401 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
402 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(
403 htmlspecialchars($this->pi_getLL('ll_forgot_header_backToLogin')),
404 [$this->prefixId . '[redirectReferrer]' => 'off']
405 );
406 }
407 }
408 if (!$done) {
409 // Change password form
410 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [
411 $this->prefixId . '[user]' => $user['uid'],
412 $this->prefixId . '[forgothash]' => $piHash
413 ], true);
414 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('change_password'));
415 $markerArray['###NEWPASSWORD1_LABEL###'] = htmlspecialchars($this->pi_getLL('newpassword_label1'));
416 $markerArray['###NEWPASSWORD2_LABEL###'] = htmlspecialchars($this->pi_getLL('newpassword_label2'));
417 $markerArray['###NEWPASSWORD1###'] = $this->prefixId . '[password1]';
418 $markerArray['###NEWPASSWORD2###'] = $this->prefixId . '[password2]';
419 $markerArray['###STORAGE_PID###'] = $this->spid;
420 $markerArray['###SEND_PASSWORD###'] = htmlspecialchars($this->pi_getLL('change_password'));
421 $markerArray['###FORGOTHASH###'] = $piHash;
422 }
423 }
424 }
425 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
426 }
427
428 /**
429 * Generates a hashed link and send it with email
430 *
431 * @param array $user Contains user data
432 * @return string Empty string with success, error message with no success
433 */
434 protected function generateAndSendHash($user)
435 {
436 $hours = (int)$this->conf['forgotLinkHashValidTime'] > 0 ? (int)$this->conf['forgotLinkHashValidTime'] : 24;
437 $validEnd = time() + 3600 * $hours;
438 $validEndString = date($this->conf['dateFormat'], $validEnd);
439 $hash = md5(GeneralUtility::makeInstance(Random::class)->generateRandomBytes(64));
440 $randHash = $validEnd . '|' . $hash;
441 $randHashDB = $validEnd . '|' . md5($hash);
442
443 // Write hash to DB
444 $userTable = $this->frontendController->fe_user->user_table;
445 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
446 $queryBuilder->getRestrictions()->removeAll();
447 $queryBuilder->update($userTable)
448 ->set('felogin_forgotHash', $randHashDB)
449 ->where(
450 $queryBuilder->expr()->eq(
451 'uid',
452 $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT)
453 )
454 )
455 ->execute();
456
457 // Send hashlink to user
458 $this->conf['linkPrefix'] = -1;
459 $isAbsRefPrefix = !empty($this->frontendController->absRefPrefix);
460 $isBaseURL = !empty($this->frontendController->baseUrl);
461 $isFeloginBaseURL = !empty($this->conf['feloginBaseURL']);
462 $link = $this->pi_getPageLink($this->frontendController->id, '', [
463 rawurlencode($this->prefixId . '[user]') => $user['uid'],
464 rawurlencode($this->prefixId . '[forgothash]') => $randHash
465 ]);
466 // Prefix link if necessary
467 if ($isFeloginBaseURL) {
468 // First priority, use specific base URL
469 // "absRefPrefix" must be removed first, otherwise URL will be prepended twice
470 if ($isAbsRefPrefix) {
471 $link = substr($link, strlen($this->frontendController->absRefPrefix));
472 }
473 $link = $this->conf['feloginBaseURL'] . $link;
474 } elseif ($isAbsRefPrefix) {
475 // Second priority
476 // absRefPrefix must not necessarily contain a hostname and URL scheme, so add it if needed
477 $link = GeneralUtility::locationHeaderUrl($link);
478 } elseif ($isBaseURL) {
479 // Third priority
480 // Add the global base URL to the link
481 $link = $this->frontendController->baseUrlWrap($link);
482 } else {
483 // No prefix is set, return the error
484 return $this->pi_getLL('ll_change_password_nolinkprefix_message');
485 }
486 $msg = sprintf($this->pi_getLL('ll_forgot_validate_reset_password'), $user['username'], $link, $validEndString);
487 // Add hook for extra processing of mail message
488 $params = [
489 'message' => &$msg,
490 'user' => &$user
491 ];
492 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'] ?? [] as $reference) {
493 if ($reference) {
494 GeneralUtility::callUserFunction($reference, $params, $this);
495 }
496 }
497 if ($user['email']) {
498 $this->cObj->sendNotifyEmail($msg, $user['email'], '', $this->conf['email_from'], $this->conf['email_fromName'], $this->conf['replyTo']);
499 }
500
501 return '';
502 }
503
504 /**
505 * Shows logout form
506 *
507 * @return string The content.
508 */
509 protected function showLogout()
510 {
511 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_LOGOUT###');
512 $subpartArray = ($linkpartArray = []);
513 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('status_header', $this->conf['logoutHeader_stdWrap.']);
514 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('status_message', $this->conf['logoutMessage_stdWrap.']);
515 $this->cObj->stdWrap($this->flexFormValue('message', 's_status'), $this->conf['logoutMessage_stdWrap.']);
516 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('logout'));
517 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [], true);
518 $markerArray['###LOGOUT_LABEL###'] = htmlspecialchars($this->pi_getLL('logout'));
519 $markerArray['###NAME###'] = htmlspecialchars($this->frontendController->fe_user->user['name']);
520 $markerArray['###STORAGE_PID###'] = $this->spid;
521 $markerArray['###USERNAME###'] = htmlspecialchars($this->frontendController->fe_user->user['username']);
522 $markerArray['###USERNAME_LABEL###'] = htmlspecialchars($this->pi_getLL('username'));
523 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
524 $markerArray['###PREFIXID###'] = $this->prefixId;
525 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
526 if ($this->redirectUrl) {
527 // Use redirectUrl for action tag because of possible access restricted pages
528 $markerArray['###ACTION_URI###'] = htmlspecialchars($this->redirectUrl);
529 $this->redirectUrl = '';
530 }
531 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
532 }
533
534 /**
535 * Shows login form
536 *
537 * @return string Content
538 */
539 protected function showLogin()
540 {
541 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_LOGIN###');
542 $subpartArray = ($linkpartArray = ($markerArray = []));
543 $gpRedirectUrl = '';
544 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('oLabel_header_welcome'));
545 if ($this->logintype === LoginType::LOGIN) {
546 if ($this->userIsLoggedIn) {
547 // login success
548 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('success_header', $this->conf['successHeader_stdWrap.']);
549 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('success_message', $this->conf['successMessage_stdWrap.']);
550 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
551 $subpartArray['###LOGIN_FORM###'] = '';
552 // Hook for general actions after after login has been confirmed (by Thomas Danzl <thomas@danzl.org>)
553 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed'] ?? [] as $_funcRef) {
554 $_params = [];
555 if ($_funcRef) {
556 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
557 }
558 }
559 // show logout form directly
560 if ($this->conf['showLogoutFormAfterLogin']) {
561 $this->redirectUrl = '';
562 return $this->showLogout();
563 }
564 } else {
565 // Hook for general actions on login error
566 $params = [];
567 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'] ?? [] as $funcRef) {
568 if ($funcRef) {
569 GeneralUtility::callUserFunction($funcRef, $params, $this);
570 }
571 }
572 // login error
573 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('error_header', $this->conf['errorHeader_stdWrap.']);
574 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('error_message', $this->conf['errorMessage_stdWrap.']);
575 $gpRedirectUrl = GeneralUtility::_GP('redirect_url');
576 }
577 } else {
578 if ($this->logintype === LoginType::LOGOUT) {
579 // login form after logout
580 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('logout_header', $this->conf['logoutHeader_stdWrap.']);
581 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('logout_message', $this->conf['logoutMessage_stdWrap.']);
582 } else {
583 // login form
584 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('welcome_header', $this->conf['welcomeHeader_stdWrap.']);
585 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('welcome_message', $this->conf['welcomeMessage_stdWrap.']);
586 }
587 }
588
589 // This hook allows to call User JS functions.
590 // The methods should also set the required JS functions to get included
591 $onSubmit = '';
592 $extraHidden = '';
593 $onSubmitAr = [];
594 $extraHiddenAr = [];
595 // Check for referer redirect method. if present, save referer in form field
596 if (GeneralUtility::inList($this->conf['redirectMode'], 'referer') || GeneralUtility::inList($this->conf['redirectMode'], 'refererDomains')) {
597 $referer = $this->referer ? $this->referer : GeneralUtility::getIndpEnv('HTTP_REFERER');
598 if ($referer) {
599 $extraHiddenAr[] = '<input type="hidden" name="referer" value="' . htmlspecialchars($referer) . '" />';
600 if ($this->piVars['redirectReferrer'] === 'off') {
601 $extraHiddenAr[] = '<input type="hidden" name="' . $this->prefixId . '[redirectReferrer]" value="off" />';
602 }
603 }
604 }
605 $_params = [];
606 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] ?? [] as $funcRef) {
607 list($onSub, $hid) = GeneralUtility::callUserFunction($funcRef, $_params, $this);
608 $onSubmitAr[] = $onSub;
609 $extraHiddenAr[] = $hid;
610 }
611 if (!empty($onSubmitAr)) {
612 $onSubmit = implode('; ', $onSubmitAr) . '; return true;';
613 }
614 if (!empty($extraHiddenAr)) {
615 $extraHidden = implode(LF, $extraHiddenAr);
616 }
617 if (!$gpRedirectUrl && $this->redirectUrl) {
618 $gpRedirectUrl = $this->redirectUrl;
619 }
620 // Login form
621 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [], true);
622 // Used by kb_md5fepw extension...
623 $markerArray['###EXTRA_HIDDEN###'] = $extraHidden;
624 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('login'));
625 $markerArray['###LOGIN_LABEL###'] = htmlspecialchars($this->pi_getLL('login'));
626 // Used by kb_md5fepw extension...
627 $markerArray['###ON_SUBMIT###'] = $onSubmit;
628 $markerArray['###PASSWORD_LABEL###'] = htmlspecialchars($this->pi_getLL('password'));
629 $markerArray['###STORAGE_PID###'] = $this->spid;
630 $markerArray['###USERNAME_LABEL###'] = htmlspecialchars($this->pi_getLL('username'));
631 $markerArray['###REDIRECT_URL###'] = htmlspecialchars($gpRedirectUrl);
632 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
633 $markerArray['###PREFIXID###'] = $this->prefixId;
634 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
635 if ($this->conf['showForgotPasswordLink']) {
636 $linkpartArray['###FORGOT_PASSWORD_LINK###'] = explode('|', $this->getPageLink('|', [$this->prefixId . '[forgot]' => 1]));
637 $markerArray['###FORGOT_PASSWORD###'] = htmlspecialchars($this->pi_getLL('ll_forgot_header'));
638 } else {
639 $subpartArray['###FORGOTP_VALID###'] = '';
640 }
641 // The permanent login checkbox should only be shown if permalogin is not deactivated (-1),
642 // not forced to be always active (2) and lifetime is greater than 0
643 $permalogin = (int)$GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'];
644 if (
645 $this->conf['showPermaLogin']
646 && ($permalogin === 0 || $permalogin === 1)
647 && $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'] > 0
648 ) {
649 $markerArray['###PERMALOGIN###'] = htmlspecialchars($this->pi_getLL('permalogin'));
650 if ($permalogin === 1) {
651 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = 'disabled="disabled"';
652 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = 'checked="checked"';
653 } else {
654 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = '';
655 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = '';
656 }
657 } else {
658 $subpartArray['###PERMALOGIN_VALID###'] = '';
659 }
660 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
661 }
662
663 /**
664 * Process redirect methods. The function searches for a redirect url using all configured methods.
665 *
666 * @return array Redirect URLs
667 */
668 protected function processRedirect()
669 {
670 $redirect_url = [];
671 if ($this->conf['redirectMode']) {
672 $redirectMethods = GeneralUtility::trimExplode(',', $this->conf['redirectMode'], true);
673 foreach ($redirectMethods as $redirMethod) {
674 if ($this->userIsLoggedIn && $this->logintype === LoginType::LOGIN) {
675 // Logintype is needed because the login-page wouldn't be accessible anymore after a login (would always redirect)
676 switch ($redirMethod) {
677 case 'groupLogin':
678 // taken from dkd_redirect_at_login written by Ingmar Schlecht; database-field changed
679 $groupData = $this->frontendController->fe_user->groupData;
680 if (!empty($groupData['uid'])) {
681
682 // take the first group with a redirect page
683 $userGroupTable = $this->frontendController->fe_user->usergroup_table;
684 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userGroupTable);
685 $queryBuilder->getRestrictions()->removeAll();
686 $row = $queryBuilder
687 ->select('felogin_redirectPid')
688 ->from($userGroupTable)
689 ->where(
690 $queryBuilder->expr()->neq(
691 'felogin_redirectPid',
692 $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)
693 ),
694 $queryBuilder->expr()->in(
695 'uid',
696 $queryBuilder->createNamedParameter(
697 $groupData['uid'],
698 Connection::PARAM_INT_ARRAY
699 )
700 )
701 )
702 ->execute()
703 ->fetch();
704
705 if ($row) {
706 $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
707 }
708 }
709 break;
710 case 'userLogin':
711
712 $userTable = $this->frontendController->fe_user->user_table;
713 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
714 $queryBuilder->getRestrictions()->removeAll();
715 $row = $queryBuilder
716 ->select('felogin_redirectPid')
717 ->from($userTable)
718 ->where(
719 $queryBuilder->expr()->neq(
720 'felogin_redirectPid',
721 $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)
722 ),
723 $queryBuilder->expr()->eq(
724 $this->frontendController->fe_user->userid_column,
725 $queryBuilder->createNamedParameter(
726 $this->frontendController->fe_user->user['uid'],
727 \PDO::PARAM_INT
728 )
729 )
730 )
731 ->execute()
732 ->fetch();
733
734 if ($row) {
735 $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
736 }
737
738 break;
739 case 'login':
740 if ($this->conf['redirectPageLogin']) {
741 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogin']);
742 }
743 break;
744 case 'getpost':
745 $redirect_url[] = $this->redirectUrl;
746 break;
747 case 'referer':
748 // Avoid redirect when logging in after changing password
749 if ($this->piVars['redirectReferrer'] !== 'off') {
750 // Avoid forced logout, when trying to login immediately after a logout
751 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $this->referer);
752 }
753 break;
754 case 'refererDomains':
755 // Auto redirect.
756 // Feature to redirect to the page where the user came from (HTTP_REFERER).
757 // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
758 // Thanks to plan2.net / Martin Kutschker for implementing this feature.
759 // also avoid redirect when logging in after changing password
760 if (isset($this->conf['domains']) && $this->conf['domains']
761 && (!isset($this->piVars['redirectReferrer']) || $this->piVars['redirectReferrer'] !== 'off')
762 ) {
763 $url = $this->referer;
764 // Is referring url allowed to redirect?
765 $match = [];
766 if (preg_match('#^http://([[:alnum:]._-]+)/#', $url, $match)) {
767 $redirect_domain = $match[1];
768 $found = false;
769 foreach (GeneralUtility::trimExplode(',', $this->conf['domains'], true) as $d) {
770 if (preg_match('/(?:^|\\.)' . $d . '$/', $redirect_domain)) {
771 $found = true;
772 break;
773 }
774 }
775 if (!$found) {
776 $url = '';
777 }
778 }
779 // Avoid forced logout, when trying to login immediately after a logout
780 if ($url) {
781 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url);
782 }
783 }
784 break;
785 }
786 } elseif ($this->logintype === LoginType::LOGIN) {
787 // after login-error
788 switch ($redirMethod) {
789 case 'loginError':
790 if ($this->conf['redirectPageLoginError']) {
791 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLoginError']);
792 }
793 break;
794 }
795 } elseif ($this->logintype == '' && $redirMethod === 'login' && $this->conf['redirectPageLogin']) {
796 // If login and page not accessible
797 $this->cObj->typoLink('', [
798 'parameter' => $this->conf['redirectPageLogin'],
799 'linkAccessRestrictedPages' => true
800 ]);
801 $redirect_url[] = $this->cObj->lastTypoLinkUrl;
802 } elseif ($this->logintype == '' && $redirMethod === 'logout' && $this->conf['redirectPageLogout'] && $this->userIsLoggedIn) {
803 // If logout and page not accessible
804 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
805 } elseif ($this->logintype === LoginType::LOGOUT) {
806 // after logout
807 // Hook for general actions after after logout has been confirmed
808 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed'] ?? [] as $_funcRef) {
809 $_params = [];
810 if ($_funcRef) {
811 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
812 }
813 }
814 switch ($redirMethod) {
815 case 'logout':
816 if ($this->conf['redirectPageLogout']) {
817 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
818 }
819 break;
820 }
821 } else {
822 // not logged in
823 // Placeholder for maybe future options
824 switch ($redirMethod) {
825 case 'getpost':
826 // Preserve the get/post value
827 $redirect_url[] = $this->redirectUrl;
828 break;
829 }
830 }
831 }
832 }
833 // Remove empty values, but keep "0" as value (that's why "strlen" is used as second parameter)
834 if (!empty($redirect_url)) {
835 return array_filter($redirect_url, 'strlen');
836 }
837 return [];
838 }
839
840 /**
841 * Reads flexform configuration and merge it with $this->conf
842 */
843 protected function mergeflexFormValuesIntoConf()
844 {
845 $flex = [];
846 if ($this->flexFormValue('showForgotPassword', 'sDEF')) {
847 $flex['showForgotPasswordLink'] = $this->flexFormValue('showForgotPassword', 'sDEF');
848 }
849 if ($this->flexFormValue('showPermaLogin', 'sDEF')) {
850 $flex['showPermaLogin'] = $this->flexFormValue('showPermaLogin', 'sDEF');
851 }
852 if ($this->flexFormValue('showLogoutFormAfterLogin', 'sDEF')) {
853 $flex['showLogoutFormAfterLogin'] = $this->flexFormValue('showLogoutFormAfterLogin', 'sDEF');
854 }
855 if ($this->flexFormValue('pages', 'sDEF')) {
856 $flex['pages'] = $this->flexFormValue('pages', 'sDEF');
857 }
858 if ($this->flexFormValue('recursive', 'sDEF')) {
859 $flex['recursive'] = $this->flexFormValue('recursive', 'sDEF');
860 }
861 if ($this->flexFormValue('redirectMode', 's_redirect')) {
862 $flex['redirectMode'] = $this->flexFormValue('redirectMode', 's_redirect');
863 }
864 if ($this->flexFormValue('redirectFirstMethod', 's_redirect')) {
865 $flex['redirectFirstMethod'] = $this->flexFormValue('redirectFirstMethod', 's_redirect');
866 }
867 if ($this->flexFormValue('redirectDisable', 's_redirect')) {
868 $flex['redirectDisable'] = $this->flexFormValue('redirectDisable', 's_redirect');
869 }
870 if ($this->flexFormValue('redirectPageLogin', 's_redirect')) {
871 $flex['redirectPageLogin'] = $this->flexFormValue('redirectPageLogin', 's_redirect');
872 }
873 if ($this->flexFormValue('redirectPageLoginError', 's_redirect')) {
874 $flex['redirectPageLoginError'] = $this->flexFormValue('redirectPageLoginError', 's_redirect');
875 }
876 if ($this->flexFormValue('redirectPageLogout', 's_redirect')) {
877 $flex['redirectPageLogout'] = $this->flexFormValue('redirectPageLogout', 's_redirect');
878 }
879 $pid = $flex['pages'] ? $this->pi_getPidList($flex['pages'], $flex['recursive']) : 0;
880 if ($pid > 0) {
881 $flex['storagePid'] = $pid;
882 }
883 $this->conf = array_merge($this->conf, $flex);
884 }
885
886 /**
887 * Loads a variable from the flexform
888 *
889 * @param string $var Name of variable
890 * @param string $sheet Name of sheet
891 * @return string Value of var
892 */
893 protected function flexFormValue($var, $sheet)
894 {
895 return $this->pi_getFFvalue($this->cObj->data['pi_flexform'], $var, $sheet);
896 }
897
898 /**
899 * Generate link with typolink function
900 *
901 * @param string $label Linktext
902 * @param array $piVars Link vars
903 * @param bool $returnUrl TRUE: returns only url FALSE (default) returns the link)
904 * @return string Link or url
905 */
906 protected function getPageLink($label, $piVars, $returnUrl = false)
907 {
908 $additionalParams = '';
909 if (!empty($piVars)) {
910 foreach ($piVars as $key => $val) {
911 $additionalParams .= '&' . $key . '=' . $val;
912 }
913 }
914 // Should GETvars be preserved?
915 if ($this->conf['preserveGETvars']) {
916 $additionalParams .= $this->getPreserveGetVars();
917 }
918 $this->conf['linkConfig.']['parameter'] = $this->frontendController->id;
919 if ($additionalParams) {
920 $this->conf['linkConfig.']['additionalParams'] = $additionalParams;
921 }
922 if ($returnUrl) {
923 return htmlspecialchars($this->cObj->typoLink_URL($this->conf['linkConfig.']));
924 }
925 return $this->cObj->typoLink($label, $this->conf['linkConfig.']);
926 }
927
928 /**
929 * Add additional parameters for links according to TS setting preserveGETvars.
930 * Possible values are "all" or a comma separated list of allowed GET-vars.
931 * Supports multi-dimensional GET-vars.
932 * Some hardcoded values are dropped.
933 *
934 * @return string additionalParams-string
935 */
936 protected function getPreserveGetVars()
937 {
938 $getVars = GeneralUtility::_GET();
939 unset(
940 $getVars['id'],
941 $getVars['no_cache'],
942 $getVars['logintype'],
943 $getVars['redirect_url'],
944 $getVars['cHash'],
945 $getVars[$this->prefixId]
946 );
947 if ($this->conf['preserveGETvars'] === 'all') {
948 $preserveQueryParts = $getVars;
949 } else {
950 $preserveQueryStringProperties = GeneralUtility::trimExplode(',', $this->conf['preserveGETvars']);
951 $preserveQueryParts = [];
952 parse_str(implode('=1&', $preserveQueryStringProperties) . '=1', $preserveQueryParts);
953 $preserveQueryParts = \TYPO3\CMS\Core\Utility\ArrayUtility::intersectRecursive($getVars, $preserveQueryParts);
954 }
955 $parameters = GeneralUtility::implodeArrayForUrl('', $preserveQueryParts);
956 return $parameters;
957 }
958
959 /**
960 * Is used by forgot password - function with md5 option.
961 * @param int $len Length of new password
962 * @return string New password
963 */
964 protected function generatePassword($len)
965 {
966 $pass = '';
967 while ($len--) {
968 $char = rand(0, 35);
969 if ($char < 10) {
970 $pass .= '' . $char;
971 } else {
972 $pass .= chr($char - 10 + 97);
973 }
974 }
975 return $pass;
976 }
977
978 /**
979 * Returns the header / message value from flexform if present, else from locallang.xlf
980 *
981 * @param string $label label name
982 * @param array $stdWrapArray TS stdWrap array
983 * @return string label text
984 */
985 protected function getDisplayText($label, $stdWrapArray = [])
986 {
987 $text = $this->flexFormValue($label, 's_messages') ? $this->cObj->stdWrap($this->flexFormValue($label, 's_messages'), $stdWrapArray) : $this->cObj->stdWrap($this->pi_getLL('ll_' . $label), $stdWrapArray);
988 $replace = $this->getUserFieldMarkers();
989 return strtr($text, $replace);
990 }
991
992 /**
993 * Returns Array of markers filled with user fields
994 *
995 * @return array Marker array
996 */
997 protected function getUserFieldMarkers()
998 {
999 $marker = [];
1000 // replace markers with fe_user data
1001 if ($this->frontendController->fe_user->user) {
1002 // All fields of fe_user will be replaced, scheme is ###FEUSER_FIELDNAME###
1003 foreach ($this->frontendController->fe_user->user as $field => $value) {
1004 $marker['###FEUSER_' . strtoupper($field) . '###'] = $this->cObj->stdWrap($value, $this->conf['userfields.'][$field . '.']);
1005 }
1006 // Add ###USER### for compatibility
1007 $marker['###USER###'] = $marker['###FEUSER_USERNAME###'];
1008 }
1009 return $marker;
1010 }
1011
1012 /**
1013 * Returns a valid and XSS cleaned url for redirect, checked against configuration "allowedRedirectHosts"
1014 *
1015 * @param string $url
1016 * @return string cleaned referer or empty string if not valid
1017 */
1018 protected function validateRedirectUrl($url)
1019 {
1020 $url = strval($url);
1021 if ($url === '') {
1022 return '';
1023 }
1024 // Validate the URL:
1025 if ($this->isRelativeUrl($url) || $this->isInCurrentDomain($url) || $this->isInLocalDomain($url)) {
1026 return $url;
1027 }
1028 // URL is not allowed
1029 $this->logger->warning('Url "' . $url . '" for redirect was not accepted!');
1030 return '';
1031 }
1032
1033 /**
1034 * Determines whether the URL is on the current host and belongs to the
1035 * current TYPO3 installation. The scheme part is ignored in the comparison.
1036 *
1037 * @param string $url URL to be checked
1038 * @return bool Whether the URL belongs to the current TYPO3 installation
1039 */
1040 protected function isInCurrentDomain($url)
1041 {
1042 $urlWithoutSchema = preg_replace('#^https?://#', '', $url);
1043 $siteUrlWithoutSchema = preg_replace('#^https?://#', '', GeneralUtility::getIndpEnv('TYPO3_SITE_URL'));
1044 return strpos($urlWithoutSchema . '/', GeneralUtility::getIndpEnv('HTTP_HOST') . '/') === 0
1045 && strpos($urlWithoutSchema, $siteUrlWithoutSchema) === 0;
1046 }
1047
1048 /**
1049 * Determines whether the URL matches a domain
1050 * in the sys_domain database table.
1051 *
1052 * @param string $url Absolute URL which needs to be checked
1053 * @return bool Whether the URL is considered to be local
1054 */
1055 protected function isInLocalDomain($url)
1056 {
1057 $result = false;
1058 if (GeneralUtility::isValidUrl($url)) {
1059 $parsedUrl = parse_url($url);
1060 if ($parsedUrl['scheme'] === 'http' || $parsedUrl['scheme'] === 'https') {
1061 $host = $parsedUrl['host'];
1062
1063 try {
1064 $site = $this->siteFinder->getSiteByPageId((int)$this->frontendController->id);
1065 return $site->getBase()->getHost() === $host;
1066 } catch (SiteNotFoundException $e) {
1067
1068 // Removes the last path segment and slash sequences like /// (if given):
1069 $path = preg_replace('#/+[^/]*$#', '', $parsedUrl['path'] ?? '');
1070
1071 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('sys_domain');
1072 $queryBuilder->setRestrictions(GeneralUtility::makeInstance(FrontendRestrictionContainer::class));
1073 $localDomains = $queryBuilder->select('domainName')
1074 ->from('sys_domain')
1075 ->execute()
1076 ->fetchAll();
1077
1078 if (is_array($localDomains)) {
1079 foreach ($localDomains as $localDomain) {
1080 // strip trailing slashes (if given)
1081 $domainName = rtrim($localDomain['domainName'], '/');
1082 if (GeneralUtility::isFirstPartOfStr($host . $path . '/', $domainName . '/')) {
1083 $result = true;
1084 break;
1085 }
1086 }
1087 }
1088 }
1089 }
1090 }
1091
1092 return $result;
1093 }
1094
1095 /**
1096 * Determines whether the URL is relative to the
1097 * current TYPO3 installation.
1098 *
1099 * @param string $url URL which needs to be checked
1100 * @return bool Whether the URL is considered to be relative
1101 */
1102 protected function isRelativeUrl($url)
1103 {
1104 $url = GeneralUtility::sanitizeLocalUrl($url);
1105 if (!empty($url)) {
1106 $parsedUrl = @parse_url($url);
1107 if ($parsedUrl !== false && !isset($parsedUrl['scheme']) && !isset($parsedUrl['host'])) {
1108 // If the relative URL starts with a slash, we need to check if it's within the current site path
1109 return $parsedUrl['path'][0] !== '/' || GeneralUtility::isFirstPartOfStr($parsedUrl['path'], GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'));
1110 }
1111 }
1112 return false;
1113 }
1114 }