typo3/sysext/sv/class.tx_sv_loginformhook.php

   1 <?php
   2 /***************************************************************
   3 *  Copyright notice
   4 *
   5 *  (c) 2009-2011 Dmitry Dulepov <dmitry@typo3.org>
   6 *  All rights reserved
   7 *
   8 *  This script is part of the TYPO3 project. The TYPO3 project is
   9 *  free software; you can redistribute it and/or modify
  10 *  it under the terms of the GNU General Public License as published by
  11 *  the Free Software Foundation; either version 2 of the License, or
  12 *  (at your option) any later version.
  13 *
  14 *  The GNU General Public License can be found at
  15 *  http://www.gnu.org/copyleft/gpl.html.
  16 *
  17 *  This script is distributed in the hope that it will be useful,
  18 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  19 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  20 *  GNU General Public License for more details.
  21 *
  22 *  This copyright notice MUST APPEAR in all copies of the script!
  23 ***************************************************************/
  24
  25
  26 /**
  27  * This class contains a BE login form hook. It adds all necessary JavaScript
  28  * for the superchallenged authentication.
  29  *
  30  * @author      Dmitry Dulepov <dmitry@typo3.org>
  31  * @package     TYPO3
  32  * @subpackage  tx_sv
  33  */
  34 class tx_sv_loginformhook {
  35
  36         /**
  37          * Provides form code for the superchallenged authentication.
  38          *
  39          * @param       array   $params Parameters to the script
  40          * @param       SC_index        $pObj   Calling object
  41          * @return      string  The code for the login form
  42          */
  43         public function getLoginFormTag(array $params, SC_index &$pObj) {
  44                 // Get the code according to the login level
  45                 switch ($pObj->loginSecurityLevel) {
  46                         case 'challenged':
  47                         case 'superchallenged':
  48                                 $_SESSION['login_challenge'] = $this->getChallenge();
  49                                 $content = '<form action="index.php" method="post" name="loginform" ' .
  50                                         'onsubmit="doChallengeResponse(' .
  51                                         ($pObj->loginSecurityLevel == 'challenged' ? 0 : 1) . ');">' .
  52                                         '<input type="hidden" name="challenge" value="' .
  53                                         htmlspecialchars($_SESSION['login_challenge']) . '" />';
  54                                 break;
  55                         case 'normal':
  56                                 $content = '<form action="index.php" method="post" name="loginform" onsubmit="document.loginform.userident.value=document.loginform.p_field.value;document.loginform.p_field.value=\'\';return true;">';
  57                                 break;
  58                         default:
  59                                 // No code for unknown level!
  60                                 $content = '';
  61                 }
  62
  63                 return $content;
  64         }
  65
  66         /**
  67          * Provides form code for the superchallenged authentication.
  68          *
  69          * @param       array   $params Parameters to the script
  70          * @param       SC_index        $pObj   Calling object
  71          * @return      string  The code for the login form
  72          */
  73         public function getLoginScripts(array $params, SC_index &$pObj) {
  74                 $content = '';
  75
  76                 if ($pObj->loginSecurityLevel == 'superchallenged' ||
  77                                 $pObj->loginSecurityLevel == 'challenged') {
  78                         $content = '
  79                                 <script type="text/javascript" src="md5.js"></script>
  80                                 ' . $GLOBALS['TBE_TEMPLATE']->wrapScriptTags('
  81                                         function doChallengeResponse(superchallenged) { //
  82                                                 password = document.loginform.p_field.value;
  83                                                 if (password)   {
  84                                                         if (superchallenged)    {
  85                                                                 password = MD5(password);       // this makes it superchallenged!!
  86                                                         }
  87                                                         str = document.loginform.username.value+":"+password+":"+document.loginform.challenge.value;
  88                                                         document.loginform.userident.value = MD5(str);
  89                                                         document.loginform.p_field.value = "";
  90                                                         return true;
  91                                                 }
  92                                         }
  93                                         ');
  94                 }
  95
  96                 return $content;
  97         }
  98
  99
 100         /**
 101          * Create a random challenge string
 102          *
 103          * @return      string          Challenge value
 104          */
 105         protected function getChallenge()       {
 106                 $challenge = md5(uniqid('') . getmypid());
 107                 return $challenge;
 108         }
 109
 110 }
 111
 112 if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/sv/class.tx_sv_loginformhook.php'])) {
 113         include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/sv/class.tx_sv_loginformhook.php']);
 114 }
 115
 116 ?>