89b2a31985e6c15fbca0c72bc2892999e13ba8ec
[Packages/TYPO3.CMS.git] / typo3 / sysext / felogin / Classes / Controller / FrontendLoginController.php
1 <?php
2 namespace TYPO3\CMS\Felogin\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Authentication\LoginType;
18 use TYPO3\CMS\Core\Context\Context;
19 use TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
20 use TYPO3\CMS\Core\Crypto\Random;
21 use TYPO3\CMS\Core\Database\Connection;
22 use TYPO3\CMS\Core\Database\ConnectionPool;
23 use TYPO3\CMS\Core\Database\Query\Restriction\FrontendRestrictionContainer;
24 use TYPO3\CMS\Core\Site\SiteFinder;
25 use TYPO3\CMS\Core\Utility\GeneralUtility;
26 use TYPO3\CMS\Core\Utility\HttpUtility;
27 use TYPO3\CMS\Felogin\Validation\RedirectUrlValidator;
28 use TYPO3\CMS\Frontend\Plugin\AbstractPlugin;
29
30 /**
31 * Plugin 'Website User Login' for the 'felogin' extension.
32 *
33 * @internal this is a concrete TYPO3 implementation and solely used for EXT:felogin and not part of TYPO3's Core API.
34 */
35 class FrontendLoginController extends AbstractPlugin
36 {
37 /**
38 * Same as class name
39 *
40 * @var string
41 */
42 public $prefixId = 'tx_felogin_pi1';
43
44 /**
45 * The extension key.
46 *
47 * @var string
48 */
49 public $extKey = 'felogin';
50
51 /**
52 * @var bool
53 */
54 public $pi_checkCHash = false;
55
56 /**
57 * @var bool
58 */
59 public $pi_USER_INT_obj = true;
60
61 /**
62 * Is user logged in?
63 *
64 * @var bool
65 */
66 protected $userIsLoggedIn;
67
68 /**
69 * Holds the template for FE rendering
70 *
71 * @var string
72 */
73 protected $template;
74
75 /**
76 * URL for the redirect
77 *
78 * @var string
79 */
80 protected $redirectUrl;
81
82 /**
83 * Flag for disable the redirect
84 *
85 * @var bool
86 */
87 protected $noRedirect = false;
88
89 /**
90 * Logintype (given as GPvar), possible: login, logout
91 *
92 * @var string
93 */
94 protected $logintype;
95
96 /**
97 * A list of page UIDs, either an integer or a comma-separated list of integers
98 *
99 * @var string
100 */
101 public $spid;
102
103 /**
104 * Referrer
105 *
106 * @var string
107 */
108 public $referer;
109
110 /**
111 * @var RedirectUrlValidator
112 */
113 protected $urlValidator;
114
115 /**
116 * The main method of the plugin
117 *
118 * @param string $content The PlugIn content
119 * @param array $conf The PlugIn configuration
120 * @return string The content that is displayed on the website
121 * @throws \RuntimeException when no storage PID was configured.
122 */
123 public function main($content, $conf)
124 {
125 $this->urlValidator = GeneralUtility::makeInstance(
126 RedirectUrlValidator::class,
127 GeneralUtility::makeInstance(SiteFinder::class),
128 (int)$this->frontendController->id
129 );
130
131 // Loading TypoScript array into object variable:
132 $this->conf = $conf;
133 // Loading default pivars
134 $this->pi_setPiVarDefaults();
135 // Loading language-labels
136 $this->pi_loadLL('EXT:felogin/Resources/Private/Language/locallang.xlf');
137 // Init FlexForm configuration for plugin:
138 $this->pi_initPIflexForm();
139 $this->mergeflexFormValuesIntoConf();
140 // Get storage PIDs:
141 if ($this->conf['storagePid']) {
142 if ((int)$this->conf['recursive']) {
143 $this->spid = $this->pi_getPidList($this->conf['storagePid'], (int)$this->conf['recursive']);
144 } else {
145 $this->spid = $this->conf['storagePid'];
146 }
147 } else {
148 throw new \RuntimeException('No storage folder (option storagePid) for frontend users given.', 1450904202);
149 }
150 // GPvars:
151 $this->logintype = GeneralUtility::_GP('logintype');
152
153 if ($this->urlValidator->isValid(GeneralUtility::_GP('referer'))) {
154 $this->referer = GeneralUtility::_GP('referer');
155 } else {
156 $this->referer = '';
157 }
158 $this->noRedirect = $this->piVars['noredirect'] || $this->conf['redirectDisable'];
159 // If config.typolinkLinkAccessRestrictedPages is set, the var is return_url
160 $this->redirectUrl = GeneralUtility::_GP('return_url') ?: GeneralUtility::_GP('redirect_url');
161 $this->redirectUrl = $this->urlValidator->isValid($this->redirectUrl) ? $this->redirectUrl : '';
162 // Get Template
163 $templateFile = $this->conf['templateFile'] ?: 'EXT:felogin/Resources/Private/Templates/FrontendLogin.html';
164 $template = GeneralUtility::getFileAbsFileName($templateFile);
165 if ($template !== '' && file_exists($template)) {
166 $this->template = file_get_contents($template);
167 }
168 // Is user logged in?
169 $this->userIsLoggedIn = GeneralUtility::makeInstance(Context::class)->getPropertyFromAspect('frontend.user', 'isLoggedIn');
170 // Redirect
171 if ($this->conf['redirectMode'] && !$this->conf['redirectDisable'] && !$this->noRedirect) {
172 $redirectUrl = $this->processRedirect();
173 if (!empty($redirectUrl)) {
174 $this->redirectUrl = $this->conf['redirectFirstMethod'] ? array_shift($redirectUrl) : array_pop($redirectUrl);
175 } else {
176 $this->redirectUrl = '';
177 }
178 }
179 // What to display
180 $content = '';
181 if ($this->piVars['forgot'] && $this->conf['showForgotPasswordLink']) {
182 $content .= $this->showForgot();
183 } elseif ($this->piVars['forgothash']) {
184 $content .= $this->changePassword();
185 } else {
186 if ($this->userIsLoggedIn && !$this->logintype) {
187 $content .= $this->showLogout();
188 } else {
189 $content .= $this->showLogin();
190 }
191 }
192 // Process the redirect
193 if (($this->logintype === LoginType::LOGIN || $this->logintype === LoginType::LOGOUT) && $this->redirectUrl && !$this->noRedirect) {
194 if (!$this->frontendController->fe_user->isCookieSet() && $this->userIsLoggedIn) {
195 $content .= $this->cObj->stdWrap($this->pi_getLL('cookie_warning'), $this->conf['cookieWarning_stdWrap.']);
196 } else {
197 // Add hook for extra processing before redirect
198 $_params = [
199 'loginType' => $this->logintype,
200 'redirectUrl' => &$this->redirectUrl
201 ];
202 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'] ?? [] as $_funcRef) {
203 if ($_funcRef) {
204 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
205 }
206 }
207 \TYPO3\CMS\Core\Utility\HttpUtility::redirect($this->redirectUrl);
208 }
209 }
210 // Adds hook for processing of extra item markers / special
211 $_params = [
212 'content' => $content
213 ];
214 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'] ?? [] as $_funcRef) {
215 $content = GeneralUtility::callUserFunction($_funcRef, $_params, $this);
216 }
217 return $this->conf['wrapContentInBaseClass'] ? $this->pi_wrapInBaseClass($content) : $content;
218 }
219
220 /**
221 * Shows the forgot password form
222 *
223 * @return string Content
224 */
225 protected function showForgot()
226 {
227 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_FORGOT###');
228 $subpartArray = ($linkpartArray = []);
229 $postData = GeneralUtility::_POST($this->prefixId);
230 if ($postData['forgot_email']) {
231 // Get hashes for compare
232 $postedHash = $postData['forgot_hash'];
233 $hashData = $this->frontendController->fe_user->getKey('ses', 'forgot_hash');
234 if ($postedHash === $hashData['forgot_hash']) {
235 $userTable = $this->frontendController->fe_user->user_table;
236 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
237 $queryBuilder->setRestrictions(GeneralUtility::makeInstance(FrontendRestrictionContainer::class));
238 $row = $queryBuilder
239 ->select('*')
240 ->from($userTable)
241 ->where(
242 $queryBuilder->expr()->orX(
243 $queryBuilder->expr()->eq(
244 'email',
245 $queryBuilder->createNamedParameter($this->piVars['forgot_email'], \PDO::PARAM_STR)
246 ),
247 $queryBuilder->expr()->eq(
248 'username',
249 $queryBuilder->createNamedParameter($this->piVars['forgot_email'], \PDO::PARAM_STR)
250 )
251 ),
252 $queryBuilder->expr()->in(
253 'pid',
254 $queryBuilder->createNamedParameter(
255 GeneralUtility::intExplode(',', $this->spid),
256 Connection::PARAM_INT_ARRAY
257 )
258 )
259 )
260 ->execute()
261 ->fetch();
262
263 $error = null;
264 if ($row) {
265 // Generate an email with the hashed link
266 $error = $this->generateAndSendHash($row);
267 } elseif ($this->conf['exposeNonexistentUserInForgotPasswordDialog']) {
268 $error = $this->pi_getLL('ll_forgot_reset_message_error');
269 }
270 // Generate message
271 if ($error) {
272 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($error, $this->conf['forgotErrorMessage_stdWrap.']);
273 } else {
274 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap(
275 $this->pi_getLL('ll_forgot_reset_message_emailSent'),
276 $this->conf['forgotResetMessageEmailSentMessage_stdWrap.']
277 );
278 }
279 $subpartArray['###FORGOT_FORM###'] = '';
280 } else {
281 // Wrong email
282 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
283 $markerArray['###BACKLINK_LOGIN###'] = '';
284 }
285 } else {
286 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
287 $markerArray['###BACKLINK_LOGIN###'] = '';
288 }
289 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(htmlspecialchars($this->pi_getLL('ll_forgot_header_backToLogin')), []);
290 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('forgot_header', $this->conf['forgotHeader_stdWrap.']);
291 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('legend', $this->pi_getLL('reset_password')));
292 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [$this->prefixId . '[forgot]' => 1], true);
293 $markerArray['###EMAIL_LABEL###'] = htmlspecialchars($this->pi_getLL('your_email'));
294 $markerArray['###FORGOT_PASSWORD_ENTEREMAIL###'] = htmlspecialchars($this->pi_getLL('forgot_password_enterEmail'));
295 $markerArray['###FORGOT_EMAIL###'] = $this->prefixId . '[forgot_email]';
296 $markerArray['###SEND_PASSWORD###'] = htmlspecialchars($this->pi_getLL('reset_password'));
297 $markerArray['###DATA_LABEL###'] = htmlspecialchars($this->pi_getLL('ll_enter_your_data'));
298 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
299 // Generate hash
300 $hash = md5($this->generatePassword(3));
301 $markerArray['###FORGOTHASH###'] = $hash;
302 // Set hash in feuser session
303 $this->frontendController->fe_user->setKey('ses', 'forgot_hash', ['forgot_hash' => $hash]);
304 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
305 }
306
307 /**
308 * This function checks the hash from link and checks the validity. If it's valid it shows the form for
309 * changing the password and process the change of password after submit, if not valid it returns the error message
310 *
311 * @return string The content.
312 */
313 protected function changePassword()
314 {
315 $subpartArray = ($linkpartArray = []);
316 $done = false;
317 $minLength = (int)$this->conf['newPasswordMinLength'] ?: 6;
318 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_CHANGEPASSWORD###');
319 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('change_password_header', $this->conf['changePasswordHeader_stdWrap.']);
320 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
321 'change_password_message',
322 $this->conf['changePasswordMessage_stdWrap.']
323 ), $minLength);
324
325 $markerArray['###BACKLINK_LOGIN###'] = '';
326 $uid = $this->piVars['user'];
327 $piHash = $this->piVars['forgothash'];
328 $hash = explode('|', rawurldecode($piHash));
329 if ((int)$uid === 0) {
330 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
331 'change_password_notvalid_message',
332 $this->conf['changePasswordNotValidMessage_stdWrap.']
333 );
334 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
335 } else {
336 $user = $this->pi_getRecord('fe_users', (int)$uid);
337 $userHash = $user['felogin_forgotHash'];
338 $compareHash = explode('|', $userHash);
339 if (!$compareHash || !$compareHash[1] || $compareHash[0] < time() || $hash[0] != $compareHash[0] || md5($hash[1]) != $compareHash[1]) {
340 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
341 'change_password_notvalid_message',
342 $this->conf['changePasswordNotValidMessage_stdWrap.']
343 );
344 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
345 } else {
346 // All is fine, continue with new password
347 $postData = GeneralUtility::_POST($this->prefixId);
348 if (isset($postData['changepasswordsubmit'])) {
349 if (strlen($postData['password1']) < $minLength) {
350 $markerArray['###STATUS_MESSAGE###'] = sprintf(
351 $this->getDisplayText(
352 'change_password_tooshort_message',
353 $this->conf['changePasswordTooShortMessage_stdWrap.']
354 ),
355 $minLength
356 );
357 } elseif ($postData['password1'] != $postData['password2']) {
358 $markerArray['###STATUS_MESSAGE###'] = sprintf(
359 $this->getDisplayText(
360 'change_password_notequal_message',
361 $this->conf['changePasswordNotEqualMessage_stdWrap.']
362 ),
363 $minLength
364 );
365 } else {
366 // Hash password using configured salted passwords hash mechanism for FE
367 $hashInstance = GeneralUtility::makeInstance(PasswordHashFactory::class)->getDefaultHashInstance('FE');
368 $newPass = $hashInstance->getHashedPassword($postData['password1']);
369
370 // Call a hook for further password processing
371 $hookPasswordValid = true;
372 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
373 $_params = [
374 'user' => $user,
375 'newPassword' => $newPass,
376 'newPasswordUnencrypted' => $postData['password1'],
377 'passwordValid' => true,
378 'passwordInvalidMessage' => '',
379 ];
380 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
381 if ($_funcRef) {
382 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
383 }
384 }
385 $newPass = $_params['newPassword'];
386 $hookPasswordValid = $_params['passwordValid'];
387
388 if (!$hookPasswordValid) {
389 $markerArray['###STATUS_MESSAGE###'] = $_params['passwordInvalidMessage'];
390 }
391 }
392
393 // Change Password only if Hook returns valid
394 if ($hookPasswordValid) {
395 // Save new password and clear DB-hash
396 $userTable = $this->frontendController->fe_user->user_table;
397 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
398 $queryBuilder->getRestrictions()->removeAll();
399 $queryBuilder->update($userTable)
400 ->set('password', $newPass)
401 ->set('felogin_forgotHash', '')
402 ->set('tstamp', (int)$GLOBALS['EXEC_TIME'])
403 ->where(
404 $queryBuilder->expr()->eq(
405 'uid',
406 $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT)
407 )
408 )
409 ->execute();
410
411 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
412 'change_password_done_message',
413 $this->conf['changePasswordDoneMessage_stdWrap.']
414 );
415 $done = true;
416 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
417 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(
418 htmlspecialchars($this->pi_getLL('ll_forgot_header_backToLogin')),
419 [$this->prefixId . '[redirectReferrer]' => 'off']
420 );
421 }
422 }
423 }
424 if (!$done) {
425 // Change password form
426 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [
427 $this->prefixId . '[user]' => $user['uid'],
428 $this->prefixId . '[forgothash]' => $piHash
429 ], true);
430 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('change_password'));
431 $markerArray['###NEWPASSWORD1_LABEL###'] = htmlspecialchars($this->pi_getLL('newpassword_label1'));
432 $markerArray['###NEWPASSWORD2_LABEL###'] = htmlspecialchars($this->pi_getLL('newpassword_label2'));
433 $markerArray['###NEWPASSWORD1###'] = $this->prefixId . '[password1]';
434 $markerArray['###NEWPASSWORD2###'] = $this->prefixId . '[password2]';
435 $markerArray['###STORAGE_PID###'] = $this->spid;
436 $markerArray['###SEND_PASSWORD###'] = htmlspecialchars($this->pi_getLL('change_password'));
437 $markerArray['###FORGOTHASH###'] = $piHash;
438 }
439 }
440 }
441 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
442 }
443
444 /**
445 * Generates a hashed link and send it with email
446 *
447 * @param array $user Contains user data
448 * @return string Empty string with success, error message with no success
449 */
450 protected function generateAndSendHash($user)
451 {
452 $hours = (int)$this->conf['forgotLinkHashValidTime'] > 0 ? (int)$this->conf['forgotLinkHashValidTime'] : 24;
453 $validEnd = time() + 3600 * $hours;
454 $validEndString = date($this->conf['dateFormat'], $validEnd);
455 $hash = md5(GeneralUtility::makeInstance(Random::class)->generateRandomBytes(64));
456 $randHash = $validEnd . '|' . $hash;
457 $randHashDB = $validEnd . '|' . md5($hash);
458
459 // Write hash to DB
460 $userTable = $this->frontendController->fe_user->user_table;
461 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
462 $queryBuilder->getRestrictions()->removeAll();
463 $queryBuilder->update($userTable)
464 ->set('felogin_forgotHash', $randHashDB)
465 ->where(
466 $queryBuilder->expr()->eq(
467 'uid',
468 $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT)
469 )
470 )
471 ->execute();
472
473 // Send hashlink to user
474 $this->conf['linkPrefix'] = -1;
475 $isAbsRefPrefix = !empty($this->frontendController->absRefPrefix);
476 $isBaseURL = !empty($this->frontendController->baseUrl);
477 $isFeloginBaseURL = !empty($this->conf['feloginBaseURL']);
478 $link = $this->pi_getPageLink($this->frontendController->id, '', [
479 $this->prefixId . '[user]' => $user['uid'],
480 $this->prefixId . '[forgothash]' => $randHash
481 ]);
482 // Prefix link if necessary
483 if ($isFeloginBaseURL) {
484 // First priority, use specific base URL
485 // "absRefPrefix" must be removed first, otherwise URL will be prepended twice
486 if ($isAbsRefPrefix) {
487 $link = substr($link, strlen($this->frontendController->absRefPrefix));
488 }
489 $link = $this->conf['feloginBaseURL'] . $link;
490 } elseif ($isAbsRefPrefix) {
491 // Second priority
492 // absRefPrefix must not necessarily contain a hostname and URL scheme, so add it if needed
493 $link = GeneralUtility::locationHeaderUrl($link);
494 } elseif ($isBaseURL) {
495 // Third priority
496 // Add the global base URL to the link
497 $link = $this->frontendController->baseUrlWrap($link);
498 } else {
499 // No prefix is set, return the error
500 return $this->pi_getLL('ll_change_password_nolinkprefix_message');
501 }
502 $msg = sprintf($this->pi_getLL('ll_forgot_validate_reset_password'), $user['username'], $link, $validEndString);
503 // Add hook for extra processing of mail message
504 $params = [
505 'message' => &$msg,
506 'user' => &$user
507 ];
508 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'] ?? [] as $reference) {
509 if ($reference) {
510 GeneralUtility::callUserFunction($reference, $params, $this);
511 }
512 }
513 if ($user['email']) {
514 $this->cObj->sendNotifyEmail($msg, $user['email'], '', $this->conf['email_from'], $this->conf['email_fromName'], $this->conf['replyTo']);
515 }
516
517 return '';
518 }
519
520 /**
521 * Shows logout form
522 *
523 * @return string The content.
524 */
525 protected function showLogout()
526 {
527 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_LOGOUT###');
528 $subpartArray = ($linkpartArray = []);
529 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('status_header', $this->conf['logoutHeader_stdWrap.']);
530 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('status_message', $this->conf['logoutMessage_stdWrap.']);
531 $this->cObj->stdWrap($this->flexFormValue('message', 's_status'), $this->conf['logoutMessage_stdWrap.']);
532 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('logout'));
533 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [], true);
534 $markerArray['###LOGOUT_LABEL###'] = htmlspecialchars($this->pi_getLL('logout'));
535 $markerArray['###NAME###'] = htmlspecialchars($this->frontendController->fe_user->user['name']);
536 $markerArray['###STORAGE_PID###'] = $this->spid;
537 $markerArray['###USERNAME###'] = htmlspecialchars($this->frontendController->fe_user->user['username']);
538 $markerArray['###USERNAME_LABEL###'] = htmlspecialchars($this->pi_getLL('username'));
539 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
540 $markerArray['###PREFIXID###'] = $this->prefixId;
541 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
542 if ($this->redirectUrl) {
543 // Use redirectUrl for action tag because of possible access restricted pages
544 $markerArray['###ACTION_URI###'] = htmlspecialchars($this->redirectUrl);
545 $this->redirectUrl = '';
546 }
547 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
548 }
549
550 /**
551 * Shows login form
552 *
553 * @return string Content
554 */
555 protected function showLogin()
556 {
557 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_LOGIN###');
558 $subpartArray = ($linkpartArray = ($markerArray = []));
559 $gpRedirectUrl = '';
560 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('oLabel_header_welcome'));
561 if ($this->logintype === LoginType::LOGIN) {
562 if ($this->userIsLoggedIn) {
563 // login success
564 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('success_header', $this->conf['successHeader_stdWrap.']);
565 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('success_message', $this->conf['successMessage_stdWrap.']);
566 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
567 $subpartArray['###LOGIN_FORM###'] = '';
568 // Hook for general actions after after login has been confirmed (by Thomas Danzl <thomas@danzl.org>)
569 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed'] ?? [] as $_funcRef) {
570 $_params = [];
571 if ($_funcRef) {
572 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
573 }
574 }
575 // show logout form directly
576 if ($this->conf['showLogoutFormAfterLogin']) {
577 $this->redirectUrl = '';
578 return $this->showLogout();
579 }
580 } else {
581 // Hook for general actions on login error
582 $params = [];
583 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'] ?? [] as $funcRef) {
584 if ($funcRef) {
585 GeneralUtility::callUserFunction($funcRef, $params, $this);
586 }
587 }
588 // login error
589 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('error_header', $this->conf['errorHeader_stdWrap.']);
590 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('error_message', $this->conf['errorMessage_stdWrap.']);
591 $gpRedirectUrl = GeneralUtility::_GP('redirect_url');
592 }
593 } else {
594 if ($this->logintype === LoginType::LOGOUT) {
595 // login form after logout
596 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('logout_header', $this->conf['logoutHeader_stdWrap.']);
597 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('logout_message', $this->conf['logoutMessage_stdWrap.']);
598 } else {
599 // login form
600 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('welcome_header', $this->conf['welcomeHeader_stdWrap.']);
601 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('welcome_message', $this->conf['welcomeMessage_stdWrap.']);
602 }
603 }
604
605 // This hook allows to call User JS functions.
606 // The methods should also set the required JS functions to get included
607 $onSubmit = '';
608 $extraHidden = '';
609 $onSubmitAr = [];
610 $extraHiddenAr = [];
611 // Check for referer redirect method. if present, save referer in form field
612 if (GeneralUtility::inList($this->conf['redirectMode'], 'referer') || GeneralUtility::inList($this->conf['redirectMode'], 'refererDomains')) {
613 $referer = $this->referer ? $this->referer : GeneralUtility::getIndpEnv('HTTP_REFERER');
614 if ($referer) {
615 $extraHiddenAr[] = '<input type="hidden" name="referer" value="' . htmlspecialchars($referer) . '" />';
616 if ($this->piVars['redirectReferrer'] === 'off') {
617 $extraHiddenAr[] = '<input type="hidden" name="' . $this->prefixId . '[redirectReferrer]" value="off" />';
618 }
619 }
620 }
621 $_params = [];
622 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] ?? [] as $funcRef) {
623 list($onSub, $hid) = GeneralUtility::callUserFunction($funcRef, $_params, $this);
624 $onSubmitAr[] = $onSub;
625 $extraHiddenAr[] = $hid;
626 }
627 if (!empty($onSubmitAr)) {
628 $onSubmit = implode('; ', $onSubmitAr) . '; return true;';
629 }
630 if (!empty($extraHiddenAr)) {
631 $extraHidden = implode(LF, $extraHiddenAr);
632 }
633 if (!$gpRedirectUrl && $this->redirectUrl) {
634 $gpRedirectUrl = $this->redirectUrl;
635 }
636 // Login form
637 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [], true);
638 // Used by kb_md5fepw extension...
639 $markerArray['###EXTRA_HIDDEN###'] = $extraHidden;
640 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('login'));
641 $markerArray['###LOGIN_LABEL###'] = htmlspecialchars($this->pi_getLL('login'));
642 // Used by kb_md5fepw extension...
643 $markerArray['###ON_SUBMIT###'] = $onSubmit;
644 $markerArray['###PASSWORD_LABEL###'] = htmlspecialchars($this->pi_getLL('password'));
645 $markerArray['###STORAGE_PID###'] = $this->spid;
646 $markerArray['###USERNAME_LABEL###'] = htmlspecialchars($this->pi_getLL('username'));
647 $markerArray['###REDIRECT_URL###'] = htmlspecialchars($gpRedirectUrl);
648 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
649 $markerArray['###PREFIXID###'] = $this->prefixId;
650 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
651 if ($this->conf['showForgotPasswordLink']) {
652 $linkpartArray['###FORGOT_PASSWORD_LINK###'] = explode('|', $this->getPageLink('|', [$this->prefixId . '[forgot]' => 1]));
653 $markerArray['###FORGOT_PASSWORD###'] = htmlspecialchars($this->pi_getLL('ll_forgot_header'));
654 } else {
655 $subpartArray['###FORGOTP_VALID###'] = '';
656 }
657 // The permanent login checkbox should only be shown if permalogin is not deactivated (-1),
658 // not forced to be always active (2) and lifetime is greater than 0
659 $permalogin = (int)$GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'];
660 if (
661 $this->conf['showPermaLogin']
662 && ($permalogin === 0 || $permalogin === 1)
663 && $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'] > 0
664 ) {
665 $markerArray['###PERMALOGIN###'] = htmlspecialchars($this->pi_getLL('permalogin'));
666 if ($permalogin === 1) {
667 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = 'disabled="disabled"';
668 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = 'checked="checked"';
669 } else {
670 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = '';
671 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = '';
672 }
673 } else {
674 $subpartArray['###PERMALOGIN_VALID###'] = '';
675 }
676 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
677 }
678
679 /**
680 * Process redirect methods. The function searches for a redirect url using all configured methods.
681 *
682 * @return array Redirect URLs
683 */
684 protected function processRedirect()
685 {
686 $redirect_url = [];
687 if ($this->conf['redirectMode']) {
688 $redirectMethods = GeneralUtility::trimExplode(',', $this->conf['redirectMode'], true);
689 foreach ($redirectMethods as $redirMethod) {
690 if ($this->userIsLoggedIn && $this->logintype === LoginType::LOGIN) {
691 // Logintype is needed because the login-page wouldn't be accessible anymore after a login (would always redirect)
692 switch ($redirMethod) {
693 case 'groupLogin':
694 // taken from dkd_redirect_at_login written by Ingmar Schlecht; database-field changed
695 $groupData = $this->frontendController->fe_user->groupData;
696 if (!empty($groupData['uid'])) {
697
698 // take the first group with a redirect page
699 $userGroupTable = $this->frontendController->fe_user->usergroup_table;
700 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userGroupTable);
701 $queryBuilder->getRestrictions()->removeAll();
702 $row = $queryBuilder
703 ->select('felogin_redirectPid')
704 ->from($userGroupTable)
705 ->where(
706 $queryBuilder->expr()->neq(
707 'felogin_redirectPid',
708 $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)
709 ),
710 $queryBuilder->expr()->in(
711 'uid',
712 $queryBuilder->createNamedParameter(
713 $groupData['uid'],
714 Connection::PARAM_INT_ARRAY
715 )
716 )
717 )
718 ->execute()
719 ->fetch();
720
721 if ($row) {
722 $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
723 }
724 }
725 break;
726 case 'userLogin':
727
728 $userTable = $this->frontendController->fe_user->user_table;
729 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
730 $queryBuilder->getRestrictions()->removeAll();
731 $row = $queryBuilder
732 ->select('felogin_redirectPid')
733 ->from($userTable)
734 ->where(
735 $queryBuilder->expr()->neq(
736 'felogin_redirectPid',
737 $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)
738 ),
739 $queryBuilder->expr()->eq(
740 $this->frontendController->fe_user->userid_column,
741 $queryBuilder->createNamedParameter(
742 $this->frontendController->fe_user->user['uid'],
743 \PDO::PARAM_INT
744 )
745 )
746 )
747 ->execute()
748 ->fetch();
749
750 if ($row) {
751 $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
752 }
753
754 break;
755 case 'login':
756 if ($this->conf['redirectPageLogin']) {
757 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogin']);
758 }
759 break;
760 case 'getpost':
761 $redirect_url[] = $this->redirectUrl;
762 break;
763 case 'referer':
764 // Avoid redirect when logging in after changing password
765 if ($this->piVars['redirectReferrer'] !== 'off') {
766 // Avoid forced logout, when trying to login immediately after a logout
767 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $this->referer);
768 }
769 break;
770 case 'refererDomains':
771 // Auto redirect.
772 // Feature to redirect to the page where the user came from (HTTP_REFERER).
773 // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
774 // Thanks to plan2.net / Martin Kutschker for implementing this feature.
775 // also avoid redirect when logging in after changing password
776 if (isset($this->conf['domains']) && $this->conf['domains']
777 && (!isset($this->piVars['redirectReferrer']) || $this->piVars['redirectReferrer'] !== 'off')
778 ) {
779 $url = $this->referer;
780 // Is referring url allowed to redirect?
781 $match = [];
782 if (preg_match('#^http://([[:alnum:]._-]+)/#', $url, $match)) {
783 $redirect_domain = $match[1];
784 $found = false;
785 foreach (GeneralUtility::trimExplode(',', $this->conf['domains'], true) as $d) {
786 if (preg_match('/(?:^|\\.)' . $d . '$/', $redirect_domain)) {
787 $found = true;
788 break;
789 }
790 }
791 if (!$found) {
792 $url = '';
793 }
794 }
795 // Avoid forced logout, when trying to login immediately after a logout
796 if ($url) {
797 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url);
798 }
799 }
800 break;
801 }
802 } elseif ($this->logintype === LoginType::LOGIN) {
803 // after login-error
804 switch ($redirMethod) {
805 case 'loginError':
806 if ($this->conf['redirectPageLoginError']) {
807 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLoginError']);
808 }
809 break;
810 }
811 } elseif ($this->logintype == '' && $redirMethod === 'login' && $this->conf['redirectPageLogin']) {
812 // If login and page not accessible
813 $this->cObj->typoLink('', [
814 'parameter' => $this->conf['redirectPageLogin'],
815 'linkAccessRestrictedPages' => true
816 ]);
817 $redirect_url[] = $this->cObj->lastTypoLinkUrl;
818 } elseif ($this->logintype == '' && $redirMethod === 'logout' && $this->conf['redirectPageLogout'] && $this->userIsLoggedIn) {
819 // If logout and page not accessible
820 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
821 } elseif ($this->logintype === LoginType::LOGOUT) {
822 // after logout
823 // Hook for general actions after after logout has been confirmed
824 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed'] ?? [] as $_funcRef) {
825 $_params = [];
826 if ($_funcRef) {
827 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
828 }
829 }
830 switch ($redirMethod) {
831 case 'logout':
832 if ($this->conf['redirectPageLogout']) {
833 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
834 }
835 break;
836 }
837 } else {
838 // not logged in
839 // Placeholder for maybe future options
840 switch ($redirMethod) {
841 case 'getpost':
842 // Preserve the get/post value
843 $redirect_url[] = $this->redirectUrl;
844 break;
845 }
846 }
847 }
848 }
849 // Remove empty values, but keep "0" as value (that's why "strlen" is used as second parameter)
850 if (!empty($redirect_url)) {
851 return array_filter($redirect_url, 'strlen');
852 }
853 return [];
854 }
855
856 /**
857 * Reads flexform configuration and merge it with $this->conf
858 */
859 protected function mergeflexFormValuesIntoConf()
860 {
861 $flex = [];
862 if ($this->flexFormValue('showForgotPassword', 'sDEF')) {
863 $flex['showForgotPasswordLink'] = $this->flexFormValue('showForgotPassword', 'sDEF');
864 }
865 if ($this->flexFormValue('showPermaLogin', 'sDEF')) {
866 $flex['showPermaLogin'] = $this->flexFormValue('showPermaLogin', 'sDEF');
867 }
868 if ($this->flexFormValue('showLogoutFormAfterLogin', 'sDEF')) {
869 $flex['showLogoutFormAfterLogin'] = $this->flexFormValue('showLogoutFormAfterLogin', 'sDEF');
870 }
871 if ($this->flexFormValue('pages', 'sDEF')) {
872 $flex['pages'] = $this->flexFormValue('pages', 'sDEF');
873 }
874 if ($this->flexFormValue('recursive', 'sDEF')) {
875 $flex['recursive'] = $this->flexFormValue('recursive', 'sDEF');
876 }
877 if ($this->flexFormValue('redirectMode', 's_redirect')) {
878 $flex['redirectMode'] = $this->flexFormValue('redirectMode', 's_redirect');
879 }
880 if ($this->flexFormValue('redirectFirstMethod', 's_redirect')) {
881 $flex['redirectFirstMethod'] = $this->flexFormValue('redirectFirstMethod', 's_redirect');
882 }
883 if ($this->flexFormValue('redirectDisable', 's_redirect')) {
884 $flex['redirectDisable'] = $this->flexFormValue('redirectDisable', 's_redirect');
885 }
886 if ($this->flexFormValue('redirectPageLogin', 's_redirect')) {
887 $flex['redirectPageLogin'] = $this->flexFormValue('redirectPageLogin', 's_redirect');
888 }
889 if ($this->flexFormValue('redirectPageLoginError', 's_redirect')) {
890 $flex['redirectPageLoginError'] = $this->flexFormValue('redirectPageLoginError', 's_redirect');
891 }
892 if ($this->flexFormValue('redirectPageLogout', 's_redirect')) {
893 $flex['redirectPageLogout'] = $this->flexFormValue('redirectPageLogout', 's_redirect');
894 }
895 $pid = $flex['pages'] ? $this->pi_getPidList($flex['pages'], $flex['recursive']) : 0;
896 if ($pid > 0) {
897 $flex['storagePid'] = $pid;
898 }
899 $this->conf = array_merge($this->conf, $flex);
900 }
901
902 /**
903 * Loads a variable from the flexform
904 *
905 * @param string $var Name of variable
906 * @param string $sheet Name of sheet
907 * @return string Value of var
908 */
909 protected function flexFormValue($var, $sheet)
910 {
911 return $this->pi_getFFvalue($this->cObj->data['pi_flexform'], $var, $sheet);
912 }
913
914 /**
915 * Generate link with typolink function
916 *
917 * @param string $label Linktext
918 * @param array $piVars Link vars
919 * @param bool $returnUrl TRUE: returns only url FALSE (default) returns the link)
920 * @return string Link or url
921 */
922 protected function getPageLink($label, $piVars, $returnUrl = false)
923 {
924 $additionalParams = is_array($piVars) && !empty($piVars) ? $piVars : [];
925 // Should GETvars be preserved?
926 if ($this->conf['preserveGETvars']) {
927 $additionalParams = array_merge_recursive($additionalParams, $this->getPreserveGetVars());
928 }
929 $this->conf['linkConfig.']['parameter'] = $this->frontendController->id;
930 if (!empty($additionalParams)) {
931 $this->conf['linkConfig.']['additionalParams'] = HttpUtility::buildQueryString($additionalParams, '&');
932 }
933 if ($returnUrl) {
934 return htmlspecialchars($this->cObj->typoLink_URL($this->conf['linkConfig.']));
935 }
936 return $this->cObj->typoLink($label, $this->conf['linkConfig.']);
937 }
938
939 /**
940 * Add additional parameters for links according to TS setting preserveGETvars.
941 * Possible values are "all" or a comma separated list of allowed GET-vars.
942 * Supports multi-dimensional GET-vars.
943 * Some hardcoded values are dropped.
944 *
945 * @return array additionalParams-array
946 */
947 protected function getPreserveGetVars()
948 {
949 $getVars = GeneralUtility::_GET();
950 unset(
951 $getVars['id'],
952 $getVars['no_cache'],
953 $getVars['logintype'],
954 $getVars['redirect_url'],
955 $getVars['cHash'],
956 $getVars[$this->prefixId]
957 );
958 if ($this->conf['preserveGETvars'] === 'all') {
959 $preserveQueryParts = $getVars;
960 } else {
961 $preserveQueryStringProperties = GeneralUtility::trimExplode(',', $this->conf['preserveGETvars']);
962 $preserveQueryParts = [];
963 parse_str(implode('=1&', $preserveQueryStringProperties) . '=1', $preserveQueryParts);
964 $preserveQueryParts = \TYPO3\CMS\Core\Utility\ArrayUtility::intersectRecursive($getVars, $preserveQueryParts);
965 }
966 return $preserveQueryParts;
967 }
968
969 /**
970 * Is used by forgot password - function with md5 option.
971 * @param int $len Length of new password
972 * @return string New password
973 */
974 protected function generatePassword($len)
975 {
976 $pass = '';
977 while ($len--) {
978 $char = rand(0, 35);
979 if ($char < 10) {
980 $pass .= '' . $char;
981 } else {
982 $pass .= chr($char - 10 + 97);
983 }
984 }
985 return $pass;
986 }
987
988 /**
989 * Returns the header / message value from flexform if present, else from locallang.xlf
990 *
991 * @param string $label label name
992 * @param array $stdWrapArray TS stdWrap array
993 * @return string label text
994 */
995 protected function getDisplayText($label, $stdWrapArray = [])
996 {
997 $text = $this->flexFormValue($label, 's_messages') ? $this->cObj->stdWrap($this->flexFormValue($label, 's_messages'), $stdWrapArray) : $this->cObj->stdWrap($this->pi_getLL('ll_' . $label), $stdWrapArray);
998 $replace = $this->getUserFieldMarkers();
999 return strtr($text, $replace);
1000 }
1001
1002 /**
1003 * Returns Array of markers filled with user fields
1004 *
1005 * @return array Marker array
1006 */
1007 protected function getUserFieldMarkers()
1008 {
1009 $marker = [];
1010 // replace markers with fe_user data
1011 if ($this->frontendController->fe_user->user) {
1012 // All fields of fe_user will be replaced, scheme is ###FEUSER_FIELDNAME###
1013 foreach ($this->frontendController->fe_user->user as $field => $value) {
1014 $conf = $this->conf['userfields.'][$field . '.'] ?? [];
1015 $conf = array_replace_recursive(['htmlSpecialChars' => '1'], $conf);
1016 $marker['###FEUSER_' . strtoupper($field) . '###'] = $this->cObj->stdWrap($value, $conf);
1017 }
1018 // Add ###USER### for compatibility
1019 $marker['###USER###'] = $marker['###FEUSER_USERNAME###'];
1020 }
1021 return $marker;
1022 }
1023 }