2 namespace TYPO3\CMS\Felogin\Controller
;
4 /***************************************************************
7 * (c) 2007-2013 Steffen Kamper <info@sk-typo3.de>
8 * Based on Newloginbox (c) 2002-2004 Kasper Skårhøj <kasper@typo3.com>
12 * This script is part of the TYPO3 project. The TYPO3 project is
13 * free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
18 * The GNU General Public License can be found at
19 * http://www.gnu.org/copyleft/gpl.html.
21 * This script is distributed in the hope that it will be useful,
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 * GNU General Public License for more details.
26 * This copyright notice MUST APPEAR in all copies of the script!
28 * The code was adapted from newloginbox, see manual for detailed description
29 ***************************************************************/
31 use TYPO3\CMS\Core\Utility\GeneralUtility
;
34 * Plugin 'Website User Login' for the 'felogin' extension.
36 * @author Steffen Kamper <info@sk-typo3.de>
38 class FrontendLoginController
extends \TYPO3\CMS\Frontend\Plugin\AbstractPlugin
{
43 * @todo Define visibility
45 public $prefixId = 'tx_felogin_pi1';
48 * Path to this script relative to the extension dir.
50 * @todo Define visibility
52 public $scriptRelPath = 'pi1/class.tx_felogin_pi1.php';
57 * @todo Define visibility
59 public $extKey = 'felogin';
64 public $pi_checkCHash = FALSE;
69 public $pi_USER_INT_obj = TRUE;
76 protected $userIsLoggedIn;
79 * Holds the template for FE rendering
86 * Upload directory, used for flexform template files
93 * URL for the redirect
97 protected $redirectUrl;
100 * Flag for disable the redirect
104 protected $noRedirect = FALSE;
107 * Logintype (given as GPvar), possible: login, logout
111 protected $logintype;
114 * The main method of the plugin
116 * @param string $content The PlugIn content
117 * @param array $conf The PlugIn configuration
118 * @return string The content that is displayed on the website
120 public function main($content, $conf) {
121 // Loading TypoScript array into object variable:
123 $this->uploadDir
= 'uploads/tx_felogin/';
124 // Loading default pivars
125 $this->pi_setPiVarDefaults();
126 // Loading language-labels
128 // Init FlexForm configuration for plugin:
129 $this->pi_initPIflexForm();
130 $this->mergeflexFormValuesIntoConf();
132 if ($this->conf
['storagePid']) {
133 if ((int)$this->conf
['recursive']) {
134 $this->spid
= $this->pi_getPidList($this->conf
['storagePid'], (int)$this->conf
['recursive']);
136 $this->spid
= $this->conf
['storagePid'];
139 $pids = $GLOBALS['TSFE']->getStorageSiterootPids();
140 $this->spid
= $pids['_STORAGE_PID'];
143 $this->logintype
= GeneralUtility
::_GP('logintype');
144 $this->referer
= $this->validateRedirectUrl(GeneralUtility
::_GP('referer'));
145 $this->noRedirect
= $this->piVars
['noredirect'] ||
$this->conf
['redirectDisable'];
146 // If config.typolinkLinkAccessRestrictedPages is set, the var is return_url
147 $returnUrl = GeneralUtility
::_GP('return_url');
149 $this->redirectUrl
= $returnUrl;
151 $this->redirectUrl
= GeneralUtility
::_GP('redirect_url');
153 $this->redirectUrl
= $this->validateRedirectUrl($this->redirectUrl
);
155 $templateFile = $this->conf
['templateFile'] ?
: 'EXT:felogin/template.html';
156 $this->template
= $this->cObj
->fileResource($templateFile);
157 // Is user logged in?
158 $this->userIsLoggedIn
= $GLOBALS['TSFE']->loginUser
;
160 if ($this->conf
['redirectMode'] && !$this->conf
['redirectDisable'] && !$this->noRedirect
) {
161 $redirectUrl = $this->processRedirect();
162 if (count($redirectUrl)) {
163 $this->redirectUrl
= $this->conf
['redirectFirstMethod'] ?
array_shift($redirectUrl) : array_pop($redirectUrl);
165 $this->redirectUrl
= '';
170 if ($this->piVars
['forgot'] && $this->conf
['showForgotPassword']) {
171 $content .= $this->showForgot();
172 } elseif ($this->piVars
['forgothash']) {
173 $content .= $this->changePassword();
175 if ($this->userIsLoggedIn
&& !$this->logintype
) {
176 $content .= $this->showLogout();
178 $content .= $this->showLogin();
181 // Process the redirect
182 if (($this->logintype
=== 'login' ||
$this->logintype
=== 'logout') && $this->redirectUrl
&& !$this->noRedirect
) {
183 if (!$GLOBALS['TSFE']->fe_user
->isCookieSet()) {
184 $content .= $this->cObj
->stdWrap($this->pi_getLL('cookie_warning', '', TRUE), $this->conf
['cookieWarning_stdWrap.']);
186 // Add hook for extra processing before redirect
188 isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect']) &&
189 is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'])
192 'loginType' => $this->logintype
,
193 'redirectUrl' => &$this->redirectUrl
195 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'] as $_funcRef) {
197 GeneralUtility
::callUserFunction($_funcRef, $_params, $this);
201 \TYPO3\CMS\Core\Utility\HttpUtility
::redirect($this->redirectUrl
);
204 // Adds hook for processing of extra item markers / special
206 isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'])
207 && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'])
210 'content' => $content
212 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'] as $_funcRef) {
213 $content = GeneralUtility
::callUserFunction($_funcRef, $_params, $this);
216 return $this->conf
['wrapContentInBaseClass'] ?
$this->pi_wrapInBaseClass($content) : $content;
220 * Shows the forgot password form
222 * @return string Content
224 protected function showForgot() {
225 $subpart = $this->cObj
->getSubpart($this->template
, '###TEMPLATE_FORGOT###');
226 $subpartArray = ($linkpartArray = array());
227 $postData = GeneralUtility
::_POST($this->prefixId
);
228 if ($postData['forgot_email']) {
229 // Get hashes for compare
230 $postedHash = $postData['forgot_hash'];
231 $hashData = $GLOBALS['TSFE']->fe_user
->getKey('ses', 'forgot_hash');
232 if ($postedHash === $hashData['forgot_hash']) {
234 // Look for user record
235 $data = $GLOBALS['TYPO3_DB']->fullQuoteStr($this->piVars
['forgot_email'], 'fe_users');
236 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
237 'uid, username, password, email',
239 '(email=' . $data . ' OR username=' . $data . ') AND pid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($this->spid
) . ') ' . $this->cObj
->enableFields('fe_users')
241 if ($GLOBALS['TYPO3_DB']->sql_num_rows($res)) {
242 $row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res);
246 // Generate an email with the hashed link
247 $error = $this->generateAndSendHash($row);
248 } elseif ($this->conf
['exposeNonexistentUserInForgotPasswordDialog']) {
249 $error = $this->pi_getLL('ll_forgot_reset_message_error');
253 $markerArray['###STATUS_MESSAGE###'] = $this->cObj
->stdWrap($error, $this->conf
['forgotErrorMessage_stdWrap.']);
255 $markerArray['###STATUS_MESSAGE###'] = $this->cObj
->stdWrap(
256 $this->pi_getLL('ll_forgot_reset_message_emailSent', '', TRUE),
257 $this->conf
['forgotResetMessageEmailSentMessage_stdWrap.']
260 $subpartArray['###FORGOT_FORM###'] = '';
263 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf
['forgotMessage_stdWrap.']);
264 $markerArray['###BACKLINK_LOGIN###'] = '';
267 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf
['forgotMessage_stdWrap.']);
268 $markerArray['###BACKLINK_LOGIN###'] = '';
270 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink($this->pi_getLL('ll_forgot_header_backToLogin', '', TRUE), array());
271 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('forgot_header', $this->conf
['forgotHeader_stdWrap.']);
272 $markerArray['###LEGEND###'] = $this->pi_getLL('legend', $this->pi_getLL('reset_password', '', TRUE), TRUE);
273 $markerArray['###ACTION_URI###'] = $this->getPageLink('', array($this->prefixId
. '[forgot]' => 1), TRUE);
274 $markerArray['###EMAIL_LABEL###'] = $this->pi_getLL('your_email', '', TRUE);
275 $markerArray['###FORGOT_PASSWORD_ENTEREMAIL###'] = $this->pi_getLL('forgot_password_enterEmail', '', TRUE);
276 $markerArray['###FORGOT_EMAIL###'] = $this->prefixId
. '[forgot_email]';
277 $markerArray['###SEND_PASSWORD###'] = $this->pi_getLL('reset_password', '', TRUE);
278 $markerArray['###DATA_LABEL###'] = $this->pi_getLL('ll_enter_your_data', '', TRUE);
279 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
281 $hash = md5($this->generatePassword(3));
282 $markerArray['###FORGOTHASH###'] = $hash;
283 // Set hash in feuser session
284 $GLOBALS['TSFE']->fe_user
->setKey('ses', 'forgot_hash', array('forgot_hash' => $hash));
285 return $this->cObj
->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
289 * This function checks the hash from link and checks the validity. If it's valid it shows the form for
290 * changing the password and process the change of password after submit, if not valid it returns the error message
292 * @return string The content.
294 protected function changePassword() {
295 $subpartArray = ($linkpartArray = array());
297 $minLength = (int)$this->conf
['newPasswordMinLength'] ?
: 6;
298 $subpart = $this->cObj
->getSubpart($this->template
, '###TEMPLATE_CHANGEPASSWORD###');
299 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('change_password_header', $this->conf
['changePasswordHeader_stdWrap.']);
300 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
301 'change_password_message',
302 $this->conf
['changePasswordMessage_stdWrap.']
305 $markerArray['###BACKLINK_LOGIN###'] = '';
306 $uid = $this->piVars
['user'];
307 $piHash = $this->piVars
['forgothash'];
308 $hash = explode('|', $piHash);
309 if ((int)$uid === 0) {
310 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
311 'change_password_notvalid_message',
312 $this->conf
['changePasswordNotValidMessage_stdWrap.']
314 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
316 $user = $this->pi_getRecord('fe_users', (int)$uid);
317 $userHash = $user['felogin_forgotHash'];
318 $compareHash = explode('|', $userHash);
319 if (!$compareHash ||
!$compareHash[1] ||
$compareHash[0] < time() ||
$hash[0] != $compareHash[0] ||
md5($hash[1]) != $compareHash[1]) {
320 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
321 'change_password_notvalid_message',
322 $this->conf
['changePasswordNotValidMessage_stdWrap.']
324 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
326 // All is fine, continue with new password
327 $postData = GeneralUtility
::_POST($this->prefixId
);
328 if (isset($postData['changepasswordsubmit'])) {
329 if (strlen($postData['password1']) < $minLength) {
330 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
331 'change_password_tooshort_message',
332 $this->conf
['changePasswordTooShortMessage_stdWrap.']),
335 } elseif ($postData['password1'] != $postData['password2']) {
336 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
337 'change_password_notequal_message',
338 $this->conf
['changePasswordNotEqualMessage_stdWrap.']),
342 $newPass = $postData['password1'];
343 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
346 'newPassword' => $newPass
348 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
350 GeneralUtility
::callUserFunction($_funcRef, $_params, $this);
353 $newPass = $_params['newPassword'];
355 // Save new password and clear DB-hash
356 $res = $GLOBALS['TYPO3_DB']->exec_UPDATEquery(
358 'uid=' . $user['uid'],
359 array('password' => $newPass, 'felogin_forgotHash' => '', 'tstamp' => $GLOBALS['EXEC_TIME'])
361 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
362 'change_password_done_message',
363 $this->conf
['changePasswordDoneMessage_stdWrap.']
366 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
367 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(
368 $this->pi_getLL('ll_forgot_header_backToLogin', '', TRUE),
369 array($this->prefixId
. '[redirectReferrer]' => 'off')
374 // Change password form
375 $markerArray['###ACTION_URI###'] = $this->pi_getPageLink($GLOBALS['TSFE']->id
, '', array(
376 $this->prefixId
. '[user]' => $user['uid'],
377 $this->prefixId
. '[forgothash]' => $piHash
379 $markerArray['###LEGEND###'] = $this->pi_getLL('change_password', '', TRUE);
380 $markerArray['###NEWPASSWORD1_LABEL###'] = $this->pi_getLL('newpassword_label1', '', TRUE);
381 $markerArray['###NEWPASSWORD2_LABEL###'] = $this->pi_getLL('newpassword_label2', '', TRUE);
382 $markerArray['###NEWPASSWORD1###'] = $this->prefixId
. '[password1]';
383 $markerArray['###NEWPASSWORD2###'] = $this->prefixId
. '[password2]';
384 $markerArray['###STORAGE_PID###'] = $this->spid
;
385 $markerArray['###SEND_PASSWORD###'] = $this->pi_getLL('change_password', '', TRUE);
386 $markerArray['###FORGOTHASH###'] = $piHash;
390 return $this->cObj
->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
394 * Generates a hashed link and send it with email
396 * @param array $user Contains user data
397 * @return string Empty string with success, error message with no success
399 protected function generateAndSendHash($user) {
400 $hours = (int)$this->conf
['forgotLinkHashValidTime'] > 0 ?
(int)$this->conf
['forgotLinkHashValidTime'] : 24;
401 $validEnd = time() +
3600 * $hours;
402 $validEndString = date($this->conf
['dateFormat'], $validEnd);
403 $hash = md5(GeneralUtility
::generateRandomBytes(64));
404 $randHash = $validEnd . '|' . $hash;
405 $randHashDB = $validEnd . '|' . md5($hash);
407 $res = $GLOBALS['TYPO3_DB']->exec_UPDATEquery('fe_users', 'uid=' . $user['uid'], array('felogin_forgotHash' => $randHashDB));
408 // Send hashlink to user
409 $this->conf
['linkPrefix'] = -1;
410 $isAbsRelPrefix = !empty($GLOBALS['TSFE']->absRefPrefix
);
411 $isBaseURL = !empty($GLOBALS['TSFE']->baseUrl
);
412 $isFeloginBaseURL = !empty($this->conf
['feloginBaseURL']);
413 $link = $this->pi_getPageLink($GLOBALS['TSFE']->id
, '', array(
414 $this->prefixId
. '[user]' => $user['uid'],
415 $this->prefixId
. '[forgothash]' => $randHash
417 // Prefix link if necessary
418 if ($isFeloginBaseURL) {
419 // First priority, use specific base URL
420 // "absRefPrefix" must be removed first, otherwise URL will be prepended twice
421 if (!empty($GLOBALS['TSFE']->absRefPrefix
)) {
422 $link = substr($link, strlen($GLOBALS['TSFE']->absRefPrefix
));
424 $link = $this->conf
['feloginBaseURL'] . $link;
425 } elseif ($isAbsRelPrefix) {
427 // absRefPrefix must not necessarily contain a hostname and URL scheme, so add it if needed
428 $link = GeneralUtility
::locationHeaderUrl($link);
429 } elseif ($isBaseURL) {
431 // Add the global base URL to the link
432 $link = $GLOBALS['TSFE']->baseUrlWrap($link);
434 // No prefix is set, return the error
435 return $this->pi_getLL('ll_change_password_nolinkprefix_message');
437 $msg = sprintf($this->pi_getLL('ll_forgot_validate_reset_password'), $user['username'], $link, $validEndString);
438 // Add hook for extra processing of mail message
440 isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'])
441 && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'])
447 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'] as $reference) {
449 GeneralUtility
::callUserFunction($reference, $params, $this);
453 // no RDCT - Links for security reasons
454 $oldSetting = $GLOBALS['TSFE']->config
['config']['notification_email_urlmode'];
455 $GLOBALS['TSFE']->config
['config']['notification_email_urlmode'] = 0;
457 $this->cObj
->sendNotifyEmail($msg, $user['email'], '', $this->conf
['email_from'], $this->conf
['email_fromName'], $this->conf
['replyTo']);
459 $GLOBALS['TSFE']->config
['config']['notification_email_urlmode'] = $oldSetting;
466 * @return string The content.
468 protected function showLogout() {
469 $subpart = $this->cObj
->getSubpart($this->template
, '###TEMPLATE_LOGOUT###');
470 $subpartArray = ($linkpartArray = array());
471 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('status_header', $this->conf
['logoutHeader_stdWrap.']);
472 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('status_message', $this->conf
['logoutMessage_stdWrap.']);
473 $this->cObj
->stdWrap($this->flexFormValue('message', 's_status'), $this->conf
['logoutMessage_stdWrap.']);
474 $markerArray['###LEGEND###'] = $this->pi_getLL('logout', '', TRUE);
475 $markerArray['###ACTION_URI###'] = $this->getPageLink('', array(), TRUE);
476 $markerArray['###LOGOUT_LABEL###'] = $this->pi_getLL('logout', '', TRUE);
477 $markerArray['###NAME###'] = htmlspecialchars($GLOBALS['TSFE']->fe_user
->user
['name']);
478 $markerArray['###STORAGE_PID###'] = $this->spid
;
479 $markerArray['###USERNAME###'] = htmlspecialchars($GLOBALS['TSFE']->fe_user
->user
['username']);
480 $markerArray['###USERNAME_LABEL###'] = $this->pi_getLL('username', '', TRUE);
481 $markerArray['###NOREDIRECT###'] = $this->noRedirect ?
'1' : '0';
482 $markerArray['###PREFIXID###'] = $this->prefixId
;
483 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
484 if ($this->redirectUrl
) {
485 // Use redirectUrl for action tag because of possible access restricted pages
486 $markerArray['###ACTION_URI###'] = htmlspecialchars($this->redirectUrl
);
487 $this->redirectUrl
= '';
489 return $this->cObj
->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
495 * @return string Content
497 protected function showLogin() {
498 $subpart = $this->cObj
->getSubpart($this->template
, '###TEMPLATE_LOGIN###');
499 $subpartArray = ($linkpartArray = ($markerArray = array()));
501 $markerArray['###LEGEND###'] = $this->pi_getLL('oLabel_header_welcome', '', TRUE);
502 if ($this->logintype
=== 'login') {
503 if ($this->userIsLoggedIn
) {
505 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('success_header', $this->conf
['successHeader_stdWrap.']);
506 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('success_message', $this->conf
['successMessage_stdWrap.']);
507 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
508 $subpartArray['###LOGIN_FORM###'] = '';
509 // Hook for general actions after after login has been confirmed (by Thomas Danzl <thomas@danzl.org>)
510 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed']) {
512 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed'] as $_funcRef) {
514 GeneralUtility
::callUserFunction($_funcRef, $_params, $this);
518 // show logout form directly
519 if ($this->conf
['showLogoutFormAfterLogin']) {
520 $this->redirectUrl
= '';
521 return $this->showLogout();
524 // Hook for general actions on login error
526 isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'])
527 && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'])
530 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'] as $funcRef) {
532 GeneralUtility
::callUserFunction($funcRef, $params, $this);
537 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('error_header', $this->conf
['errorHeader_stdWrap.']);
538 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('error_message', $this->conf
['errorMessage_stdWrap.']);
539 $gpRedirectUrl = GeneralUtility
::_GP('redirect_url');
542 if ($this->logintype
=== 'logout') {
543 // login form after logout
544 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('logout_header', $this->conf
['logoutHeader_stdWrap.']);
545 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('logout_message', $this->conf
['logoutMessage_stdWrap.']);
548 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('welcome_header', $this->conf
['welcomeHeader_stdWrap.']);
549 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('welcome_message', $this->conf
['welcomeMessage_stdWrap.']);
553 // This hook allows to call User JS functions.
554 // The methods should also set the required JS functions to get included
557 $onSubmitAr = array();
558 $extraHiddenAr = array();
559 // Check for referer redirect method. if present, save referer in form field
560 if (GeneralUtility
::inList($this->conf
['redirectMode'], 'referer') || GeneralUtility
::inList($this->conf
['redirectMode'], 'refererDomains')) {
561 $referer = $this->referer ?
$this->referer
: GeneralUtility
::getIndpEnv('HTTP_REFERER');
563 $extraHiddenAr[] = '<input type="hidden" name="referer" value="' . htmlspecialchars($referer) . '" />';
564 if ($this->piVars
['redirectReferrer'] === 'off') {
565 $extraHiddenAr[] = '<input type="hidden" name="' . $this->prefixId
. '[redirectReferrer]" value="off" />';
569 if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'])) {
571 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] as $funcRef) {
572 list($onSub, $hid) = GeneralUtility
::callUserFunction($funcRef, $_params, $this);
573 $onSubmitAr[] = $onSub;
574 $extraHiddenAr[] = $hid;
577 if (count($onSubmitAr)) {
578 $onSubmit = implode('; ', $onSubmitAr) . '; return true;';
580 if (count($extraHiddenAr)) {
581 $extraHidden = implode(LF
, $extraHiddenAr);
583 if (!$gpRedirectUrl && $this->redirectUrl
) {
584 $gpRedirectUrl = $this->redirectUrl
;
587 $markerArray['###ACTION_URI###'] = $this->getPageLink('', array(), TRUE);
588 // Used by kb_md5fepw extension...
589 $markerArray['###EXTRA_HIDDEN###'] = $extraHidden;
590 $markerArray['###LEGEND###'] = $this->pi_getLL('login', '', TRUE);
591 $markerArray['###LOGIN_LABEL###'] = $this->pi_getLL('login', '', TRUE);
592 // Used by kb_md5fepw extension...
593 $markerArray['###ON_SUBMIT###'] = $onSubmit;
594 $markerArray['###PASSWORD_LABEL###'] = $this->pi_getLL('password', '', TRUE);
595 $markerArray['###STORAGE_PID###'] = $this->spid
;
596 $markerArray['###USERNAME_LABEL###'] = $this->pi_getLL('username', '', TRUE);
597 $markerArray['###REDIRECT_URL###'] = htmlspecialchars($gpRedirectUrl);
598 $markerArray['###NOREDIRECT###'] = $this->noRedirect ?
'1' : '0';
599 $markerArray['###PREFIXID###'] = $this->prefixId
;
600 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
601 if ($this->flexFormValue('showForgotPassword', 'sDEF') ||
$this->conf
['showForgotPasswordLink']) {
602 $linkpartArray['###FORGOT_PASSWORD_LINK###'] = explode('|', $this->getPageLink('|', array($this->prefixId
. '[forgot]' => 1)));
603 $markerArray['###FORGOT_PASSWORD###'] = $this->pi_getLL('ll_forgot_header', '', TRUE);
605 $subpartArray['###FORGOTP_VALID###'] = '';
607 // The permanent login checkbox should only be shown if permalogin is not deactivated (-1),
608 // not forced to be always active (2) and lifetime is greater than 0
610 $this->conf
['showPermaLogin']
611 && GeneralUtility
::inList('0,1', $GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'])
612 && $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'] > 0
614 $markerArray['###PERMALOGIN###'] = $this->pi_getLL('permalogin', '', TRUE);
615 if ($GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'] == 1) {
616 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = 'disabled="disabled"';
617 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = 'checked="checked"';
619 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = '';
620 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = '';
623 $subpartArray['###PERMALOGIN_VALID###'] = '';
625 return $this->cObj
->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
629 * Process redirect methods. The function searches for a redirect url using all configured methods.
631 * @return string Redirect url
633 protected function processRedirect() {
634 $redirect_url = array();
635 if ($this->conf
['redirectMode']) {
636 $redirectMethods = GeneralUtility
::trimExplode(',', $this->conf
['redirectMode'], TRUE);
637 foreach ($redirectMethods as $redirMethod) {
638 if ($GLOBALS['TSFE']->loginUser
&& $this->logintype
=== 'login') {
639 // Logintype is needed because the login-page wouldn't be accessible anymore after a login (would always redirect)
640 switch ($redirMethod) {
642 // taken from dkd_redirect_at_login written by Ingmar Schlecht; database-field changed
643 $groupData = $GLOBALS['TSFE']->fe_user
->groupData
;
644 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
645 'felogin_redirectPid',
646 $GLOBALS['TSFE']->fe_user
->usergroup_table
,
647 'felogin_redirectPid<>\'\' AND uid IN (' . implode(',', $groupData['uid']) . ')'
649 if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_row($res)) {
650 // take the first group with a redirect page
651 $redirect_url[] = $this->pi_getPageLink($row[0]);
655 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
656 'felogin_redirectPid',
657 $GLOBALS['TSFE']->fe_user
->user_table
,
658 $GLOBALS['TSFE']->fe_user
->userid_column
. '=' . $GLOBALS['TSFE']->fe_user
->user
['uid'] . ' AND felogin_redirectPid<>\'\''
660 if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_row($res)) {
661 $redirect_url[] = $this->pi_getPageLink($row[0]);
665 if ($this->conf
['redirectPageLogin']) {
666 $redirect_url[] = $this->pi_getPageLink((int)$this->conf
['redirectPageLogin']);
670 $redirect_url[] = $this->redirectUrl
;
673 // Avoid redirect when logging in after changing password
674 if ($this->piVars
['redirectReferrer'] !== 'off') {
675 // Avoid forced logout, when trying to login immediately after a logout
676 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $this->referer
);
679 case 'refererDomains':
681 // Feature to redirect to the page where the user came from (HTTP_REFERER).
682 // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
683 // Thanks to plan2.net / Martin Kutschker for implementing this feature.
684 // also avoid redirect when logging in after changing password
685 if ($this->conf
['domains'] && $this->piVars
['redirectReferrer'] !== 'off') {
686 $url = $this->referer
;
687 // Is referring url allowed to redirect?
689 if (preg_match('#^http://([[:alnum:]._-]+)/#', $url, $match)) {
690 $redirect_domain = $match[1];
692 foreach (GeneralUtility
::trimExplode(',', $this->conf
['domains'], TRUE) as $d) {
693 if (preg_match('/(^|\\.)/' . $d . '$', $redirect_domain)) {
702 // Avoid forced logout, when trying to login immediately after a logout
704 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url);
709 } elseif ($this->logintype
=== 'login') {
711 switch ($redirMethod) {
713 if ($this->conf
['redirectPageLoginError']) {
714 $redirect_url[] = $this->pi_getPageLink((int)$this->conf
['redirectPageLoginError']);
718 } elseif ($this->logintype
== '' && $redirMethod == 'login' && $this->conf
['redirectPageLogin']) {
719 // If login and page not accessible
720 $this->cObj
->typolink('', array(
721 'parameter' => $this->conf
['redirectPageLogin'],
722 'linkAccessRestrictedPages' => TRUE
724 $redirect_url[] = $this->cObj
->lastTypoLinkUrl
;
725 } elseif ($this->logintype
== '' && $redirMethod == 'logout' && $this->conf
['redirectPageLogout'] && $GLOBALS['TSFE']->loginUser
) {
726 // If logout and page not accessible
727 $redirect_url[] = $this->pi_getPageLink((int)$this->conf
['redirectPageLogout']);
728 } elseif ($this->logintype
=== 'logout') {
730 // Hook for general actions after after logout has been confirmed
731 if ($this->logintype
=== 'logout' && $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed']) {
733 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed'] as $_funcRef) {
735 GeneralUtility
::callUserFunction($_funcRef, $_params, $this);
739 switch ($redirMethod) {
741 if ($this->conf
['redirectPageLogout']) {
742 $redirect_url[] = $this->pi_getPageLink((int)$this->conf
['redirectPageLogout']);
748 // Placeholder for maybe future options
749 switch ($redirMethod) {
751 // Preserve the get/post value
752 $redirect_url[] = $this->redirectUrl
;
758 // Remove empty values
759 if (count($redirect_url)) {
760 return GeneralUtility
::trimExplode(',', implode(',', $redirect_url), TRUE);
767 * Reads flexform configuration and merge it with $this->conf
771 protected function mergeflexFormValuesIntoConf() {
773 if ($this->flexFormValue('showForgotPassword', 'sDEF')) {
774 $flex['showForgotPassword'] = $this->flexFormValue('showForgotPassword', 'sDEF');
776 if ($this->flexFormValue('showPermaLogin', 'sDEF')) {
777 $flex['showPermaLogin'] = $this->flexFormValue('showPermaLogin', 'sDEF');
779 if ($this->flexFormValue('showLogoutFormAfterLogin', 'sDEF')) {
780 $flex['showLogoutFormAfterLogin'] = $this->flexFormValue('showLogoutFormAfterLogin', 'sDEF');
782 if ($this->flexFormValue('pages', 'sDEF')) {
783 $flex['pages'] = $this->flexFormValue('pages', 'sDEF');
785 if ($this->flexFormValue('recursive', 'sDEF')) {
786 $flex['recursive'] = $this->flexFormValue('recursive', 'sDEF');
788 if ($this->flexFormValue('templateFile', 'sDEF')) {
789 $flex['templateFile'] = $this->uploadDir
. $this->flexFormValue('templateFile', 'sDEF');
791 if ($this->flexFormValue('redirectMode', 's_redirect')) {
792 $flex['redirectMode'] = $this->flexFormValue('redirectMode', 's_redirect');
794 if ($this->flexFormValue('redirectFirstMethod', 's_redirect')) {
795 $flex['redirectFirstMethod'] = $this->flexFormValue('redirectFirstMethod', 's_redirect');
797 if ($this->flexFormValue('redirectDisable', 's_redirect')) {
798 $flex['redirectDisable'] = $this->flexFormValue('redirectDisable', 's_redirect');
800 if ($this->flexFormValue('redirectPageLogin', 's_redirect')) {
801 $flex['redirectPageLogin'] = $this->flexFormValue('redirectPageLogin', 's_redirect');
803 if ($this->flexFormValue('redirectPageLoginError', 's_redirect')) {
804 $flex['redirectPageLoginError'] = $this->flexFormValue('redirectPageLoginError', 's_redirect');
806 if ($this->flexFormValue('redirectPageLogout', 's_redirect')) {
807 $flex['redirectPageLogout'] = $this->flexFormValue('redirectPageLogout', 's_redirect');
809 $pid = $flex['pages'] ?
$this->pi_getPidList($flex['pages'], $flex['recursive']) : 0;
811 $flex['storagePid'] = $pid;
813 $this->conf
= array_merge($this->conf
, $flex);
817 * Loads a variable from the flexform
819 * @param string $var Name of variable
820 * @param string $sheet Name of sheet
821 * @return string Value of var
823 protected function flexFormValue($var, $sheet) {
824 return $this->pi_getFFvalue($this->cObj
->data
['pi_flexform'], $var, $sheet);
828 * Generate link with typolink function
830 * @param string $label Linktext
831 * @param array $piVars Link vars
832 * @param boolean $returnUrl TRUE: returns only url FALSE (default) returns the link)
833 * @return string Link or url
835 protected function getPageLink($label, $piVars, $returnUrl = FALSE) {
836 $additionalParams = '';
837 if (count($piVars)) {
838 foreach ($piVars as $key => $val) {
839 $additionalParams .= '&' . $key . '=' . $val;
842 // Should GETvars be preserved?
843 if ($this->conf
['preserveGETvars']) {
844 $additionalParams .= $this->getPreserveGetVars();
846 $this->conf
['linkConfig.']['parameter'] = $GLOBALS['TSFE']->id
;
847 if ($additionalParams) {
848 $this->conf
['linkConfig.']['additionalParams'] = $additionalParams;
851 return htmlspecialchars($this->cObj
->typolink_url($this->conf
['linkConfig.']));
853 return $this->cObj
->typolink($label, $this->conf
['linkConfig.']);
858 * Add additional parameters for links according to TS setting preserveGETvars.
859 * Possible values are "all" or a comma separated list of allowed GET-vars.
860 * Supports multi-dimensional GET-vars.
861 * Some hardcoded values are dropped.
863 * @return string additionalParams-string
865 protected function getPreserveGetVars() {
866 $getVars = GeneralUtility
::_GET();
869 $getVars['no_cache'],
870 $getVars['logintype'],
871 $getVars['redirect_url'],
873 $getVars[$this->prefixId
]
875 if ($this->conf
['preserveGETvars'] === 'all') {
876 $preserveQueryParts = $getVars;
878 $preserveQueryParts = GeneralUtility
::trimExplode(',', $this->conf
['preserveGETvars']);
879 $preserveQueryParts = GeneralUtility
::explodeUrl2Array(implode('=1&', $preserveQueryParts) . '=1', TRUE);
880 $preserveQueryParts = \TYPO3\CMS\Core\Utility\ArrayUtility
::intersectRecursive($getVars, $preserveQueryParts);
882 $parameters = GeneralUtility
::implodeArrayForUrl('', $preserveQueryParts);
887 * Is used by forgot password - function with md5 option.
889 * @author Bernhard Kraft
890 * @param integer $len Length of new password
891 * @return string New password
893 protected function generatePassword($len) {
900 $pass .= chr($char - 10 +
97);
907 * Returns the header / message value from flexform if present, else from locallang.xlf
909 * @param string $label label name
910 * @param string $stdWrapArray TS stdWrap array
911 * @return string label text
913 protected function getDisplayText($label, $stdWrapArray = array()) {
914 $text = $this->flexFormValue($label, 's_messages') ?
$this->cObj
->stdWrap($this->flexFormValue($label, 's_messages'), $stdWrapArray) : $this->cObj
->stdWrap($this->pi_getLL('ll_' . $label, '', TRUE), $stdWrapArray);
915 $replace = $this->getUserFieldMarkers();
916 return strtr($text, $replace);
920 * Returns Array of markers filled with user fields
922 * @return array Marker array
924 protected function getUserFieldMarkers() {
926 // replace markers with fe_user data
927 if ($GLOBALS['TSFE']->fe_user
->user
) {
928 // All fields of fe_user will be replaced, scheme is ###FEUSER_FIELDNAME###
929 foreach ($GLOBALS['TSFE']->fe_user
->user
as $field => $value) {
930 $marker['###FEUSER_' . GeneralUtility
::strtoupper($field) . '###'] = $this->cObj
->stdWrap($value, $this->conf
['userfields.'][$field . '.']);
932 // Add ###USER### for compatibility
933 $marker['###USER###'] = $marker['###FEUSER_USERNAME###'];
939 * Returns a valid and XSS cleaned url for redirect, checked against configuration "allowedRedirectHosts"
942 * @return string cleaned referer or empty string if not valid
944 protected function validateRedirectUrl($url) {
949 $decodedUrl = rawurldecode($url);
950 $sanitizedUrl = GeneralUtility
::removeXSS($decodedUrl);
951 if ($decodedUrl !== $sanitizedUrl ||
preg_match('#["<>\\\\]+#', $url)) {
952 GeneralUtility
::sysLog(sprintf($this->pi_getLL('xssAttackDetected'), $url), 'felogin', GeneralUtility
::SYSLOG_SEVERITY_WARNING
);
956 if ($this->isRelativeUrl($url) ||
$this->isInCurrentDomain($url) ||
$this->isInLocalDomain($url)) {
959 // URL is not allowed
960 GeneralUtility
::sysLog(sprintf($this->pi_getLL('noValidRedirectUrl'), $url), 'felogin', GeneralUtility
::SYSLOG_SEVERITY_WARNING
);
965 * Determines whether the URL is on the current host
966 * and belongs to the current TYPO3 installation.
968 * @param string $url URL to be checked
969 * @return boolean Whether the URL belongs to the current TYPO3 installation
971 protected function isInCurrentDomain($url) {
972 return GeneralUtility
::isOnCurrentHost($url) && GeneralUtility
::isFirstPartOfStr($url, GeneralUtility
::getIndpEnv('TYPO3_SITE_URL'));
976 * Determines whether the URL matches a domain
977 * in the sys_domain database table.
979 * @param string $url Absolute URL which needs to be checked
980 * @return boolean Whether the URL is considered to be local
982 protected function isInLocalDomain($url) {
984 if (GeneralUtility
::isValidUrl($url)) {
985 $parsedUrl = parse_url($url);
986 if ($parsedUrl['scheme'] === 'http' ||
$parsedUrl['scheme'] === 'https') {
987 $host = $parsedUrl['host'];
988 // Removes the last path segment and slash sequences like /// (if given):
989 $path = preg_replace('#/+[^/]*$#', '', $parsedUrl['path']);
990 $localDomains = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('domainName', 'sys_domain', '1=1' . $this->cObj
->enableFields('sys_domain'));
991 if (is_array($localDomains)) {
992 foreach ($localDomains as $localDomain) {
993 // strip trailing slashes (if given)
994 $domainName = rtrim($localDomain['domainName'], '/');
995 if (GeneralUtility
::isFirstPartOfStr($host . $path . '/', $domainName . '/')) {
1007 * Determines whether the URL is relative to the
1008 * current TYPO3 installation.
1010 * @param string $url URL which needs to be checked
1011 * @return boolean Whether the URL is considered to be relative
1013 protected function isRelativeUrl($url) {
1014 $parsedUrl = @parse_url
($url);
1015 if ($parsedUrl !== FALSE && !isset($parsedUrl['scheme']) && !isset($parsedUrl['host'])) {
1016 // If the relative URL starts with a slash, we need to check if it's within the current site path
1017 return $parsedUrl['path'][0] !== '/' || GeneralUtility
::isFirstPartOfStr($parsedUrl['path'], GeneralUtility
::getIndpEnv('TYPO3_SITE_PATH'));