Fixed bug #17305: Login/ Logout was not possible after introducing the locking in...
[Packages/TYPO3.CMS.git] / typo3 / classes / class.ajaxlogin.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2008-2011 Christoph Koehler (christoph@webempoweredchurch.org)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * This is the ajax handler for backend login after timeout.
29 *
30 * @author Christoph Koehler <christoph@webempoweredchurch.org>
31 */
32 class AjaxLogin {
33
34 /**
35 * Handles the actual login process, more specifically it defines the response.
36 * The login details were sent in as part of the ajax request and automatically logged in
37 * the user inside the init.php part of the ajax call. If that was successful, we have
38 * a BE user and reset the timer and hide the login window.
39 * If it was unsuccessful, we display that and show the login box again.
40 *
41 * @param array $parameters: Parameters (not used)
42 * @param TYPO3AJAX $ajaxObj: The calling parent AJAX object
43 * @return void
44 */
45 public function login(array $parameters, TYPO3AJAX $ajaxObj) {
46 if ($GLOBALS['BE_USER']->user['uid']) {
47 $formprotection = t3lib_formprotection_Factory::get();
48 $token = $formprotection->generateToken('extDirect');
49
50 $json = array(
51 'success' => TRUE,
52 'token' => $token
53 );
54 } else {
55 $json = array('success' => FALSE);
56 }
57 $ajaxObj->addContent('login', $json);
58 $ajaxObj->setContentFormat('json');
59 }
60
61 /**
62 * Logs out the current BE user
63 *
64 * @param array $parameters: Parameters (not used)
65 * @param TYPO3AJAX $ajaxObj: The calling parent AJAX object
66 * @return void
67 */
68 public function logout(array $parameters, TYPO3AJAX $ajaxObj) {
69 $GLOBALS['BE_USER']->logoff();
70 if($GLOBALS['BE_USER']->user['uid']) {
71 $ajaxObj->addContent('logout', array('success' => FALSE));
72 } else {
73 $ajaxObj->addContent('logout', array('success' => TRUE));
74 }
75 $ajaxObj->setContentFormat('json');
76 }
77
78 /**
79 * Refreshes the login without needing login information. We just refresh the session.
80 *
81 *
82 * @param array $parameters: Parameters (not used)
83 * @param TYPO3AJAX $ajaxObj: The calling parent AJAX object
84 * @return void
85 */
86 public function refreshLogin(array $parameters, TYPO3AJAX $ajaxObj) {
87 $GLOBALS['BE_USER']->checkAuthentication();
88 $ajaxObj->addContent('refresh', array('success' => TRUE));
89 $ajaxObj->setContentFormat('json');
90 }
91
92
93 /**
94 * Checks if the user session is expired yet
95 *
96 * @param array $parameters: Parameters (not used)
97 * @param TYPO3AJAX $ajaxObj: The calling parent AJAX object
98 * @return void
99 */
100 function isTimedOut(array $parameters, TYPO3AJAX $ajaxObj) {
101 if(is_object($GLOBALS['BE_USER'])) {
102 $ajaxObj->setContentFormat('json');
103 if (@is_file(PATH_typo3conf.'LOCK_BACKEND')) {
104 $ajaxObj->addContent('login', array('timed_out' => FALSE, 'locked' => TRUE));
105 $ajaxObj->setContentFormat('json');
106 } else {
107 $GLOBALS['BE_USER']->fetchUserSession(TRUE);
108 $ses_tstamp = $GLOBALS['BE_USER']->user['ses_tstamp'];
109 $timeout = $GLOBALS['BE_USER']->auth_timeout_field;
110
111 // if 120 seconds from now is later than the session timeout, we need to show the refresh dialog.
112 // 120 is somewhat arbitrary to allow for a little room during the countdown and load times, etc.
113 if ($GLOBALS['EXEC_TIME'] >= $ses_tstamp + $timeout - 120) {
114 $ajaxObj->addContent('login', array('timed_out' => TRUE));
115 } else {
116 $ajaxObj->addContent('login', array('timed_out' => FALSE));
117 }
118 }
119 } else {
120 $ajaxObj->addContent('login', array('success' => FALSE, 'error' => 'No BE_USER object'));
121 }
122 }
123
124 /**
125 * Gets a MD5 challenge.
126 *
127 * @param array $parameters: Parameters (not used)
128 * @param TYPO3AJAX $parent: The calling parent AJAX object
129 * @return void
130 */
131 public function getChallenge(array $parameters, TYPO3AJAX $parent) {
132 session_start();
133
134 $_SESSION['login_challenge'] = md5(uniqid('') . getmypid());
135
136 session_commit();
137
138 $parent->addContent('challenge', $_SESSION['login_challenge']);
139 $parent->setContentFormat('json');
140 }
141 }
142
143 if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php'])) {
144 include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php']);
145 }
146
147 ?>