Fixed showpic.php bug.
[Packages/TYPO3.CMS.git] / typo3 / index.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2004 Kasper Skaarhoj (kasper@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Login-screen of TYPO3.
29 *
30 * $Id$
31 * Revised for TYPO3 3.6 December/2003 by Kasper Skaarhoj
32 * XHTML compliant
33 *
34 * @author Kasper Skaarhoj <kasper@typo3.com>
35 */
36 /**
37 * [CLASS/FUNCTION INDEX of SCRIPT]
38 *
39 *
40 *
41 * 87: class SC_index
42 * 120: function init()
43 * 151: function main()
44 * 237: function printContent()
45 *
46 * SECTION: Various functions
47 * 261: function makeLoginForm()
48 * 304: function makeLogoutForm()
49 * 346: function wrapLoginForm($content)
50 * 406: function checkRedirect()
51 * 449: function makeInterfaceSelectorBox()
52 * 503: function makeCopyrightNotice()
53 * 536: function makeLoginBoxImage()
54 * 575: function makeLoginNews()
55 *
56 * TOTAL FUNCTIONS: 11
57 * (This index is automatically created/updated by the extension "extdeveval")
58 *
59 */
60
61
62 define('TYPO3_PROCEED_IF_NO_USER', 1);
63 require ('init.php');
64 require ('template.php');
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80 /**
81 * Script Class for rendering the login form
82 *
83 * @author Kasper Skaarhoj <kasper@typo3.com>
84 * @package TYPO3
85 * @subpackage core
86 */
87 class SC_index {
88
89 // Internal, GPvars:
90 var $redirect_url; // GPvar: redirect_url; The URL to redirect to after login.
91 var $GPinterface; // GPvar: Defines which interface to load (from interface selector)
92 var $u; // GPvar: preset username
93 var $p; // GPvar: preset password
94 var $L; // GPvar: If "L" is "OUT", then any logged in used is logged out. If redirect_url is given, we redirect to it
95 var $loginRefresh; // Login-refresh boolean; The backend will call this script with this value set when the login is close to being expired and the form needs to be redrawn.
96 var $commandLI; // Value of forms submit button for login.
97
98 // Internal, static:
99 var $redirectToURL; // Set to the redirect URL of the form (may be redirect_url or "alt_main.php")
100 var $L_vars; // Set to the labels used for the login screen.
101
102 // Internal, dynamic:
103 var $content; // Content accumulation
104
105 var $interfaceSelector; // A selector box for selecting value for "interface" may be rendered into this variable
106 var $interfaceSelector_jump; // A selector box for selecting value for "interface" may be rendered into this variable - this will have an onchange action which will redirect the user to the selected interface right away
107 var $interfaceSelector_hidden; // A hidden field, if the interface is not set.
108
109
110
111
112
113
114 /**
115 * Initialize the login box. Will also react on a &L=OUT flag and exit.
116 *
117 * @return void
118 */
119 function init() {
120 global $BE_USER,$TYPO3_CONF_VARS;
121
122 // GPvars:
123 $this->redirect_url = t3lib_div::_GP('redirect_url');
124 $this->GPinterface = t3lib_div::_GP('interface');
125 $this->u = t3lib_div::_GP('u'); // preset username
126 $this->p = t3lib_div::_GP('p'); // preset password
127 $this->L = t3lib_div::_GP('L'); // If "L" is "OUT", then any logged in used is logged out. If redirect_url is given, we redirect to it
128 $this->loginRefresh = t3lib_div::_GP('loginRefresh'); // Login
129 $this->commandLI = t3lib_div::_GP('commandLI'); // Value of "Login" button. If set, the login button was pressed.
130
131 // Getting login labels:
132 $this->L_vars = explode('|',$TYPO3_CONF_VARS['BE']['loginLabels']);
133
134 // Setting the redirect URL to "alt_main.php" if no alternative input is given:
135 $this->redirectToURL = $this->redirect_url ? $this->redirect_url : 'alt_main.php';
136
137 // Logout?
138 if ($this->L=='OUT' && is_object($BE_USER)) {
139 $BE_USER->logoff();
140 if ($this->redirect_url) header('Location: '.t3lib_div::locationHeaderUrl($this->redirect_url));
141 exit;
142 }
143 }
144
145 /**
146 * Main function - creating the login/logout form
147 *
148 * @return void
149 */
150 function main() {
151 global $TBE_TEMPLATE, $TYPO3_CONF_VARS, $BE_USER;
152
153 // Initialize template object:
154 $TBE_TEMPLATE->docType='xhtml_trans';
155
156 // Set JavaScript for creating a MD5 hash of the password:
157 $TBE_TEMPLATE->JScode.='
158 <script type="text/javascript" src="md5.js"></script>
159 '.$TBE_TEMPLATE->wrapScriptTags('
160 function doChallengeResponse() { //
161 password = document.loginform.p_field.value;
162 if (password) {
163 password = MD5(password); // this makes it superchallenged!!
164 str = document.loginform.username.value+":"+password+":"+document.loginform.challenge.value;
165 document.loginform.userident.value = MD5(str);
166 document.loginform.p_field.value = "";
167 return true;
168 }
169 }
170 ');
171
172
173 // Checking, if we should make a redirect.
174 // Might set JavaScript in the header to close window.
175 $this->checkRedirect();
176
177 // Initialize interface selectors:
178 $this->makeInterfaceSelectorBox();
179
180 // Creating form based on whether there is a login or not:
181 if (!$BE_USER->user['uid']) {
182 $TBE_TEMPLATE->form = '
183 <form action="index.php" method="post" name="loginform" onsubmit="doChallengeResponse();">
184 <input type="hidden" name="login_status" value="login" />
185 ';
186 $loginForm = $this->makeLoginForm();
187 } else {
188 $TBE_TEMPLATE->form = '
189 <form action="index.php" method="post" name="loginform">
190 <input type="hidden" name="login_status" value="logout" />
191 ';
192 $loginForm = $this->makeLogoutForm();
193 }
194
195
196 // Starting page:
197 $this->content.=$TBE_TEMPLATE->startPage('TYPO3 Login: '.$TYPO3_CONF_VARS['SYS']['sitename']);
198
199 // Add login form:
200 $this->content.=$this->wrapLoginForm($loginForm);
201
202 // Ending form:
203 $this->content.= '
204 <input type="hidden" name="userident" value="" />
205 <input type="hidden" name="challenge" value="'.md5(uniqid('')).'" />
206 <input type="hidden" name="redirect_url" value="'.htmlspecialchars($this->redirectToURL).'" />
207 <input type="hidden" name="loginRefresh" value="'.htmlspecialchars($this->loginRefresh).'" />
208 '.$this->interfaceSelector_hidden.'
209 ';
210
211 // This moves focus to the right input field:
212 $this->content.=$TBE_TEMPLATE->wrapScriptTags('
213
214 // If the login screen is shown in the login_frameset window for re-login, then try to get the username of the current/former login from opening windows main frame:
215 if (parent.opener && parent.opener.TS && parent.opener.TS.username && document.loginform && document.loginform.username) {
216 document.loginform.username.value = parent.opener.TS.username;
217 }
218
219 // If for some reason there already is a username in the username for field, move focus to the password field:
220 if (document.loginform.username && document.loginform.username.value == "") {
221 document.loginform.username.focus();
222 } else if (document.loginform.p_field && document.loginform.p_field.type!="hidden") {
223 document.loginform.p_field.focus();
224 }
225 ');
226
227 // End page:
228 $this->content.=$TBE_TEMPLATE->endPage();
229 }
230
231 /**
232 * Outputting the accumulated content to screen
233 *
234 * @return void
235 */
236 function printContent() {
237
238 echo $this->content;
239 }
240
241
242
243
244
245
246
247
248 /*****************************
249 *
250 * Various functions
251 *
252 ******************************/
253
254 /**
255 * Creates the login form
256 * This is drawn when NO login exists.
257 *
258 * @return string HTML output
259 */
260 function makeLoginForm() {
261
262 $content.='
263
264 <!--
265 Login form:
266 -->
267 <table cellspacing="0" cellpadding="0" border="0" id="logintable">
268 <tr>
269 <td colspan="2"><h2>'.htmlspecialchars($this->L_vars[6]).'</h2></td>
270 </tr>
271 <tr class="c-username">
272 <td><p class="c-username">'.htmlspecialchars($this->L_vars[0]).':</p></td>
273 <td><input type="text" name="username" value="'.htmlspecialchars($this->u).'" class="c-username" /></td>
274 </tr>
275 <tr class="c-password">
276 <td><p class="c-password">'.htmlspecialchars($this->L_vars[1]).':</p></td>
277 <td><input type="password" name="p_field" value="'.htmlspecialchars($this->p).'" class="c-password" /></td>
278 </tr>'.($this->interfaceSelector && !$this->loginRefresh ? '
279 <tr class="c-interfaceselector">
280 <td><p class="c-interfaceselector">'.htmlspecialchars($this->L_vars[2]).':</p></td>
281 <td>'.$this->interfaceSelector.'</td>
282 </tr>' : '' ).'
283 <tr class="c-submit">
284 <td></td>
285 <td><input type="submit" name="commandLI" value="'.htmlspecialchars($this->L_vars[3]).'" class="c-submit" /></td>
286 </tr>
287 <tr class="c-info">
288 <td></td>
289 <td><p class="c-info">'.htmlspecialchars($this->L_vars[7]).'</p></td>
290 </tr>
291 </table>';
292
293 // Return content:
294 return $content;
295 }
296
297 /**
298 * Creates the logout form
299 * This is drawn if a user login already exists.
300 *
301 * @return string HTML output
302 */
303 function makeLogoutForm() {
304 global $BE_USER;
305
306
307 $content.='
308
309 <!--
310 Login form:
311 -->
312 <table cellspacing="0" cellpadding="0" border="0" id="logintable">
313 <tr>
314 <td></td>
315 <td><h2>'.htmlspecialchars($this->L_vars[6]).'</h2></td>
316 </tr>
317 <tr class="c-username">
318 <td><p class="c-username">'.htmlspecialchars($this->L_vars[0]).':</p></td>
319 <td><p class="c-username-current">'.htmlspecialchars($BE_USER->user['username']).'</p></td>
320 </tr>'.($this->interfaceSelector_jump ? '
321 <tr class="c-interfaceselector">
322 <td><p class="c-interfaceselector">'.htmlspecialchars($this->L_vars[2]).':</p></td>
323 <td>'.$this->interfaceSelector_jump.'</td>
324 </tr>' : '' ).'
325 <tr class="c-submit">
326 <td><input type="hidden" name="p_field" value="" /></td>
327 <td><input type="submit" name="commandLO" value="'.htmlspecialchars($this->L_vars[4]).'" class="c-submit" /></td>
328 </tr>
329 <tr class="c-info">
330 <td></td>
331 <td><p class="c-info">'.htmlspecialchars($this->L_vars[7]).'</p></td>
332 </tr>
333 </table>';
334
335 // Return content:
336 return $content;
337 }
338
339 /**
340 * Wrapping the login form table in another set of tables etc:
341 *
342 * @param string HTML content for the login form
343 * @return string The HTML for the page.
344 */
345 function wrapLoginForm($content) {
346
347 // Logo:
348 $logo = $GLOBALS['TBE_STYLES']['logo_login'] ?
349 '<img src="'.htmlspecialchars($GLOBALS['BACK_PATH'].$GLOBALS['TBE_STYLES']['logo_login']).'" alt="" />' :
350 '<img'.t3lib_iconWorks::skinImg($GLOBALS['BACK_PATH'],'gfx/typo3logo.gif','width="333" height="43"').' alt="" />';
351
352 // Login box image:
353 $loginboxImage = $this->makeLoginBoxImage();
354
355 // Compile the page content:
356 $content='
357
358 <!--
359 Wrapper table for the login form:
360 -->
361 <table cellspacing="0" cellpadding="0" border="0" id="wrapper">
362 <tr>
363 <td class="c-wrappercell" align="center">
364
365 <!--
366 Login form image:
367 -->
368 <div id="loginimage">
369 '.$logo.'
370 </div>
371
372 <!--
373 Login form wrapper:
374 -->
375 <table cellspacing="0" cellpadding="0" border="0" id="loginwrapper">
376 <tr>
377 <td>'.$loginboxImage.'</td>
378 <td>
379 '.$content.'
380 </td>
381 </tr>
382 </table>
383
384 <!--
385 Copy right notice:
386 -->
387 <div id="copyrightnotice">
388 '.$this->makeCopyrightNotice().'
389 </div>
390
391 '.$this->makeLoginNews().'
392 </td>
393 </tr>
394 </table>';
395
396 // Return content:
397 return $content;
398 }
399
400 /**
401 * Checking, if we should perform some sort of redirection OR closing of windows.
402 *
403 * @return void
404 */
405 function checkRedirect() {
406 global $BE_USER,$TBE_TEMPLATE;
407
408 // Do redirect:
409 // If a user is logged in AND a) if either the login is just done (commandLI) or b) a loginRefresh is done or c) the interface-selector is NOT enabled (If it is on the other hand, it should not just load an interface, because people has to choose then...)
410 if ($BE_USER->user['uid'] && ($this->commandLI || $this->loginRefresh || !$this->interfaceSelector)) {
411
412 // If no cookie has been set previously we tell people that this is a problem. This assumes that a cookie-setting script (like this one) has been hit at least once prior to this instance.
413 if (!$GLOBALS['HTTP_COOKIE_VARS'][$BE_USER->name]) {
414 t3lib_BEfunc::typo3PrintError ('Login-error',"Yeah, that's a classic. No cookies, no TYPO3.<br /><br />Please accept cookies from TYPO3 - otherwise you'll not be able to use the system.",0);
415 exit;
416 }
417
418 // Based on specific setting of interface we set the redirect script:
419 switch ($this->GPinterface) {
420 case 'backend':
421 $this->redirectToURL = 'alt_main.php';
422 break;
423 case 'frontend':
424 $this->redirectToURL = '../';
425 break;
426 }
427
428 // If there is a redirect URL AND if loginRefresh is not set...
429 if (!$this->loginRefresh) {
430 header('Location: '.t3lib_div::locationHeaderUrl($this->redirectToURL));
431 exit;
432 } else {
433 $TBE_TEMPLATE->JScode.=$TBE_TEMPLATE->wrapScriptTags('
434 if (parent.opener && parent.opener.busy) {
435 parent.opener.busy.loginRefreshed();
436 parent.close();
437 }
438 ');
439 }
440 }
441 }
442
443 /**
444 * Making interface selector:
445 *
446 * @return void
447 */
448 function makeInterfaceSelectorBox() {
449 global $TYPO3_CONF_VARS;
450
451 // Reset variables:
452 $this->interfaceSelector = '';
453 $this->interfaceSelector_hidden='';
454 $this->interfaceSelector_jump = '';
455 #debug($this->redirect_url);
456 // If interfaces are defined AND no input redirect URL in GET vars:
457 if ($TYPO3_CONF_VARS['BE']['interfaces'] && !$this->redirect_url) {
458 $parts = t3lib_div::trimExplode(',',$TYPO3_CONF_VARS['BE']['interfaces']);
459 if (count($parts)>1) { // Only if more than one interface is defined will we show the selector:
460
461 // Initialize:
462 $tempLabels=explode(',',$this->L_vars[5]);
463 $labels=array();
464 $labels['backend']=$tempLabels[0];
465 $labels['frontend']=$tempLabels[1];
466
467 $jumpScript=array();
468 $jumpScript['backend']='alt_main.php';
469 $jumpScript['frontend']='../';
470
471 // Traverse the interface keys:
472 foreach($parts as $valueStr) {
473 $this->interfaceSelector.='
474 <option value="'.htmlspecialchars($valueStr).'">'.htmlspecialchars($labels[$valueStr]).'</option>';
475 $this->interfaceSelector_jump.='
476 <option value="'.htmlspecialchars($jumpScript[$valueStr]).'">'.htmlspecialchars($labels[$valueStr]).'</option>';
477 }
478 $this->interfaceSelector='
479 <select name="interface" class="c-interfaceselector">'.$this->interfaceSelector.'
480 </select>';
481 $this->interfaceSelector_jump='
482 <select name="interface" class="c-interfaceselector" onchange="document.location=this.options[this.selectedIndex].value;">'.$this->interfaceSelector_jump.'
483 </select>';
484
485 } else { // If there is only ONE interface value set:
486
487 $this->interfaceSelector_hidden='<input type="hidden" name="interface" value="'.trim($TYPO3_CONF_VARS['BE']['interfaces']).'" />';
488 }
489 }
490 }
491
492 /**
493 * COPYRIGHT notice
494 *
495 * Warning:
496 * DO NOT prevent this notice from being shown in ANY WAY.
497 * According to the GPL license an interactive application must show such a notice on start-up ('If the program is interactive, make it output a short notice... ' - see GPL.txt)
498 * Therefore preventing this notice from being properly shown is a violation of the license, regardless of whether you remove it or use a stylesheet to obstruct the display.
499 *
500 * @return string Text/Image (HTML) for copyright notice.
501 */
502 function makeCopyrightNotice() {
503
504 // Get values from TYPO3_CONF_VARS:
505 $loginCopyrightWarrantyProvider = strip_tags(trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['loginCopyrightWarrantyProvider']));
506 $loginCopyrightWarrantyURL = strip_tags(trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['loginCopyrightWarrantyURL']));
507
508 // Make warranty note:
509 if (strlen($loginCopyrightWarrantyProvider)>=2 && strlen($loginCopyrightWarrantyURL)>=10) {
510 $warrantyNote='Warranty is supplied by '.htmlspecialchars($loginCopyrightWarrantyProvider).'; <a href="'.htmlspecialchars($loginCopyrightWarrantyURL).'" target="_blank">click for details.</a>';
511 } else {
512 $warrantyNote='TYPO3 comes with ABSOLUTELY NO WARRANTY; <a href="http://typo3.com/1316.0.html" target="_blank">click for details.</a>';
513 }
514
515 // Compile full copyright notice:
516 $copyrightNotice = '<a href="http://typo3.com/" target="_blank">'.
517 '<img src="gfx/loginlogo_transp.gif" width="75" height="19" alt="TYPO3 logo" align="left" />'.
518 'TYPO3 CMS'.($GLOBALS['TYPO3_CONF_VARS']['SYS']['loginCopyrightShowVersion']?' ver. '.htmlspecialchars($GLOBALS['TYPO_VERSION']):'').
519 '</a>. '.
520 'Copyright &copy; 1998-2004 Kasper Sk&#229;rh&#248;j. Extensions are copyright of their respective owners. '.
521 'Go to <a href="http://typo3.com/" target="_blank">http://typo3.com/</a> for details. '.
522 $warrantyNote.' '.
523 'This is free software, and you are welcome to redistribute it under certain conditions; <a href="http://typo3.com/1316.0.html" target="_blank">click for details</a>. '.
524 'Obstructing the appearance of this notice is prohibited by law.';
525
526 // Return notice:
527 return $copyrightNotice;
528 }
529
530 /**
531 * Returns the login box image, whether the default or an image from the rotation folder.
532 *
533 * @return string HTML image tag.
534 */
535 function makeLoginBoxImage() {
536 $loginboxImage = '';
537 if ($GLOBALS['TBE_STYLES']['loginBoxImage_rotationFolder']) { // Look for rotation image folder:
538 $absPath = t3lib_div::resolveBackPath(PATH_typo3.$GLOBALS['TBE_STYLES']['loginBoxImage_rotationFolder']);
539
540 // Get rotation folder:
541 $dir = t3lib_div::getFileAbsFileName($absPath);
542 if ($dir && @is_dir($dir)) {
543
544 // Get files for rotation into array:
545 $files = t3lib_div::getFilesInDir($dir,'png,jpg,gif');
546
547 // Pick random file:
548 srand((float) microtime() * 10000000);
549 $randImg = array_rand($files, 1);
550
551 // Get size of random file:
552 $imgSize = @getimagesize($dir.$files[$randImg]);
553
554 // Create image tag:
555 if (is_array($imgSize)) {
556 $loginboxImage = '<img src="'.htmlspecialchars($GLOBALS['TBE_STYLES']['loginBoxImage_rotationFolder'].$files[$randImg]).'" '.$imgSize[3].' id="loginbox-image" alt="" />';
557 }
558 }
559 } else { // If no rotation folder configured, print default image:
560 $imagecopy = 'Photo: &copy; 2004 Kasper Sk&#229;rh&#248;j'; // Directly outputted in image attributes...
561 $loginboxImage = '<img'.t3lib_iconWorks::skinImg($GLOBALS['BACK_PATH'],'gfx/loginbox_image_360rc2.jpg','width="200" height="133"').' id="loginbox-image" alt="'.$imagecopy.'" title="'.$imagecopy.'" />';
562 }
563
564 // Return image tag:
565 return $loginboxImage;
566 }
567
568 /**
569 * Make login news - renders the HTML content for a list of news shown under the login form. News data is added through $TYPO3_CONF_VARS
570 *
571 * @return string HTML content
572 * @credits Idea by Jan-Hendrik Heuing
573 */
574 function makeLoginNews() {
575
576 // Reset output variable:
577 $newsContent= '';
578
579 // Traverse news array IF there are records in it:
580 if (is_array($GLOBALS['TYPO3_CONF_VARS']['BE']['loginNews']) && count($GLOBALS['TYPO3_CONF_VARS']['BE']['loginNews'])) {
581 foreach($GLOBALS['TYPO3_CONF_VARS']['BE']['loginNews'] as $newsItem) {
582 $newsContent.='
583 <tr>
584 <td class="c-date">'.htmlspecialchars($newsItem['date']).'</td>
585 <td class="c-header">'.htmlspecialchars($newsItem['header']).'</td>
586 </tr>
587 <tr>
588 <td></td>
589 <td class="c-content">'.trim($newsItem['content']).'</td>
590 </tr>
591 <tr class="c-spacer">
592 <td colspan="2"></td>
593 </tr>
594 ';
595 }
596
597 // Wrap in a table:
598 $newsContent= '
599
600 <!--
601 Login screen news:
602 -->
603 <div id="loginNews">
604 <h2>'.htmlspecialchars($this->L_vars[8]).'</h2>
605 <table border="0" cellpadding="0" cellspacing="0">
606 '.$newsContent.'
607 </table>
608 </div>
609 ';
610 }
611
612 // Return content:
613 return $newsContent;
614 }
615 }
616
617 // Include extension?
618 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/index.php']) {
619 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/index.php']);
620 }
621
622
623
624
625
626
627
628
629
630
631 // Make instance:
632 $SOBE = t3lib_div::makeInstance('SC_index');
633 $SOBE->init();
634 $SOBE->main();
635 $SOBE->printContent();
636 ?>