* Fixed bug #7729: Login screen needs to be XCLASSable
[Packages/TYPO3.CMS.git] / typo3 / index.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2008 Kasper Skaarhoj (kasperYYYY@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Login-screen of TYPO3.
29 *
30 * $Id$
31 * Revised for TYPO3 3.6 December/2003 by Kasper Skaarhoj
32 * XHTML compliant
33 *
34 * @author Kasper Skaarhoj <kasperYYYY@typo3.com>
35 */
36 /**
37 * [CLASS/FUNCTION INDEX of SCRIPT]
38 *
39 *
40 *
41 * 87: class SC_index
42 * 120: function init()
43 * 159: function main()
44 * 268: function printContent()
45 *
46 * SECTION: Various functions
47 * 292: function makeLoginForm()
48 * 337: function makeLogoutForm()
49 * 379: function wrapLoginForm($content)
50 * 438: function checkRedirect()
51 * 495: function makeInterfaceSelectorBox()
52 * 549: function makeCopyrightNotice()
53 * 582: function makeLoginBoxImage()
54 * 622: function makeLoginNews()
55 *
56 * TOTAL FUNCTIONS: 11
57 * (This index is automatically created/updated by the extension "extdeveval")
58 *
59 */
60
61
62 define('TYPO3_PROCEED_IF_NO_USER', 1);
63 require ('init.php');
64 require ('template.php');
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80 /**
81 * Script Class for rendering the login form
82 *
83 * @author Kasper Skaarhoj <kasperYYYY@typo3.com>
84 * @package TYPO3
85 * @subpackage core
86 */
87 class SC_index {
88
89 // Internal, GPvars:
90 var $redirect_url; // GPvar: redirect_url; The URL to redirect to after login.
91 var $GPinterface; // GPvar: Defines which interface to load (from interface selector)
92 var $u; // GPvar: preset username
93 var $p; // GPvar: preset password
94 var $L; // GPvar: If "L" is "OUT", then any logged in used is logged out. If redirect_url is given, we redirect to it
95 var $loginRefresh; // Login-refresh boolean; The backend will call this script with this value set when the login is close to being expired and the form needs to be redrawn.
96 var $commandLI; // Value of forms submit button for login.
97
98 // Internal, static:
99 var $redirectToURL; // Set to the redirect URL of the form (may be redirect_url or "backend.php")
100 var $L_vars; // Set to the labels used for the login screen.
101
102 // Internal, dynamic:
103 var $content; // Content accumulation
104
105 var $interfaceSelector; // A selector box for selecting value for "interface" may be rendered into this variable
106 var $interfaceSelector_jump; // A selector box for selecting value for "interface" may be rendered into this variable - this will have an onchange action which will redirect the user to the selected interface right away
107 var $interfaceSelector_hidden; // A hidden field, if the interface is not set.
108 var $addFields_hidden = ''; // Additional hidden fields to be placed at the login form
109
110 // sets the level of security. *'normal' = clear-text. 'challenged' = hashed password/username from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username.
111 var $loginSecurityLevel = 'superchallenged';
112
113
114
115
116 /**
117 * Initialize the login box. Will also react on a &L=OUT flag and exit.
118 *
119 * @return void
120 */
121 function init() {
122 global $BE_USER,$TYPO3_CONF_VARS;
123
124 // GPvars:
125 $this->redirect_url = t3lib_div::_GP('redirect_url');
126 $this->GPinterface = t3lib_div::_GP('interface');
127
128 if(t3lib_div::getIndpEnv('TYPO3_SSL')) { // For security reasons this feature only works if SSL is used
129 $this->u = t3lib_div::_GP('u'); // preset username
130 $this->p = t3lib_div::_GP('p'); // preset password
131 }
132 $this->L = t3lib_div::_GP('L'); // If "L" is "OUT", then any logged in used is logged out. If redirect_url is given, we redirect to it
133 $this->loginRefresh = t3lib_div::_GP('loginRefresh'); // Login
134 $this->commandLI = t3lib_div::_GP('commandLI'); // Value of "Login" button. If set, the login button was pressed.
135
136 // sets the level of security from conf vars
137 if ($TYPO3_CONF_VARS['BE']['loginSecurityLevel']) {
138 $this->loginSecurityLevel = $TYPO3_CONF_VARS['BE']['loginSecurityLevel'];
139 }
140
141 // Getting login labels:
142 $this->L_vars = explode('|',$TYPO3_CONF_VARS['BE']['loginLabels']);
143
144 // Setting the redirect URL to "backend.php" if no alternative input is given:
145 $this->redirectToURL = $this->redirect_url ? $this->redirect_url : 'backend.php';
146
147 // Logout?
148 if ($this->L=='OUT' && is_object($BE_USER)) {
149 $BE_USER->logoff();
150 if ($this->redirect_url) header('Location: '.t3lib_div::locationHeaderUrl($this->redirect_url));
151 exit;
152 }
153 }
154
155 /**
156 * Main function - creating the login/logout form
157 *
158 * @return void
159 */
160 function main() {
161 global $TBE_TEMPLATE, $TYPO3_CONF_VARS, $BE_USER;
162
163 // Initialize template object:
164 $TBE_TEMPLATE->docType='xhtml_trans';
165 $TBE_TEMPLATE->bodyTagAdditions = ' onload="startUp();"';
166
167 // Set JavaScript for creating a MD5 hash of the password:
168 $TBE_TEMPLATE->JScode.= $this->getJScode();
169
170 // Checking, if we should make a redirect.
171 // Might set JavaScript in the header to close window.
172 $this->checkRedirect();
173
174 // Initialize interface selectors:
175 $this->makeInterfaceSelectorBox();
176
177 // Replace an optional marker in the "Administration Login" label
178 $this->L_vars[6] = str_replace("###SITENAME###",$TYPO3_CONF_VARS['SYS']['sitename'],$this->L_vars[6]);
179
180 // Creating form based on whether there is a login or not:
181 if (!$BE_USER->user['uid']) {
182 $TBE_TEMPLATE->form = $this->startForm();
183 $loginForm = $this->makeLoginForm();
184 } else {
185 $TBE_TEMPLATE->form = '
186 <form action="index.php" method="post" name="loginform">
187 <input type="hidden" name="login_status" value="logout" />
188 ';
189 $loginForm = $this->makeLogoutForm();
190 }
191
192 // Starting page:
193 $this->content.=$TBE_TEMPLATE->startPage('TYPO3 Login: '.$TYPO3_CONF_VARS['SYS']['sitename']);
194
195 // Add login form:
196 $this->content.=$this->wrapLoginForm($loginForm);
197
198 // Create a random challenge string
199 $challenge = $this->getChallenge();
200
201 // Save challenge value in session data (thanks to Bernhard Kraft for providing code):
202 session_start();
203 $_SESSION['login_challenge'] = $challenge;
204
205 // Add hidden fields:
206 $this->content.= $this->getHiddenFields($challenge);
207
208 // End page:
209 $this->content.=$TBE_TEMPLATE->endPage();
210 }
211
212 /**
213 * Outputting the accumulated content to screen
214 *
215 * @return void
216 */
217 function printContent() {
218 echo $this->content;
219 }
220
221
222
223
224
225
226
227
228 /*****************************
229 *
230 * Various functions
231 *
232 ******************************/
233
234 /**
235 * Creates the login form
236 * This is drawn when NO login exists.
237 *
238 * @return string HTML output
239 */
240 function makeLoginForm() {
241
242 // There must be no white-spaces outside of the tags (needed for buggy IE)
243 $content.= '<!--
244 Login form:
245 --><table cellspacing="0" cellpadding="0" border="0" id="logintable">
246 <tr>
247 <td colspan="2"><h2>'.htmlspecialchars($this->L_vars[6]).'</h2></td>
248 </tr>'.($this->commandLI ? '
249 <tr class="c-wrong">
250 <td colspan="2"><p class="c-wrong">'.htmlspecialchars($this->L_vars[9]).'</p></td>
251 </tr>' : '').'
252 <tr class="c-username">
253 <td><p class="c-username">'.htmlspecialchars($this->L_vars[0]).':</p></td>
254 <td><input type="text" name="username" value="'.htmlspecialchars($this->u).'" class="c-username" /></td>
255 </tr>
256 <tr class="c-password">
257 <td><p class="c-password">'.htmlspecialchars($this->L_vars[1]).':</p></td>
258 <td><input type="password" name="p_field" value="'.htmlspecialchars($this->p).'" class="c-password" /></td>
259 </tr>'.($this->interfaceSelector && !$this->loginRefresh ? '
260 <tr class="c-interfaceselector">
261 <td><p class="c-interfaceselector">'.htmlspecialchars($this->L_vars[2]).':</p></td>
262 <td>'.$this->interfaceSelector.'</td>
263 </tr>' : '' ).'
264 <tr class="c-submit">
265 <td></td>
266 <td><input type="submit" name="commandLI" value="'.htmlspecialchars($this->L_vars[3]).'" class="c-submit" /></td>
267 </tr>
268 <tr class="c-info">
269 <td colspan="2"><p class="c-info">'.htmlspecialchars($this->L_vars[7]).'</p></td>
270 </tr>
271 </table>';
272
273 // Return content:
274 return $content;
275 }
276
277 /**
278 * Creates the logout form
279 * This is drawn if a user login already exists.
280 *
281 * @return string HTML output
282 */
283 function makeLogoutForm() {
284 global $BE_USER;
285
286 $content.= '
287
288 <!--
289 Login form:
290 -->
291 <table cellspacing="0" cellpadding="0" border="0" id="logintable">
292 <tr>
293 <td></td>
294 <td><h2>'.htmlspecialchars($this->L_vars[6]).'</h2></td>
295 </tr>
296 <tr class="c-username">
297 <td><p class="c-username">'.htmlspecialchars($this->L_vars[0]).':</p></td>
298 <td><p class="c-username-current">'.htmlspecialchars($BE_USER->user['username']).'</p></td>
299 </tr>'.($this->interfaceSelector_jump ? '
300 <tr class="c-interfaceselector">
301 <td><p class="c-interfaceselector">'.htmlspecialchars($this->L_vars[2]).':</p></td>
302 <td>'.$this->interfaceSelector_jump.'</td>
303 </tr>' : '' ).'
304 <tr class="c-submit">
305 <td><input type="hidden" name="p_field" value="" /></td>
306 <td><input type="submit" name="commandLO" value="'.htmlspecialchars($this->L_vars[4]).'" class="c-submit" /></td>
307 </tr>
308 <tr class="c-info">
309 <td></td>
310 <td><p class="c-info">'.htmlspecialchars($this->L_vars[7]).'</p></td>
311 </tr>
312 </table>';
313
314 // Return content:
315 return $content;
316 }
317
318 /**
319 * Wrapping the login form table in another set of tables etc:
320 *
321 * @param string HTML content for the login form
322 * @return string The HTML for the page.
323 */
324 function wrapLoginForm($content) {
325
326 // Logo:
327 $logo = $GLOBALS['TBE_STYLES']['logo_login'] ?
328 '<img src="'.htmlspecialchars($GLOBALS['BACK_PATH'].$GLOBALS['TBE_STYLES']['logo_login']).'" alt="" />' :
329 '<img'.t3lib_iconWorks::skinImg($GLOBALS['BACK_PATH'],'gfx/typo3logo.gif','width="123" height="34"').' alt="" />';
330
331 // Login box image:
332 $loginboxImage = $this->makeLoginBoxImage();
333
334 // Compile the page content:
335 $content='
336
337 <!--
338 Wrapper table for the login form:
339 -->
340 <table cellspacing="0" cellpadding="0" border="0" id="wrapper">
341 <tr>
342 <td class="c-wrappercell" align="center">
343
344 <!--
345 Login form image:
346 -->
347 <div id="loginimage">
348 '.$logo.'
349 </div>
350
351 <!--
352 Login form wrapper:
353 -->
354 <table cellspacing="0" cellpadding="0" border="0" id="loginwrapper">
355 <tr>
356 <td'.($this->commandLI ? ' class="error"' : '').'>'.$loginboxImage.
357 $content.'
358 </td>
359 </tr>
360 </table>
361
362 '.$this->makeLoginNews().'
363 <!--
364 Copyright notice:
365 -->
366 <div id="copyrightnotice">
367 '.$this->makeCopyrightNotice().'
368 </div>
369
370
371 </td>
372 </tr>
373 </table>';
374
375 // Return content:
376 return $content;
377 }
378
379 /**
380 * Checking, if we should perform some sort of redirection OR closing of windows.
381 *
382 * @return void
383 */
384 function checkRedirect() {
385 global $BE_USER,$TBE_TEMPLATE;
386
387 // Do redirect:
388 // If a user is logged in AND a) if either the login is just done (commandLI) or b) a loginRefresh is done or c) the interface-selector is NOT enabled (If it is on the other hand, it should not just load an interface, because people has to choose then...)
389 if ($BE_USER->user['uid'] && ($this->commandLI || $this->loginRefresh || !$this->interfaceSelector)) {
390
391 // If no cookie has been set previously we tell people that this is a problem. This assumes that a cookie-setting script (like this one) has been hit at least once prior to this instance.
392 if (!$_COOKIE[$BE_USER->name]) {
393 if ($this->commandLI=='setCookie') {
394 // we tried it a second time but still no cookie
395 // 26/4 2005: This does not work anymore, because the saving of challenge values in $_SESSION means the system will act as if the password was wrong.
396 t3lib_BEfunc::typo3PrintError ('Login-error',"Yeah, that's a classic. No cookies, no TYPO3.<br /><br />Please accept cookies from TYPO3 - otherwise you'll not be able to use the system.",0);
397 exit;
398 } else {
399 // try it once again - that might be needed for auto login
400 $this->redirectToURL = 'index.php?commandLI=setCookie';
401 }
402 }
403
404 if ($redirectToURL = (string)$BE_USER->getTSConfigVal('auth.BE.redirectToURL')) {
405 $this->redirectToURL = $redirectToURL;
406 $this->GPinterface = '';
407 }
408
409 // store interface
410 $BE_USER->uc['interfaceSetup'] = $this->GPinterface;
411 $BE_USER->writeUC();
412
413 // Based on specific setting of interface we set the redirect script:
414 switch ($this->GPinterface) {
415 case 'backend':
416 $this->redirectToURL = 'backend.php';
417 break;
418 case 'backend_old':
419 $this->redirectToURL = 'alt_main.php';
420 break;
421 case 'frontend':
422 $this->redirectToURL = '../';
423 break;
424 }
425
426 // If there is a redirect URL AND if loginRefresh is not set...
427 if (!$this->loginRefresh) {
428 header('Location: '.t3lib_div::locationHeaderUrl($this->redirectToURL));
429 exit;
430 } else {
431 $TBE_TEMPLATE->JScode.=$TBE_TEMPLATE->wrapScriptTags('
432 if (parent.opener && parent.opener.busy) {
433 parent.opener.busy.loginRefreshed();
434 parent.close();
435 }
436 ');
437 }
438
439 } elseif (!$BE_USER->user['uid'] && $this->commandLI) {
440 sleep(5); // Wrong password, wait for 5 seconds
441 }
442 }
443
444 /**
445 * Making interface selector:
446 *
447 * @return void
448 */
449 function makeInterfaceSelectorBox() {
450 global $TYPO3_CONF_VARS;
451
452 // Reset variables:
453 $this->interfaceSelector = '';
454 $this->interfaceSelector_hidden='';
455 $this->interfaceSelector_jump = '';
456
457 // If interfaces are defined AND no input redirect URL in GET vars:
458 if ($TYPO3_CONF_VARS['BE']['interfaces'] && ($this->commandLI || !$this->redirect_url)) {
459 $parts = t3lib_div::trimExplode(',',$TYPO3_CONF_VARS['BE']['interfaces']);
460 if (count($parts)>1) { // Only if more than one interface is defined will we show the selector:
461
462 // Initialize:
463 $tempLabels=explode(',', $this->L_vars[5]);
464 $labels=array();
465
466 $labels['backend'] = $tempLabels[0];
467 $labels['backend_old'] = $tempLabels[2];
468 $labels['frontend'] = $tempLabels[1];
469
470 $jumpScript=array();
471 $jumpScript['backend'] = 'backend.php';
472 $jumpScript['backend_old'] = 'alt_main.php';
473 $jumpScript['frontend'] = '../';
474
475 // Traverse the interface keys:
476 foreach($parts as $valueStr) {
477 $this->interfaceSelector.='
478 <option value="'.htmlspecialchars($valueStr).'"'.(t3lib_div::_GP('interface')==htmlspecialchars($valueStr) ? ' selected="selected"' : '').'>'.htmlspecialchars($labels[$valueStr]).'</option>';
479 $this->interfaceSelector_jump.='
480 <option value="'.htmlspecialchars($jumpScript[$valueStr]).'">'.htmlspecialchars($labels[$valueStr]).'</option>';
481 }
482 $this->interfaceSelector='
483 <select name="interface" class="c-interfaceselector">'.$this->interfaceSelector.'
484 </select>';
485 $this->interfaceSelector_jump='
486 <select name="interface" class="c-interfaceselector" onchange="window.location.href=this.options[this.selectedIndex].value;">'.$this->interfaceSelector_jump.'
487 </select>';
488
489 } else { // If there is only ONE interface value set:
490
491 $this->interfaceSelector_hidden='<input type="hidden" name="interface" value="'.trim($TYPO3_CONF_VARS['BE']['interfaces']).'" />';
492 }
493 }
494 }
495
496 /**
497 * COPYRIGHT notice
498 *
499 * Warning:
500 * DO NOT prevent this notice from being shown in ANY WAY.
501 * According to the GPL license an interactive application must show such a notice on start-up ('If the program is interactive, make it output a short notice... ' - see GPL.txt)
502 * Therefore preventing this notice from being properly shown is a violation of the license, regardless of whether you remove it or use a stylesheet to obstruct the display.
503 *
504 * @return string Text/Image (HTML) for copyright notice.
505 */
506 function makeCopyrightNotice() {
507
508 // Get values from TYPO3_CONF_VARS:
509 $loginCopyrightWarrantyProvider = strip_tags(trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['loginCopyrightWarrantyProvider']));
510 $loginCopyrightWarrantyURL = strip_tags(trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['loginCopyrightWarrantyURL']));
511
512 // Make warranty note:
513 if (strlen($loginCopyrightWarrantyProvider)>=2 && strlen($loginCopyrightWarrantyURL)>=10) {
514 $warrantyNote='Warranty is supplied by '.htmlspecialchars($loginCopyrightWarrantyProvider).'; <a href="'.htmlspecialchars($loginCopyrightWarrantyURL).'" target="_blank">click for details.</a>';
515 } else {
516 $warrantyNote='TYPO3 comes with ABSOLUTELY NO WARRANTY; <a href="http://typo3.com/1316.0.html" target="_blank">click for details.</a>';
517 }
518
519 // Compile full copyright notice:
520 $copyrightNotice = '<a href="http://typo3.com/" target="_blank">'.
521 '<img src="gfx/loginlogo_transp.gif" width="75" height="19" alt="TYPO3 logo" align="left" />'.
522 'TYPO3 CMS'.($GLOBALS['TYPO3_CONF_VARS']['SYS']['loginCopyrightShowVersion']?' ver. '.htmlspecialchars($GLOBALS['TYPO_VERSION']):'').
523 '</a>. '.
524 'Copyright &copy; '.TYPO3_copyright_year.' Kasper Sk&#229;rh&#248;j. Extensions are copyright of their respective owners. '.
525 'Go to <a href="http://typo3.com/" target="_blank">http://typo3.com/</a> for details. '.
526 $warrantyNote.' '.
527 'This is free software, and you are welcome to redistribute it under certain conditions; <a href="http://typo3.com/1316.0.html" target="_blank">click for details</a>. '.
528 'Obstructing the appearance of this notice is prohibited by law.';
529
530 // Return notice:
531 return $copyrightNotice;
532 }
533
534 /**
535 * Returns the login box image, whether the default or an image from the rotation folder.
536 *
537 * @return string HTML image tag.
538 */
539 function makeLoginBoxImage() {
540 $loginboxImage = '';
541 if ($GLOBALS['TBE_STYLES']['loginBoxImage_rotationFolder']) { // Look for rotation image folder:
542 $absPath = t3lib_div::resolveBackPath(PATH_typo3.$GLOBALS['TBE_STYLES']['loginBoxImage_rotationFolder']);
543
544 // Get rotation folder:
545 $dir = t3lib_div::getFileAbsFileName($absPath);
546 if ($dir && @is_dir($dir)) {
547
548 // Get files for rotation into array:
549 $files = t3lib_div::getFilesInDir($dir,'png,jpg,gif');
550
551 // Pick random file:
552 srand((float) microtime() * 10000000);
553 $randImg = array_rand($files, 1);
554
555 // Get size of random file:
556 $imgSize = @getimagesize($dir.$files[$randImg]);
557
558 $imgAuthor = is_array($GLOBALS['TBE_STYLES']['loginBoxImage_author'])&&$GLOBALS['TBE_STYLES']['loginBoxImage_author'][$files[$randImg]] ? htmlspecialchars($GLOBALS['TBE_STYLES']['loginBoxImage_author'][$files[$randImg]]) : '';
559
560 // Create image tag:
561 if (is_array($imgSize)) {
562 $loginboxImage = '<img src="'.htmlspecialchars($GLOBALS['TBE_STYLES']['loginBoxImage_rotationFolder'].$files[$randImg]).'" '.$imgSize[3].' id="loginbox-image" alt="'.$imgAuthor.'" title="'.$imgAuthor.'" />';
563 }
564 }
565 } else { // If no rotation folder configured, print default image:
566
567 if (strstr(TYPO3_version,'-dev')) { // development version
568 $loginImage = 'loginbox_image_dev.png';
569 $imagecopy = 'You are running a development version of TYPO3 '.TYPO3_branch;
570 } else {
571 $loginImage = 'loginbox_image.jpg';
572 $imagecopy = 'Photo by Ture Andersen (www.tureandersen.dk)';
573 }
574 $loginboxImage = '<img'.t3lib_iconWorks::skinImg($GLOBALS['BACK_PATH'],'gfx/'.$loginImage,'width="200" height="133"').' id="loginbox-image" alt="'.$imagecopy.'" title="'.$imagecopy.'" />';
575 }
576
577 // Return image tag:
578 return $loginboxImage;
579 }
580
581 /**
582 * Make login news - renders the HTML content for a list of news shown under the login form. News data is added through $TYPO3_CONF_VARS
583 *
584 * @return string HTML content
585 * @credits Idea by Jan-Hendrik Heuing
586 */
587 function makeLoginNews() {
588
589 // Reset output variable:
590 $newsContent= '';
591
592 // Traverse news array IF there are records in it:
593 if (is_array($GLOBALS['TYPO3_CONF_VARS']['BE']['loginNews']) && count($GLOBALS['TYPO3_CONF_VARS']['BE']['loginNews'])) {
594 foreach($GLOBALS['TYPO3_CONF_VARS']['BE']['loginNews'] as $newsItem) {
595 $newsContent .= '<dt>'.htmlspecialchars($newsItem['header']).' <span>'.htmlspecialchars($newsItem['date']).'</span></dt>';
596 $newsContent .= '<dd>'.trim($newsItem['content']).'</dd>';
597 }
598
599 $title = $GLOBALS['TYPO3_CONF_VARS']['BE']['loginNewsTitle'] ? htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['BE']['loginNewsTitle']) : htmlspecialchars($this->L_vars[8]);
600 // Wrap
601 $newsContent = '
602
603 <!--
604 Login screen news:
605 -->
606 <h2 id="loginNewsTitle">'.$title.'</h2>
607 <dl id="loginNews">
608 '.$newsContent.'
609 </dl>
610 ';
611 }
612
613 // Return content:
614 return $newsContent;
615 }
616
617 /**
618 * Returns the form tag
619 *
620 * @return string Opening form tag string
621 */
622 function startForm() {
623 $output = '';
624
625 if ($this->loginSecurityLevel == 'challenged') {
626 $output.= '
627 <form action="index.php" method="post" name="loginform" onsubmit="doChallengeResponse(0);">
628 ';
629 } elseif ($this->loginSecurityLevel == 'normal') {
630 $output.= '
631 <form action="index.php" method="post" name="loginform" onsubmit="document.loginform.userident.value=document.loginform.p_field.value;document.loginform.p_field.value=\'\';return true;">
632 ';
633 } else { // if ($this->loginSecurityLevel == 'superchallenged') {
634 $output.= '
635 <form action="index.php" method="post" name="loginform" onsubmit="doChallengeResponse(1);">
636 ';
637 }
638
639 $output.= '
640 <input type="hidden" name="login_status" value="login" />
641 ';
642
643 return $output;
644 }
645
646 /**
647 * Output some hidden fields at the end of the login form
648 *
649 * @param string The challenge string to be included in the output
650 * @return string HTML output
651 */
652 function getHiddenFields($challenge) {
653 $output = '
654 <input type="hidden" name="userident" value="" />
655 <input type="hidden" name="challenge" value="'.$challenge.'" />
656 <input type="hidden" name="redirect_url" value="'.htmlspecialchars($this->redirectToURL).'" />
657 <input type="hidden" name="loginRefresh" value="'.htmlspecialchars($this->loginRefresh).'" />
658 '.$this->interfaceSelector_hidden.'
659 '.$this->addFields_hidden.'
660 ';
661
662 return $output;
663 }
664
665 /**
666 * Set JavaScript for creating a MD5 hash of the password
667 *
668 * @return string JavaScript code
669 */
670 function getJScode() {
671 global $TBE_TEMPLATE;
672
673 $JScode = '
674 <script type="text/javascript" src="md5.js"></script>
675 '.$TBE_TEMPLATE->wrapScriptTags('
676 function doChallengeResponse(superchallenged) { //
677 password = document.loginform.p_field.value;
678 if (password) {
679 if (superchallenged) {
680 password = MD5(password); // this makes it superchallenged!!
681 }
682 str = document.loginform.username.value+":"+password+":"+document.loginform.challenge.value;
683 document.loginform.userident.value = MD5(str);
684 document.loginform.p_field.value = "";
685 return true;
686 }
687 }
688
689 function startUp() {
690 // If the login screen is shown in the login_frameset window for re-login, then try to get the username of the current/former login from opening windows main frame:
691 if (parent.opener && parent.opener.TS && parent.opener.TS.username && document.loginform && document.loginform.username) {
692 document.loginform.username.value = parent.opener.TS.username;
693 }
694
695 // Wait a few millisecons before calling checkFocus(). This might be necessary because some browsers need some time to auto-fill in the form fields
696 window.setTimeout("checkFocus()", 50);
697 }
698
699 // This moves focus to the right input field:
700 function checkFocus() {
701 // If for some reason there already is a username in the username form field, move focus to the password field:
702 if (document.loginform.username && document.loginform.username.value == "") {
703 document.loginform.username.focus();
704 } else if (document.loginform.p_field && document.loginform.p_field.type!="hidden") {
705 document.loginform.p_field.focus();
706 }
707 }
708 ');
709
710 return $JScode;
711 }
712
713 /**
714 * Create a random challenge string
715 *
716 * @return string Challenge value
717 */
718 function getChallenge() {
719 $challenge = md5(uniqid('').getmypid());
720 return $challenge;
721 }
722 }
723
724 // Include extension?
725 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/index.php']) {
726 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/index.php']);
727 }
728
729
730
731
732
733
734
735
736
737
738 // Make instance:
739 $SOBE = t3lib_div::makeInstance('SC_index');
740 $SOBE->init();
741 $SOBE->main();
742 $SOBE->printContent();
743 ?>