9d4a74017e10f3230101ef7afb7e539f2e83d5e0
[Packages/TYPO3.CMS.git] / typo3 / sysext / setup / Classes / Controller / SetupModuleController.php
1 <?php
2 namespace TYPO3\CMS\Setup\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
19 use TYPO3\CMS\Backend\Backend\Avatar\DefaultAvatarProvider;
20 use TYPO3\CMS\Backend\Module\AbstractModule;
21 use TYPO3\CMS\Backend\Module\ModuleLoader;
22 use TYPO3\CMS\Backend\Utility\BackendUtility;
23 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
24 use TYPO3\CMS\Core\Database\ConnectionPool;
25 use TYPO3\CMS\Core\DataHandling\DataHandler;
26 use TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
27 use TYPO3\CMS\Core\Imaging\Icon;
28 use TYPO3\CMS\Core\Imaging\IconFactory;
29 use TYPO3\CMS\Core\Messaging\FlashMessage;
30 use TYPO3\CMS\Core\Messaging\FlashMessageService;
31 use TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException;
32 use TYPO3\CMS\Core\Resource\ResourceFactory;
33 use TYPO3\CMS\Core\Utility\GeneralUtility;
34
35 /**
36 * Script class for the Setup module
37 */
38 class SetupModuleController extends AbstractModule
39 {
40 /**
41 * Flag if password has not been updated
42 */
43 const PASSWORD_NOT_UPDATED = 0;
44
45 /**
46 * Flag if password has been updated
47 */
48 const PASSWORD_UPDATED = 1;
49
50 /**
51 * Flag if both new passwords do not match
52 */
53 const PASSWORD_NOT_THE_SAME = 2;
54
55 /**
56 * Flag if the current password given was not identical to the real
57 * current password
58 */
59 const PASSWORD_OLD_WRONG = 3;
60
61 /**
62 * @var array
63 */
64 public $MOD_MENU = [];
65
66 /**
67 * @var array
68 */
69 public $MOD_SETTINGS = [];
70
71 /**
72 * @var string
73 */
74 public $content;
75
76 /**
77 * @var array
78 */
79 public $overrideConf;
80
81 /**
82 * backend user object, set during simulate-user operation
83 *
84 * @var \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
85 */
86 public $OLD_BE_USER;
87
88 /**
89 * @var bool
90 */
91 public $languageUpdate;
92
93 /**
94 * @var bool
95 */
96 protected $pagetreeNeedsRefresh = false;
97
98 /**
99 * @var bool
100 */
101 protected $isAdmin;
102
103 /**
104 * @var array
105 */
106 protected $tsFieldConf;
107
108 /**
109 * @var bool
110 */
111 protected $saveData = false;
112
113 /**
114 * @var int
115 */
116 protected $passwordIsUpdated = self::PASSWORD_NOT_UPDATED;
117
118 /**
119 * @var bool
120 */
121 protected $passwordIsSubmitted = false;
122
123 /**
124 * @var bool
125 */
126 protected $setupIsUpdated = false;
127
128 /**
129 * @var bool
130 */
131 protected $settingsAreResetToDefault = false;
132
133 /**
134 * Form protection instance
135 *
136 * @var \TYPO3\CMS\Core\FormProtection\BackendFormProtection
137 */
138 protected $formProtection;
139
140 /**
141 * @var string
142 */
143 protected $simulateSelector = '';
144
145 /**
146 * @var int
147 */
148 protected $simUser;
149
150 /**
151 * The name of the module
152 *
153 * @var string
154 */
155 protected $moduleName = 'user_setup';
156
157 /**
158 * @var ModuleLoader
159 */
160 protected $loadModules;
161
162 /**
163 * Instantiate the form protection before a simulated user is initialized.
164 */
165 public function __construct()
166 {
167 parent::__construct();
168 $this->formProtection = FormProtectionFactory::get();
169 $this->moduleTemplate->getPageRenderer()->loadRequireJsModule('TYPO3/CMS/Backend/Modal');
170 }
171
172 /**
173 * Getter for the form protection instance.
174 *
175 * @return \TYPO3\CMS\Core\FormProtection\BackendFormProtection
176 */
177 public function getFormProtection()
178 {
179 return $this->formProtection;
180 }
181
182 /**
183 * If settings are submitted to _POST[DATA], store them
184 * NOTICE: This method is called before the \TYPO3\CMS\Backend\Template\ModuleTemplate
185 * is included. See bottom of document.
186 */
187 public function storeIncomingData()
188 {
189 // First check if something is submitted in the data-array from POST vars
190 $d = GeneralUtility::_POST('data');
191 $columns = $GLOBALS['TYPO3_USER_SETTINGS']['columns'];
192 $beUser = $this->getBackendUser();
193 $beUserId = $beUser->user['uid'];
194 $storeRec = [];
195 $fieldList = $this->getFieldsFromShowItem();
196 if (is_array($d) && $this->formProtection->validateToken((string)GeneralUtility::_POST('formToken'), 'BE user setup', 'edit')) {
197 // UC hashed before applying changes
198 $save_before = md5(serialize($beUser->uc));
199 // PUT SETTINGS into the ->uc array:
200 // Reload left frame when switching BE language
201 if (isset($d['lang']) && $d['lang'] != $beUser->uc['lang']) {
202 $this->languageUpdate = true;
203 }
204 // Reload pagetree if the title length is changed
205 if (isset($d['titleLen']) && $d['titleLen'] !== $beUser->uc['titleLen']) {
206 $this->pagetreeNeedsRefresh = true;
207 }
208 if ($d['setValuesToDefault']) {
209 // If every value should be default
210 $beUser->resetUC();
211 $this->settingsAreResetToDefault = true;
212 } elseif ($d['save']) {
213 // Save all submitted values if they are no array (arrays are with table=be_users) and exists in $GLOBALS['TYPO3_USER_SETTINGS'][columns]
214 foreach ($columns as $field => $config) {
215 if (!in_array($field, $fieldList)) {
216 continue;
217 }
218 if ($config['table']) {
219 if ($config['table'] === 'be_users' && !in_array($field, ['password', 'password2', 'passwordCurrent', 'email', 'realName', 'admin', 'avatar'])) {
220 if (!isset($config['access']) || $this->checkAccess($config) && $beUser->user[$field] !== $d['be_users'][$field]) {
221 if ($config['type'] === 'check') {
222 $fieldValue = isset($d['be_users'][$field]) ? 1 : 0;
223 } else {
224 $fieldValue = $d['be_users'][$field];
225 }
226 $storeRec['be_users'][$beUserId][$field] = $fieldValue;
227 $beUser->user[$field] = $fieldValue;
228 }
229 }
230 }
231 if ($config['type'] === 'check') {
232 $beUser->uc[$field] = isset($d[$field]) ? 1 : 0;
233 } else {
234 $beUser->uc[$field] = htmlspecialchars($d[$field]);
235 }
236 }
237 // Personal data for the users be_user-record (email, name, password...)
238 // If email and name is changed, set it in the users record:
239 $be_user_data = $d['be_users'];
240 // Possibility to modify the transmitted values. Useful to do transformations, like RSA password decryption
241 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['modifyUserDataBeforeSave'])) {
242 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['modifyUserDataBeforeSave'] as $function) {
243 $params = ['be_user_data' => &$be_user_data];
244 GeneralUtility::callUserFunction($function, $params, $this);
245 }
246 }
247 $this->passwordIsSubmitted = (string)$be_user_data['password'] !== '';
248 $passwordIsConfirmed = $this->passwordIsSubmitted && $be_user_data['password'] === $be_user_data['password2'];
249 // Update the real name:
250 if ($be_user_data['realName'] !== $beUser->user['realName']) {
251 $beUser->user['realName'] = ($storeRec['be_users'][$beUserId]['realName'] = substr($be_user_data['realName'], 0, 80));
252 }
253 // Update the email address:
254 if ($be_user_data['email'] !== $beUser->user['email']) {
255 $beUser->user['email'] = ($storeRec['be_users'][$beUserId]['email'] = substr($be_user_data['email'], 0, 80));
256 }
257 // Update the password:
258 if ($passwordIsConfirmed) {
259 $currentPasswordHashed = $GLOBALS['BE_USER']->user['password'];
260 $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($currentPasswordHashed);
261 if ($saltFactory->checkPassword($be_user_data['passwordCurrent'], $currentPasswordHashed)) {
262 $this->passwordIsUpdated = self::PASSWORD_UPDATED;
263 $storeRec['be_users'][$beUserId]['password'] = $be_user_data['password'];
264 } else {
265 $this->passwordIsUpdated = self::PASSWORD_OLD_WRONG;
266 }
267 } else {
268 $this->passwordIsUpdated = self::PASSWORD_NOT_THE_SAME;
269 }
270
271 $this->setAvatarFileUid($beUserId, $be_user_data['avatar'], $storeRec);
272
273 $this->saveData = true;
274 }
275 // Inserts the overriding values.
276 $beUser->overrideUC();
277 $save_after = md5(serialize($beUser->uc));
278 // If something in the uc-array of the user has changed, we save the array...
279 if ($save_before != $save_after) {
280 $beUser->writeUC($beUser->uc);
281 $beUser->writelog(254, 1, 0, 1, 'Personal settings changed', []);
282 $this->setupIsUpdated = true;
283 }
284 // Persist data if something has changed:
285 if (!empty($storeRec) && $this->saveData) {
286 // Make instance of TCE for storing the changes.
287 /** @var DataHandler $dataHandler */
288 $dataHandler = GeneralUtility::makeInstance(DataHandler::class);
289 // This is so the user can actually update his user record.
290 $isAdmin = $beUser->user['admin'];
291 $beUser->user['admin'] = 1;
292 $dataHandler->start($storeRec, [], $beUser);
293 // This is to make sure that the users record can be updated even if in another workspace. This is tolerated.
294 $dataHandler->bypassWorkspaceRestrictions = true;
295 $dataHandler->process_datamap();
296 unset($tce);
297 if ($this->passwordIsUpdated === self::PASSWORD_NOT_UPDATED || count($storeRec['be_users'][$beUserId]) > 1) {
298 $this->setupIsUpdated = true;
299 }
300 // Restore admin status after processing
301 $beUser->user['admin'] = $isAdmin;
302 }
303 }
304 }
305
306 /******************************
307 *
308 * Rendering module
309 *
310 ******************************/
311 /**
312 * Initializes the module for display of the settings form.
313 *
314 * @return void
315 */
316 public function init()
317 {
318 $this->getLanguageService()->includeLLFile('EXT:setup/Resources/Private/Language/locallang.xlf');
319
320 // Returns the script user - that is the REAL logged in user! ($GLOBALS[BE_USER] might be another user due to simulation!)
321 $scriptUser = $this->getRealScriptUserObj();
322
323 $this->isAdmin = $scriptUser->isAdmin();
324 // Getting the 'override' values as set might be set in User TSconfig
325 $this->overrideConf = $this->getBackendUser()->getTSConfigProp('setup.override');
326 // Getting the disabled fields might be set in User TSconfig (eg setup.fields.password.disabled=1)
327 $this->tsFieldConf = $this->getBackendUser()->getTSConfigProp('setup.fields');
328 // id password is disabled, disable repeat of password too (password2)
329 if (isset($this->tsFieldConf['password.']) && $this->tsFieldConf['password.']['disabled']) {
330 $this->tsFieldConf['password2.']['disabled'] = 1;
331 $this->tsFieldConf['passwordCurrent.']['disabled'] = 1;
332 }
333 }
334
335 /**
336 * Generate necessary JavaScript
337 *
338 * @return string
339 */
340 protected function getJavaScript()
341 {
342 $javaScript = '';
343 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['setupScriptHook'])) {
344 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['setupScriptHook'] as $function) {
345 $params = [];
346 $javaScript .= GeneralUtility::callUserFunction($function, $params, $this);
347 }
348 }
349 return $javaScript;
350 }
351
352 /**
353 * Generate the main settings form:
354 *
355 * @return void
356 */
357 public function main()
358 {
359 $this->content .= '<form action="' . BackendUtility::getModuleUrl('user_setup') . '" method="post" id="SetupModuleController" name="usersetup" enctype="multipart/form-data">';
360 if ($this->languageUpdate) {
361 $this->moduleTemplate->addJavaScriptCode('languageUpdate', '
362 if (top && top.TYPO3.ModuleMenu.App) {
363 top.TYPO3.ModuleMenu.App.refreshMenu();
364 }
365 ');
366 }
367 if ($this->pagetreeNeedsRefresh) {
368 BackendUtility::setUpdateSignal('updatePageTree');
369 }
370 // Start page:
371 $this->moduleTemplate->getPageRenderer()->addJsFile('EXT:backend/Resources/Public/JavaScript/md5.js');
372 // Use a wrapper div
373 $this->content .= '<div id="user-setup-wrapper">';
374 // Load available backend modules
375 $this->loadModules = GeneralUtility::makeInstance(ModuleLoader::class);
376 $this->loadModules->observeWorkspaces = true;
377 $this->loadModules->load($GLOBALS['TBE_MODULES']);
378 $this->content .= $this->moduleTemplate->header($this->getLanguageService()->getLL('UserSettings'));
379 $this->addFlashMessages();
380
381 // Render user switch
382 $this->content .= $this->renderSimulateUserSelectAndLabel();
383
384 // Render the menu items
385 $menuItems = $this->renderUserSetup();
386 $this->content .= $this->moduleTemplate->getDynamicTabMenu($menuItems, 'user-setup', 1, false, false);
387 $formToken = $this->formProtection->generateToken('BE user setup', 'edit');
388 $this->content .= '<div>';
389 $this->content .= '<input type="hidden" name="simUser" value="' . (int)$this->simUser . '" />
390 <input type="hidden" name="formToken" value="' . htmlspecialchars($formToken) . '" />
391 <input type="hidden" value="1" name="data[save]" />
392 <input type="hidden" name="data[setValuesToDefault]" value="0" id="setValuesToDefault" />';
393 $this->content .= '</div>';
394 // End of wrapper div
395 $this->content .= '</div>';
396 // Setting up the buttons and markers for docheader
397 $this->getButtons();
398 // Build the <body> for the module
399 // Renders the module page
400 $this->moduleTemplate->setContent($this->content);
401 $this->content .= '</form>';
402 }
403
404 /**
405 * Injects the request object for the current request or subrequest
406 * Simply calls main() and init() and writes the content to the response
407 *
408 * @param ServerRequestInterface $request the current request
409 * @param ResponseInterface $response
410 * @return ResponseInterface the response with the content
411 */
412 public function mainAction(ServerRequestInterface $request, ResponseInterface $response)
413 {
414 $GLOBALS['SOBE'] = $this;
415 $this->simulateUser();
416 $this->storeIncomingData();
417 $this->init();
418 $this->main();
419
420 $response->getBody()->write($this->moduleTemplate->renderContent());
421 return $response;
422 }
423
424 /**
425 * Create the panel of buttons for submitting the form or otherwise perform operations.
426 */
427 protected function getButtons()
428 {
429 $buttonBar = $this->moduleTemplate->getDocHeaderComponent()->getButtonBar();
430 $cshButton = $buttonBar->makeHelpButton()
431 ->setModuleName('_MOD_user_setup')
432 ->setFieldName('');
433 $buttonBar->addButton($cshButton);
434
435 $saveButton = $buttonBar->makeInputButton()
436 ->setName('data[save]')
437 ->setTitle($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:rm.saveDoc'))
438 ->setValue('1')
439 ->setForm('SetupModuleController')
440 ->setShowLabelText(true)
441 ->setIcon($this->moduleTemplate->getIconFactory()->getIcon('actions-document-save', Icon::SIZE_SMALL));
442
443 $buttonBar->addButton($saveButton);
444 $shortcutButton = $buttonBar->makeShortcutButton()
445 ->setModuleName($this->moduleName);
446 $buttonBar->addButton($shortcutButton);
447 }
448
449 /******************************
450 *
451 * Render module
452 *
453 ******************************/
454
455 /**
456 * renders the data for all tabs in the user setup and returns
457 * everything that is needed with tabs and dyntab menu
458 *
459 * @return array Ready to use for the dyntabmenu itemarray
460 */
461 protected function renderUserSetup()
462 {
463 $html = '';
464 $result = [];
465 $firstTabLabel = '';
466 $code = [];
467 $fieldArray = $this->getFieldsFromShowItem();
468 $tabLabel = '';
469 foreach ($fieldArray as $fieldName) {
470 $more = '';
471 if (substr($fieldName, 0, 8) === '--div--;') {
472 if ($firstTabLabel === '') {
473 // First tab
474 $tabLabel = $this->getLabel(substr($fieldName, 8), '', false);
475 $firstTabLabel = $tabLabel;
476 } else {
477 $result[] = [
478 'label' => $tabLabel,
479 'content' => count($code) ? implode(LF, $code) : ''
480 ];
481 $tabLabel = $this->getLabel(substr($fieldName, 8), '', false);
482 $code = [];
483 }
484 continue;
485 }
486 $config = $GLOBALS['TYPO3_USER_SETTINGS']['columns'][$fieldName];
487
488 // Field my be disabled in setup.fields
489 if (isset($this->tsFieldConf[$fieldName . '.']['disabled']) && $this->tsFieldConf[$fieldName . '.']['disabled'] == 1) {
490 continue;
491 }
492 if (isset($config['access']) && !$this->checkAccess($config)) {
493 continue;
494 }
495 $label = $this->getLabel($config['label'], $fieldName);
496 $label = $this->getCSH($config['csh'] ?: $fieldName, $label);
497 $type = $config['type'];
498 $class = $config['class'];
499
500 if ($type !== 'check') {
501 $class .= ' form-control';
502 }
503
504 $style = $config['style'];
505 if ($class) {
506 $more .= ' class="' . htmlspecialchars($class) . '"';
507 }
508 if ($style) {
509 $more .= ' style="' . htmlspecialchars($style) . '"';
510 }
511 if (isset($this->overrideConf[$fieldName])) {
512 $more .= ' disabled="disabled"';
513 }
514 $value = $config['table'] === 'be_users' ? $this->getBackendUser()->user[$fieldName] : $this->getBackendUser()->uc[$fieldName];
515 if (!$value && isset($config['default'])) {
516 $value = $config['default'];
517 }
518 $dataAdd = '';
519 if ($config['table'] === 'be_users') {
520 $dataAdd = '[be_users]';
521 }
522
523 switch ($type) {
524 case 'text':
525 case 'email':
526 case 'password':
527 $noAutocomplete = '';
528 if ($type === 'password') {
529 $value = '';
530 $noAutocomplete = 'autocomplete="off" ';
531 $more .= ' data-rsa-encryption=""';
532 }
533 $html = '<input id="field_' . htmlspecialchars($fieldName) . '"
534 type="' . htmlspecialchars($type) . '"
535 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']" ' .
536 $noAutocomplete .
537 'value="' . htmlspecialchars($value) . '" ' .
538 $more .
539 ' />';
540 break;
541 case 'check':
542 $html = $label . '<div class="checkbox"><label><input id="field_' . htmlspecialchars($fieldName) . '"
543 type="checkbox"
544 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' .
545 ($value ? ' checked="checked"' : '') .
546 $more .
547 ' /></label></div>';
548 $label = '';
549 break;
550 case 'select':
551 if ($config['itemsProcFunc']) {
552 $html = GeneralUtility::callUserFunction($config['itemsProcFunc'], $config, $this);
553 } else {
554 $html = '<select id="field_' . htmlspecialchars($fieldName) . '"
555 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' .
556 $more . '>' . LF;
557 foreach ($config['items'] as $key => $optionLabel) {
558 $html .= '<option value="' . htmlspecialchars($key) . '"' . ($value == $key ? ' selected="selected"' : '') . '>' . $this->getLabel($optionLabel, '', false) . '</option>' . LF;
559 }
560 $html .= '</select>';
561 }
562 break;
563 case 'user':
564 $html = GeneralUtility::callUserFunction($config['userFunc'], $config, $this);
565 break;
566 case 'button':
567 if ($config['onClick']) {
568 $onClick = $config['onClick'];
569 if ($config['onClickLabels']) {
570 foreach ($config['onClickLabels'] as $key => $labelclick) {
571 $config['onClickLabels'][$key] = $this->getLabel($labelclick, '', false);
572 }
573 $onClick = vsprintf($onClick, $config['onClickLabels']);
574 }
575 $html = '<br><input class="btn btn-default" type="button"
576 value="' . $this->getLabel($config['buttonlabel'], '', false) . '"
577 onclick="' . $onClick . '" />';
578 }
579 if (!empty($config['confirm'])) {
580 $confirmData = $config['confirmData'];
581 $html = '<br><input class="btn btn-default t3js-modal-trigger" type="button"'
582 . ' value="' . $this->getLabel($config['buttonlabel'], '', false) . '"'
583 . ' data-href="javascript:' . htmlspecialchars($confirmData['jsCodeAfterOk']) . '"'
584 . ' data-severity="warning"'
585 . ' data-title="' . $this->getLabel($config['label'], '', false) . '"'
586 . ' data-content="' . $this->getLabel($confirmData['message'], '', false) . '" />';
587 }
588 break;
589 case 'avatar':
590 // Get current avatar image
591 $html = '<br>';
592 $avatarFileUid = $this->getAvatarFileUid($this->getBackendUser()->user['uid']);
593
594 if ($avatarFileUid) {
595 $defaultAvatarProvider = GeneralUtility::makeInstance(DefaultAvatarProvider::class);
596 $avatarImage = $defaultAvatarProvider->getImage($this->getBackendUser()->user, 32);
597 if ($avatarImage) {
598 $icon = '<span class="avatar"><span class="avatar-image">' .
599 '<img src="' . htmlspecialchars($avatarImage->getUrl(true)) . '"' .
600 ' width="' . (int)$avatarImage->getWidth() . '" ' .
601 'height="' . (int)$avatarImage->getHeight() . '" />' .
602 '</span></span>';
603 $html .= '<span class="pull-left" style="padding-right: 10px" id="image_' . htmlspecialchars($fieldName) . '">' . $icon . ' </span>';
604 }
605 }
606 $html .= '<input id="field_' . htmlspecialchars($fieldName) . '" type="hidden" ' .
607 'name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' . $more .
608 ' value="' . (int)$avatarFileUid . '" />';
609
610 $html .= '<div class="btn-group">';
611 $iconFactory = GeneralUtility::makeInstance(IconFactory::class);
612 if ($avatarFileUid) {
613 $html .=
614 '<a id="clear_button_' . htmlspecialchars($fieldName) . '" '
615 . 'onclick="clearExistingImage(); return false;" class="btn btn-default">'
616 . $iconFactory->getIcon('actions-delete', Icon::SIZE_SMALL)
617 . '</a>';
618 }
619 $html .=
620 '<a id="add_button_' . htmlspecialchars($fieldName) . '" class="btn btn-default btn-add-avatar"'
621 . ' onclick="openFileBrowser();return false;">'
622 . $iconFactory->getIcon('actions-insert-record', Icon::SIZE_SMALL)
623 . '</a></div>';
624
625 $this->addAvatarButtonJs($fieldName);
626 break;
627 default:
628 $html = '';
629 }
630
631 $code[] = '<div class="form-section"><div class="row"><div class="form-group col-md-12">' .
632 $label .
633 $html .
634 '</div></div></div>';
635 }
636
637 $result[] = [
638 'label' => $tabLabel,
639 'content' => count($code) ? implode(LF, $code) : ''
640 ];
641 return $result;
642 }
643
644 /******************************
645 *
646 * Helper functions
647 *
648 ******************************/
649 /**
650 * Returns the backend user object, either the global OR the $this->OLD_BE_USER which is set during simulate-user operation.
651 * Anyway: The REAL user is returned - the one logged in.
652 *
653 * @return BackendUserAuthentication The REAL user is returned - the one logged in.
654 */
655 protected function getRealScriptUserObj()
656 {
657 return is_object($this->OLD_BE_USER) ? $this->OLD_BE_USER : $this->getBackendUser();
658 }
659
660 /**
661 * Return a select with available languages
662 *
663 * @param array $params
664 *
665 * @return string Complete select as HTML string or warning box if something went wrong.
666 */
667 public function renderLanguageSelect($params)
668 {
669 $languageOptions = [];
670 // Compile the languages dropdown
671 $langDefault = htmlspecialchars($this->getLanguageService()->getLL('lang_default'));
672 $languageOptions[$langDefault] = '<option value=""' . ($this->getBackendUser()->uc['lang'] === '' ? ' selected="selected"' : '') . '>' . $langDefault . '</option>';
673 // Traverse the number of languages
674 /** @var $locales \TYPO3\CMS\Core\Localization\Locales */
675 $locales = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Localization\Locales::class);
676 $languages = $locales->getLanguages();
677 foreach ($languages as $locale => $name) {
678 if ($locale !== 'default') {
679 $defaultName = isset($GLOBALS['LOCAL_LANG']['default']['lang_' . $locale]) ? $GLOBALS['LOCAL_LANG']['default']['lang_' . $locale][0]['source'] : $name;
680 $localizedName = htmlspecialchars($this->getLanguageService()->getLL('lang_' . $locale));
681 if ($localizedName === '') {
682 $localizedName = htmlspecialchars($name);
683 }
684 $localLabel = ' - [' . htmlspecialchars($defaultName) . ']';
685 $available = is_dir(PATH_typo3conf . 'l10n/' . $locale);
686 if ($available) {
687 $languageOptions[$defaultName] = '<option value="' . $locale . '"' . ($this->getBackendUser()->uc['lang'] === $locale ? ' selected="selected"' : '') . '>' . $localizedName . $localLabel . '</option>';
688 }
689 }
690 }
691 ksort($languageOptions);
692 $languageCode = '
693 <select id="field_lang" name="data[lang]" class="form-control">' . implode('', $languageOptions) . '
694 </select>';
695 if ($this->getBackendUser()->uc['lang'] && !@is_dir((PATH_typo3conf . 'l10n/' . $this->getBackendUser()->uc['lang']))) {
696 // TODO: The text constants have to be moved into language files
697 $languageUnavailableWarning = 'The selected language "' . htmlspecialchars($this->getLanguageService()->getLL('lang_' . $this->getBackendUser()->uc['lang'])) . '" is not available before the language files are installed.&nbsp;&nbsp;<br />&nbsp;&nbsp;' . ($this->getBackendUser()->isAdmin() ? 'You can use the Language module to easily download new language files.' : 'Please ask your system administrator to do this.');
698 $languageCode = '<br /><span class="label label-danger">' . $languageUnavailableWarning . '</span><br /><br />' . $languageCode;
699 }
700 return $languageCode;
701 }
702
703 /**
704 * Returns a select with all modules for startup
705 *
706 * @param array $params
707 * @param SetupModuleController $pObj
708 *
709 * @return string Complete select as HTML string
710 */
711 public function renderStartModuleSelect($params, $pObj)
712 {
713 // Load available backend modules
714 $this->loadModules = GeneralUtility::makeInstance(ModuleLoader::class);
715 $this->loadModules->observeWorkspaces = true;
716 $this->loadModules->load($GLOBALS['TBE_MODULES']);
717 $startModuleSelect = '<option value="">' . htmlspecialchars($this->getLanguageService()->getLL('startModule.firstInMenu')) . '</option>';
718 foreach ($pObj->loadModules->modules as $mainMod => $modData) {
719 if (!empty($modData['sub']) && is_array($modData['sub'])) {
720 $modules = '';
721 foreach ($modData['sub'] as $subData) {
722 $modName = $subData['name'];
723 $modules .= '<option value="' . htmlspecialchars($modName) . '"';
724 $modules .= $this->getBackendUser()->uc['startModule'] === $modName ? ' selected="selected"' : '';
725 $modules .= '>' . htmlspecialchars($this->getLanguageService()->sL($this->loadModules->getLabelsForModule($modName)['title'])) . '</option>';
726 }
727 $groupLabel = htmlspecialchars($this->getLanguageService()->sL($this->loadModules->getLabelsForModule($mainMod)['title']));
728 $startModuleSelect .= '<optgroup label="' . htmlspecialchars($groupLabel) . '">' . $modules . '</optgroup>';
729 }
730 }
731 return '<select id="field_startModule" name="data[startModule]" class="form-control">' . $startModuleSelect . '</select>';
732 }
733
734 /**
735 * Will make the simulate-user selector if the logged in user is administrator.
736 * It will also set the GLOBAL(!) BE_USER to the simulated user selected if any (and set $this->OLD_BE_USER to logged in user)
737 *
738 * @return void
739 */
740 public function simulateUser()
741 {
742 // If admin, allow simulation of another user
743 $this->simUser = 0;
744 $this->simulateSelector = '';
745 unset($this->OLD_BE_USER);
746 if ($this->getBackendUser()->isAdmin()) {
747 $this->simUser = (int)GeneralUtility::_GP('simUser');
748 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_users');
749 $users = $queryBuilder
750 ->select('*')
751 ->from('be_users')
752 ->where(
753 $queryBuilder->expr()->neq('uid', (int)$this->getBackendUser()->user['uid']),
754 $queryBuilder->expr()->notLike('username', $queryBuilder->createNamedParameter($queryBuilder->escapeLikeWildcards('_cli_') . '%'))
755 )
756 ->orderBy('username')
757 ->execute()
758 ->fetchAll();
759 $opt = [];
760 foreach ($users as $rr) {
761 $label = $rr['username'] . ($rr['realName'] ? ' (' . $rr['realName'] . ')' : '');
762 $opt[] = '<option value="' . (int)$rr['uid'] . '"' . ($this->simUser === (int)$rr['uid'] ? ' selected="selected"' : '') . '>' . htmlspecialchars($label) . '</option>';
763 }
764 if (!empty($opt)) {
765 $this->simulateSelector = '<select id="field_simulate" class="form-control" name="simulateUser" onchange="window.location.href=' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('user_setup') . '&simUser=') . '+this.options[this.selectedIndex].value;"><option></option>' . implode('', $opt) . '</select>';
766 }
767 }
768 // This can only be set if the previous code was executed.
769 if ($this->simUser > 0) {
770 // Save old user...
771 $this->OLD_BE_USER = $this->getBackendUser();
772 unset($GLOBALS['BE_USER']);
773 // Unset current
774 // New backend user object
775 $BE_USER = GeneralUtility::makeInstance(BackendUserAuthentication::class);
776 $BE_USER->setBeUserByUid($this->simUser);
777 $BE_USER->fetchGroupData();
778 $BE_USER->backendSetUC();
779 // Must do this, because unsetting $BE_USER before apparently unsets the reference to the global variable by this name!
780 $GLOBALS['BE_USER'] = $BE_USER;
781 }
782 }
783
784 /**
785 * Render simulate user select and label
786 *
787 * @return string
788 */
789 protected function renderSimulateUserSelectAndLabel()
790 {
791 if ($this->simulateSelector === '') {
792 return '';
793 }
794
795 return '<div class="form-inline"><div class="form-group"><p>'
796 . '<label for="field_simulate" style="margin-right: 20px;">'
797 . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:setup/Resources/Private/Language/locallang.xlf:simulate'))
798 . '</label>'
799 . $this->simulateSelector
800 . '</p></div></div>';
801 }
802
803 /**
804 * Returns access check (currently only "admin" is supported)
805 *
806 * @param array $config Configuration of the field, access mode is defined in key 'access'
807 * @return bool Whether it is allowed to modify the given field
808 */
809 protected function checkAccess(array $config)
810 {
811 $access = $config['access'];
812
813 if (isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['setup']['accessLevelCheck'][$access])) {
814 if (class_exists($access)) {
815 $accessObject = GeneralUtility::makeInstance($access);
816 if (method_exists($accessObject, 'accessLevelCheck')) {
817 // Initialize vars. If method fails, $set will be set to FALSE
818 return $accessObject->accessLevelCheck($config);
819 }
820 }
821 } elseif ($access == 'admin') {
822 return $this->isAdmin;
823 }
824
825 return false;
826 }
827
828 /**
829 * Returns the label $str from getLL() and grays out the value if the $str/$key is found in $this->overrideConf array
830 *
831 * @param string $str Locallang key
832 * @param string $key Alternative override-config key
833 * @param bool $addLabelTag Defines whether the string should be wrapped in a <label> tag.
834 * @param string $altLabelTagId Alternative id for use in "for" attribute of <label> tag. By default the $str key is used prepended with "field_".
835 * @return string HTML output.
836 */
837 protected function getLabel($str, $key = '', $addLabelTag = true, $altLabelTagId = '')
838 {
839 if (substr($str, 0, 4) === 'LLL:') {
840 $out = htmlspecialchars($this->getLanguageService()->sL($str));
841 } else {
842 $out = htmlspecialchars($str);
843 }
844 if (isset($this->overrideConf[$key ?: $str])) {
845 $out = '<span style="color:#999999">' . $out . '</span>';
846 }
847 if ($addLabelTag) {
848 $out = '<label>' . $out . '</label>';
849 }
850 return $out;
851 }
852
853 /**
854 * Returns the CSH Icon for given string
855 *
856 * @param string $str Locallang key
857 * @param string $label The label to be used, that should be wrapped in help
858 * @return string HTML output.
859 */
860 protected function getCSH($str, $label)
861 {
862 $context = '_MOD_user_setup';
863 $field = $str;
864 $strParts = explode(':', $str);
865 if (count($strParts) > 1) {
866 // Setting comes from another extension
867 $context = $strParts[0];
868 $field = $strParts[1];
869 } elseif ($str !== 'language' && $str !== 'simuser' && $str !== 'reset') {
870 $field = 'option_' . $str;
871 }
872 return BackendUtility::wrapInHelp($context, $field, $label);
873 }
874
875 /**
876 * Returns array with fields defined in $GLOBALS['TYPO3_USER_SETTINGS']['showitem']
877 *
878 * @return array Array with fieldnames visible in form
879 */
880 protected function getFieldsFromShowItem()
881 {
882 return GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_USER_SETTINGS']['showitem'], true);
883 }
884
885 /**
886 * Get Avatar fileUid
887 *
888 * @param int $beUserId
889 * @return int
890 */
891 protected function getAvatarFileUid($beUserId)
892 {
893 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('sys_file_reference');
894 $file = $queryBuilder
895 ->select('uid_local')
896 ->from('sys_file_reference')
897 ->where(
898 $queryBuilder->expr()->eq('tablenames', $queryBuilder->createNamedParameter('be_users')),
899 $queryBuilder->expr()->eq('fieldname', $queryBuilder->createNamedParameter('avatar')),
900 $queryBuilder->expr()->eq('table_local', $queryBuilder->createNamedParameter('sys_file')),
901 $queryBuilder->expr()->eq('uid_foreign', (int)$beUserId)
902 )
903 ->execute()
904 ->fetchColumn();
905 return (int)$file;
906 }
907
908 /**
909 * Set avatar fileUid for backend user
910 *
911 * @param int $beUserId
912 * @param int $fileUid
913 * @param array $storeRec
914 */
915 protected function setAvatarFileUid($beUserId, $fileUid, array &$storeRec)
916 {
917
918 // Update is only needed when new fileUid is set
919 if ((int)$fileUid === $this->getAvatarFileUid($beUserId)) {
920 return;
921 }
922
923 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('sys_file_reference');
924 $queryBuilder->getRestrictions()->removeAll();
925 $queryBuilder
926 ->delete('sys_file_reference')
927 ->where(
928 $queryBuilder->expr()->eq('tablenames', $queryBuilder->createNamedParameter('be_users')),
929 $queryBuilder->expr()->eq('fieldname', $queryBuilder->createNamedParameter('avatar')),
930 $queryBuilder->expr()->eq('table_local', $queryBuilder->createNamedParameter('sys_file')),
931 $queryBuilder->expr()->eq('uid_foreign', (int)$beUserId)
932 )
933 ->execute();
934
935 // Create new reference
936 if ($fileUid) {
937
938 // Get file object
939 try {
940 $file = ResourceFactory::getInstance()->getFileObject($fileUid);
941 } catch (FileDoesNotExistException $e) {
942 $file = false;
943 }
944
945 // Check if user is allowed to use the image (only when not in simulation mode)
946 if ($file && $this->simUser === 0 && !$file->getStorage()->checkFileActionPermission('read', $file)) {
947 $file = false;
948 }
949
950 // Check if extension is allowed
951 if ($file && GeneralUtility::inList($GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext'], $file->getExtension())) {
952
953 // Create new file reference
954 $storeRec['sys_file_reference']['NEW1234'] = [
955 'uid_local' => (int)$fileUid,
956 'uid_foreign' => (int)$beUserId,
957 'tablenames' => 'be_users',
958 'fieldname' => 'avatar',
959 'pid' => 0,
960 'table_local' => 'sys_file',
961 ];
962 $storeRec['be_users'][(int)$beUserId]['avatar'] = 'NEW1234';
963 }
964 }
965 }
966
967 /**
968 * Add JavaScript to for browse files button
969 *
970 * @param string $fieldName
971 */
972 protected function addAvatarButtonJs($fieldName)
973 {
974 $this->moduleTemplate->addJavaScriptCode('avatar-button', '
975 var browserWin="";
976
977 function openFileBrowser() {
978 var url = ' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('wizard_element_browser', ['mode' => 'file', 'bparams' => '||||dummy|setFileUid'])) . ';
979 browserWin = window.open(url,"Typo3WinBrowser","height=650,width=800,status=0,menubar=0,resizable=1,scrollbars=1");
980 browserWin.focus();
981 }
982
983 function clearExistingImage() {
984 TYPO3.jQuery(' . GeneralUtility::quoteJSvalue('#image_' . htmlspecialchars($fieldName)) . ').hide();
985 TYPO3.jQuery(' . GeneralUtility::quoteJSvalue('#clear_button_' . htmlspecialchars($fieldName)) . ').hide();
986 TYPO3.jQuery(' . GeneralUtility::quoteJSvalue('#field_' . htmlspecialchars($fieldName)) . ').val(\'\');
987 }
988
989 function setFileUid(field, value, fileUid) {
990 clearExistingImage();
991 TYPO3.jQuery(' . GeneralUtility::quoteJSvalue('#field_' . htmlspecialchars($fieldName)) . ').val(fileUid);
992 TYPO3.jQuery(' . GeneralUtility::quoteJSvalue('#add_button_' . htmlspecialchars($fieldName)) . ').removeClass(\'btn-default\').addClass(\'btn-info\');
993
994 browserWin.close();
995 }
996 ');
997 }
998
999 /**
1000 * Returns the current BE user.
1001 *
1002 * @return \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
1003 */
1004 protected function getBackendUser()
1005 {
1006 return $GLOBALS['BE_USER'];
1007 }
1008
1009 /**
1010 * Returns LanguageService
1011 *
1012 * @return \TYPO3\CMS\Lang\LanguageService
1013 */
1014 protected function getLanguageService()
1015 {
1016 return $GLOBALS['LANG'];
1017 }
1018
1019 /**
1020 * Add FlashMessages for various actions
1021 *
1022 * @return void
1023 */
1024 protected function addFlashMessages()
1025 {
1026 $flashMessages = [];
1027
1028 // Show if setup was saved
1029 if ($this->setupIsUpdated && !$this->settingsAreResetToDefault) {
1030 $flashMessages[] = $this->getFlashMessage('setupWasUpdated', 'UserSettings');
1031 }
1032
1033 // Show if temporary data was cleared
1034 if ($this->settingsAreResetToDefault) {
1035 $flashMessages[] = $this->getFlashMessage('settingsAreReset', 'resetConfiguration');
1036 }
1037
1038 // Notice
1039 if ($this->setupIsUpdated || $this->settingsAreResetToDefault) {
1040 $flashMessages[] = $this->getFlashMessage('activateChanges', '', FlashMessage::INFO);
1041 }
1042
1043 // If password is updated, output whether it failed or was OK.
1044 if ($this->passwordIsSubmitted) {
1045 $flashMessage = null;
1046 switch ($this->passwordIsUpdated) {
1047 case self::PASSWORD_OLD_WRONG:
1048 $flashMessages[] = $this->getFlashMessage('oldPassword_failed', 'newPassword', FlashMessage::ERROR);
1049 break;
1050 case self::PASSWORD_NOT_THE_SAME:
1051 $flashMessages[] = $this->getFlashMessage('newPassword_failed', 'newPassword', FlashMessage::ERROR);
1052 break;
1053 case self::PASSWORD_UPDATED:
1054 $flashMessages[] = $this->getFlashMessage('newPassword_ok', 'newPassword');
1055 break;
1056 }
1057 }
1058 if (!empty($flashMessages)) {
1059 $this->enqueueFlashMessages($flashMessages);
1060 }
1061 }
1062
1063 /**
1064 * @param array $flashMessages
1065 * @throws \TYPO3\CMS\Core\Exception
1066 * @return void
1067 */
1068 protected function enqueueFlashMessages(array $flashMessages)
1069 {
1070 $flashMessageService = GeneralUtility::makeInstance(FlashMessageService::class);
1071 $defaultFlashMessageQueue = $flashMessageService->getMessageQueueByIdentifier();
1072 foreach ($flashMessages as $flashMessage) {
1073 $defaultFlashMessageQueue->enqueue($flashMessage);
1074 }
1075 }
1076
1077 /**
1078 * @param string $message
1079 * @param string $title
1080 * @param int $severity
1081 * @return FlashMessage
1082 */
1083 protected function getFlashMessage($message, $title, $severity = FlashMessage::OK)
1084 {
1085 $title = !empty($title) ? $this->getLanguageService()->getLL($title) : ' ';
1086 return GeneralUtility::makeInstance(
1087 FlashMessage::class,
1088 $this->getLanguageService()->getLL($message),
1089 $title,
1090 $severity
1091 );
1092 }
1093 }