[BUGFIX] Use single quotes for password check
[Packages/TYPO3.CMS.git] / typo3 / sysext / saltedpasswords / Classes / Utility / SaltedPasswordsUtility.php
1 <?php
2 namespace TYPO3\CMS\Saltedpasswords\Utility;
3
4 /**
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 /**
18 * General library class.
19 *
20 * @author Marcus Krause <marcus#exp2009@t3sec.info>
21 * @author Steffen Ritter <info@rs-websystems.de>
22 */
23 class SaltedPasswordsUtility {
24
25 /**
26 * Keeps this extension's key.
27 */
28 const EXTKEY = 'saltedpasswords';
29
30 /**
31 * Calculates number of backend users, who have no saltedpasswords
32 * protection.
33 *
34 * @return integer
35 */
36 static public function getNumberOfBackendUsersWithInsecurePassword() {
37 $userCount = $GLOBALS['TYPO3_DB']->exec_SELECTcountRows(
38 '*',
39 'be_users',
40 'password != \'\''
41 . ' AND password NOT LIKE ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('$%', 'be_users')
42 . ' AND password NOT LIKE ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('M$%', 'be_users')
43 );
44 return $userCount;
45 }
46
47 /**
48 * Returns extension configuration data from $TYPO3_CONF_VARS (configurable in Extension Manager)
49 *
50 * @author Rainer Kuhn <kuhn@punkt.de>
51 * @author Marcus Krause <marcus#exp2009@t3sec.info>
52 * @param string $mode TYPO3_MODE, whether Configuration for Frontend or Backend should be delivered
53 * @return array Extension configuration data
54 */
55 static public function returnExtConf($mode = TYPO3_MODE) {
56 $currentConfiguration = self::returnExtConfDefaults();
57 if (isset($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'])) {
58 $extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords']);
59 // Merge default configuration with modified configuration:
60 if (isset($extensionConfiguration[$mode . '.'])) {
61 $currentConfiguration = array_merge($currentConfiguration, $extensionConfiguration[$mode . '.']);
62 }
63 }
64 return $currentConfiguration;
65 }
66
67 /**
68 * Hook function for felogin "forgotPassword" functionality
69 * encrypts the new password before storing in database
70 *
71 * @param array $params Parameter the hook delivers
72 * @param \TYPO3\CMS\Felogin\Controller\FrontendLoginController $pObj Parent Object from which the hook is called
73 * @return void
74 */
75 public function feloginForgotPasswordHook(array &$params, \TYPO3\CMS\Felogin\Controller\FrontendLoginController $pObj) {
76 if (self::isUsageEnabled('FE')) {
77 $objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance();
78 $params['newPassword'] = $objInstanceSaltedPW->getHashedPassword($params['newPassword']);
79 }
80 }
81
82 /**
83 * Returns default configuration of this extension.
84 *
85 * @return array Default extension configuration data for localconf.php
86 */
87 static public function returnExtConfDefaults() {
88 return array(
89 'onlyAuthService' => '0',
90 'forceSalted' => '0',
91 'updatePasswd' => '1',
92 'saltedPWHashingMethod' => 'TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt',
93 'enabled' => '1'
94 );
95 }
96
97 /**
98 * Function determines the default(=configured) type of
99 * salted hashing method to be used.
100 *
101 * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
102 * @return string Classname of object to be used
103 */
104 static public function getDefaultSaltingHashingMethod($mode = TYPO3_MODE) {
105 $extConf = self::returnExtConf($mode);
106 $classNameToUse = 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt';
107 if (in_array($extConf['saltedPWHashingMethod'], array_keys(\TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getRegisteredSaltedHashingMethods()))) {
108 $classNameToUse = $extConf['saltedPWHashingMethod'];
109 }
110 return $classNameToUse;
111 }
112
113 /**
114 * Returns information if salted password hashes are
115 * indeed used in the TYPO3_MODE.
116 *
117 * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
118 * @return boolean TRUE, if salted password hashes are used in the TYPO3_MODE, otherwise FALSE
119 */
120 static public function isUsageEnabled($mode = TYPO3_MODE) {
121 // Login Security Level Recognition
122 $extConf = self::returnExtConf($mode);
123 $securityLevel = $GLOBALS['TYPO3_CONF_VARS'][$mode]['loginSecurityLevel'];
124 if ($mode == 'BE') {
125 return TRUE;
126 } elseif ($mode == 'FE' && $extConf['enabled']) {
127 return \TYPO3\CMS\Core\Utility\GeneralUtility::inList('normal,rsa', $securityLevel);
128 }
129 return FALSE;
130 }
131
132 }