[TASK] Replace Space Indent into Tab indent (CGL Cleanup)
[Packages/TYPO3.CMS.git] / typo3 / classes / class.ajaxlogin.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2008-2011 Christoph Koehler (christoph@webempoweredchurch.org)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * This is the ajax handler for backend login after timeout.
29 *
30 * @author Christoph Koehler <christoph@webempoweredchurch.org>
31 */
32 class AjaxLogin {
33
34 /**
35 * Handles the actual login process, more specifically it defines the response.
36 * The login details were sent in as part of the ajax request and automatically logged in
37 * the user inside the init.php part of the ajax call. If that was successful, we have
38 * a BE user and reset the timer and hide the login window.
39 * If it was unsuccessful, we display that and show the login box again.
40 *
41 * @param array $parameters: Parameters (not used)
42 * @param TYPO3AJAX $ajaxObj: The calling parent AJAX object
43 * @return void
44 */
45 public function login(array $parameters, TYPO3AJAX $ajaxObj) {
46 if ($this->isAuthorizedBackendSession()) {
47 $json = array('success' => TRUE);
48 if ($this->hasLoginBeenProcessed()) {
49 $formProtection = t3lib_formprotection_Factory::get();
50 $formProtection->setSessionTokenFromRegistry();
51 $formProtection->persistSessionToken();
52 }
53 } else {
54 $json = array('success' => FALSE);
55 }
56 $ajaxObj->addContent('login', $json);
57 $ajaxObj->setContentFormat('json');
58 }
59
60 /**
61 * Checks if a user is logged in and the session is active.
62 *
63 * @return boolean
64 */
65 protected function isAuthorizedBackendSession() {
66 return (isset($GLOBALS['BE_USER']) && $GLOBALS['BE_USER'] instanceof t3lib_beUserAuth && isset($GLOBALS['BE_USER']->user['uid']));
67 }
68
69 /**
70 * Check whether the user was already authorized or not
71 *
72 * @return boolean
73 */
74 protected function hasLoginBeenProcessed() {
75 $loginFormData = $GLOBALS['BE_USER']->getLoginFormData();
76
77 return ($loginFormData['status'] == 'login')
78 && isset($loginFormData['uname'])
79 && isset($loginFormData['uident'])
80 && isset($loginFormData['chalvalue'])
81 && ((string)$_COOKIE[t3lib_beUserAuth::getCookieName()] !== (string)$GLOBALS['BE_USER']->id);
82 }
83
84 /**
85 * Logs out the current BE user
86 *
87 * @param array $parameters: Parameters (not used)
88 * @param TYPO3AJAX $ajaxObj: The calling parent AJAX object
89 * @return void
90 */
91 public function logout(array $parameters, TYPO3AJAX $ajaxObj) {
92 $GLOBALS['BE_USER']->logoff();
93 if($GLOBALS['BE_USER']->user['uid']) {
94 $ajaxObj->addContent('logout', array('success' => FALSE));
95 } else {
96 $ajaxObj->addContent('logout', array('success' => TRUE));
97 }
98 $ajaxObj->setContentFormat('json');
99 }
100
101 /**
102 * Refreshes the login without needing login information. We just refresh the session.
103 *
104 *
105 * @param array $parameters: Parameters (not used)
106 * @param TYPO3AJAX $ajaxObj: The calling parent AJAX object
107 * @return void
108 */
109 public function refreshLogin(array $parameters, TYPO3AJAX $ajaxObj) {
110 $GLOBALS['BE_USER']->checkAuthentication();
111 $ajaxObj->addContent('refresh', array('success' => TRUE));
112 $ajaxObj->setContentFormat('json');
113 }
114
115
116 /**
117 * Checks if the user session is expired yet
118 *
119 * @param array $parameters: Parameters (not used)
120 * @param TYPO3AJAX $ajaxObj: The calling parent AJAX object
121 * @return void
122 */
123 function isTimedOut(array $parameters, TYPO3AJAX $ajaxObj) {
124 if(is_object($GLOBALS['BE_USER'])) {
125 $ajaxObj->setContentFormat('json');
126 if (@is_file(PATH_typo3conf.'LOCK_BACKEND')) {
127 $ajaxObj->addContent('login', array('will_time_out' => FALSE, 'locked' => TRUE));
128 $ajaxObj->setContentFormat('json');
129 } elseif (!isset($GLOBALS['BE_USER']->user['uid'])) {
130 $ajaxObj->addContent('login', array('timed_out' => TRUE));
131 } else {
132 $GLOBALS['BE_USER']->fetchUserSession(TRUE);
133 $ses_tstamp = $GLOBALS['BE_USER']->user['ses_tstamp'];
134 $timeout = $GLOBALS['BE_USER']->auth_timeout_field;
135
136 // if 120 seconds from now is later than the session timeout, we need to show the refresh dialog.
137 // 120 is somewhat arbitrary to allow for a little room during the countdown and load times, etc.
138 if ($GLOBALS['EXEC_TIME'] >= $ses_tstamp + $timeout - 120) {
139 $ajaxObj->addContent('login', array('will_time_out' => TRUE));
140 } else {
141 $ajaxObj->addContent('login', array('will_time_out' => FALSE));
142 }
143 }
144 } else {
145 $ajaxObj->addContent('login', array('success' => FALSE, 'error' => 'No BE_USER object'));
146 }
147 }
148
149 /**
150 * Gets a MD5 challenge.
151 *
152 * @param array $parameters: Parameters (not used)
153 * @param TYPO3AJAX $parent: The calling parent AJAX object
154 * @return void
155 */
156 public function getChallenge(array $parameters, TYPO3AJAX $parent) {
157 session_start();
158
159 $_SESSION['login_challenge'] = md5(uniqid('') . getmypid());
160
161 session_commit();
162
163 $parent->addContent('challenge', $_SESSION['login_challenge']);
164 $parent->setContentFormat('json');
165 }
166 }
167 ?>