[TASK] Replace Space Indent into Tab indent (CGL Cleanup)
[Packages/TYPO3.CMS.git] / typo3 / sysext / felogin / pi1 / class.tx_felogin_pi1.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2007-2011 Steffen Kamper <info@sk-typo3.de>
6 * Based on Newloginbox (c) 2002-2004 Kasper Skårhøj <kasper@typo3.com>
7 *
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 *
19 * This script is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * This copyright notice MUST APPEAR in all copies of the script!
25 *
26 * The code was adapted from newloginbox, see manual for detailed description
27 ***************************************************************/
28 /**
29 * Plugin 'Website User Login' for the 'felogin' extension.
30 *
31 * @author Steffen Kamper <info@sk-typo3.de>
32 * @package TYPO3
33 * @subpackage tx_felogin
34 */
35 class tx_felogin_pi1 extends tslib_pibase {
36 var $prefixId = 'tx_felogin_pi1'; // Same as class name
37 var $scriptRelPath = 'pi1/class.tx_felogin_pi1.php'; // Path to this script relative to the extension dir.
38 var $extKey = 'felogin'; // The extension key.
39 public $pi_checkCHash = FALSE;
40 public $pi_USER_INT_obj = TRUE;
41
42 protected $userIsLoggedIn; // Is user logged in?
43 protected $template; // holds the template for FE rendering
44 protected $uploadDir; // upload dir, used for flexform template files
45 protected $redirectUrl; // URL for the redirect
46 protected $noRedirect = FALSE; // flag for disable the redirect
47 protected $logintype; // logintype (given as GPvar), possible: login, logout
48
49 /**
50 * The main method of the plugin
51 *
52 * @param string $content: The PlugIn content
53 * @param array $conf: The PlugIn configuration
54 *
55 * @return string The content that is displayed on the website
56 */
57 public function main($content,$conf) {
58
59 // Loading TypoScript array into object variable:
60 $this->conf = $conf;
61 $this->uploadDir = 'uploads/tx_felogin/';
62
63 // Loading default pivars
64 $this->pi_setPiVarDefaults();
65
66 // Loading language-labels
67 $this->pi_loadLL();
68
69 // Init FlexForm configuration for plugin:
70 $this->pi_initPIflexForm();
71 $this->mergeflexFormValuesIntoConf();
72
73
74 // Get storage PIDs:
75 if ($this->conf['storagePid']) {
76 if (intval($this->conf['recursive'])) {
77 $this->spid = $this->pi_getPidList($this->conf['storagePid'], intval($this->conf['recursive']));
78 } else {
79 $this->spid = $this->conf['storagePid'];
80 }
81 } else {
82 $pids = $GLOBALS['TSFE']->getStorageSiterootPids();
83 $this->spid = $pids['_STORAGE_PID'];
84 }
85
86 // GPvars:
87 $this->logintype = t3lib_div::_GP('logintype');
88 $this->referer = $this->validateRedirectUrl(t3lib_div::_GP('referer'));
89 $this->noRedirect = ($this->piVars['noredirect'] || $this->conf['redirectDisable']);
90
91 // if config.typolinkLinkAccessRestrictedPages is set, the var is return_url
92 $returnUrl = t3lib_div::_GP('return_url');
93 if ($returnUrl) {
94 $this->redirectUrl = $returnUrl;
95 } else {
96 $this->redirectUrl = t3lib_div::_GP('redirect_url');
97 }
98 $this->redirectUrl = $this->validateRedirectUrl($this->redirectUrl);
99
100 // Get Template
101 $templateFile = $this->conf['templateFile'] ? $this->conf['templateFile'] : 'EXT:felogin/template.html';
102 $this->template = $this->cObj->fileResource($templateFile);
103
104 // Is user logged in?
105 $this->userIsLoggedIn = $GLOBALS['TSFE']->loginUser;
106
107 // Redirect
108 if ($this->conf['redirectMode'] && !$this->conf['redirectDisable'] && !$this->noRedirect) {
109 $redirectUrl = $this->processRedirect();
110 if (count($redirectUrl)) {
111 $this->redirectUrl = $this->conf['redirectFirstMethod'] ? array_shift($redirectUrl) : array_pop($redirectUrl);
112 } else {
113 $this->redirectUrl = '';
114 }
115 }
116
117 // What to display
118 $content='';
119 if ($this->piVars['forgot']) {
120 $content .= $this->showForgot();
121 } elseif ($this->piVars['forgothash']) {
122 $content .= $this->changePassword();
123 } else {
124 if($this->userIsLoggedIn && !$this->logintype) {
125 $content .= $this->showLogout();
126 } else {
127 $content .= $this->showLogin();
128 }
129 }
130
131 // Process the redirect
132 if (($this->logintype === 'login' || $this->logintype === 'logout') && $this->redirectUrl && !$this->noRedirect) {
133 if (!$GLOBALS['TSFE']->fe_user->cookieId) {
134 $content .= $this->cObj->stdWrap($this->pi_getLL('cookie_warning', '', 1), $this->conf['cookieWarning_stdWrap.']);
135 } else {
136 // Add hook for extra processing before redirect
137 if (isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect']) && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'])) {
138 $_params = array(
139 'loginType' => $this->logintype,
140 'redirectUrl' => &$this->redirectUrl,
141 );
142 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'] as $_funcRef) {
143 if ($_funcRef) {
144 t3lib_div::callUserFunction($_funcRef, $_params, $this);
145 }
146 }
147 }
148 t3lib_utility_Http::redirect($this->redirectUrl);
149 }
150 }
151
152 // Adds hook for processing of extra item markers / special
153 if (isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent']) && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'])) {
154 $_params = array(
155 'content' => $content
156 );
157 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'] as $_funcRef) {
158 $content = t3lib_div::callUserFunction($_funcRef, $_params, $this);
159 }
160 }
161
162 return $this->conf['wrapContentInBaseClass'] ? $this->pi_wrapInBaseClass($content) : $content;
163
164 }
165
166 /**
167 * Shows the forgot password form
168 *
169 * @return string content
170 */
171 protected function showForgot() {
172 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_FORGOT###');
173 $subpartArray = $linkpartArray = array();
174 $postData = t3lib_div::_POST($this->prefixId);
175
176 if ($postData['forgot_email']) {
177
178 // get hashes for compare
179 $postedHash = $postData['forgot_hash'];
180 $hashData = $GLOBALS['TSFE']->fe_user->getKey('ses', 'forgot_hash');
181
182
183 if ($postedHash === $hashData['forgot_hash']) {
184 $row = FALSE;
185
186 // look for user record
187 $data = $GLOBALS['TYPO3_DB']->fullQuoteStr($this->piVars['forgot_email'], 'fe_users');
188 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
189 'uid, username, password, email',
190 'fe_users',
191 '(email=' . $data .' OR username=' . $data . ') AND pid IN ('.$GLOBALS['TYPO3_DB']->cleanIntList($this->spid).') '.$this->cObj->enableFields('fe_users')
192 );
193
194 if ($GLOBALS['TYPO3_DB']->sql_num_rows($res)) {
195 $row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res);
196 }
197
198 $error = NULL;
199 if ($row) {
200 // generate an email with the hashed link
201 $error = $this->generateAndSendHash($row);
202 } elseif ($this->conf['exposeNonexistentUserInForgotPasswordDialog']) {
203 $error = $this->pi_getLL('ll_forgot_reset_message_error');
204 }
205
206 // generate message
207 if ($error) {
208 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($error, $this->conf['forgotErrorMessage_stdWrap.']);
209 } else {
210 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($this->pi_getLL('ll_forgot_reset_message_emailSent', '', 1), $this->conf['forgotResetMessageEmailSentMessage_stdWrap.']);
211 }
212 $subpartArray['###FORGOT_FORM###'] = '';
213
214
215 } else {
216 //wrong email
217 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
218 $markerArray['###BACKLINK_LOGIN###'] = '';
219 }
220 } else {
221 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
222 $markerArray['###BACKLINK_LOGIN###'] = '';
223 }
224
225 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink($this->pi_getLL('ll_forgot_header_backToLogin', '', 1), array());
226 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('forgot_header', $this->conf['forgotHeader_stdWrap.']);
227
228 $markerArray['###LEGEND###'] = $this->pi_getLL('legend', $this->pi_getLL('reset_password', '', 1), 1);
229 $markerArray['###ACTION_URI###'] = $this->getPageLink('', array($this->prefixId . '[forgot]'=>1), TRUE);
230 $markerArray['###EMAIL_LABEL###'] = $this->pi_getLL('your_email', '', 1);
231 $markerArray['###FORGOT_PASSWORD_ENTEREMAIL###'] = $this->pi_getLL('forgot_password_enterEmail', '', 1);
232 $markerArray['###FORGOT_EMAIL###'] = $this->prefixId.'[forgot_email]';
233 $markerArray['###SEND_PASSWORD###'] = $this->pi_getLL('reset_password', '', 1);
234
235 $markerArray['###DATA_LABEL###'] = $this->pi_getLL('ll_enter_your_data', '', 1);
236
237
238
239 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
240
241 // generate hash
242 $hash = md5($this->generatePassword(3));
243 $markerArray['###FORGOTHASH###'] = $hash;
244 // set hash in feuser session
245 $GLOBALS['TSFE']->fe_user->setKey('ses', 'forgot_hash', array('forgot_hash' => $hash));
246
247
248 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
249 }
250
251 /**
252 * This function checks the hash from link and checks the validity. If it's valid it shows the form for
253 * changing the password and process the change of password after submit, if not valid it returns the error message
254 *
255 * @return string The content.
256 */
257 protected function changePassword() {
258
259 $subpartArray = $linkpartArray = array();
260 $done = FALSE;
261
262 $minLength = intval($this->conf['newPasswordMinLength']) ? intval($this->conf['newPasswordMinLength']) : 6;
263
264 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_CHANGEPASSWORD###');
265
266 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('change_password_header', $this->conf['changePasswordHeader_stdWrap.']);
267 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText('change_password_message', $this->conf['changePasswordMessage_stdWrap.']), $minLength);
268
269 $markerArray['###BACKLINK_LOGIN###'] = '';
270 $uid = $this->piVars['user'];
271 $piHash = $this->piVars['forgothash'];
272
273 $hash = explode('|', $piHash);
274 if (intval($uid) == 0) {
275 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('change_password_notvalid_message', $this->conf['changePasswordNotValidMessage_stdWrap.']);
276 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
277 } else {
278 $user = $this->pi_getRecord('fe_users', intval($uid));
279 $userHash = $user['felogin_forgotHash'];
280 $compareHash = explode('|', $userHash);
281
282 if (!$compareHash || !$compareHash[1] || $compareHash[0] < time() || $hash[0] != $compareHash[0] || md5($hash[1]) != $compareHash[1]) {
283 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('change_password_notvalid_message',$this->conf['changePasswordNotValidMessage_stdWrap.']);
284 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
285 } else {
286 // all is fine, continue with new password
287 $postData = t3lib_div::_POST($this->prefixId);
288
289 if (isset($postData['changepasswordsubmit'])) {
290 if (strlen($postData['password1']) < $minLength) {
291 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText('change_password_tooshort_message', $this->conf['changePasswordTooShortMessage_stdWrap.']), $minLength);
292 } elseif ($postData['password1'] != $postData['password2']) {
293 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText('change_password_notequal_message', $this->conf['changePasswordNotEqualMessage_stdWrap.']), $minLength);
294 } else {
295 $newPass = $postData['password1'];
296
297 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
298 $_params = array(
299 'user' => $user,
300 'newPassword' => $newPass,
301 );
302 foreach($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
303 if ($_funcRef) {
304 t3lib_div::callUserFunction($_funcRef, $_params, $this);
305 }
306 }
307 $newPass = $_params['newPassword'];
308 }
309
310 // save new password and clear DB-hash
311 $res = $GLOBALS['TYPO3_DB']->exec_UPDATEquery(
312 'fe_users',
313 'uid=' . $user['uid'],
314 array('password' => $newPass, 'felogin_forgotHash' => '')
315 );
316 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('change_password_done_message', $this->conf['changePasswordDoneMessage_stdWrap.']);
317 $done = TRUE;
318 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
319 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(
320 $this->pi_getLL('ll_forgot_header_backToLogin', '', 1),
321 array($this->prefixId . '[redirectReferrer]' => 'off')
322 );
323 }
324 }
325
326 if (!$done) {
327 // Change password form
328 $markerArray['###ACTION_URI###'] = $this->pi_getPageLink($GLOBALS['TSFE']->id, '', array(
329 $this->prefixId . '[user]' => $user['uid'],
330 $this->prefixId . '[forgothash]' => $piHash
331 ));
332 $markerArray['###LEGEND###'] = $this->pi_getLL('change_password', '', 1);
333 $markerArray['###NEWPASSWORD1_LABEL###'] = $this->pi_getLL('newpassword_label1', '', 1);
334 $markerArray['###NEWPASSWORD2_LABEL###'] = $this->pi_getLL('newpassword_label2', '', 1);
335 $markerArray['###NEWPASSWORD1###'] = $this->prefixId . '[password1]';
336 $markerArray['###NEWPASSWORD2###'] = $this->prefixId . '[password2]';
337 $markerArray['###STORAGE_PID###'] = $this->spid;
338 $markerArray['###SEND_PASSWORD###'] = $this->pi_getLL('change_password', '', 1);
339 $markerArray['###FORGOTHASH###'] = $piHash;
340 }
341 }
342 }
343
344 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
345 }
346
347 /**
348 * generates a hashed link and send it with email
349 *
350 * @param array $user contains user data
351 * @return string Empty string with success, error message with no success
352 */
353 protected function generateAndSendHash($user) {
354 $hours = intval($this->conf['forgotLinkHashValidTime']) > 0 ? intval($this->conf['forgotLinkHashValidTime']) : 24;
355 $validEnd = time() + 3600 * $hours;
356 $validEndString = date($this->conf['dateFormat'], $validEnd);
357
358 $hash = md5(t3lib_div::generateRandomBytes(64));
359 $randHash = $validEnd . '|' . $hash;
360 $randHashDB = $validEnd . '|' . md5($hash);
361
362 //write hash to DB
363 $res = $GLOBALS['TYPO3_DB']->exec_UPDATEquery('fe_users', 'uid=' . $user['uid'], array('felogin_forgotHash' => $randHashDB));
364
365 // send hashlink to user
366 $this->conf['linkPrefix'] = -1;
367 $isAbsRelPrefix = !empty($GLOBALS['TSFE']->absRefPrefix);
368 $isBaseURL = !empty($GLOBALS['TSFE']->baseUrl);
369 $isFeloginBaseURL = !empty($this->conf['feloginBaseURL']);
370
371 $link = $this->pi_getPageLink($GLOBALS['TSFE']->id, '', array(
372 $this->prefixId . '[user]' => $user['uid'],
373 $this->prefixId . '[forgothash]' => $randHash
374 ));
375
376 // Prefix link if necessary
377 if ($isFeloginBaseURL) {
378 // First priority, use specific base URL
379 // "absRefPrefix" must be removed first, otherwise URL will be prepended twice
380 if (!empty($GLOBALS['TSFE']->absRefPrefix)) {
381 $link = substr($link, strlen($GLOBALS['TSFE']->absRefPrefix));
382 }
383 $link = $this->conf['feloginBaseURL'] . $link;
384 } elseif ($isAbsRelPrefix) {
385 // Second priority
386 // absRefPrefix must not necessarily contain a hostname and URL scheme, so add it if needed
387 $link = t3lib_div::locationHeaderUrl($link);
388 } elseif ($isBaseURL) {
389 // Third priority
390 // Add the global base URL to the link
391 $link = $GLOBALS['TSFE']->baseUrlWrap($link);
392 } else {
393 // no prefix is set, return the error
394 return $this->pi_getLL('ll_change_password_nolinkprefix_message');
395 }
396
397 $msg = sprintf($this->pi_getLL('ll_forgot_validate_reset_password', '', 0), $user['username'], $link, $validEndString);
398
399 // Add hook for extra processing of mail message
400 if (isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail']) &&
401 is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'])
402 ) {
403 $params = array(
404 'message' => &$msg,
405 'user' => &$user,
406 );
407 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'] as $reference) {
408 if ($reference) {
409 t3lib_div::callUserFunction($reference, $params, $this);
410 }
411 }
412 }
413
414 // no RDCT - Links for security reasons
415 $oldSetting = $GLOBALS['TSFE']->config['config']['notification_email_urlmode'];
416 $GLOBALS['TSFE']->config['config']['notification_email_urlmode'] = 0;
417 // send the email
418 $this->cObj->sendNotifyEmail($msg, $user['email'], '', $this->conf['email_from'], $this->conf['email_fromName'], $this->conf['replyTo']);
419 // restore settings
420 $GLOBALS['TSFE']->config['config']['notification_email_urlmode'] = $oldSetting;
421
422 return '';
423 }
424
425 /**
426 * Shows logout form
427 *
428 * @return string The content.
429 */
430 protected function showLogout() {
431 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGOUT###');
432 $subpartArray = $linkpartArray = array();
433
434 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('status_header',$this->conf['logoutHeader_stdWrap.']);
435 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('status_message', $this->conf['logoutMessage_stdWrap.']);
436 $this->cObj->stdWrap($this->flexFormValue('message', 's_status'), $this->conf['logoutMessage_stdWrap.']);
437
438 $markerArray['###LEGEND###'] = $this->pi_getLL('logout', '', 1);
439 $markerArray['###ACTION_URI###'] = $this->getPageLink('',array(),TRUE);
440 $markerArray['###LOGOUT_LABEL###'] = $this->pi_getLL('logout', '', 1);
441 $markerArray['###NAME###'] = htmlspecialchars($GLOBALS['TSFE']->fe_user->user['name']);
442 $markerArray['###STORAGE_PID###'] = $this->spid;
443 $markerArray['###USERNAME###'] = htmlspecialchars($GLOBALS['TSFE']->fe_user->user['username']);
444 $markerArray['###USERNAME_LABEL###'] = $this->pi_getLL('username', '', 1);
445 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
446 $markerArray['###PREFIXID###'] = $this->prefixId;
447 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
448
449 if ($this->redirectUrl) {
450 // use redirectUrl for action tag because of possible access restricted pages
451 $markerArray['###ACTION_URI###'] = htmlspecialchars($this->redirectUrl);
452 $this->redirectUrl = '';
453 }
454 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
455 }
456
457 /**
458 * Shows login form
459 *
460 * @return string content
461 */
462 protected function showLogin() {
463 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGIN###');
464 $subpartArray = $linkpartArray = $markerArray = array();
465
466 $gpRedirectUrl = '';
467
468 $markerArray['###LEGEND###'] = $this->pi_getLL('oLabel_header_welcome', '', 1);
469
470 if($this->logintype === 'login') {
471 if($this->userIsLoggedIn) {
472 // login success
473 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('success_header',$this->conf['successHeader_stdWrap.']);
474 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('success_message', $this->conf['successMessage_stdWrap.']);
475 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
476 $subpartArray['###LOGIN_FORM###'] = '';
477
478 // Hook for general actions after after login has been confirmed (by Thomas Danzl <thomas@danzl.org>)
479 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed']) {
480 $_params = array();
481 foreach($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed'] as $_funcRef) {
482 if ($_funcRef) {
483 t3lib_div::callUserFunction($_funcRef, $_params, $this);
484 }
485 }
486 }
487 // show logout form directly
488 if ($this->conf['showLogoutFormAfterLogin']) {
489 $this->redirectUrl = '';
490 return $this->showLogout();
491 }
492 } else {
493 // login error
494 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('error_header',$this->conf['errorHeader_stdWrap.']);
495 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('error_message',$this->conf['errorMessage_stdWrap.']);
496 $gpRedirectUrl = t3lib_div::_GP('redirect_url');
497 }
498 } else {
499 if($this->logintype === 'logout') {
500 // login form after logout
501 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('logout_header', $this->conf['logoutHeader_stdWrap.']);
502 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('logout_message', $this->conf['logoutMessage_stdWrap.']);
503 } else {
504 // login form
505 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('welcome_header',$this->conf['welcomeHeader_stdWrap.']);
506 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('welcome_message',$this->conf['welcomeMessage_stdWrap.']);
507 }
508 }
509
510
511 // Hook (used by kb_md5fepw extension by Kraft Bernhard <kraftb@gmx.net>)
512 // This hook allows to call User JS functions.
513 // The methods should also set the required JS functions to get included
514 $onSubmit = '';
515 $extraHidden = '';
516 $onSubmitAr = array();
517 $extraHiddenAr = array();
518
519 // check for referer redirect method. if present, save referer in form field
520 if (t3lib_div::inList($this->conf['redirectMode'], 'referer') || t3lib_div::inList($this->conf['redirectMode'], 'refererDomains')) {
521 $referer = $this->referer ? $this->referer : t3lib_div::getIndpEnv('HTTP_REFERER');
522 if ($referer) {
523 $extraHiddenAr[] = '<input type="hidden" name="referer" value="' . htmlspecialchars($referer) . '" />';
524 if ($this->piVars['redirectReferrer'] === 'off') {
525 $extraHiddenAr[] = '<input type="hidden" name="' . $this->prefixId . '[redirectReferrer]" value="off" />';
526 }
527 }
528 }
529
530 if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'])) {
531 $_params = array();
532 foreach($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] as $funcRef) {
533 list($onSub, $hid) = t3lib_div::callUserFunction($funcRef, $_params, $this);
534 $onSubmitAr[] = $onSub;
535 $extraHiddenAr[] = $hid;
536 }
537 }
538 if (count($onSubmitAr)) {
539 $onSubmit = implode('; ', $onSubmitAr).'; return true;';
540 }
541 if (count($extraHiddenAr)) {
542 $extraHidden = implode(LF, $extraHiddenAr);
543 }
544
545 if (!$gpRedirectUrl && $this->redirectUrl) {
546 $gpRedirectUrl = $this->redirectUrl;
547 }
548
549 // Login form
550 $markerArray['###ACTION_URI###'] = $this->getPageLink('',array(),TRUE);
551 $markerArray['###EXTRA_HIDDEN###'] = $extraHidden; // used by kb_md5fepw extension...
552 $markerArray['###LEGEND###'] = $this->pi_getLL('login', '', 1);
553 $markerArray['###LOGIN_LABEL###'] = $this->pi_getLL('login', '', 1);
554 $markerArray['###ON_SUBMIT###'] = $onSubmit; // used by kb_md5fepw extension...
555 $markerArray['###PASSWORD_LABEL###'] = $this->pi_getLL('password', '', 1);
556 $markerArray['###STORAGE_PID###'] = $this->spid;
557 $markerArray['###USERNAME_LABEL###'] = $this->pi_getLL('username', '', 1);
558 $markerArray['###REDIRECT_URL###'] = htmlspecialchars($gpRedirectUrl);
559 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
560 $markerArray['###PREFIXID###'] = $this->prefixId;
561 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
562
563 if ($this->flexFormValue('showForgotPassword','sDEF') || $this->conf['showForgotPasswordLink']) {
564 $linkpartArray['###FORGOT_PASSWORD_LINK###'] = explode('|',$this->getPageLink('|',array($this->prefixId.'[forgot]'=>1)));
565 $markerArray['###FORGOT_PASSWORD###'] = $this->pi_getLL('ll_forgot_header', '', 1);
566 } else {
567 $subpartArray['###FORGOTP_VALID###'] = '';
568 }
569
570
571 // The permanent login checkbox should only be shown if permalogin is not deactivated (-1), not forced to be always active (2) and lifetime is greater than 0
572 if ($this->conf['showPermaLogin'] && t3lib_div::inList('0,1', $GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin']) && $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'] > 0) {
573 $markerArray['###PERMALOGIN###'] = $this->pi_getLL('permalogin', '', 1);
574 if($GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'] == 1) {
575 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = 'disabled="disabled"';
576 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = 'checked="checked"';
577 } else {
578 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = '';
579 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = '';
580 }
581 } else {
582 $subpartArray['###PERMALOGIN_VALID###'] = '';
583 }
584 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
585 }
586
587 /**
588 * Process redirect methods. The function searches for a redirect url using all configured methods.
589 *
590 * @return string redirect url
591 */
592 protected function processRedirect() {
593 $redirect_url = array();
594 if ($this->conf['redirectMode']) {
595 $redirectMethods = t3lib_div::trimExplode(',', $this->conf['redirectMode'], TRUE);
596 foreach ($redirectMethods as $redirMethod) {
597 if ($GLOBALS['TSFE']->loginUser && $this->logintype === 'login') {
598 // logintype is needed because the login-page wouldn't be accessible anymore after a login (would always redirect)
599 switch ($redirMethod) {
600 case 'groupLogin': // taken from dkd_redirect_at_login written by Ingmar Schlecht; database-field changed
601 $groupData = $GLOBALS['TSFE']->fe_user->groupData;
602 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
603 'felogin_redirectPid',
604 $GLOBALS['TSFE']->fe_user->usergroup_table,
605 'felogin_redirectPid<>\'\' AND uid IN (' . implode(',', $groupData['uid']) . ')'
606 );
607 if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_row($res)) {
608 $redirect_url[] = $this->pi_getPageLink($row[0]); // take the first group with a redirect page
609 }
610 break;
611 case 'userLogin':
612 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
613 'felogin_redirectPid',
614 $GLOBALS['TSFE']->fe_user->user_table,
615 $GLOBALS['TSFE']->fe_user->userid_column . '=' . $GLOBALS['TSFE']->fe_user->user['uid'] . ' AND felogin_redirectPid<>\'\''
616 );
617 if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_row($res)) {
618 $redirect_url[] = $this->pi_getPageLink($row[0]);
619 }
620 break;
621 case 'login':
622 if ($this->conf['redirectPageLogin']) {
623 $redirect_url[] = $this->pi_getPageLink(intval($this->conf['redirectPageLogin']));
624 }
625 break;
626 case 'getpost':
627 $redirect_url[] = $this->redirectUrl;
628 break;
629 case 'referer':
630 // avoid redirect when logging in after changing password
631 if ($this->piVars['redirectReferrer'] !== 'off') {
632 // avoid forced logout, when trying to login immediatly after a logout
633 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $this->referer);
634 }
635 break;
636 case 'refererDomains':
637 // Auto redirect.
638 // Feature to redirect to the page where the user came from (HTTP_REFERER).
639 // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
640 // Thanks to plan2.net / Martin Kutschker for implementing this feature.
641 // also avoid redirect when logging in after changing password
642 if ($this->conf['domains'] && $this->piVars['redirectReferrer'] !== 'off') {
643 $url = $this->referer;
644 // is referring url allowed to redirect?
645 $match = array();
646 if (preg_match('/^http://([[:alnum:]._-]+)//', $url, $match)) {
647 $redirect_domain = $match[1];
648 $found = FALSE;
649 foreach(t3lib_div::trimExplode(',', $this->conf['domains'], TRUE) as $d) {
650 if (preg_match('/(^|\.)/'.$d.'$', $redirect_domain)) {
651 $found = TRUE;
652 break;
653 }
654 }
655 if (!$found) {
656 $url = '';
657 }
658 }
659
660 // Avoid forced logout, when trying to login immediatly after a logout
661 if ($url) {
662 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url);
663 }
664 }
665 break;
666 }
667 } elseif ($this->logintype === 'login') { // after login-error
668 switch ($redirMethod) {
669 case 'loginError':
670 if ($this->conf['redirectPageLoginError']) {
671 $redirect_url[] = $this->pi_getPageLink(intval($this->conf['redirectPageLoginError']));
672 }
673 break;
674 }
675 } elseif (($this->logintype == '') && ($redirMethod == 'login') && $this->conf['redirectPageLogin']) {
676 // if login and page not accessible
677 $this->cObj->typolink('', array(
678 'parameter' => $this->conf['redirectPageLogin'],
679 'linkAccessRestrictedPages' => TRUE,
680 ));
681 $redirect_url[] = $this->cObj->lastTypoLinkUrl;
682
683 } elseif (($this->logintype == '') && ($redirMethod == 'logout') && $this->conf['redirectPageLogout'] && $GLOBALS['TSFE']->loginUser) {
684 // if logout and page not accessible
685 $redirect_url[] = $this->pi_getPageLink(intval($this->conf['redirectPageLogout']));
686
687 } elseif ($this->logintype === 'logout') { // after logout
688
689 // Hook for general actions after after logout has been confirmed
690 if ($this->logintype === 'logout' && $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed']) {
691 $_params = array();
692 foreach($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed'] as $_funcRef) {
693 if ($_funcRef) {
694 t3lib_div::callUserFunction($_funcRef, $_params, $this);
695 }
696 }
697 }
698
699 switch ($redirMethod) {
700 case 'logout':
701 if ($this->conf['redirectPageLogout']) {
702 $redirect_url[] = $this->pi_getPageLink(intval($this->conf['redirectPageLogout']));
703 }
704 break;
705 }
706 } else { // not logged in
707 // Placeholder for maybe future options
708 switch ($redirMethod) {
709 case 'getpost':
710 // preserve the get/post value
711 $redirect_url[] = $this->redirectUrl;
712 break;
713 }
714 }
715
716 }
717 }
718 // remove empty values
719 if (count($redirect_url)) {
720 return t3lib_div::trimExplode(',', implode(',', $redirect_url), TRUE);
721 } else {
722 return array();
723 }
724 }
725
726 /**
727 * Reads flexform configuration and merge it with $this->conf
728 *
729 * @return void
730 */
731 protected function mergeflexFormValuesIntoConf() {
732 $flex = array();
733 if ($this->flexFormValue('showForgotPassword', 'sDEF')) {
734 $flex['showForgotPassword'] = $this->flexFormValue('showForgotPassword','sDEF');
735 }
736
737 if ($this->flexFormValue('showPermaLogin', 'sDEF')) {
738 $flex['showPermaLogin'] = $this->flexFormValue('showPermaLogin', 'sDEF');
739 }
740
741 if ($this->flexFormValue('showLogoutFormAfterLogin', 'sDEF')) {
742 $flex['showLogoutFormAfterLogin'] = $this->flexFormValue('showLogoutFormAfterLogin', 'sDEF');
743 }
744
745 if ($this->flexFormValue('pages', 'sDEF')) {
746 $flex['pages'] = $this->flexFormValue('pages', 'sDEF');
747 }
748
749 if ($this->flexFormValue('recursive', 'sDEF')) {
750 $flex['recursive'] = $this->flexFormValue('recursive', 'sDEF');
751 }
752
753 if ($this->flexFormValue('templateFile', 'sDEF')) {
754 $flex['templateFile'] = $this->uploadDir . $this->flexFormValue('templateFile', 'sDEF');
755 }
756
757 if ($this->flexFormValue('redirectMode', 's_redirect')) {
758 $flex['redirectMode'] = $this->flexFormValue('redirectMode', 's_redirect');
759 }
760
761 if ($this->flexFormValue('redirectFirstMethod', 's_redirect')) {
762 $flex['redirectFirstMethod'] = $this->flexFormValue('redirectFirstMethod', 's_redirect');
763 }
764
765 if ($this->flexFormValue('redirectDisable', 's_redirect')) {
766 $flex['redirectDisable'] = $this->flexFormValue('redirectDisable', 's_redirect');
767 }
768
769 if ($this->flexFormValue('redirectPageLogin', 's_redirect')) {
770 $flex['redirectPageLogin'] = $this->flexFormValue('redirectPageLogin', 's_redirect');
771 }
772
773 if ($this->flexFormValue('redirectPageLoginError', 's_redirect')) {
774 $flex['redirectPageLoginError'] = $this->flexFormValue('redirectPageLoginError','s_redirect');
775 }
776
777 if ($this->flexFormValue('redirectPageLogout', 's_redirect')) {
778 $flex['redirectPageLogout'] = $this->flexFormValue('redirectPageLogout', 's_redirect');
779 }
780
781 $pid = $flex['pages'] ? $this->pi_getPidList($flex['pages'], $flex['recursive']) : 0;
782 if ($pid > 0) {
783 $flex['storagePid'] = $pid;
784 }
785
786 $this->conf = array_merge($this->conf, $flex);
787 }
788
789 /**
790 * Loads a variable from the flexform
791 *
792 * @param string name of variable
793 * @param string name of sheet
794 * @return string value of var
795 */
796 protected function flexFormValue($var, $sheet) {
797 return $this->pi_getFFvalue($this->cObj->data['pi_flexform'], $var,$sheet);
798 }
799
800 /**
801 * Generate link with typolink function
802 *
803 * @param string linktext
804 * @param array link vars
805 * @param boolean TRUE: returns only url FALSE (default) returns the link)
806 *
807 * @return string link or url
808 */
809 protected function getPageLink($label, $piVars,$returnUrl = FALSE) {
810 $additionalParams = '';
811
812 if (count($piVars)) {
813 foreach($piVars as $key=>$val) {
814 $additionalParams .= '&' . $key . '=' . $val;
815 }
816 }
817 // should GETvars be preserved?
818 if ($this->conf['preserveGETvars']) {
819 $additionalParams .= $this->getPreserveGetVars();
820 }
821
822 $this->conf['linkConfig.']['parameter'] = $GLOBALS['TSFE']->id;
823 if ($additionalParams) {
824 $this->conf['linkConfig.']['additionalParams'] = $additionalParams;
825 }
826
827 if ($returnUrl) {
828 return htmlspecialchars($this->cObj->typolink_url($this->conf['linkConfig.']));
829 } else {
830 return $this->cObj->typolink($label,$this->conf['linkConfig.']);
831 }
832 }
833
834 /**
835 * Is used by TS-setting preserveGETvars
836 * possible values are "all" or a commaseperated list of GET-vars
837 * they are used as additionalParams for link generation
838 *
839 * @return string additionalParams-string
840 */
841 protected function getPreserveGetVars() {
842
843 $params = '';
844 $preserveVars =! ($this->conf['preserveGETvars'] || $this->conf['preserveGETvars']=='all' ? array() : implode(',', (array)$this->conf['preserveGETvars']));
845 $getVars = t3lib_div::_GET();
846
847 foreach ($getVars as $key => $val) {
848 if (stristr($key,$this->prefixId) === FALSE) {
849 if (is_array($val)) {
850 foreach ($val as $key1 => $val1) {
851 if ($this->conf['preserveGETvars'] == 'all' || in_array($key . '[' . $key1 .']', $preserveVars)) {
852 $params .= '&' . $key . '[' . $key1 . ']=' . $val1;
853 }
854 }
855 } else {
856 if (!in_array($key, array('id','no_cache','logintype','redirect_url','cHash'))) {
857 $params .= '&' . $key . '=' . $val;
858 }
859 }
860 }
861 }
862 return $params;
863 }
864
865 /**
866 * Is used by forgot password - function with md5 option.
867 *
868 * @author Bernhard Kraft
869 *
870 * @param int length of new password
871 * @return string new password
872 */
873 protected function generatePassword($len) {
874 $pass = '';
875 while ($len--) {
876 $char = rand(0,35);
877 if ($char < 10) {
878 $pass .= '' . $char;
879 } else {
880 $pass .= chr($char - 10 + 97);
881 }
882 }
883 return $pass;
884 }
885
886 /**
887 * Returns the header / message value from flexform if present, else from locallang.xml
888 *
889 * @param string label name
890 * @param string TS stdWrap array
891 * @return string label text
892 */
893 protected function getDisplayText($label, $stdWrapArray=array()) {
894 $text = $this->flexFormValue($label, 's_messages') ? $this->cObj->stdWrap($this->flexFormValue($label, 's_messages'), $stdWrapArray) : $this->cObj->stdWrap($this->pi_getLL('ll_'.$label, '', 1), $stdWrapArray);
895 $replace = $this->getUserFieldMarkers();
896 return strtr($text, $replace);
897 }
898
899 /**
900 * Returns Array of markers filled with user fields
901 *
902 * @return array marker array
903 */
904 protected function getUserFieldMarkers() {
905 $marker = array();
906 // replace markers with fe_user data
907 if ($GLOBALS['TSFE']->fe_user->user) {
908 // all fields of fe_user will be replaced, scheme is ###FEUSER_FIELDNAME###
909 foreach ($GLOBALS['TSFE']->fe_user->user as $field => $value) {
910 $marker['###FEUSER_' . t3lib_div::strtoupper($field) . '###'] = $this->cObj->stdWrap($value, $this->conf['userfields.'][$field . '.']);
911 }
912 // add ###USER### for compatibility
913 $marker['###USER###'] = $marker['###FEUSER_USERNAME###'];
914 }
915 return $marker;
916 }
917
918 /**
919 * Returns a valid and XSS cleaned url for redirect, checked against configuration "allowedRedirectHosts"
920 *
921 * @param string $url
922 * @return string cleaned referer or empty string if not valid
923 */
924 protected function validateRedirectUrl($url) {
925 $url = strval($url);
926 if ($url === '') {
927 return '';
928 }
929
930 $decodedUrl = rawurldecode($url);
931 $sanitizedUrl = t3lib_div::removeXSS($decodedUrl);
932
933 if ($decodedUrl !== $sanitizedUrl || preg_match('#["<>\\\]+#', $url)) {
934 t3lib_div::sysLog(sprintf($this->pi_getLL('xssAttackDetected'), $url), 'felogin', t3lib_div::SYSLOG_SEVERITY_WARNING);
935 return '';
936 }
937
938 // Validate the URL:
939 if ($this->isRelativeUrl($url) || $this->isInCurrentDomain($url) || $this->isInLocalDomain($url)) {
940 return $url;
941 }
942
943 // URL is not allowed
944 t3lib_div::sysLog(sprintf($this->pi_getLL('noValidRedirectUrl'), $url), 'felogin', t3lib_div::SYSLOG_SEVERITY_WARNING);
945 return '';
946 }
947
948 /**
949 * Determines whether the URL is on the current host
950 * and belongs to the current TYPO3 installation.
951 *
952 * @param string $url URL to be checked
953 * @return boolean Whether the URL belongs to the current TYPO3 installation
954 */
955 protected function isInCurrentDomain($url) {
956 return (t3lib_div::isOnCurrentHost($url) && t3lib_div::isFirstPartOfStr($url, t3lib_div::getIndpEnv('TYPO3_SITE_URL')));
957 }
958
959 /**
960 * Determines whether the URL matches a domain
961 * in the sys_domain databse table.
962 *
963 * @param string $url Absolute URL which needs to be checked
964 * @return boolean Whether the URL is considered to be local
965 */
966 protected function isInLocalDomain($url) {
967 $result = FALSE;
968
969 if (t3lib_div::isValidUrl($url)) {
970 $parsedUrl = parse_url($url);
971 if ($parsedUrl['scheme'] === 'http' || $parsedUrl['scheme'] === 'https' ) {
972 $host = $parsedUrl['host'];
973 // Removes the last path segment and slash sequences like /// (if given):
974 $path = preg_replace('#/+[^/]*$#', '', $parsedUrl['path']);
975
976 $localDomains = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows(
977 'domainName',
978 'sys_domain',
979 '1=1' . $this->cObj->enableFields('sys_domain')
980 );
981 if (is_array($localDomains)) {
982 foreach ($localDomains as $localDomain) {
983 // strip trailing slashes (if given)
984 $domainName = rtrim($localDomain['domainName'], '/');
985 if (t3lib_div::isFirstPartOfStr($host. $path . '/', $domainName . '/')) {
986 $result = TRUE;
987 break;
988 }
989 }
990 }
991 }
992 }
993 return $result;
994 }
995
996 /**
997 * Determines wether the URL is relative to the
998 * current TYPO3 installation.
999 *
1000 * @param string $url URL which needs to be checked
1001 * @return boolean Whether the URL is considered to be relative
1002 */
1003 protected function isRelativeUrl($url) {
1004 $parsedUrl = @parse_url($url);
1005 if ($parsedUrl !== FALSE && !isset($parsedUrl['scheme']) && !isset($parsedUrl['host'])) {
1006 // If the relative URL starts with a slash, we need to check if it's within the current site path
1007 return (!t3lib_div::isFirstPartOfStr($parsedUrl['path'], '/') || t3lib_div::isFirstPartOfStr($parsedUrl['path'], t3lib_div::getIndpEnv('TYPO3_SITE_PATH')));
1008 }
1009 return FALSE;
1010 }
1011 }
1012 ?>