a404c9538a928d52583948eeea0a81a565fa01e4
[Packages/TYPO3.CMS.git] / typo3 / sysext / felogin / Classes / Controller / FrontendLoginController.php
1 <?php
2 namespace TYPO3\CMS\Felogin\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Utility\GeneralUtility;
18 use TYPO3\CMS\Core\Utility\StringUtility;
19
20 /**
21 * Plugin 'Website User Login' for the 'felogin' extension.
22 *
23 * @author Steffen Kamper <info@sk-typo3.de>
24 */
25 class FrontendLoginController extends \TYPO3\CMS\Frontend\Plugin\AbstractPlugin {
26
27 /**
28 * Same as class name
29 *
30 * @var string
31 */
32 public $prefixId = 'tx_felogin_pi1';
33
34 /**
35 * Path to this script relative to the extension dir.
36 *
37 * @var string
38 * @TODO This is still set to the "old" class location since the locallang.xlf file in the same dir is loaded by pi_loadLL
39 */
40 public $scriptRelPath = 'pi1/class.tx_felogin_pi1.php';
41
42 /**
43 * The extension key.
44 *
45 * @var string
46 */
47 public $extKey = 'felogin';
48
49 /**
50 * @var bool
51 */
52 public $pi_checkCHash = FALSE;
53
54 /**
55 * @var bool
56 */
57 public $pi_USER_INT_obj = TRUE;
58
59 /**
60 * Is user logged in?
61 *
62 * @var bool
63 */
64 protected $userIsLoggedIn;
65
66 /**
67 * Holds the template for FE rendering
68 *
69 * @var string
70 */
71 protected $template;
72
73 /**
74 * Upload directory, used for flexform template files
75 *
76 * @var string
77 */
78 protected $uploadDir;
79
80 /**
81 * URL for the redirect
82 *
83 * @var string
84 */
85 protected $redirectUrl;
86
87 /**
88 * Flag for disable the redirect
89 *
90 * @var bool
91 */
92 protected $noRedirect = FALSE;
93
94 /**
95 * Logintype (given as GPvar), possible: login, logout
96 *
97 * @var string
98 */
99 protected $logintype;
100
101 /**
102 * A list of page UIDs, either an integer or a comma-separated list of integers
103 *
104 * @var string
105 */
106 public $spid;
107
108 /**
109 * Referrer
110 *
111 * @var string
112 */
113 public $referer;
114
115 /**
116 * The main method of the plugin
117 *
118 * @param string $content The PlugIn content
119 * @param array $conf The PlugIn configuration
120 * @return string The content that is displayed on the website
121 */
122 public function main($content, $conf) {
123 // Loading TypoScript array into object variable:
124 $this->conf = $conf;
125 $this->uploadDir = 'uploads/tx_felogin/';
126 // Loading default pivars
127 $this->pi_setPiVarDefaults();
128 // Loading language-labels
129 $this->pi_loadLL();
130 // Init FlexForm configuration for plugin:
131 $this->pi_initPIflexForm();
132 $this->mergeflexFormValuesIntoConf();
133 // Get storage PIDs:
134 if ($this->conf['storagePid']) {
135 if ((int)$this->conf['recursive']) {
136 $this->spid = $this->pi_getPidList($this->conf['storagePid'], (int)$this->conf['recursive']);
137 } else {
138 $this->spid = $this->conf['storagePid'];
139 }
140 } else {
141 $pids = $this->frontendController->getStorageSiterootPids();
142 $this->spid = $pids['_STORAGE_PID'];
143 }
144 // GPvars:
145 $this->logintype = GeneralUtility::_GP('logintype');
146 $this->referer = $this->validateRedirectUrl(GeneralUtility::_GP('referer'));
147 $this->noRedirect = $this->piVars['noredirect'] || $this->conf['redirectDisable'];
148 // If config.typolinkLinkAccessRestrictedPages is set, the var is return_url
149 $returnUrl = GeneralUtility::_GP('return_url');
150 if ($returnUrl) {
151 $this->redirectUrl = $returnUrl;
152 } else {
153 $this->redirectUrl = GeneralUtility::_GP('redirect_url');
154 }
155 $this->redirectUrl = $this->validateRedirectUrl($this->redirectUrl);
156 // Get Template
157 $templateFile = $this->conf['templateFile'] ?: 'EXT:felogin/template.html';
158 $this->template = $this->cObj->fileResource($templateFile);
159 // Is user logged in?
160 $this->userIsLoggedIn = $this->frontendController->loginUser;
161 // Redirect
162 if ($this->conf['redirectMode'] && !$this->conf['redirectDisable'] && !$this->noRedirect && !$this->conf['showLogoutFormAfterLogin']) {
163 $redirectUrl = $this->processRedirect();
164 if (!empty($redirectUrl)) {
165 $this->redirectUrl = $this->conf['redirectFirstMethod'] ? array_shift($redirectUrl) : array_pop($redirectUrl);
166 } else {
167 $this->redirectUrl = '';
168 }
169 }
170 // What to display
171 $content = '';
172 if ($this->piVars['forgot'] && $this->conf['showForgotPasswordLink']) {
173 $content .= $this->showForgot();
174 } elseif ($this->piVars['forgothash']) {
175 $content .= $this->changePassword();
176 } else {
177 if ($this->userIsLoggedIn && !$this->logintype) {
178 $content .= $this->showLogout();
179 } else {
180 $content .= $this->showLogin();
181 }
182 }
183 // Process the redirect
184 if (($this->logintype === 'login' || $this->logintype === 'logout') && $this->redirectUrl && !$this->noRedirect) {
185 if (!$this->frontendController->fe_user->isCookieSet() && $this->userIsLoggedIn) {
186 $content .= $this->cObj->stdWrap($this->pi_getLL('cookie_warning', '', TRUE), $this->conf['cookieWarning_stdWrap.']);
187 } else {
188 // Add hook for extra processing before redirect
189 if (
190 isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect']) &&
191 is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'])
192 ) {
193 $_params = array(
194 'loginType' => $this->logintype,
195 'redirectUrl' => &$this->redirectUrl
196 );
197 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'] as $_funcRef) {
198 if ($_funcRef) {
199 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
200 }
201 }
202 }
203 \TYPO3\CMS\Core\Utility\HttpUtility::redirect($this->redirectUrl);
204 }
205 }
206 // Adds hook for processing of extra item markers / special
207 if (
208 isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'])
209 && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'])
210 ) {
211 $_params = array(
212 'content' => $content
213 );
214 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'] as $_funcRef) {
215 $content = GeneralUtility::callUserFunction($_funcRef, $_params, $this);
216 }
217 }
218 return $this->conf['wrapContentInBaseClass'] ? $this->pi_wrapInBaseClass($content) : $content;
219 }
220
221 /**
222 * Shows the forgot password form
223 *
224 * @return string Content
225 */
226 protected function showForgot() {
227 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_FORGOT###');
228 $subpartArray = ($linkpartArray = array());
229 $postData = GeneralUtility::_POST($this->prefixId);
230 if ($postData['forgot_email']) {
231 // Get hashes for compare
232 $postedHash = $postData['forgot_hash'];
233 $hashData = $this->frontendController->fe_user->getKey('ses', 'forgot_hash');
234 if ($postedHash === $hashData['forgot_hash']) {
235 $row = FALSE;
236 // Look for user record
237 $data = $this->databaseConnection->fullQuoteStr($this->piVars['forgot_email'], 'fe_users');
238 $res = $this->databaseConnection->exec_SELECTquery(
239 'uid, username, password, email',
240 'fe_users',
241 '(email=' . $data . ' OR username=' . $data . ') AND pid IN (' . $this->databaseConnection->cleanIntList($this->spid) . ') ' . $this->cObj->enableFields('fe_users')
242 );
243 if ($this->databaseConnection->sql_num_rows($res)) {
244 $row = $this->databaseConnection->sql_fetch_assoc($res);
245 }
246 $error = NULL;
247 if ($row) {
248 // Generate an email with the hashed link
249 $error = $this->generateAndSendHash($row);
250 } elseif ($this->conf['exposeNonexistentUserInForgotPasswordDialog']) {
251 $error = $this->pi_getLL('ll_forgot_reset_message_error');
252 }
253 // Generate message
254 if ($error) {
255 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($error, $this->conf['forgotErrorMessage_stdWrap.']);
256 } else {
257 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap(
258 $this->pi_getLL('ll_forgot_reset_message_emailSent', '', TRUE),
259 $this->conf['forgotResetMessageEmailSentMessage_stdWrap.']
260 );
261 }
262 $subpartArray['###FORGOT_FORM###'] = '';
263 } else {
264 // Wrong email
265 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
266 $markerArray['###BACKLINK_LOGIN###'] = '';
267 }
268 } else {
269 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
270 $markerArray['###BACKLINK_LOGIN###'] = '';
271 }
272 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink($this->pi_getLL('ll_forgot_header_backToLogin', '', TRUE), array());
273 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('forgot_header', $this->conf['forgotHeader_stdWrap.']);
274 $markerArray['###LEGEND###'] = $this->pi_getLL('legend', $this->pi_getLL('reset_password', '', TRUE), TRUE);
275 $markerArray['###ACTION_URI###'] = $this->getPageLink('', array($this->prefixId . '[forgot]' => 1), TRUE);
276 $markerArray['###EMAIL_LABEL###'] = $this->pi_getLL('your_email', '', TRUE);
277 $markerArray['###FORGOT_PASSWORD_ENTEREMAIL###'] = $this->pi_getLL('forgot_password_enterEmail', '', TRUE);
278 $markerArray['###FORGOT_EMAIL###'] = $this->prefixId . '[forgot_email]';
279 $markerArray['###SEND_PASSWORD###'] = $this->pi_getLL('reset_password', '', TRUE);
280 $markerArray['###DATA_LABEL###'] = $this->pi_getLL('ll_enter_your_data', '', TRUE);
281 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
282 // Generate hash
283 $hash = md5($this->generatePassword(3));
284 $markerArray['###FORGOTHASH###'] = $hash;
285 // Set hash in feuser session
286 $this->frontendController->fe_user->setKey('ses', 'forgot_hash', array('forgot_hash' => $hash));
287 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
288 }
289
290 /**
291 * This function checks the hash from link and checks the validity. If it's valid it shows the form for
292 * changing the password and process the change of password after submit, if not valid it returns the error message
293 *
294 * @return string The content.
295 */
296 protected function changePassword() {
297 $subpartArray = ($linkpartArray = array());
298 $done = FALSE;
299 $minLength = (int)$this->conf['newPasswordMinLength'] ?: 6;
300 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_CHANGEPASSWORD###');
301 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('change_password_header', $this->conf['changePasswordHeader_stdWrap.']);
302 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
303 'change_password_message',
304 $this->conf['changePasswordMessage_stdWrap.']
305 ), $minLength);
306
307 $markerArray['###BACKLINK_LOGIN###'] = '';
308 $uid = $this->piVars['user'];
309 $piHash = $this->piVars['forgothash'];
310 $hash = explode('|', $piHash);
311 if ((int)$uid === 0) {
312 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
313 'change_password_notvalid_message',
314 $this->conf['changePasswordNotValidMessage_stdWrap.']
315 );
316 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
317 } else {
318 $user = $this->pi_getRecord('fe_users', (int)$uid);
319 $userHash = $user['felogin_forgotHash'];
320 $compareHash = explode('|', $userHash);
321 if (!$compareHash || !$compareHash[1] || $compareHash[0] < time() || $hash[0] != $compareHash[0] || md5($hash[1]) != $compareHash[1]) {
322 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
323 'change_password_notvalid_message',
324 $this->conf['changePasswordNotValidMessage_stdWrap.']
325 );
326 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
327 } else {
328 // All is fine, continue with new password
329 $postData = GeneralUtility::_POST($this->prefixId);
330 if (isset($postData['changepasswordsubmit'])) {
331 if (strlen($postData['password1']) < $minLength) {
332 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
333 'change_password_tooshort_message',
334 $this->conf['changePasswordTooShortMessage_stdWrap.']),
335 $minLength
336 );
337 } elseif ($postData['password1'] != $postData['password2']) {
338 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
339 'change_password_notequal_message',
340 $this->conf['changePasswordNotEqualMessage_stdWrap.']),
341 $minLength
342 );
343 } else {
344 $newPass = $postData['password1'];
345 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
346 $_params = array(
347 'user' => $user,
348 'newPassword' => $newPass
349 );
350 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
351 if ($_funcRef) {
352 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
353 }
354 }
355 $newPass = $_params['newPassword'];
356 }
357 // Save new password and clear DB-hash
358 $res = $this->databaseConnection->exec_UPDATEquery(
359 'fe_users',
360 'uid=' . $user['uid'],
361 array('password' => $newPass, 'felogin_forgotHash' => '', 'tstamp' => $GLOBALS['EXEC_TIME'])
362 );
363 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
364 'change_password_done_message',
365 $this->conf['changePasswordDoneMessage_stdWrap.']
366 );
367 $done = TRUE;
368 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
369 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(
370 $this->pi_getLL('ll_forgot_header_backToLogin', '', TRUE),
371 array($this->prefixId . '[redirectReferrer]' => 'off')
372 );
373 }
374 }
375 if (!$done) {
376 // Change password form
377 $markerArray['###ACTION_URI###'] = $this->pi_getPageLink($this->frontendController->id, '', array(
378 $this->prefixId . '[user]' => $user['uid'],
379 $this->prefixId . '[forgothash]' => $piHash
380 ));
381 $markerArray['###LEGEND###'] = $this->pi_getLL('change_password', '', TRUE);
382 $markerArray['###NEWPASSWORD1_LABEL###'] = $this->pi_getLL('newpassword_label1', '', TRUE);
383 $markerArray['###NEWPASSWORD2_LABEL###'] = $this->pi_getLL('newpassword_label2', '', TRUE);
384 $markerArray['###NEWPASSWORD1###'] = $this->prefixId . '[password1]';
385 $markerArray['###NEWPASSWORD2###'] = $this->prefixId . '[password2]';
386 $markerArray['###STORAGE_PID###'] = $this->spid;
387 $markerArray['###SEND_PASSWORD###'] = $this->pi_getLL('change_password', '', TRUE);
388 $markerArray['###FORGOTHASH###'] = $piHash;
389 }
390 }
391 }
392 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
393 }
394
395 /**
396 * Generates a hashed link and send it with email
397 *
398 * @param array $user Contains user data
399 * @return string Empty string with success, error message with no success
400 */
401 protected function generateAndSendHash($user) {
402 $hours = (int)$this->conf['forgotLinkHashValidTime'] > 0 ? (int)$this->conf['forgotLinkHashValidTime'] : 24;
403 $validEnd = time() + 3600 * $hours;
404 $validEndString = date($this->conf['dateFormat'], $validEnd);
405 $hash = md5(GeneralUtility::generateRandomBytes(64));
406 $randHash = $validEnd . '|' . $hash;
407 $randHashDB = $validEnd . '|' . md5($hash);
408 // Write hash to DB
409 $res = $this->databaseConnection->exec_UPDATEquery('fe_users', 'uid=' . $user['uid'], array('felogin_forgotHash' => $randHashDB));
410 // Send hashlink to user
411 $this->conf['linkPrefix'] = -1;
412 $isAbsRelPrefix = !empty($this->frontendController->absRefPrefix);
413 $isBaseURL = !empty($this->frontendController->baseUrl);
414 $isFeloginBaseURL = !empty($this->conf['feloginBaseURL']);
415 $link = $this->pi_getPageLink($this->frontendController->id, '', array(
416 rawurlencode($this->prefixId . '[user]') => $user['uid'],
417 rawurlencode($this->prefixId . '[forgothash]') => $randHash
418 ));
419 // Prefix link if necessary
420 if ($isFeloginBaseURL) {
421 // First priority, use specific base URL
422 // "absRefPrefix" must be removed first, otherwise URL will be prepended twice
423 if (!empty($this->frontendController->absRefPrefix)) {
424 $link = substr($link, strlen($this->frontendController->absRefPrefix));
425 }
426 $link = $this->conf['feloginBaseURL'] . $link;
427 } elseif ($isAbsRelPrefix) {
428 // Second priority
429 // absRefPrefix must not necessarily contain a hostname and URL scheme, so add it if needed
430 $link = GeneralUtility::locationHeaderUrl($link);
431 } elseif ($isBaseURL) {
432 // Third priority
433 // Add the global base URL to the link
434 $link = $this->frontendController->baseUrlWrap($link);
435 } else {
436 // No prefix is set, return the error
437 return $this->pi_getLL('ll_change_password_nolinkprefix_message');
438 }
439 $msg = sprintf($this->pi_getLL('ll_forgot_validate_reset_password'), $user['username'], $link, $validEndString);
440 // Add hook for extra processing of mail message
441 if (
442 isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'])
443 && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'])
444 ) {
445 $params = array(
446 'message' => &$msg,
447 'user' => &$user
448 );
449 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'] as $reference) {
450 if ($reference) {
451 GeneralUtility::callUserFunction($reference, $params, $this);
452 }
453 }
454 }
455 if ($user['email']) {
456 $this->cObj->sendNotifyEmail($msg, $user['email'], '', $this->conf['email_from'], $this->conf['email_fromName'], $this->conf['replyTo']);
457 }
458
459 return '';
460 }
461
462 /**
463 * Shows logout form
464 *
465 * @return string The content.
466 */
467 protected function showLogout() {
468 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGOUT###');
469 $subpartArray = ($linkpartArray = array());
470 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('status_header', $this->conf['logoutHeader_stdWrap.']);
471 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('status_message', $this->conf['logoutMessage_stdWrap.']);
472 $this->cObj->stdWrap($this->flexFormValue('message', 's_status'), $this->conf['logoutMessage_stdWrap.']);
473 $markerArray['###LEGEND###'] = $this->pi_getLL('logout', '', TRUE);
474 $markerArray['###ACTION_URI###'] = $this->getPageLink('', array(), TRUE);
475 $markerArray['###LOGOUT_LABEL###'] = $this->pi_getLL('logout', '', TRUE);
476 $markerArray['###NAME###'] = htmlspecialchars($this->frontendController->fe_user->user['name']);
477 $markerArray['###STORAGE_PID###'] = $this->spid;
478 $markerArray['###USERNAME###'] = htmlspecialchars($this->frontendController->fe_user->user['username']);
479 $markerArray['###USERNAME_LABEL###'] = $this->pi_getLL('username', '', TRUE);
480 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
481 $markerArray['###PREFIXID###'] = $this->prefixId;
482 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
483 if ($this->redirectUrl) {
484 // Use redirectUrl for action tag because of possible access restricted pages
485 $markerArray['###ACTION_URI###'] = htmlspecialchars($this->redirectUrl);
486 $this->redirectUrl = '';
487 }
488 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
489 }
490
491 /**
492 * Shows login form
493 *
494 * @return string Content
495 */
496 protected function showLogin() {
497 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGIN###');
498 $subpartArray = ($linkpartArray = ($markerArray = array()));
499 $gpRedirectUrl = '';
500 $markerArray['###LEGEND###'] = $this->pi_getLL('oLabel_header_welcome', '', TRUE);
501 if ($this->logintype === 'login') {
502 if ($this->userIsLoggedIn) {
503 // login success
504 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('success_header', $this->conf['successHeader_stdWrap.']);
505 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('success_message', $this->conf['successMessage_stdWrap.']);
506 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
507 $subpartArray['###LOGIN_FORM###'] = '';
508 // Hook for general actions after after login has been confirmed (by Thomas Danzl <thomas@danzl.org>)
509 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed']) {
510 $_params = array();
511 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed'] as $_funcRef) {
512 if ($_funcRef) {
513 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
514 }
515 }
516 }
517 // show logout form directly
518 if ($this->conf['showLogoutFormAfterLogin']) {
519 $this->redirectUrl = '';
520 return $this->showLogout();
521 }
522 } else {
523 // Hook for general actions on login error
524 if (
525 isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'])
526 && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'])
527 ) {
528 $params = array();
529 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'] as $funcRef) {
530 if ($funcRef) {
531 GeneralUtility::callUserFunction($funcRef, $params, $this);
532 }
533 }
534 }
535 // login error
536 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('error_header', $this->conf['errorHeader_stdWrap.']);
537 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('error_message', $this->conf['errorMessage_stdWrap.']);
538 $gpRedirectUrl = GeneralUtility::_GP('redirect_url');
539 }
540 } else {
541 if ($this->logintype === 'logout') {
542 // login form after logout
543 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('logout_header', $this->conf['logoutHeader_stdWrap.']);
544 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('logout_message', $this->conf['logoutMessage_stdWrap.']);
545 } else {
546 // login form
547 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('welcome_header', $this->conf['welcomeHeader_stdWrap.']);
548 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('welcome_message', $this->conf['welcomeMessage_stdWrap.']);
549 }
550 }
551
552 // This hook allows to call User JS functions.
553 // The methods should also set the required JS functions to get included
554 $onSubmit = '';
555 $extraHidden = '';
556 $onSubmitAr = array();
557 $extraHiddenAr = array();
558 // Check for referer redirect method. if present, save referer in form field
559 if (GeneralUtility::inList($this->conf['redirectMode'], 'referer') || GeneralUtility::inList($this->conf['redirectMode'], 'refererDomains')) {
560 $referer = $this->referer ? $this->referer : GeneralUtility::getIndpEnv('HTTP_REFERER');
561 if ($referer) {
562 $extraHiddenAr[] = '<input type="hidden" name="referer" value="' . htmlspecialchars($referer) . '" />';
563 if ($this->piVars['redirectReferrer'] === 'off') {
564 $extraHiddenAr[] = '<input type="hidden" name="' . $this->prefixId . '[redirectReferrer]" value="off" />';
565 }
566 }
567 }
568 if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'])) {
569 $_params = array();
570 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] as $funcRef) {
571 list($onSub, $hid) = GeneralUtility::callUserFunction($funcRef, $_params, $this);
572 $onSubmitAr[] = $onSub;
573 $extraHiddenAr[] = $hid;
574 }
575 }
576 if (!empty($onSubmitAr)) {
577 $onSubmit = implode('; ', $onSubmitAr) . '; return true;';
578 }
579 if (!empty($extraHiddenAr)) {
580 $extraHidden = implode(LF, $extraHiddenAr);
581 }
582 if (!$gpRedirectUrl && $this->redirectUrl) {
583 $gpRedirectUrl = $this->redirectUrl;
584 }
585 // Login form
586 $markerArray['###ACTION_URI###'] = $this->getPageLink('', array(), TRUE);
587 // Used by kb_md5fepw extension...
588 $markerArray['###EXTRA_HIDDEN###'] = $extraHidden;
589 $markerArray['###LEGEND###'] = $this->pi_getLL('login', '', TRUE);
590 $markerArray['###LOGIN_LABEL###'] = $this->pi_getLL('login', '', TRUE);
591 // Used by kb_md5fepw extension...
592 $markerArray['###ON_SUBMIT###'] = $onSubmit;
593 $markerArray['###PASSWORD_LABEL###'] = $this->pi_getLL('password', '', TRUE);
594 $markerArray['###STORAGE_PID###'] = $this->spid;
595 $markerArray['###USERNAME_LABEL###'] = $this->pi_getLL('username', '', TRUE);
596 $markerArray['###REDIRECT_URL###'] = htmlspecialchars($gpRedirectUrl);
597 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
598 $markerArray['###PREFIXID###'] = $this->prefixId;
599 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
600 if ($this->conf['showForgotPasswordLink']) {
601 $linkpartArray['###FORGOT_PASSWORD_LINK###'] = explode('|', $this->getPageLink('|', array($this->prefixId . '[forgot]' => 1)));
602 $markerArray['###FORGOT_PASSWORD###'] = $this->pi_getLL('ll_forgot_header', '', TRUE);
603 } else {
604 $subpartArray['###FORGOTP_VALID###'] = '';
605 }
606 // The permanent login checkbox should only be shown if permalogin is not deactivated (-1),
607 // not forced to be always active (2) and lifetime is greater than 0
608 if (
609 $this->conf['showPermaLogin']
610 && GeneralUtility::inList('0,1', $GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'])
611 && $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'] > 0
612 ) {
613 $markerArray['###PERMALOGIN###'] = $this->pi_getLL('permalogin', '', TRUE);
614 if ($GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'] == 1) {
615 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = 'disabled="disabled"';
616 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = 'checked="checked"';
617 } else {
618 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = '';
619 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = '';
620 }
621 } else {
622 $subpartArray['###PERMALOGIN_VALID###'] = '';
623 }
624 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
625 }
626
627 /**
628 * Process redirect methods. The function searches for a redirect url using all configured methods.
629 *
630 * @return array Redirect URLs
631 */
632 protected function processRedirect() {
633 $redirect_url = array();
634 if ($this->conf['redirectMode']) {
635 $redirectMethods = GeneralUtility::trimExplode(',', $this->conf['redirectMode'], TRUE);
636 foreach ($redirectMethods as $redirMethod) {
637 if ($this->frontendController->loginUser && $this->logintype === 'login') {
638 // Logintype is needed because the login-page wouldn't be accessible anymore after a login (would always redirect)
639 switch ($redirMethod) {
640 case 'groupLogin':
641 // taken from dkd_redirect_at_login written by Ingmar Schlecht; database-field changed
642 $groupData = $this->frontendController->fe_user->groupData;
643 $res = $this->databaseConnection->exec_SELECTquery(
644 'felogin_redirectPid',
645 $this->frontendController->fe_user->usergroup_table,
646 'felogin_redirectPid<>\'\' AND uid IN (' . implode(',', $groupData['uid']) . ')'
647 );
648 if ($row = $this->databaseConnection->sql_fetch_row($res)) {
649 // take the first group with a redirect page
650 $redirect_url[] = $this->pi_getPageLink($row[0]);
651 }
652 break;
653 case 'userLogin':
654 $res = $this->databaseConnection->exec_SELECTquery(
655 'felogin_redirectPid',
656 $this->frontendController->fe_user->user_table,
657 $this->frontendController->fe_user->userid_column . '=' . $this->frontendController->fe_user->user['uid'] . ' AND felogin_redirectPid<>\'\''
658 );
659 if ($row = $this->databaseConnection->sql_fetch_row($res)) {
660 $redirect_url[] = $this->pi_getPageLink($row[0]);
661 }
662 break;
663 case 'login':
664 if ($this->conf['redirectPageLogin']) {
665 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogin']);
666 }
667 break;
668 case 'getpost':
669 $redirect_url[] = $this->redirectUrl;
670 break;
671 case 'referer':
672 // Avoid redirect when logging in after changing password
673 if ($this->piVars['redirectReferrer'] !== 'off') {
674 // Avoid forced logout, when trying to login immediately after a logout
675 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $this->referer);
676 }
677 break;
678 case 'refererDomains':
679 // Auto redirect.
680 // Feature to redirect to the page where the user came from (HTTP_REFERER).
681 // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
682 // Thanks to plan2.net / Martin Kutschker for implementing this feature.
683 // also avoid redirect when logging in after changing password
684 if ($this->conf['domains'] && $this->piVars['redirectReferrer'] !== 'off') {
685 $url = $this->referer;
686 // Is referring url allowed to redirect?
687 $match = array();
688 if (preg_match('#^http://([[:alnum:]._-]+)/#', $url, $match)) {
689 $redirect_domain = $match[1];
690 $found = FALSE;
691 foreach (GeneralUtility::trimExplode(',', $this->conf['domains'], TRUE) as $d) {
692 if (preg_match('/(?:^|\\.)' . $d . '$/', $redirect_domain)) {
693 $found = TRUE;
694 break;
695 }
696 }
697 if (!$found) {
698 $url = '';
699 }
700 }
701 // Avoid forced logout, when trying to login immediately after a logout
702 if ($url) {
703 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url);
704 }
705 }
706 break;
707 }
708 } elseif ($this->logintype === 'login') {
709 // after login-error
710 switch ($redirMethod) {
711 case 'loginError':
712 if ($this->conf['redirectPageLoginError']) {
713 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLoginError']);
714 }
715 break;
716 }
717 } elseif ($this->logintype == '' && $redirMethod == 'login' && $this->conf['redirectPageLogin']) {
718 // If login and page not accessible
719 $this->cObj->typolink('', array(
720 'parameter' => $this->conf['redirectPageLogin'],
721 'linkAccessRestrictedPages' => TRUE
722 ));
723 $redirect_url[] = $this->cObj->lastTypoLinkUrl;
724 } elseif ($this->logintype == '' && $redirMethod == 'logout' && $this->conf['redirectPageLogout'] && $this->frontendController->loginUser) {
725 // If logout and page not accessible
726 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
727 } elseif ($this->logintype === 'logout') {
728 // after logout
729 // Hook for general actions after after logout has been confirmed
730 if ($this->logintype === 'logout' && $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed']) {
731 $_params = array();
732 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed'] as $_funcRef) {
733 if ($_funcRef) {
734 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
735 }
736 }
737 }
738 switch ($redirMethod) {
739 case 'logout':
740 if ($this->conf['redirectPageLogout']) {
741 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
742 }
743 break;
744 }
745 } else {
746 // not logged in
747 // Placeholder for maybe future options
748 switch ($redirMethod) {
749 case 'getpost':
750 // Preserve the get/post value
751 $redirect_url[] = $this->redirectUrl;
752 break;
753 }
754 }
755 }
756 }
757 // Remove empty values
758 if (!empty($redirect_url)) {
759 return GeneralUtility::trimExplode(',', implode(',', $redirect_url), TRUE);
760 }
761 return array();
762 }
763
764 /**
765 * Reads flexform configuration and merge it with $this->conf
766 *
767 * @return void
768 */
769 protected function mergeflexFormValuesIntoConf() {
770 $flex = array();
771 if ($this->flexFormValue('showForgotPassword', 'sDEF')) {
772 $flex['showForgotPasswordLink'] = $this->flexFormValue('showForgotPassword', 'sDEF');
773 }
774 if ($this->flexFormValue('showPermaLogin', 'sDEF')) {
775 $flex['showPermaLogin'] = $this->flexFormValue('showPermaLogin', 'sDEF');
776 }
777 if ($this->flexFormValue('showLogoutFormAfterLogin', 'sDEF')) {
778 $flex['showLogoutFormAfterLogin'] = $this->flexFormValue('showLogoutFormAfterLogin', 'sDEF');
779 }
780 if ($this->flexFormValue('pages', 'sDEF')) {
781 $flex['pages'] = $this->flexFormValue('pages', 'sDEF');
782 }
783 if ($this->flexFormValue('recursive', 'sDEF')) {
784 $flex['recursive'] = $this->flexFormValue('recursive', 'sDEF');
785 }
786 if ($this->flexFormValue('templateFile', 'sDEF')) {
787 $flex['templateFile'] = $this->uploadDir . $this->flexFormValue('templateFile', 'sDEF');
788 }
789 if ($this->flexFormValue('redirectMode', 's_redirect')) {
790 $flex['redirectMode'] = $this->flexFormValue('redirectMode', 's_redirect');
791 }
792 if ($this->flexFormValue('redirectFirstMethod', 's_redirect')) {
793 $flex['redirectFirstMethod'] = $this->flexFormValue('redirectFirstMethod', 's_redirect');
794 }
795 if ($this->flexFormValue('redirectDisable', 's_redirect')) {
796 $flex['redirectDisable'] = $this->flexFormValue('redirectDisable', 's_redirect');
797 }
798 if ($this->flexFormValue('redirectPageLogin', 's_redirect')) {
799 $flex['redirectPageLogin'] = $this->flexFormValue('redirectPageLogin', 's_redirect');
800 }
801 if ($this->flexFormValue('redirectPageLoginError', 's_redirect')) {
802 $flex['redirectPageLoginError'] = $this->flexFormValue('redirectPageLoginError', 's_redirect');
803 }
804 if ($this->flexFormValue('redirectPageLogout', 's_redirect')) {
805 $flex['redirectPageLogout'] = $this->flexFormValue('redirectPageLogout', 's_redirect');
806 }
807 $pid = $flex['pages'] ? $this->pi_getPidList($flex['pages'], $flex['recursive']) : 0;
808 if ($pid > 0) {
809 $flex['storagePid'] = $pid;
810 }
811 $this->conf = array_merge($this->conf, $flex);
812 }
813
814 /**
815 * Loads a variable from the flexform
816 *
817 * @param string $var Name of variable
818 * @param string $sheet Name of sheet
819 * @return string Value of var
820 */
821 protected function flexFormValue($var, $sheet) {
822 return $this->pi_getFFvalue($this->cObj->data['pi_flexform'], $var, $sheet);
823 }
824
825 /**
826 * Generate link with typolink function
827 *
828 * @param string $label Linktext
829 * @param array $piVars Link vars
830 * @param bool $returnUrl TRUE: returns only url FALSE (default) returns the link)
831 * @return string Link or url
832 */
833 protected function getPageLink($label, $piVars, $returnUrl = FALSE) {
834 $additionalParams = '';
835 if (!empty($piVars)) {
836 foreach ($piVars as $key => $val) {
837 $additionalParams .= '&' . $key . '=' . $val;
838 }
839 }
840 // Should GETvars be preserved?
841 if ($this->conf['preserveGETvars']) {
842 $additionalParams .= $this->getPreserveGetVars();
843 }
844 $this->conf['linkConfig.']['parameter'] = $this->frontendController->id;
845 if ($additionalParams) {
846 $this->conf['linkConfig.']['additionalParams'] = $additionalParams;
847 }
848 if ($returnUrl) {
849 return htmlspecialchars($this->cObj->typolink_url($this->conf['linkConfig.']));
850 } else {
851 return $this->cObj->typolink($label, $this->conf['linkConfig.']);
852 }
853 }
854
855 /**
856 * Add additional parameters for links according to TS setting preserveGETvars.
857 * Possible values are "all" or a comma separated list of allowed GET-vars.
858 * Supports multi-dimensional GET-vars.
859 * Some hardcoded values are dropped.
860 *
861 * @return string additionalParams-string
862 */
863 protected function getPreserveGetVars() {
864 $getVars = GeneralUtility::_GET();
865 unset(
866 $getVars['id'],
867 $getVars['no_cache'],
868 $getVars['logintype'],
869 $getVars['redirect_url'],
870 $getVars['cHash'],
871 $getVars[$this->prefixId]
872 );
873 if ($this->conf['preserveGETvars'] === 'all') {
874 $preserveQueryParts = $getVars;
875 } else {
876 $preserveQueryParts = GeneralUtility::trimExplode(',', $this->conf['preserveGETvars']);
877 $preserveQueryParts = GeneralUtility::explodeUrl2Array(implode('=1&', $preserveQueryParts) . '=1', TRUE);
878 $preserveQueryParts = \TYPO3\CMS\Core\Utility\ArrayUtility::intersectRecursive($getVars, $preserveQueryParts);
879 }
880 $parameters = GeneralUtility::implodeArrayForUrl('', $preserveQueryParts);
881 return $parameters;
882 }
883
884 /**
885 * Is used by forgot password - function with md5 option.
886 *
887 * @author Bernhard Kraft
888 * @param int $len Length of new password
889 * @return string New password
890 */
891 protected function generatePassword($len) {
892 $pass = '';
893 while ($len--) {
894 $char = rand(0, 35);
895 if ($char < 10) {
896 $pass .= '' . $char;
897 } else {
898 $pass .= chr($char - 10 + 97);
899 }
900 }
901 return $pass;
902 }
903
904 /**
905 * Returns the header / message value from flexform if present, else from locallang.xlf
906 *
907 * @param string $label label name
908 * @param array $stdWrapArray TS stdWrap array
909 * @return string label text
910 */
911 protected function getDisplayText($label, $stdWrapArray = array()) {
912 $text = $this->flexFormValue($label, 's_messages') ? $this->cObj->stdWrap($this->flexFormValue($label, 's_messages'), $stdWrapArray) : $this->cObj->stdWrap($this->pi_getLL('ll_' . $label, '', TRUE), $stdWrapArray);
913 $replace = $this->getUserFieldMarkers();
914 return strtr($text, $replace);
915 }
916
917 /**
918 * Returns Array of markers filled with user fields
919 *
920 * @return array Marker array
921 */
922 protected function getUserFieldMarkers() {
923 $marker = array();
924 // replace markers with fe_user data
925 if ($this->frontendController->fe_user->user) {
926 // All fields of fe_user will be replaced, scheme is ###FEUSER_FIELDNAME###
927 foreach ($this->frontendController->fe_user->user as $field => $value) {
928 $marker['###FEUSER_' . GeneralUtility::strtoupper($field) . '###'] = $this->cObj->stdWrap($value, $this->conf['userfields.'][$field . '.']);
929 }
930 // Add ###USER### for compatibility
931 $marker['###USER###'] = $marker['###FEUSER_USERNAME###'];
932 }
933 return $marker;
934 }
935
936 /**
937 * Returns a valid and XSS cleaned url for redirect, checked against configuration "allowedRedirectHosts"
938 *
939 * @param string $url
940 * @return string cleaned referer or empty string if not valid
941 */
942 protected function validateRedirectUrl($url) {
943 $url = strval($url);
944 if ($url === '') {
945 return '';
946 }
947 $decodedUrl = rawurldecode($url);
948 $sanitizedUrl = GeneralUtility::removeXSS($decodedUrl);
949 if ($decodedUrl !== $sanitizedUrl || preg_match('#["<>\\\\]+#', $url)) {
950 GeneralUtility::sysLog(sprintf($this->pi_getLL('xssAttackDetected'), $url), 'felogin', GeneralUtility::SYSLOG_SEVERITY_WARNING);
951 return '';
952 }
953 // Validate the URL:
954 if ($this->isRelativeUrl($url) || $this->isInCurrentDomain($url) || $this->isInLocalDomain($url)) {
955 return $url;
956 }
957 // URL is not allowed
958 GeneralUtility::sysLog(sprintf($this->pi_getLL('noValidRedirectUrl'), $url), 'felogin', GeneralUtility::SYSLOG_SEVERITY_WARNING);
959 return '';
960 }
961
962 /**
963 * Determines whether the URL is on the current host and belongs to the
964 * current TYPO3 installation. The scheme part is ignored in the comparison.
965 *
966 * @param string $url URL to be checked
967 * @return bool Whether the URL belongs to the current TYPO3 installation
968 */
969 protected function isInCurrentDomain($url) {
970 $urlWithoutSchema = preg_replace('#^https?://#', '', $url);
971 $siteUrlWithoutSchema = preg_replace('#^https?://#', '', GeneralUtility::getIndpEnv('TYPO3_SITE_URL'));
972 return StringUtility::beginsWith($urlWithoutSchema . '/', GeneralUtility::getIndpEnv('HTTP_HOST') . '/')
973 && StringUtility::beginsWith($urlWithoutSchema, $siteUrlWithoutSchema);
974 }
975
976 /**
977 * Determines whether the URL matches a domain
978 * in the sys_domain database table.
979 *
980 * @param string $url Absolute URL which needs to be checked
981 * @return bool Whether the URL is considered to be local
982 */
983 protected function isInLocalDomain($url) {
984 $result = FALSE;
985 if (GeneralUtility::isValidUrl($url)) {
986 $parsedUrl = parse_url($url);
987 if ($parsedUrl['scheme'] === 'http' || $parsedUrl['scheme'] === 'https') {
988 $host = $parsedUrl['host'];
989 // Removes the last path segment and slash sequences like /// (if given):
990 $path = preg_replace('#/+[^/]*$#', '', $parsedUrl['path']);
991 $localDomains = $this->databaseConnection->exec_SELECTgetRows('domainName', 'sys_domain', '1=1' . $this->cObj->enableFields('sys_domain'));
992 if (is_array($localDomains)) {
993 foreach ($localDomains as $localDomain) {
994 // strip trailing slashes (if given)
995 $domainName = rtrim($localDomain['domainName'], '/');
996 if (GeneralUtility::isFirstPartOfStr($host . $path . '/', $domainName . '/')) {
997 $result = TRUE;
998 break;
999 }
1000 }
1001 }
1002 }
1003 }
1004 return $result;
1005 }
1006
1007 /**
1008 * Determines whether the URL is relative to the
1009 * current TYPO3 installation.
1010 *
1011 * @param string $url URL which needs to be checked
1012 * @return bool Whether the URL is considered to be relative
1013 */
1014 protected function isRelativeUrl($url) {
1015 $parsedUrl = @parse_url($url);
1016 if ($parsedUrl !== FALSE && !isset($parsedUrl['scheme']) && !isset($parsedUrl['host'])) {
1017 // If the relative URL starts with a slash, we need to check if it's within the current site path
1018 return $parsedUrl['path'][0] !== '/' || GeneralUtility::isFirstPartOfStr($parsedUrl['path'], GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'));
1019 }
1020 return FALSE;
1021 }
1022
1023 }