[TASK] Use strict comparison for strings
[Packages/TYPO3.CMS.git] / typo3 / sysext / felogin / Classes / Controller / FrontendLoginController.php
1 <?php
2 namespace TYPO3\CMS\Felogin\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Crypto\Random;
18 use TYPO3\CMS\Core\Database\Connection;
19 use TYPO3\CMS\Core\Database\ConnectionPool;
20 use TYPO3\CMS\Core\Database\Query\Restriction\FrontendRestrictionContainer;
21 use TYPO3\CMS\Core\Utility\GeneralUtility;
22 use TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;
23
24 /**
25 * Plugin 'Website User Login' for the 'felogin' extension.
26 */
27 class FrontendLoginController extends \TYPO3\CMS\Frontend\Plugin\AbstractPlugin
28 {
29 /**
30 * Same as class name
31 *
32 * @var string
33 */
34 public $prefixId = 'tx_felogin_pi1';
35
36 /**
37 * The extension key.
38 *
39 * @var string
40 */
41 public $extKey = 'felogin';
42
43 /**
44 * @var bool
45 */
46 public $pi_checkCHash = false;
47
48 /**
49 * @var bool
50 */
51 public $pi_USER_INT_obj = true;
52
53 /**
54 * Is user logged in?
55 *
56 * @var bool
57 */
58 protected $userIsLoggedIn;
59
60 /**
61 * Holds the template for FE rendering
62 *
63 * @var string
64 */
65 protected $template;
66
67 /**
68 * URL for the redirect
69 *
70 * @var string
71 */
72 protected $redirectUrl;
73
74 /**
75 * Flag for disable the redirect
76 *
77 * @var bool
78 */
79 protected $noRedirect = false;
80
81 /**
82 * Logintype (given as GPvar), possible: login, logout
83 *
84 * @var string
85 */
86 protected $logintype;
87
88 /**
89 * A list of page UIDs, either an integer or a comma-separated list of integers
90 *
91 * @var string
92 */
93 public $spid;
94
95 /**
96 * Referrer
97 *
98 * @var string
99 */
100 public $referer;
101
102 /**
103 * The main method of the plugin
104 *
105 * @param string $content The PlugIn content
106 * @param array $conf The PlugIn configuration
107 * @return string The content that is displayed on the website
108 * @throws \RuntimeException when no storage PID was configured.
109 */
110 public function main($content, $conf)
111 {
112 // Loading TypoScript array into object variable:
113 $this->conf = $conf;
114 // Loading default pivars
115 $this->pi_setPiVarDefaults();
116 // Loading language-labels
117 $this->pi_loadLL('EXT:felogin/Resources/Private/Language/locallang.xlf');
118 // Init FlexForm configuration for plugin:
119 $this->pi_initPIflexForm();
120 $this->mergeflexFormValuesIntoConf();
121 // Get storage PIDs:
122 if ($this->conf['storagePid']) {
123 if ((int)$this->conf['recursive']) {
124 $this->spid = $this->pi_getPidList($this->conf['storagePid'], (int)$this->conf['recursive']);
125 } else {
126 $this->spid = $this->conf['storagePid'];
127 }
128 } else {
129 throw new \RuntimeException('No storage folder (option storagePid) for frontend users given.', 1450904202);
130 }
131 // GPvars:
132 $this->logintype = GeneralUtility::_GP('logintype');
133 $this->referer = $this->validateRedirectUrl(GeneralUtility::_GP('referer'));
134 $this->noRedirect = $this->piVars['noredirect'] || $this->conf['redirectDisable'];
135 // If config.typolinkLinkAccessRestrictedPages is set, the var is return_url
136 $returnUrl = GeneralUtility::_GP('return_url');
137 if ($returnUrl) {
138 $this->redirectUrl = $returnUrl;
139 } else {
140 $this->redirectUrl = GeneralUtility::_GP('redirect_url');
141 }
142 $this->redirectUrl = $this->validateRedirectUrl($this->redirectUrl);
143 // Get Template
144 $templateFile = $this->conf['templateFile'] ?: 'EXT:felogin/Resources/Private/Templates/FrontendLogin.html';
145 $template = $this->getTypoScriptFrontendController()->tmpl->getFileName($templateFile);
146 if ($template !== null && file_exists($template)) {
147 $this->template = file_get_contents($template);
148 }
149 // Is user logged in?
150 $this->userIsLoggedIn = $this->frontendController->loginUser;
151 // Redirect
152 if ($this->conf['redirectMode'] && !$this->conf['redirectDisable'] && !$this->noRedirect) {
153 $redirectUrl = $this->processRedirect();
154 if (!empty($redirectUrl)) {
155 $this->redirectUrl = $this->conf['redirectFirstMethod'] ? array_shift($redirectUrl) : array_pop($redirectUrl);
156 } else {
157 $this->redirectUrl = '';
158 }
159 }
160 // What to display
161 $content = '';
162 if ($this->piVars['forgot'] && $this->conf['showForgotPasswordLink']) {
163 $content .= $this->showForgot();
164 } elseif ($this->piVars['forgothash']) {
165 $content .= $this->changePassword();
166 } else {
167 if ($this->userIsLoggedIn && !$this->logintype) {
168 $content .= $this->showLogout();
169 } else {
170 $content .= $this->showLogin();
171 }
172 }
173 // Process the redirect
174 if (($this->logintype === 'login' || $this->logintype === 'logout') && $this->redirectUrl && !$this->noRedirect) {
175 if (!$this->frontendController->fe_user->isCookieSet() && $this->userIsLoggedIn) {
176 $content .= $this->cObj->stdWrap($this->pi_getLL('cookie_warning'), $this->conf['cookieWarning_stdWrap.']);
177 } else {
178 // Add hook for extra processing before redirect
179 if (
180 isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect']) &&
181 is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'])
182 ) {
183 $_params = [
184 'loginType' => $this->logintype,
185 'redirectUrl' => &$this->redirectUrl
186 ];
187 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'] as $_funcRef) {
188 if ($_funcRef) {
189 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
190 }
191 }
192 }
193 \TYPO3\CMS\Core\Utility\HttpUtility::redirect($this->redirectUrl);
194 }
195 }
196 // Adds hook for processing of extra item markers / special
197 if (
198 isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'])
199 && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'])
200 ) {
201 $_params = [
202 'content' => $content
203 ];
204 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'] as $_funcRef) {
205 $content = GeneralUtility::callUserFunction($_funcRef, $_params, $this);
206 }
207 }
208 return $this->conf['wrapContentInBaseClass'] ? $this->pi_wrapInBaseClass($content) : $content;
209 }
210
211 /**
212 * Shows the forgot password form
213 *
214 * @return string Content
215 */
216 protected function showForgot()
217 {
218 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_FORGOT###');
219 $subpartArray = ($linkpartArray = []);
220 $postData = GeneralUtility::_POST($this->prefixId);
221 if ($postData['forgot_email']) {
222 // Get hashes for compare
223 $postedHash = $postData['forgot_hash'];
224 $hashData = $this->frontendController->fe_user->getKey('ses', 'forgot_hash');
225 if ($postedHash === $hashData['forgot_hash']) {
226 $userTable = $this->frontendController->fe_user->user_table;
227 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
228 $queryBuilder->setRestrictions(GeneralUtility::makeInstance(FrontendRestrictionContainer::class));
229 $row = $queryBuilder
230 ->select('uid', 'username', 'password', 'email')
231 ->from($userTable)
232 ->where(
233 $queryBuilder->expr()->orX(
234 $queryBuilder->expr()->eq(
235 'email',
236 $queryBuilder->createNamedParameter($this->piVars['forgot_email'], \PDO::PARAM_STR)
237 ),
238 $queryBuilder->expr()->eq(
239 'username',
240 $queryBuilder->createNamedParameter($this->piVars['forgot_email'], \PDO::PARAM_STR)
241 )
242 ),
243 $queryBuilder->expr()->in(
244 'pid',
245 $queryBuilder->createNamedParameter(
246 GeneralUtility::intExplode(',', $this->spid),
247 Connection::PARAM_INT_ARRAY
248 )
249 )
250 )
251 ->execute()
252 ->fetch();
253
254 $error = null;
255 if ($row) {
256 // Generate an email with the hashed link
257 $error = $this->generateAndSendHash($row);
258 } elseif ($this->conf['exposeNonexistentUserInForgotPasswordDialog']) {
259 $error = $this->pi_getLL('ll_forgot_reset_message_error');
260 }
261 // Generate message
262 if ($error) {
263 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($error, $this->conf['forgotErrorMessage_stdWrap.']);
264 } else {
265 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap(
266 $this->pi_getLL('ll_forgot_reset_message_emailSent'),
267 $this->conf['forgotResetMessageEmailSentMessage_stdWrap.']
268 );
269 }
270 $subpartArray['###FORGOT_FORM###'] = '';
271 } else {
272 // Wrong email
273 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
274 $markerArray['###BACKLINK_LOGIN###'] = '';
275 }
276 } else {
277 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
278 $markerArray['###BACKLINK_LOGIN###'] = '';
279 }
280 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(htmlspecialchars($this->pi_getLL('ll_forgot_header_backToLogin')), []);
281 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('forgot_header', $this->conf['forgotHeader_stdWrap.']);
282 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('legend', $this->pi_getLL('reset_password')));
283 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [$this->prefixId . '[forgot]' => 1], true);
284 $markerArray['###EMAIL_LABEL###'] = htmlspecialchars($this->pi_getLL('your_email'));
285 $markerArray['###FORGOT_PASSWORD_ENTEREMAIL###'] = htmlspecialchars($this->pi_getLL('forgot_password_enterEmail'));
286 $markerArray['###FORGOT_EMAIL###'] = $this->prefixId . '[forgot_email]';
287 $markerArray['###SEND_PASSWORD###'] = htmlspecialchars($this->pi_getLL('reset_password'));
288 $markerArray['###DATA_LABEL###'] = htmlspecialchars($this->pi_getLL('ll_enter_your_data'));
289 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
290 // Generate hash
291 $hash = md5($this->generatePassword(3));
292 $markerArray['###FORGOTHASH###'] = $hash;
293 // Set hash in feuser session
294 $this->frontendController->fe_user->setKey('ses', 'forgot_hash', ['forgot_hash' => $hash]);
295 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
296 }
297
298 /**
299 * This function checks the hash from link and checks the validity. If it's valid it shows the form for
300 * changing the password and process the change of password after submit, if not valid it returns the error message
301 *
302 * @return string The content.
303 */
304 protected function changePassword()
305 {
306 $subpartArray = ($linkpartArray = []);
307 $done = false;
308 $minLength = (int)$this->conf['newPasswordMinLength'] ?: 6;
309 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_CHANGEPASSWORD###');
310 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('change_password_header', $this->conf['changePasswordHeader_stdWrap.']);
311 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
312 'change_password_message',
313 $this->conf['changePasswordMessage_stdWrap.']
314 ), $minLength);
315
316 $markerArray['###BACKLINK_LOGIN###'] = '';
317 $uid = $this->piVars['user'];
318 $piHash = $this->piVars['forgothash'];
319 $hash = explode('|', rawurldecode($piHash));
320 if ((int)$uid === 0) {
321 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
322 'change_password_notvalid_message',
323 $this->conf['changePasswordNotValidMessage_stdWrap.']
324 );
325 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
326 } else {
327 $user = $this->pi_getRecord('fe_users', (int)$uid);
328 $userHash = $user['felogin_forgotHash'];
329 $compareHash = explode('|', $userHash);
330 if (!$compareHash || !$compareHash[1] || $compareHash[0] < time() || $hash[0] != $compareHash[0] || md5($hash[1]) != $compareHash[1]) {
331 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
332 'change_password_notvalid_message',
333 $this->conf['changePasswordNotValidMessage_stdWrap.']
334 );
335 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
336 } else {
337 // All is fine, continue with new password
338 $postData = GeneralUtility::_POST($this->prefixId);
339 if (isset($postData['changepasswordsubmit'])) {
340 if (strlen($postData['password1']) < $minLength) {
341 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
342 'change_password_tooshort_message',
343 $this->conf['changePasswordTooShortMessage_stdWrap.']),
344 $minLength
345 );
346 } elseif ($postData['password1'] != $postData['password2']) {
347 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
348 'change_password_notequal_message',
349 $this->conf['changePasswordNotEqualMessage_stdWrap.']),
350 $minLength
351 );
352 } else {
353 $newPass = $postData['password1'];
354 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
355 $_params = [
356 'user' => $user,
357 'newPassword' => $newPass,
358 'newPasswordUnencrypted' => $newPass
359 ];
360 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
361 if ($_funcRef) {
362 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
363 }
364 }
365 $newPass = $_params['newPassword'];
366 }
367
368 // Save new password and clear DB-hash
369 $userTable = $this->frontendController->fe_user->user_table;
370 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
371 $queryBuilder->getRestrictions()->removeAll();
372 $queryBuilder->update($userTable)
373 ->set('password', $newPass)
374 ->set('felogin_forgotHash', '')
375 ->set('tstamp', (int)$GLOBALS['EXEC_TIME'])
376 ->where(
377 $queryBuilder->expr()->eq(
378 'uid',
379 $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT)
380 )
381 )
382 ->execute();
383
384 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
385 'change_password_done_message',
386 $this->conf['changePasswordDoneMessage_stdWrap.']
387 );
388 $done = true;
389 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
390 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(
391 htmlspecialchars($this->pi_getLL('ll_forgot_header_backToLogin')),
392 [$this->prefixId . '[redirectReferrer]' => 'off']
393 );
394 }
395 }
396 if (!$done) {
397 // Change password form
398 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [
399 $this->prefixId . '[user]' => $user['uid'],
400 $this->prefixId . '[forgothash]' => $piHash
401 ], true);
402 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('change_password'));
403 $markerArray['###NEWPASSWORD1_LABEL###'] = htmlspecialchars($this->pi_getLL('newpassword_label1'));
404 $markerArray['###NEWPASSWORD2_LABEL###'] = htmlspecialchars($this->pi_getLL('newpassword_label2'));
405 $markerArray['###NEWPASSWORD1###'] = $this->prefixId . '[password1]';
406 $markerArray['###NEWPASSWORD2###'] = $this->prefixId . '[password2]';
407 $markerArray['###STORAGE_PID###'] = $this->spid;
408 $markerArray['###SEND_PASSWORD###'] = htmlspecialchars($this->pi_getLL('change_password'));
409 $markerArray['###FORGOTHASH###'] = $piHash;
410 }
411 }
412 }
413 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
414 }
415
416 /**
417 * Generates a hashed link and send it with email
418 *
419 * @param array $user Contains user data
420 * @return string Empty string with success, error message with no success
421 */
422 protected function generateAndSendHash($user)
423 {
424 $hours = (int)$this->conf['forgotLinkHashValidTime'] > 0 ? (int)$this->conf['forgotLinkHashValidTime'] : 24;
425 $validEnd = time() + 3600 * $hours;
426 $validEndString = date($this->conf['dateFormat'], $validEnd);
427 $hash = md5(GeneralUtility::makeInstance(Random::class)->generateRandomBytes(64));
428 $randHash = $validEnd . '|' . $hash;
429 $randHashDB = $validEnd . '|' . md5($hash);
430
431 // Write hash to DB
432 $userTable = $this->frontendController->fe_user->user_table;
433 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
434 $queryBuilder->getRestrictions()->removeAll();
435 $queryBuilder->update($userTable)
436 ->set('felogin_forgotHash', $randHashDB)
437 ->where(
438 $queryBuilder->expr()->eq(
439 'uid',
440 $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT)
441 )
442 )
443 ->execute();
444
445 // Send hashlink to user
446 $this->conf['linkPrefix'] = -1;
447 $isAbsRefPrefix = !empty($this->frontendController->absRefPrefix);
448 $isBaseURL = !empty($this->frontendController->baseUrl);
449 $isFeloginBaseURL = !empty($this->conf['feloginBaseURL']);
450 $link = $this->pi_getPageLink($this->frontendController->id, '', [
451 rawurlencode($this->prefixId . '[user]') => $user['uid'],
452 rawurlencode($this->prefixId . '[forgothash]') => $randHash
453 ]);
454 // Prefix link if necessary
455 if ($isFeloginBaseURL) {
456 // First priority, use specific base URL
457 // "absRefPrefix" must be removed first, otherwise URL will be prepended twice
458 if ($isAbsRefPrefix) {
459 $link = substr($link, strlen($this->frontendController->absRefPrefix));
460 }
461 $link = $this->conf['feloginBaseURL'] . $link;
462 } elseif ($isAbsRefPrefix) {
463 // Second priority
464 // absRefPrefix must not necessarily contain a hostname and URL scheme, so add it if needed
465 $link = GeneralUtility::locationHeaderUrl($link);
466 } elseif ($isBaseURL) {
467 // Third priority
468 // Add the global base URL to the link
469 $link = $this->frontendController->baseUrlWrap($link);
470 } else {
471 // No prefix is set, return the error
472 return $this->pi_getLL('ll_change_password_nolinkprefix_message');
473 }
474 $msg = sprintf($this->pi_getLL('ll_forgot_validate_reset_password'), $user['username'], $link, $validEndString);
475 // Add hook for extra processing of mail message
476 if (
477 isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'])
478 && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'])
479 ) {
480 $params = [
481 'message' => &$msg,
482 'user' => &$user
483 ];
484 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'] as $reference) {
485 if ($reference) {
486 GeneralUtility::callUserFunction($reference, $params, $this);
487 }
488 }
489 }
490 if ($user['email']) {
491 $this->cObj->sendNotifyEmail($msg, $user['email'], '', $this->conf['email_from'], $this->conf['email_fromName'], $this->conf['replyTo']);
492 }
493
494 return '';
495 }
496
497 /**
498 * Shows logout form
499 *
500 * @return string The content.
501 */
502 protected function showLogout()
503 {
504 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGOUT###');
505 $subpartArray = ($linkpartArray = []);
506 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('status_header', $this->conf['logoutHeader_stdWrap.']);
507 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('status_message', $this->conf['logoutMessage_stdWrap.']);
508 $this->cObj->stdWrap($this->flexFormValue('message', 's_status'), $this->conf['logoutMessage_stdWrap.']);
509 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('logout'));
510 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [], true);
511 $markerArray['###LOGOUT_LABEL###'] = htmlspecialchars($this->pi_getLL('logout'));
512 $markerArray['###NAME###'] = htmlspecialchars($this->frontendController->fe_user->user['name']);
513 $markerArray['###STORAGE_PID###'] = $this->spid;
514 $markerArray['###USERNAME###'] = htmlspecialchars($this->frontendController->fe_user->user['username']);
515 $markerArray['###USERNAME_LABEL###'] = htmlspecialchars($this->pi_getLL('username'));
516 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
517 $markerArray['###PREFIXID###'] = $this->prefixId;
518 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
519 if ($this->redirectUrl) {
520 // Use redirectUrl for action tag because of possible access restricted pages
521 $markerArray['###ACTION_URI###'] = htmlspecialchars($this->redirectUrl);
522 $this->redirectUrl = '';
523 }
524 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
525 }
526
527 /**
528 * Shows login form
529 *
530 * @return string Content
531 */
532 protected function showLogin()
533 {
534 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGIN###');
535 $subpartArray = ($linkpartArray = ($markerArray = []));
536 $gpRedirectUrl = '';
537 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('oLabel_header_welcome'));
538 if ($this->logintype === 'login') {
539 if ($this->userIsLoggedIn) {
540 // login success
541 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('success_header', $this->conf['successHeader_stdWrap.']);
542 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('success_message', $this->conf['successMessage_stdWrap.']);
543 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
544 $subpartArray['###LOGIN_FORM###'] = '';
545 // Hook for general actions after after login has been confirmed (by Thomas Danzl <thomas@danzl.org>)
546 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed']) {
547 $_params = [];
548 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed'] as $_funcRef) {
549 if ($_funcRef) {
550 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
551 }
552 }
553 }
554 // show logout form directly
555 if ($this->conf['showLogoutFormAfterLogin']) {
556 $this->redirectUrl = '';
557 return $this->showLogout();
558 }
559 } else {
560 // Hook for general actions on login error
561 if (
562 isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'])
563 && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'])
564 ) {
565 $params = [];
566 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'] as $funcRef) {
567 if ($funcRef) {
568 GeneralUtility::callUserFunction($funcRef, $params, $this);
569 }
570 }
571 }
572 // login error
573 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('error_header', $this->conf['errorHeader_stdWrap.']);
574 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('error_message', $this->conf['errorMessage_stdWrap.']);
575 $gpRedirectUrl = GeneralUtility::_GP('redirect_url');
576 }
577 } else {
578 if ($this->logintype === 'logout') {
579 // login form after logout
580 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('logout_header', $this->conf['logoutHeader_stdWrap.']);
581 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('logout_message', $this->conf['logoutMessage_stdWrap.']);
582 } else {
583 // login form
584 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('welcome_header', $this->conf['welcomeHeader_stdWrap.']);
585 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('welcome_message', $this->conf['welcomeMessage_stdWrap.']);
586 }
587 }
588
589 // This hook allows to call User JS functions.
590 // The methods should also set the required JS functions to get included
591 $onSubmit = '';
592 $extraHidden = '';
593 $onSubmitAr = [];
594 $extraHiddenAr = [];
595 // Check for referer redirect method. if present, save referer in form field
596 if (GeneralUtility::inList($this->conf['redirectMode'], 'referer') || GeneralUtility::inList($this->conf['redirectMode'], 'refererDomains')) {
597 $referer = $this->referer ? $this->referer : GeneralUtility::getIndpEnv('HTTP_REFERER');
598 if ($referer) {
599 $extraHiddenAr[] = '<input type="hidden" name="referer" value="' . htmlspecialchars($referer) . '" />';
600 if ($this->piVars['redirectReferrer'] === 'off') {
601 $extraHiddenAr[] = '<input type="hidden" name="' . $this->prefixId . '[redirectReferrer]" value="off" />';
602 }
603 }
604 }
605 if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'])) {
606 $_params = [];
607 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] as $funcRef) {
608 list($onSub, $hid) = GeneralUtility::callUserFunction($funcRef, $_params, $this);
609 $onSubmitAr[] = $onSub;
610 $extraHiddenAr[] = $hid;
611 }
612 }
613 if (!empty($onSubmitAr)) {
614 $onSubmit = implode('; ', $onSubmitAr) . '; return true;';
615 }
616 if (!empty($extraHiddenAr)) {
617 $extraHidden = implode(LF, $extraHiddenAr);
618 }
619 if (!$gpRedirectUrl && $this->redirectUrl) {
620 $gpRedirectUrl = $this->redirectUrl;
621 }
622 // Login form
623 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [], true);
624 // Used by kb_md5fepw extension...
625 $markerArray['###EXTRA_HIDDEN###'] = $extraHidden;
626 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('login'));
627 $markerArray['###LOGIN_LABEL###'] = htmlspecialchars($this->pi_getLL('login'));
628 // Used by kb_md5fepw extension...
629 $markerArray['###ON_SUBMIT###'] = $onSubmit;
630 $markerArray['###PASSWORD_LABEL###'] = htmlspecialchars($this->pi_getLL('password'));
631 $markerArray['###STORAGE_PID###'] = $this->spid;
632 $markerArray['###USERNAME_LABEL###'] = htmlspecialchars($this->pi_getLL('username'));
633 $markerArray['###REDIRECT_URL###'] = htmlspecialchars($gpRedirectUrl);
634 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
635 $markerArray['###PREFIXID###'] = $this->prefixId;
636 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
637 if ($this->conf['showForgotPasswordLink']) {
638 $linkpartArray['###FORGOT_PASSWORD_LINK###'] = explode('|', $this->getPageLink('|', [$this->prefixId . '[forgot]' => 1]));
639 $markerArray['###FORGOT_PASSWORD###'] = htmlspecialchars($this->pi_getLL('ll_forgot_header'));
640 } else {
641 $subpartArray['###FORGOTP_VALID###'] = '';
642 }
643 // The permanent login checkbox should only be shown if permalogin is not deactivated (-1),
644 // not forced to be always active (2) and lifetime is greater than 0
645 $permalogin = (int)$GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'];
646 if (
647 $this->conf['showPermaLogin']
648 && ($permalogin === 0 || $permalogin === 1)
649 && $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'] > 0
650 ) {
651 $markerArray['###PERMALOGIN###'] = htmlspecialchars($this->pi_getLL('permalogin'));
652 if ($permalogin === 1) {
653 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = 'disabled="disabled"';
654 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = 'checked="checked"';
655 } else {
656 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = '';
657 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = '';
658 }
659 } else {
660 $subpartArray['###PERMALOGIN_VALID###'] = '';
661 }
662 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
663 }
664
665 /**
666 * Process redirect methods. The function searches for a redirect url using all configured methods.
667 *
668 * @return array Redirect URLs
669 */
670 protected function processRedirect()
671 {
672 $redirect_url = [];
673 if ($this->conf['redirectMode']) {
674 $redirectMethods = GeneralUtility::trimExplode(',', $this->conf['redirectMode'], true);
675 foreach ($redirectMethods as $redirMethod) {
676 if ($this->frontendController->loginUser && $this->logintype === 'login') {
677 // Logintype is needed because the login-page wouldn't be accessible anymore after a login (would always redirect)
678 switch ($redirMethod) {
679 case 'groupLogin':
680 // taken from dkd_redirect_at_login written by Ingmar Schlecht; database-field changed
681 $groupData = $this->frontendController->fe_user->groupData;
682 if (!empty($groupData['uid'])) {
683
684 // take the first group with a redirect page
685 $userGroupTable = $this->frontendController->fe_user->usergroup_table;
686 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userGroupTable);
687 $queryBuilder->getRestrictions()->removeAll();
688 $row = $queryBuilder
689 ->select('felogin_redirectPid')
690 ->from($userGroupTable)
691 ->where(
692 $queryBuilder->expr()->neq(
693 'felogin_redirectPid',
694 $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)
695 ),
696 $queryBuilder->expr()->in(
697 'uid',
698 $queryBuilder->createNamedParameter(
699 $groupData['uid'],
700 Connection::PARAM_INT_ARRAY
701 )
702 )
703 )
704 ->execute()
705 ->fetch();
706
707 if ($row) {
708 $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
709 }
710 }
711 break;
712 case 'userLogin':
713
714 $userTable = $this->frontendController->fe_user->user_table;
715 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
716 $queryBuilder->getRestrictions()->removeAll();
717 $row = $queryBuilder
718 ->select('felogin_redirectPid')
719 ->from($userTable)
720 ->where(
721 $queryBuilder->expr()->neq(
722 'felogin_redirectPid',
723 $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)
724 ),
725 $queryBuilder->expr()->eq(
726 $this->frontendController->fe_user->userid_column,
727 $queryBuilder->createNamedParameter(
728 $this->frontendController->fe_user->user['uid'],
729 \PDO::PARAM_INT
730 )
731 )
732 )
733 ->execute()
734 ->fetch();
735
736 if ($row) {
737 $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
738 }
739
740 break;
741 case 'login':
742 if ($this->conf['redirectPageLogin']) {
743 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogin']);
744 }
745 break;
746 case 'getpost':
747 $redirect_url[] = $this->redirectUrl;
748 break;
749 case 'referer':
750 // Avoid redirect when logging in after changing password
751 if ($this->piVars['redirectReferrer'] !== 'off') {
752 // Avoid forced logout, when trying to login immediately after a logout
753 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $this->referer);
754 }
755 break;
756 case 'refererDomains':
757 // Auto redirect.
758 // Feature to redirect to the page where the user came from (HTTP_REFERER).
759 // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
760 // Thanks to plan2.net / Martin Kutschker for implementing this feature.
761 // also avoid redirect when logging in after changing password
762 if ($this->conf['domains'] && $this->piVars['redirectReferrer'] !== 'off') {
763 $url = $this->referer;
764 // Is referring url allowed to redirect?
765 $match = [];
766 if (preg_match('#^http://([[:alnum:]._-]+)/#', $url, $match)) {
767 $redirect_domain = $match[1];
768 $found = false;
769 foreach (GeneralUtility::trimExplode(',', $this->conf['domains'], true) as $d) {
770 if (preg_match('/(?:^|\\.)' . $d . '$/', $redirect_domain)) {
771 $found = true;
772 break;
773 }
774 }
775 if (!$found) {
776 $url = '';
777 }
778 }
779 // Avoid forced logout, when trying to login immediately after a logout
780 if ($url) {
781 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url);
782 }
783 }
784 break;
785 }
786 } elseif ($this->logintype === 'login') {
787 // after login-error
788 switch ($redirMethod) {
789 case 'loginError':
790 if ($this->conf['redirectPageLoginError']) {
791 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLoginError']);
792 }
793 break;
794 }
795 } elseif ($this->logintype == '' && $redirMethod === 'login' && $this->conf['redirectPageLogin']) {
796 // If login and page not accessible
797 $this->cObj->typoLink('', [
798 'parameter' => $this->conf['redirectPageLogin'],
799 'linkAccessRestrictedPages' => true
800 ]);
801 $redirect_url[] = $this->cObj->lastTypoLinkUrl;
802 } elseif ($this->logintype == '' && $redirMethod === 'logout' && $this->conf['redirectPageLogout'] && $this->frontendController->loginUser) {
803 // If logout and page not accessible
804 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
805 } elseif ($this->logintype === 'logout') {
806 // after logout
807 // Hook for general actions after after logout has been confirmed
808 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed']) {
809 $_params = [];
810 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed'] as $_funcRef) {
811 if ($_funcRef) {
812 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
813 }
814 }
815 }
816 switch ($redirMethod) {
817 case 'logout':
818 if ($this->conf['redirectPageLogout']) {
819 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
820 }
821 break;
822 }
823 } else {
824 // not logged in
825 // Placeholder for maybe future options
826 switch ($redirMethod) {
827 case 'getpost':
828 // Preserve the get/post value
829 $redirect_url[] = $this->redirectUrl;
830 break;
831 }
832 }
833 }
834 }
835 // Remove empty values, but keep "0" as value (that's why "strlen" is used as second parameter)
836 if (!empty($redirect_url)) {
837 return array_filter($redirect_url, 'strlen');
838 }
839 return [];
840 }
841
842 /**
843 * Reads flexform configuration and merge it with $this->conf
844 *
845 * @return void
846 */
847 protected function mergeflexFormValuesIntoConf()
848 {
849 $flex = [];
850 if ($this->flexFormValue('showForgotPassword', 'sDEF')) {
851 $flex['showForgotPasswordLink'] = $this->flexFormValue('showForgotPassword', 'sDEF');
852 }
853 if ($this->flexFormValue('showPermaLogin', 'sDEF')) {
854 $flex['showPermaLogin'] = $this->flexFormValue('showPermaLogin', 'sDEF');
855 }
856 if ($this->flexFormValue('showLogoutFormAfterLogin', 'sDEF')) {
857 $flex['showLogoutFormAfterLogin'] = $this->flexFormValue('showLogoutFormAfterLogin', 'sDEF');
858 }
859 if ($this->flexFormValue('pages', 'sDEF')) {
860 $flex['pages'] = $this->flexFormValue('pages', 'sDEF');
861 }
862 if ($this->flexFormValue('recursive', 'sDEF')) {
863 $flex['recursive'] = $this->flexFormValue('recursive', 'sDEF');
864 }
865 if ($this->flexFormValue('redirectMode', 's_redirect')) {
866 $flex['redirectMode'] = $this->flexFormValue('redirectMode', 's_redirect');
867 }
868 if ($this->flexFormValue('redirectFirstMethod', 's_redirect')) {
869 $flex['redirectFirstMethod'] = $this->flexFormValue('redirectFirstMethod', 's_redirect');
870 }
871 if ($this->flexFormValue('redirectDisable', 's_redirect')) {
872 $flex['redirectDisable'] = $this->flexFormValue('redirectDisable', 's_redirect');
873 }
874 if ($this->flexFormValue('redirectPageLogin', 's_redirect')) {
875 $flex['redirectPageLogin'] = $this->flexFormValue('redirectPageLogin', 's_redirect');
876 }
877 if ($this->flexFormValue('redirectPageLoginError', 's_redirect')) {
878 $flex['redirectPageLoginError'] = $this->flexFormValue('redirectPageLoginError', 's_redirect');
879 }
880 if ($this->flexFormValue('redirectPageLogout', 's_redirect')) {
881 $flex['redirectPageLogout'] = $this->flexFormValue('redirectPageLogout', 's_redirect');
882 }
883 $pid = $flex['pages'] ? $this->pi_getPidList($flex['pages'], $flex['recursive']) : 0;
884 if ($pid > 0) {
885 $flex['storagePid'] = $pid;
886 }
887 $this->conf = array_merge($this->conf, $flex);
888 }
889
890 /**
891 * Loads a variable from the flexform
892 *
893 * @param string $var Name of variable
894 * @param string $sheet Name of sheet
895 * @return string Value of var
896 */
897 protected function flexFormValue($var, $sheet)
898 {
899 return $this->pi_getFFvalue($this->cObj->data['pi_flexform'], $var, $sheet);
900 }
901
902 /**
903 * Generate link with typolink function
904 *
905 * @param string $label Linktext
906 * @param array $piVars Link vars
907 * @param bool $returnUrl TRUE: returns only url FALSE (default) returns the link)
908 * @return string Link or url
909 */
910 protected function getPageLink($label, $piVars, $returnUrl = false)
911 {
912 $additionalParams = '';
913 if (!empty($piVars)) {
914 foreach ($piVars as $key => $val) {
915 $additionalParams .= '&' . $key . '=' . $val;
916 }
917 }
918 // Should GETvars be preserved?
919 if ($this->conf['preserveGETvars']) {
920 $additionalParams .= $this->getPreserveGetVars();
921 }
922 $this->conf['linkConfig.']['parameter'] = $this->frontendController->id;
923 if ($additionalParams) {
924 $this->conf['linkConfig.']['additionalParams'] = $additionalParams;
925 }
926 if ($returnUrl) {
927 return htmlspecialchars($this->cObj->typoLink_URL($this->conf['linkConfig.']));
928 } else {
929 return $this->cObj->typoLink($label, $this->conf['linkConfig.']);
930 }
931 }
932
933 /**
934 * Add additional parameters for links according to TS setting preserveGETvars.
935 * Possible values are "all" or a comma separated list of allowed GET-vars.
936 * Supports multi-dimensional GET-vars.
937 * Some hardcoded values are dropped.
938 *
939 * @return string additionalParams-string
940 */
941 protected function getPreserveGetVars()
942 {
943 $getVars = GeneralUtility::_GET();
944 unset(
945 $getVars['id'],
946 $getVars['no_cache'],
947 $getVars['logintype'],
948 $getVars['redirect_url'],
949 $getVars['cHash'],
950 $getVars[$this->prefixId]
951 );
952 if ($this->conf['preserveGETvars'] === 'all') {
953 $preserveQueryParts = $getVars;
954 } else {
955 $preserveQueryParts = GeneralUtility::trimExplode(',', $this->conf['preserveGETvars']);
956 $preserveQueryParts = GeneralUtility::explodeUrl2Array(implode('=1&', $preserveQueryParts) . '=1', true);
957 $preserveQueryParts = \TYPO3\CMS\Core\Utility\ArrayUtility::intersectRecursive($getVars, $preserveQueryParts);
958 }
959 $parameters = GeneralUtility::implodeArrayForUrl('', $preserveQueryParts);
960 return $parameters;
961 }
962
963 /**
964 * Is used by forgot password - function with md5 option.
965 * @param int $len Length of new password
966 * @return string New password
967 */
968 protected function generatePassword($len)
969 {
970 $pass = '';
971 while ($len--) {
972 $char = rand(0, 35);
973 if ($char < 10) {
974 $pass .= '' . $char;
975 } else {
976 $pass .= chr($char - 10 + 97);
977 }
978 }
979 return $pass;
980 }
981
982 /**
983 * Returns the header / message value from flexform if present, else from locallang.xlf
984 *
985 * @param string $label label name
986 * @param array $stdWrapArray TS stdWrap array
987 * @return string label text
988 */
989 protected function getDisplayText($label, $stdWrapArray = [])
990 {
991 $text = $this->flexFormValue($label, 's_messages') ? $this->cObj->stdWrap($this->flexFormValue($label, 's_messages'), $stdWrapArray) : $this->cObj->stdWrap($this->pi_getLL('ll_' . $label), $stdWrapArray);
992 $replace = $this->getUserFieldMarkers();
993 return strtr($text, $replace);
994 }
995
996 /**
997 * Returns Array of markers filled with user fields
998 *
999 * @return array Marker array
1000 */
1001 protected function getUserFieldMarkers()
1002 {
1003 $marker = [];
1004 // replace markers with fe_user data
1005 if ($this->frontendController->fe_user->user) {
1006 // All fields of fe_user will be replaced, scheme is ###FEUSER_FIELDNAME###
1007 foreach ($this->frontendController->fe_user->user as $field => $value) {
1008 $marker['###FEUSER_' . strtoupper($field) . '###'] = $this->cObj->stdWrap($value, $this->conf['userfields.'][$field . '.']);
1009 }
1010 // Add ###USER### for compatibility
1011 $marker['###USER###'] = $marker['###FEUSER_USERNAME###'];
1012 }
1013 return $marker;
1014 }
1015
1016 /**
1017 * Returns a valid and XSS cleaned url for redirect, checked against configuration "allowedRedirectHosts"
1018 *
1019 * @param string $url
1020 * @return string cleaned referer or empty string if not valid
1021 */
1022 protected function validateRedirectUrl($url)
1023 {
1024 $url = strval($url);
1025 if ($url === '') {
1026 return '';
1027 }
1028 // Validate the URL:
1029 if ($this->isRelativeUrl($url) || $this->isInCurrentDomain($url) || $this->isInLocalDomain($url)) {
1030 return $url;
1031 }
1032 // URL is not allowed
1033 GeneralUtility::sysLog(sprintf($this->pi_getLL('noValidRedirectUrl'), $url), 'felogin', GeneralUtility::SYSLOG_SEVERITY_WARNING);
1034 return '';
1035 }
1036
1037 /**
1038 * Determines whether the URL is on the current host and belongs to the
1039 * current TYPO3 installation. The scheme part is ignored in the comparison.
1040 *
1041 * @param string $url URL to be checked
1042 * @return bool Whether the URL belongs to the current TYPO3 installation
1043 */
1044 protected function isInCurrentDomain($url)
1045 {
1046 $urlWithoutSchema = preg_replace('#^https?://#', '', $url);
1047 $siteUrlWithoutSchema = preg_replace('#^https?://#', '', GeneralUtility::getIndpEnv('TYPO3_SITE_URL'));
1048 return strpos($urlWithoutSchema . '/', GeneralUtility::getIndpEnv('HTTP_HOST') . '/') === 0
1049 && strpos($urlWithoutSchema, $siteUrlWithoutSchema) === 0;
1050 }
1051
1052 /**
1053 * Determines whether the URL matches a domain
1054 * in the sys_domain database table.
1055 *
1056 * @param string $url Absolute URL which needs to be checked
1057 * @return bool Whether the URL is considered to be local
1058 */
1059 protected function isInLocalDomain($url)
1060 {
1061 $result = false;
1062 if (GeneralUtility::isValidUrl($url)) {
1063 $parsedUrl = parse_url($url);
1064 if ($parsedUrl['scheme'] === 'http' || $parsedUrl['scheme'] === 'https') {
1065 $host = $parsedUrl['host'];
1066 // Removes the last path segment and slash sequences like /// (if given):
1067 $path = preg_replace('#/+[^/]*$#', '', $parsedUrl['path']);
1068
1069 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('sys_domain');
1070 $queryBuilder->setRestrictions(GeneralUtility::makeInstance(FrontendRestrictionContainer::class));
1071 $localDomains = $queryBuilder->select('domainName')
1072 ->from('sys_domain')
1073 ->execute()
1074 ->fetchAll();
1075
1076 if (is_array($localDomains)) {
1077 foreach ($localDomains as $localDomain) {
1078 // strip trailing slashes (if given)
1079 $domainName = rtrim($localDomain['domainName'], '/');
1080 if (GeneralUtility::isFirstPartOfStr($host . $path . '/', $domainName . '/')) {
1081 $result = true;
1082 break;
1083 }
1084 }
1085 }
1086 }
1087 }
1088 return $result;
1089 }
1090
1091 /**
1092 * Determines whether the URL is relative to the
1093 * current TYPO3 installation.
1094 *
1095 * @param string $url URL which needs to be checked
1096 * @return bool Whether the URL is considered to be relative
1097 */
1098 protected function isRelativeUrl($url)
1099 {
1100 $url = GeneralUtility::sanitizeLocalUrl($url);
1101 if (!empty($url)) {
1102 $parsedUrl = @parse_url($url);
1103 if ($parsedUrl !== false && !isset($parsedUrl['scheme']) && !isset($parsedUrl['host'])) {
1104 // If the relative URL starts with a slash, we need to check if it's within the current site path
1105 return $parsedUrl['path'][0] !== '/' || GeneralUtility::isFirstPartOfStr($parsedUrl['path'], GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'));
1106 }
1107 }
1108 return false;
1109 }
1110
1111 /**
1112 * Get TypoScriptFrontendController
1113 *
1114 * @return TypoScriptFrontendController
1115 */
1116 protected function getTypoScriptFrontendController()
1117 {
1118 return $GLOBALS['TSFE'];
1119 }
1120 }