b4f079594a80e1ecebdd4e04d3b0ac071ce5c0f9
[Packages/TYPO3.CMS.git] / typo3 / sysext / setup / Classes / Controller / SetupModuleController.php
1 <?php
2 namespace TYPO3\CMS\Setup\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
19 use TYPO3\CMS\Backend\Backend\Avatar\DefaultAvatarProvider;
20 use TYPO3\CMS\Backend\Module\ModuleLoader;
21 use TYPO3\CMS\Backend\Routing\UriBuilder;
22 use TYPO3\CMS\Backend\Template\ModuleTemplate;
23 use TYPO3\CMS\Backend\Utility\BackendUtility;
24 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
25 use TYPO3\CMS\Core\Compatibility\PublicMethodDeprecationTrait;
26 use TYPO3\CMS\Core\Compatibility\PublicPropertyDeprecationTrait;
27 use TYPO3\CMS\Core\Core\Environment;
28 use TYPO3\CMS\Core\Crypto\PasswordHashing\InvalidPasswordHashException;
29 use TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
30 use TYPO3\CMS\Core\Database\ConnectionPool;
31 use TYPO3\CMS\Core\DataHandling\DataHandler;
32 use TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
33 use TYPO3\CMS\Core\Http\HtmlResponse;
34 use TYPO3\CMS\Core\Imaging\Icon;
35 use TYPO3\CMS\Core\Imaging\IconFactory;
36 use TYPO3\CMS\Core\Localization\Locales;
37 use TYPO3\CMS\Core\Messaging\FlashMessage;
38 use TYPO3\CMS\Core\Messaging\FlashMessageService;
39 use TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException;
40 use TYPO3\CMS\Core\Resource\ResourceFactory;
41 use TYPO3\CMS\Core\Utility\GeneralUtility;
42
43 /**
44 * Script class for the Setup module
45 *
46 * @internal This is a specific Backend Controller implementation and is not considered part of the Public TYPO3 API.
47 */
48 class SetupModuleController
49 {
50 use PublicPropertyDeprecationTrait;
51 use PublicMethodDeprecationTrait;
52
53 /**
54 * Flag if password has not been updated
55 */
56 const PASSWORD_NOT_UPDATED = 0;
57
58 /**
59 * Flag if password has been updated
60 */
61 const PASSWORD_UPDATED = 1;
62
63 /**
64 * Flag if both new passwords do not match
65 */
66 const PASSWORD_NOT_THE_SAME = 2;
67
68 /**
69 * Flag if the current password given was not identical to the real
70 * current password
71 */
72 const PASSWORD_OLD_WRONG = 3;
73
74 /**
75 * Properties which have been moved to protected status from public
76 *
77 * @var array
78 */
79 private $deprecatedPublicProperties = [
80 'OLD_BE_USER' => 'Using $OLD_BE_USER of class SetupModuleController from the outside is discouraged, the variable will be removed.',
81 'MOD_MENU' => 'Using $MOD_MENU of class SetupModuleController from the outside is discouraged, the variable will be removed.',
82 'MOD_SETTINGS' => 'Using $MOD_SETTINGS of class SetupModuleController from the outside is discouraged, the variable will be removed.',
83 'content' => 'Using $content of class SetupModuleController from the outside is discouraged, as this variable is only used for internal storage.',
84 'overrideConf' => 'Using $overrideConf of class SetupModuleController from the outside is discouraged, as this variable is only used for internal storage.',
85 'languageUpdate' => 'Using $languageUpdate of class SetupModuleController from the outside is discouraged, as this variable is only used for internal storage.',
86 ];
87
88 /**
89 * @var array
90 */
91 private $deprecatedPublicMethods = [
92 'storeIncomingData' => 'Using SetupModuleController::storeIncomingData() is deprecated and will not be possible anymore in TYPO3 v10.0.',
93 'main' => 'Using SetupModuleController::main() is deprecated and will not be possible anymore in TYPO3 v10.0.',
94 'init' => 'Using SetupModuleController::init() is deprecated and will not be possible anymore in TYPO3 v10.0.',
95 ];
96
97 /**
98 * @var array
99 */
100 protected $MOD_MENU = [];
101
102 /**
103 * @var array
104 */
105 protected $MOD_SETTINGS = [];
106
107 /**
108 * @var string
109 */
110 protected $content;
111
112 /**
113 * @var array
114 */
115 protected $overrideConf;
116
117 /**
118 * @deprecated will be removed in TYPO3 v10.0
119 */
120 protected $OLD_BE_USER;
121
122 /**
123 * @var bool
124 */
125 protected $languageUpdate;
126
127 /**
128 * @var bool
129 */
130 protected $pagetreeNeedsRefresh = false;
131
132 /**
133 * @var bool
134 */
135 protected $isAdmin;
136
137 /**
138 * @var array
139 */
140 protected $tsFieldConf;
141
142 /**
143 * @var bool
144 */
145 protected $saveData = false;
146
147 /**
148 * @var int
149 */
150 protected $passwordIsUpdated = self::PASSWORD_NOT_UPDATED;
151
152 /**
153 * @var bool
154 */
155 protected $passwordIsSubmitted = false;
156
157 /**
158 * @var bool
159 */
160 protected $setupIsUpdated = false;
161
162 /**
163 * @var bool
164 */
165 protected $settingsAreResetToDefault = false;
166
167 /**
168 * Form protection instance
169 *
170 * @var \TYPO3\CMS\Core\FormProtection\BackendFormProtection
171 */
172 protected $formProtection;
173
174 /**
175 * @var string
176 */
177 protected $simulateSelector = '';
178
179 /**
180 * @var int
181 */
182 protected $simUser;
183
184 /**
185 * The name of the module
186 *
187 * @var string
188 */
189 protected $moduleName = 'user_setup';
190
191 /**
192 * ModuleTemplate object
193 *
194 * @var ModuleTemplate
195 */
196 protected $moduleTemplate;
197
198 /**
199 * Instantiate the form protection before a simulated user is initialized.
200 */
201 public function __construct()
202 {
203 $this->moduleTemplate = GeneralUtility::makeInstance(ModuleTemplate::class);
204 $this->formProtection = FormProtectionFactory::get();
205 $pageRenderer = $this->moduleTemplate->getPageRenderer();
206 $pageRenderer->loadRequireJsModule('TYPO3/CMS/Backend/Modal');
207 $pageRenderer->loadRequireJsModule('TYPO3/CMS/Backend/FormEngine');
208 $pageRenderer->addInlineSetting('FormEngine', 'formName', 'editform');
209 $pageRenderer->addInlineLanguageLabelArray([
210 'FormEngine.remainingCharacters' => $this->getLanguageService()->sL('LLL:EXT:core/Resources/Private/Language/locallang_core.xlf:labels.remainingCharacters'),
211 ]);
212 }
213
214 /**
215 * Getter for the form protection instance.
216 *
217 * @return \TYPO3\CMS\Core\FormProtection\BackendFormProtection
218 * @deprecated since TYPO3 v9, will be removed in TYPO3 v10.0.
219 */
220 public function getFormProtection()
221 {
222 trigger_error('SetupModuleController->getFormProtection() will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);
223 return $this->formProtection;
224 }
225
226 /**
227 * If settings are submitted to _POST[DATA], store them
228 * NOTICE: This method is called before the \TYPO3\CMS\Backend\Template\ModuleTemplate
229 * is included. See bottom of document.
230 */
231 protected function storeIncomingData()
232 {
233 // First check if something is submitted in the data-array from POST vars
234 $d = GeneralUtility::_POST('data');
235 $columns = $GLOBALS['TYPO3_USER_SETTINGS']['columns'];
236 $backendUser = $this->getBackendUser();
237 $beUserId = $backendUser->user['uid'];
238 $storeRec = [];
239 $fieldList = $this->getFieldsFromShowItem();
240 if (is_array($d) && $this->formProtection->validateToken((string)GeneralUtility::_POST('formToken'), 'BE user setup', 'edit')) {
241 // UC hashed before applying changes
242 $save_before = md5(serialize($backendUser->uc));
243 // PUT SETTINGS into the ->uc array:
244 // Reload left frame when switching BE language
245 if (isset($d['lang']) && $d['lang'] != $backendUser->uc['lang']) {
246 $this->languageUpdate = true;
247 }
248 // Reload pagetree if the title length is changed
249 if (isset($d['titleLen']) && $d['titleLen'] !== $backendUser->uc['titleLen']) {
250 $this->pagetreeNeedsRefresh = true;
251 }
252 if ($d['setValuesToDefault']) {
253 // If every value should be default
254 $backendUser->resetUC();
255 $this->settingsAreResetToDefault = true;
256 } elseif ($d['save']) {
257 // Save all submitted values if they are no array (arrays are with table=be_users) and exists in $GLOBALS['TYPO3_USER_SETTINGS'][columns]
258 foreach ($columns as $field => $config) {
259 if (!in_array($field, $fieldList)) {
260 continue;
261 }
262 if ($config['table']) {
263 if ($config['table'] === 'be_users' && !in_array($field, ['password', 'password2', 'passwordCurrent', 'email', 'realName', 'admin', 'avatar'])) {
264 if (!isset($config['access']) || $this->checkAccess($config) && $backendUser->user[$field] !== $d['be_users'][$field]) {
265 if ($config['type'] === 'check') {
266 $fieldValue = isset($d['be_users'][$field]) ? 1 : 0;
267 } else {
268 $fieldValue = $d['be_users'][$field];
269 }
270 $storeRec['be_users'][$beUserId][$field] = $fieldValue;
271 $backendUser->user[$field] = $fieldValue;
272 }
273 }
274 }
275 if ($config['type'] === 'check') {
276 $backendUser->uc[$field] = isset($d[$field]) ? 1 : 0;
277 } else {
278 $backendUser->uc[$field] = htmlspecialchars($d[$field]);
279 }
280 }
281 // Personal data for the users be_user-record (email, name, password...)
282 // If email and name is changed, set it in the users record:
283 $be_user_data = $d['be_users'];
284 // Possibility to modify the transmitted values. Useful to do transformations, like RSA password decryption
285 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['modifyUserDataBeforeSave'] ?? [] as $function) {
286 $params = ['be_user_data' => &$be_user_data];
287 GeneralUtility::callUserFunction($function, $params, $this);
288 }
289 $this->passwordIsSubmitted = (string)$be_user_data['password'] !== '';
290 $passwordIsConfirmed = $this->passwordIsSubmitted && $be_user_data['password'] === $be_user_data['password2'];
291 // Update the real name:
292 if ($be_user_data['realName'] !== $backendUser->user['realName']) {
293 $backendUser->user['realName'] = ($storeRec['be_users'][$beUserId]['realName'] = substr($be_user_data['realName'], 0, 80));
294 }
295 // Update the email address:
296 if ($be_user_data['email'] !== $backendUser->user['email']) {
297 $backendUser->user['email'] = ($storeRec['be_users'][$beUserId]['email'] = substr($be_user_data['email'], 0, 80));
298 }
299 // Update the password:
300 if ($passwordIsConfirmed) {
301 if ($this->isAdmin) {
302 $passwordOk = true;
303 } else {
304 $currentPasswordHashed = $GLOBALS['BE_USER']->user['password'];
305 $passwordOk = false;
306 $saltFactory = GeneralUtility::makeInstance(PasswordHashFactory::class);
307 try {
308 $hashInstance = $saltFactory->get($currentPasswordHashed, 'BE');
309 $passwordOk = $hashInstance->checkPassword($be_user_data['passwordCurrent'], $currentPasswordHashed);
310 } catch (InvalidPasswordHashException $e) {
311 // Could not find hash class responsible for existing password. This is a
312 // misconfiguration and user can not change its password.
313 }
314 }
315 if ($passwordOk) {
316 $this->passwordIsUpdated = self::PASSWORD_UPDATED;
317 $storeRec['be_users'][$beUserId]['password'] = $be_user_data['password'];
318 } else {
319 $this->passwordIsUpdated = self::PASSWORD_OLD_WRONG;
320 }
321 } else {
322 $this->passwordIsUpdated = self::PASSWORD_NOT_THE_SAME;
323 }
324
325 $this->setAvatarFileUid($beUserId, $be_user_data['avatar'], $storeRec);
326
327 $this->saveData = true;
328 }
329 // Inserts the overriding values.
330 $backendUser->overrideUC();
331 $save_after = md5(serialize($backendUser->uc));
332 // If something in the uc-array of the user has changed, we save the array...
333 if ($save_before != $save_after) {
334 $backendUser->writeUC($backendUser->uc);
335 $backendUser->writelog(254, 1, 0, 1, 'Personal settings changed', []);
336 $this->setupIsUpdated = true;
337 }
338 // Persist data if something has changed:
339 if (!empty($storeRec) && $this->saveData) {
340 // Make instance of TCE for storing the changes.
341 $dataHandler = GeneralUtility::makeInstance(DataHandler::class);
342 $dataHandler->start($storeRec, []);
343 $dataHandler->admin = true;
344 // This is to make sure that the users record can be updated even if in another workspace. This is tolerated.
345 $dataHandler->bypassWorkspaceRestrictions = true;
346 $dataHandler->process_datamap();
347 if ($this->passwordIsUpdated === self::PASSWORD_NOT_UPDATED || count($storeRec['be_users'][$beUserId]) > 1) {
348 $this->setupIsUpdated = true;
349 }
350 BackendUtility::setUpdateSignal('updateTopbar');
351 }
352 }
353 }
354
355 /**
356 * Initializes the module for display of the settings form.
357 */
358 protected function init()
359 {
360 $this->getLanguageService()->includeLLFile('EXT:setup/Resources/Private/Language/locallang.xlf');
361 $backendUser = $this->getBackendUser();
362 $this->isAdmin = $backendUser->isAdmin();
363 // Getting the 'override' values as set might be set in User TSconfig
364 $this->overrideConf = $backendUser->getTSConfig()['setup.']['override.'] ?? null;
365 // Getting the disabled fields might be set in User TSconfig (eg setup.fields.password.disabled=1)
366 $this->tsFieldConf = $backendUser->getTSConfig()['setup.']['fields.'] ?? null;
367 // id password is disabled, disable repeat of password too (password2)
368 if (isset($this->tsFieldConf['password.']) && $this->tsFieldConf['password.']['disabled']) {
369 $this->tsFieldConf['password2.']['disabled'] = 1;
370 $this->tsFieldConf['passwordCurrent.']['disabled'] = 1;
371 }
372 }
373
374 /**
375 * Generate necessary JavaScript
376 *
377 * @return string
378 */
379 protected function getJavaScript()
380 {
381 $javaScript = '';
382 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['setupScriptHook'] ?? [] as $function) {
383 $params = [];
384 $javaScript .= GeneralUtility::callUserFunction($function, $params, $this);
385 }
386 return $javaScript;
387 }
388
389 /**
390 * Generate the main settings form:
391 */
392 protected function main()
393 {
394 $uriBuilder = GeneralUtility::makeInstance(UriBuilder::class);
395 $this->content .= '<form action="' . (string)$uriBuilder->buildUriFromRoute('user_setup') . '" method="post" id="SetupModuleController" name="usersetup" enctype="multipart/form-data">';
396 if ($this->languageUpdate) {
397 $this->moduleTemplate->addJavaScriptCode('languageUpdate', '
398 if (top && top.TYPO3.ModuleMenu.App) {
399 top.TYPO3.ModuleMenu.App.refreshMenu();
400 }
401 ');
402 }
403 if ($this->pagetreeNeedsRefresh) {
404 BackendUtility::setUpdateSignal('updatePageTree');
405 }
406 // Start page:
407 $this->moduleTemplate->getPageRenderer()->addJsFile('EXT:backend/Resources/Public/JavaScript/md5.js');
408 // Use a wrapper div
409 $this->content .= '<div id="user-setup-wrapper">';
410 $this->content .= $this->moduleTemplate->header($this->getLanguageService()->getLL('UserSettings'));
411 $this->addFlashMessages();
412
413 // Render the menu items
414 $menuItems = $this->renderUserSetup();
415 $this->content .= $this->moduleTemplate->getDynamicTabMenu($menuItems, 'user-setup', 1, false, false);
416 $formToken = $this->formProtection->generateToken('BE user setup', 'edit');
417 $this->content .= '<div>';
418 $this->content .= '<input type="hidden" name="simUser" value="' . (int)$this->simUser . '" />
419 <input type="hidden" name="formToken" value="' . htmlspecialchars($formToken) . '" />
420 <input type="hidden" value="1" name="data[save]" />
421 <input type="hidden" name="data[setValuesToDefault]" value="0" id="setValuesToDefault" />';
422 $this->content .= '</div>';
423 // End of wrapper div
424 $this->content .= '</div>';
425 // Setting up the buttons and markers for docheader
426 $this->getButtons();
427 // Build the <body> for the module
428 // Renders the module page
429 $this->moduleTemplate->setContent($this->content);
430 $this->content .= '</form>';
431 }
432
433 /**
434 * Injects the request object for the current request or subrequest
435 * Simply calls main() and init() and writes the content to the response
436 *
437 * @param ServerRequestInterface $request the current request
438 * @return ResponseInterface the response with the content
439 */
440 public function mainAction(ServerRequestInterface $request): ResponseInterface
441 {
442 $this->init();
443 $this->storeIncomingData();
444 $this->main();
445 return new HtmlResponse($this->moduleTemplate->renderContent());
446 }
447
448 /**
449 * Create the panel of buttons for submitting the form or otherwise perform operations.
450 */
451 protected function getButtons()
452 {
453 $buttonBar = $this->moduleTemplate->getDocHeaderComponent()->getButtonBar();
454 $cshButton = $buttonBar->makeHelpButton()
455 ->setModuleName('_MOD_user_setup')
456 ->setFieldName('');
457 $buttonBar->addButton($cshButton);
458
459 $saveButton = $buttonBar->makeInputButton()
460 ->setName('data[save]')
461 ->setTitle($this->getLanguageService()->sL('LLL:EXT:core/Resources/Private/Language/locallang_core.xlf:rm.saveDoc'))
462 ->setValue('1')
463 ->setForm('SetupModuleController')
464 ->setShowLabelText(true)
465 ->setIcon($this->moduleTemplate->getIconFactory()->getIcon('actions-document-save', Icon::SIZE_SMALL));
466
467 $buttonBar->addButton($saveButton);
468 $shortcutButton = $buttonBar->makeShortcutButton()
469 ->setModuleName($this->moduleName);
470 $buttonBar->addButton($shortcutButton);
471 }
472
473 /******************************
474 *
475 * Render module
476 *
477 ******************************/
478
479 /**
480 * renders the data for all tabs in the user setup and returns
481 * everything that is needed with tabs and dyntab menu
482 *
483 * @return array Ready to use for the dyntabmenu itemarray
484 */
485 protected function renderUserSetup()
486 {
487 $backendUser = $this->getBackendUser();
488 $html = '';
489 $result = [];
490 $firstTabLabel = '';
491 $code = [];
492 $fieldArray = $this->getFieldsFromShowItem();
493 $tabLabel = '';
494 foreach ($fieldArray as $fieldName) {
495 $config = $GLOBALS['TYPO3_USER_SETTINGS']['columns'][$fieldName];
496 if (isset($config['access']) && !$this->checkAccess($config)) {
497 continue;
498 }
499
500 if (strpos($fieldName, '--div--;') === 0) {
501 if ($firstTabLabel === '') {
502 // First tab
503 $tabLabel = $this->getLabel(substr($fieldName, 8), '', false);
504 $firstTabLabel = $tabLabel;
505 } else {
506 $result[] = [
507 'label' => $tabLabel,
508 'content' => count($code) ? implode(LF, $code) : ''
509 ];
510 $tabLabel = $this->getLabel(substr($fieldName, 8), '', false);
511 $code = [];
512 }
513 continue;
514 }
515 $label = $this->getLabel($config['label'], $fieldName);
516 $label = $this->getCSH($config['csh'] ?: $fieldName, $label);
517 $type = $config['type'];
518 $class = $config['class'];
519 if ($type !== 'check') {
520 $class .= ' form-control';
521 }
522 $more = '';
523 if ($class) {
524 $more .= ' class="' . htmlspecialchars($class) . '"';
525 }
526 $style = $config['style'];
527 if ($style) {
528 $more .= ' style="' . htmlspecialchars($style) . '"';
529 }
530 if (isset($this->overrideConf[$fieldName])) {
531 $more .= ' disabled="disabled"';
532 }
533 $value = $config['table'] === 'be_users' ? $backendUser->user[$fieldName] : $backendUser->uc[$fieldName];
534 if (!$value && isset($config['default'])) {
535 $value = $config['default'];
536 }
537 $dataAdd = '';
538 if ($config['table'] === 'be_users') {
539 $dataAdd = '[be_users]';
540 }
541
542 switch ($type) {
543 case 'text':
544 case 'number':
545 case 'email':
546 case 'password':
547 $noAutocomplete = '';
548
549 $maxLength = $config['max'] ?? 0;
550 if ((int)$maxLength > 0) {
551 $more .= ' maxlength="' . (int)$maxLength . '"';
552 }
553
554 if ($type === 'password') {
555 $value = '';
556 $noAutocomplete = 'autocomplete="off" ';
557 $more .= ' data-rsa-encryption=""';
558 }
559 $html = '<input id="field_' . htmlspecialchars($fieldName) . '"
560 type="' . htmlspecialchars($type) . '"
561 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']" ' .
562 $noAutocomplete .
563 'value="' . htmlspecialchars($value) . '" ' .
564 $more .
565 ' />';
566 break;
567 case 'check':
568 $html = $label . '<div class="checkbox"><label><input id="field_' . htmlspecialchars($fieldName) . '"
569 type="checkbox"
570 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' .
571 ($value ? ' checked="checked"' : '') .
572 $more .
573 ' /></label></div>';
574 $label = '';
575 break;
576 case 'select':
577 if ($config['itemsProcFunc']) {
578 $html = GeneralUtility::callUserFunction($config['itemsProcFunc'], $config, $this);
579 } else {
580 $html = '<select id="field_' . htmlspecialchars($fieldName) . '"
581 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' .
582 $more . '>' . LF;
583 foreach ($config['items'] as $key => $optionLabel) {
584 $html .= '<option value="' . htmlspecialchars($key) . '"' . ($value == $key ? ' selected="selected"' : '') . '>' . $this->getLabel($optionLabel, '', false) . '</option>' . LF;
585 }
586 $html .= '</select>';
587 }
588 break;
589 case 'user':
590 $html = GeneralUtility::callUserFunction($config['userFunc'], $config, $this);
591 break;
592 case 'button':
593 if ($config['onClick']) {
594 $onClick = $config['onClick'];
595 if ($config['onClickLabels']) {
596 foreach ($config['onClickLabels'] as $key => $labelclick) {
597 $config['onClickLabels'][$key] = $this->getLabel($labelclick, '', false);
598 }
599 $onClick = vsprintf($onClick, $config['onClickLabels']);
600 }
601 $html = '<br><input class="btn btn-default" type="button"
602 value="' . $this->getLabel($config['buttonlabel'], '', false) . '"
603 onclick="' . $onClick . '" />';
604 }
605 if (!empty($config['confirm'])) {
606 $confirmData = $config['confirmData'];
607 $html = '<br><input class="btn btn-default t3js-modal-trigger" type="button"'
608 . ' value="' . $this->getLabel($config['buttonlabel'], '', false) . '"'
609 . ' data-href="javascript:' . htmlspecialchars($confirmData['jsCodeAfterOk']) . '"'
610 . ' data-severity="warning"'
611 . ' data-title="' . $this->getLabel($config['label'], '', false) . '"'
612 . ' data-content="' . $this->getLabel($confirmData['message'], '', false) . '" />';
613 }
614 break;
615 case 'avatar':
616 // Get current avatar image
617 $html = '<br>';
618 $avatarFileUid = $this->getAvatarFileUid($backendUser->user['uid']);
619
620 if ($avatarFileUid) {
621 $defaultAvatarProvider = GeneralUtility::makeInstance(DefaultAvatarProvider::class);
622 $avatarImage = $defaultAvatarProvider->getImage($backendUser->user, 32);
623 if ($avatarImage) {
624 $icon = '<span class="avatar"><span class="avatar-image">' .
625 '<img src="' . htmlspecialchars($avatarImage->getUrl(true)) . '"' .
626 ' width="' . (int)$avatarImage->getWidth() . '" ' .
627 'height="' . (int)$avatarImage->getHeight() . '" />' .
628 '</span></span>';
629 $html .= '<span class="pull-left" style="padding-right: 10px" id="image_' . htmlspecialchars($fieldName) . '">' . $icon . ' </span>';
630 }
631 }
632 $html .= '<input id="field_' . htmlspecialchars($fieldName) . '" type="hidden" ' .
633 'name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' . $more .
634 ' value="' . (int)$avatarFileUid . '" />';
635
636 $html .= '<div class="btn-group">';
637 $iconFactory = GeneralUtility::makeInstance(IconFactory::class);
638 if ($avatarFileUid) {
639 $html .=
640 '<a id="clear_button_' . htmlspecialchars($fieldName) . '" '
641 . 'onclick="clearExistingImage(); return false;" class="btn btn-default">'
642 . $iconFactory->getIcon('actions-delete', Icon::SIZE_SMALL)
643 . '</a>';
644 }
645 $html .=
646 '<a id="add_button_' . htmlspecialchars($fieldName) . '" class="btn btn-default btn-add-avatar"'
647 . ' onclick="openFileBrowser();return false;">'
648 . $iconFactory->getIcon('actions-insert-record', Icon::SIZE_SMALL)
649 . '</a></div>';
650
651 $this->addAvatarButtonJs($fieldName);
652 break;
653 default:
654 $html = '';
655 }
656
657 $code[] = '<div class="form-section"><div class="row"><div class="form-group t3js-formengine-field-item col-md-12">' .
658 $label .
659 $html .
660 '</div></div></div>';
661 }
662
663 $result[] = [
664 'label' => $tabLabel,
665 'content' => count($code) ? implode(LF, $code) : ''
666 ];
667 return $result;
668 }
669
670 /**
671 * Return a select with available languages.
672 * This method is called from the setup module fake TCA userFunc.
673 *
674 * @return string Complete select as HTML string or warning box if something went wrong.
675 */
676 public function renderLanguageSelect()
677 {
678 $backendUser = $this->getBackendUser();
679 $language = $this->getLanguageService();
680 $languageOptions = [];
681 // Compile the languages dropdown
682 $langDefault = htmlspecialchars($language->getLL('lang_default'));
683 $languageOptions[$langDefault] = '<option value=""' . ($backendUser->uc['lang'] === '' ? ' selected="selected"' : '') . '>' . $langDefault . '</option>';
684 // Traverse the number of languages
685 $locales = GeneralUtility::makeInstance(Locales::class);
686 $languages = $locales->getLanguages();
687 foreach ($languages as $locale => $name) {
688 if ($locale !== 'default') {
689 $defaultName = isset($GLOBALS['LOCAL_LANG']['default']['lang_' . $locale]) ? $GLOBALS['LOCAL_LANG']['default']['lang_' . $locale][0]['source'] : $name;
690 $localizedName = htmlspecialchars($language->getLL('lang_' . $locale));
691 if ($localizedName === '') {
692 $localizedName = htmlspecialchars($name);
693 }
694 $localLabel = ' - [' . htmlspecialchars($defaultName) . ']';
695 $available = in_array($locale, $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['lang']['availableLanguages'], true) && is_dir(Environment::getLabelsPath() . '/' . $locale);
696 if ($available) {
697 $languageOptions[$defaultName] = '<option value="' . $locale . '"' . ($backendUser->uc['lang'] === $locale ? ' selected="selected"' : '') . '>' . $localizedName . $localLabel . '</option>';
698 }
699 }
700 }
701 ksort($languageOptions);
702 $languageCode = '
703 <select id="field_lang" name="data[lang]" class="form-control">' . implode('', $languageOptions) . '
704 </select>';
705 if ($backendUser->uc['lang'] && !@is_dir(Environment::getLabelsPath() . '/' . $backendUser->uc['lang'])) {
706 // TODO: The text constants have to be moved into language files
707 $languageUnavailableWarning = 'The selected language "' . htmlspecialchars($language->getLL('lang_' . $backendUser->uc['lang'])) . '" is not available before the language files are installed.&nbsp;&nbsp;<br />&nbsp;&nbsp;' . ($backendUser->isAdmin() ? 'You can use the Language module to easily download new language files.' : 'Please ask your system administrator to do this.');
708 $languageCode = '<br /><span class="label label-danger">' . $languageUnavailableWarning . '</span><br /><br />' . $languageCode;
709 }
710 return $languageCode;
711 }
712
713 /**
714 * Returns a select with all modules for startup.
715 * This method is called from the setup module fake TCA userFunc.
716 *
717 * @return string Complete select as HTML string
718 */
719 public function renderStartModuleSelect()
720 {
721 // Load available backend modules
722 $backendUser = $this->getBackendUser();
723 $language = $this->getLanguageService();
724 $loadModules = GeneralUtility::makeInstance(ModuleLoader::class);
725 $loadModules->observeWorkspaces = true;
726 $loadModules->load($GLOBALS['TBE_MODULES']);
727 $startModuleSelect = '<option value="">' . htmlspecialchars($language->getLL('startModule.firstInMenu')) . '</option>';
728 foreach ($loadModules->modules as $mainMod => $modData) {
729 if (!empty($modData['sub']) && is_array($modData['sub'])) {
730 $modules = '';
731 foreach ($modData['sub'] as $subData) {
732 $modName = $subData['name'];
733 $modules .= '<option value="' . htmlspecialchars($modName) . '"';
734 $modules .= $backendUser->uc['startModule'] === $modName ? ' selected="selected"' : '';
735 $modules .= '>' . htmlspecialchars($language->sL($loadModules->getLabelsForModule($modName)['title'])) . '</option>';
736 }
737 $groupLabel = htmlspecialchars($language->sL($loadModules->getLabelsForModule($mainMod)['title']));
738 $startModuleSelect .= '<optgroup label="' . htmlspecialchars($groupLabel) . '">' . $modules . '</optgroup>';
739 }
740 }
741 return '<select id="field_startModule" name="data[startModule]" class="form-control">' . $startModuleSelect . '</select>';
742 }
743
744 /**
745 * Will make the simulate-user selector if the logged in user is administrator.
746 * It will also set the GLOBAL(!) BE_USER to the simulated user selected if any (and set $this->OLD_BE_USER to logged in user)
747 *
748 * @deprecated since TYPO3 v9, will be removed in TYPO3 v10.0.
749 */
750 public function simulateUser()
751 {
752 trigger_error('SetupModuleController->simulateUser() will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);
753 // If admin, allow simulation of another user
754 $this->simUser = 0;
755 $this->simulateSelector = '';
756 unset($this->OLD_BE_USER);
757 $currentBeUser = $this->getBackendUser();
758 if ($currentBeUser->isAdmin()) {
759 $this->simUser = (int)GeneralUtility::_GP('simUser');
760 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_users');
761 $users = $queryBuilder
762 ->select('*')
763 ->from('be_users')
764 ->where(
765 $queryBuilder->expr()->neq(
766 'uid',
767 $queryBuilder->createNamedParameter($currentBeUser->user['uid'], \PDO::PARAM_INT)
768 ),
769 $queryBuilder->expr()->notLike(
770 'username',
771 $queryBuilder->createNamedParameter(
772 $queryBuilder->escapeLikeWildcards('_cli_') . '%',
773 \PDO::PARAM_STR
774 )
775 )
776 )
777 ->orderBy('username')
778 ->execute()
779 ->fetchAll();
780 $opt = [];
781 foreach ($users as $rr) {
782 $label = $rr['username'] . ($rr['realName'] ? ' (' . $rr['realName'] . ')' : '');
783 $opt[] = '<option value="' . (int)$rr['uid'] . '"' . ($this->simUser === (int)$rr['uid'] ? ' selected="selected"' : '') . '>' . htmlspecialchars($label) . '</option>';
784 }
785 if (!empty($opt)) {
786 $uriBuilder = GeneralUtility::makeInstance(UriBuilder::class);
787 $this->simulateSelector = '<select id="field_simulate" class="form-control" name="simulateUser" onchange="window.location.href=' . GeneralUtility::quoteJSvalue((string)$uriBuilder->buildUriFromRoute('user_setup') . '&simUser=') . '+this.options[this.selectedIndex].value;"><option></option>' . implode('', $opt) . '</select>';
788 }
789 }
790 // This can only be set if the previous code was executed.
791 if ($this->simUser > 0) {
792 // Save old user...
793 $this->OLD_BE_USER = $currentBeUser;
794 // Unset current
795 // New backend user object
796 $currentBeUser = GeneralUtility::makeInstance(BackendUserAuthentication::class);
797 $currentBeUser->setBeUserByUid($this->simUser);
798 $currentBeUser->fetchGroupData();
799 $currentBeUser->backendSetUC();
800 }
801 }
802
803 /**
804 * Returns access check (currently only "admin" is supported)
805 *
806 * @param array $config Configuration of the field, access mode is defined in key 'access'
807 * @return bool Whether it is allowed to modify the given field
808 */
809 protected function checkAccess(array $config)
810 {
811 $access = $config['access'];
812
813 if (isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['setup']['accessLevelCheck'][$access])) {
814 if (class_exists($access)) {
815 $accessObject = GeneralUtility::makeInstance($access);
816 if (method_exists($accessObject, 'accessLevelCheck')) {
817 // Initialize vars. If method fails, $set will be set to FALSE
818 return $accessObject->accessLevelCheck($config);
819 }
820 }
821 } elseif ($access === 'admin') {
822 return $this->isAdmin;
823 }
824
825 return false;
826 }
827
828 /**
829 * Returns the label $str from getLL() and grays out the value if the $str/$key is found in $this->overrideConf array
830 *
831 * @param string $str Locallang key
832 * @param string $key Alternative override-config key
833 * @param bool $addLabelTag Defines whether the string should be wrapped in a <label> tag.
834 * @return string HTML output.
835 */
836 protected function getLabel($str, $key = '', $addLabelTag = true)
837 {
838 if (strpos($str, 'LLL:') === 0) {
839 $out = htmlspecialchars($this->getLanguageService()->sL($str));
840 } else {
841 $out = htmlspecialchars($str);
842 }
843 if (isset($this->overrideConf[$key ?: $str])) {
844 $out = '<span style="color:#999999">' . $out . '</span>';
845 }
846 if ($addLabelTag) {
847 $out = '<label>' . $out . '</label>';
848 }
849 return $out;
850 }
851
852 /**
853 * Returns the CSH Icon for given string
854 *
855 * @param string $str Locallang key
856 * @param string $label The label to be used, that should be wrapped in help
857 * @return string HTML output.
858 */
859 protected function getCSH($str, $label)
860 {
861 $context = '_MOD_user_setup';
862 $field = $str;
863 $strParts = explode(':', $str);
864 if (count($strParts) > 1) {
865 // Setting comes from another extension
866 $context = $strParts[0];
867 $field = $strParts[1];
868 } elseif ($str !== 'language' && $str !== 'simuser' && $str !== 'reset') {
869 $field = 'option_' . $str;
870 }
871 return BackendUtility::wrapInHelp($context, $field, $label);
872 }
873
874 /**
875 * Returns array with fields defined in $GLOBALS['TYPO3_USER_SETTINGS']['showitem']
876 * Remove fields which are disabled by user TSconfig
877 *
878 * @return string[] Array with field names visible in form
879 */
880 protected function getFieldsFromShowItem()
881 {
882 $allowedFields = GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_USER_SETTINGS']['showitem'], true);
883 if ($this->isAdmin) {
884 // Do not ask for current password if admin (unknown for other users and no security gain)
885 $key = array_search('passwordCurrent', $allowedFields);
886 if ($key !== false) {
887 unset($allowedFields[$key]);
888 }
889 }
890
891 $backendUser = $this->getBackendUser();
892 $systemMaintainers = array_map('intval', $GLOBALS['TYPO3_CONF_VARS']['SYS']['systemMaintainers'] ?? []);
893 $isCurrentUserInSystemMaintainerList = in_array((int)$backendUser->user['uid'], $systemMaintainers, true);
894 $isInSimulateUserMode = (int)$backendUser->user['ses_backuserid'] !== 0;
895 if ($isInSimulateUserMode && $isCurrentUserInSystemMaintainerList) {
896 // DataHandler denies changing password of system maintainer users in switch user mode.
897 // Do not show the password fields is this case.
898 $key = array_search('password', $allowedFields);
899 if ($key !== false) {
900 unset($allowedFields[$key]);
901 }
902 $key = array_search('password2', $allowedFields);
903 if ($key !== false) {
904 unset($allowedFields[$key]);
905 }
906 }
907
908 if (!is_array($this->tsFieldConf)) {
909 return $allowedFields;
910 }
911 foreach ($this->tsFieldConf as $fieldName => $userTsFieldConfig) {
912 if (!empty($userTsFieldConfig['disabled'])) {
913 $fieldName = rtrim($fieldName, '.');
914 $key = array_search($fieldName, $allowedFields);
915 if ($key !== false) {
916 unset($allowedFields[$key]);
917 }
918 }
919 }
920 return $allowedFields;
921 }
922
923 /**
924 * Get Avatar fileUid
925 *
926 * @param int $beUserId
927 * @return int
928 */
929 protected function getAvatarFileUid($beUserId)
930 {
931 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('sys_file_reference');
932 $file = $queryBuilder
933 ->select('uid_local')
934 ->from('sys_file_reference')
935 ->where(
936 $queryBuilder->expr()->eq(
937 'tablenames',
938 $queryBuilder->createNamedParameter('be_users', \PDO::PARAM_STR)
939 ),
940 $queryBuilder->expr()->eq(
941 'fieldname',
942 $queryBuilder->createNamedParameter('avatar', \PDO::PARAM_STR)
943 ),
944 $queryBuilder->expr()->eq(
945 'table_local',
946 $queryBuilder->createNamedParameter('sys_file', \PDO::PARAM_STR)
947 ),
948 $queryBuilder->expr()->eq(
949 'uid_foreign',
950 $queryBuilder->createNamedParameter($beUserId, \PDO::PARAM_INT)
951 )
952 )
953 ->execute()
954 ->fetchColumn();
955 return (int)$file;
956 }
957
958 /**
959 * Set avatar fileUid for backend user
960 *
961 * @param int $beUserId
962 * @param int $fileUid
963 * @param array $storeRec
964 */
965 protected function setAvatarFileUid($beUserId, $fileUid, array &$storeRec)
966 {
967
968 // Update is only needed when new fileUid is set
969 if ((int)$fileUid === $this->getAvatarFileUid($beUserId)) {
970 return;
971 }
972
973 // If user is not allowed to modify avatar $fileUid is empty - so don't overwrite existing avatar
974 if (empty($fileUid)) {
975 return;
976 }
977
978 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('sys_file_reference');
979 $queryBuilder->getRestrictions()->removeAll();
980 $queryBuilder
981 ->delete('sys_file_reference')
982 ->where(
983 $queryBuilder->expr()->eq(
984 'tablenames',
985 $queryBuilder->createNamedParameter('be_users', \PDO::PARAM_STR)
986 ),
987 $queryBuilder->expr()->eq(
988 'fieldname',
989 $queryBuilder->createNamedParameter('avatar', \PDO::PARAM_STR)
990 ),
991 $queryBuilder->expr()->eq(
992 'table_local',
993 $queryBuilder->createNamedParameter('sys_file', \PDO::PARAM_STR)
994 ),
995 $queryBuilder->expr()->eq(
996 'uid_foreign',
997 $queryBuilder->createNamedParameter($beUserId, \PDO::PARAM_INT)
998 )
999 )
1000 ->execute();
1001
1002 // If Avatar is marked for delete => set it to empty string so it will be updated properly
1003 if ($fileUid === 'delete') {
1004 $fileUid = '';
1005 }
1006
1007 // Create new reference
1008 if ($fileUid) {
1009
1010 // Get file object
1011 try {
1012 $file = ResourceFactory::getInstance()->getFileObject($fileUid);
1013 } catch (FileDoesNotExistException $e) {
1014 $file = false;
1015 }
1016
1017 // Check if user is allowed to use the image (only when not in simulation mode)
1018 if ($file && $this->simUser === 0 && !$file->getStorage()->checkFileActionPermission('read', $file)) {
1019 $file = false;
1020 }
1021
1022 // Check if extension is allowed
1023 if ($file && GeneralUtility::inList($GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext'], $file->getExtension())) {
1024
1025 // Create new file reference
1026 $storeRec['sys_file_reference']['NEW1234'] = [
1027 'uid_local' => (int)$fileUid,
1028 'uid_foreign' => (int)$beUserId,
1029 'tablenames' => 'be_users',
1030 'fieldname' => 'avatar',
1031 'pid' => 0,
1032 'table_local' => 'sys_file',
1033 ];
1034 $storeRec['be_users'][(int)$beUserId]['avatar'] = 'NEW1234';
1035 }
1036 }
1037 }
1038
1039 /**
1040 * Add JavaScript to for browse files button
1041 *
1042 * @param string $fieldName
1043 */
1044 protected function addAvatarButtonJs($fieldName)
1045 {
1046 $uriBuilder = GeneralUtility::makeInstance(UriBuilder::class);
1047 $this->moduleTemplate->addJavaScriptCode('avatar-button', '
1048 var browserWin="";
1049
1050 function openFileBrowser() {
1051 var url = ' . GeneralUtility::quoteJSvalue((string)$uriBuilder->buildUriFromRoute('wizard_element_browser', ['mode' => 'file', 'bparams' => '||||dummy|setFileUid'])) . ';
1052 browserWin = window.open(url,"Typo3WinBrowser","height=650,width=800,status=0,menubar=0,resizable=1,scrollbars=1");
1053 browserWin.focus();
1054 }
1055
1056 function clearExistingImage() {
1057 $(' . GeneralUtility::quoteJSvalue('#image_' . htmlspecialchars($fieldName)) . ').hide();
1058 $(' . GeneralUtility::quoteJSvalue('#clear_button_' . htmlspecialchars($fieldName)) . ').hide();
1059 $(' . GeneralUtility::quoteJSvalue('#field_' . htmlspecialchars($fieldName)) . ').val(\'delete\');
1060 }
1061
1062 function setFileUid(field, value, fileUid) {
1063 clearExistingImage();
1064 $(' . GeneralUtility::quoteJSvalue('#field_' . htmlspecialchars($fieldName)) . ').val(fileUid);
1065 $(' . GeneralUtility::quoteJSvalue('#add_button_' . htmlspecialchars($fieldName)) . ').removeClass(\'btn-default\').addClass(\'btn-info\');
1066
1067 browserWin.close();
1068 }
1069 ');
1070 }
1071
1072 /**
1073 * Returns the current BE user.
1074 *
1075 * @return \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
1076 */
1077 protected function getBackendUser()
1078 {
1079 return $GLOBALS['BE_USER'];
1080 }
1081
1082 /**
1083 * Returns LanguageService
1084 *
1085 * @return \TYPO3\CMS\Core\Localization\LanguageService
1086 */
1087 protected function getLanguageService()
1088 {
1089 return $GLOBALS['LANG'];
1090 }
1091
1092 /**
1093 * Add FlashMessages for various actions
1094 */
1095 protected function addFlashMessages()
1096 {
1097 $flashMessages = [];
1098
1099 // Show if setup was saved
1100 if ($this->setupIsUpdated && !$this->settingsAreResetToDefault) {
1101 $flashMessages[] = $this->getFlashMessage('setupWasUpdated', 'UserSettings');
1102 }
1103
1104 // Show if temporary data was cleared
1105 if ($this->settingsAreResetToDefault) {
1106 $flashMessages[] = $this->getFlashMessage('settingsAreReset', 'resetConfiguration');
1107 }
1108
1109 // Notice
1110 if ($this->setupIsUpdated || $this->settingsAreResetToDefault) {
1111 $flashMessages[] = $this->getFlashMessage('activateChanges', '', FlashMessage::INFO);
1112 }
1113
1114 // If password is updated, output whether it failed or was OK.
1115 if ($this->passwordIsSubmitted) {
1116 switch ($this->passwordIsUpdated) {
1117 case self::PASSWORD_OLD_WRONG:
1118 $flashMessages[] = $this->getFlashMessage('oldPassword_failed', 'newPassword', FlashMessage::ERROR);
1119 break;
1120 case self::PASSWORD_NOT_THE_SAME:
1121 $flashMessages[] = $this->getFlashMessage('newPassword_failed', 'newPassword', FlashMessage::ERROR);
1122 break;
1123 case self::PASSWORD_UPDATED:
1124 $flashMessages[] = $this->getFlashMessage('newPassword_ok', 'newPassword');
1125 break;
1126 }
1127 }
1128 if (!empty($flashMessages)) {
1129 $this->enqueueFlashMessages($flashMessages);
1130 }
1131 }
1132
1133 /**
1134 * @param array $flashMessages
1135 * @throws \TYPO3\CMS\Core\Exception
1136 */
1137 protected function enqueueFlashMessages(array $flashMessages)
1138 {
1139 $flashMessageService = GeneralUtility::makeInstance(FlashMessageService::class);
1140 $defaultFlashMessageQueue = $flashMessageService->getMessageQueueByIdentifier();
1141 foreach ($flashMessages as $flashMessage) {
1142 $defaultFlashMessageQueue->enqueue($flashMessage);
1143 }
1144 }
1145
1146 /**
1147 * @param string $message
1148 * @param string $title
1149 * @param int $severity
1150 * @return FlashMessage
1151 */
1152 protected function getFlashMessage($message, $title, $severity = FlashMessage::OK)
1153 {
1154 $title = !empty($title) ? $this->getLanguageService()->getLL($title) : ' ';
1155 return GeneralUtility::makeInstance(
1156 FlashMessage::class,
1157 $this->getLanguageService()->getLL($message),
1158 $title,
1159 $severity
1160 );
1161 }
1162 }