c80358cbd591af6168490963eae804401fd263e8
[Packages/TYPO3.CMS.git] / typo3 / sysext / saltedpasswords / Classes / Utility / SaltedPasswordsUtility.php
1 <?php
2 namespace TYPO3\CMS\Saltedpasswords\Utility;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 /**
18 * General library class.
19 */
20 class SaltedPasswordsUtility
21 {
22 /**
23 * Keeps this extension's key.
24 */
25 const EXTKEY = 'saltedpasswords';
26
27 /**
28 * Calculates number of backend users, who have no saltedpasswords
29 * protection.
30 *
31 * @return int
32 */
33 public static function getNumberOfBackendUsersWithInsecurePassword()
34 {
35 $userCount = $GLOBALS['TYPO3_DB']->exec_SELECTcountRows(
36 '*',
37 'be_users',
38 'password != \'\''
39 . ' AND password NOT LIKE ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('$%', 'be_users')
40 . ' AND password NOT LIKE ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('M$%', 'be_users')
41 );
42 return $userCount;
43 }
44
45 /**
46 * Returns extension configuration data from $TYPO3_CONF_VARS (configurable in Extension Manager)
47 * @param string $mode TYPO3_MODE, whether Configuration for Frontend or Backend should be delivered
48 * @return array Extension configuration data
49 */
50 public static function returnExtConf($mode = TYPO3_MODE)
51 {
52 $currentConfiguration = self::returnExtConfDefaults();
53 if (isset($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'])) {
54 $extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords']);
55 // Merge default configuration with modified configuration:
56 if (isset($extensionConfiguration[$mode . '.'])) {
57 $currentConfiguration = array_merge($currentConfiguration, $extensionConfiguration[$mode . '.']);
58 }
59 }
60 return $currentConfiguration;
61 }
62
63 /**
64 * Hook function for felogin "forgotPassword" functionality
65 * encrypts the new password before storing in database
66 *
67 * @param array $params Parameter the hook delivers
68 * @param \TYPO3\CMS\Felogin\Controller\FrontendLoginController $pObj Parent Object from which the hook is called
69 * @return void
70 */
71 public function feloginForgotPasswordHook(array &$params, \TYPO3\CMS\Felogin\Controller\FrontendLoginController $pObj)
72 {
73 if (self::isUsageEnabled('FE')) {
74 $objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance();
75 $params['newPassword'] = $objInstanceSaltedPW->getHashedPassword($params['newPassword']);
76 }
77 }
78
79 /**
80 * Returns default configuration of this extension.
81 *
82 * @return array Default extension configuration data for localconf.php
83 */
84 public static function returnExtConfDefaults()
85 {
86 return array(
87 'onlyAuthService' => '0',
88 'forceSalted' => '0',
89 'updatePasswd' => '1',
90 'saltedPWHashingMethod' => \TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::class,
91 'enabled' => '1'
92 );
93 }
94
95 /**
96 * Function determines the default(=configured) type of
97 * salted hashing method to be used.
98 *
99 * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
100 * @return string Classname of object to be used
101 */
102 public static function getDefaultSaltingHashingMethod($mode = TYPO3_MODE)
103 {
104 $extConf = self::returnExtConf($mode);
105 $classNameToUse = \TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::class;
106 if (in_array($extConf['saltedPWHashingMethod'], array_keys(\TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getRegisteredSaltedHashingMethods()))) {
107 $classNameToUse = $extConf['saltedPWHashingMethod'];
108 }
109 return $classNameToUse;
110 }
111
112 /**
113 * Returns information if salted password hashes are
114 * indeed used in the TYPO3_MODE.
115 *
116 * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
117 * @return bool TRUE, if salted password hashes are used in the TYPO3_MODE, otherwise FALSE
118 */
119 public static function isUsageEnabled($mode = TYPO3_MODE)
120 {
121 // Login Security Level Recognition
122 $extConf = self::returnExtConf($mode);
123 $securityLevel = trim($GLOBALS['TYPO3_CONF_VARS'][$mode]['loginSecurityLevel']) ?: 'normal';
124 if ($mode === 'BE') {
125 return true;
126 } elseif ($mode === 'FE' && $extConf['enabled']) {
127 return $securityLevel === 'normal' || $securityLevel === 'rsa';
128 }
129 return false;
130 }
131 }