2 /***************************************************************
5 * (c) 1999-2004 Kasper Skaarhoj (kasperYYYY@typo3.com)
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
28 * Login-screen of TYPO3.
31 * Revised for TYPO3 3.6 December/2003 by Kasper Skaarhoj
34 * @author Kasper Skaarhoj <kasperYYYY@typo3.com>
37 * [CLASS/FUNCTION INDEX of SCRIPT]
42 * 119: function init()
43 * 150: function main()
44 * 236: function printContent()
46 * SECTION: Various functions
47 * 260: function makeLoginForm()
48 * 306: function makeLogoutForm()
49 * 348: function wrapLoginForm($content)
50 * 408: function checkRedirect()
51 * 453: function makeInterfaceSelectorBox()
52 * 507: function makeCopyrightNotice()
53 * 540: function makeLoginBoxImage()
54 * 580: function makeLoginNews()
57 * (This index is automatically created/updated by the extension "extdeveval")
62 define('TYPO3_PROCEED_IF_NO_USER', 1);
64 require ('template.php');
81 * Script Class for rendering the login form
83 * @author Kasper Skaarhoj <kasperYYYY@typo3.com>
90 var $redirect_url; // GPvar: redirect_url; The URL to redirect to after login.
91 var $GPinterface; // GPvar: Defines which interface to load (from interface selector)
92 var $u; // GPvar: preset username
93 var $p; // GPvar: preset password
94 var $L; // GPvar: If "L" is "OUT", then any logged in used is logged out. If redirect_url is given, we redirect to it
95 var $loginRefresh; // Login-refresh boolean; The backend will call this script with this value set when the login is close to being expired and the form needs to be redrawn.
96 var $commandLI; // Value of forms submit button for login.
99 var $redirectToURL; // Set to the redirect URL of the form (may be redirect_url or "alt_main.php")
100 var $L_vars; // Set to the labels used for the login screen.
102 // Internal, dynamic:
103 var $content; // Content accumulation
105 var $interfaceSelector; // A selector box for selecting value for "interface" may be rendered into this variable
106 var $interfaceSelector_jump; // A selector box for selecting value for "interface" may be rendered into this variable - this will have an onchange action which will redirect the user to the selected interface right away
107 var $interfaceSelector_hidden; // A hidden field, if the interface is not set.
115 * Initialize the login box. Will also react on a &L=OUT flag and exit.
120 global $BE_USER,$TYPO3_CONF_VARS;
123 $this->redirect_url
= t3lib_div
::_GP('redirect_url');
124 $this->GPinterface
= t3lib_div
::_GP('interface');
125 $this->u
= t3lib_div
::_GP('u'); // preset username
126 $this->p
= t3lib_div
::_GP('p'); // preset password
127 $this->L
= t3lib_div
::_GP('L'); // If "L" is "OUT", then any logged in used is logged out. If redirect_url is given, we redirect to it
128 $this->loginRefresh
= t3lib_div
::_GP('loginRefresh'); // Login
129 $this->commandLI
= t3lib_div
::_GP('commandLI'); // Value of "Login" button. If set, the login button was pressed.
131 // Getting login labels:
132 $this->L_vars
= explode('|',$TYPO3_CONF_VARS['BE']['loginLabels']);
134 // Setting the redirect URL to "alt_main.php" if no alternative input is given:
135 $this->redirectToURL
= $this->redirect_url ?
$this->redirect_url
: 'alt_main.php';
138 if ($this->L
=='OUT' && is_object($BE_USER)) {
140 if ($this->redirect_url
) header('Location: '.t3lib_div
::locationHeaderUrl($this->redirect_url
));
146 * Main function - creating the login/logout form
151 global $TBE_TEMPLATE, $TYPO3_CONF_VARS, $BE_USER;
153 // Initialize template object:
154 $TBE_TEMPLATE->docType
='xhtml_trans';
156 // Set JavaScript for creating a MD5 hash of the password:
157 $TBE_TEMPLATE->JScode
.='
158 <script type="text/javascript" src="md5.js"></script>
159 '.$TBE_TEMPLATE->wrapScriptTags('
160 function doChallengeResponse() { //
161 password = document.loginform.p_field.value;
163 password = MD5(password); // this makes it superchallenged!!
164 str = document.loginform.username.value+":"+password+":"+document.loginform.challenge.value;
165 document.loginform.userident.value = MD5(str);
166 document.loginform.p_field.value = "";
173 // Checking, if we should make a redirect.
174 // Might set JavaScript in the header to close window.
175 $this->checkRedirect();
177 // Initialize interface selectors:
178 $this->makeInterfaceSelectorBox();
180 // Replace an optional marker in the "Administration Login" label
181 $this->L_vars
[6] = str_replace("###SITENAME###",$TYPO3_CONF_VARS['SYS']['sitename'],$this->L_vars
[6]);
183 // Creating form based on whether there is a login or not:
184 if (!$BE_USER->user
['uid']) {
185 $TBE_TEMPLATE->form
= '
186 <form action="index.php" method="post" name="loginform" onsubmit="doChallengeResponse();">
187 <input type="hidden" name="login_status" value="login" />
189 $loginForm = $this->makeLoginForm();
191 $TBE_TEMPLATE->form
= '
192 <form action="index.php" method="post" name="loginform">
193 <input type="hidden" name="login_status" value="logout" />
195 $loginForm = $this->makeLogoutForm();
200 $this->content
.=$TBE_TEMPLATE->startPage('TYPO3 Login: '.$TYPO3_CONF_VARS['SYS']['sitename']);
203 $this->content
.=$this->wrapLoginForm($loginForm);
207 <input type="hidden" name="userident" value="" />
208 <input type="hidden" name="challenge" value="'.md5(uniqid('')).'" />
209 <input type="hidden" name="redirect_url" value="'.htmlspecialchars($this->redirectToURL
).'" />
210 <input type="hidden" name="loginRefresh" value="'.htmlspecialchars($this->loginRefresh
).'" />
211 '.$this->interfaceSelector_hidden
.'
214 // This moves focus to the right input field:
215 $this->content
.=$TBE_TEMPLATE->wrapScriptTags('
217 // If the login screen is shown in the login_frameset window for re-login, then try to get the username of the current/former login from opening windows main frame:
218 if (parent.opener && parent.opener.TS && parent.opener.TS.username && document.loginform && document.loginform.username) {
219 document.loginform.username.value = parent.opener.TS.username;
222 // If for some reason there already is a username in the username for field, move focus to the password field:
223 if (document.loginform.username && document.loginform.username.value == "") {
224 document.loginform.username.focus();
225 } else if (document.loginform.p_field && document.loginform.p_field.type!="hidden") {
226 document.loginform.p_field.focus();
231 $this->content
.=$TBE_TEMPLATE->endPage();
235 * Outputting the accumulated content to screen
239 function printContent() {
251 /*****************************
255 ******************************/
258 * Creates the login form
259 * This is drawn when NO login exists.
261 * @return string HTML output
263 function makeLoginForm() {
270 <table cellspacing="0" cellpadding="0" border="0" id="logintable">
272 <td colspan="2"><h2>'.htmlspecialchars($this->L_vars
[6]).'</h2></td>
273 </tr>'.($this->commandLI ?
'
275 <td colspan="2"><p class="c-wrong">'.htmlspecialchars($this->L_vars
[9]).'</p></td>
277 <tr class="c-username">
278 <td><p class="c-username">'.htmlspecialchars($this->L_vars
[0]).':</p></td>
279 <td><input type="text" name="username" value="'.htmlspecialchars($this->u
).'" class="c-username" /></td>
281 <tr class="c-password">
282 <td><p class="c-password">'.htmlspecialchars($this->L_vars
[1]).':</p></td>
283 <td><input type="password" name="p_field" value="'.htmlspecialchars($this->p
).'" class="c-password" /></td>
284 </tr>'.($this->interfaceSelector
&& !$this->loginRefresh ?
'
285 <tr class="c-interfaceselector">
286 <td><p class="c-interfaceselector">'.htmlspecialchars($this->L_vars
[2]).':</p></td>
287 <td>'.$this->interfaceSelector
.'</td>
289 <tr class="c-submit">
291 <td><input type="submit" name="commandLI" value="'.htmlspecialchars($this->L_vars
[3]).'" class="c-submit" /></td>
294 <td colspan="2"><p class="c-info">'.htmlspecialchars($this->L_vars
[7]).'</p></td>
303 * Creates the logout form
304 * This is drawn if a user login already exists.
306 * @return string HTML output
308 function makeLogoutForm() {
317 <table cellspacing="0" cellpadding="0" border="0" id="logintable">
320 <td><h2>'.htmlspecialchars($this->L_vars
[6]).'</h2></td>
322 <tr class="c-username">
323 <td><p class="c-username">'.htmlspecialchars($this->L_vars
[0]).':</p></td>
324 <td><p class="c-username-current">'.htmlspecialchars($BE_USER->user
['username']).'</p></td>
325 </tr>'.($this->interfaceSelector_jump ?
'
326 <tr class="c-interfaceselector">
327 <td><p class="c-interfaceselector">'.htmlspecialchars($this->L_vars
[2]).':</p></td>
328 <td>'.$this->interfaceSelector_jump
.'</td>
330 <tr class="c-submit">
331 <td><input type="hidden" name="p_field" value="" /></td>
332 <td><input type="submit" name="commandLO" value="'.htmlspecialchars($this->L_vars
[4]).'" class="c-submit" /></td>
336 <td><p class="c-info">'.htmlspecialchars($this->L_vars
[7]).'</p></td>
345 * Wrapping the login form table in another set of tables etc:
347 * @param string HTML content for the login form
348 * @return string The HTML for the page.
350 function wrapLoginForm($content) {
353 $logo = $GLOBALS['TBE_STYLES']['logo_login'] ?
354 '<img src="'.htmlspecialchars($GLOBALS['BACK_PATH'].$GLOBALS['TBE_STYLES']['logo_login']).'" alt="" />' :
355 '<img'.t3lib_iconWorks
::skinImg($GLOBALS['BACK_PATH'],'gfx/typo3logo.gif','width="333" height="43"').' alt="" />';
358 $loginboxImage = $this->makeLoginBoxImage();
360 // Compile the page content:
364 Wrapper table for the login form:
366 <table cellspacing="0" cellpadding="0" border="0" id="wrapper">
368 <td class="c-wrappercell" align="center">
373 <div id="loginimage">
380 <table cellspacing="0" cellpadding="0" border="0" id="loginwrapper">
382 <td>'.$loginboxImage.'</td>
392 <div id="copyrightnotice">
393 '.$this->makeCopyrightNotice().'
396 '.$this->makeLoginNews().'
406 * Checking, if we should perform some sort of redirection OR closing of windows.
410 function checkRedirect() {
411 global $BE_USER,$TBE_TEMPLATE;
414 // If a user is logged in AND a) if either the login is just done (commandLI) or b) a loginRefresh is done or c) the interface-selector is NOT enabled (If it is on the other hand, it should not just load an interface, because people has to choose then...)
415 if ($BE_USER->user
['uid'] && ($this->commandLI ||
$this->loginRefresh ||
!$this->interfaceSelector
)) {
417 // If no cookie has been set previously we tell people that this is a problem. This assumes that a cookie-setting script (like this one) has been hit at least once prior to this instance.
418 if (!$_COOKIE[$BE_USER->name
]) {
419 t3lib_BEfunc
::typo3PrintError ('Login-error',"Yeah, that's a classic. No cookies, no TYPO3.<br /><br />Please accept cookies from TYPO3 - otherwise you'll not be able to use the system.",0);
423 // Based on specific setting of interface we set the redirect script:
424 switch ($this->GPinterface
) {
426 $this->redirectToURL
= 'alt_main.php';
429 $this->redirectToURL
= '../';
433 // If there is a redirect URL AND if loginRefresh is not set...
434 if (!$this->loginRefresh
) {
435 header('Location: '.t3lib_div
::locationHeaderUrl($this->redirectToURL
));
438 $TBE_TEMPLATE->JScode
.=$TBE_TEMPLATE->wrapScriptTags('
439 if (parent.opener && parent.opener.busy) {
440 parent.opener.busy.loginRefreshed();
445 } elseif(!$BE_USER->user
['uid'] && $this->commandLI
) {
451 * Making interface selector:
455 function makeInterfaceSelectorBox() {
456 global $TYPO3_CONF_VARS;
459 $this->interfaceSelector
= '';
460 $this->interfaceSelector_hidden
='';
461 $this->interfaceSelector_jump
= '';
462 #debug($this->redirect_url);
463 // If interfaces are defined AND no input redirect URL in GET vars:
464 if ($TYPO3_CONF_VARS['BE']['interfaces'] && !$this->redirect_url
) {
465 $parts = t3lib_div
::trimExplode(',',$TYPO3_CONF_VARS['BE']['interfaces']);
466 if (count($parts)>1) { // Only if more than one interface is defined will we show the selector:
469 $tempLabels=explode(',',$this->L_vars
[5]);
471 $labels['backend']=$tempLabels[0];
472 $labels['frontend']=$tempLabels[1];
475 $jumpScript['backend']='alt_main.php';
476 $jumpScript['frontend']='../';
478 // Traverse the interface keys:
479 foreach($parts as $valueStr) {
480 $this->interfaceSelector
.='
481 <option value="'.htmlspecialchars($valueStr).'">'.htmlspecialchars($labels[$valueStr]).'</option>';
482 $this->interfaceSelector_jump
.='
483 <option value="'.htmlspecialchars($jumpScript[$valueStr]).'">'.htmlspecialchars($labels[$valueStr]).'</option>';
485 $this->interfaceSelector
='
486 <select name="interface" class="c-interfaceselector">'.$this->interfaceSelector
.'
488 $this->interfaceSelector_jump
='
489 <select name="interface" class="c-interfaceselector" onchange="document.location=this.options[this.selectedIndex].value;">'.$this->interfaceSelector_jump
.'
492 } else { // If there is only ONE interface value set:
494 $this->interfaceSelector_hidden
='<input type="hidden" name="interface" value="'.trim($TYPO3_CONF_VARS['BE']['interfaces']).'" />';
503 * DO NOT prevent this notice from being shown in ANY WAY.
504 * According to the GPL license an interactive application must show such a notice on start-up ('If the program is interactive, make it output a short notice... ' - see GPL.txt)
505 * Therefore preventing this notice from being properly shown is a violation of the license, regardless of whether you remove it or use a stylesheet to obstruct the display.
507 * @return string Text/Image (HTML) for copyright notice.
509 function makeCopyrightNotice() {
511 // Get values from TYPO3_CONF_VARS:
512 $loginCopyrightWarrantyProvider = strip_tags(trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['loginCopyrightWarrantyProvider']));
513 $loginCopyrightWarrantyURL = strip_tags(trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['loginCopyrightWarrantyURL']));
515 // Make warranty note:
516 if (strlen($loginCopyrightWarrantyProvider)>=2 && strlen($loginCopyrightWarrantyURL)>=10) {
517 $warrantyNote='Warranty is supplied by '.htmlspecialchars($loginCopyrightWarrantyProvider).'; <a href="'.htmlspecialchars($loginCopyrightWarrantyURL).'" target="_blank">click for details.</a>';
519 $warrantyNote='TYPO3 comes with ABSOLUTELY NO WARRANTY; <a href="http://typo3.com/1316.0.html" target="_blank">click for details.</a>';
522 // Compile full copyright notice:
523 $copyrightNotice = '<a href="http://typo3.com/" target="_blank">'.
524 '<img src="gfx/loginlogo_transp.gif" width="75" height="19" alt="TYPO3 logo" align="left" />'.
525 'TYPO3 CMS'.($GLOBALS['TYPO3_CONF_VARS']['SYS']['loginCopyrightShowVersion']?
' ver. '.htmlspecialchars($GLOBALS['TYPO_VERSION']):'').
527 'Copyright © 1998-2004 Kasper Skårhøj. Extensions are copyright of their respective owners. '.
528 'Go to <a href="http://typo3.com/" target="_blank">http://typo3.com/</a> for details. '.
530 'This is free software, and you are welcome to redistribute it under certain conditions; <a href="http://typo3.com/1316.0.html" target="_blank">click for details</a>. '.
531 'Obstructing the appearance of this notice is prohibited by law.';
534 return $copyrightNotice;
538 * Returns the login box image, whether the default or an image from the rotation folder.
540 * @return string HTML image tag.
542 function makeLoginBoxImage() {
544 if ($GLOBALS['TBE_STYLES']['loginBoxImage_rotationFolder']) { // Look for rotation image folder:
545 $absPath = t3lib_div
::resolveBackPath(PATH_typo3
.$GLOBALS['TBE_STYLES']['loginBoxImage_rotationFolder']);
547 // Get rotation folder:
548 $dir = t3lib_div
::getFileAbsFileName($absPath);
549 if ($dir && @is_dir
($dir)) {
551 // Get files for rotation into array:
552 $files = t3lib_div
::getFilesInDir($dir,'png,jpg,gif');
555 srand((float) microtime() * 10000000);
556 $randImg = array_rand($files, 1);
558 // Get size of random file:
559 $imgSize = @getimagesize
($dir.$files[$randImg]);
562 if (is_array($imgSize)) {
563 $loginboxImage = '<img src="'.htmlspecialchars($GLOBALS['TBE_STYLES']['loginBoxImage_rotationFolder'].$files[$randImg]).'" '.$imgSize[3].' id="loginbox-image" alt="" />';
566 } else { // If no rotation folder configured, print default image:
567 $loginImage = 'loginbox_image_dev.png';
568 $imagecopy = $loginImage=='loginbox_image_dev.png' ?
'You are running the CVS version of TYPO3 '.$GLOBALS['TYPO_VERSION'] : 'Photo: © 2004 Kasper Skårhøj'; // Directly outputted in image attributes...
569 $loginboxImage = '<img'.t3lib_iconWorks
::skinImg($GLOBALS['BACK_PATH'],'gfx/'.$loginImage,'width="200" height="133"').' id="loginbox-image" alt="'.$imagecopy.'" title="'.$imagecopy.'" />';
573 return $loginboxImage;
577 * Make login news - renders the HTML content for a list of news shown under the login form. News data is added through $TYPO3_CONF_VARS
579 * @return string HTML content
580 * @credits Idea by Jan-Hendrik Heuing
582 function makeLoginNews() {
584 // Reset output variable:
587 // Traverse news array IF there are records in it:
588 if (is_array($GLOBALS['TYPO3_CONF_VARS']['BE']['loginNews']) && count($GLOBALS['TYPO3_CONF_VARS']['BE']['loginNews'])) {
589 foreach($GLOBALS['TYPO3_CONF_VARS']['BE']['loginNews'] as $newsItem) {
592 <td class="c-date">'.htmlspecialchars($newsItem['date']).'</td>
593 <td class="c-header">'.htmlspecialchars($newsItem['header']).'</td>
597 <td class="c-content">'.trim($newsItem['content']).'</td>
599 <tr class="c-spacer">
600 <td colspan="2"></td>
612 <h2>'.htmlspecialchars($this->L_vars
[8]).'</h2>
613 <table border="0" cellpadding="0" cellspacing="0">
625 // Include extension?
626 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE
]['XCLASS']['typo3/index.php']) {
627 include_once($TYPO3_CONF_VARS[TYPO3_MODE
]['XCLASS']['typo3/index.php']);
640 $SOBE = t3lib_div
::makeInstance('SC_index');
643 $SOBE->printContent();