[!!!][TASK] Doctrine: Simplify restriction handling
[Packages/TYPO3.CMS.git] / typo3 / sysext / felogin / Classes / Controller / FrontendLoginController.php
1 <?php
2 namespace TYPO3\CMS\Felogin\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Crypto\Random;
18 use TYPO3\CMS\Core\Database\ConnectionPool;
19 use TYPO3\CMS\Core\Database\Query\Restriction\FrontendRestrictionContainer;
20 use TYPO3\CMS\Core\Utility\GeneralUtility;
21 use TYPO3\CMS\Core\Utility\StringUtility;
22
23 /**
24 * Plugin 'Website User Login' for the 'felogin' extension.
25 */
26 class FrontendLoginController extends \TYPO3\CMS\Frontend\Plugin\AbstractPlugin
27 {
28 /**
29 * Same as class name
30 *
31 * @var string
32 */
33 public $prefixId = 'tx_felogin_pi1';
34
35 /**
36 * The extension key.
37 *
38 * @var string
39 */
40 public $extKey = 'felogin';
41
42 /**
43 * @var bool
44 */
45 public $pi_checkCHash = false;
46
47 /**
48 * @var bool
49 */
50 public $pi_USER_INT_obj = true;
51
52 /**
53 * Is user logged in?
54 *
55 * @var bool
56 */
57 protected $userIsLoggedIn;
58
59 /**
60 * Holds the template for FE rendering
61 *
62 * @var string
63 */
64 protected $template;
65
66 /**
67 * Upload directory, used for flexform template files
68 *
69 * @var string
70 */
71 protected $uploadDir;
72
73 /**
74 * URL for the redirect
75 *
76 * @var string
77 */
78 protected $redirectUrl;
79
80 /**
81 * Flag for disable the redirect
82 *
83 * @var bool
84 */
85 protected $noRedirect = false;
86
87 /**
88 * Logintype (given as GPvar), possible: login, logout
89 *
90 * @var string
91 */
92 protected $logintype;
93
94 /**
95 * A list of page UIDs, either an integer or a comma-separated list of integers
96 *
97 * @var string
98 */
99 public $spid;
100
101 /**
102 * Referrer
103 *
104 * @var string
105 */
106 public $referer;
107
108 /**
109 * The main method of the plugin
110 *
111 * @param string $content The PlugIn content
112 * @param array $conf The PlugIn configuration
113 * @return string The content that is displayed on the website
114 * @throws \RuntimeException when no storage PID was configured.
115 */
116 public function main($content, $conf)
117 {
118 // Loading TypoScript array into object variable:
119 $this->conf = $conf;
120 $this->uploadDir = 'uploads/tx_felogin/';
121 // Loading default pivars
122 $this->pi_setPiVarDefaults();
123 // Loading language-labels
124 $this->pi_loadLL('EXT:felogin/Resources/Private/Language/locallang.xlf');
125 // Init FlexForm configuration for plugin:
126 $this->pi_initPIflexForm();
127 $this->mergeflexFormValuesIntoConf();
128 // Get storage PIDs:
129 if ($this->conf['storagePid']) {
130 if ((int)$this->conf['recursive']) {
131 $this->spid = $this->pi_getPidList($this->conf['storagePid'], (int)$this->conf['recursive']);
132 } else {
133 $this->spid = $this->conf['storagePid'];
134 }
135 } else {
136 throw new \RuntimeException('No storage folder (option storagePid) for frontend users given.', 1450904202);
137 }
138 // GPvars:
139 $this->logintype = GeneralUtility::_GP('logintype');
140 $this->referer = $this->validateRedirectUrl(GeneralUtility::_GP('referer'));
141 $this->noRedirect = $this->piVars['noredirect'] || $this->conf['redirectDisable'];
142 // If config.typolinkLinkAccessRestrictedPages is set, the var is return_url
143 $returnUrl = GeneralUtility::_GP('return_url');
144 if ($returnUrl) {
145 $this->redirectUrl = $returnUrl;
146 } else {
147 $this->redirectUrl = GeneralUtility::_GP('redirect_url');
148 }
149 $this->redirectUrl = $this->validateRedirectUrl($this->redirectUrl);
150 // Get Template
151 $templateFile = $this->conf['templateFile'] ?: 'EXT:felogin/Resources/Private/Templates/FrontendLogin.html';
152 $this->template = $this->cObj->fileResource($templateFile);
153 // Is user logged in?
154 $this->userIsLoggedIn = $this->frontendController->loginUser;
155 // Redirect
156 if ($this->conf['redirectMode'] && !$this->conf['redirectDisable'] && !$this->noRedirect) {
157 $redirectUrl = $this->processRedirect();
158 if (!empty($redirectUrl)) {
159 $this->redirectUrl = $this->conf['redirectFirstMethod'] ? array_shift($redirectUrl) : array_pop($redirectUrl);
160 } else {
161 $this->redirectUrl = '';
162 }
163 }
164 // What to display
165 $content = '';
166 if ($this->piVars['forgot'] && $this->conf['showForgotPasswordLink']) {
167 $content .= $this->showForgot();
168 } elseif ($this->piVars['forgothash']) {
169 $content .= $this->changePassword();
170 } else {
171 if ($this->userIsLoggedIn && !$this->logintype) {
172 $content .= $this->showLogout();
173 } else {
174 $content .= $this->showLogin();
175 }
176 }
177 // Process the redirect
178 if (($this->logintype === 'login' || $this->logintype === 'logout') && $this->redirectUrl && !$this->noRedirect) {
179 if (!$this->frontendController->fe_user->isCookieSet() && $this->userIsLoggedIn) {
180 $content .= $this->cObj->stdWrap($this->pi_getLL('cookie_warning'), $this->conf['cookieWarning_stdWrap.']);
181 } else {
182 // Add hook for extra processing before redirect
183 if (
184 isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect']) &&
185 is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'])
186 ) {
187 $_params = array(
188 'loginType' => $this->logintype,
189 'redirectUrl' => &$this->redirectUrl
190 );
191 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'] as $_funcRef) {
192 if ($_funcRef) {
193 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
194 }
195 }
196 }
197 \TYPO3\CMS\Core\Utility\HttpUtility::redirect($this->redirectUrl);
198 }
199 }
200 // Adds hook for processing of extra item markers / special
201 if (
202 isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'])
203 && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'])
204 ) {
205 $_params = array(
206 'content' => $content
207 );
208 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'] as $_funcRef) {
209 $content = GeneralUtility::callUserFunction($_funcRef, $_params, $this);
210 }
211 }
212 return $this->conf['wrapContentInBaseClass'] ? $this->pi_wrapInBaseClass($content) : $content;
213 }
214
215 /**
216 * Shows the forgot password form
217 *
218 * @return string Content
219 */
220 protected function showForgot()
221 {
222 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_FORGOT###');
223 $subpartArray = ($linkpartArray = array());
224 $postData = GeneralUtility::_POST($this->prefixId);
225 if ($postData['forgot_email']) {
226 // Get hashes for compare
227 $postedHash = $postData['forgot_hash'];
228 $hashData = $this->frontendController->fe_user->getKey('ses', 'forgot_hash');
229 if ($postedHash === $hashData['forgot_hash']) {
230 $userTable = $this->frontendController->fe_user->user_table;
231 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
232 $queryBuilder->setRestrictions(GeneralUtility::makeInstance(FrontendRestrictionContainer::class));
233 $row = $queryBuilder
234 ->select('uid', 'username', 'password', 'email')
235 ->from($userTable)
236 ->where(
237 $queryBuilder->expr()->orX(
238 $queryBuilder->expr()->eq(
239 'email',
240 $queryBuilder->createNamedParameter($this->piVars['forgot_email'])
241 ),
242 $queryBuilder->expr()->eq(
243 'username',
244 $queryBuilder->createNamedParameter($this->piVars['forgot_email'])
245 )
246 ),
247 $queryBuilder->expr()->in('pid', GeneralUtility::intExplode(',', $this->spid))
248 )
249 ->execute()
250 ->fetch();
251
252 $error = null;
253 if ($row) {
254 // Generate an email with the hashed link
255 $error = $this->generateAndSendHash($row);
256 } elseif ($this->conf['exposeNonexistentUserInForgotPasswordDialog']) {
257 $error = $this->pi_getLL('ll_forgot_reset_message_error');
258 }
259 // Generate message
260 if ($error) {
261 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($error, $this->conf['forgotErrorMessage_stdWrap.']);
262 } else {
263 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap(
264 $this->pi_getLL('ll_forgot_reset_message_emailSent'),
265 $this->conf['forgotResetMessageEmailSentMessage_stdWrap.']
266 );
267 }
268 $subpartArray['###FORGOT_FORM###'] = '';
269 } else {
270 // Wrong email
271 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
272 $markerArray['###BACKLINK_LOGIN###'] = '';
273 }
274 } else {
275 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
276 $markerArray['###BACKLINK_LOGIN###'] = '';
277 }
278 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink($this->pi_getLL('ll_forgot_header_backToLogin', '', true), array());
279 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('forgot_header', $this->conf['forgotHeader_stdWrap.']);
280 $markerArray['###LEGEND###'] = $this->pi_getLL('legend', $this->pi_getLL('reset_password'), true);
281 $markerArray['###ACTION_URI###'] = $this->getPageLink('', array($this->prefixId . '[forgot]' => 1), true);
282 $markerArray['###EMAIL_LABEL###'] = $this->pi_getLL('your_email', '', true);
283 $markerArray['###FORGOT_PASSWORD_ENTEREMAIL###'] = $this->pi_getLL('forgot_password_enterEmail', '', true);
284 $markerArray['###FORGOT_EMAIL###'] = $this->prefixId . '[forgot_email]';
285 $markerArray['###SEND_PASSWORD###'] = $this->pi_getLL('reset_password', '', true);
286 $markerArray['###DATA_LABEL###'] = $this->pi_getLL('ll_enter_your_data', '', true);
287 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
288 // Generate hash
289 $hash = md5($this->generatePassword(3));
290 $markerArray['###FORGOTHASH###'] = $hash;
291 // Set hash in feuser session
292 $this->frontendController->fe_user->setKey('ses', 'forgot_hash', array('forgot_hash' => $hash));
293 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
294 }
295
296 /**
297 * This function checks the hash from link and checks the validity. If it's valid it shows the form for
298 * changing the password and process the change of password after submit, if not valid it returns the error message
299 *
300 * @return string The content.
301 */
302 protected function changePassword()
303 {
304 $subpartArray = ($linkpartArray = array());
305 $done = false;
306 $minLength = (int)$this->conf['newPasswordMinLength'] ?: 6;
307 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_CHANGEPASSWORD###');
308 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('change_password_header', $this->conf['changePasswordHeader_stdWrap.']);
309 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
310 'change_password_message',
311 $this->conf['changePasswordMessage_stdWrap.']
312 ), $minLength);
313
314 $markerArray['###BACKLINK_LOGIN###'] = '';
315 $uid = $this->piVars['user'];
316 $piHash = $this->piVars['forgothash'];
317 $hash = explode('|', rawurldecode($piHash));
318 if ((int)$uid === 0) {
319 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
320 'change_password_notvalid_message',
321 $this->conf['changePasswordNotValidMessage_stdWrap.']
322 );
323 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
324 } else {
325 $user = $this->pi_getRecord('fe_users', (int)$uid);
326 $userHash = $user['felogin_forgotHash'];
327 $compareHash = explode('|', $userHash);
328 if (!$compareHash || !$compareHash[1] || $compareHash[0] < time() || $hash[0] != $compareHash[0] || md5($hash[1]) != $compareHash[1]) {
329 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
330 'change_password_notvalid_message',
331 $this->conf['changePasswordNotValidMessage_stdWrap.']
332 );
333 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
334 } else {
335 // All is fine, continue with new password
336 $postData = GeneralUtility::_POST($this->prefixId);
337 if (isset($postData['changepasswordsubmit'])) {
338 if (strlen($postData['password1']) < $minLength) {
339 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
340 'change_password_tooshort_message',
341 $this->conf['changePasswordTooShortMessage_stdWrap.']),
342 $minLength
343 );
344 } elseif ($postData['password1'] != $postData['password2']) {
345 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
346 'change_password_notequal_message',
347 $this->conf['changePasswordNotEqualMessage_stdWrap.']),
348 $minLength
349 );
350 } else {
351 $newPass = $postData['password1'];
352 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
353 $_params = array(
354 'user' => $user,
355 'newPassword' => $newPass,
356 'newPasswordUnencrypted' => $newPass
357 );
358 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
359 if ($_funcRef) {
360 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
361 }
362 }
363 $newPass = $_params['newPassword'];
364 }
365
366 // Save new password and clear DB-hash
367 $userTable = $this->frontendController->fe_user->user_table;
368 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
369 $queryBuilder->getRestrictions()->removeAll();
370 $queryBuilder->update($userTable)
371 ->set('password', $newPass)
372 ->set('felogin_forgotHash', '')
373 ->set('tstamp', (int)$GLOBALS['EXEC_TIME'])
374 ->where($queryBuilder->expr()->eq('uid', (int)$user['uid']))
375 ->execute();
376
377 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
378 'change_password_done_message',
379 $this->conf['changePasswordDoneMessage_stdWrap.']
380 );
381 $done = true;
382 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
383 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(
384 $this->pi_getLL('ll_forgot_header_backToLogin', '', true),
385 array($this->prefixId . '[redirectReferrer]' => 'off')
386 );
387 }
388 }
389 if (!$done) {
390 // Change password form
391 $markerArray['###ACTION_URI###'] = $this->getPageLink('', array(
392 $this->prefixId . '[user]' => $user['uid'],
393 $this->prefixId . '[forgothash]' => $piHash
394 ), true);
395 $markerArray['###LEGEND###'] = $this->pi_getLL('change_password', '', true);
396 $markerArray['###NEWPASSWORD1_LABEL###'] = $this->pi_getLL('newpassword_label1', '', true);
397 $markerArray['###NEWPASSWORD2_LABEL###'] = $this->pi_getLL('newpassword_label2', '', true);
398 $markerArray['###NEWPASSWORD1###'] = $this->prefixId . '[password1]';
399 $markerArray['###NEWPASSWORD2###'] = $this->prefixId . '[password2]';
400 $markerArray['###STORAGE_PID###'] = $this->spid;
401 $markerArray['###SEND_PASSWORD###'] = $this->pi_getLL('change_password', '', true);
402 $markerArray['###FORGOTHASH###'] = $piHash;
403 }
404 }
405 }
406 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
407 }
408
409 /**
410 * Generates a hashed link and send it with email
411 *
412 * @param array $user Contains user data
413 * @return string Empty string with success, error message with no success
414 */
415 protected function generateAndSendHash($user)
416 {
417 $hours = (int)$this->conf['forgotLinkHashValidTime'] > 0 ? (int)$this->conf['forgotLinkHashValidTime'] : 24;
418 $validEnd = time() + 3600 * $hours;
419 $validEndString = date($this->conf['dateFormat'], $validEnd);
420 $hash = md5(GeneralUtility::makeInstance(Random::class)->generateRandomBytes(64));
421 $randHash = $validEnd . '|' . $hash;
422 $randHashDB = $validEnd . '|' . md5($hash);
423
424 // Write hash to DB
425 $userTable = $this->frontendController->fe_user->user_table;
426 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
427 $queryBuilder->getRestrictions()->removeAll();
428 $queryBuilder->update($userTable)
429 ->set('felogin_forgotHash', $randHashDB)
430 ->where($queryBuilder->expr()->eq('uid', (int)$user['uid']))
431 ->execute();
432
433 // Send hashlink to user
434 $this->conf['linkPrefix'] = -1;
435 $isAbsRefPrefix = !empty($this->frontendController->absRefPrefix);
436 $isBaseURL = !empty($this->frontendController->baseUrl);
437 $isFeloginBaseURL = !empty($this->conf['feloginBaseURL']);
438 $link = $this->pi_getPageLink($this->frontendController->id, '', array(
439 rawurlencode($this->prefixId . '[user]') => $user['uid'],
440 rawurlencode($this->prefixId . '[forgothash]') => $randHash
441 ));
442 // Prefix link if necessary
443 if ($isFeloginBaseURL) {
444 // First priority, use specific base URL
445 // "absRefPrefix" must be removed first, otherwise URL will be prepended twice
446 if ($isAbsRefPrefix) {
447 $link = substr($link, strlen($this->frontendController->absRefPrefix));
448 }
449 $link = $this->conf['feloginBaseURL'] . $link;
450 } elseif ($isAbsRefPrefix) {
451 // Second priority
452 // absRefPrefix must not necessarily contain a hostname and URL scheme, so add it if needed
453 $link = GeneralUtility::locationHeaderUrl($link);
454 } elseif ($isBaseURL) {
455 // Third priority
456 // Add the global base URL to the link
457 $link = $this->frontendController->baseUrlWrap($link);
458 } else {
459 // No prefix is set, return the error
460 return $this->pi_getLL('ll_change_password_nolinkprefix_message');
461 }
462 $msg = sprintf($this->pi_getLL('ll_forgot_validate_reset_password'), $user['username'], $link, $validEndString);
463 // Add hook for extra processing of mail message
464 if (
465 isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'])
466 && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'])
467 ) {
468 $params = array(
469 'message' => &$msg,
470 'user' => &$user
471 );
472 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'] as $reference) {
473 if ($reference) {
474 GeneralUtility::callUserFunction($reference, $params, $this);
475 }
476 }
477 }
478 if ($user['email']) {
479 $this->cObj->sendNotifyEmail($msg, $user['email'], '', $this->conf['email_from'], $this->conf['email_fromName'], $this->conf['replyTo']);
480 }
481
482 return '';
483 }
484
485 /**
486 * Shows logout form
487 *
488 * @return string The content.
489 */
490 protected function showLogout()
491 {
492 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGOUT###');
493 $subpartArray = ($linkpartArray = array());
494 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('status_header', $this->conf['logoutHeader_stdWrap.']);
495 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('status_message', $this->conf['logoutMessage_stdWrap.']);
496 $this->cObj->stdWrap($this->flexFormValue('message', 's_status'), $this->conf['logoutMessage_stdWrap.']);
497 $markerArray['###LEGEND###'] = $this->pi_getLL('logout', '', true);
498 $markerArray['###ACTION_URI###'] = $this->getPageLink('', array(), true);
499 $markerArray['###LOGOUT_LABEL###'] = $this->pi_getLL('logout', '', true);
500 $markerArray['###NAME###'] = htmlspecialchars($this->frontendController->fe_user->user['name']);
501 $markerArray['###STORAGE_PID###'] = $this->spid;
502 $markerArray['###USERNAME###'] = htmlspecialchars($this->frontendController->fe_user->user['username']);
503 $markerArray['###USERNAME_LABEL###'] = $this->pi_getLL('username', '', true);
504 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
505 $markerArray['###PREFIXID###'] = $this->prefixId;
506 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
507 if ($this->redirectUrl) {
508 // Use redirectUrl for action tag because of possible access restricted pages
509 $markerArray['###ACTION_URI###'] = htmlspecialchars($this->redirectUrl);
510 $this->redirectUrl = '';
511 }
512 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
513 }
514
515 /**
516 * Shows login form
517 *
518 * @return string Content
519 */
520 protected function showLogin()
521 {
522 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGIN###');
523 $subpartArray = ($linkpartArray = ($markerArray = array()));
524 $gpRedirectUrl = '';
525 $markerArray['###LEGEND###'] = $this->pi_getLL('oLabel_header_welcome', '', true);
526 if ($this->logintype === 'login') {
527 if ($this->userIsLoggedIn) {
528 // login success
529 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('success_header', $this->conf['successHeader_stdWrap.']);
530 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('success_message', $this->conf['successMessage_stdWrap.']);
531 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
532 $subpartArray['###LOGIN_FORM###'] = '';
533 // Hook for general actions after after login has been confirmed (by Thomas Danzl <thomas@danzl.org>)
534 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed']) {
535 $_params = array();
536 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed'] as $_funcRef) {
537 if ($_funcRef) {
538 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
539 }
540 }
541 }
542 // show logout form directly
543 if ($this->conf['showLogoutFormAfterLogin']) {
544 $this->redirectUrl = '';
545 return $this->showLogout();
546 }
547 } else {
548 // Hook for general actions on login error
549 if (
550 isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'])
551 && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'])
552 ) {
553 $params = array();
554 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'] as $funcRef) {
555 if ($funcRef) {
556 GeneralUtility::callUserFunction($funcRef, $params, $this);
557 }
558 }
559 }
560 // login error
561 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('error_header', $this->conf['errorHeader_stdWrap.']);
562 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('error_message', $this->conf['errorMessage_stdWrap.']);
563 $gpRedirectUrl = GeneralUtility::_GP('redirect_url');
564 }
565 } else {
566 if ($this->logintype === 'logout') {
567 // login form after logout
568 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('logout_header', $this->conf['logoutHeader_stdWrap.']);
569 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('logout_message', $this->conf['logoutMessage_stdWrap.']);
570 } else {
571 // login form
572 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('welcome_header', $this->conf['welcomeHeader_stdWrap.']);
573 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('welcome_message', $this->conf['welcomeMessage_stdWrap.']);
574 }
575 }
576
577 // This hook allows to call User JS functions.
578 // The methods should also set the required JS functions to get included
579 $onSubmit = '';
580 $extraHidden = '';
581 $onSubmitAr = array();
582 $extraHiddenAr = array();
583 // Check for referer redirect method. if present, save referer in form field
584 if (GeneralUtility::inList($this->conf['redirectMode'], 'referer') || GeneralUtility::inList($this->conf['redirectMode'], 'refererDomains')) {
585 $referer = $this->referer ? $this->referer : GeneralUtility::getIndpEnv('HTTP_REFERER');
586 if ($referer) {
587 $extraHiddenAr[] = '<input type="hidden" name="referer" value="' . htmlspecialchars($referer) . '" />';
588 if ($this->piVars['redirectReferrer'] === 'off') {
589 $extraHiddenAr[] = '<input type="hidden" name="' . $this->prefixId . '[redirectReferrer]" value="off" />';
590 }
591 }
592 }
593 if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'])) {
594 $_params = array();
595 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] as $funcRef) {
596 list($onSub, $hid) = GeneralUtility::callUserFunction($funcRef, $_params, $this);
597 $onSubmitAr[] = $onSub;
598 $extraHiddenAr[] = $hid;
599 }
600 }
601 if (!empty($onSubmitAr)) {
602 $onSubmit = implode('; ', $onSubmitAr) . '; return true;';
603 }
604 if (!empty($extraHiddenAr)) {
605 $extraHidden = implode(LF, $extraHiddenAr);
606 }
607 if (!$gpRedirectUrl && $this->redirectUrl) {
608 $gpRedirectUrl = $this->redirectUrl;
609 }
610 // Login form
611 $markerArray['###ACTION_URI###'] = $this->getPageLink('', array(), true);
612 // Used by kb_md5fepw extension...
613 $markerArray['###EXTRA_HIDDEN###'] = $extraHidden;
614 $markerArray['###LEGEND###'] = $this->pi_getLL('login', '', true);
615 $markerArray['###LOGIN_LABEL###'] = $this->pi_getLL('login', '', true);
616 // Used by kb_md5fepw extension...
617 $markerArray['###ON_SUBMIT###'] = $onSubmit;
618 $markerArray['###PASSWORD_LABEL###'] = $this->pi_getLL('password', '', true);
619 $markerArray['###STORAGE_PID###'] = $this->spid;
620 $markerArray['###USERNAME_LABEL###'] = $this->pi_getLL('username', '', true);
621 $markerArray['###REDIRECT_URL###'] = htmlspecialchars($gpRedirectUrl);
622 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
623 $markerArray['###PREFIXID###'] = $this->prefixId;
624 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
625 if ($this->conf['showForgotPasswordLink']) {
626 $linkpartArray['###FORGOT_PASSWORD_LINK###'] = explode('|', $this->getPageLink('|', array($this->prefixId . '[forgot]' => 1)));
627 $markerArray['###FORGOT_PASSWORD###'] = $this->pi_getLL('ll_forgot_header', '', true);
628 } else {
629 $subpartArray['###FORGOTP_VALID###'] = '';
630 }
631 // The permanent login checkbox should only be shown if permalogin is not deactivated (-1),
632 // not forced to be always active (2) and lifetime is greater than 0
633 $permalogin = (int)$GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'];
634 if (
635 $this->conf['showPermaLogin']
636 && ($permalogin === 0 || $permalogin === 1)
637 && $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'] > 0
638 ) {
639 $markerArray['###PERMALOGIN###'] = $this->pi_getLL('permalogin', '', true);
640 if ($permalogin === 1) {
641 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = 'disabled="disabled"';
642 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = 'checked="checked"';
643 } else {
644 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = '';
645 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = '';
646 }
647 } else {
648 $subpartArray['###PERMALOGIN_VALID###'] = '';
649 }
650 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
651 }
652
653 /**
654 * Process redirect methods. The function searches for a redirect url using all configured methods.
655 *
656 * @return array Redirect URLs
657 */
658 protected function processRedirect()
659 {
660 $redirect_url = array();
661 if ($this->conf['redirectMode']) {
662 $redirectMethods = GeneralUtility::trimExplode(',', $this->conf['redirectMode'], true);
663 foreach ($redirectMethods as $redirMethod) {
664 if ($this->frontendController->loginUser && $this->logintype === 'login') {
665 // Logintype is needed because the login-page wouldn't be accessible anymore after a login (would always redirect)
666 switch ($redirMethod) {
667 case 'groupLogin':
668 // taken from dkd_redirect_at_login written by Ingmar Schlecht; database-field changed
669 $groupData = $this->frontendController->fe_user->groupData;
670 if (!empty($groupData['uid'])) {
671
672 // take the first group with a redirect page
673 $userGroupTable = $this->frontendController->fe_user->usergroup_table;
674 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userGroupTable);
675 $queryBuilder->getRestrictions()->removeAll();
676 $row = $queryBuilder
677 ->select('felogin_redirectPid')
678 ->from($userGroupTable)
679 ->where(
680 $queryBuilder->expr()->neq('felogin_redirectPid', $queryBuilder->quote('')),
681 $queryBuilder->expr()->in('uid', array_map('intval', $groupData['uid']))
682 )
683 ->execute()
684 ->fetch();
685
686 if ($row) {
687 $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
688 }
689 }
690 break;
691 case 'userLogin':
692
693 $userTable = $this->frontendController->fe_user->user_table;
694 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
695 $queryBuilder->getRestrictions()->removeAll();
696 $row = $queryBuilder
697 ->select('felogin_redirectPid')
698 ->from($userTable)
699 ->where(
700 $queryBuilder->expr()->neq('felogin_redirectPid', $queryBuilder->quote('')),
701 $queryBuilder->expr()->eq(
702 $this->frontendController->fe_user->userid_column,
703 (int)$this->frontendController->fe_user->user['uid']
704 )
705 )
706 ->execute()
707 ->fetch();
708
709 if ($row) {
710 $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
711 }
712
713 break;
714 case 'login':
715 if ($this->conf['redirectPageLogin']) {
716 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogin']);
717 }
718 break;
719 case 'getpost':
720 $redirect_url[] = $this->redirectUrl;
721 break;
722 case 'referer':
723 // Avoid redirect when logging in after changing password
724 if ($this->piVars['redirectReferrer'] !== 'off') {
725 // Avoid forced logout, when trying to login immediately after a logout
726 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $this->referer);
727 }
728 break;
729 case 'refererDomains':
730 // Auto redirect.
731 // Feature to redirect to the page where the user came from (HTTP_REFERER).
732 // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
733 // Thanks to plan2.net / Martin Kutschker for implementing this feature.
734 // also avoid redirect when logging in after changing password
735 if ($this->conf['domains'] && $this->piVars['redirectReferrer'] !== 'off') {
736 $url = $this->referer;
737 // Is referring url allowed to redirect?
738 $match = array();
739 if (preg_match('#^http://([[:alnum:]._-]+)/#', $url, $match)) {
740 $redirect_domain = $match[1];
741 $found = false;
742 foreach (GeneralUtility::trimExplode(',', $this->conf['domains'], true) as $d) {
743 if (preg_match('/(?:^|\\.)' . $d . '$/', $redirect_domain)) {
744 $found = true;
745 break;
746 }
747 }
748 if (!$found) {
749 $url = '';
750 }
751 }
752 // Avoid forced logout, when trying to login immediately after a logout
753 if ($url) {
754 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url);
755 }
756 }
757 break;
758 }
759 } elseif ($this->logintype === 'login') {
760 // after login-error
761 switch ($redirMethod) {
762 case 'loginError':
763 if ($this->conf['redirectPageLoginError']) {
764 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLoginError']);
765 }
766 break;
767 }
768 } elseif ($this->logintype == '' && $redirMethod == 'login' && $this->conf['redirectPageLogin']) {
769 // If login and page not accessible
770 $this->cObj->typoLink('', array(
771 'parameter' => $this->conf['redirectPageLogin'],
772 'linkAccessRestrictedPages' => true
773 ));
774 $redirect_url[] = $this->cObj->lastTypoLinkUrl;
775 } elseif ($this->logintype == '' && $redirMethod == 'logout' && $this->conf['redirectPageLogout'] && $this->frontendController->loginUser) {
776 // If logout and page not accessible
777 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
778 } elseif ($this->logintype === 'logout') {
779 // after logout
780 // Hook for general actions after after logout has been confirmed
781 if ($this->logintype === 'logout' && $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed']) {
782 $_params = array();
783 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed'] as $_funcRef) {
784 if ($_funcRef) {
785 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
786 }
787 }
788 }
789 switch ($redirMethod) {
790 case 'logout':
791 if ($this->conf['redirectPageLogout']) {
792 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
793 }
794 break;
795 }
796 } else {
797 // not logged in
798 // Placeholder for maybe future options
799 switch ($redirMethod) {
800 case 'getpost':
801 // Preserve the get/post value
802 $redirect_url[] = $this->redirectUrl;
803 break;
804 }
805 }
806 }
807 }
808 // Remove empty values
809 if (!empty($redirect_url)) {
810 return GeneralUtility::trimExplode(',', implode(',', $redirect_url), true);
811 }
812 return array();
813 }
814
815 /**
816 * Reads flexform configuration and merge it with $this->conf
817 *
818 * @return void
819 */
820 protected function mergeflexFormValuesIntoConf()
821 {
822 $flex = array();
823 if ($this->flexFormValue('showForgotPassword', 'sDEF')) {
824 $flex['showForgotPasswordLink'] = $this->flexFormValue('showForgotPassword', 'sDEF');
825 }
826 if ($this->flexFormValue('showPermaLogin', 'sDEF')) {
827 $flex['showPermaLogin'] = $this->flexFormValue('showPermaLogin', 'sDEF');
828 }
829 if ($this->flexFormValue('showLogoutFormAfterLogin', 'sDEF')) {
830 $flex['showLogoutFormAfterLogin'] = $this->flexFormValue('showLogoutFormAfterLogin', 'sDEF');
831 }
832 if ($this->flexFormValue('pages', 'sDEF')) {
833 $flex['pages'] = $this->flexFormValue('pages', 'sDEF');
834 }
835 if ($this->flexFormValue('recursive', 'sDEF')) {
836 $flex['recursive'] = $this->flexFormValue('recursive', 'sDEF');
837 }
838 if ($this->flexFormValue('templateFile', 'sDEF')) {
839 $flex['templateFile'] = $this->uploadDir . $this->flexFormValue('templateFile', 'sDEF');
840 }
841 if ($this->flexFormValue('redirectMode', 's_redirect')) {
842 $flex['redirectMode'] = $this->flexFormValue('redirectMode', 's_redirect');
843 }
844 if ($this->flexFormValue('redirectFirstMethod', 's_redirect')) {
845 $flex['redirectFirstMethod'] = $this->flexFormValue('redirectFirstMethod', 's_redirect');
846 }
847 if ($this->flexFormValue('redirectDisable', 's_redirect')) {
848 $flex['redirectDisable'] = $this->flexFormValue('redirectDisable', 's_redirect');
849 }
850 if ($this->flexFormValue('redirectPageLogin', 's_redirect')) {
851 $flex['redirectPageLogin'] = $this->flexFormValue('redirectPageLogin', 's_redirect');
852 }
853 if ($this->flexFormValue('redirectPageLoginError', 's_redirect')) {
854 $flex['redirectPageLoginError'] = $this->flexFormValue('redirectPageLoginError', 's_redirect');
855 }
856 if ($this->flexFormValue('redirectPageLogout', 's_redirect')) {
857 $flex['redirectPageLogout'] = $this->flexFormValue('redirectPageLogout', 's_redirect');
858 }
859 $pid = $flex['pages'] ? $this->pi_getPidList($flex['pages'], $flex['recursive']) : 0;
860 if ($pid > 0) {
861 $flex['storagePid'] = $pid;
862 }
863 $this->conf = array_merge($this->conf, $flex);
864 }
865
866 /**
867 * Loads a variable from the flexform
868 *
869 * @param string $var Name of variable
870 * @param string $sheet Name of sheet
871 * @return string Value of var
872 */
873 protected function flexFormValue($var, $sheet)
874 {
875 return $this->pi_getFFvalue($this->cObj->data['pi_flexform'], $var, $sheet);
876 }
877
878 /**
879 * Generate link with typolink function
880 *
881 * @param string $label Linktext
882 * @param array $piVars Link vars
883 * @param bool $returnUrl TRUE: returns only url FALSE (default) returns the link)
884 * @return string Link or url
885 */
886 protected function getPageLink($label, $piVars, $returnUrl = false)
887 {
888 $additionalParams = '';
889 if (!empty($piVars)) {
890 foreach ($piVars as $key => $val) {
891 $additionalParams .= '&' . $key . '=' . $val;
892 }
893 }
894 // Should GETvars be preserved?
895 if ($this->conf['preserveGETvars']) {
896 $additionalParams .= $this->getPreserveGetVars();
897 }
898 $this->conf['linkConfig.']['parameter'] = $this->frontendController->id;
899 if ($additionalParams) {
900 $this->conf['linkConfig.']['additionalParams'] = $additionalParams;
901 }
902 if ($returnUrl) {
903 return htmlspecialchars($this->cObj->typoLink_URL($this->conf['linkConfig.']));
904 } else {
905 return $this->cObj->typoLink($label, $this->conf['linkConfig.']);
906 }
907 }
908
909 /**
910 * Add additional parameters for links according to TS setting preserveGETvars.
911 * Possible values are "all" or a comma separated list of allowed GET-vars.
912 * Supports multi-dimensional GET-vars.
913 * Some hardcoded values are dropped.
914 *
915 * @return string additionalParams-string
916 */
917 protected function getPreserveGetVars()
918 {
919 $getVars = GeneralUtility::_GET();
920 unset(
921 $getVars['id'],
922 $getVars['no_cache'],
923 $getVars['logintype'],
924 $getVars['redirect_url'],
925 $getVars['cHash'],
926 $getVars[$this->prefixId]
927 );
928 if ($this->conf['preserveGETvars'] === 'all') {
929 $preserveQueryParts = $getVars;
930 } else {
931 $preserveQueryParts = GeneralUtility::trimExplode(',', $this->conf['preserveGETvars']);
932 $preserveQueryParts = GeneralUtility::explodeUrl2Array(implode('=1&', $preserveQueryParts) . '=1', true);
933 $preserveQueryParts = \TYPO3\CMS\Core\Utility\ArrayUtility::intersectRecursive($getVars, $preserveQueryParts);
934 }
935 $parameters = GeneralUtility::implodeArrayForUrl('', $preserveQueryParts);
936 return $parameters;
937 }
938
939 /**
940 * Is used by forgot password - function with md5 option.
941 * @param int $len Length of new password
942 * @return string New password
943 */
944 protected function generatePassword($len)
945 {
946 $pass = '';
947 while ($len--) {
948 $char = rand(0, 35);
949 if ($char < 10) {
950 $pass .= '' . $char;
951 } else {
952 $pass .= chr($char - 10 + 97);
953 }
954 }
955 return $pass;
956 }
957
958 /**
959 * Returns the header / message value from flexform if present, else from locallang.xlf
960 *
961 * @param string $label label name
962 * @param array $stdWrapArray TS stdWrap array
963 * @return string label text
964 */
965 protected function getDisplayText($label, $stdWrapArray = array())
966 {
967 $text = $this->flexFormValue($label, 's_messages') ? $this->cObj->stdWrap($this->flexFormValue($label, 's_messages'), $stdWrapArray) : $this->cObj->stdWrap($this->pi_getLL('ll_' . $label), $stdWrapArray);
968 $replace = $this->getUserFieldMarkers();
969 return strtr($text, $replace);
970 }
971
972 /**
973 * Returns Array of markers filled with user fields
974 *
975 * @return array Marker array
976 */
977 protected function getUserFieldMarkers()
978 {
979 $marker = array();
980 // replace markers with fe_user data
981 if ($this->frontendController->fe_user->user) {
982 // All fields of fe_user will be replaced, scheme is ###FEUSER_FIELDNAME###
983 foreach ($this->frontendController->fe_user->user as $field => $value) {
984 $marker['###FEUSER_' . GeneralUtility::strtoupper($field) . '###'] = $this->cObj->stdWrap($value, $this->conf['userfields.'][$field . '.']);
985 }
986 // Add ###USER### for compatibility
987 $marker['###USER###'] = $marker['###FEUSER_USERNAME###'];
988 }
989 return $marker;
990 }
991
992 /**
993 * Returns a valid and XSS cleaned url for redirect, checked against configuration "allowedRedirectHosts"
994 *
995 * @param string $url
996 * @return string cleaned referer or empty string if not valid
997 */
998 protected function validateRedirectUrl($url)
999 {
1000 $url = strval($url);
1001 if ($url === '') {
1002 return '';
1003 }
1004 // Validate the URL:
1005 if ($this->isRelativeUrl($url) || $this->isInCurrentDomain($url) || $this->isInLocalDomain($url)) {
1006 return $url;
1007 }
1008 // URL is not allowed
1009 GeneralUtility::sysLog(sprintf($this->pi_getLL('noValidRedirectUrl'), $url), 'felogin', GeneralUtility::SYSLOG_SEVERITY_WARNING);
1010 return '';
1011 }
1012
1013 /**
1014 * Determines whether the URL is on the current host and belongs to the
1015 * current TYPO3 installation. The scheme part is ignored in the comparison.
1016 *
1017 * @param string $url URL to be checked
1018 * @return bool Whether the URL belongs to the current TYPO3 installation
1019 */
1020 protected function isInCurrentDomain($url)
1021 {
1022 $urlWithoutSchema = preg_replace('#^https?://#', '', $url);
1023 $siteUrlWithoutSchema = preg_replace('#^https?://#', '', GeneralUtility::getIndpEnv('TYPO3_SITE_URL'));
1024 return StringUtility::beginsWith($urlWithoutSchema . '/', GeneralUtility::getIndpEnv('HTTP_HOST') . '/')
1025 && StringUtility::beginsWith($urlWithoutSchema, $siteUrlWithoutSchema);
1026 }
1027
1028 /**
1029 * Determines whether the URL matches a domain
1030 * in the sys_domain database table.
1031 *
1032 * @param string $url Absolute URL which needs to be checked
1033 * @return bool Whether the URL is considered to be local
1034 */
1035 protected function isInLocalDomain($url)
1036 {
1037 $result = false;
1038 if (GeneralUtility::isValidUrl($url)) {
1039 $parsedUrl = parse_url($url);
1040 if ($parsedUrl['scheme'] === 'http' || $parsedUrl['scheme'] === 'https') {
1041 $host = $parsedUrl['host'];
1042 // Removes the last path segment and slash sequences like /// (if given):
1043 $path = preg_replace('#/+[^/]*$#', '', $parsedUrl['path']);
1044
1045 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('sys_domain');
1046 $queryBuilder->setRestrictions(GeneralUtility::makeInstance(FrontendRestrictionContainer::class));
1047 $localDomains = $queryBuilder->select('domainName')
1048 ->from('sys_domain')
1049 ->execute()
1050 ->fetchAll();
1051
1052 if (is_array($localDomains)) {
1053 foreach ($localDomains as $localDomain) {
1054 // strip trailing slashes (if given)
1055 $domainName = rtrim($localDomain['domainName'], '/');
1056 if (GeneralUtility::isFirstPartOfStr($host . $path . '/', $domainName . '/')) {
1057 $result = true;
1058 break;
1059 }
1060 }
1061 }
1062 }
1063 }
1064 return $result;
1065 }
1066
1067 /**
1068 * Determines whether the URL is relative to the
1069 * current TYPO3 installation.
1070 *
1071 * @param string $url URL which needs to be checked
1072 * @return bool Whether the URL is considered to be relative
1073 */
1074 protected function isRelativeUrl($url)
1075 {
1076 $url = GeneralUtility::sanitizeLocalUrl($url);
1077 if (!empty($url)) {
1078 $parsedUrl = @parse_url($url);
1079 if ($parsedUrl !== false && !isset($parsedUrl['scheme']) && !isset($parsedUrl['host'])) {
1080 // If the relative URL starts with a slash, we need to check if it's within the current site path
1081 return $parsedUrl['path'][0] !== '/' || GeneralUtility::isFirstPartOfStr($parsedUrl['path'], GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'));
1082 }
1083 }
1084 return false;
1085 }
1086 }