d670d11b685f43a47bf9e2f24ac4e74506486684
[Packages/TYPO3.CMS.git] / typo3 / sysext / setup / Classes / Controller / SetupModuleController.php
1 <?php
2 namespace TYPO3\CMS\Setup\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
19 use TYPO3\CMS\Backend\Backend\Avatar\DefaultAvatarProvider;
20 use TYPO3\CMS\Backend\Module\AbstractModule;
21 use TYPO3\CMS\Backend\Module\ModuleLoader;
22 use TYPO3\CMS\Backend\Utility\BackendUtility;
23 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
24 use TYPO3\CMS\Core\Database\ConnectionPool;
25 use TYPO3\CMS\Core\DataHandling\DataHandler;
26 use TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
27 use TYPO3\CMS\Core\Imaging\Icon;
28 use TYPO3\CMS\Core\Imaging\IconFactory;
29 use TYPO3\CMS\Core\Messaging\FlashMessage;
30 use TYPO3\CMS\Core\Messaging\FlashMessageService;
31 use TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException;
32 use TYPO3\CMS\Core\Resource\ResourceFactory;
33 use TYPO3\CMS\Core\Utility\GeneralUtility;
34
35 /**
36 * Script class for the Setup module
37 */
38 class SetupModuleController extends AbstractModule
39 {
40 /**
41 * Flag if password has not been updated
42 */
43 const PASSWORD_NOT_UPDATED = 0;
44
45 /**
46 * Flag if password has been updated
47 */
48 const PASSWORD_UPDATED = 1;
49
50 /**
51 * Flag if both new passwords do not match
52 */
53 const PASSWORD_NOT_THE_SAME = 2;
54
55 /**
56 * Flag if the current password given was not identical to the real
57 * current password
58 */
59 const PASSWORD_OLD_WRONG = 3;
60
61 /**
62 * @var array
63 */
64 public $MOD_MENU = [];
65
66 /**
67 * @var array
68 */
69 public $MOD_SETTINGS = [];
70
71 /**
72 * @var string
73 */
74 public $content;
75
76 /**
77 * @var array
78 */
79 public $overrideConf;
80
81 /**
82 * backend user object, set during simulate-user operation
83 *
84 * @var \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
85 */
86 public $OLD_BE_USER;
87
88 /**
89 * @var bool
90 */
91 public $languageUpdate;
92
93 /**
94 * @var bool
95 */
96 protected $pagetreeNeedsRefresh = false;
97
98 /**
99 * @var bool
100 */
101 protected $isAdmin;
102
103 /**
104 * @var array
105 */
106 protected $tsFieldConf;
107
108 /**
109 * @var bool
110 */
111 protected $saveData = false;
112
113 /**
114 * @var int
115 */
116 protected $passwordIsUpdated = self::PASSWORD_NOT_UPDATED;
117
118 /**
119 * @var bool
120 */
121 protected $passwordIsSubmitted = false;
122
123 /**
124 * @var bool
125 */
126 protected $setupIsUpdated = false;
127
128 /**
129 * @var bool
130 */
131 protected $settingsAreResetToDefault = false;
132
133 /**
134 * Form protection instance
135 *
136 * @var \TYPO3\CMS\Core\FormProtection\BackendFormProtection
137 */
138 protected $formProtection;
139
140 /**
141 * @var string
142 */
143 protected $simulateSelector = '';
144
145 /**
146 * @var int
147 */
148 protected $simUser;
149
150 /**
151 * The name of the module
152 *
153 * @var string
154 */
155 protected $moduleName = 'user_setup';
156
157 /**
158 * @var ModuleLoader
159 */
160 protected $loadModules;
161
162 /**
163 * Instantiate the form protection before a simulated user is initialized.
164 */
165 public function __construct()
166 {
167 parent::__construct();
168 $this->formProtection = FormProtectionFactory::get();
169 $pageRenderer = $this->moduleTemplate->getPageRenderer();
170 $pageRenderer->loadRequireJsModule('TYPO3/CMS/Backend/Modal');
171 $pageRenderer->loadRequireJsModule('TYPO3/CMS/Backend/FormEngine');
172 $pageRenderer->addInlineSetting('FormEngine', 'formName', 'editform');
173 $pageRenderer->addInlineLanguageLabelArray([
174 'FormEngine.remainingCharacters' => 'LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:labels.remainingCharacters',
175 ], true);
176 }
177
178 /**
179 * Getter for the form protection instance.
180 *
181 * @return \TYPO3\CMS\Core\FormProtection\BackendFormProtection
182 */
183 public function getFormProtection()
184 {
185 return $this->formProtection;
186 }
187
188 /**
189 * If settings are submitted to _POST[DATA], store them
190 * NOTICE: This method is called before the \TYPO3\CMS\Backend\Template\ModuleTemplate
191 * is included. See bottom of document.
192 */
193 public function storeIncomingData()
194 {
195 // First check if something is submitted in the data-array from POST vars
196 $d = GeneralUtility::_POST('data');
197 $columns = $GLOBALS['TYPO3_USER_SETTINGS']['columns'];
198 $beUser = $this->getBackendUser();
199 $beUserId = $beUser->user['uid'];
200 $storeRec = [];
201 $fieldList = $this->getFieldsFromShowItem();
202 if (is_array($d) && $this->formProtection->validateToken((string)GeneralUtility::_POST('formToken'), 'BE user setup', 'edit')) {
203 // UC hashed before applying changes
204 $save_before = md5(serialize($beUser->uc));
205 // PUT SETTINGS into the ->uc array:
206 // Reload left frame when switching BE language
207 if (isset($d['lang']) && $d['lang'] != $beUser->uc['lang']) {
208 $this->languageUpdate = true;
209 }
210 // Reload pagetree if the title length is changed
211 if (isset($d['titleLen']) && $d['titleLen'] !== $beUser->uc['titleLen']) {
212 $this->pagetreeNeedsRefresh = true;
213 }
214 if ($d['setValuesToDefault']) {
215 // If every value should be default
216 $beUser->resetUC();
217 $this->settingsAreResetToDefault = true;
218 } elseif ($d['save']) {
219 // Save all submitted values if they are no array (arrays are with table=be_users) and exists in $GLOBALS['TYPO3_USER_SETTINGS'][columns]
220 foreach ($columns as $field => $config) {
221 if (!in_array($field, $fieldList)) {
222 continue;
223 }
224 if ($config['table']) {
225 if ($config['table'] === 'be_users' && !in_array($field, ['password', 'password2', 'passwordCurrent', 'email', 'realName', 'admin', 'avatar'])) {
226 if (!isset($config['access']) || $this->checkAccess($config) && $beUser->user[$field] !== $d['be_users'][$field]) {
227 if ($config['type'] === 'check') {
228 $fieldValue = isset($d['be_users'][$field]) ? 1 : 0;
229 } else {
230 $fieldValue = $d['be_users'][$field];
231 }
232 $storeRec['be_users'][$beUserId][$field] = $fieldValue;
233 $beUser->user[$field] = $fieldValue;
234 }
235 }
236 }
237 if ($config['type'] === 'check') {
238 $beUser->uc[$field] = isset($d[$field]) ? 1 : 0;
239 } else {
240 $beUser->uc[$field] = htmlspecialchars($d[$field]);
241 }
242 }
243 // Personal data for the users be_user-record (email, name, password...)
244 // If email and name is changed, set it in the users record:
245 $be_user_data = $d['be_users'];
246 // Possibility to modify the transmitted values. Useful to do transformations, like RSA password decryption
247 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['modifyUserDataBeforeSave'])) {
248 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['modifyUserDataBeforeSave'] as $function) {
249 $params = ['be_user_data' => &$be_user_data];
250 GeneralUtility::callUserFunction($function, $params, $this);
251 }
252 }
253 $this->passwordIsSubmitted = (string)$be_user_data['password'] !== '';
254 $passwordIsConfirmed = $this->passwordIsSubmitted && $be_user_data['password'] === $be_user_data['password2'];
255 // Update the real name:
256 if ($be_user_data['realName'] !== $beUser->user['realName']) {
257 $beUser->user['realName'] = ($storeRec['be_users'][$beUserId]['realName'] = substr($be_user_data['realName'], 0, 80));
258 }
259 // Update the email address:
260 if ($be_user_data['email'] !== $beUser->user['email']) {
261 $beUser->user['email'] = ($storeRec['be_users'][$beUserId]['email'] = substr($be_user_data['email'], 0, 80));
262 }
263 // Update the password:
264 if ($passwordIsConfirmed) {
265 $currentPasswordHashed = $GLOBALS['BE_USER']->user['password'];
266 $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($currentPasswordHashed);
267 if ($saltFactory->checkPassword($be_user_data['passwordCurrent'], $currentPasswordHashed)) {
268 $this->passwordIsUpdated = self::PASSWORD_UPDATED;
269 $storeRec['be_users'][$beUserId]['password'] = $be_user_data['password'];
270 } else {
271 $this->passwordIsUpdated = self::PASSWORD_OLD_WRONG;
272 }
273 } else {
274 $this->passwordIsUpdated = self::PASSWORD_NOT_THE_SAME;
275 }
276
277 $this->setAvatarFileUid($beUserId, $be_user_data['avatar'], $storeRec);
278
279 $this->saveData = true;
280 }
281 // Inserts the overriding values.
282 $beUser->overrideUC();
283 $save_after = md5(serialize($beUser->uc));
284 // If something in the uc-array of the user has changed, we save the array...
285 if ($save_before != $save_after) {
286 $beUser->writeUC($beUser->uc);
287 $beUser->writelog(254, 1, 0, 1, 'Personal settings changed', []);
288 $this->setupIsUpdated = true;
289 }
290 // Persist data if something has changed:
291 if (!empty($storeRec) && $this->saveData) {
292 // Make instance of TCE for storing the changes.
293 /** @var DataHandler $dataHandler */
294 $dataHandler = GeneralUtility::makeInstance(DataHandler::class);
295 // This is so the user can actually update his user record.
296 $isAdmin = $beUser->user['admin'];
297 $beUser->user['admin'] = 1;
298 $dataHandler->start($storeRec, [], $beUser);
299 // This is to make sure that the users record can be updated even if in another workspace. This is tolerated.
300 $dataHandler->bypassWorkspaceRestrictions = true;
301 $dataHandler->process_datamap();
302 unset($tce);
303 if ($this->passwordIsUpdated === self::PASSWORD_NOT_UPDATED || count($storeRec['be_users'][$beUserId]) > 1) {
304 $this->setupIsUpdated = true;
305 }
306 // Restore admin status after processing
307 $beUser->user['admin'] = $isAdmin;
308
309 BackendUtility::setUpdateSignal('updateTopbar');
310 }
311 }
312 }
313
314 /******************************
315 *
316 * Rendering module
317 *
318 ******************************/
319 /**
320 * Initializes the module for display of the settings form.
321 */
322 public function init()
323 {
324 $this->getLanguageService()->includeLLFile('EXT:setup/Resources/Private/Language/locallang.xlf');
325
326 // Returns the script user - that is the REAL logged in user! ($GLOBALS[BE_USER] might be another user due to simulation!)
327 $scriptUser = $this->getRealScriptUserObj();
328
329 $this->isAdmin = $scriptUser->isAdmin();
330 // Getting the 'override' values as set might be set in User TSconfig
331 $this->overrideConf = $this->getBackendUser()->getTSConfigProp('setup.override');
332 // Getting the disabled fields might be set in User TSconfig (eg setup.fields.password.disabled=1)
333 $this->tsFieldConf = $this->getBackendUser()->getTSConfigProp('setup.fields');
334 // id password is disabled, disable repeat of password too (password2)
335 if (isset($this->tsFieldConf['password.']) && $this->tsFieldConf['password.']['disabled']) {
336 $this->tsFieldConf['password2.']['disabled'] = 1;
337 $this->tsFieldConf['passwordCurrent.']['disabled'] = 1;
338 }
339 }
340
341 /**
342 * Generate necessary JavaScript
343 *
344 * @return string
345 */
346 protected function getJavaScript()
347 {
348 $javaScript = '';
349 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['setupScriptHook'])) {
350 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['setupScriptHook'] as $function) {
351 $params = [];
352 $javaScript .= GeneralUtility::callUserFunction($function, $params, $this);
353 }
354 }
355 return $javaScript;
356 }
357
358 /**
359 * Generate the main settings form:
360 */
361 public function main()
362 {
363 $this->content .= '<form action="' . BackendUtility::getModuleUrl('user_setup') . '" method="post" id="SetupModuleController" name="usersetup" enctype="multipart/form-data">';
364 if ($this->languageUpdate) {
365 $this->moduleTemplate->addJavaScriptCode('languageUpdate', '
366 if (top && top.TYPO3.ModuleMenu.App) {
367 top.TYPO3.ModuleMenu.App.refreshMenu();
368 }
369 ');
370 }
371 if ($this->pagetreeNeedsRefresh) {
372 BackendUtility::setUpdateSignal('updatePageTree');
373 }
374 // Start page:
375 $this->moduleTemplate->getPageRenderer()->addJsFile('EXT:backend/Resources/Public/JavaScript/md5.js');
376 // Use a wrapper div
377 $this->content .= '<div id="user-setup-wrapper">';
378 // Load available backend modules
379 $this->loadModules = GeneralUtility::makeInstance(ModuleLoader::class);
380 $this->loadModules->observeWorkspaces = true;
381 $this->loadModules->load($GLOBALS['TBE_MODULES']);
382 $this->content .= $this->moduleTemplate->header($this->getLanguageService()->getLL('UserSettings'));
383 $this->addFlashMessages();
384
385 // Render user switch
386 $this->content .= $this->renderSimulateUserSelectAndLabel();
387
388 // Render the menu items
389 $menuItems = $this->renderUserSetup();
390 $this->content .= $this->moduleTemplate->getDynamicTabMenu($menuItems, 'user-setup', 1, false, false);
391 $formToken = $this->formProtection->generateToken('BE user setup', 'edit');
392 $this->content .= '<div>';
393 $this->content .= '<input type="hidden" name="simUser" value="' . (int)$this->simUser . '" />
394 <input type="hidden" name="formToken" value="' . htmlspecialchars($formToken) . '" />
395 <input type="hidden" value="1" name="data[save]" />
396 <input type="hidden" name="data[setValuesToDefault]" value="0" id="setValuesToDefault" />';
397 $this->content .= '</div>';
398 // End of wrapper div
399 $this->content .= '</div>';
400 // Setting up the buttons and markers for docheader
401 $this->getButtons();
402 // Build the <body> for the module
403 // Renders the module page
404 $this->moduleTemplate->setContent($this->content);
405 $this->content .= '</form>';
406 }
407
408 /**
409 * Injects the request object for the current request or subrequest
410 * Simply calls main() and init() and writes the content to the response
411 *
412 * @param ServerRequestInterface $request the current request
413 * @param ResponseInterface $response
414 * @return ResponseInterface the response with the content
415 */
416 public function mainAction(ServerRequestInterface $request, ResponseInterface $response)
417 {
418 $GLOBALS['SOBE'] = $this;
419 $this->simulateUser();
420 $this->init();
421 $this->storeIncomingData();
422 $this->main();
423
424 $response->getBody()->write($this->moduleTemplate->renderContent());
425 return $response;
426 }
427
428 /**
429 * Create the panel of buttons for submitting the form or otherwise perform operations.
430 */
431 protected function getButtons()
432 {
433 $buttonBar = $this->moduleTemplate->getDocHeaderComponent()->getButtonBar();
434 $cshButton = $buttonBar->makeHelpButton()
435 ->setModuleName('_MOD_user_setup')
436 ->setFieldName('');
437 $buttonBar->addButton($cshButton);
438
439 $saveButton = $buttonBar->makeInputButton()
440 ->setName('data[save]')
441 ->setTitle($this->getLanguageService()->sL('LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:rm.saveDoc'))
442 ->setValue('1')
443 ->setForm('SetupModuleController')
444 ->setShowLabelText(true)
445 ->setIcon($this->moduleTemplate->getIconFactory()->getIcon('actions-document-save', Icon::SIZE_SMALL));
446
447 $buttonBar->addButton($saveButton);
448 $shortcutButton = $buttonBar->makeShortcutButton()
449 ->setModuleName($this->moduleName);
450 $buttonBar->addButton($shortcutButton);
451 }
452
453 /******************************
454 *
455 * Render module
456 *
457 ******************************/
458
459 /**
460 * renders the data for all tabs in the user setup and returns
461 * everything that is needed with tabs and dyntab menu
462 *
463 * @return array Ready to use for the dyntabmenu itemarray
464 */
465 protected function renderUserSetup()
466 {
467 $html = '';
468 $result = [];
469 $firstTabLabel = '';
470 $code = [];
471 $fieldArray = $this->getFieldsFromShowItem();
472 $tabLabel = '';
473 foreach ($fieldArray as $fieldName) {
474 $config = $GLOBALS['TYPO3_USER_SETTINGS']['columns'][$fieldName];
475 if (isset($config['access']) && !$this->checkAccess($config)) {
476 continue;
477 }
478
479 if (substr($fieldName, 0, 8) === '--div--;') {
480 if ($firstTabLabel === '') {
481 // First tab
482 $tabLabel = $this->getLabel(substr($fieldName, 8), '', false);
483 $firstTabLabel = $tabLabel;
484 } else {
485 $result[] = [
486 'label' => $tabLabel,
487 'content' => count($code) ? implode(LF, $code) : ''
488 ];
489 $tabLabel = $this->getLabel(substr($fieldName, 8), '', false);
490 $code = [];
491 }
492 continue;
493 }
494 $label = $this->getLabel($config['label'], $fieldName);
495 $label = $this->getCSH($config['csh'] ?: $fieldName, $label);
496 $type = $config['type'];
497 $class = $config['class'];
498 if ($type !== 'check') {
499 $class .= ' form-control';
500 }
501 $more = '';
502 if ($class) {
503 $more .= ' class="' . htmlspecialchars($class) . '"';
504 }
505 $style = $config['style'];
506 if ($style) {
507 $more .= ' style="' . htmlspecialchars($style) . '"';
508 }
509 if (isset($this->overrideConf[$fieldName])) {
510 $more .= ' disabled="disabled"';
511 }
512 $value = $config['table'] === 'be_users' ? $this->getBackendUser()->user[$fieldName] : $this->getBackendUser()->uc[$fieldName];
513 if (!$value && isset($config['default'])) {
514 $value = $config['default'];
515 }
516 $dataAdd = '';
517 if ($config['table'] === 'be_users') {
518 $dataAdd = '[be_users]';
519 }
520
521 switch ($type) {
522 case 'text':
523 case 'email':
524 case 'password':
525 $noAutocomplete = '';
526
527 $maxLength = $config['max'] ?? 0;
528 if ((int)$maxLength > 0) {
529 $more .= ' maxlength="' . (int)$maxLength . '"';
530 }
531
532 if ($type === 'password') {
533 $value = '';
534 $noAutocomplete = 'autocomplete="off" ';
535 $more .= ' data-rsa-encryption=""';
536 }
537 $html = '<input id="field_' . htmlspecialchars($fieldName) . '"
538 type="' . htmlspecialchars($type) . '"
539 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']" ' .
540 $noAutocomplete .
541 'value="' . htmlspecialchars($value) . '" ' .
542 $more .
543 ' />';
544 break;
545 case 'check':
546 $html = $label . '<div class="checkbox"><label><input id="field_' . htmlspecialchars($fieldName) . '"
547 type="checkbox"
548 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' .
549 ($value ? ' checked="checked"' : '') .
550 $more .
551 ' /></label></div>';
552 $label = '';
553 break;
554 case 'select':
555 if ($config['itemsProcFunc']) {
556 $html = GeneralUtility::callUserFunction($config['itemsProcFunc'], $config, $this);
557 } else {
558 $html = '<select id="field_' . htmlspecialchars($fieldName) . '"
559 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' .
560 $more . '>' . LF;
561 foreach ($config['items'] as $key => $optionLabel) {
562 $html .= '<option value="' . htmlspecialchars($key) . '"' . ($value == $key ? ' selected="selected"' : '') . '>' . $this->getLabel($optionLabel, '', false) . '</option>' . LF;
563 }
564 $html .= '</select>';
565 }
566 break;
567 case 'user':
568 $html = GeneralUtility::callUserFunction($config['userFunc'], $config, $this);
569 break;
570 case 'button':
571 if ($config['onClick']) {
572 $onClick = $config['onClick'];
573 if ($config['onClickLabels']) {
574 foreach ($config['onClickLabels'] as $key => $labelclick) {
575 $config['onClickLabels'][$key] = $this->getLabel($labelclick, '', false);
576 }
577 $onClick = vsprintf($onClick, $config['onClickLabels']);
578 }
579 $html = '<br><input class="btn btn-default" type="button"
580 value="' . $this->getLabel($config['buttonlabel'], '', false) . '"
581 onclick="' . $onClick . '" />';
582 }
583 if (!empty($config['confirm'])) {
584 $confirmData = $config['confirmData'];
585 $html = '<br><input class="btn btn-default t3js-modal-trigger" type="button"'
586 . ' value="' . $this->getLabel($config['buttonlabel'], '', false) . '"'
587 . ' data-href="javascript:' . htmlspecialchars($confirmData['jsCodeAfterOk']) . '"'
588 . ' data-severity="warning"'
589 . ' data-title="' . $this->getLabel($config['label'], '', false) . '"'
590 . ' data-content="' . $this->getLabel($confirmData['message'], '', false) . '" />';
591 }
592 break;
593 case 'avatar':
594 // Get current avatar image
595 $html = '<br>';
596 $avatarFileUid = $this->getAvatarFileUid($this->getBackendUser()->user['uid']);
597
598 if ($avatarFileUid) {
599 $defaultAvatarProvider = GeneralUtility::makeInstance(DefaultAvatarProvider::class);
600 $avatarImage = $defaultAvatarProvider->getImage($this->getBackendUser()->user, 32);
601 if ($avatarImage) {
602 $icon = '<span class="avatar"><span class="avatar-image">' .
603 '<img src="' . htmlspecialchars($avatarImage->getUrl(true)) . '"' .
604 ' width="' . (int)$avatarImage->getWidth() . '" ' .
605 'height="' . (int)$avatarImage->getHeight() . '" />' .
606 '</span></span>';
607 $html .= '<span class="pull-left" style="padding-right: 10px" id="image_' . htmlspecialchars($fieldName) . '">' . $icon . ' </span>';
608 }
609 }
610 $html .= '<input id="field_' . htmlspecialchars($fieldName) . '" type="hidden" ' .
611 'name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' . $more .
612 ' value="' . (int)$avatarFileUid . '" />';
613
614 $html .= '<div class="btn-group">';
615 $iconFactory = GeneralUtility::makeInstance(IconFactory::class);
616 if ($avatarFileUid) {
617 $html .=
618 '<a id="clear_button_' . htmlspecialchars($fieldName) . '" '
619 . 'onclick="clearExistingImage(); return false;" class="btn btn-default">'
620 . $iconFactory->getIcon('actions-delete', Icon::SIZE_SMALL)
621 . '</a>';
622 }
623 $html .=
624 '<a id="add_button_' . htmlspecialchars($fieldName) . '" class="btn btn-default btn-add-avatar"'
625 . ' onclick="openFileBrowser();return false;">'
626 . $iconFactory->getIcon('actions-insert-record', Icon::SIZE_SMALL)
627 . '</a></div>';
628
629 $this->addAvatarButtonJs($fieldName);
630 break;
631 default:
632 $html = '';
633 }
634
635 $code[] = '<div class="form-section"><div class="row"><div class="form-group t3js-formengine-field-item col-md-12">' .
636 $label .
637 $html .
638 '</div></div></div>';
639 }
640
641 $result[] = [
642 'label' => $tabLabel,
643 'content' => count($code) ? implode(LF, $code) : ''
644 ];
645 return $result;
646 }
647
648 /******************************
649 *
650 * Helper functions
651 *
652 ******************************/
653 /**
654 * Returns the backend user object, either the global OR the $this->OLD_BE_USER which is set during simulate-user operation.
655 * Anyway: The REAL user is returned - the one logged in.
656 *
657 * @return BackendUserAuthentication The REAL user is returned - the one logged in.
658 */
659 protected function getRealScriptUserObj()
660 {
661 return is_object($this->OLD_BE_USER) ? $this->OLD_BE_USER : $this->getBackendUser();
662 }
663
664 /**
665 * Return a select with available languages
666 *
667 * @return string Complete select as HTML string or warning box if something went wrong.
668 */
669 public function renderLanguageSelect()
670 {
671 $languageOptions = [];
672 // Compile the languages dropdown
673 $langDefault = htmlspecialchars($this->getLanguageService()->getLL('lang_default'));
674 $languageOptions[$langDefault] = '<option value=""' . ($this->getBackendUser()->uc['lang'] === '' ? ' selected="selected"' : '') . '>' . $langDefault . '</option>';
675 // Traverse the number of languages
676 /** @var $locales \TYPO3\CMS\Core\Localization\Locales */
677 $locales = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Localization\Locales::class);
678 $languages = $locales->getLanguages();
679 foreach ($languages as $locale => $name) {
680 if ($locale !== 'default') {
681 $defaultName = isset($GLOBALS['LOCAL_LANG']['default']['lang_' . $locale]) ? $GLOBALS['LOCAL_LANG']['default']['lang_' . $locale][0]['source'] : $name;
682 $localizedName = htmlspecialchars($this->getLanguageService()->getLL('lang_' . $locale));
683 if ($localizedName === '') {
684 $localizedName = htmlspecialchars($name);
685 }
686 $localLabel = ' - [' . htmlspecialchars($defaultName) . ']';
687 $available = is_dir(PATH_typo3conf . 'l10n/' . $locale);
688 if ($available) {
689 $languageOptions[$defaultName] = '<option value="' . $locale . '"' . ($this->getBackendUser()->uc['lang'] === $locale ? ' selected="selected"' : '') . '>' . $localizedName . $localLabel . '</option>';
690 }
691 }
692 }
693 ksort($languageOptions);
694 $languageCode = '
695 <select id="field_lang" name="data[lang]" class="form-control">' . implode('', $languageOptions) . '
696 </select>';
697 if ($this->getBackendUser()->uc['lang'] && !@is_dir((PATH_typo3conf . 'l10n/' . $this->getBackendUser()->uc['lang']))) {
698 // TODO: The text constants have to be moved into language files
699 $languageUnavailableWarning = 'The selected language "' . htmlspecialchars($this->getLanguageService()->getLL('lang_' . $this->getBackendUser()->uc['lang'])) . '" is not available before the language files are installed.&nbsp;&nbsp;<br />&nbsp;&nbsp;' . ($this->getBackendUser()->isAdmin() ? 'You can use the Language module to easily download new language files.' : 'Please ask your system administrator to do this.');
700 $languageCode = '<br /><span class="label label-danger">' . $languageUnavailableWarning . '</span><br /><br />' . $languageCode;
701 }
702 return $languageCode;
703 }
704
705 /**
706 * Returns a select with all modules for startup
707 *
708 * @param array $params
709 * @param SetupModuleController $pObj
710 *
711 * @return string Complete select as HTML string
712 */
713 public function renderStartModuleSelect($params, $pObj)
714 {
715 // Load available backend modules
716 $this->loadModules = GeneralUtility::makeInstance(ModuleLoader::class);
717 $this->loadModules->observeWorkspaces = true;
718 $this->loadModules->load($GLOBALS['TBE_MODULES']);
719 $startModuleSelect = '<option value="">' . htmlspecialchars($this->getLanguageService()->getLL('startModule.firstInMenu')) . '</option>';
720 foreach ($pObj->loadModules->modules as $mainMod => $modData) {
721 if (!empty($modData['sub']) && is_array($modData['sub'])) {
722 $modules = '';
723 foreach ($modData['sub'] as $subData) {
724 $modName = $subData['name'];
725 $modules .= '<option value="' . htmlspecialchars($modName) . '"';
726 $modules .= $this->getBackendUser()->uc['startModule'] === $modName ? ' selected="selected"' : '';
727 $modules .= '>' . htmlspecialchars($this->getLanguageService()->sL($this->loadModules->getLabelsForModule($modName)['title'])) . '</option>';
728 }
729 $groupLabel = htmlspecialchars($this->getLanguageService()->sL($this->loadModules->getLabelsForModule($mainMod)['title']));
730 $startModuleSelect .= '<optgroup label="' . htmlspecialchars($groupLabel) . '">' . $modules . '</optgroup>';
731 }
732 }
733 return '<select id="field_startModule" name="data[startModule]" class="form-control">' . $startModuleSelect . '</select>';
734 }
735
736 /**
737 * Will make the simulate-user selector if the logged in user is administrator.
738 * It will also set the GLOBAL(!) BE_USER to the simulated user selected if any (and set $this->OLD_BE_USER to logged in user)
739 */
740 public function simulateUser()
741 {
742 // If admin, allow simulation of another user
743 $this->simUser = 0;
744 $this->simulateSelector = '';
745 unset($this->OLD_BE_USER);
746 if ($this->getBackendUser()->isAdmin()) {
747 $this->simUser = (int)GeneralUtility::_GP('simUser');
748 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_users');
749 $users = $queryBuilder
750 ->select('*')
751 ->from('be_users')
752 ->where(
753 $queryBuilder->expr()->neq(
754 'uid',
755 $queryBuilder->createNamedParameter($this->getBackendUser()->user['uid'], \PDO::PARAM_INT)
756 ),
757 $queryBuilder->expr()->notLike(
758 'username',
759 $queryBuilder->createNamedParameter(
760 $queryBuilder->escapeLikeWildcards('_cli_') . '%',
761 \PDO::PARAM_STR
762 )
763 )
764 )
765 ->orderBy('username')
766 ->execute()
767 ->fetchAll();
768 $opt = [];
769 foreach ($users as $rr) {
770 $label = $rr['username'] . ($rr['realName'] ? ' (' . $rr['realName'] . ')' : '');
771 $opt[] = '<option value="' . (int)$rr['uid'] . '"' . ($this->simUser === (int)$rr['uid'] ? ' selected="selected"' : '') . '>' . htmlspecialchars($label) . '</option>';
772 }
773 if (!empty($opt)) {
774 $this->simulateSelector = '<select id="field_simulate" class="form-control" name="simulateUser" onchange="window.location.href=' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('user_setup') . '&simUser=') . '+this.options[this.selectedIndex].value;"><option></option>' . implode('', $opt) . '</select>';
775 }
776 }
777 // This can only be set if the previous code was executed.
778 if ($this->simUser > 0) {
779 // Save old user...
780 $this->OLD_BE_USER = $this->getBackendUser();
781 unset($GLOBALS['BE_USER']);
782 // Unset current
783 // New backend user object
784 $BE_USER = GeneralUtility::makeInstance(BackendUserAuthentication::class);
785 $BE_USER->setBeUserByUid($this->simUser);
786 $BE_USER->fetchGroupData();
787 $BE_USER->backendSetUC();
788 // Must do this, because unsetting $BE_USER before apparently unsets the reference to the global variable by this name!
789 $GLOBALS['BE_USER'] = $BE_USER;
790 }
791 }
792
793 /**
794 * Render simulate user select and label
795 *
796 * @return string
797 */
798 protected function renderSimulateUserSelectAndLabel()
799 {
800 if ($this->simulateSelector === '') {
801 return '';
802 }
803
804 return '<div class="form-inline"><div class="form-group"><p>'
805 . '<label for="field_simulate" style="margin-right: 20px;">'
806 . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:setup/Resources/Private/Language/locallang.xlf:simulate'))
807 . '</label>'
808 . $this->simulateSelector
809 . '</p></div></div>';
810 }
811
812 /**
813 * Returns access check (currently only "admin" is supported)
814 *
815 * @param array $config Configuration of the field, access mode is defined in key 'access'
816 * @return bool Whether it is allowed to modify the given field
817 */
818 protected function checkAccess(array $config)
819 {
820 $access = $config['access'];
821
822 if (isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['setup']['accessLevelCheck'][$access])) {
823 if (class_exists($access)) {
824 $accessObject = GeneralUtility::makeInstance($access);
825 if (method_exists($accessObject, 'accessLevelCheck')) {
826 // Initialize vars. If method fails, $set will be set to FALSE
827 return $accessObject->accessLevelCheck($config);
828 }
829 }
830 } elseif ($access === 'admin') {
831 return $this->isAdmin;
832 }
833
834 return false;
835 }
836
837 /**
838 * Returns the label $str from getLL() and grays out the value if the $str/$key is found in $this->overrideConf array
839 *
840 * @param string $str Locallang key
841 * @param string $key Alternative override-config key
842 * @param bool $addLabelTag Defines whether the string should be wrapped in a <label> tag.
843 * @return string HTML output.
844 */
845 protected function getLabel($str, $key = '', $addLabelTag = true)
846 {
847 if (substr($str, 0, 4) === 'LLL:') {
848 $out = htmlspecialchars($this->getLanguageService()->sL($str));
849 } else {
850 $out = htmlspecialchars($str);
851 }
852 if (isset($this->overrideConf[$key ?: $str])) {
853 $out = '<span style="color:#999999">' . $out . '</span>';
854 }
855 if ($addLabelTag) {
856 $out = '<label>' . $out . '</label>';
857 }
858 return $out;
859 }
860
861 /**
862 * Returns the CSH Icon for given string
863 *
864 * @param string $str Locallang key
865 * @param string $label The label to be used, that should be wrapped in help
866 * @return string HTML output.
867 */
868 protected function getCSH($str, $label)
869 {
870 $context = '_MOD_user_setup';
871 $field = $str;
872 $strParts = explode(':', $str);
873 if (count($strParts) > 1) {
874 // Setting comes from another extension
875 $context = $strParts[0];
876 $field = $strParts[1];
877 } elseif ($str !== 'language' && $str !== 'simuser' && $str !== 'reset') {
878 $field = 'option_' . $str;
879 }
880 return BackendUtility::wrapInHelp($context, $field, $label);
881 }
882
883 /**
884 * Returns array with fields defined in $GLOBALS['TYPO3_USER_SETTINGS']['showitem']
885 * Remove fields which are disabled by user TSconfig
886 *
887 * @return string[] Array with field names visible in form
888 */
889 protected function getFieldsFromShowItem()
890 {
891 $allowedFields = GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_USER_SETTINGS']['showitem'], true);
892 if (!is_array($this->tsFieldConf)) {
893 return $allowedFields;
894 }
895 foreach ($this->tsFieldConf as $fieldName => $userTsFieldConfig) {
896 if (!empty($userTsFieldConfig['disabled'])) {
897 $fieldName = rtrim($fieldName, '.');
898 $key = array_search($fieldName, $allowedFields);
899 if ($key !== false) {
900 unset($allowedFields[$key]);
901 }
902 }
903 }
904 return $allowedFields;
905 }
906
907 /**
908 * Get Avatar fileUid
909 *
910 * @param int $beUserId
911 * @return int
912 */
913 protected function getAvatarFileUid($beUserId)
914 {
915 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('sys_file_reference');
916 $file = $queryBuilder
917 ->select('uid_local')
918 ->from('sys_file_reference')
919 ->where(
920 $queryBuilder->expr()->eq(
921 'tablenames',
922 $queryBuilder->createNamedParameter('be_users', \PDO::PARAM_STR)
923 ),
924 $queryBuilder->expr()->eq(
925 'fieldname',
926 $queryBuilder->createNamedParameter('avatar', \PDO::PARAM_STR)
927 ),
928 $queryBuilder->expr()->eq(
929 'table_local',
930 $queryBuilder->createNamedParameter('sys_file', \PDO::PARAM_STR)
931 ),
932 $queryBuilder->expr()->eq(
933 'uid_foreign',
934 $queryBuilder->createNamedParameter($beUserId, \PDO::PARAM_INT)
935 )
936 )
937 ->execute()
938 ->fetchColumn();
939 return (int)$file;
940 }
941
942 /**
943 * Set avatar fileUid for backend user
944 *
945 * @param int $beUserId
946 * @param int $fileUid
947 * @param array $storeRec
948 */
949 protected function setAvatarFileUid($beUserId, $fileUid, array &$storeRec)
950 {
951
952 // Update is only needed when new fileUid is set
953 if ((int)$fileUid === $this->getAvatarFileUid($beUserId)) {
954 return;
955 }
956
957 // If user is not allowed to modify avatar $fileUid is empty - so don't overwrite existing avatar
958 if (empty($fileUid)) {
959 return;
960 }
961
962 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('sys_file_reference');
963 $queryBuilder->getRestrictions()->removeAll();
964 $queryBuilder
965 ->delete('sys_file_reference')
966 ->where(
967 $queryBuilder->expr()->eq(
968 'tablenames',
969 $queryBuilder->createNamedParameter('be_users', \PDO::PARAM_STR)
970 ),
971 $queryBuilder->expr()->eq(
972 'fieldname',
973 $queryBuilder->createNamedParameter('avatar', \PDO::PARAM_STR)
974 ),
975 $queryBuilder->expr()->eq(
976 'table_local',
977 $queryBuilder->createNamedParameter('sys_file', \PDO::PARAM_STR)
978 ),
979 $queryBuilder->expr()->eq(
980 'uid_foreign',
981 $queryBuilder->createNamedParameter($beUserId, \PDO::PARAM_INT)
982 )
983 )
984 ->execute();
985
986 // If Avatar is marked for delete => set it to empty string so it will be updated properly
987 if ($fileUid === 'delete') {
988 $fileUid = '';
989 }
990
991 // Create new reference
992 if ($fileUid) {
993
994 // Get file object
995 try {
996 $file = ResourceFactory::getInstance()->getFileObject($fileUid);
997 } catch (FileDoesNotExistException $e) {
998 $file = false;
999 }
1000
1001 // Check if user is allowed to use the image (only when not in simulation mode)
1002 if ($file && $this->simUser === 0 && !$file->getStorage()->checkFileActionPermission('read', $file)) {
1003 $file = false;
1004 }
1005
1006 // Check if extension is allowed
1007 if ($file && GeneralUtility::inList($GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext'], $file->getExtension())) {
1008
1009 // Create new file reference
1010 $storeRec['sys_file_reference']['NEW1234'] = [
1011 'uid_local' => (int)$fileUid,
1012 'uid_foreign' => (int)$beUserId,
1013 'tablenames' => 'be_users',
1014 'fieldname' => 'avatar',
1015 'pid' => 0,
1016 'table_local' => 'sys_file',
1017 ];
1018 $storeRec['be_users'][(int)$beUserId]['avatar'] = 'NEW1234';
1019 }
1020 }
1021 }
1022
1023 /**
1024 * Add JavaScript to for browse files button
1025 *
1026 * @param string $fieldName
1027 */
1028 protected function addAvatarButtonJs($fieldName)
1029 {
1030 $this->moduleTemplate->addJavaScriptCode('avatar-button', '
1031 var browserWin="";
1032
1033 function openFileBrowser() {
1034 var url = ' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('wizard_element_browser', ['mode' => 'file', 'bparams' => '||||dummy|setFileUid'])) . ';
1035 browserWin = window.open(url,"Typo3WinBrowser","height=650,width=800,status=0,menubar=0,resizable=1,scrollbars=1");
1036 browserWin.focus();
1037 }
1038
1039 function clearExistingImage() {
1040 $(' . GeneralUtility::quoteJSvalue('#image_' . htmlspecialchars($fieldName)) . ').hide();
1041 $(' . GeneralUtility::quoteJSvalue('#clear_button_' . htmlspecialchars($fieldName)) . ').hide();
1042 $(' . GeneralUtility::quoteJSvalue('#field_' . htmlspecialchars($fieldName)) . ').val(\'delete\');
1043 }
1044
1045 function setFileUid(field, value, fileUid) {
1046 clearExistingImage();
1047 $(' . GeneralUtility::quoteJSvalue('#field_' . htmlspecialchars($fieldName)) . ').val(fileUid);
1048 $(' . GeneralUtility::quoteJSvalue('#add_button_' . htmlspecialchars($fieldName)) . ').removeClass(\'btn-default\').addClass(\'btn-info\');
1049
1050 browserWin.close();
1051 }
1052 ');
1053 }
1054
1055 /**
1056 * Returns the current BE user.
1057 *
1058 * @return \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
1059 */
1060 protected function getBackendUser()
1061 {
1062 return $GLOBALS['BE_USER'];
1063 }
1064
1065 /**
1066 * Returns LanguageService
1067 *
1068 * @return \TYPO3\CMS\Lang\LanguageService
1069 */
1070 protected function getLanguageService()
1071 {
1072 return $GLOBALS['LANG'];
1073 }
1074
1075 /**
1076 * Add FlashMessages for various actions
1077 */
1078 protected function addFlashMessages()
1079 {
1080 $flashMessages = [];
1081
1082 // Show if setup was saved
1083 if ($this->setupIsUpdated && !$this->settingsAreResetToDefault) {
1084 $flashMessages[] = $this->getFlashMessage('setupWasUpdated', 'UserSettings');
1085 }
1086
1087 // Show if temporary data was cleared
1088 if ($this->settingsAreResetToDefault) {
1089 $flashMessages[] = $this->getFlashMessage('settingsAreReset', 'resetConfiguration');
1090 }
1091
1092 // Notice
1093 if ($this->setupIsUpdated || $this->settingsAreResetToDefault) {
1094 $flashMessages[] = $this->getFlashMessage('activateChanges', '', FlashMessage::INFO);
1095 }
1096
1097 // If password is updated, output whether it failed or was OK.
1098 if ($this->passwordIsSubmitted) {
1099 $flashMessage = null;
1100 switch ($this->passwordIsUpdated) {
1101 case self::PASSWORD_OLD_WRONG:
1102 $flashMessages[] = $this->getFlashMessage('oldPassword_failed', 'newPassword', FlashMessage::ERROR);
1103 break;
1104 case self::PASSWORD_NOT_THE_SAME:
1105 $flashMessages[] = $this->getFlashMessage('newPassword_failed', 'newPassword', FlashMessage::ERROR);
1106 break;
1107 case self::PASSWORD_UPDATED:
1108 $flashMessages[] = $this->getFlashMessage('newPassword_ok', 'newPassword');
1109 break;
1110 }
1111 }
1112 if (!empty($flashMessages)) {
1113 $this->enqueueFlashMessages($flashMessages);
1114 }
1115 }
1116
1117 /**
1118 * @param array $flashMessages
1119 * @throws \TYPO3\CMS\Core\Exception
1120 */
1121 protected function enqueueFlashMessages(array $flashMessages)
1122 {
1123 $flashMessageService = GeneralUtility::makeInstance(FlashMessageService::class);
1124 $defaultFlashMessageQueue = $flashMessageService->getMessageQueueByIdentifier();
1125 foreach ($flashMessages as $flashMessage) {
1126 $defaultFlashMessageQueue->enqueue($flashMessage);
1127 }
1128 }
1129
1130 /**
1131 * @param string $message
1132 * @param string $title
1133 * @param int $severity
1134 * @return FlashMessage
1135 */
1136 protected function getFlashMessage($message, $title, $severity = FlashMessage::OK)
1137 {
1138 $title = !empty($title) ? $this->getLanguageService()->getLL($title) : ' ';
1139 return GeneralUtility::makeInstance(
1140 FlashMessage::class,
1141 $this->getLanguageService()->getLL($message),
1142 $title,
1143 $severity
1144 );
1145 }
1146 }