Fixed bug #15729: Sysext setup's user simulation is susceptible to XSS (thanks to...
[Packages/TYPO3.CMS.git] / typo3 / sysext / setup / mod / index.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2010 Kasper Skårhøj (kasperYYYY@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Module: User configuration
29 *
30 * This module lets users viev and change their individual settings
31 *
32 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
33 * Revised for TYPO3 3.7 6/2004 by Kasper Skårhøj
34 * XHTML compatible.
35 */
36 /**
37 * [CLASS/FUNCTION INDEX of SCRIPT]
38 *
39 *
40 *
41 * 86: class SC_mod_user_setup_index
42 *
43 * SECTION: Saving data
44 * 114: function storeIncomingData()
45 *
46 * SECTION: Rendering module
47 * 216: function init()
48 * 248: function main()
49 * 403: function printContent()
50 *
51 * SECTION: Helper functions
52 * 432: function getRealScriptUserObj()
53 * 442: function simulateUser()
54 * 488: function setLabel($str,$key='')
55 *
56 * TOTAL FUNCTIONS: 7
57 * (This index is automatically created/updated by the extension "extdeveval")
58 *
59 */
60
61 unset($MCONF);
62 require('conf.php');
63 require($BACK_PATH.'init.php');
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78 /**
79 * Script class for the Setup module
80 *
81 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
82 * @package TYPO3
83 * @subpackage tx_setup
84 */
85 class SC_mod_user_setup_index {
86
87 // Internal variables:
88 var $MCONF = array();
89 var $MOD_MENU = array();
90 var $MOD_SETTINGS = array();
91
92 /**
93 * document template object
94 *
95 * @var mediumDoc
96 */
97 var $doc;
98
99 var $content;
100 var $overrideConf;
101
102 /**
103 * backend user object, set during simulate-user operation
104 *
105 * @var t3lib_beUserAuth
106 */
107 var $OLD_BE_USER;
108 var $languageUpdate;
109
110 protected $isAdmin;
111 protected $dividers2tabs;
112
113 protected $tsFieldConf;
114
115 protected $saveData = FALSE;
116 protected $passwordIsUpdated = FALSE;
117 protected $passwordIsSubmitted = FALSE;
118 protected $setupIsUpdated = FALSE;
119 protected $tempDataIsCleared = FALSE;
120
121
122 /******************************
123 *
124 * Saving data
125 *
126 ******************************/
127
128 /**
129 * If settings are submitted to _POST[DATA], store them
130 * NOTICE: This method is called before the template.php is included. See buttom of document
131 *
132 * @return void
133 */
134 function storeIncomingData() {
135 /* @var $BE_USER t3lib_beUserAuth */
136 global $BE_USER;
137
138 // First check if something is submittet in the data-array from POST vars
139 $d = t3lib_div::_POST('data');
140 $columns = $GLOBALS['TYPO3_USER_SETTINGS']['columns'];
141 $beUserId = $BE_USER->user['uid'];
142 $storeRec = array();
143 $fieldList = $this->getFieldsFromShowItem();
144
145 if (is_array($d)) {
146
147 // UC hashed before applying changes
148 $save_before = md5(serialize($BE_USER->uc));
149
150 // PUT SETTINGS into the ->uc array:
151
152 // reload left frame when switching BE language
153 if (isset($d['lang']) && ($d['lang'] != $BE_USER->uc['lang'])) {
154 $this->languageUpdate = true;
155 }
156
157 if ($d['setValuesToDefault']) {
158 // If every value should be default
159 $BE_USER->resetUC();
160 } elseif ($d['clearSessionVars']) {
161 foreach ($BE_USER->uc as $key => $value) {
162 if (!isset($columns[$key])) {
163 unset ($BE_USER->uc[$key]);
164 }
165 }
166 $this->tempDataIsCleared = TRUE;
167 } elseif ($d['save']) {
168 // save all submitted values if they are no array (arrays are with table=be_users) and exists in $GLOBALS['TYPO3_USER_SETTINGS'][columns]
169
170 foreach($columns as $field => $config) {
171 if (!in_array($field, $fieldList)) {
172 continue;
173 }
174 if ($config['table']) {
175 if ($config['table'] == 'be_users' && !in_array($field, array('password', 'password2', 'email', 'realName', 'admin'))) {
176 if (!isset($config['access']) || $this->checkAccess($config) && $BE_USER->user[$field] !== $d['be_users'][$field]) {
177 $storeRec['be_users'][$beUserId][$field] = $d['be_users'][$field];
178 $BE_USER->user[$field] = $d['be_users'][$field];
179 }
180 }
181 }
182 if ($config['type'] == 'check') {
183 $BE_USER->uc[$field] = isset($d[$field]) ? 1 : 0;
184 } else {
185 $BE_USER->uc[$field] = htmlspecialchars($d[$field]);
186 }
187 }
188
189 // Personal data for the users be_user-record (email, name, password...)
190 // If email and name is changed, set it in the users record:
191 $be_user_data = $d['be_users'];
192
193 $this->passwordIsSubmitted = (strlen($be_user_data['password']) > 0);
194 $passwordIsConfirmed = ($this->passwordIsSubmitted && $be_user_data['password'] === $be_user_data['password2']);
195
196 // Update the real name:
197 if ($be_user_data['realName'] !== $BE_USER->user['realName']) {
198 $BE_USER->user['realName'] = $storeRec['be_users'][$beUserId]['realName'] = substr($be_user_data['realName'], 0, 80);
199 }
200 // Update the email address:
201 if ($be_user_data['email'] !== $BE_USER->user['email']) {
202 $BE_USER->user['email'] = $storeRec['be_users'][$beUserId]['email'] = substr($be_user_data['email'], 0, 80);
203 }
204 // Update the password:
205 if ($passwordIsConfirmed) {
206 $storeRec['be_users'][$beUserId]['password'] = $be_user_data['password2'];
207 $this->passwordIsUpdated = TRUE;
208 }
209
210 $this->saveData = TRUE;
211 }
212
213 $BE_USER->overrideUC(); // Inserts the overriding values.
214
215 $save_after = md5(serialize($BE_USER->uc));
216 if ($save_before!=$save_after) { // If something in the uc-array of the user has changed, we save the array...
217 $BE_USER->writeUC($BE_USER->uc);
218 $BE_USER->writelog(254, 1, 0, 1, 'Personal settings changed', array());
219 $this->setupIsUpdated = TRUE;
220 }
221 // If the temporary data has been cleared, lets make a log note about it
222 if ($this->tempDataIsCleared) {
223 $BE_USER->writelog(254, 1, 0, 1, $GLOBALS['LANG']->getLL('tempDataClearedLog'), array());
224 }
225
226 // Persist data if something has changed:
227 if (count($storeRec) && $this->saveData) {
228 // Make instance of TCE for storing the changes.
229 $tce = t3lib_div::makeInstance('t3lib_TCEmain');
230 $tce->stripslashes_values=0;
231 $tce->start($storeRec,Array(),$BE_USER);
232 $tce->admin = 1; // This is so the user can actually update his user record.
233 $tce->bypassWorkspaceRestrictions = TRUE; // This is to make sure that the users record can be updated even if in another workspace. This is tolerated.
234 $tce->process_datamap();
235 unset($tce);
236
237 if (!$this->passwordIsUpdated || count($storeRec['be_users'][$beUserId]) > 1) {
238 $this->setupIsUpdated = TRUE;
239 }
240 }
241 }
242 }
243
244
245
246
247
248
249
250
251
252
253
254
255 /******************************
256 *
257 * Rendering module
258 *
259 ******************************/
260
261 /**
262 * Initializes the module for display of the settings form.
263 *
264 * @return void
265 */
266 function init() {
267 $this->MCONF = $GLOBALS['MCONF'];
268
269
270 // Returns the script user - that is the REAL logged in user! ($GLOBALS[BE_USER] might be another user due to simulation!)
271 $scriptUser = $this->getRealScriptUserObj();
272 // ... and checking module access for the logged in user.
273 $scriptUser->modAccess($this->MCONF, 1);
274
275 $this->isAdmin = $scriptUser->isAdmin();
276
277 // Getting the 'override' values as set might be set in User TSconfig
278 $this->overrideConf = $GLOBALS['BE_USER']->getTSConfigProp('setup.override');
279 // Getting the disabled fields might be set in User TSconfig (eg setup.fields.password.disabled=1)
280 $this->tsFieldConf = $GLOBALS['BE_USER']->getTSConfigProp('setup.fields');
281
282 // Create instance of object for output of data
283 $this->doc = t3lib_div::makeInstance('template');
284 $this->doc->backPath = $GLOBALS['BACK_PATH'];
285 $this->doc->setModuleTemplate('templates/setup.html');
286 $this->doc->JScodeLibArray['dyntabmenu'] = $this->doc->getDynTabMenuJScode();
287 $this->doc->form = '<form action="index.php" method="post" name="usersetup" enctype="application/x-www-form-urlencoded">';
288 $this->doc->tableLayout = array(
289 'defRow' => array(
290 '0' => array('<td class="td-label">','</td>'),
291 'defCol' => array('<td valign="top">','</td>')
292 )
293 );
294 $this->doc->table_TR = '<tr>';
295 $this->doc->table_TABLE = '<table border="0" cellspacing="1" cellpadding="2" class="typo3-usersettings">';
296 }
297
298 /**
299 * Generate the main settings formular:
300 *
301 * @return void
302 */
303 function main() {
304 global $BE_USER,$LANG,$BACK_PATH,$TBE_MODULES;
305
306 // file creation / delete
307 if ($this->isAdmin) {
308 if (t3lib_div::_POST('deleteInstallToolEnableFile')) {
309 unlink(PATH_typo3conf . 'ENABLE_INSTALL_TOOL');
310 $installToolEnableFileExists = is_file(PATH_typo3conf . 'ENABLE_INSTALL_TOOL');
311 if ($installToolEnableFileExists) {
312 $flashMessage = t3lib_div::makeInstance(
313 't3lib_FlashMessage',
314 $LANG->getLL('enableInstallTool.fileDelete_failed'),
315 $LANG->getLL('enableInstallTool.file'),
316 t3lib_FlashMessage::ERROR
317 );
318 } else {
319 $flashMessage = t3lib_div::makeInstance(
320 't3lib_FlashMessage',
321 $LANG->getLL('enableInstallTool.fileDelete_ok'),
322 $LANG->getLL('enableInstallTool.file'),
323 t3lib_FlashMessage::OK
324 );
325 }
326 $this->content .= $flashMessage->render();
327 }
328 if (t3lib_div::_POST('createInstallToolEnableFile')) {
329 touch(PATH_typo3conf . 'ENABLE_INSTALL_TOOL');
330 t3lib_div::fixPermissions(PATH_typo3conf . 'ENABLE_INSTALL_TOOL');
331 $installToolEnableFileExists = is_file(PATH_typo3conf . 'ENABLE_INSTALL_TOOL');
332 if ($installToolEnableFileExists) {
333 $flashMessage = t3lib_div::makeInstance(
334 't3lib_FlashMessage',
335 $LANG->getLL('enableInstallTool.fileCreate_ok'),
336 $LANG->getLL('enableInstallTool.file'),
337 t3lib_FlashMessage::OK
338 );
339 } else {
340 $flashMessage = t3lib_div::makeInstance(
341 't3lib_FlashMessage',
342 $LANG->getLL('enableInstallTool.fileCreate_failed'),
343 $LANG->getLL('enableInstallTool.file'),
344 t3lib_FlashMessage::ERROR
345 );
346 }
347 $this->content .= $flashMessage->render();
348 }
349 }
350
351 if ($this->languageUpdate) {
352 $this->doc->JScodeArray['languageUpdate'] .= '
353 if (top.refreshMenu) {
354 top.refreshMenu();
355 } else {
356 top.TYPO3ModuleMenu.refreshMenu();
357 }
358 ';
359 }
360
361 // Start page:
362 $this->doc->loadJavascriptLib('md5.js');
363
364 // use a wrapper div
365 $this->content .= '<div id="user-setup-wrapper">';
366
367 // Load available backend modules
368 $this->loadModules = t3lib_div::makeInstance('t3lib_loadModules');
369 $this->loadModules->observeWorkspaces = true;
370 $this->loadModules->load($TBE_MODULES);
371
372 $this->content .= $this->doc->header($LANG->getLL('UserSettings').' - '.$BE_USER->user['realName'].' ['.$BE_USER->user['username'].']');
373
374 // show if setup was saved
375 if ($this->setupIsUpdated) {
376 $flashMessage = t3lib_div::makeInstance(
377 't3lib_FlashMessage',
378 $LANG->getLL('setupWasUpdated'),
379 $LANG->getLL('UserSettings')
380 );
381 $this->content .= $flashMessage->render();
382 }
383 // Show if temporary data was cleared
384 if ($this->tempDataIsCleared) {
385 $flashMessage = t3lib_div::makeInstance(
386 't3lib_FlashMessage',
387 $LANG->getLL('tempDataClearedFlashMessage'),
388 $LANG->getLL('tempDataCleared')
389 );
390 $this->content .= $flashMessage->render();
391 }
392 // If password is updated, output whether it failed or was OK.
393 if ($this->passwordIsSubmitted) {
394 if ($this->passwordIsUpdated) {
395 $flashMessage = t3lib_div::makeInstance(
396 't3lib_FlashMessage',
397 $LANG->getLL('newPassword_ok'),
398 $LANG->getLL('newPassword')
399 );
400 } else {
401 $flashMessage = t3lib_div::makeInstance(
402 't3lib_FlashMessage',
403 $LANG->getLL('newPassword_failed'),
404 $LANG->getLL('newPassword'),
405 t3lib_FlashMessage::ERROR
406 );
407 }
408 $this->content .= $flashMessage->render();
409 }
410
411
412 // render the menu items
413 $menuItems = $this->renderUserSetup();
414
415 $this->content .= $this->doc->spacer(20) . $this->doc->getDynTabMenu($menuItems, 'user-setup', false, false, 100, 1, false, 1, $this->dividers2tabs);
416
417
418 // Submit and reset buttons
419 $this->content .= $this->doc->spacer(20);
420 $this->content .= $this->doc->section('',
421 t3lib_BEfunc::cshItem('_MOD_user_setup', 'reset', $BACK_PATH) . '
422 <input type="hidden" name="simUser" value="'.$this->simUser.'" />
423 <input type="submit" name="data[save]" value="'.$LANG->getLL('save').'" />
424 <input type="submit" name="data[setValuesToDefault]" value="'.$LANG->getLL('resetConfiguration').'" onclick="return confirm(\''.$LANG->getLL('setToStandardQuestion').'\');" />
425 <input type="submit" name="data[clearSessionVars]" value="' . $LANG->getLL('clearSessionVars') . '" onclick="return confirm(\'' . $LANG->getLL('clearSessionVarsQuestion') . '\');" />'
426 );
427
428
429
430 // Notice
431 $this->content .= $this->doc->spacer(30);
432 $flashMessage = t3lib_div::makeInstance(
433 't3lib_FlashMessage',
434 $LANG->getLL('activateChanges'),
435 '',
436 t3lib_FlashMessage::INFO
437 );
438 $this->content .= $flashMessage->render();
439
440 // Setting up the buttons and markers for docheader
441 $docHeaderButtons = $this->getButtons();
442 $markers['CSH'] = $docHeaderButtons['csh'];
443 $markers['CONTENT'] = $this->content;
444
445 // Build the <body> for the module
446 $this->content = $this->doc->startPage($LANG->getLL('UserSettings'));
447 $this->content.= $this->doc->moduleBody($this->pageinfo, $docHeaderButtons, $markers);
448 // end of wrapper div
449 $this->content .= '</div>';
450 $this->content.= $this->doc->endPage();
451 $this->content = $this->doc->insertStylesAndJS($this->content);
452
453 }
454
455 /**
456 * Prints the content / ends page
457 *
458 * @return void
459 */
460 function printContent() {
461 echo $this->content;
462 }
463
464 /**
465 * Create the panel of buttons for submitting the form or otherwise perform operations.
466 *
467 * @return array all available buttons as an assoc. array
468 */
469 protected function getButtons() {
470 $buttons = array(
471 'csh' => '',
472 'save' => '',
473 'shortcut' => '',
474 );
475
476 $buttons['csh'] = t3lib_BEfunc::cshItem('_MOD_user_setup', '', $GLOBALS['BACK_PATH'], '|', true);
477
478 if ($GLOBALS['BE_USER']->mayMakeShortcut()) {
479 $buttons['shortcut'] = $this->doc->makeShortcutIcon('','',$this->MCONF['name']);
480 }
481
482 return $buttons;
483 }
484
485
486
487
488 /******************************
489 *
490 * Render module
491 *
492 ******************************/
493
494
495 /**
496 * renders the data for all tabs in the user setup and returns
497 * everything that is needed with tabs and dyntab menu
498 *
499 * @return ready to use for the dyntabmenu itemarray
500 */
501 protected function renderUserSetup() {
502 $result = array();
503 $firstTabLabel = '';
504 $code = array();
505 $i = 0;
506
507 $fieldArray = $this->getFieldsFromShowItem();
508
509 $this->dividers2tabs = isset($GLOBALS['TYPO3_USER_SETTINGS']['ctrl']['dividers2tabs']) ? intval($GLOBALS['TYPO3_USER_SETTINGS']['ctrl']['dividers2tabs']) : 0;
510
511
512 // "display full help" is active?
513 $displayFullText = ($GLOBALS['BE_USER']->uc['edit_showFieldHelp'] == 'text');
514 if ($displayFullText) {
515 $this->doc->tableLayout['defRowEven'] = array('defCol' => array ('<td valign="top" colspan="3">','</td>'));
516 }
517
518 foreach ($fieldArray as $fieldName) {
519 $more = '';
520
521 if (substr($fieldName, 0, 8) == '--div--;') {
522 if ($firstTabLabel == '') {
523 // first tab
524 $tabLabel = $this->getLabel(substr($fieldName, 8), '', false);
525 $firstTabLabel = $tabLabel;
526 } else {
527 if ($this->dividers2tabs) {
528 $result[] = array(
529 'label' => $tabLabel,
530 'content' => count($code) ? $this->doc->spacer(20) . $this->doc->table($code) : ''
531 );
532 $tabLabel = $this->getLabel(substr($fieldName, 8), '', false);
533 $i = 0;
534 $code = array();
535 }
536 }
537 continue;
538 }
539
540 $config = $GLOBALS['TYPO3_USER_SETTINGS']['columns'][$fieldName];
541
542 // field my be disabled in setup.fields
543 if (isset($this->tsFieldConf[$fieldName . '.']['disabled']) && $this->tsFieldConf[$fieldName . '.']['disabled'] == 1) {
544 continue;
545 }
546 if (isset($config['access']) && !$this->checkAccess($config)) {
547 continue;
548 }
549
550 $label = $this->getLabel($config['label'], $fieldName);
551 $csh = $this->getCSH($config['csh'] ? $config['csh'] : $fieldName);
552 if (!$csh) {
553 $csh = '<img class="csh-dummy" src="' . $this->doc->backPath . 'clear.gif" width="16" height="16" />';
554 }
555 $type = $config['type'];
556 $eval = $config['eval'];
557 $class = $config['class'];
558 $style = $config['style'];
559
560 if ($class) {
561 $more .= ' class="' . $class . '"';
562 }
563 if ($style) {
564 $more .= ' style="' . $style . '"';
565 }
566 if ($this->overrideConf[$fieldName]) {
567 $more .= ' disabled="disabled"';
568 }
569
570 $value = $config['table'] == 'be_users' ? $GLOBALS['BE_USER']->user[$fieldName] : $GLOBALS['BE_USER']->uc[$fieldName];
571 if (!$value && isset($config['default'])) {
572 $value = $config['default'];
573 }
574
575 switch ($type) {
576 case 'text':
577 case 'password':
578 $dataAdd = '';
579 if ($config['table'] == 'be_users') {
580 $dataAdd = '[be_users]';
581 }
582 if ($eval == 'md5') {
583 $more .= ' onchange="this.value=this.value?MD5(this.value):\'\';"';
584 }
585
586 if ($type == 'password') {
587 $value = '';
588 }
589
590 $noAutocomplete = ($type == 'password' ? 'autocomplete="off" ' : '');
591 $html = '<input id="field_' . $fieldName . '"
592 type="' . $type . '"
593 name="data' . $dataAdd . '[' . $fieldName . ']" ' .
594 $noAutocomplete .
595 'value="' . htmlspecialchars($value) . '" ' . $GLOBALS['TBE_TEMPLATE']->formWidth(20) . $more . ' />';
596 break;
597 case 'check':
598 if (!$class) {
599 $more .= ' class="check"';
600 }
601 $html = '<input id="field_' . $fieldName . '"
602 type="checkbox"
603 name="data[' . $fieldName . ']"' .
604 ($value ? ' checked="checked"' : '') . $more . ' />';
605 break;
606 case 'select':
607 if (!$class) {
608 $more .= ' class="select"';
609 }
610
611 if ($config['itemsProcFunc']) {
612 $html = t3lib_div::callUserFunction($config['itemsProcFunc'], $config, $this, '');
613 } else {
614 $html = '<select id="field_' . $fieldName . '" name="data[' . $fieldName . ']"' . $more . '>' . LF;
615 foreach ($config['items'] as $key => $optionLabel) {
616 $html .= '<option value="' . $key . '"' .
617 ($value == $key ? ' selected="selected"' : '') .
618 '>' . $this->getLabel($optionLabel, '', false) . '</option>' . LF;
619 }
620 $html .= '</select>';
621 }
622
623 break;
624 case 'user':
625 $html = t3lib_div::callUserFunction($config['userFunc'], $config, $this, '');
626 break;
627 default:
628 $html = '';
629 }
630
631
632 // add another table row with the full text help if needed
633 if ($displayFullText) {
634 $code[$i++][1] = $csh;
635 $csh = '';
636 }
637
638 $code[$i][1] = $csh . $label;
639 $code[$i++][2] = $html;
640
641
642
643 }
644
645 if ($this->dividers2tabs == 0) {
646 $tabLabel = $firstTabLabel;
647 }
648
649 $result[] = array(
650 'label' => $tabLabel,
651 'content' => count($code) ? $this->doc->spacer(20) . $this->doc->table($code) : ''
652 );
653
654
655 return $result;
656 }
657
658
659
660
661
662
663 /******************************
664 *
665 * Helper functions
666 *
667 ******************************/
668
669 /**
670 * Returns the backend user object, either the global OR the $this->OLD_BE_USER which is set during simulate-user operation.
671 * Anyway: The REAL user is returned - the one logged in.
672 *
673 * @return object The REAL user is returned - the one logged in.
674 */
675 protected function getRealScriptUserObj() {
676 return is_object($this->OLD_BE_USER) ? $this->OLD_BE_USER : $GLOBALS['BE_USER'];
677 }
678
679
680 /**
681 * Return a select with available languages
682 *
683 * @return string complete select as HTML string or warning box if something went wrong.
684 */
685 public function renderLanguageSelect($params, $pObj) {
686
687 // compile the languages dropdown
688 $languageOptions = array(
689 '000000000' => LF . '<option value="">' . $GLOBALS['LANG']->getLL('lang_default', 1) . '</option>'
690 );
691 // traverse the number of languages
692 $theLanguages = t3lib_div::trimExplode('|', TYPO3_languages);
693 foreach ($theLanguages as $language) {
694 if ($language != 'default') {
695 $languageValue = $GLOBALS['LOCAL_LANG']['default']['lang_' . $language];
696 $localLabel = ' - ['.htmlspecialchars($languageValue) . ']';
697 $unavailable = (is_dir(PATH_typo3conf . 'l10n/' . $language) ? false : true);
698 if (!$unavailable) {
699 $languageOptions[$languageValue . '--' . $language] = '
700 <option value="'.$language.'"'.($GLOBALS['BE_USER']->uc['lang'] == $language ? ' selected="selected"' : '') . ($unavailable ? ' class="c-na"' : '').'>'.$GLOBALS['LANG']->getLL('lang_' . $language, 1) . $localLabel . '</option>';
701 }
702 }
703 }
704 ksort($languageOptions);
705 $languageCode = '
706 <select id="field_lang" name="data[lang]" class="select">' .
707 implode('', $languageOptions) . '
708 </select>';
709 if ( $GLOBALS['BE_USER']->uc['lang'] && !@is_dir(PATH_typo3conf . 'l10n/' . $GLOBALS['BE_USER']->uc['lang'])) {
710 $languageUnavailableWarning = 'The selected language "'
711 . $GLOBALS['LANG']->getLL('lang_' . $GLOBALS['BE_USER']->uc['lang'], 1)
712 . '" is not available before the language pack is installed.<br />'
713 . ($GLOBALS['BE_USER']->isAdmin() ?
714 'You can use the Extension Manager to easily download and install new language packs.'
715 : 'Please ask your system administrator to do this.');
716
717
718 $languageUnavailableMessage = t3lib_div::makeInstance(
719 't3lib_FlashMessage',
720 $languageUnavailableWarning,
721 '',
722 t3lib_FlashMessage::WARNING
723 );
724
725 $languageCode = $languageUnavailableMessage->render() . $languageCode;
726 }
727
728 return $languageCode;
729 }
730
731 /**
732 * Returns a select with all modules for startup
733 *
734 * @return string complete select as HTML string
735 */
736 public function renderStartModuleSelect($params, $pObj) {
737 // start module select
738 if (empty($GLOBALS['BE_USER']->uc['startModule'])) {
739 $GLOBALS['BE_USER']->uc['startModule'] = $GLOBALS['BE_USER']->uc_default['startModule'];
740 }
741 $startModuleSelect .= '<option value=""></option>';
742 foreach ($pObj->loadModules->modules as $mainMod => $modData) {
743 if (isset($modData['sub']) && is_array($modData['sub'])) {
744 $startModuleSelect .= '<option disabled="disabled">'.$GLOBALS['LANG']->moduleLabels['tabs'][$mainMod.'_tab'].'</option>';
745 foreach ($modData['sub'] as $subKey => $subData) {
746 $modName = $subData['name'];
747 $startModuleSelect .= '<option value="' . $modName . '"' . ($GLOBALS['BE_USER']->uc['startModule'] == $modName ? ' selected="selected"' : '') . '>';
748 $startModuleSelect .= ' - ' . $GLOBALS['LANG']->moduleLabels['tabs'][$modName.'_tab'] . '</option>';
749 }
750 }
751 }
752
753
754 return '<select id="field_startModule" name="data[startModule]" class="select">' . $startModuleSelect . '</select>';
755 }
756
757 /**
758 *
759 * @param array $params config of the field
760 * @param SC_mod_user_setup_index $parent this class as reference
761 * @return string html with description and button
762 */
763 public function renderInstallToolEnableFileButton(array $params, SC_mod_user_setup_index $parent) {
764 // Install Tool access file
765 $installToolEnableFile = PATH_typo3conf . 'ENABLE_INSTALL_TOOL';
766 $installToolEnableFileExists = is_file($installToolEnableFile);
767 if ($installToolEnableFileExists && (time() - filemtime($installToolEnableFile) > 3600)) {
768 $content = file_get_contents($installToolEnableFile);
769 $verifyString = 'KEEP_FILE';
770
771 if (trim($content) !== $verifyString) {
772 // Delete the file if it is older than 3600s (1 hour)
773 unlink($installToolEnableFile);
774 $installToolEnableFileExists = is_file($installToolEnableFile);
775 }
776 }
777
778 if ($installToolEnableFileExists) {
779 return '<input type="submit" name="deleteInstallToolEnableFile" value="' . $GLOBALS['LANG']->sL('LLL:EXT:setup/mod/locallang.xml:enableInstallTool.deleteFile') . '" />';
780 } else {
781 return '<input type="submit" name="createInstallToolEnableFile" value="' . $GLOBALS['LANG']->sL('LLL:EXT:setup/mod/locallang.xml:enableInstallTool.createFile') . '" />';
782 }
783 }
784
785 /**
786 * Will make the simulate-user selector if the logged in user is administrator.
787 * It will also set the GLOBAL(!) BE_USER to the simulated user selected if any (and set $this->OLD_BE_USER to logged in user)
788 *
789 * @return void
790 */
791 public function simulateUser() {
792 global $BE_USER,$LANG,$BACK_PATH;
793
794 // *******************************************************************************
795 // If admin, allow simulation of another user
796 // *******************************************************************************
797 $this->simUser = 0;
798 $this->simulateSelector = '';
799 unset($this->OLD_BE_USER);
800 if ($BE_USER->isAdmin()) {
801 $this->simUser = intval(t3lib_div::_GP('simUser'));
802
803 // Make user-selector:
804 $users = t3lib_BEfunc::getUserNames('username,usergroup,usergroup_cached_list,uid,realName', t3lib_BEfunc::BEenableFields('be_users'));
805 $opt = array();
806 foreach ($users as $rr) {
807 if ($rr['uid'] != $BE_USER->user['uid']) {
808 $opt[] = '<option value="'.$rr['uid'].'"'.($this->simUser==$rr['uid']?' selected="selected"':'').'>'.htmlspecialchars($rr['username'].' ('.$rr['realName'].')').'</option>';
809 }
810 }
811 if (count($opt)) {
812 $this->simulateSelector = '<select id="field_simulate" name="simulateUser" onchange="window.location.href=\'index.php?simUser=\'+this.options[this.selectedIndex].value;"><option></option>'.implode('',$opt).'</select>';
813 }
814 }
815
816 if ($this->simUser>0) { // This can only be set if the previous code was executed.
817 $this->OLD_BE_USER = $BE_USER; // Save old user...
818 unset($BE_USER); // Unset current
819
820 $BE_USER = t3lib_div::makeInstance('t3lib_beUserAuth'); // New backend user object
821 $BE_USER->OS = TYPO3_OS;
822 $BE_USER->setBeUserByUid($this->simUser);
823 $BE_USER->fetchGroupData();
824 $BE_USER->backendSetUC();
825 $GLOBALS['BE_USER'] = $BE_USER; // Must do this, because unsetting $BE_USER before apparently unsets the reference to the global variable by this name!
826 }
827 }
828
829 /**
830 * Returns a select with simulate users
831 *
832 * @return string complete select as HTML string
833 */
834 public function renderSimulateUserSelect($params, $pObj) {
835 return $pObj->simulateSelector;
836 }
837
838 /**
839 * Returns access check (currently only "admin" is supported)
840 *
841 * @param array $config: Configuration of the field, access mode is defined in key 'access'
842 * @return boolean Whether it is allowed to modify the given field
843 */
844 protected function checkAccess(array $config) {
845 $access = $config['access'];
846 // check for hook
847 if (strpos($access, 'tx_') === 0) {
848 $accessObject = t3lib_div::getUserObj($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['setup']['accessLevelCheck'][$access] . ':&' . $access);
849 if (is_object($accessObject) && method_exists($accessObject, 'accessLevelCheck')) {
850 // initialize vars. If method fails, $set will be set to false
851 return $accessObject->accessLevelCheck($config);
852 }
853 } elseif ($access == 'admin') {
854 return $this->isAdmin;
855 }
856 }
857
858
859 /**
860 * Returns the label $str from getLL() and grays out the value if the $str/$key is found in $this->overrideConf array
861 *
862 * @param string Locallang key
863 * @param string Alternative override-config key
864 * @param boolean Defines whether the string should be wrapped in a <label> tag.
865 * @param string Alternative id for use in "for" attribute of <label> tag. By default the $str key is used prepended with "field_".
866 * @return string HTML output.
867 */
868 protected function getLabel($str, $key='', $addLabelTag=true, $altLabelTagId='') {
869 if (substr($str, 0, 4) == 'LLL:') {
870 $out = $GLOBALS['LANG']->sL($str);
871 } else {
872 $out = htmlspecialchars($str);
873 }
874
875
876 if (isset($this->overrideConf[($key?$key:$str)])) {
877 $out = '<span style="color:#999999">'.$out.'</span>';
878 }
879
880 if($addLabelTag) {
881 $out = '<label for="' . ($altLabelTagId ? $altLabelTagId : 'field_' . $key) . '">' . $out . '</label>';
882 }
883 return $out;
884 }
885
886 /**
887 * Returns the CSH Icon for given string
888 *
889 * @param string Locallang key
890 * @return string HTML output.
891 */
892 protected function getCSH($str) {
893 if (!t3lib_div::inList('language,simuser', $str)) {
894 $str = 'option_' . $str;
895 }
896 return t3lib_BEfunc::cshItem('_MOD_user_setup', $str, $this->doc->backPath, '|', false, 'margin-bottom:0px;');
897 }
898
899 /**
900 * Returns array with fields defined in $GLOBALS['TYPO3_USER_SETTINGS']['showitem']
901 *
902 * @param void
903 * @return array array with fieldnames visible in form
904 */
905 protected function getFieldsFromShowItem() {
906 $fieldList = $GLOBALS['TYPO3_USER_SETTINGS']['showitem'];
907
908 // disable fields depended on settings
909 if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['RTEenabled']) {
910 $fieldList = t3lib_div::rmFromList('edit_RTE', $fieldList);
911 }
912
913 $fieldArray = t3lib_div::trimExplode(',', $fieldList, TRUE);
914 return $fieldArray;
915 }
916 }
917
918
919 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/setup/mod/index.php']) {
920 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/setup/mod/index.php']);
921 }
922
923
924
925 // Make instance:
926 $SOBE = t3lib_div::makeInstance('SC_mod_user_setup_index');
927 $SOBE->simulateUser();
928 $SOBE->storeIncomingData();
929
930 // These includes MUST be afterwards the settings are saved...!
931 require ($BACK_PATH.'template.php');
932 $LANG->includeLLFile('EXT:setup/mod/locallang.xml');
933
934 $SOBE->init();
935 $SOBE->main();
936 $SOBE->printContent();
937
938 ?>