[!!!][TASK] Drop "documentation" extension
[Packages/TYPO3.CMS.git] / typo3 / sysext / felogin / Classes / Controller / FrontendLoginController.php
1 <?php
2 namespace TYPO3\CMS\Felogin\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Log\LoggerAwareInterface;
18 use Psr\Log\LoggerAwareTrait;
19 use TYPO3\CMS\Core\Authentication\LoginType;
20 use TYPO3\CMS\Core\Crypto\Random;
21 use TYPO3\CMS\Core\Database\Connection;
22 use TYPO3\CMS\Core\Database\ConnectionPool;
23 use TYPO3\CMS\Core\Database\Query\Restriction\FrontendRestrictionContainer;
24 use TYPO3\CMS\Core\Utility\GeneralUtility;
25 use TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;
26 use TYPO3\CMS\Frontend\Plugin\AbstractPlugin;
27
28 /**
29 * Plugin 'Website User Login' for the 'felogin' extension.
30 */
31 class FrontendLoginController extends AbstractPlugin implements LoggerAwareInterface
32 {
33 use LoggerAwareTrait;
34
35 /**
36 * Same as class name
37 *
38 * @var string
39 */
40 public $prefixId = 'tx_felogin_pi1';
41
42 /**
43 * The extension key.
44 *
45 * @var string
46 */
47 public $extKey = 'felogin';
48
49 /**
50 * @var bool
51 */
52 public $pi_checkCHash = false;
53
54 /**
55 * @var bool
56 */
57 public $pi_USER_INT_obj = true;
58
59 /**
60 * Is user logged in?
61 *
62 * @var bool
63 */
64 protected $userIsLoggedIn;
65
66 /**
67 * Holds the template for FE rendering
68 *
69 * @var string
70 */
71 protected $template;
72
73 /**
74 * URL for the redirect
75 *
76 * @var string
77 */
78 protected $redirectUrl;
79
80 /**
81 * Flag for disable the redirect
82 *
83 * @var bool
84 */
85 protected $noRedirect = false;
86
87 /**
88 * Logintype (given as GPvar), possible: login, logout
89 *
90 * @var string
91 */
92 protected $logintype;
93
94 /**
95 * A list of page UIDs, either an integer or a comma-separated list of integers
96 *
97 * @var string
98 */
99 public $spid;
100
101 /**
102 * Referrer
103 *
104 * @var string
105 */
106 public $referer;
107
108 /**
109 * The main method of the plugin
110 *
111 * @param string $content The PlugIn content
112 * @param array $conf The PlugIn configuration
113 * @return string The content that is displayed on the website
114 * @throws \RuntimeException when no storage PID was configured.
115 */
116 public function main($content, $conf)
117 {
118 // Loading TypoScript array into object variable:
119 $this->conf = $conf;
120 // Loading default pivars
121 $this->pi_setPiVarDefaults();
122 // Loading language-labels
123 $this->pi_loadLL('EXT:felogin/Resources/Private/Language/locallang.xlf');
124 // Init FlexForm configuration for plugin:
125 $this->pi_initPIflexForm();
126 $this->mergeflexFormValuesIntoConf();
127 // Get storage PIDs:
128 if ($this->conf['storagePid']) {
129 if ((int)$this->conf['recursive']) {
130 $this->spid = $this->pi_getPidList($this->conf['storagePid'], (int)$this->conf['recursive']);
131 } else {
132 $this->spid = $this->conf['storagePid'];
133 }
134 } else {
135 throw new \RuntimeException('No storage folder (option storagePid) for frontend users given.', 1450904202);
136 }
137 // GPvars:
138 $this->logintype = GeneralUtility::_GP('logintype');
139 $this->referer = $this->validateRedirectUrl(GeneralUtility::_GP('referer'));
140 $this->noRedirect = $this->piVars['noredirect'] || $this->conf['redirectDisable'];
141 // If config.typolinkLinkAccessRestrictedPages is set, the var is return_url
142 $returnUrl = GeneralUtility::_GP('return_url');
143 if ($returnUrl) {
144 $this->redirectUrl = $returnUrl;
145 } else {
146 $this->redirectUrl = GeneralUtility::_GP('redirect_url');
147 }
148 $this->redirectUrl = $this->validateRedirectUrl($this->redirectUrl);
149 // Get Template
150 $templateFile = $this->conf['templateFile'] ?: 'EXT:felogin/Resources/Private/Templates/FrontendLogin.html';
151 $template = GeneralUtility::getFileAbsFileName($templateFile);
152 if ($template !== '' && file_exists($template)) {
153 $this->template = file_get_contents($template);
154 }
155 // Is user logged in?
156 $this->userIsLoggedIn = $this->frontendController->loginUser;
157 // Redirect
158 if ($this->conf['redirectMode'] && !$this->conf['redirectDisable'] && !$this->noRedirect) {
159 $redirectUrl = $this->processRedirect();
160 if (!empty($redirectUrl)) {
161 $this->redirectUrl = $this->conf['redirectFirstMethod'] ? array_shift($redirectUrl) : array_pop($redirectUrl);
162 } else {
163 $this->redirectUrl = '';
164 }
165 }
166 // What to display
167 $content = '';
168 if ($this->piVars['forgot'] && $this->conf['showForgotPasswordLink']) {
169 $content .= $this->showForgot();
170 } elseif ($this->piVars['forgothash']) {
171 $content .= $this->changePassword();
172 } else {
173 if ($this->userIsLoggedIn && !$this->logintype) {
174 $content .= $this->showLogout();
175 } else {
176 $content .= $this->showLogin();
177 }
178 }
179 // Process the redirect
180 if (($this->logintype === LoginType::LOGIN || $this->logintype === LoginType::LOGOUT) && $this->redirectUrl && !$this->noRedirect) {
181 if (!$this->frontendController->fe_user->isCookieSet() && $this->userIsLoggedIn) {
182 $content .= $this->cObj->stdWrap($this->pi_getLL('cookie_warning'), $this->conf['cookieWarning_stdWrap.']);
183 } else {
184 // Add hook for extra processing before redirect
185 $_params = [
186 'loginType' => $this->logintype,
187 'redirectUrl' => &$this->redirectUrl
188 ];
189 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'] ?? [] as $_funcRef) {
190 if ($_funcRef) {
191 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
192 }
193 }
194 \TYPO3\CMS\Core\Utility\HttpUtility::redirect($this->redirectUrl);
195 }
196 }
197 // Adds hook for processing of extra item markers / special
198 $_params = [
199 'content' => $content
200 ];
201 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'] ?? [] as $_funcRef) {
202 $content = GeneralUtility::callUserFunction($_funcRef, $_params, $this);
203 }
204 return $this->conf['wrapContentInBaseClass'] ? $this->pi_wrapInBaseClass($content) : $content;
205 }
206
207 /**
208 * Shows the forgot password form
209 *
210 * @return string Content
211 */
212 protected function showForgot()
213 {
214 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_FORGOT###');
215 $subpartArray = ($linkpartArray = []);
216 $postData = GeneralUtility::_POST($this->prefixId);
217 if ($postData['forgot_email']) {
218 // Get hashes for compare
219 $postedHash = $postData['forgot_hash'];
220 $hashData = $this->frontendController->fe_user->getKey('ses', 'forgot_hash');
221 if ($postedHash === $hashData['forgot_hash']) {
222 $userTable = $this->frontendController->fe_user->user_table;
223 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
224 $queryBuilder->setRestrictions(GeneralUtility::makeInstance(FrontendRestrictionContainer::class));
225 $row = $queryBuilder
226 ->select('*')
227 ->from($userTable)
228 ->where(
229 $queryBuilder->expr()->orX(
230 $queryBuilder->expr()->eq(
231 'email',
232 $queryBuilder->createNamedParameter($this->piVars['forgot_email'], \PDO::PARAM_STR)
233 ),
234 $queryBuilder->expr()->eq(
235 'username',
236 $queryBuilder->createNamedParameter($this->piVars['forgot_email'], \PDO::PARAM_STR)
237 )
238 ),
239 $queryBuilder->expr()->in(
240 'pid',
241 $queryBuilder->createNamedParameter(
242 GeneralUtility::intExplode(',', $this->spid),
243 Connection::PARAM_INT_ARRAY
244 )
245 )
246 )
247 ->execute()
248 ->fetch();
249
250 $error = null;
251 if ($row) {
252 // Generate an email with the hashed link
253 $error = $this->generateAndSendHash($row);
254 } elseif ($this->conf['exposeNonexistentUserInForgotPasswordDialog']) {
255 $error = $this->pi_getLL('ll_forgot_reset_message_error');
256 }
257 // Generate message
258 if ($error) {
259 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($error, $this->conf['forgotErrorMessage_stdWrap.']);
260 } else {
261 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap(
262 $this->pi_getLL('ll_forgot_reset_message_emailSent'),
263 $this->conf['forgotResetMessageEmailSentMessage_stdWrap.']
264 );
265 }
266 $subpartArray['###FORGOT_FORM###'] = '';
267 } else {
268 // Wrong email
269 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
270 $markerArray['###BACKLINK_LOGIN###'] = '';
271 }
272 } else {
273 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
274 $markerArray['###BACKLINK_LOGIN###'] = '';
275 }
276 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(htmlspecialchars($this->pi_getLL('ll_forgot_header_backToLogin')), []);
277 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('forgot_header', $this->conf['forgotHeader_stdWrap.']);
278 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('legend', $this->pi_getLL('reset_password')));
279 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [$this->prefixId . '[forgot]' => 1], true);
280 $markerArray['###EMAIL_LABEL###'] = htmlspecialchars($this->pi_getLL('your_email'));
281 $markerArray['###FORGOT_PASSWORD_ENTEREMAIL###'] = htmlspecialchars($this->pi_getLL('forgot_password_enterEmail'));
282 $markerArray['###FORGOT_EMAIL###'] = $this->prefixId . '[forgot_email]';
283 $markerArray['###SEND_PASSWORD###'] = htmlspecialchars($this->pi_getLL('reset_password'));
284 $markerArray['###DATA_LABEL###'] = htmlspecialchars($this->pi_getLL('ll_enter_your_data'));
285 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
286 // Generate hash
287 $hash = md5($this->generatePassword(3));
288 $markerArray['###FORGOTHASH###'] = $hash;
289 // Set hash in feuser session
290 $this->frontendController->fe_user->setKey('ses', 'forgot_hash', ['forgot_hash' => $hash]);
291 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
292 }
293
294 /**
295 * This function checks the hash from link and checks the validity. If it's valid it shows the form for
296 * changing the password and process the change of password after submit, if not valid it returns the error message
297 *
298 * @return string The content.
299 */
300 protected function changePassword()
301 {
302 $subpartArray = ($linkpartArray = []);
303 $done = false;
304 $minLength = (int)$this->conf['newPasswordMinLength'] ?: 6;
305 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_CHANGEPASSWORD###');
306 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('change_password_header', $this->conf['changePasswordHeader_stdWrap.']);
307 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
308 'change_password_message',
309 $this->conf['changePasswordMessage_stdWrap.']
310 ), $minLength);
311
312 $markerArray['###BACKLINK_LOGIN###'] = '';
313 $uid = $this->piVars['user'];
314 $piHash = $this->piVars['forgothash'];
315 $hash = explode('|', rawurldecode($piHash));
316 if ((int)$uid === 0) {
317 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
318 'change_password_notvalid_message',
319 $this->conf['changePasswordNotValidMessage_stdWrap.']
320 );
321 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
322 } else {
323 $user = $this->pi_getRecord('fe_users', (int)$uid);
324 $userHash = $user['felogin_forgotHash'];
325 $compareHash = explode('|', $userHash);
326 if (!$compareHash || !$compareHash[1] || $compareHash[0] < time() || $hash[0] != $compareHash[0] || md5($hash[1]) != $compareHash[1]) {
327 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
328 'change_password_notvalid_message',
329 $this->conf['changePasswordNotValidMessage_stdWrap.']
330 );
331 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
332 } else {
333 // All is fine, continue with new password
334 $postData = GeneralUtility::_POST($this->prefixId);
335 if (isset($postData['changepasswordsubmit'])) {
336 if (strlen($postData['password1']) < $minLength) {
337 $markerArray['###STATUS_MESSAGE###'] = sprintf(
338 $this->getDisplayText(
339 'change_password_tooshort_message',
340 $this->conf['changePasswordTooShortMessage_stdWrap.']
341 ),
342 $minLength
343 );
344 } elseif ($postData['password1'] != $postData['password2']) {
345 $markerArray['###STATUS_MESSAGE###'] = sprintf(
346 $this->getDisplayText(
347 'change_password_notequal_message',
348 $this->conf['changePasswordNotEqualMessage_stdWrap.']
349 ),
350 $minLength
351 );
352 } else {
353 $newPass = $postData['password1'];
354 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
355 $_params = [
356 'user' => $user,
357 'newPassword' => $newPass,
358 'newPasswordUnencrypted' => $newPass
359 ];
360 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
361 if ($_funcRef) {
362 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
363 }
364 }
365 $newPass = $_params['newPassword'];
366 }
367
368 // Save new password and clear DB-hash
369 $userTable = $this->frontendController->fe_user->user_table;
370 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
371 $queryBuilder->getRestrictions()->removeAll();
372 $queryBuilder->update($userTable)
373 ->set('password', $newPass)
374 ->set('felogin_forgotHash', '')
375 ->set('tstamp', (int)$GLOBALS['EXEC_TIME'])
376 ->where(
377 $queryBuilder->expr()->eq(
378 'uid',
379 $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT)
380 )
381 )
382 ->execute();
383
384 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
385 'change_password_done_message',
386 $this->conf['changePasswordDoneMessage_stdWrap.']
387 );
388 $done = true;
389 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
390 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(
391 htmlspecialchars($this->pi_getLL('ll_forgot_header_backToLogin')),
392 [$this->prefixId . '[redirectReferrer]' => 'off']
393 );
394 }
395 }
396 if (!$done) {
397 // Change password form
398 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [
399 $this->prefixId . '[user]' => $user['uid'],
400 $this->prefixId . '[forgothash]' => $piHash
401 ], true);
402 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('change_password'));
403 $markerArray['###NEWPASSWORD1_LABEL###'] = htmlspecialchars($this->pi_getLL('newpassword_label1'));
404 $markerArray['###NEWPASSWORD2_LABEL###'] = htmlspecialchars($this->pi_getLL('newpassword_label2'));
405 $markerArray['###NEWPASSWORD1###'] = $this->prefixId . '[password1]';
406 $markerArray['###NEWPASSWORD2###'] = $this->prefixId . '[password2]';
407 $markerArray['###STORAGE_PID###'] = $this->spid;
408 $markerArray['###SEND_PASSWORD###'] = htmlspecialchars($this->pi_getLL('change_password'));
409 $markerArray['###FORGOTHASH###'] = $piHash;
410 }
411 }
412 }
413 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
414 }
415
416 /**
417 * Generates a hashed link and send it with email
418 *
419 * @param array $user Contains user data
420 * @return string Empty string with success, error message with no success
421 */
422 protected function generateAndSendHash($user)
423 {
424 $hours = (int)$this->conf['forgotLinkHashValidTime'] > 0 ? (int)$this->conf['forgotLinkHashValidTime'] : 24;
425 $validEnd = time() + 3600 * $hours;
426 $validEndString = date($this->conf['dateFormat'], $validEnd);
427 $hash = md5(GeneralUtility::makeInstance(Random::class)->generateRandomBytes(64));
428 $randHash = $validEnd . '|' . $hash;
429 $randHashDB = $validEnd . '|' . md5($hash);
430
431 // Write hash to DB
432 $userTable = $this->frontendController->fe_user->user_table;
433 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
434 $queryBuilder->getRestrictions()->removeAll();
435 $queryBuilder->update($userTable)
436 ->set('felogin_forgotHash', $randHashDB)
437 ->where(
438 $queryBuilder->expr()->eq(
439 'uid',
440 $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT)
441 )
442 )
443 ->execute();
444
445 // Send hashlink to user
446 $this->conf['linkPrefix'] = -1;
447 $isAbsRefPrefix = !empty($this->frontendController->absRefPrefix);
448 $isBaseURL = !empty($this->frontendController->baseUrl);
449 $isFeloginBaseURL = !empty($this->conf['feloginBaseURL']);
450 $link = $this->pi_getPageLink($this->frontendController->id, '', [
451 rawurlencode($this->prefixId . '[user]') => $user['uid'],
452 rawurlencode($this->prefixId . '[forgothash]') => $randHash
453 ]);
454 // Prefix link if necessary
455 if ($isFeloginBaseURL) {
456 // First priority, use specific base URL
457 // "absRefPrefix" must be removed first, otherwise URL will be prepended twice
458 if ($isAbsRefPrefix) {
459 $link = substr($link, strlen($this->frontendController->absRefPrefix));
460 }
461 $link = $this->conf['feloginBaseURL'] . $link;
462 } elseif ($isAbsRefPrefix) {
463 // Second priority
464 // absRefPrefix must not necessarily contain a hostname and URL scheme, so add it if needed
465 $link = GeneralUtility::locationHeaderUrl($link);
466 } elseif ($isBaseURL) {
467 // Third priority
468 // Add the global base URL to the link
469 $link = $this->frontendController->baseUrlWrap($link);
470 } else {
471 // No prefix is set, return the error
472 return $this->pi_getLL('ll_change_password_nolinkprefix_message');
473 }
474 $msg = sprintf($this->pi_getLL('ll_forgot_validate_reset_password'), $user['username'], $link, $validEndString);
475 // Add hook for extra processing of mail message
476 $params = [
477 'message' => &$msg,
478 'user' => &$user
479 ];
480 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'] ?? [] as $reference) {
481 if ($reference) {
482 GeneralUtility::callUserFunction($reference, $params, $this);
483 }
484 }
485 if ($user['email']) {
486 $this->cObj->sendNotifyEmail($msg, $user['email'], '', $this->conf['email_from'], $this->conf['email_fromName'], $this->conf['replyTo']);
487 }
488
489 return '';
490 }
491
492 /**
493 * Shows logout form
494 *
495 * @return string The content.
496 */
497 protected function showLogout()
498 {
499 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_LOGOUT###');
500 $subpartArray = ($linkpartArray = []);
501 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('status_header', $this->conf['logoutHeader_stdWrap.']);
502 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('status_message', $this->conf['logoutMessage_stdWrap.']);
503 $this->cObj->stdWrap($this->flexFormValue('message', 's_status'), $this->conf['logoutMessage_stdWrap.']);
504 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('logout'));
505 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [], true);
506 $markerArray['###LOGOUT_LABEL###'] = htmlspecialchars($this->pi_getLL('logout'));
507 $markerArray['###NAME###'] = htmlspecialchars($this->frontendController->fe_user->user['name']);
508 $markerArray['###STORAGE_PID###'] = $this->spid;
509 $markerArray['###USERNAME###'] = htmlspecialchars($this->frontendController->fe_user->user['username']);
510 $markerArray['###USERNAME_LABEL###'] = htmlspecialchars($this->pi_getLL('username'));
511 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
512 $markerArray['###PREFIXID###'] = $this->prefixId;
513 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
514 if ($this->redirectUrl) {
515 // Use redirectUrl for action tag because of possible access restricted pages
516 $markerArray['###ACTION_URI###'] = htmlspecialchars($this->redirectUrl);
517 $this->redirectUrl = '';
518 }
519 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
520 }
521
522 /**
523 * Shows login form
524 *
525 * @return string Content
526 */
527 protected function showLogin()
528 {
529 $subpart = $this->templateService->getSubpart($this->template, '###TEMPLATE_LOGIN###');
530 $subpartArray = ($linkpartArray = ($markerArray = []));
531 $gpRedirectUrl = '';
532 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('oLabel_header_welcome'));
533 if ($this->logintype === LoginType::LOGIN) {
534 if ($this->userIsLoggedIn) {
535 // login success
536 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('success_header', $this->conf['successHeader_stdWrap.']);
537 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('success_message', $this->conf['successMessage_stdWrap.']);
538 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
539 $subpartArray['###LOGIN_FORM###'] = '';
540 // Hook for general actions after after login has been confirmed (by Thomas Danzl <thomas@danzl.org>)
541 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed'] ?? [] as $_funcRef) {
542 $_params = [];
543 if ($_funcRef) {
544 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
545 }
546 }
547 // show logout form directly
548 if ($this->conf['showLogoutFormAfterLogin']) {
549 $this->redirectUrl = '';
550 return $this->showLogout();
551 }
552 } else {
553 // Hook for general actions on login error
554 $params = [];
555 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'] ?? [] as $funcRef) {
556 if ($funcRef) {
557 GeneralUtility::callUserFunction($funcRef, $params, $this);
558 }
559 }
560 // login error
561 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('error_header', $this->conf['errorHeader_stdWrap.']);
562 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('error_message', $this->conf['errorMessage_stdWrap.']);
563 $gpRedirectUrl = GeneralUtility::_GP('redirect_url');
564 }
565 } else {
566 if ($this->logintype === LoginType::LOGOUT) {
567 // login form after logout
568 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('logout_header', $this->conf['logoutHeader_stdWrap.']);
569 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('logout_message', $this->conf['logoutMessage_stdWrap.']);
570 } else {
571 // login form
572 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('welcome_header', $this->conf['welcomeHeader_stdWrap.']);
573 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('welcome_message', $this->conf['welcomeMessage_stdWrap.']);
574 }
575 }
576
577 // This hook allows to call User JS functions.
578 // The methods should also set the required JS functions to get included
579 $onSubmit = '';
580 $extraHidden = '';
581 $onSubmitAr = [];
582 $extraHiddenAr = [];
583 // Check for referer redirect method. if present, save referer in form field
584 if (GeneralUtility::inList($this->conf['redirectMode'], 'referer') || GeneralUtility::inList($this->conf['redirectMode'], 'refererDomains')) {
585 $referer = $this->referer ? $this->referer : GeneralUtility::getIndpEnv('HTTP_REFERER');
586 if ($referer) {
587 $extraHiddenAr[] = '<input type="hidden" name="referer" value="' . htmlspecialchars($referer) . '" />';
588 if ($this->piVars['redirectReferrer'] === 'off') {
589 $extraHiddenAr[] = '<input type="hidden" name="' . $this->prefixId . '[redirectReferrer]" value="off" />';
590 }
591 }
592 }
593 $_params = [];
594 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] ?? [] as $funcRef) {
595 list($onSub, $hid) = GeneralUtility::callUserFunction($funcRef, $_params, $this);
596 $onSubmitAr[] = $onSub;
597 $extraHiddenAr[] = $hid;
598 }
599 if (!empty($onSubmitAr)) {
600 $onSubmit = implode('; ', $onSubmitAr) . '; return true;';
601 }
602 if (!empty($extraHiddenAr)) {
603 $extraHidden = implode(LF, $extraHiddenAr);
604 }
605 if (!$gpRedirectUrl && $this->redirectUrl) {
606 $gpRedirectUrl = $this->redirectUrl;
607 }
608 // Login form
609 $markerArray['###ACTION_URI###'] = $this->getPageLink('', [], true);
610 // Used by kb_md5fepw extension...
611 $markerArray['###EXTRA_HIDDEN###'] = $extraHidden;
612 $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('login'));
613 $markerArray['###LOGIN_LABEL###'] = htmlspecialchars($this->pi_getLL('login'));
614 // Used by kb_md5fepw extension...
615 $markerArray['###ON_SUBMIT###'] = $onSubmit;
616 $markerArray['###PASSWORD_LABEL###'] = htmlspecialchars($this->pi_getLL('password'));
617 $markerArray['###STORAGE_PID###'] = $this->spid;
618 $markerArray['###USERNAME_LABEL###'] = htmlspecialchars($this->pi_getLL('username'));
619 $markerArray['###REDIRECT_URL###'] = htmlspecialchars($gpRedirectUrl);
620 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
621 $markerArray['###PREFIXID###'] = $this->prefixId;
622 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
623 if ($this->conf['showForgotPasswordLink']) {
624 $linkpartArray['###FORGOT_PASSWORD_LINK###'] = explode('|', $this->getPageLink('|', [$this->prefixId . '[forgot]' => 1]));
625 $markerArray['###FORGOT_PASSWORD###'] = htmlspecialchars($this->pi_getLL('ll_forgot_header'));
626 } else {
627 $subpartArray['###FORGOTP_VALID###'] = '';
628 }
629 // The permanent login checkbox should only be shown if permalogin is not deactivated (-1),
630 // not forced to be always active (2) and lifetime is greater than 0
631 $permalogin = (int)$GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'];
632 if (
633 $this->conf['showPermaLogin']
634 && ($permalogin === 0 || $permalogin === 1)
635 && $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'] > 0
636 ) {
637 $markerArray['###PERMALOGIN###'] = htmlspecialchars($this->pi_getLL('permalogin'));
638 if ($permalogin === 1) {
639 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = 'disabled="disabled"';
640 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = 'checked="checked"';
641 } else {
642 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = '';
643 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = '';
644 }
645 } else {
646 $subpartArray['###PERMALOGIN_VALID###'] = '';
647 }
648 return $this->templateService->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
649 }
650
651 /**
652 * Process redirect methods. The function searches for a redirect url using all configured methods.
653 *
654 * @return array Redirect URLs
655 */
656 protected function processRedirect()
657 {
658 $redirect_url = [];
659 if ($this->conf['redirectMode']) {
660 $redirectMethods = GeneralUtility::trimExplode(',', $this->conf['redirectMode'], true);
661 foreach ($redirectMethods as $redirMethod) {
662 if ($this->frontendController->loginUser && $this->logintype === LoginType::LOGIN) {
663 // Logintype is needed because the login-page wouldn't be accessible anymore after a login (would always redirect)
664 switch ($redirMethod) {
665 case 'groupLogin':
666 // taken from dkd_redirect_at_login written by Ingmar Schlecht; database-field changed
667 $groupData = $this->frontendController->fe_user->groupData;
668 if (!empty($groupData['uid'])) {
669
670 // take the first group with a redirect page
671 $userGroupTable = $this->frontendController->fe_user->usergroup_table;
672 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userGroupTable);
673 $queryBuilder->getRestrictions()->removeAll();
674 $row = $queryBuilder
675 ->select('felogin_redirectPid')
676 ->from($userGroupTable)
677 ->where(
678 $queryBuilder->expr()->neq(
679 'felogin_redirectPid',
680 $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)
681 ),
682 $queryBuilder->expr()->in(
683 'uid',
684 $queryBuilder->createNamedParameter(
685 $groupData['uid'],
686 Connection::PARAM_INT_ARRAY
687 )
688 )
689 )
690 ->execute()
691 ->fetch();
692
693 if ($row) {
694 $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
695 }
696 }
697 break;
698 case 'userLogin':
699
700 $userTable = $this->frontendController->fe_user->user_table;
701 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
702 $queryBuilder->getRestrictions()->removeAll();
703 $row = $queryBuilder
704 ->select('felogin_redirectPid')
705 ->from($userTable)
706 ->where(
707 $queryBuilder->expr()->neq(
708 'felogin_redirectPid',
709 $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)
710 ),
711 $queryBuilder->expr()->eq(
712 $this->frontendController->fe_user->userid_column,
713 $queryBuilder->createNamedParameter(
714 $this->frontendController->fe_user->user['uid'],
715 \PDO::PARAM_INT
716 )
717 )
718 )
719 ->execute()
720 ->fetch();
721
722 if ($row) {
723 $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
724 }
725
726 break;
727 case 'login':
728 if ($this->conf['redirectPageLogin']) {
729 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogin']);
730 }
731 break;
732 case 'getpost':
733 $redirect_url[] = $this->redirectUrl;
734 break;
735 case 'referer':
736 // Avoid redirect when logging in after changing password
737 if ($this->piVars['redirectReferrer'] !== 'off') {
738 // Avoid forced logout, when trying to login immediately after a logout
739 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $this->referer);
740 }
741 break;
742 case 'refererDomains':
743 // Auto redirect.
744 // Feature to redirect to the page where the user came from (HTTP_REFERER).
745 // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
746 // Thanks to plan2.net / Martin Kutschker for implementing this feature.
747 // also avoid redirect when logging in after changing password
748 if ($this->conf['domains'] && $this->piVars['redirectReferrer'] !== 'off') {
749 $url = $this->referer;
750 // Is referring url allowed to redirect?
751 $match = [];
752 if (preg_match('#^http://([[:alnum:]._-]+)/#', $url, $match)) {
753 $redirect_domain = $match[1];
754 $found = false;
755 foreach (GeneralUtility::trimExplode(',', $this->conf['domains'], true) as $d) {
756 if (preg_match('/(?:^|\\.)' . $d . '$/', $redirect_domain)) {
757 $found = true;
758 break;
759 }
760 }
761 if (!$found) {
762 $url = '';
763 }
764 }
765 // Avoid forced logout, when trying to login immediately after a logout
766 if ($url) {
767 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url);
768 }
769 }
770 break;
771 }
772 } elseif ($this->logintype === LoginType::LOGIN) {
773 // after login-error
774 switch ($redirMethod) {
775 case 'loginError':
776 if ($this->conf['redirectPageLoginError']) {
777 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLoginError']);
778 }
779 break;
780 }
781 } elseif ($this->logintype == '' && $redirMethod === 'login' && $this->conf['redirectPageLogin']) {
782 // If login and page not accessible
783 $this->cObj->typoLink('', [
784 'parameter' => $this->conf['redirectPageLogin'],
785 'linkAccessRestrictedPages' => true
786 ]);
787 $redirect_url[] = $this->cObj->lastTypoLinkUrl;
788 } elseif ($this->logintype == '' && $redirMethod === 'logout' && $this->conf['redirectPageLogout'] && $this->frontendController->loginUser) {
789 // If logout and page not accessible
790 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
791 } elseif ($this->logintype === LoginType::LOGOUT) {
792 // after logout
793 // Hook for general actions after after logout has been confirmed
794 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed'] ?? [] as $_funcRef) {
795 $_params = [];
796 if ($_funcRef) {
797 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
798 }
799 }
800 switch ($redirMethod) {
801 case 'logout':
802 if ($this->conf['redirectPageLogout']) {
803 $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
804 }
805 break;
806 }
807 } else {
808 // not logged in
809 // Placeholder for maybe future options
810 switch ($redirMethod) {
811 case 'getpost':
812 // Preserve the get/post value
813 $redirect_url[] = $this->redirectUrl;
814 break;
815 }
816 }
817 }
818 }
819 // Remove empty values, but keep "0" as value (that's why "strlen" is used as second parameter)
820 if (!empty($redirect_url)) {
821 return array_filter($redirect_url, 'strlen');
822 }
823 return [];
824 }
825
826 /**
827 * Reads flexform configuration and merge it with $this->conf
828 */
829 protected function mergeflexFormValuesIntoConf()
830 {
831 $flex = [];
832 if ($this->flexFormValue('showForgotPassword', 'sDEF')) {
833 $flex['showForgotPasswordLink'] = $this->flexFormValue('showForgotPassword', 'sDEF');
834 }
835 if ($this->flexFormValue('showPermaLogin', 'sDEF')) {
836 $flex['showPermaLogin'] = $this->flexFormValue('showPermaLogin', 'sDEF');
837 }
838 if ($this->flexFormValue('showLogoutFormAfterLogin', 'sDEF')) {
839 $flex['showLogoutFormAfterLogin'] = $this->flexFormValue('showLogoutFormAfterLogin', 'sDEF');
840 }
841 if ($this->flexFormValue('pages', 'sDEF')) {
842 $flex['pages'] = $this->flexFormValue('pages', 'sDEF');
843 }
844 if ($this->flexFormValue('recursive', 'sDEF')) {
845 $flex['recursive'] = $this->flexFormValue('recursive', 'sDEF');
846 }
847 if ($this->flexFormValue('redirectMode', 's_redirect')) {
848 $flex['redirectMode'] = $this->flexFormValue('redirectMode', 's_redirect');
849 }
850 if ($this->flexFormValue('redirectFirstMethod', 's_redirect')) {
851 $flex['redirectFirstMethod'] = $this->flexFormValue('redirectFirstMethod', 's_redirect');
852 }
853 if ($this->flexFormValue('redirectDisable', 's_redirect')) {
854 $flex['redirectDisable'] = $this->flexFormValue('redirectDisable', 's_redirect');
855 }
856 if ($this->flexFormValue('redirectPageLogin', 's_redirect')) {
857 $flex['redirectPageLogin'] = $this->flexFormValue('redirectPageLogin', 's_redirect');
858 }
859 if ($this->flexFormValue('redirectPageLoginError', 's_redirect')) {
860 $flex['redirectPageLoginError'] = $this->flexFormValue('redirectPageLoginError', 's_redirect');
861 }
862 if ($this->flexFormValue('redirectPageLogout', 's_redirect')) {
863 $flex['redirectPageLogout'] = $this->flexFormValue('redirectPageLogout', 's_redirect');
864 }
865 $pid = $flex['pages'] ? $this->pi_getPidList($flex['pages'], $flex['recursive']) : 0;
866 if ($pid > 0) {
867 $flex['storagePid'] = $pid;
868 }
869 $this->conf = array_merge($this->conf, $flex);
870 }
871
872 /**
873 * Loads a variable from the flexform
874 *
875 * @param string $var Name of variable
876 * @param string $sheet Name of sheet
877 * @return string Value of var
878 */
879 protected function flexFormValue($var, $sheet)
880 {
881 return $this->pi_getFFvalue($this->cObj->data['pi_flexform'], $var, $sheet);
882 }
883
884 /**
885 * Generate link with typolink function
886 *
887 * @param string $label Linktext
888 * @param array $piVars Link vars
889 * @param bool $returnUrl TRUE: returns only url FALSE (default) returns the link)
890 * @return string Link or url
891 */
892 protected function getPageLink($label, $piVars, $returnUrl = false)
893 {
894 $additionalParams = '';
895 if (!empty($piVars)) {
896 foreach ($piVars as $key => $val) {
897 $additionalParams .= '&' . $key . '=' . $val;
898 }
899 }
900 // Should GETvars be preserved?
901 if ($this->conf['preserveGETvars']) {
902 $additionalParams .= $this->getPreserveGetVars();
903 }
904 $this->conf['linkConfig.']['parameter'] = $this->frontendController->id;
905 if ($additionalParams) {
906 $this->conf['linkConfig.']['additionalParams'] = $additionalParams;
907 }
908 if ($returnUrl) {
909 return htmlspecialchars($this->cObj->typoLink_URL($this->conf['linkConfig.']));
910 }
911 return $this->cObj->typoLink($label, $this->conf['linkConfig.']);
912 }
913
914 /**
915 * Add additional parameters for links according to TS setting preserveGETvars.
916 * Possible values are "all" or a comma separated list of allowed GET-vars.
917 * Supports multi-dimensional GET-vars.
918 * Some hardcoded values are dropped.
919 *
920 * @return string additionalParams-string
921 */
922 protected function getPreserveGetVars()
923 {
924 $getVars = GeneralUtility::_GET();
925 unset(
926 $getVars['id'],
927 $getVars['no_cache'],
928 $getVars['logintype'],
929 $getVars['redirect_url'],
930 $getVars['cHash'],
931 $getVars[$this->prefixId]
932 );
933 if ($this->conf['preserveGETvars'] === 'all') {
934 $preserveQueryParts = $getVars;
935 } else {
936 $preserveQueryParts = GeneralUtility::trimExplode(',', $this->conf['preserveGETvars']);
937 $preserveQueryParts = GeneralUtility::explodeUrl2Array(implode('=1&', $preserveQueryParts) . '=1', true);
938 $preserveQueryParts = \TYPO3\CMS\Core\Utility\ArrayUtility::intersectRecursive($getVars, $preserveQueryParts);
939 }
940 $parameters = GeneralUtility::implodeArrayForUrl('', $preserveQueryParts);
941 return $parameters;
942 }
943
944 /**
945 * Is used by forgot password - function with md5 option.
946 * @param int $len Length of new password
947 * @return string New password
948 */
949 protected function generatePassword($len)
950 {
951 $pass = '';
952 while ($len--) {
953 $char = rand(0, 35);
954 if ($char < 10) {
955 $pass .= '' . $char;
956 } else {
957 $pass .= chr($char - 10 + 97);
958 }
959 }
960 return $pass;
961 }
962
963 /**
964 * Returns the header / message value from flexform if present, else from locallang.xlf
965 *
966 * @param string $label label name
967 * @param array $stdWrapArray TS stdWrap array
968 * @return string label text
969 */
970 protected function getDisplayText($label, $stdWrapArray = [])
971 {
972 $text = $this->flexFormValue($label, 's_messages') ? $this->cObj->stdWrap($this->flexFormValue($label, 's_messages'), $stdWrapArray) : $this->cObj->stdWrap($this->pi_getLL('ll_' . $label), $stdWrapArray);
973 $replace = $this->getUserFieldMarkers();
974 return strtr($text, $replace);
975 }
976
977 /**
978 * Returns Array of markers filled with user fields
979 *
980 * @return array Marker array
981 */
982 protected function getUserFieldMarkers()
983 {
984 $marker = [];
985 // replace markers with fe_user data
986 if ($this->frontendController->fe_user->user) {
987 // All fields of fe_user will be replaced, scheme is ###FEUSER_FIELDNAME###
988 foreach ($this->frontendController->fe_user->user as $field => $value) {
989 $marker['###FEUSER_' . strtoupper($field) . '###'] = $this->cObj->stdWrap($value, $this->conf['userfields.'][$field . '.']);
990 }
991 // Add ###USER### for compatibility
992 $marker['###USER###'] = $marker['###FEUSER_USERNAME###'];
993 }
994 return $marker;
995 }
996
997 /**
998 * Returns a valid and XSS cleaned url for redirect, checked against configuration "allowedRedirectHosts"
999 *
1000 * @param string $url
1001 * @return string cleaned referer or empty string if not valid
1002 */
1003 protected function validateRedirectUrl($url)
1004 {
1005 $url = strval($url);
1006 if ($url === '') {
1007 return '';
1008 }
1009 // Validate the URL:
1010 if ($this->isRelativeUrl($url) || $this->isInCurrentDomain($url) || $this->isInLocalDomain($url)) {
1011 return $url;
1012 }
1013 // URL is not allowed
1014 $this->logger->warning('Url "' . $url . '" for redirect was not accepted!');
1015 return '';
1016 }
1017
1018 /**
1019 * Determines whether the URL is on the current host and belongs to the
1020 * current TYPO3 installation. The scheme part is ignored in the comparison.
1021 *
1022 * @param string $url URL to be checked
1023 * @return bool Whether the URL belongs to the current TYPO3 installation
1024 */
1025 protected function isInCurrentDomain($url)
1026 {
1027 $urlWithoutSchema = preg_replace('#^https?://#', '', $url);
1028 $siteUrlWithoutSchema = preg_replace('#^https?://#', '', GeneralUtility::getIndpEnv('TYPO3_SITE_URL'));
1029 return strpos($urlWithoutSchema . '/', GeneralUtility::getIndpEnv('HTTP_HOST') . '/') === 0
1030 && strpos($urlWithoutSchema, $siteUrlWithoutSchema) === 0;
1031 }
1032
1033 /**
1034 * Determines whether the URL matches a domain
1035 * in the sys_domain database table.
1036 *
1037 * @param string $url Absolute URL which needs to be checked
1038 * @return bool Whether the URL is considered to be local
1039 */
1040 protected function isInLocalDomain($url)
1041 {
1042 $result = false;
1043 if (GeneralUtility::isValidUrl($url)) {
1044 $parsedUrl = parse_url($url);
1045 if ($parsedUrl['scheme'] === 'http' || $parsedUrl['scheme'] === 'https') {
1046 $host = $parsedUrl['host'];
1047 // Removes the last path segment and slash sequences like /// (if given):
1048 $path = preg_replace('#/+[^/]*$#', '', $parsedUrl['path']);
1049
1050 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('sys_domain');
1051 $queryBuilder->setRestrictions(GeneralUtility::makeInstance(FrontendRestrictionContainer::class));
1052 $localDomains = $queryBuilder->select('domainName')
1053 ->from('sys_domain')
1054 ->execute()
1055 ->fetchAll();
1056
1057 if (is_array($localDomains)) {
1058 foreach ($localDomains as $localDomain) {
1059 // strip trailing slashes (if given)
1060 $domainName = rtrim($localDomain['domainName'], '/');
1061 if (GeneralUtility::isFirstPartOfStr($host . $path . '/', $domainName . '/')) {
1062 $result = true;
1063 break;
1064 }
1065 }
1066 }
1067 }
1068 }
1069 return $result;
1070 }
1071
1072 /**
1073 * Determines whether the URL is relative to the
1074 * current TYPO3 installation.
1075 *
1076 * @param string $url URL which needs to be checked
1077 * @return bool Whether the URL is considered to be relative
1078 */
1079 protected function isRelativeUrl($url)
1080 {
1081 $url = GeneralUtility::sanitizeLocalUrl($url);
1082 if (!empty($url)) {
1083 $parsedUrl = @parse_url($url);
1084 if ($parsedUrl !== false && !isset($parsedUrl['scheme']) && !isset($parsedUrl['host'])) {
1085 // If the relative URL starts with a slash, we need to check if it's within the current site path
1086 return $parsedUrl['path'][0] !== '/' || GeneralUtility::isFirstPartOfStr($parsedUrl['path'], GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'));
1087 }
1088 }
1089 return false;
1090 }
1091
1092 /**
1093 * Get TypoScriptFrontendController
1094 *
1095 * @return TypoScriptFrontendController
1096 */
1097 protected function getTypoScriptFrontendController()
1098 {
1099 return $GLOBALS['TSFE'];
1100 }
1101 }