[TASK] Create own response instance in controller actions
[Packages/TYPO3.CMS.git] / typo3 / sysext / setup / Classes / Controller / SetupModuleController.php
1 <?php
2 namespace TYPO3\CMS\Setup\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
19 use TYPO3\CMS\Backend\Backend\Avatar\DefaultAvatarProvider;
20 use TYPO3\CMS\Backend\Module\ModuleLoader;
21 use TYPO3\CMS\Backend\Template\ModuleTemplate;
22 use TYPO3\CMS\Backend\Utility\BackendUtility;
23 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
24 use TYPO3\CMS\Core\Database\ConnectionPool;
25 use TYPO3\CMS\Core\DataHandling\DataHandler;
26 use TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
27 use TYPO3\CMS\Core\Http\HtmlResponse;
28 use TYPO3\CMS\Core\Imaging\Icon;
29 use TYPO3\CMS\Core\Imaging\IconFactory;
30 use TYPO3\CMS\Core\Messaging\FlashMessage;
31 use TYPO3\CMS\Core\Messaging\FlashMessageService;
32 use TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException;
33 use TYPO3\CMS\Core\Resource\ResourceFactory;
34 use TYPO3\CMS\Core\Utility\GeneralUtility;
35 use TYPO3\CMS\Saltedpasswords\Salt\SaltFactory;
36
37 /**
38 * Script class for the Setup module
39 */
40 class SetupModuleController
41 {
42 /**
43 * Flag if password has not been updated
44 */
45 const PASSWORD_NOT_UPDATED = 0;
46
47 /**
48 * Flag if password has been updated
49 */
50 const PASSWORD_UPDATED = 1;
51
52 /**
53 * Flag if both new passwords do not match
54 */
55 const PASSWORD_NOT_THE_SAME = 2;
56
57 /**
58 * Flag if the current password given was not identical to the real
59 * current password
60 */
61 const PASSWORD_OLD_WRONG = 3;
62
63 /**
64 * @var array
65 */
66 public $MOD_MENU = [];
67
68 /**
69 * @var array
70 */
71 public $MOD_SETTINGS = [];
72
73 /**
74 * @var string
75 */
76 public $content;
77
78 /**
79 * @var array
80 */
81 public $overrideConf;
82
83 /**
84 * backend user object, set during simulate-user operation
85 *
86 * @var \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
87 */
88 public $OLD_BE_USER;
89
90 /**
91 * @var bool
92 */
93 public $languageUpdate;
94
95 /**
96 * @var bool
97 */
98 protected $pagetreeNeedsRefresh = false;
99
100 /**
101 * @var bool
102 */
103 protected $isAdmin;
104
105 /**
106 * @var array
107 */
108 protected $tsFieldConf;
109
110 /**
111 * @var bool
112 */
113 protected $saveData = false;
114
115 /**
116 * @var int
117 */
118 protected $passwordIsUpdated = self::PASSWORD_NOT_UPDATED;
119
120 /**
121 * @var bool
122 */
123 protected $passwordIsSubmitted = false;
124
125 /**
126 * @var bool
127 */
128 protected $setupIsUpdated = false;
129
130 /**
131 * @var bool
132 */
133 protected $settingsAreResetToDefault = false;
134
135 /**
136 * Form protection instance
137 *
138 * @var \TYPO3\CMS\Core\FormProtection\BackendFormProtection
139 */
140 protected $formProtection;
141
142 /**
143 * @var string
144 */
145 protected $simulateSelector = '';
146
147 /**
148 * @var int
149 */
150 protected $simUser;
151
152 /**
153 * The name of the module
154 *
155 * @var string
156 */
157 protected $moduleName = 'user_setup';
158
159 /**
160 * @var ModuleLoader
161 */
162 protected $loadModules;
163
164 /**
165 * @var BackendUserAuthentication
166 */
167 protected $beUser;
168
169 /**
170 * ModuleTemplate object
171 *
172 * @var ModuleTemplate
173 */
174 protected $moduleTemplate;
175
176 /**
177 * Instantiate the form protection before a simulated user is initialized.
178 */
179 public function __construct()
180 {
181 $this->moduleTemplate = GeneralUtility::makeInstance(ModuleTemplate::class);
182 $this->formProtection = FormProtectionFactory::get();
183 $pageRenderer = $this->moduleTemplate->getPageRenderer();
184 $pageRenderer->loadRequireJsModule('TYPO3/CMS/Backend/Modal');
185 $pageRenderer->loadRequireJsModule('TYPO3/CMS/Backend/FormEngine');
186 $pageRenderer->addInlineSetting('FormEngine', 'formName', 'editform');
187 $pageRenderer->addInlineLanguageLabelArray([
188 'FormEngine.remainingCharacters' => 'LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:labels.remainingCharacters',
189 ], true);
190 }
191
192 /**
193 * Getter for the form protection instance.
194 *
195 * @return \TYPO3\CMS\Core\FormProtection\BackendFormProtection
196 */
197 public function getFormProtection()
198 {
199 return $this->formProtection;
200 }
201
202 /**
203 * If settings are submitted to _POST[DATA], store them
204 * NOTICE: This method is called before the \TYPO3\CMS\Backend\Template\ModuleTemplate
205 * is included. See bottom of document.
206 */
207 public function storeIncomingData()
208 {
209 // First check if something is submitted in the data-array from POST vars
210 $d = GeneralUtility::_POST('data');
211 $columns = $GLOBALS['TYPO3_USER_SETTINGS']['columns'];
212 $beUserId = $this->beUser->user['uid'];
213 $storeRec = [];
214 $fieldList = $this->getFieldsFromShowItem();
215 if (is_array($d) && $this->formProtection->validateToken((string)GeneralUtility::_POST('formToken'), 'BE user setup', 'edit')) {
216 // UC hashed before applying changes
217 $save_before = md5(serialize($this->beUser->uc));
218 // PUT SETTINGS into the ->uc array:
219 // Reload left frame when switching BE language
220 if (isset($d['lang']) && $d['lang'] != $this->beUser->uc['lang']) {
221 $this->languageUpdate = true;
222 }
223 // Reload pagetree if the title length is changed
224 if (isset($d['titleLen']) && $d['titleLen'] !== $this->beUser->uc['titleLen']) {
225 $this->pagetreeNeedsRefresh = true;
226 }
227 if ($d['setValuesToDefault']) {
228 // If every value should be default
229 $this->beUser->resetUC();
230 $this->settingsAreResetToDefault = true;
231 } elseif ($d['save']) {
232 // Save all submitted values if they are no array (arrays are with table=be_users) and exists in $GLOBALS['TYPO3_USER_SETTINGS'][columns]
233 foreach ($columns as $field => $config) {
234 if (!in_array($field, $fieldList)) {
235 continue;
236 }
237 if ($config['table']) {
238 if ($config['table'] === 'be_users' && !in_array($field, ['password', 'password2', 'passwordCurrent', 'email', 'realName', 'admin', 'avatar'])) {
239 if (!isset($config['access']) || $this->checkAccess($config) && $this->beUser->user[$field] !== $d['be_users'][$field]) {
240 if ($config['type'] === 'check') {
241 $fieldValue = isset($d['be_users'][$field]) ? 1 : 0;
242 } else {
243 $fieldValue = $d['be_users'][$field];
244 }
245 $storeRec['be_users'][$beUserId][$field] = $fieldValue;
246 $this->beUser->user[$field] = $fieldValue;
247 }
248 }
249 }
250 if ($config['type'] === 'check') {
251 $this->beUser->uc[$field] = isset($d[$field]) ? 1 : 0;
252 } else {
253 $this->beUser->uc[$field] = htmlspecialchars($d[$field]);
254 }
255 }
256 // Personal data for the users be_user-record (email, name, password...)
257 // If email and name is changed, set it in the users record:
258 $be_user_data = $d['be_users'];
259 // Possibility to modify the transmitted values. Useful to do transformations, like RSA password decryption
260 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['modifyUserDataBeforeSave'] ?? [] as $function) {
261 $params = ['be_user_data' => &$be_user_data];
262 GeneralUtility::callUserFunction($function, $params, $this);
263 }
264 $this->passwordIsSubmitted = (string)$be_user_data['password'] !== '';
265 $passwordIsConfirmed = $this->passwordIsSubmitted && $be_user_data['password'] === $be_user_data['password2'];
266 // Update the real name:
267 if ($be_user_data['realName'] !== $this->beUser->user['realName']) {
268 $this->beUser->user['realName'] = ($storeRec['be_users'][$beUserId]['realName'] = substr($be_user_data['realName'], 0, 80));
269 }
270 // Update the email address:
271 if ($be_user_data['email'] !== $this->beUser->user['email']) {
272 $this->beUser->user['email'] = ($storeRec['be_users'][$beUserId]['email'] = substr($be_user_data['email'], 0, 80));
273 }
274 // Update the password:
275 if ($passwordIsConfirmed) {
276 if ($this->isAdmin) {
277 $passwordOk = true;
278 } else {
279 $currentPasswordHashed = $GLOBALS['BE_USER']->user['password'];
280 $saltFactory = SaltFactory::getSaltingInstance($currentPasswordHashed);
281 $passwordOk = $saltFactory->checkPassword($be_user_data['passwordCurrent'], $currentPasswordHashed);
282 }
283 if ($passwordOk) {
284 $this->passwordIsUpdated = self::PASSWORD_UPDATED;
285 $storeRec['be_users'][$beUserId]['password'] = $be_user_data['password'];
286 } else {
287 $this->passwordIsUpdated = self::PASSWORD_OLD_WRONG;
288 }
289 } else {
290 $this->passwordIsUpdated = self::PASSWORD_NOT_THE_SAME;
291 }
292
293 $this->setAvatarFileUid($beUserId, $be_user_data['avatar'], $storeRec);
294
295 $this->saveData = true;
296 }
297 // Inserts the overriding values.
298 $this->beUser->overrideUC();
299 $save_after = md5(serialize($this->beUser->uc));
300 // If something in the uc-array of the user has changed, we save the array...
301 if ($save_before != $save_after) {
302 $this->beUser->writeUC($this->beUser->uc);
303 $this->beUser->writelog(254, 1, 0, 1, 'Personal settings changed', []);
304 $this->setupIsUpdated = true;
305 }
306 // Persist data if something has changed:
307 if (!empty($storeRec) && $this->saveData) {
308 // Make instance of TCE for storing the changes.
309 /** @var DataHandler $dataHandler */
310 $dataHandler = GeneralUtility::makeInstance(DataHandler::class);
311 // This is so the user can actually update his user record.
312 $realUser = $this->getRealScriptUserObj();
313 $isAdmin = $realUser->user['admin'];
314 $realUser->user['admin'] = 1;
315 $dataHandler->start($storeRec, [], $realUser);
316 // This is to make sure that the users record can be updated even if in another workspace. This is tolerated.
317 $dataHandler->bypassWorkspaceRestrictions = true;
318 $dataHandler->process_datamap();
319 unset($tce);
320 if ($this->passwordIsUpdated === self::PASSWORD_NOT_UPDATED || count($storeRec['be_users'][$beUserId]) > 1) {
321 $this->setupIsUpdated = true;
322 }
323 // Restore admin status after processing
324 $realUser->user['admin'] = $isAdmin;
325
326 BackendUtility::setUpdateSignal('updateTopbar');
327 }
328 }
329 }
330
331 /******************************
332 *
333 * Rendering module
334 *
335 ******************************/
336 /**
337 * Initializes the module for display of the settings form.
338 */
339 public function init()
340 {
341 $this->getLanguageService()->includeLLFile('EXT:setup/Resources/Private/Language/locallang.xlf');
342
343 // Returns the script user - that is the REAL logged in user! ($GLOBALS[BE_USER] might be another user due to simulation!)
344 $scriptUser = $this->getRealScriptUserObj();
345
346 $this->isAdmin = $scriptUser->isAdmin();
347 // Getting the 'override' values as set might be set in User TSconfig
348 $this->overrideConf = $this->beUser->getTSConfigProp('setup.override');
349 // Getting the disabled fields might be set in User TSconfig (eg setup.fields.password.disabled=1)
350 $this->tsFieldConf = $this->beUser->getTSConfigProp('setup.fields');
351 // id password is disabled, disable repeat of password too (password2)
352 if (isset($this->tsFieldConf['password.']) && $this->tsFieldConf['password.']['disabled']) {
353 $this->tsFieldConf['password2.']['disabled'] = 1;
354 $this->tsFieldConf['passwordCurrent.']['disabled'] = 1;
355 }
356 }
357
358 /**
359 * Generate necessary JavaScript
360 *
361 * @return string
362 */
363 protected function getJavaScript()
364 {
365 $javaScript = '';
366 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['setupScriptHook'] ?? [] as $function) {
367 $params = [];
368 $javaScript .= GeneralUtility::callUserFunction($function, $params, $this);
369 }
370 return $javaScript;
371 }
372
373 /**
374 * Generate the main settings form:
375 */
376 public function main()
377 {
378 /** @var \TYPO3\CMS\Backend\Routing\UriBuilder $uriBuilder */
379 $uriBuilder = GeneralUtility::makeInstance(\TYPO3\CMS\Backend\Routing\UriBuilder::class);
380 $this->content .= '<form action="' . (string)$uriBuilder->buildUriFromRoute('user_setup') . '" method="post" id="SetupModuleController" name="usersetup" enctype="multipart/form-data">';
381 if ($this->languageUpdate) {
382 $this->moduleTemplate->addJavaScriptCode('languageUpdate', '
383 if (top && top.TYPO3.ModuleMenu.App) {
384 top.TYPO3.ModuleMenu.App.refreshMenu();
385 }
386 ');
387 }
388 if ($this->pagetreeNeedsRefresh) {
389 BackendUtility::setUpdateSignal('updatePageTree');
390 }
391 // Start page:
392 $this->moduleTemplate->getPageRenderer()->addJsFile('EXT:backend/Resources/Public/JavaScript/md5.js');
393 // Use a wrapper div
394 $this->content .= '<div id="user-setup-wrapper">';
395 // Load available backend modules
396 $this->loadModules = GeneralUtility::makeInstance(ModuleLoader::class);
397 $this->loadModules->observeWorkspaces = true;
398 $this->loadModules->load($GLOBALS['TBE_MODULES']);
399 $this->content .= $this->moduleTemplate->header($this->getLanguageService()->getLL('UserSettings'));
400 $this->addFlashMessages();
401
402 // Render user switch
403 $this->content .= $this->renderSimulateUserSelectAndLabel();
404
405 // Render the menu items
406 $menuItems = $this->renderUserSetup();
407 $this->content .= $this->moduleTemplate->getDynamicTabMenu($menuItems, 'user-setup', 1, false, false);
408 $formToken = $this->formProtection->generateToken('BE user setup', 'edit');
409 $this->content .= '<div>';
410 $this->content .= '<input type="hidden" name="simUser" value="' . (int)$this->simUser . '" />
411 <input type="hidden" name="formToken" value="' . htmlspecialchars($formToken) . '" />
412 <input type="hidden" value="1" name="data[save]" />
413 <input type="hidden" name="data[setValuesToDefault]" value="0" id="setValuesToDefault" />';
414 $this->content .= '</div>';
415 // End of wrapper div
416 $this->content .= '</div>';
417 // Setting up the buttons and markers for docheader
418 $this->getButtons();
419 // Build the <body> for the module
420 // Renders the module page
421 $this->moduleTemplate->setContent($this->content);
422 $this->content .= '</form>';
423 }
424
425 /**
426 * Injects the request object for the current request or subrequest
427 * Simply calls main() and init() and writes the content to the response
428 *
429 * @param ServerRequestInterface $request the current request
430 * @return ResponseInterface the response with the content
431 */
432 public function mainAction(ServerRequestInterface $request): ResponseInterface
433 {
434 $GLOBALS['SOBE'] = $this;
435 $this->simulateUser();
436 $this->init();
437 $this->storeIncomingData();
438 $this->main();
439 return new HtmlResponse($this->moduleTemplate->renderContent());
440 }
441
442 /**
443 * Create the panel of buttons for submitting the form or otherwise perform operations.
444 */
445 protected function getButtons()
446 {
447 $buttonBar = $this->moduleTemplate->getDocHeaderComponent()->getButtonBar();
448 $cshButton = $buttonBar->makeHelpButton()
449 ->setModuleName('_MOD_user_setup')
450 ->setFieldName('');
451 $buttonBar->addButton($cshButton);
452
453 $saveButton = $buttonBar->makeInputButton()
454 ->setName('data[save]')
455 ->setTitle($this->getLanguageService()->sL('LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:rm.saveDoc'))
456 ->setValue('1')
457 ->setForm('SetupModuleController')
458 ->setShowLabelText(true)
459 ->setIcon($this->moduleTemplate->getIconFactory()->getIcon('actions-document-save', Icon::SIZE_SMALL));
460
461 $buttonBar->addButton($saveButton);
462 $shortcutButton = $buttonBar->makeShortcutButton()
463 ->setModuleName($this->moduleName);
464 $buttonBar->addButton($shortcutButton);
465 }
466
467 /******************************
468 *
469 * Render module
470 *
471 ******************************/
472
473 /**
474 * renders the data for all tabs in the user setup and returns
475 * everything that is needed with tabs and dyntab menu
476 *
477 * @return array Ready to use for the dyntabmenu itemarray
478 */
479 protected function renderUserSetup()
480 {
481 $html = '';
482 $result = [];
483 $firstTabLabel = '';
484 $code = [];
485 $fieldArray = $this->getFieldsFromShowItem();
486 $tabLabel = '';
487 foreach ($fieldArray as $fieldName) {
488 $config = $GLOBALS['TYPO3_USER_SETTINGS']['columns'][$fieldName];
489 if (isset($config['access']) && !$this->checkAccess($config)) {
490 continue;
491 }
492
493 if (substr($fieldName, 0, 8) === '--div--;') {
494 if ($firstTabLabel === '') {
495 // First tab
496 $tabLabel = $this->getLabel(substr($fieldName, 8), '', false);
497 $firstTabLabel = $tabLabel;
498 } else {
499 $result[] = [
500 'label' => $tabLabel,
501 'content' => count($code) ? implode(LF, $code) : ''
502 ];
503 $tabLabel = $this->getLabel(substr($fieldName, 8), '', false);
504 $code = [];
505 }
506 continue;
507 }
508 $label = $this->getLabel($config['label'], $fieldName);
509 $label = $this->getCSH($config['csh'] ?: $fieldName, $label);
510 $type = $config['type'];
511 $class = $config['class'];
512 if ($type !== 'check') {
513 $class .= ' form-control';
514 }
515 $more = '';
516 if ($class) {
517 $more .= ' class="' . htmlspecialchars($class) . '"';
518 }
519 $style = $config['style'];
520 if ($style) {
521 $more .= ' style="' . htmlspecialchars($style) . '"';
522 }
523 if (isset($this->overrideConf[$fieldName])) {
524 $more .= ' disabled="disabled"';
525 }
526 $value = $config['table'] === 'be_users' ? $this->beUser->user[$fieldName] : $this->beUser->uc[$fieldName];
527 if (!$value && isset($config['default'])) {
528 $value = $config['default'];
529 }
530 $dataAdd = '';
531 if ($config['table'] === 'be_users') {
532 $dataAdd = '[be_users]';
533 }
534
535 switch ($type) {
536 case 'text':
537 case 'email':
538 case 'password':
539 $noAutocomplete = '';
540
541 $maxLength = $config['max'] ?? 0;
542 if ((int)$maxLength > 0) {
543 $more .= ' maxlength="' . (int)$maxLength . '"';
544 }
545
546 if ($type === 'password') {
547 $value = '';
548 $noAutocomplete = 'autocomplete="off" ';
549 $more .= ' data-rsa-encryption=""';
550 }
551 $html = '<input id="field_' . htmlspecialchars($fieldName) . '"
552 type="' . htmlspecialchars($type) . '"
553 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']" ' .
554 $noAutocomplete .
555 'value="' . htmlspecialchars($value) . '" ' .
556 $more .
557 ' />';
558 break;
559 case 'check':
560 $html = $label . '<div class="checkbox"><label><input id="field_' . htmlspecialchars($fieldName) . '"
561 type="checkbox"
562 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' .
563 ($value ? ' checked="checked"' : '') .
564 $more .
565 ' /></label></div>';
566 $label = '';
567 break;
568 case 'select':
569 if ($config['itemsProcFunc']) {
570 $html = GeneralUtility::callUserFunction($config['itemsProcFunc'], $config, $this);
571 } else {
572 $html = '<select id="field_' . htmlspecialchars($fieldName) . '"
573 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' .
574 $more . '>' . LF;
575 foreach ($config['items'] as $key => $optionLabel) {
576 $html .= '<option value="' . htmlspecialchars($key) . '"' . ($value == $key ? ' selected="selected"' : '') . '>' . $this->getLabel($optionLabel, '', false) . '</option>' . LF;
577 }
578 $html .= '</select>';
579 }
580 break;
581 case 'user':
582 $html = GeneralUtility::callUserFunction($config['userFunc'], $config, $this);
583 break;
584 case 'button':
585 if ($config['onClick']) {
586 $onClick = $config['onClick'];
587 if ($config['onClickLabels']) {
588 foreach ($config['onClickLabels'] as $key => $labelclick) {
589 $config['onClickLabels'][$key] = $this->getLabel($labelclick, '', false);
590 }
591 $onClick = vsprintf($onClick, $config['onClickLabels']);
592 }
593 $html = '<br><input class="btn btn-default" type="button"
594 value="' . $this->getLabel($config['buttonlabel'], '', false) . '"
595 onclick="' . $onClick . '" />';
596 }
597 if (!empty($config['confirm'])) {
598 $confirmData = $config['confirmData'];
599 $html = '<br><input class="btn btn-default t3js-modal-trigger" type="button"'
600 . ' value="' . $this->getLabel($config['buttonlabel'], '', false) . '"'
601 . ' data-href="javascript:' . htmlspecialchars($confirmData['jsCodeAfterOk']) . '"'
602 . ' data-severity="warning"'
603 . ' data-title="' . $this->getLabel($config['label'], '', false) . '"'
604 . ' data-content="' . $this->getLabel($confirmData['message'], '', false) . '" />';
605 }
606 break;
607 case 'avatar':
608 // Get current avatar image
609 $html = '<br>';
610 $avatarFileUid = $this->getAvatarFileUid($this->beUser->user['uid']);
611
612 if ($avatarFileUid) {
613 $defaultAvatarProvider = GeneralUtility::makeInstance(DefaultAvatarProvider::class);
614 $avatarImage = $defaultAvatarProvider->getImage($this->beUser->user, 32);
615 if ($avatarImage) {
616 $icon = '<span class="avatar"><span class="avatar-image">' .
617 '<img src="' . htmlspecialchars($avatarImage->getUrl(true)) . '"' .
618 ' width="' . (int)$avatarImage->getWidth() . '" ' .
619 'height="' . (int)$avatarImage->getHeight() . '" />' .
620 '</span></span>';
621 $html .= '<span class="pull-left" style="padding-right: 10px" id="image_' . htmlspecialchars($fieldName) . '">' . $icon . ' </span>';
622 }
623 }
624 $html .= '<input id="field_' . htmlspecialchars($fieldName) . '" type="hidden" ' .
625 'name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' . $more .
626 ' value="' . (int)$avatarFileUid . '" />';
627
628 $html .= '<div class="btn-group">';
629 $iconFactory = GeneralUtility::makeInstance(IconFactory::class);
630 if ($avatarFileUid) {
631 $html .=
632 '<a id="clear_button_' . htmlspecialchars($fieldName) . '" '
633 . 'onclick="clearExistingImage(); return false;" class="btn btn-default">'
634 . $iconFactory->getIcon('actions-delete', Icon::SIZE_SMALL)
635 . '</a>';
636 }
637 $html .=
638 '<a id="add_button_' . htmlspecialchars($fieldName) . '" class="btn btn-default btn-add-avatar"'
639 . ' onclick="openFileBrowser();return false;">'
640 . $iconFactory->getIcon('actions-insert-record', Icon::SIZE_SMALL)
641 . '</a></div>';
642
643 $this->addAvatarButtonJs($fieldName);
644 break;
645 default:
646 $html = '';
647 }
648
649 $code[] = '<div class="form-section"><div class="row"><div class="form-group t3js-formengine-field-item col-md-12">' .
650 $label .
651 $html .
652 '</div></div></div>';
653 }
654
655 $result[] = [
656 'label' => $tabLabel,
657 'content' => count($code) ? implode(LF, $code) : ''
658 ];
659 return $result;
660 }
661
662 /******************************
663 *
664 * Helper functions
665 *
666 ******************************/
667 /**
668 * Returns the backend user object, either the global OR the $this->OLD_BE_USER which is set during simulate-user operation.
669 * Anyway: The REAL user is returned - the one logged in.
670 *
671 * @return BackendUserAuthentication The REAL user is returned - the one logged in.
672 */
673 protected function getRealScriptUserObj()
674 {
675 return is_object($this->OLD_BE_USER) ? $this->OLD_BE_USER : $this->beUser;
676 }
677
678 /**
679 * Return a select with available languages
680 *
681 * @param array $params unused
682 * @param SetupModuleController $controller
683 * @return string Complete select as HTML string or warning box if something went wrong.
684 */
685 public function renderLanguageSelect(array $params, $controller)
686 {
687 $languageOptions = [];
688 // Compile the languages dropdown
689 $langDefault = htmlspecialchars($this->getLanguageService()->getLL('lang_default'));
690 $languageOptions[$langDefault] = '<option value=""' . ($controller->beUser->uc['lang'] === '' ? ' selected="selected"' : '') . '>' . $langDefault . '</option>';
691 // Traverse the number of languages
692 /** @var $locales \TYPO3\CMS\Core\Localization\Locales */
693 $locales = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Localization\Locales::class);
694 $languages = $locales->getLanguages();
695 foreach ($languages as $locale => $name) {
696 if ($locale !== 'default') {
697 $defaultName = isset($GLOBALS['LOCAL_LANG']['default']['lang_' . $locale]) ? $GLOBALS['LOCAL_LANG']['default']['lang_' . $locale][0]['source'] : $name;
698 $localizedName = htmlspecialchars($this->getLanguageService()->getLL('lang_' . $locale));
699 if ($localizedName === '') {
700 $localizedName = htmlspecialchars($name);
701 }
702 $localLabel = ' - [' . htmlspecialchars($defaultName) . ']';
703 $available = is_dir(PATH_typo3conf . 'l10n/' . $locale);
704 if ($available) {
705 $languageOptions[$defaultName] = '<option value="' . $locale . '"' . ($controller->beUser->uc['lang'] === $locale ? ' selected="selected"' : '') . '>' . $localizedName . $localLabel . '</option>';
706 }
707 }
708 }
709 ksort($languageOptions);
710 $languageCode = '
711 <select id="field_lang" name="data[lang]" class="form-control">' . implode('', $languageOptions) . '
712 </select>';
713 if ($controller->beUser->uc['lang'] && !@is_dir((PATH_typo3conf . 'l10n/' . $controller->beUser->uc['lang']))) {
714 // TODO: The text constants have to be moved into language files
715 $languageUnavailableWarning = 'The selected language "' . htmlspecialchars($this->getLanguageService()->getLL('lang_' . $controller->beUser->uc['lang'])) . '" is not available before the language files are installed.&nbsp;&nbsp;<br />&nbsp;&nbsp;' . ($controller->beUser->isAdmin() ? 'You can use the Language module to easily download new language files.' : 'Please ask your system administrator to do this.');
716 $languageCode = '<br /><span class="label label-danger">' . $languageUnavailableWarning . '</span><br /><br />' . $languageCode;
717 }
718 return $languageCode;
719 }
720
721 /**
722 * Returns a select with all modules for startup
723 *
724 * @param array $params
725 * @param SetupModuleController $pObj
726 *
727 * @return string Complete select as HTML string
728 */
729 public function renderStartModuleSelect($params, $pObj)
730 {
731 // Load available backend modules
732 $this->loadModules = GeneralUtility::makeInstance(ModuleLoader::class);
733 $this->loadModules->observeWorkspaces = true;
734 $this->loadModules->load($GLOBALS['TBE_MODULES']);
735 $startModuleSelect = '<option value="">' . htmlspecialchars($this->getLanguageService()->getLL('startModule.firstInMenu')) . '</option>';
736 foreach ($pObj->loadModules->modules as $mainMod => $modData) {
737 if (!empty($modData['sub']) && is_array($modData['sub'])) {
738 $modules = '';
739 foreach ($modData['sub'] as $subData) {
740 $modName = $subData['name'];
741 $modules .= '<option value="' . htmlspecialchars($modName) . '"';
742 $modules .= $pObj->beUser->uc['startModule'] === $modName ? ' selected="selected"' : '';
743 $modules .= '>' . htmlspecialchars($this->getLanguageService()->sL($this->loadModules->getLabelsForModule($modName)['title'])) . '</option>';
744 }
745 $groupLabel = htmlspecialchars($this->getLanguageService()->sL($this->loadModules->getLabelsForModule($mainMod)['title']));
746 $startModuleSelect .= '<optgroup label="' . htmlspecialchars($groupLabel) . '">' . $modules . '</optgroup>';
747 }
748 }
749 return '<select id="field_startModule" name="data[startModule]" class="form-control">' . $startModuleSelect . '</select>';
750 }
751
752 /**
753 * Will make the simulate-user selector if the logged in user is administrator.
754 * It will also set the GLOBAL(!) BE_USER to the simulated user selected if any (and set $this->OLD_BE_USER to logged in user)
755 */
756 public function simulateUser()
757 {
758 // If admin, allow simulation of another user
759 $this->simUser = 0;
760 $this->simulateSelector = '';
761 unset($this->OLD_BE_USER);
762 $currentBeUser = $this->getBackendUser();
763 if ($currentBeUser->isAdmin()) {
764 $this->simUser = (int)GeneralUtility::_GP('simUser');
765 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_users');
766 $users = $queryBuilder
767 ->select('*')
768 ->from('be_users')
769 ->where(
770 $queryBuilder->expr()->neq(
771 'uid',
772 $queryBuilder->createNamedParameter($currentBeUser->user['uid'], \PDO::PARAM_INT)
773 ),
774 $queryBuilder->expr()->notLike(
775 'username',
776 $queryBuilder->createNamedParameter(
777 $queryBuilder->escapeLikeWildcards('_cli_') . '%',
778 \PDO::PARAM_STR
779 )
780 )
781 )
782 ->orderBy('username')
783 ->execute()
784 ->fetchAll();
785 $opt = [];
786 foreach ($users as $rr) {
787 $label = $rr['username'] . ($rr['realName'] ? ' (' . $rr['realName'] . ')' : '');
788 $opt[] = '<option value="' . (int)$rr['uid'] . '"' . ($this->simUser === (int)$rr['uid'] ? ' selected="selected"' : '') . '>' . htmlspecialchars($label) . '</option>';
789 }
790 if (!empty($opt)) {
791 /** @var \TYPO3\CMS\Backend\Routing\UriBuilder $uriBuilder */
792 $uriBuilder = GeneralUtility::makeInstance(\TYPO3\CMS\Backend\Routing\UriBuilder::class);
793 $this->simulateSelector = '<select id="field_simulate" class="form-control" name="simulateUser" onchange="window.location.href=' . GeneralUtility::quoteJSvalue((string)$uriBuilder->buildUriFromRoute('user_setup') . '&simUser=') . '+this.options[this.selectedIndex].value;"><option></option>' . implode('', $opt) . '</select>';
794 }
795 }
796 // This can only be set if the previous code was executed.
797 if ($this->simUser > 0) {
798 // Save old user...
799 $this->OLD_BE_USER = $currentBeUser;
800 // Unset current
801 // New backend user object
802 $currentBeUser = GeneralUtility::makeInstance(BackendUserAuthentication::class);
803 $currentBeUser->setBeUserByUid($this->simUser);
804 $currentBeUser->fetchGroupData();
805 $currentBeUser->backendSetUC();
806 }
807 $this->beUser = $currentBeUser;
808 }
809
810 /**
811 * Render simulate user select and label
812 *
813 * @return string
814 */
815 protected function renderSimulateUserSelectAndLabel()
816 {
817 if ($this->simulateSelector === '') {
818 return '';
819 }
820
821 return '<div class="form-inline"><div class="form-group"><p>'
822 . '<label for="field_simulate" style="margin-right: 20px;">'
823 . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:setup/Resources/Private/Language/locallang.xlf:simulate'))
824 . '</label>'
825 . $this->simulateSelector
826 . '</p></div></div>';
827 }
828
829 /**
830 * Returns access check (currently only "admin" is supported)
831 *
832 * @param array $config Configuration of the field, access mode is defined in key 'access'
833 * @return bool Whether it is allowed to modify the given field
834 */
835 protected function checkAccess(array $config)
836 {
837 $access = $config['access'];
838
839 if (isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['setup']['accessLevelCheck'][$access])) {
840 if (class_exists($access)) {
841 $accessObject = GeneralUtility::makeInstance($access);
842 if (method_exists($accessObject, 'accessLevelCheck')) {
843 // Initialize vars. If method fails, $set will be set to FALSE
844 return $accessObject->accessLevelCheck($config);
845 }
846 }
847 } elseif ($access === 'admin') {
848 return $this->isAdmin;
849 }
850
851 return false;
852 }
853
854 /**
855 * Returns the label $str from getLL() and grays out the value if the $str/$key is found in $this->overrideConf array
856 *
857 * @param string $str Locallang key
858 * @param string $key Alternative override-config key
859 * @param bool $addLabelTag Defines whether the string should be wrapped in a <label> tag.
860 * @return string HTML output.
861 */
862 protected function getLabel($str, $key = '', $addLabelTag = true)
863 {
864 if (substr($str, 0, 4) === 'LLL:') {
865 $out = htmlspecialchars($this->getLanguageService()->sL($str));
866 } else {
867 $out = htmlspecialchars($str);
868 }
869 if (isset($this->overrideConf[$key ?: $str])) {
870 $out = '<span style="color:#999999">' . $out . '</span>';
871 }
872 if ($addLabelTag) {
873 $out = '<label>' . $out . '</label>';
874 }
875 return $out;
876 }
877
878 /**
879 * Returns the CSH Icon for given string
880 *
881 * @param string $str Locallang key
882 * @param string $label The label to be used, that should be wrapped in help
883 * @return string HTML output.
884 */
885 protected function getCSH($str, $label)
886 {
887 $context = '_MOD_user_setup';
888 $field = $str;
889 $strParts = explode(':', $str);
890 if (count($strParts) > 1) {
891 // Setting comes from another extension
892 $context = $strParts[0];
893 $field = $strParts[1];
894 } elseif ($str !== 'language' && $str !== 'simuser' && $str !== 'reset') {
895 $field = 'option_' . $str;
896 }
897 return BackendUtility::wrapInHelp($context, $field, $label);
898 }
899
900 /**
901 * Returns array with fields defined in $GLOBALS['TYPO3_USER_SETTINGS']['showitem']
902 * Remove fields which are disabled by user TSconfig
903 *
904 * @return string[] Array with field names visible in form
905 */
906 protected function getFieldsFromShowItem()
907 {
908 $allowedFields = GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_USER_SETTINGS']['showitem'], true);
909 // do not ask for current password if admin (unknown for other users and no security gain)
910 if ($this->isAdmin) {
911 $key = array_search('passwordCurrent', $allowedFields);
912 if ($key !== false) {
913 unset($allowedFields[$key]);
914 }
915 }
916 if (!is_array($this->tsFieldConf)) {
917 return $allowedFields;
918 }
919 foreach ($this->tsFieldConf as $fieldName => $userTsFieldConfig) {
920 if (!empty($userTsFieldConfig['disabled'])) {
921 $fieldName = rtrim($fieldName, '.');
922 $key = array_search($fieldName, $allowedFields);
923 if ($key !== false) {
924 unset($allowedFields[$key]);
925 }
926 }
927 }
928 return $allowedFields;
929 }
930
931 /**
932 * Get Avatar fileUid
933 *
934 * @param int $beUserId
935 * @return int
936 */
937 protected function getAvatarFileUid($beUserId)
938 {
939 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('sys_file_reference');
940 $file = $queryBuilder
941 ->select('uid_local')
942 ->from('sys_file_reference')
943 ->where(
944 $queryBuilder->expr()->eq(
945 'tablenames',
946 $queryBuilder->createNamedParameter('be_users', \PDO::PARAM_STR)
947 ),
948 $queryBuilder->expr()->eq(
949 'fieldname',
950 $queryBuilder->createNamedParameter('avatar', \PDO::PARAM_STR)
951 ),
952 $queryBuilder->expr()->eq(
953 'table_local',
954 $queryBuilder->createNamedParameter('sys_file', \PDO::PARAM_STR)
955 ),
956 $queryBuilder->expr()->eq(
957 'uid_foreign',
958 $queryBuilder->createNamedParameter($beUserId, \PDO::PARAM_INT)
959 )
960 )
961 ->execute()
962 ->fetchColumn();
963 return (int)$file;
964 }
965
966 /**
967 * Set avatar fileUid for backend user
968 *
969 * @param int $beUserId
970 * @param int $fileUid
971 * @param array $storeRec
972 */
973 protected function setAvatarFileUid($beUserId, $fileUid, array &$storeRec)
974 {
975
976 // Update is only needed when new fileUid is set
977 if ((int)$fileUid === $this->getAvatarFileUid($beUserId)) {
978 return;
979 }
980
981 // If user is not allowed to modify avatar $fileUid is empty - so don't overwrite existing avatar
982 if (empty($fileUid)) {
983 return;
984 }
985
986 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('sys_file_reference');
987 $queryBuilder->getRestrictions()->removeAll();
988 $queryBuilder
989 ->delete('sys_file_reference')
990 ->where(
991 $queryBuilder->expr()->eq(
992 'tablenames',
993 $queryBuilder->createNamedParameter('be_users', \PDO::PARAM_STR)
994 ),
995 $queryBuilder->expr()->eq(
996 'fieldname',
997 $queryBuilder->createNamedParameter('avatar', \PDO::PARAM_STR)
998 ),
999 $queryBuilder->expr()->eq(
1000 'table_local',
1001 $queryBuilder->createNamedParameter('sys_file', \PDO::PARAM_STR)
1002 ),
1003 $queryBuilder->expr()->eq(
1004 'uid_foreign',
1005 $queryBuilder->createNamedParameter($beUserId, \PDO::PARAM_INT)
1006 )
1007 )
1008 ->execute();
1009
1010 // If Avatar is marked for delete => set it to empty string so it will be updated properly
1011 if ($fileUid === 'delete') {
1012 $fileUid = '';
1013 }
1014
1015 // Create new reference
1016 if ($fileUid) {
1017
1018 // Get file object
1019 try {
1020 $file = ResourceFactory::getInstance()->getFileObject($fileUid);
1021 } catch (FileDoesNotExistException $e) {
1022 $file = false;
1023 }
1024
1025 // Check if user is allowed to use the image (only when not in simulation mode)
1026 if ($file && $this->simUser === 0 && !$file->getStorage()->checkFileActionPermission('read', $file)) {
1027 $file = false;
1028 }
1029
1030 // Check if extension is allowed
1031 if ($file && GeneralUtility::inList($GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext'], $file->getExtension())) {
1032
1033 // Create new file reference
1034 $storeRec['sys_file_reference']['NEW1234'] = [
1035 'uid_local' => (int)$fileUid,
1036 'uid_foreign' => (int)$beUserId,
1037 'tablenames' => 'be_users',
1038 'fieldname' => 'avatar',
1039 'pid' => 0,
1040 'table_local' => 'sys_file',
1041 ];
1042 $storeRec['be_users'][(int)$beUserId]['avatar'] = 'NEW1234';
1043 }
1044 }
1045 }
1046
1047 /**
1048 * Add JavaScript to for browse files button
1049 *
1050 * @param string $fieldName
1051 */
1052 protected function addAvatarButtonJs($fieldName)
1053 {
1054 /** @var \TYPO3\CMS\Backend\Routing\UriBuilder $uriBuilder */
1055 $uriBuilder = GeneralUtility::makeInstance(\TYPO3\CMS\Backend\Routing\UriBuilder::class);
1056 $this->moduleTemplate->addJavaScriptCode('avatar-button', '
1057 var browserWin="";
1058
1059 function openFileBrowser() {
1060 var url = ' . GeneralUtility::quoteJSvalue((string)$uriBuilder->buildUriFromRoute('wizard_element_browser', ['mode' => 'file', 'bparams' => '||||dummy|setFileUid'])) . ';
1061 browserWin = window.open(url,"Typo3WinBrowser","height=650,width=800,status=0,menubar=0,resizable=1,scrollbars=1");
1062 browserWin.focus();
1063 }
1064
1065 function clearExistingImage() {
1066 $(' . GeneralUtility::quoteJSvalue('#image_' . htmlspecialchars($fieldName)) . ').hide();
1067 $(' . GeneralUtility::quoteJSvalue('#clear_button_' . htmlspecialchars($fieldName)) . ').hide();
1068 $(' . GeneralUtility::quoteJSvalue('#field_' . htmlspecialchars($fieldName)) . ').val(\'delete\');
1069 }
1070
1071 function setFileUid(field, value, fileUid) {
1072 clearExistingImage();
1073 $(' . GeneralUtility::quoteJSvalue('#field_' . htmlspecialchars($fieldName)) . ').val(fileUid);
1074 $(' . GeneralUtility::quoteJSvalue('#add_button_' . htmlspecialchars($fieldName)) . ').removeClass(\'btn-default\').addClass(\'btn-info\');
1075
1076 browserWin.close();
1077 }
1078 ');
1079 }
1080
1081 /**
1082 * Returns the current BE user.
1083 *
1084 * @return \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
1085 */
1086 protected function getBackendUser()
1087 {
1088 return $GLOBALS['BE_USER'];
1089 }
1090
1091 /**
1092 * Returns LanguageService
1093 *
1094 * @return \TYPO3\CMS\Core\Localization\LanguageService
1095 */
1096 protected function getLanguageService()
1097 {
1098 return $GLOBALS['LANG'];
1099 }
1100
1101 /**
1102 * Add FlashMessages for various actions
1103 */
1104 protected function addFlashMessages()
1105 {
1106 $flashMessages = [];
1107
1108 // Show if setup was saved
1109 if ($this->setupIsUpdated && !$this->settingsAreResetToDefault) {
1110 $flashMessages[] = $this->getFlashMessage('setupWasUpdated', 'UserSettings');
1111 }
1112
1113 // Show if temporary data was cleared
1114 if ($this->settingsAreResetToDefault) {
1115 $flashMessages[] = $this->getFlashMessage('settingsAreReset', 'resetConfiguration');
1116 }
1117
1118 // Notice
1119 if ($this->setupIsUpdated || $this->settingsAreResetToDefault) {
1120 $flashMessages[] = $this->getFlashMessage('activateChanges', '', FlashMessage::INFO);
1121 }
1122
1123 // If password is updated, output whether it failed or was OK.
1124 if ($this->passwordIsSubmitted) {
1125 $flashMessage = null;
1126 switch ($this->passwordIsUpdated) {
1127 case self::PASSWORD_OLD_WRONG:
1128 $flashMessages[] = $this->getFlashMessage('oldPassword_failed', 'newPassword', FlashMessage::ERROR);
1129 break;
1130 case self::PASSWORD_NOT_THE_SAME:
1131 $flashMessages[] = $this->getFlashMessage('newPassword_failed', 'newPassword', FlashMessage::ERROR);
1132 break;
1133 case self::PASSWORD_UPDATED:
1134 $flashMessages[] = $this->getFlashMessage('newPassword_ok', 'newPassword');
1135 break;
1136 }
1137 }
1138 if (!empty($flashMessages)) {
1139 $this->enqueueFlashMessages($flashMessages);
1140 }
1141 }
1142
1143 /**
1144 * @param array $flashMessages
1145 * @throws \TYPO3\CMS\Core\Exception
1146 */
1147 protected function enqueueFlashMessages(array $flashMessages)
1148 {
1149 $flashMessageService = GeneralUtility::makeInstance(FlashMessageService::class);
1150 $defaultFlashMessageQueue = $flashMessageService->getMessageQueueByIdentifier();
1151 foreach ($flashMessages as $flashMessage) {
1152 $defaultFlashMessageQueue->enqueue($flashMessage);
1153 }
1154 }
1155
1156 /**
1157 * @param string $message
1158 * @param string $title
1159 * @param int $severity
1160 * @return FlashMessage
1161 */
1162 protected function getFlashMessage($message, $title, $severity = FlashMessage::OK)
1163 {
1164 $title = !empty($title) ? $this->getLanguageService()->getLL($title) : ' ';
1165 return GeneralUtility::makeInstance(
1166 FlashMessage::class,
1167 $this->getLanguageService()->getLL($message),
1168 $title,
1169 $severity
1170 );
1171 }
1172 }