Fixed Followup to #8534: "Template-able" Backend Login (correct labels)
[Packages/TYPO3.CMS.git] / typo3 / index.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2008 Kasper Skaarhoj (kasperYYYY@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Login-screen of TYPO3.
29 *
30 * $Id$
31 * Revised for TYPO3 3.6 December/2003 by Kasper Skaarhoj
32 * XHTML compliant
33 *
34 * @author Kasper Skaarhoj <kasperYYYY@typo3.com>
35 */
36 /**
37 * [CLASS/FUNCTION INDEX of SCRIPT]
38 *
39 *
40 *
41 * 87: class SC_index
42 * 120: function init()
43 * 159: function main()
44 * 268: function printContent()
45 *
46 * SECTION: Various functions
47 * 292: function makeLoginForm()
48 * 337: function makeLogoutForm()
49 * 379: function wrapLoginForm($content)
50 * 438: function checkRedirect()
51 * 495: function makeInterfaceSelectorBox()
52 * 549: function makeCopyrightNotice()
53 * 582: function makeLoginBoxImage()
54 * 622: function makeLoginNews()
55 *
56 * TOTAL FUNCTIONS: 11
57 * (This index is automatically created/updated by the extension "extdeveval")
58 *
59 */
60
61
62 define('TYPO3_PROCEED_IF_NO_USER', 1);
63 require ('init.php');
64 require ('template.php');
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80 /**
81 * Script Class for rendering the login form
82 *
83 * @author Kasper Skaarhoj <kasperYYYY@typo3.com>
84 * @package TYPO3
85 * @subpackage core
86 */
87 class SC_index {
88
89 // Internal, GPvars:
90 var $redirect_url; // GPvar: redirect_url; The URL to redirect to after login.
91 var $GPinterface; // GPvar: Defines which interface to load (from interface selector)
92 var $u; // GPvar: preset username
93 var $p; // GPvar: preset password
94 var $L; // GPvar: If "L" is "OUT", then any logged in used is logged out. If redirect_url is given, we redirect to it
95 var $loginRefresh; // Login-refresh boolean; The backend will call this script with this value set when the login is close to being expired and the form needs to be redrawn.
96 var $commandLI; // Value of forms submit button for login.
97
98 // Internal, static:
99 var $redirectToURL; // Set to the redirect URL of the form (may be redirect_url or "backend.php")
100 var $L_vars; // Set to the labels used for the login screen.
101
102 // Internal, dynamic:
103 var $content; // Content accumulation
104
105 var $interfaceSelector; // A selector box for selecting value for "interface" may be rendered into this variable
106 var $interfaceSelector_jump; // A selector box for selecting value for "interface" may be rendered into this variable - this will have an onchange action which will redirect the user to the selected interface right away
107 var $interfaceSelector_hidden; // A hidden field, if the interface is not set.
108 var $addFields_hidden = ''; // Additional hidden fields to be placed at the login form
109
110 // sets the level of security. *'normal' = clear-text. 'challenged' = hashed password/username from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username.
111 var $loginSecurityLevel = 'superchallenged';
112
113
114
115
116 /**
117 * Initialize the login box. Will also react on a &L=OUT flag and exit.
118 *
119 * @return void
120 */
121 function init() {
122 $this->redirect_url = t3lib_div::_GP('redirect_url');
123 $this->GPinterface = t3lib_div::_GP('interface');
124
125 // Grabbing preset username and password, for security reasons this feature only works if SSL is used
126 if (t3lib_div::getIndpEnv('TYPO3_SSL')) {
127 $this->u = t3lib_div::_GP('u');
128 $this->p = t3lib_div::_GP('p');
129 }
130
131 // If "L" is "OUT", then any logged in is logged out. If redirect_url is given, we redirect to it
132 $this->L = t3lib_div::_GP('L');
133
134 // Login
135 $this->loginRefresh = t3lib_div::_GP('loginRefresh');
136
137 // Value of "Login" button. If set, the login button was pressed.
138 $this->commandLI = t3lib_div::_GP('commandLI');
139
140 // sets the level of security from conf vars
141 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel']) {
142 $this->loginSecurityLevel = $GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'];
143 }
144
145 // Getting login labels
146 $this->L_vars = explode('|', $GLOBALS['TYPO3_CONF_VARS']['BE']['loginLabels']);
147
148 // Setting the redirect URL to "backend.php" if no alternative input is given
149 $this->redirectToURL = $this->redirect_url ? $this->redirect_url : 'backend.php';
150
151 // Do a logout if the command is set
152 if ($this->L == 'OUT' && is_object($GLOBALS['BE_USER'])) {
153 $GLOBALS['BE_USER']->logoff();
154 if ($this->redirect_url) {
155 header('Location: '.t3lib_div::locationHeaderUrl($this->redirect_url));
156 }
157 exit;
158 }
159 }
160
161
162 /**
163 * Main function - creating the login/logout form
164 *
165 * @return void
166 */
167 function main() {
168 global $TBE_TEMPLATE, $TYPO3_CONF_VARS, $BE_USER;
169
170 // Initialize template object:
171 $TBE_TEMPLATE->docType = 'xhtml_trans';
172 $TBE_TEMPLATE->bodyTagAdditions = ' onload="startUp();"';
173 $TBE_TEMPLATE->moduleTemplate = $TBE_TEMPLATE->getHtmlTemplate('templates/login.html');
174
175
176 // Set JavaScript for creating a MD5 hash of the password:
177 $TBE_TEMPLATE->JScode.= $this->getJScode();
178
179
180 // Checking, if we should make a redirect.
181 // Might set JavaScript in the header to close window.
182 $this->checkRedirect();
183
184 // Initialize interface selectors:
185 $this->makeInterfaceSelectorBox();
186
187 // Replace an optional marker in the "Administration Login" label
188 $this->L_vars[6] = str_replace("###SITENAME###", $TYPO3_CONF_VARS['SYS']['sitename'], $this->L_vars[6]);
189
190 // Creating form based on whether there is a login or not:
191 if (!$BE_USER->user['uid']) {
192 $TBE_TEMPLATE->form = $this->startForm();
193 $loginForm = $this->makeLoginForm();
194 } else {
195 $TBE_TEMPLATE->form = '
196 <form action="index.php" method="post" name="loginform">
197 <input type="hidden" name="login_status" value="logout" />
198 ';
199 $loginForm = $this->makeLogoutForm();
200 }
201
202 // Starting page:
203 $this->content.=$TBE_TEMPLATE->startPage('TYPO3 Login: '.$TYPO3_CONF_VARS['SYS']['sitename']);
204
205 // Add login form:
206 $this->content.=$this->wrapLoginForm($loginForm);
207
208 // Create a random challenge string
209 $challenge = $this->getChallenge();
210
211 // Save challenge value in session data (thanks to Bernhard Kraft for providing code):
212 session_start();
213 $_SESSION['login_challenge'] = $challenge;
214
215 // Add hidden fields and end the page
216 $this->content.= $this->getHiddenFields($challenge);
217
218 $this->content.= $TBE_TEMPLATE->endPage();
219 }
220
221 /**
222 * Outputting the accumulated content to screen
223 *
224 * @return void
225 */
226 function printContent() {
227 echo $this->content;
228 }
229
230
231
232
233
234
235
236
237 /*****************************
238 *
239 * Various functions
240 *
241 ******************************/
242
243 /**
244 * Creates the login form
245 * This is drawn when NO login exists.
246 *
247 * @return string HTML output
248 */
249 function makeLoginForm() {
250 $content = t3lib_parsehtml::getSubpart($GLOBALS['TBE_TEMPLATE']->moduleTemplate, '###LOGIN_FORM###');
251 $markers = array(
252 'HEADLINE' => $this->L_vars[6],
253 'LABEL_USERNAME' => $this->L_vars[0],
254 'LABEL_PASSWORD' => $this->L_vars[1],
255 'VALUE_USERNAME' => $this->u,
256 'VALUE_PASSWORD' => $this->p,
257 'VALUE_SUBMIT' => $this->L_vars[3],
258 'INFO' => $this->L_vars[7],
259 );
260
261 // show an error message if the login command was successful already
262 if (!$this->commandLI) {
263 $content = t3lib_parsehtml::substituteSubpart($content, '###LOGIN_ERROR###', '');
264 } else {
265 $markers['ERROR_MESSAGE'] = $this->L_vars[9];
266 }
267
268 // HSC all output
269 foreach ($markers as &$marker) {
270 $marker = htmlspecialchars($marker);
271 }
272
273
274 // remove the interface selector markers if it's not available
275 if (!($this->interfaceSelector && !$this->loginRefresh)) {
276 $content = t3lib_parsehtml::substituteSubpart($content, '###INTERFACE_SELECTOR###', '');
277 } else {
278 $markers['LABEL_INTERFACE'] = htmlspecialchars($this->L_vars[2]);
279 $markers['VALUE_INTERFACE'] = $this->interfaceSelector_jump;
280 }
281
282 return t3lib_parsehtml::substituteMarkerArray($content, $markers, '###|###');
283 }
284
285
286 /**
287 * Creates the logout form
288 * This is drawn if a user login already exists.
289 *
290 * @return string HTML output
291 */
292 function makeLogoutForm() {
293 $content = t3lib_parsehtml::getSubpart($GLOBALS['TBE_TEMPLATE']->moduleTemplate, '###LOGOUT_FORM###');
294 $markers = array(
295 'HEADLINE' => $this->L_vars[6],
296 'LABEL_USERNAME' => $this->L_vars[0],
297 'VALUE_USERNAME' => $GLOBALS['BE_USER']->user['username'],
298 'VALUE_SUBMIT' => $this->L_vars[4],
299 'INFO' => $this->L_vars[7],
300 );
301
302 // HSC all output
303 foreach ($markers as &$marker) {
304 $marker = htmlspecialchars($marker);
305 }
306
307 // remove the interface selector markers if it's not available
308 if (!$this->interfaceSelector_jump) {
309 $content = t3lib_parsehtml::substituteSubpart($content, '###INTERFACE_SELECTOR###', '');
310 } else {
311 $markers['LABEL_INTERFACE'] = htmlspecialchars($this->L_vars[2]);
312 $markers['VALUE_INTERFACE'] = $this->interfaceSelector_jump;
313 }
314
315 return t3lib_parsehtml::substituteMarkerArray($content, $markers, '###|###');
316 }
317
318
319 /**
320 * Wrapping the login form table in another set of tables etc:
321 *
322 * @param string HTML content for the login form
323 * @return string The HTML for the page.
324 */
325 function wrapLoginForm($content) {
326 $mainContent = t3lib_parsehtml::getSubpart($GLOBALS['TBE_TEMPLATE']->moduleTemplate, '###PAGE###');
327
328 if ($GLOBALS['TBE_STYLES']['logo_login']) {
329 $logo = '<img src="'.htmlspecialchars($GLOBALS['BACK_PATH'] . $GLOBALS['TBE_STYLES']['logo_login']) . '" alt="" />';
330 } else {
331 $logo = '<img'.t3lib_iconWorks::skinImg($GLOBALS['BACK_PATH'],'gfx/typo3logo.gif','width="123" height="34"').' alt="" />';
332 }
333
334 $markers = array(
335 'LOGO' => $logo,
336 'LOGINBOX_IMAGE' => $this->makeLoginBoxImage(),
337 'FORM' => $content,
338 'NEWS' => $this->makeLoginNews(),
339 'COPYRIGHT' => $this->makeCopyrightNotice(),
340 'CSS_ERRORCLASS' => ($this->commandLI ? ' class="error"' : ''),
341 );
342 return t3lib_parsehtml::substituteMarkerArray($mainContent, $markers, '###|###');
343 }
344
345
346 /**
347 * Checking, if we should perform some sort of redirection OR closing of windows.
348 *
349 * @return void
350 */
351 function checkRedirect() {
352 global $BE_USER,$TBE_TEMPLATE;
353
354 // Do redirect:
355 // If a user is logged in AND a) if either the login is just done (commandLI) or b) a loginRefresh is done or c) the interface-selector is NOT enabled (If it is on the other hand, it should not just load an interface, because people has to choose then...)
356 if ($BE_USER->user['uid'] && ($this->commandLI || $this->loginRefresh || !$this->interfaceSelector)) {
357
358 // If no cookie has been set previously we tell people that this is a problem. This assumes that a cookie-setting script (like this one) has been hit at least once prior to this instance.
359 if (!$_COOKIE[$BE_USER->name]) {
360 if ($this->commandLI=='setCookie') {
361 // we tried it a second time but still no cookie
362 // 26/4 2005: This does not work anymore, because the saving of challenge values in $_SESSION means the system will act as if the password was wrong.
363 t3lib_BEfunc::typo3PrintError ('Login-error',"Yeah, that's a classic. No cookies, no TYPO3.<br /><br />Please accept cookies from TYPO3 - otherwise you'll not be able to use the system.",0);
364 exit;
365 } else {
366 // try it once again - that might be needed for auto login
367 $this->redirectToURL = 'index.php?commandLI=setCookie';
368 }
369 }
370
371 if ($redirectToURL = (string)$BE_USER->getTSConfigVal('auth.BE.redirectToURL')) {
372 $this->redirectToURL = $redirectToURL;
373 $this->GPinterface = '';
374 }
375
376 // store interface
377 $BE_USER->uc['interfaceSetup'] = $this->GPinterface;
378 $BE_USER->writeUC();
379
380 // Based on specific setting of interface we set the redirect script:
381 switch ($this->GPinterface) {
382 case 'backend':
383 $this->redirectToURL = 'backend.php';
384 break;
385 case 'backend_old':
386 $this->redirectToURL = 'alt_main.php';
387 break;
388 case 'frontend':
389 $this->redirectToURL = '../';
390 break;
391 }
392
393 // If there is a redirect URL AND if loginRefresh is not set...
394 if (!$this->loginRefresh) {
395 header('Location: '.t3lib_div::locationHeaderUrl($this->redirectToURL));
396 exit;
397 } else {
398 $TBE_TEMPLATE->JScode.=$TBE_TEMPLATE->wrapScriptTags('
399 if (parent.opener && parent.opener.busy) {
400 parent.opener.busy.loginRefreshed();
401 parent.close();
402 }
403 ');
404 }
405
406 } elseif (!$BE_USER->user['uid'] && $this->commandLI) {
407 sleep(5); // Wrong password, wait for 5 seconds
408 }
409 }
410
411 /**
412 * Making interface selector:
413 *
414 * @return void
415 */
416 function makeInterfaceSelectorBox() {
417 global $TYPO3_CONF_VARS;
418
419 // Reset variables:
420 $this->interfaceSelector = '';
421 $this->interfaceSelector_hidden='';
422 $this->interfaceSelector_jump = '';
423
424 // If interfaces are defined AND no input redirect URL in GET vars:
425 if ($TYPO3_CONF_VARS['BE']['interfaces'] && ($this->commandLI || !$this->redirect_url)) {
426 $parts = t3lib_div::trimExplode(',',$TYPO3_CONF_VARS['BE']['interfaces']);
427 if (count($parts)>1) { // Only if more than one interface is defined will we show the selector:
428
429 // Initialize:
430 $tempLabels=explode(',', $this->L_vars[5]);
431 $labels=array();
432
433 $labels['backend'] = $tempLabels[0];
434 $labels['backend_old'] = $tempLabels[2];
435 $labels['frontend'] = $tempLabels[1];
436
437 $jumpScript=array();
438 $jumpScript['backend'] = 'backend.php';
439 $jumpScript['backend_old'] = 'alt_main.php';
440 $jumpScript['frontend'] = '../';
441
442 // Traverse the interface keys:
443 foreach($parts as $valueStr) {
444 $this->interfaceSelector.='
445 <option value="'.htmlspecialchars($valueStr).'"'.(t3lib_div::_GP('interface')==htmlspecialchars($valueStr) ? ' selected="selected"' : '').'>'.htmlspecialchars($labels[$valueStr]).'</option>';
446 $this->interfaceSelector_jump.='
447 <option value="'.htmlspecialchars($jumpScript[$valueStr]).'">'.htmlspecialchars($labels[$valueStr]).'</option>';
448 }
449 $this->interfaceSelector='
450 <select id="interfaceselector" name="interface" class="c-interfaceselector">'.$this->interfaceSelector.'
451 </select>';
452 $this->interfaceSelector_jump='
453 <select id="interfaceselector" name="interface" class="c-interfaceselector" onchange="window.location.href=this.options[this.selectedIndex].value;">'.$this->interfaceSelector_jump.'
454 </select>';
455
456 } else { // If there is only ONE interface value set:
457
458 $this->interfaceSelector_hidden='<input type="hidden" name="interface" value="'.trim($TYPO3_CONF_VARS['BE']['interfaces']).'" />';
459 }
460 }
461 }
462
463 /**
464 * COPYRIGHT notice
465 *
466 * Warning:
467 * DO NOT prevent this notice from being shown in ANY WAY.
468 * According to the GPL license an interactive application must show such a notice on start-up ('If the program is interactive, make it output a short notice... ' - see GPL.txt)
469 * Therefore preventing this notice from being properly shown is a violation of the license, regardless of whether you remove it or use a stylesheet to obstruct the display.
470 *
471 * @return string Text/Image (HTML) for copyright notice.
472 */
473 function makeCopyrightNotice() {
474
475 // Get values from TYPO3_CONF_VARS:
476 $loginCopyrightWarrantyProvider = strip_tags(trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['loginCopyrightWarrantyProvider']));
477 $loginCopyrightWarrantyURL = strip_tags(trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['loginCopyrightWarrantyURL']));
478 $loginImageSmall = (trim($GLOBALS['TBE_STYLES']['loginBoxImageSmall'])) ? trim($GLOBALS['TBE_STYLES']['loginBoxImageSmall']) : 'gfx/loginlogo_transp.gif';
479
480 // Make warranty note:
481 if (strlen($loginCopyrightWarrantyProvider)>=2 && strlen($loginCopyrightWarrantyURL)>=10) {
482 $warrantyNote='Warranty is supplied by '.htmlspecialchars($loginCopyrightWarrantyProvider).'; <a href="'.htmlspecialchars($loginCopyrightWarrantyURL).'" target="_blank">click for details.</a>';
483 } else {
484 $warrantyNote='TYPO3 comes with ABSOLUTELY NO WARRANTY; <a href="http://typo3.com/1316.0.html" target="_blank">click for details.</a>';
485 }
486
487 // Compile full copyright notice:
488 $copyrightNotice = '<a href="http://typo3.com/" target="_blank">'.
489 '<img src="'.$loginImageSmall.'" alt="TYPO3 logo" align="left" />'.
490 'TYPO3 CMS'.($GLOBALS['TYPO3_CONF_VARS']['SYS']['loginCopyrightShowVersion']?' ver. '.htmlspecialchars($GLOBALS['TYPO_VERSION']):'').
491 '</a>. '.
492 'Copyright &copy; '.TYPO3_copyright_year.' Kasper Sk&#229;rh&#248;j. Extensions are copyright of their respective owners. '.
493 'Go to <a href="http://typo3.com/" target="_blank">http://typo3.com/</a> for details. '.
494 $warrantyNote.' '.
495 'This is free software, and you are welcome to redistribute it under certain conditions; <a href="http://typo3.com/1316.0.html" target="_blank">click for details</a>. '.
496 'Obstructing the appearance of this notice is prohibited by law.';
497
498 // Return notice:
499 return $copyrightNotice;
500 }
501
502 /**
503 * Returns the login box image, whether the default or an image from the rotation folder.
504 *
505 * @return string HTML image tag.
506 */
507 function makeLoginBoxImage() {
508 $loginboxImage = '';
509 if ($GLOBALS['TBE_STYLES']['loginBoxImage_rotationFolder']) { // Look for rotation image folder:
510 $absPath = t3lib_div::resolveBackPath(PATH_typo3.$GLOBALS['TBE_STYLES']['loginBoxImage_rotationFolder']);
511
512 // Get rotation folder:
513 $dir = t3lib_div::getFileAbsFileName($absPath);
514 if ($dir && @is_dir($dir)) {
515
516 // Get files for rotation into array:
517 $files = t3lib_div::getFilesInDir($dir,'png,jpg,gif');
518
519 // Pick random file:
520 srand((float) microtime() * 10000000);
521 $randImg = array_rand($files, 1);
522
523 // Get size of random file:
524 $imgSize = @getimagesize($dir.$files[$randImg]);
525
526 $imgAuthor = is_array($GLOBALS['TBE_STYLES']['loginBoxImage_author'])&&$GLOBALS['TBE_STYLES']['loginBoxImage_author'][$files[$randImg]] ? htmlspecialchars($GLOBALS['TBE_STYLES']['loginBoxImage_author'][$files[$randImg]]) : '';
527
528 // Create image tag:
529 if (is_array($imgSize)) {
530 $loginboxImage = '<img src="'.htmlspecialchars($GLOBALS['TBE_STYLES']['loginBoxImage_rotationFolder'].$files[$randImg]).'" '.$imgSize[3].' id="loginbox-image" alt="'.$imgAuthor.'" title="'.$imgAuthor.'" />';
531 }
532 }
533 } else { // If no rotation folder configured, print default image:
534
535 if (strstr(TYPO3_version,'-dev')) { // development version
536 $loginImage = 'loginbox_image_dev.png';
537 $imagecopy = 'You are running a development version of TYPO3 '.TYPO3_branch;
538 } else {
539 $loginImage = 'loginbox_image.jpg';
540 $imagecopy = 'Photo by J.C. Franca (www.digitalphoto.com.br)';
541 }
542 $loginboxImage = '<img'.t3lib_iconWorks::skinImg($GLOBALS['BACK_PATH'],'gfx/'.$loginImage,'width="200" height="133"').' id="loginbox-image" alt="'.$imagecopy.'" title="'.$imagecopy.'" />';
543 }
544
545 // Return image tag:
546 return $loginboxImage;
547 }
548
549 /**
550 * Make login news - renders the HTML content for a list of news shown under the login form. News data is added through $TYPO3_CONF_VARS
551 *
552 * @return string HTML content
553 * @credits Idea by Jan-Hendrik Heuing
554 */
555 function makeLoginNews() {
556
557 // Reset output variable:
558 $newsContent= '';
559
560 // Traverse news array IF there are records in it:
561 if (is_array($GLOBALS['TYPO3_CONF_VARS']['BE']['loginNews']) && count($GLOBALS['TYPO3_CONF_VARS']['BE']['loginNews'])) {
562 foreach($GLOBALS['TYPO3_CONF_VARS']['BE']['loginNews'] as $newsItem) {
563 $newsContent .= '<dt>'.htmlspecialchars($newsItem['header']).' <span>'.htmlspecialchars($newsItem['date']).'</span></dt>';
564 $newsContent .= '<dd>'.trim($newsItem['content']).'</dd>';
565 }
566
567 $title = $GLOBALS['TYPO3_CONF_VARS']['BE']['loginNewsTitle'] ? htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['BE']['loginNewsTitle']) : htmlspecialchars($this->L_vars[8]);
568 // Wrap
569 $newsContent = '
570
571 <!--
572 Login screen news:
573 -->
574 <h2 id="loginNewsTitle">'.$title.'</h2>
575 <dl id="loginNews">
576 '.$newsContent.'
577 </dl>
578 ';
579 }
580
581 // Return content:
582 return $newsContent;
583 }
584
585 /**
586 * Returns the form tag
587 *
588 * @return string Opening form tag string
589 */
590 function startForm() {
591 $output = '';
592
593 if ($this->loginSecurityLevel == 'challenged') {
594 $output.= '
595 <form action="index.php" method="post" name="loginform" onsubmit="doChallengeResponse(0);">
596 ';
597 } elseif ($this->loginSecurityLevel == 'normal') {
598 $output.= '
599 <form action="index.php" method="post" name="loginform" onsubmit="document.loginform.userident.value=document.loginform.p_field.value;document.loginform.p_field.value=\'\';return true;">
600 ';
601 } else { // if ($this->loginSecurityLevel == 'superchallenged') {
602 $output.= '
603 <form action="index.php" method="post" name="loginform" onsubmit="doChallengeResponse(1);">
604 ';
605 }
606
607 $output.= '
608 <input type="hidden" name="login_status" value="login" />
609 ';
610
611 return $output;
612 }
613
614 /**
615 * Output some hidden fields at the end of the login form
616 *
617 * @param string The challenge string to be included in the output
618 * @return string HTML output
619 */
620 function getHiddenFields($challenge) {
621 $output = '
622 <input type="hidden" name="userident" value="" />
623 <input type="hidden" name="challenge" value="'.$challenge.'" />
624 <input type="hidden" name="redirect_url" value="'.htmlspecialchars($this->redirectToURL).'" />
625 <input type="hidden" name="loginRefresh" value="'.htmlspecialchars($this->loginRefresh).'" />
626 '.$this->interfaceSelector_hidden.'
627 '.$this->addFields_hidden.'
628 ';
629
630 return $output;
631 }
632
633 /**
634 * Set JavaScript for creating a MD5 hash of the password
635 *
636 * @return string JavaScript code
637 */
638 function getJScode() {
639 global $TBE_TEMPLATE;
640
641 $JScode = '
642 <script type="text/javascript" src="md5.js"></script>
643 '.$TBE_TEMPLATE->wrapScriptTags('
644 function doChallengeResponse(superchallenged) { //
645 password = document.loginform.p_field.value;
646 if (password) {
647 if (superchallenged) {
648 password = MD5(password); // this makes it superchallenged!!
649 }
650 str = document.loginform.username.value+":"+password+":"+document.loginform.challenge.value;
651 document.loginform.userident.value = MD5(str);
652 document.loginform.p_field.value = "";
653 return true;
654 }
655 }
656
657 function startUp() {
658 // If the login screen is shown in the login_frameset window for re-login, then try to get the username of the current/former login from opening windows main frame:
659 if (parent.opener && parent.opener.TS && parent.opener.TS.username && document.loginform && document.loginform.username) {
660 document.loginform.username.value = parent.opener.TS.username;
661 }
662
663 // Wait a few millisecons before calling checkFocus(). This might be necessary because some browsers need some time to auto-fill in the form fields
664 window.setTimeout("checkFocus()", 50);
665 }
666
667 // This moves focus to the right input field:
668 function checkFocus() {
669 // If for some reason there already is a username in the username form field, move focus to the password field:
670 if (document.loginform.username && document.loginform.username.value == "") {
671 document.loginform.username.focus();
672 } else if (document.loginform.p_field && document.loginform.p_field.type!="hidden") {
673 document.loginform.p_field.focus();
674 }
675 }
676 ');
677
678 return $JScode;
679 }
680
681 /**
682 * Create a random challenge string
683 *
684 * @return string Challenge value
685 */
686 function getChallenge() {
687 $challenge = md5(uniqid('').getmypid());
688 return $challenge;
689 }
690 }
691
692 // Include extension?
693 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/index.php']) {
694 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/index.php']);
695 }
696
697
698
699
700
701
702
703
704
705
706 // Make instance:
707 $SOBE = t3lib_div::makeInstance('SC_index');
708 $SOBE->init();
709 $SOBE->main();
710 $SOBE->printContent();
711 ?>