[BUGFIX] Allow password change in user settings for non admin users
[Packages/TYPO3.CMS.git] / typo3 / sysext / setup / Classes / Controller / SetupModuleController.php
1 <?php
2 namespace TYPO3\CMS\Setup\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
19 use TYPO3\CMS\Backend\Backend\Avatar\DefaultAvatarProvider;
20 use TYPO3\CMS\Backend\Module\ModuleLoader;
21 use TYPO3\CMS\Backend\Routing\UriBuilder;
22 use TYPO3\CMS\Backend\Template\ModuleTemplate;
23 use TYPO3\CMS\Backend\Utility\BackendUtility;
24 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
25 use TYPO3\CMS\Core\Compatibility\PublicPropertyDeprecationTrait;
26 use TYPO3\CMS\Core\Core\Environment;
27 use TYPO3\CMS\Core\Database\ConnectionPool;
28 use TYPO3\CMS\Core\DataHandling\DataHandler;
29 use TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
30 use TYPO3\CMS\Core\Http\HtmlResponse;
31 use TYPO3\CMS\Core\Imaging\Icon;
32 use TYPO3\CMS\Core\Imaging\IconFactory;
33 use TYPO3\CMS\Core\Localization\Locales;
34 use TYPO3\CMS\Core\Messaging\FlashMessage;
35 use TYPO3\CMS\Core\Messaging\FlashMessageService;
36 use TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException;
37 use TYPO3\CMS\Core\Resource\ResourceFactory;
38 use TYPO3\CMS\Core\Utility\GeneralUtility;
39 use TYPO3\CMS\Saltedpasswords\Salt\SaltFactory;
40
41 /**
42 * Script class for the Setup module
43 */
44 class SetupModuleController
45 {
46 use PublicPropertyDeprecationTrait;
47
48 /**
49 * Flag if password has not been updated
50 */
51 const PASSWORD_NOT_UPDATED = 0;
52
53 /**
54 * Flag if password has been updated
55 */
56 const PASSWORD_UPDATED = 1;
57
58 /**
59 * Flag if both new passwords do not match
60 */
61 const PASSWORD_NOT_THE_SAME = 2;
62
63 /**
64 * Flag if the current password given was not identical to the real
65 * current password
66 */
67 const PASSWORD_OLD_WRONG = 3;
68
69 /**
70 * Properties which have been moved to protected status from public
71 *
72 * @var array
73 */
74 protected $deprecatedPublicProperties = [
75 'OLD_BE_USER' => 'Using $OLD_BE_USER of class SetupModuleController from the outside is discouraged, the variable will be removed.',
76 'MOD_MENU' => 'Using $MOD_MENU of class SetupModuleController from the outside is discouraged, the variable will be removed.',
77 'MOD_SETTINGS' => 'Using $MOD_SETTINGS of class SetupModuleController from the outside is discouraged, the variable will be removed.',
78 'content' => 'Using $content of class SetupModuleController from the outside is discouraged, as this variable is only used for internal storage.',
79 'overrideConf' => 'Using $overrideConf of class SetupModuleController from the outside is discouraged, as this variable is only used for internal storage.',
80 'languageUpdate' => 'Using $languageUpdate of class SetupModuleController from the outside is discouraged, as this variable is only used for internal storage.',
81 ];
82
83 /**
84 * @var array
85 */
86 protected $MOD_MENU = [];
87
88 /**
89 * @var array
90 */
91 protected $MOD_SETTINGS = [];
92
93 /**
94 * @var string
95 */
96 protected $content;
97
98 /**
99 * @var array
100 */
101 protected $overrideConf;
102
103 /**
104 * @deprecated will be removed in TYPO3 v10
105 */
106 protected $OLD_BE_USER;
107
108 /**
109 * @var bool
110 */
111 protected $languageUpdate;
112
113 /**
114 * @var bool
115 */
116 protected $pagetreeNeedsRefresh = false;
117
118 /**
119 * @var bool
120 */
121 protected $isAdmin;
122
123 /**
124 * @var array
125 */
126 protected $tsFieldConf;
127
128 /**
129 * @var bool
130 */
131 protected $saveData = false;
132
133 /**
134 * @var int
135 */
136 protected $passwordIsUpdated = self::PASSWORD_NOT_UPDATED;
137
138 /**
139 * @var bool
140 */
141 protected $passwordIsSubmitted = false;
142
143 /**
144 * @var bool
145 */
146 protected $setupIsUpdated = false;
147
148 /**
149 * @var bool
150 */
151 protected $settingsAreResetToDefault = false;
152
153 /**
154 * Form protection instance
155 *
156 * @var \TYPO3\CMS\Core\FormProtection\BackendFormProtection
157 */
158 protected $formProtection;
159
160 /**
161 * @var string
162 */
163 protected $simulateSelector = '';
164
165 /**
166 * @var int
167 */
168 protected $simUser;
169
170 /**
171 * The name of the module
172 *
173 * @var string
174 */
175 protected $moduleName = 'user_setup';
176
177 /**
178 * ModuleTemplate object
179 *
180 * @var ModuleTemplate
181 */
182 protected $moduleTemplate;
183
184 /**
185 * Instantiate the form protection before a simulated user is initialized.
186 */
187 public function __construct()
188 {
189 $this->moduleTemplate = GeneralUtility::makeInstance(ModuleTemplate::class);
190 $this->formProtection = FormProtectionFactory::get();
191 $pageRenderer = $this->moduleTemplate->getPageRenderer();
192 $pageRenderer->loadRequireJsModule('TYPO3/CMS/Backend/Modal');
193 $pageRenderer->loadRequireJsModule('TYPO3/CMS/Backend/FormEngine');
194 $pageRenderer->addInlineSetting('FormEngine', 'formName', 'editform');
195 $pageRenderer->addInlineLanguageLabelArray([
196 'FormEngine.remainingCharacters' => 'LLL:EXT:core/Resources/Private/Language/locallang_core.xlf:labels.remainingCharacters',
197 ], true);
198 }
199
200 /**
201 * Getter for the form protection instance.
202 *
203 * @return \TYPO3\CMS\Core\FormProtection\BackendFormProtection
204 * @deprecated and will be removed in TYPO3 v10.0.
205 */
206 public function getFormProtection()
207 {
208 trigger_error('Method will be removed in TYPO3 v10', E_USER_DEPRECATED);
209 return $this->formProtection;
210 }
211
212 /**
213 * If settings are submitted to _POST[DATA], store them
214 * NOTICE: This method is called before the \TYPO3\CMS\Backend\Template\ModuleTemplate
215 * is included. See bottom of document.
216 */
217 public function storeIncomingData()
218 {
219 // First check if something is submitted in the data-array from POST vars
220 $d = GeneralUtility::_POST('data');
221 $columns = $GLOBALS['TYPO3_USER_SETTINGS']['columns'];
222 $backendUser = $this->getBackendUser();
223 $beUserId = $backendUser->user['uid'];
224 $storeRec = [];
225 $fieldList = $this->getFieldsFromShowItem();
226 if (is_array($d) && $this->formProtection->validateToken((string)GeneralUtility::_POST('formToken'), 'BE user setup', 'edit')) {
227 // UC hashed before applying changes
228 $save_before = md5(serialize($backendUser->uc));
229 // PUT SETTINGS into the ->uc array:
230 // Reload left frame when switching BE language
231 if (isset($d['lang']) && $d['lang'] != $backendUser->uc['lang']) {
232 $this->languageUpdate = true;
233 }
234 // Reload pagetree if the title length is changed
235 if (isset($d['titleLen']) && $d['titleLen'] !== $backendUser->uc['titleLen']) {
236 $this->pagetreeNeedsRefresh = true;
237 }
238 if ($d['setValuesToDefault']) {
239 // If every value should be default
240 $backendUser->resetUC();
241 $this->settingsAreResetToDefault = true;
242 } elseif ($d['save']) {
243 // Save all submitted values if they are no array (arrays are with table=be_users) and exists in $GLOBALS['TYPO3_USER_SETTINGS'][columns]
244 foreach ($columns as $field => $config) {
245 if (!in_array($field, $fieldList)) {
246 continue;
247 }
248 if ($config['table']) {
249 if ($config['table'] === 'be_users' && !in_array($field, ['password', 'password2', 'passwordCurrent', 'email', 'realName', 'admin', 'avatar'])) {
250 if (!isset($config['access']) || $this->checkAccess($config) && $backendUser->user[$field] !== $d['be_users'][$field]) {
251 if ($config['type'] === 'check') {
252 $fieldValue = isset($d['be_users'][$field]) ? 1 : 0;
253 } else {
254 $fieldValue = $d['be_users'][$field];
255 }
256 $storeRec['be_users'][$beUserId][$field] = $fieldValue;
257 $backendUser->user[$field] = $fieldValue;
258 }
259 }
260 }
261 if ($config['type'] === 'check') {
262 $backendUser->uc[$field] = isset($d[$field]) ? 1 : 0;
263 } else {
264 $backendUser->uc[$field] = htmlspecialchars($d[$field]);
265 }
266 }
267 // Personal data for the users be_user-record (email, name, password...)
268 // If email and name is changed, set it in the users record:
269 $be_user_data = $d['be_users'];
270 // Possibility to modify the transmitted values. Useful to do transformations, like RSA password decryption
271 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['modifyUserDataBeforeSave'] ?? [] as $function) {
272 $params = ['be_user_data' => &$be_user_data];
273 GeneralUtility::callUserFunction($function, $params, $this);
274 }
275 $this->passwordIsSubmitted = (string)$be_user_data['password'] !== '';
276 $passwordIsConfirmed = $this->passwordIsSubmitted && $be_user_data['password'] === $be_user_data['password2'];
277 // Update the real name:
278 if ($be_user_data['realName'] !== $backendUser->user['realName']) {
279 $backendUser->user['realName'] = ($storeRec['be_users'][$beUserId]['realName'] = substr($be_user_data['realName'], 0, 80));
280 }
281 // Update the email address:
282 if ($be_user_data['email'] !== $backendUser->user['email']) {
283 $backendUser->user['email'] = ($storeRec['be_users'][$beUserId]['email'] = substr($be_user_data['email'], 0, 80));
284 }
285 // Update the password:
286 if ($passwordIsConfirmed) {
287 if ($this->isAdmin) {
288 $passwordOk = true;
289 } else {
290 $currentPasswordHashed = $GLOBALS['BE_USER']->user['password'];
291 $saltFactory = SaltFactory::getSaltingInstance($currentPasswordHashed);
292 $passwordOk = $saltFactory->checkPassword($be_user_data['passwordCurrent'], $currentPasswordHashed);
293 }
294 if ($passwordOk) {
295 $this->passwordIsUpdated = self::PASSWORD_UPDATED;
296 $storeRec['be_users'][$beUserId]['password'] = $be_user_data['password'];
297 } else {
298 $this->passwordIsUpdated = self::PASSWORD_OLD_WRONG;
299 }
300 } else {
301 $this->passwordIsUpdated = self::PASSWORD_NOT_THE_SAME;
302 }
303
304 $this->setAvatarFileUid($beUserId, $be_user_data['avatar'], $storeRec);
305
306 $this->saveData = true;
307 }
308 // Inserts the overriding values.
309 $backendUser->overrideUC();
310 $save_after = md5(serialize($backendUser->uc));
311 // If something in the uc-array of the user has changed, we save the array...
312 if ($save_before != $save_after) {
313 $backendUser->writeUC($backendUser->uc);
314 $backendUser->writelog(254, 1, 0, 1, 'Personal settings changed', []);
315 $this->setupIsUpdated = true;
316 }
317 // Persist data if something has changed:
318 if (!empty($storeRec) && $this->saveData) {
319 // Make instance of TCE for storing the changes.
320 $dataHandler = GeneralUtility::makeInstance(DataHandler::class);
321 $dataHandler->start($storeRec, []);
322 $dataHandler->admin = true;
323 // This is to make sure that the users record can be updated even if in another workspace. This is tolerated.
324 $dataHandler->bypassWorkspaceRestrictions = true;
325 $dataHandler->process_datamap();
326 if ($this->passwordIsUpdated === self::PASSWORD_NOT_UPDATED || count($storeRec['be_users'][$beUserId]) > 1) {
327 $this->setupIsUpdated = true;
328 }
329 BackendUtility::setUpdateSignal('updateTopbar');
330 }
331 }
332 }
333
334 /**
335 * Initializes the module for display of the settings form.
336 */
337 public function init()
338 {
339 $this->getLanguageService()->includeLLFile('EXT:setup/Resources/Private/Language/locallang.xlf');
340 $backendUser = $this->getBackendUser();
341 $this->isAdmin = $backendUser->isAdmin();
342 // Getting the 'override' values as set might be set in User TSconfig
343 $this->overrideConf = $backendUser->getTSConfig()['setup.']['override.'] ?? null;
344 // Getting the disabled fields might be set in User TSconfig (eg setup.fields.password.disabled=1)
345 $this->tsFieldConf = $backendUser->getTSConfig()['setup.']['fields.'] ?? null;
346 // id password is disabled, disable repeat of password too (password2)
347 if (isset($this->tsFieldConf['password.']) && $this->tsFieldConf['password.']['disabled']) {
348 $this->tsFieldConf['password2.']['disabled'] = 1;
349 $this->tsFieldConf['passwordCurrent.']['disabled'] = 1;
350 }
351 }
352
353 /**
354 * Generate necessary JavaScript
355 *
356 * @return string
357 */
358 protected function getJavaScript()
359 {
360 $javaScript = '';
361 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['setupScriptHook'] ?? [] as $function) {
362 $params = [];
363 $javaScript .= GeneralUtility::callUserFunction($function, $params, $this);
364 }
365 return $javaScript;
366 }
367
368 /**
369 * Generate the main settings form:
370 */
371 public function main()
372 {
373 $uriBuilder = GeneralUtility::makeInstance(UriBuilder::class);
374 $this->content .= '<form action="' . (string)$uriBuilder->buildUriFromRoute('user_setup') . '" method="post" id="SetupModuleController" name="usersetup" enctype="multipart/form-data">';
375 if ($this->languageUpdate) {
376 $this->moduleTemplate->addJavaScriptCode('languageUpdate', '
377 if (top && top.TYPO3.ModuleMenu.App) {
378 top.TYPO3.ModuleMenu.App.refreshMenu();
379 }
380 ');
381 }
382 if ($this->pagetreeNeedsRefresh) {
383 BackendUtility::setUpdateSignal('updatePageTree');
384 }
385 // Start page:
386 $this->moduleTemplate->getPageRenderer()->addJsFile('EXT:backend/Resources/Public/JavaScript/md5.js');
387 // Use a wrapper div
388 $this->content .= '<div id="user-setup-wrapper">';
389 $this->content .= $this->moduleTemplate->header($this->getLanguageService()->getLL('UserSettings'));
390 $this->addFlashMessages();
391
392 // Render the menu items
393 $menuItems = $this->renderUserSetup();
394 $this->content .= $this->moduleTemplate->getDynamicTabMenu($menuItems, 'user-setup', 1, false, false);
395 $formToken = $this->formProtection->generateToken('BE user setup', 'edit');
396 $this->content .= '<div>';
397 $this->content .= '<input type="hidden" name="simUser" value="' . (int)$this->simUser . '" />
398 <input type="hidden" name="formToken" value="' . htmlspecialchars($formToken) . '" />
399 <input type="hidden" value="1" name="data[save]" />
400 <input type="hidden" name="data[setValuesToDefault]" value="0" id="setValuesToDefault" />';
401 $this->content .= '</div>';
402 // End of wrapper div
403 $this->content .= '</div>';
404 // Setting up the buttons and markers for docheader
405 $this->getButtons();
406 // Build the <body> for the module
407 // Renders the module page
408 $this->moduleTemplate->setContent($this->content);
409 $this->content .= '</form>';
410 }
411
412 /**
413 * Injects the request object for the current request or subrequest
414 * Simply calls main() and init() and writes the content to the response
415 *
416 * @param ServerRequestInterface $request the current request
417 * @return ResponseInterface the response with the content
418 */
419 public function mainAction(ServerRequestInterface $request): ResponseInterface
420 {
421 $this->init();
422 $this->storeIncomingData();
423 $this->main();
424 return new HtmlResponse($this->moduleTemplate->renderContent());
425 }
426
427 /**
428 * Create the panel of buttons for submitting the form or otherwise perform operations.
429 */
430 protected function getButtons()
431 {
432 $buttonBar = $this->moduleTemplate->getDocHeaderComponent()->getButtonBar();
433 $cshButton = $buttonBar->makeHelpButton()
434 ->setModuleName('_MOD_user_setup')
435 ->setFieldName('');
436 $buttonBar->addButton($cshButton);
437
438 $saveButton = $buttonBar->makeInputButton()
439 ->setName('data[save]')
440 ->setTitle($this->getLanguageService()->sL('LLL:EXT:core/Resources/Private/Language/locallang_core.xlf:rm.saveDoc'))
441 ->setValue('1')
442 ->setForm('SetupModuleController')
443 ->setShowLabelText(true)
444 ->setIcon($this->moduleTemplate->getIconFactory()->getIcon('actions-document-save', Icon::SIZE_SMALL));
445
446 $buttonBar->addButton($saveButton);
447 $shortcutButton = $buttonBar->makeShortcutButton()
448 ->setModuleName($this->moduleName);
449 $buttonBar->addButton($shortcutButton);
450 }
451
452 /******************************
453 *
454 * Render module
455 *
456 ******************************/
457
458 /**
459 * renders the data for all tabs in the user setup and returns
460 * everything that is needed with tabs and dyntab menu
461 *
462 * @return array Ready to use for the dyntabmenu itemarray
463 */
464 protected function renderUserSetup()
465 {
466 $backendUser = $this->getBackendUser();
467 $html = '';
468 $result = [];
469 $firstTabLabel = '';
470 $code = [];
471 $fieldArray = $this->getFieldsFromShowItem();
472 $tabLabel = '';
473 foreach ($fieldArray as $fieldName) {
474 $config = $GLOBALS['TYPO3_USER_SETTINGS']['columns'][$fieldName];
475 if (isset($config['access']) && !$this->checkAccess($config)) {
476 continue;
477 }
478
479 if (substr($fieldName, 0, 8) === '--div--;') {
480 if ($firstTabLabel === '') {
481 // First tab
482 $tabLabel = $this->getLabel(substr($fieldName, 8), '', false);
483 $firstTabLabel = $tabLabel;
484 } else {
485 $result[] = [
486 'label' => $tabLabel,
487 'content' => count($code) ? implode(LF, $code) : ''
488 ];
489 $tabLabel = $this->getLabel(substr($fieldName, 8), '', false);
490 $code = [];
491 }
492 continue;
493 }
494 $label = $this->getLabel($config['label'], $fieldName);
495 $label = $this->getCSH($config['csh'] ?: $fieldName, $label);
496 $type = $config['type'];
497 $class = $config['class'];
498 if ($type !== 'check') {
499 $class .= ' form-control';
500 }
501 $more = '';
502 if ($class) {
503 $more .= ' class="' . htmlspecialchars($class) . '"';
504 }
505 $style = $config['style'];
506 if ($style) {
507 $more .= ' style="' . htmlspecialchars($style) . '"';
508 }
509 if (isset($this->overrideConf[$fieldName])) {
510 $more .= ' disabled="disabled"';
511 }
512 $value = $config['table'] === 'be_users' ? $backendUser->user[$fieldName] : $backendUser->uc[$fieldName];
513 if (!$value && isset($config['default'])) {
514 $value = $config['default'];
515 }
516 $dataAdd = '';
517 if ($config['table'] === 'be_users') {
518 $dataAdd = '[be_users]';
519 }
520
521 switch ($type) {
522 case 'text':
523 case 'number':
524 case 'email':
525 case 'password':
526 $noAutocomplete = '';
527
528 $maxLength = $config['max'] ?? 0;
529 if ((int)$maxLength > 0) {
530 $more .= ' maxlength="' . (int)$maxLength . '"';
531 }
532
533 if ($type === 'password') {
534 $value = '';
535 $noAutocomplete = 'autocomplete="off" ';
536 $more .= ' data-rsa-encryption=""';
537 }
538 $html = '<input id="field_' . htmlspecialchars($fieldName) . '"
539 type="' . htmlspecialchars($type) . '"
540 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']" ' .
541 $noAutocomplete .
542 'value="' . htmlspecialchars($value) . '" ' .
543 $more .
544 ' />';
545 break;
546 case 'check':
547 $html = $label . '<div class="checkbox"><label><input id="field_' . htmlspecialchars($fieldName) . '"
548 type="checkbox"
549 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' .
550 ($value ? ' checked="checked"' : '') .
551 $more .
552 ' /></label></div>';
553 $label = '';
554 break;
555 case 'select':
556 if ($config['itemsProcFunc']) {
557 $html = GeneralUtility::callUserFunction($config['itemsProcFunc'], $config, $this);
558 } else {
559 $html = '<select id="field_' . htmlspecialchars($fieldName) . '"
560 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' .
561 $more . '>' . LF;
562 foreach ($config['items'] as $key => $optionLabel) {
563 $html .= '<option value="' . htmlspecialchars($key) . '"' . ($value == $key ? ' selected="selected"' : '') . '>' . $this->getLabel($optionLabel, '', false) . '</option>' . LF;
564 }
565 $html .= '</select>';
566 }
567 break;
568 case 'user':
569 $html = GeneralUtility::callUserFunction($config['userFunc'], $config, $this);
570 break;
571 case 'button':
572 if ($config['onClick']) {
573 $onClick = $config['onClick'];
574 if ($config['onClickLabels']) {
575 foreach ($config['onClickLabels'] as $key => $labelclick) {
576 $config['onClickLabels'][$key] = $this->getLabel($labelclick, '', false);
577 }
578 $onClick = vsprintf($onClick, $config['onClickLabels']);
579 }
580 $html = '<br><input class="btn btn-default" type="button"
581 value="' . $this->getLabel($config['buttonlabel'], '', false) . '"
582 onclick="' . $onClick . '" />';
583 }
584 if (!empty($config['confirm'])) {
585 $confirmData = $config['confirmData'];
586 $html = '<br><input class="btn btn-default t3js-modal-trigger" type="button"'
587 . ' value="' . $this->getLabel($config['buttonlabel'], '', false) . '"'
588 . ' data-href="javascript:' . htmlspecialchars($confirmData['jsCodeAfterOk']) . '"'
589 . ' data-severity="warning"'
590 . ' data-title="' . $this->getLabel($config['label'], '', false) . '"'
591 . ' data-content="' . $this->getLabel($confirmData['message'], '', false) . '" />';
592 }
593 break;
594 case 'avatar':
595 // Get current avatar image
596 $html = '<br>';
597 $avatarFileUid = $this->getAvatarFileUid($backendUser->user['uid']);
598
599 if ($avatarFileUid) {
600 $defaultAvatarProvider = GeneralUtility::makeInstance(DefaultAvatarProvider::class);
601 $avatarImage = $defaultAvatarProvider->getImage($backendUser->user, 32);
602 if ($avatarImage) {
603 $icon = '<span class="avatar"><span class="avatar-image">' .
604 '<img src="' . htmlspecialchars($avatarImage->getUrl(true)) . '"' .
605 ' width="' . (int)$avatarImage->getWidth() . '" ' .
606 'height="' . (int)$avatarImage->getHeight() . '" />' .
607 '</span></span>';
608 $html .= '<span class="pull-left" style="padding-right: 10px" id="image_' . htmlspecialchars($fieldName) . '">' . $icon . ' </span>';
609 }
610 }
611 $html .= '<input id="field_' . htmlspecialchars($fieldName) . '" type="hidden" ' .
612 'name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' . $more .
613 ' value="' . (int)$avatarFileUid . '" />';
614
615 $html .= '<div class="btn-group">';
616 $iconFactory = GeneralUtility::makeInstance(IconFactory::class);
617 if ($avatarFileUid) {
618 $html .=
619 '<a id="clear_button_' . htmlspecialchars($fieldName) . '" '
620 . 'onclick="clearExistingImage(); return false;" class="btn btn-default">'
621 . $iconFactory->getIcon('actions-delete', Icon::SIZE_SMALL)
622 . '</a>';
623 }
624 $html .=
625 '<a id="add_button_' . htmlspecialchars($fieldName) . '" class="btn btn-default btn-add-avatar"'
626 . ' onclick="openFileBrowser();return false;">'
627 . $iconFactory->getIcon('actions-insert-record', Icon::SIZE_SMALL)
628 . '</a></div>';
629
630 $this->addAvatarButtonJs($fieldName);
631 break;
632 default:
633 $html = '';
634 }
635
636 $code[] = '<div class="form-section"><div class="row"><div class="form-group t3js-formengine-field-item col-md-12">' .
637 $label .
638 $html .
639 '</div></div></div>';
640 }
641
642 $result[] = [
643 'label' => $tabLabel,
644 'content' => count($code) ? implode(LF, $code) : ''
645 ];
646 return $result;
647 }
648
649 /**
650 * Return a select with available languages
651 *
652 * @return string Complete select as HTML string or warning box if something went wrong.
653 */
654 public function renderLanguageSelect()
655 {
656 $backendUser = $this->getBackendUser();
657 $language = $this->getLanguageService();
658 $languageOptions = [];
659 // Compile the languages dropdown
660 $langDefault = htmlspecialchars($language->getLL('lang_default'));
661 $languageOptions[$langDefault] = '<option value=""' . ($backendUser->uc['lang'] === '' ? ' selected="selected"' : '') . '>' . $langDefault . '</option>';
662 // Traverse the number of languages
663 $locales = GeneralUtility::makeInstance(Locales::class);
664 $languages = $locales->getLanguages();
665 foreach ($languages as $locale => $name) {
666 if ($locale !== 'default') {
667 $defaultName = isset($GLOBALS['LOCAL_LANG']['default']['lang_' . $locale]) ? $GLOBALS['LOCAL_LANG']['default']['lang_' . $locale][0]['source'] : $name;
668 $localizedName = htmlspecialchars($language->getLL('lang_' . $locale));
669 if ($localizedName === '') {
670 $localizedName = htmlspecialchars($name);
671 }
672 $localLabel = ' - [' . htmlspecialchars($defaultName) . ']';
673 $available = is_dir(Environment::getLegacyConfigPath() . '/l10n/' . $locale);
674 if ($available) {
675 $languageOptions[$defaultName] = '<option value="' . $locale . '"' . ($backendUser->uc['lang'] === $locale ? ' selected="selected"' : '') . '>' . $localizedName . $localLabel . '</option>';
676 }
677 }
678 }
679 ksort($languageOptions);
680 $languageCode = '
681 <select id="field_lang" name="data[lang]" class="form-control">' . implode('', $languageOptions) . '
682 </select>';
683 if ($backendUser->uc['lang'] && !@is_dir(Environment::getLegacyConfigPath() . '/l10n/' . $backendUser->uc['lang'])) {
684 // TODO: The text constants have to be moved into language files
685 $languageUnavailableWarning = 'The selected language "' . htmlspecialchars($language->getLL('lang_' . $backendUser->uc['lang'])) . '" is not available before the language files are installed.&nbsp;&nbsp;<br />&nbsp;&nbsp;' . ($backendUser->isAdmin() ? 'You can use the Language module to easily download new language files.' : 'Please ask your system administrator to do this.');
686 $languageCode = '<br /><span class="label label-danger">' . $languageUnavailableWarning . '</span><br /><br />' . $languageCode;
687 }
688 return $languageCode;
689 }
690
691 /**
692 * Returns a select with all modules for startup
693 *
694 * @return string Complete select as HTML string
695 */
696 public function renderStartModuleSelect()
697 {
698 // Load available backend modules
699 $backendUser = $this->getBackendUser();
700 $language = $this->getLanguageService();
701 $loadModules = GeneralUtility::makeInstance(ModuleLoader::class);
702 $loadModules->observeWorkspaces = true;
703 $loadModules->load($GLOBALS['TBE_MODULES']);
704 $startModuleSelect = '<option value="">' . htmlspecialchars($language->getLL('startModule.firstInMenu')) . '</option>';
705 foreach ($loadModules->modules as $mainMod => $modData) {
706 if (!empty($modData['sub']) && is_array($modData['sub'])) {
707 $modules = '';
708 foreach ($modData['sub'] as $subData) {
709 $modName = $subData['name'];
710 $modules .= '<option value="' . htmlspecialchars($modName) . '"';
711 $modules .= $backendUser->uc['startModule'] === $modName ? ' selected="selected"' : '';
712 $modules .= '>' . htmlspecialchars($language->sL($loadModules->getLabelsForModule($modName)['title'])) . '</option>';
713 }
714 $groupLabel = htmlspecialchars($language->sL($loadModules->getLabelsForModule($mainMod)['title']));
715 $startModuleSelect .= '<optgroup label="' . htmlspecialchars($groupLabel) . '">' . $modules . '</optgroup>';
716 }
717 }
718 return '<select id="field_startModule" name="data[startModule]" class="form-control">' . $startModuleSelect . '</select>';
719 }
720
721 /**
722 * Will make the simulate-user selector if the logged in user is administrator.
723 * It will also set the GLOBAL(!) BE_USER to the simulated user selected if any (and set $this->OLD_BE_USER to logged in user)
724 *
725 * @deprecated and will be removed in TYPO3 v10.0.
726 */
727 public function simulateUser()
728 {
729 trigger_error('Method will be removed in TYPO3 v10', E_USER_DEPRECATED);
730 // If admin, allow simulation of another user
731 $this->simUser = 0;
732 $this->simulateSelector = '';
733 unset($this->OLD_BE_USER);
734 $currentBeUser = $this->getBackendUser();
735 if ($currentBeUser->isAdmin()) {
736 $this->simUser = (int)GeneralUtility::_GP('simUser');
737 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_users');
738 $users = $queryBuilder
739 ->select('*')
740 ->from('be_users')
741 ->where(
742 $queryBuilder->expr()->neq(
743 'uid',
744 $queryBuilder->createNamedParameter($currentBeUser->user['uid'], \PDO::PARAM_INT)
745 ),
746 $queryBuilder->expr()->notLike(
747 'username',
748 $queryBuilder->createNamedParameter(
749 $queryBuilder->escapeLikeWildcards('_cli_') . '%',
750 \PDO::PARAM_STR
751 )
752 )
753 )
754 ->orderBy('username')
755 ->execute()
756 ->fetchAll();
757 $opt = [];
758 foreach ($users as $rr) {
759 $label = $rr['username'] . ($rr['realName'] ? ' (' . $rr['realName'] . ')' : '');
760 $opt[] = '<option value="' . (int)$rr['uid'] . '"' . ($this->simUser === (int)$rr['uid'] ? ' selected="selected"' : '') . '>' . htmlspecialchars($label) . '</option>';
761 }
762 if (!empty($opt)) {
763 $uriBuilder = GeneralUtility::makeInstance(UriBuilder::class);
764 $this->simulateSelector = '<select id="field_simulate" class="form-control" name="simulateUser" onchange="window.location.href=' . GeneralUtility::quoteJSvalue((string)$uriBuilder->buildUriFromRoute('user_setup') . '&simUser=') . '+this.options[this.selectedIndex].value;"><option></option>' . implode('', $opt) . '</select>';
765 }
766 }
767 // This can only be set if the previous code was executed.
768 if ($this->simUser > 0) {
769 // Save old user...
770 $this->OLD_BE_USER = $currentBeUser;
771 // Unset current
772 // New backend user object
773 $currentBeUser = GeneralUtility::makeInstance(BackendUserAuthentication::class);
774 $currentBeUser->setBeUserByUid($this->simUser);
775 $currentBeUser->fetchGroupData();
776 $currentBeUser->backendSetUC();
777 }
778 }
779
780 /**
781 * Returns access check (currently only "admin" is supported)
782 *
783 * @param array $config Configuration of the field, access mode is defined in key 'access'
784 * @return bool Whether it is allowed to modify the given field
785 */
786 protected function checkAccess(array $config)
787 {
788 $access = $config['access'];
789
790 if (isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['setup']['accessLevelCheck'][$access])) {
791 if (class_exists($access)) {
792 $accessObject = GeneralUtility::makeInstance($access);
793 if (method_exists($accessObject, 'accessLevelCheck')) {
794 // Initialize vars. If method fails, $set will be set to FALSE
795 return $accessObject->accessLevelCheck($config);
796 }
797 }
798 } elseif ($access === 'admin') {
799 return $this->isAdmin;
800 }
801
802 return false;
803 }
804
805 /**
806 * Returns the label $str from getLL() and grays out the value if the $str/$key is found in $this->overrideConf array
807 *
808 * @param string $str Locallang key
809 * @param string $key Alternative override-config key
810 * @param bool $addLabelTag Defines whether the string should be wrapped in a <label> tag.
811 * @return string HTML output.
812 */
813 protected function getLabel($str, $key = '', $addLabelTag = true)
814 {
815 if (substr($str, 0, 4) === 'LLL:') {
816 $out = htmlspecialchars($this->getLanguageService()->sL($str));
817 } else {
818 $out = htmlspecialchars($str);
819 }
820 if (isset($this->overrideConf[$key ?: $str])) {
821 $out = '<span style="color:#999999">' . $out . '</span>';
822 }
823 if ($addLabelTag) {
824 $out = '<label>' . $out . '</label>';
825 }
826 return $out;
827 }
828
829 /**
830 * Returns the CSH Icon for given string
831 *
832 * @param string $str Locallang key
833 * @param string $label The label to be used, that should be wrapped in help
834 * @return string HTML output.
835 */
836 protected function getCSH($str, $label)
837 {
838 $context = '_MOD_user_setup';
839 $field = $str;
840 $strParts = explode(':', $str);
841 if (count($strParts) > 1) {
842 // Setting comes from another extension
843 $context = $strParts[0];
844 $field = $strParts[1];
845 } elseif ($str !== 'language' && $str !== 'simuser' && $str !== 'reset') {
846 $field = 'option_' . $str;
847 }
848 return BackendUtility::wrapInHelp($context, $field, $label);
849 }
850
851 /**
852 * Returns array with fields defined in $GLOBALS['TYPO3_USER_SETTINGS']['showitem']
853 * Remove fields which are disabled by user TSconfig
854 *
855 * @return string[] Array with field names visible in form
856 */
857 protected function getFieldsFromShowItem()
858 {
859 $allowedFields = GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_USER_SETTINGS']['showitem'], true);
860 // do not ask for current password if admin (unknown for other users and no security gain)
861 if ($this->isAdmin) {
862 $key = array_search('passwordCurrent', $allowedFields);
863 if ($key !== false) {
864 unset($allowedFields[$key]);
865 }
866 }
867 if (!is_array($this->tsFieldConf)) {
868 return $allowedFields;
869 }
870 foreach ($this->tsFieldConf as $fieldName => $userTsFieldConfig) {
871 if (!empty($userTsFieldConfig['disabled'])) {
872 $fieldName = rtrim($fieldName, '.');
873 $key = array_search($fieldName, $allowedFields);
874 if ($key !== false) {
875 unset($allowedFields[$key]);
876 }
877 }
878 }
879 return $allowedFields;
880 }
881
882 /**
883 * Get Avatar fileUid
884 *
885 * @param int $beUserId
886 * @return int
887 */
888 protected function getAvatarFileUid($beUserId)
889 {
890 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('sys_file_reference');
891 $file = $queryBuilder
892 ->select('uid_local')
893 ->from('sys_file_reference')
894 ->where(
895 $queryBuilder->expr()->eq(
896 'tablenames',
897 $queryBuilder->createNamedParameter('be_users', \PDO::PARAM_STR)
898 ),
899 $queryBuilder->expr()->eq(
900 'fieldname',
901 $queryBuilder->createNamedParameter('avatar', \PDO::PARAM_STR)
902 ),
903 $queryBuilder->expr()->eq(
904 'table_local',
905 $queryBuilder->createNamedParameter('sys_file', \PDO::PARAM_STR)
906 ),
907 $queryBuilder->expr()->eq(
908 'uid_foreign',
909 $queryBuilder->createNamedParameter($beUserId, \PDO::PARAM_INT)
910 )
911 )
912 ->execute()
913 ->fetchColumn();
914 return (int)$file;
915 }
916
917 /**
918 * Set avatar fileUid for backend user
919 *
920 * @param int $beUserId
921 * @param int $fileUid
922 * @param array $storeRec
923 */
924 protected function setAvatarFileUid($beUserId, $fileUid, array &$storeRec)
925 {
926
927 // Update is only needed when new fileUid is set
928 if ((int)$fileUid === $this->getAvatarFileUid($beUserId)) {
929 return;
930 }
931
932 // If user is not allowed to modify avatar $fileUid is empty - so don't overwrite existing avatar
933 if (empty($fileUid)) {
934 return;
935 }
936
937 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('sys_file_reference');
938 $queryBuilder->getRestrictions()->removeAll();
939 $queryBuilder
940 ->delete('sys_file_reference')
941 ->where(
942 $queryBuilder->expr()->eq(
943 'tablenames',
944 $queryBuilder->createNamedParameter('be_users', \PDO::PARAM_STR)
945 ),
946 $queryBuilder->expr()->eq(
947 'fieldname',
948 $queryBuilder->createNamedParameter('avatar', \PDO::PARAM_STR)
949 ),
950 $queryBuilder->expr()->eq(
951 'table_local',
952 $queryBuilder->createNamedParameter('sys_file', \PDO::PARAM_STR)
953 ),
954 $queryBuilder->expr()->eq(
955 'uid_foreign',
956 $queryBuilder->createNamedParameter($beUserId, \PDO::PARAM_INT)
957 )
958 )
959 ->execute();
960
961 // If Avatar is marked for delete => set it to empty string so it will be updated properly
962 if ($fileUid === 'delete') {
963 $fileUid = '';
964 }
965
966 // Create new reference
967 if ($fileUid) {
968
969 // Get file object
970 try {
971 $file = ResourceFactory::getInstance()->getFileObject($fileUid);
972 } catch (FileDoesNotExistException $e) {
973 $file = false;
974 }
975
976 // Check if user is allowed to use the image (only when not in simulation mode)
977 if ($file && $this->simUser === 0 && !$file->getStorage()->checkFileActionPermission('read', $file)) {
978 $file = false;
979 }
980
981 // Check if extension is allowed
982 if ($file && GeneralUtility::inList($GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext'], $file->getExtension())) {
983
984 // Create new file reference
985 $storeRec['sys_file_reference']['NEW1234'] = [
986 'uid_local' => (int)$fileUid,
987 'uid_foreign' => (int)$beUserId,
988 'tablenames' => 'be_users',
989 'fieldname' => 'avatar',
990 'pid' => 0,
991 'table_local' => 'sys_file',
992 ];
993 $storeRec['be_users'][(int)$beUserId]['avatar'] = 'NEW1234';
994 }
995 }
996 }
997
998 /**
999 * Add JavaScript to for browse files button
1000 *
1001 * @param string $fieldName
1002 */
1003 protected function addAvatarButtonJs($fieldName)
1004 {
1005 $uriBuilder = GeneralUtility::makeInstance(UriBuilder::class);
1006 $this->moduleTemplate->addJavaScriptCode('avatar-button', '
1007 var browserWin="";
1008
1009 function openFileBrowser() {
1010 var url = ' . GeneralUtility::quoteJSvalue((string)$uriBuilder->buildUriFromRoute('wizard_element_browser', ['mode' => 'file', 'bparams' => '||||dummy|setFileUid'])) . ';
1011 browserWin = window.open(url,"Typo3WinBrowser","height=650,width=800,status=0,menubar=0,resizable=1,scrollbars=1");
1012 browserWin.focus();
1013 }
1014
1015 function clearExistingImage() {
1016 $(' . GeneralUtility::quoteJSvalue('#image_' . htmlspecialchars($fieldName)) . ').hide();
1017 $(' . GeneralUtility::quoteJSvalue('#clear_button_' . htmlspecialchars($fieldName)) . ').hide();
1018 $(' . GeneralUtility::quoteJSvalue('#field_' . htmlspecialchars($fieldName)) . ').val(\'delete\');
1019 }
1020
1021 function setFileUid(field, value, fileUid) {
1022 clearExistingImage();
1023 $(' . GeneralUtility::quoteJSvalue('#field_' . htmlspecialchars($fieldName)) . ').val(fileUid);
1024 $(' . GeneralUtility::quoteJSvalue('#add_button_' . htmlspecialchars($fieldName)) . ').removeClass(\'btn-default\').addClass(\'btn-info\');
1025
1026 browserWin.close();
1027 }
1028 ');
1029 }
1030
1031 /**
1032 * Returns the current BE user.
1033 *
1034 * @return \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
1035 */
1036 protected function getBackendUser()
1037 {
1038 return $GLOBALS['BE_USER'];
1039 }
1040
1041 /**
1042 * Returns LanguageService
1043 *
1044 * @return \TYPO3\CMS\Core\Localization\LanguageService
1045 */
1046 protected function getLanguageService()
1047 {
1048 return $GLOBALS['LANG'];
1049 }
1050
1051 /**
1052 * Add FlashMessages for various actions
1053 */
1054 protected function addFlashMessages()
1055 {
1056 $flashMessages = [];
1057
1058 // Show if setup was saved
1059 if ($this->setupIsUpdated && !$this->settingsAreResetToDefault) {
1060 $flashMessages[] = $this->getFlashMessage('setupWasUpdated', 'UserSettings');
1061 }
1062
1063 // Show if temporary data was cleared
1064 if ($this->settingsAreResetToDefault) {
1065 $flashMessages[] = $this->getFlashMessage('settingsAreReset', 'resetConfiguration');
1066 }
1067
1068 // Notice
1069 if ($this->setupIsUpdated || $this->settingsAreResetToDefault) {
1070 $flashMessages[] = $this->getFlashMessage('activateChanges', '', FlashMessage::INFO);
1071 }
1072
1073 // If password is updated, output whether it failed or was OK.
1074 if ($this->passwordIsSubmitted) {
1075 $flashMessage = null;
1076 switch ($this->passwordIsUpdated) {
1077 case self::PASSWORD_OLD_WRONG:
1078 $flashMessages[] = $this->getFlashMessage('oldPassword_failed', 'newPassword', FlashMessage::ERROR);
1079 break;
1080 case self::PASSWORD_NOT_THE_SAME:
1081 $flashMessages[] = $this->getFlashMessage('newPassword_failed', 'newPassword', FlashMessage::ERROR);
1082 break;
1083 case self::PASSWORD_UPDATED:
1084 $flashMessages[] = $this->getFlashMessage('newPassword_ok', 'newPassword');
1085 break;
1086 }
1087 }
1088 if (!empty($flashMessages)) {
1089 $this->enqueueFlashMessages($flashMessages);
1090 }
1091 }
1092
1093 /**
1094 * @param array $flashMessages
1095 * @throws \TYPO3\CMS\Core\Exception
1096 */
1097 protected function enqueueFlashMessages(array $flashMessages)
1098 {
1099 $flashMessageService = GeneralUtility::makeInstance(FlashMessageService::class);
1100 $defaultFlashMessageQueue = $flashMessageService->getMessageQueueByIdentifier();
1101 foreach ($flashMessages as $flashMessage) {
1102 $defaultFlashMessageQueue->enqueue($flashMessage);
1103 }
1104 }
1105
1106 /**
1107 * @param string $message
1108 * @param string $title
1109 * @param int $severity
1110 * @return FlashMessage
1111 */
1112 protected function getFlashMessage($message, $title, $severity = FlashMessage::OK)
1113 {
1114 $title = !empty($title) ? $this->getLanguageService()->getLL($title) : ' ';
1115 return GeneralUtility::makeInstance(
1116 FlashMessage::class,
1117 $this->getLanguageService()->getLL($message),
1118 $title,
1119 $severity
1120 );
1121 }
1122 }