[BUGFIX] Refactored ElementInfo missed one table
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / AjaxLoginHandler.php
1 <?php
2 namespace TYPO3\CMS\Backend;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 2008-2013 Christoph Koehler (christoph@webempoweredchurch.org)
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 * A copy is found in the textfile GPL.txt and important notices to the license
19 * from the author is found in LICENSE.txt distributed with these scripts.
20 *
21 *
22 * This script is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
26 *
27 * This copyright notice MUST APPEAR in all copies of the script!
28 ***************************************************************/
29 /**
30 * This is the ajax handler for backend login after timeout.
31 *
32 * @author Christoph Koehler <christoph@webempoweredchurch.org>
33 */
34 class AjaxLoginHandler {
35
36 /**
37 * Handles the actual login process, more specifically it defines the response.
38 * The login details were sent in as part of the ajax request and automatically logged in
39 * the user inside the init.php part of the ajax call. If that was successful, we have
40 * a BE user and reset the timer and hide the login window.
41 * If it was unsuccessful, we display that and show the login box again.
42 *
43 * @param array $parameters Parameters (not used)
44 * @param \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj The calling parent AJAX object
45 * @return void
46 */
47 public function login(array $parameters, \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj) {
48 if ($this->isAuthorizedBackendSession()) {
49 $json = array('success' => TRUE);
50 if ($this->hasLoginBeenProcessed()) {
51 $formProtection = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get();
52 $formProtection->setSessionTokenFromRegistry();
53 $formProtection->persistSessionToken();
54 }
55 } else {
56 $json = array('success' => FALSE);
57 }
58 $ajaxObj->addContent('login', $json);
59 $ajaxObj->setContentFormat('json');
60 }
61
62 /**
63 * Checks if a user is logged in and the session is active.
64 *
65 * @return boolean
66 */
67 protected function isAuthorizedBackendSession() {
68 return isset($GLOBALS['BE_USER']) && $GLOBALS['BE_USER'] instanceof \TYPO3\CMS\Core\Authentication\BackendUserAuthentication && isset($GLOBALS['BE_USER']->user['uid']);
69 }
70
71 /**
72 * Check whether the user was already authorized or not
73 *
74 * @return boolean
75 */
76 protected function hasLoginBeenProcessed() {
77 $loginFormData = $GLOBALS['BE_USER']->getLoginFormData();
78 return $loginFormData['status'] == 'login' && isset($loginFormData['uname']) && isset($loginFormData['uident']) && isset($loginFormData['chalvalue']) && (string) $_COOKIE[\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName()] !== (string) $GLOBALS['BE_USER']->id;
79 }
80
81 /**
82 * Logs out the current BE user
83 *
84 * @param array $parameters Parameters (not used)
85 * @param \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj The calling parent AJAX object
86 * @return void
87 */
88 public function logout(array $parameters, \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj) {
89 $GLOBALS['BE_USER']->logoff();
90 if (isset($GLOBALS['BE_USER']->user['uid'])) {
91 $ajaxObj->addContent('logout', array('success' => FALSE));
92 } else {
93 $ajaxObj->addContent('logout', array('success' => TRUE));
94 }
95 $ajaxObj->setContentFormat('json');
96 }
97
98 /**
99 * Refreshes the login without needing login information. We just refresh the session.
100 *
101 * @param array $parameters Parameters (not used)
102 * @param \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj The calling parent AJAX object
103 * @return void
104 */
105 public function refreshLogin(array $parameters, \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj) {
106 $GLOBALS['BE_USER']->checkAuthentication();
107 $ajaxObj->addContent('refresh', array('success' => TRUE));
108 $ajaxObj->setContentFormat('json');
109 }
110
111 /**
112 * Checks if the user session is expired yet
113 *
114 * @param array $parameters Parameters (not used)
115 * @param \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj The calling parent AJAX object
116 * @return void
117 * @todo Define visibility
118 */
119 public function isTimedOut(array $parameters, \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj) {
120 if (is_object($GLOBALS['BE_USER'])) {
121 $ajaxObj->setContentFormat('json');
122 if (@is_file((PATH_typo3conf . 'LOCK_BACKEND'))) {
123 $ajaxObj->addContent('login', array('will_time_out' => FALSE, 'locked' => TRUE));
124 $ajaxObj->setContentFormat('json');
125 } elseif (!isset($GLOBALS['BE_USER']->user['uid'])) {
126 $ajaxObj->addContent('login', array('timed_out' => TRUE));
127 } else {
128 $GLOBALS['BE_USER']->fetchUserSession(TRUE);
129 $ses_tstamp = $GLOBALS['BE_USER']->user['ses_tstamp'];
130 $timeout = $GLOBALS['BE_USER']->auth_timeout_field;
131 // If 120 seconds from now is later than the session timeout, we need to show the refresh dialog.
132 // 120 is somewhat arbitrary to allow for a little room during the countdown and load times, etc.
133 if ($GLOBALS['EXEC_TIME'] >= $ses_tstamp + $timeout - 120) {
134 $ajaxObj->addContent('login', array('will_time_out' => TRUE));
135 } else {
136 $ajaxObj->addContent('login', array('will_time_out' => FALSE));
137 }
138 }
139 } else {
140 $ajaxObj->addContent('login', array('success' => FALSE, 'error' => 'No BE_USER object'));
141 }
142 }
143
144 /**
145 * Gets a MD5 challenge.
146 *
147 * @param array $parameters Parameters (not used)
148 * @param \TYPO3\CMS\Core\Http\AjaxRequestHandler $parent The calling parent AJAX object
149 * @return void
150 */
151 public function getChallenge(array $parameters, \TYPO3\CMS\Core\Http\AjaxRequestHandler $parent) {
152 session_start();
153 $_SESSION['login_challenge'] = md5(uniqid('') . getmypid());
154 session_commit();
155 $parent->addContent('challenge', $_SESSION['login_challenge']);
156 $parent->setContentFormat('json');
157 }
158
159 }
160
161
162 ?>