Fixed bug #11396: redirects not working for felogin on pages with access set
[Packages/TYPO3.CMS.git] / typo3 / sysext / felogin / pi1 / class.tx_felogin_pi1.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2007-2009 Steffen Kamper <info@sk-typo3.de>
6 * Based on Newloginbox (c) 2002-2004 Kasper Skaarhoj <kasper@typo3.com>
7 *
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 *
19 * This script is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * This copyright notice MUST APPEAR in all copies of the script!
25 *
26 * The code was adapted from newloginbox, see manual for detailed description
27 ***************************************************************/
28 /**
29 * Plugin 'Website User Login' for the 'felogin' extension.
30 *
31 * @author Steffen Kamper <info@sk-typo3.de>
32 * @package TYPO3
33 * @subpackage tx_felogin
34 */
35 class tx_felogin_pi1 extends tslib_pibase {
36 var $prefixId = 'tx_felogin_pi1'; // Same as class name
37 var $scriptRelPath = 'pi1/class.tx_felogin_pi1.php'; // Path to this script relative to the extension dir.
38 var $extKey = 'felogin'; // The extension key.
39 var $pi_checkCHash = true;
40 var $userIsLoggedIn; // Is user logged in?
41 var $template;
42 var $uploadDir;
43 var $redirectUrl;
44 protected $noRedirect = false;
45
46 /**
47 * The main method of the plugin
48 *
49 * @param string $content: The PlugIn content
50 * @param array $conf: The PlugIn configuration
51 *
52 * @return string The content that is displayed on the website
53 */
54 public function main($content,$conf) {
55
56 // Loading TypoScript array into object variable:
57 $this->conf = $conf;
58 $this->uploadDir = 'uploads/tx_felogin/';
59
60 // Loading default pivars
61 $this->pi_setPiVarDefaults();
62
63 // Loading language-labels
64 $this->pi_loadLL();
65
66 // Init FlexForm configuration for plugin:
67 $this->pi_initPIflexForm();
68 $this->mergeflexFormValuesIntoConf();
69
70
71 // Get storage PIDs:
72 if ($this->conf['storagePid']) {
73 if (intval($this->conf['recursive'])) {
74 $this->spid = $this->pi_getPidList($this->conf['storagePid'], intval($this->conf['recursive']));
75 } else {
76 $this->spid = $this->conf['storagePid'];
77 }
78 } else {
79 $pids = $GLOBALS['TSFE']->getStorageSiterootPids();
80 $this->spid = $pids['_STORAGE_PID'];
81 }
82
83 // GPvars:
84 $this->logintype = t3lib_div::_GP('logintype');
85 $this->redirectUrl = t3lib_div::_GP('redirect_url');
86 $this->noRedirect = ($this->piVars['noredirect'] || $this->conf['redirectDisable']);
87
88 // if config.typolinkLinkAccessRestrictedPages is set, the var is return_url
89 $returnUrl = t3lib_div::_GP('return_url');
90 if ($returnUrl) {
91 $this->redirectUrl = $returnUrl;
92 }
93
94 // Get Template
95 $templateFile = $this->conf['templateFile'] ? $this->conf['templateFile'] : 'EXT:felogin/template.html';
96 $this->template = $this->cObj->fileResource($templateFile);
97
98 // Is user logged in?
99 $this->userIsLoggedIn = $GLOBALS['TSFE']->loginUser;
100
101 // Redirect
102 if ($this->conf['redirectMode'] && !$this->conf['redirectDisable'] && !$this->noRedirect) {
103 $this->redirectUrl = $this->processRedirect();
104 }
105
106
107 // What to display
108 $content='';
109 if ($this->piVars['forgot']) {
110 $content .= $this->showForgot();
111 } elseif ($this->piVars['forgothash']) {
112 $content .= $this->changePassword();
113 } else {
114 if($this->userIsLoggedIn && !$this->logintype) {
115 $content .= $this->showLogout();
116 } else {
117 $content .= $this->showLogin();
118 }
119 }
120
121
122
123 // Process the redirect
124 if (($this->logintype === 'login' || $this->logintype === 'logout') && $this->redirectUrl && !$this->noRedirect) {
125 if (!$GLOBALS['TSFE']->fe_user->cookieId) {
126 $content .= '<p style="color:red; font-weight:bold;">' . $this->pi_getLL('cookie_warning', '', 1) . '</p>';
127 } else {
128 header('Location: '.t3lib_div::locationHeaderUrl($this->redirectUrl));
129 exit;
130 }
131 }
132 return $this->conf['wrapContentInBaseClass'] ? $this->pi_wrapInBaseClass($content) : $content;
133
134 }
135
136 /**
137 * Shows the forgot password form
138 *
139 * @return string content
140 */
141 protected function showForgot() {
142 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_FORGOT###');
143 $subpartArray = $linkpartArray = array();
144 $postData = t3lib_div::_POST($this->prefixId);
145
146 if ($postData['forgot_email']) {
147
148 // get hashes for compare
149 $postedHash = $postData['forgot_hash'];
150 $hashData = $GLOBALS['TSFE']->fe_user->getKey('ses', 'forgot_hash');
151
152
153 if ($postedHash === $hashData['forgot_hash']) {
154 $row = FALSE;
155
156 // look for user record
157 $data = $GLOBALS['TYPO3_DB']->fullQuoteStr($this->piVars['forgot_email'], 'fe_users');
158 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
159 'uid, username, password, email',
160 'fe_users',
161 '(email=' . $data .' OR username=' . $data . ') AND pid IN ('.$GLOBALS['TYPO3_DB']->cleanIntList($this->spid).') '.$this->cObj->enableFields('fe_users')
162 );
163
164 if ($GLOBALS['TYPO3_DB']->sql_num_rows($res)) {
165 $row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res);
166 }
167
168 if ($row) {
169 // generate an email with the hashed link
170 $error = $this->generateAndSendHash($row);
171 }
172 // generate message
173 if ($error) {
174 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($error, $this->conf['forgotMessage_stdWrap.']);
175 } else {
176 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($this->pi_getLL('ll_forgot_reset_message_emailSent', '', 1), $this->conf['forgotMessage_stdWrap.']);
177 }
178 $subpartArray['###FORGOT_FORM###'] = '';
179
180
181 } else {
182 //wrong email
183 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
184 $markerArray['###BACKLINK_LOGIN###'] = '';
185 }
186 } else {
187 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
188 $markerArray['###BACKLINK_LOGIN###'] = '';
189 }
190
191 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink($this->pi_getLL('ll_forgot_header_backToLogin', '', 1), array());
192 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('forgot_header', $this->conf['forgotHeader_stdWrap.']);
193
194 $markerArray['###LEGEND###'] = $this->pi_getLL('reset_password', '', 1);
195 $markerArray['###ACTION_URI###'] = $this->getPageLink('', array($this->prefixId . '[forgot]'=>1), true);
196 $markerArray['###EMAIL_LABEL###'] = $this->pi_getLL('your_email', '', 1);
197 $markerArray['###FORGOT_PASSWORD_ENTEREMAIL###'] = $this->pi_getLL('forgot_password_enterEmail', '', 1);
198 $markerArray['###FORGOT_EMAIL###'] = $this->prefixId.'[forgot_email]';
199 $markerArray['###SEND_PASSWORD###'] = $this->pi_getLL('reset_password', '', 1);
200
201 $markerArray['###DATA_LABEL###'] = $this->pi_getLL('ll_enter_your_data', '', 1);
202
203
204
205 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
206
207 // generate hash
208 $hash = md5($this->generatePassword(3));
209 $markerArray['###FORGOTHASH###'] = $hash;
210 // set hash in feuser session
211 $GLOBALS['TSFE']->fe_user->setKey('ses', 'forgot_hash', array('forgot_hash' => $hash));
212
213
214 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
215 }
216
217 /**
218 * This function checks the hash from link and checks the validity. If it's valid it shows the form for
219 * changing the password and process the change of password after submit, if not valid it returns the error message
220 *
221 * @return string The content.
222 */
223 protected function changePassword() {
224
225 $subpartArray = $linkpartArray = array();
226 $done = false;
227
228 $minLength = intval($this->conf['newPasswordMinLength']) ? intval($this->conf['newPasswordMinLength']) : 6;
229
230 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_CHANGEPASSWORD###');
231
232 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('change_password_header', $this->conf['changePasswordHeader_stdWrap.']);
233 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText('change_password_message', $this->conf['changePasswordMessage_stdWrap.']), $minLength);
234
235 $markerArray['###BACKLINK_LOGIN###'] = '';
236 $uid = $this->piVars['user'];
237 $piHash = $this->piVars['forgothash'];
238
239 $hash = explode('|', $piHash);
240 if (intval($uid) == 0) {
241 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('change_password_notvalid_message', $this->conf['changePasswordMessage_stdWrap.']);
242 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
243 } else {
244 $user = $this->pi_getRecord('fe_users', intval($uid));
245 $userHash = $user['felogin_forgotHash'];
246 $compareHash = explode('|', $userHash);
247
248 if (!$compareHash || !$compareHash[1] || $compareHash[0] < time() || $hash[0] != $compareHash[0] || md5($hash[1]) != $compareHash[1]) {
249 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('change_password_notvalid_message',$this->conf['changePasswordMessage_stdWrap.']);
250 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
251 } else {
252 // all is fine, continue with new password
253 $postData = t3lib_div::_POST($this->prefixId);
254
255 if ($postData['changepasswordsubmit']) {
256 if (strlen($postData['password1']) < $minLength) {
257 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText('change_password_tooshort_message', $this->conf['changePasswordMessage_stdWrap.']), $minLength);
258 } elseif ($postData['password1'] != $postData['password2']) {
259 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText('change_password_notequal_message', $this->conf['changePasswordMessage_stdWrap.']), $minLength);
260 } else {
261 $newPass = $postData['password1'];
262
263 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
264 $_params = array(
265 'user' => $user,
266 'newPassword' => $newPass,
267 );
268 foreach($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
269 if ($_funcRef) {
270 t3lib_div::callUserFunction($_funcRef, $_params, $this);
271 }
272 }
273 $newPass = $_params['newPassword'];
274 }
275
276 // save new password and clear DB-hash
277 $res = $GLOBALS['TYPO3_DB']->exec_UPDATEquery(
278 'fe_users',
279 'uid=' . $user['uid'],
280 array('password' => $newPass, 'felogin_forgotHash' => '')
281 );
282 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('change_password_done_message', $this->conf['changePasswordMessage_stdWrap.']);
283 $done = true;
284 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
285 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink($this->pi_getLL('ll_forgot_header_backToLogin', '', 1), array());
286 }
287 }
288
289 if (!$done) {
290 // Change password form
291 $markerArray['###ACTION_URI###'] = $this->pi_getPageLink($GLOBALS['TSFE']->id, '', array(
292 $this->prefixId . '[user]' => $user['uid'],
293 $this->prefixId . '[forgothash]' => $piHash
294 ));
295 $markerArray['###LEGEND###'] = $this->pi_getLL('change_password', '', 1);
296 $markerArray['###NEWPASSWORD1_LABEL###'] = $this->pi_getLL('newpassword_label1', '', 1);
297 $markerArray['###NEWPASSWORD2_LABEL###'] = $this->pi_getLL('newpassword_label2', '', 1);
298 $markerArray['###NEWPASSWORD1###'] = $this->prefixId . '[password1]';
299 $markerArray['###NEWPASSWORD2###'] = $this->prefixId . '[password2]';
300 $markerArray['###STORAGE_PID###'] = $this->spid;
301 $markerArray['###SEND_PASSWORD###'] = $this->pi_getLL('change_password', '', 1);
302 $markerArray['###FORGOTHASH###'] = $piHash;
303 }
304 }
305 }
306
307 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
308 }
309
310 /**
311 * generates a hashed link and send it with email
312 *
313 * @param array $user contains user data
314 * @return string Empty string with success, error message with no success
315 */
316 protected function generateAndSendHash($user) {
317 $hours = intval($this->conf['forgotLinkHashValidTime']) > 0 ? intval($this->conf['forgotLinkHashValidTime']) : 24;
318 $validEnd = time() + 3600 * $hours;
319 $validEndString = date($this->conf['dateFormat'], $validEnd);
320
321 $hash = md5(rand());
322 $randHash = $validEnd . '|' . $hash;
323 $randHashDB = $validEnd . '|' . md5($hash);
324
325 //write hash to DB
326 $res = $GLOBALS['TYPO3_DB']->exec_UPDATEquery('fe_users', 'uid=' . $user['uid'], array('felogin_forgotHash' => $randHashDB));
327
328 // send hashlink to user
329 $this->conf['linkPrefix'] = -1;
330 $isAbsRelPrefix = !empty($GLOBALS['TSFE']->absRefPrefix);
331 $isBaseURL = !empty($GLOBALS['TSFE']->baseUrl);
332 $isFeloginBaseURL = !empty($this->conf['feloginBaseURL']);
333
334 if ($isFeloginBaseURL) {
335 // first priority
336 $this->conf['linkPrefix'] = $this->conf['feloginBaseURL'];
337 } else {
338 if ($isBaseURL) {
339 // 3rd priority
340 $this->conf['linkPrefix'] = $GLOBALS['TSFE']->baseUrl;
341 }
342 }
343
344 if ($this->conf['linkPrefix'] == -1 && !$isAbsRelPrefix) {
345 // no preix is set, return the error
346 return $this->pi_getLL('ll_change_password_nolinkprefix_message');
347 }
348
349 $link = ($isAbsRelPrefix ? '' : $this->conf['linkPrefix']) . $this->pi_getPageLink($GLOBALS['TSFE']->id, '', array(
350 $this->prefixId . '[user]' => $user['uid'],
351 $this->prefixId . '[forgothash]' => $randHash
352 ));
353
354 $msg = sprintf($this->pi_getLL('ll_forgot_validate_reset_password', '', 0), $user['username'], $link, $validEndString);
355
356 // no RDCT - Links for security reasons
357 $oldSetting = $GLOBALS['TSFE']->config['config']['notification_email_urlmode'];
358 $GLOBALS['TSFE']->config['config']['notification_email_urlmode'] = 0;
359 // send the email
360 $this->cObj->sendNotifyEmail($msg, $user['email'], '', $this->conf['email_from'], $this->conf['email_fromName'], $this->conf['replyTo']);
361 // restore settings
362 $GLOBALS['TSFE']->config['config']['notification_email_urlmode'] = $oldSetting;
363
364 return '';
365 }
366
367 /**
368 * Shows logout form
369 *
370 * @return string The content.
371 */
372 protected function showLogout() {
373 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGOUT###');
374 $subpartArray = $linkpartArray = array();
375
376 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('status_header',$this->conf['logoutHeader_stdWrap.']);
377 $markerArray['###STATUS_MESSAGE###']=$this->getDisplayText('status_message',$this->conf['logoutMessage_stdWrap.']);$this->cObj->stdWrap($this->flexFormValue('message','s_status'),$this->conf['logoutMessage_stdWrap.']);
378
379 $markerArray['###LEGEND###'] = $this->pi_getLL('logout', '', 1);
380 $markerArray['###ACTION_URI###'] = $this->getPageLink('',array(),true);
381 $markerArray['###LOGOUT_LABEL###'] = $this->pi_getLL('logout', '', 1);
382 $markerArray['###NAME###'] = htmlspecialchars($GLOBALS['TSFE']->fe_user->user['name']);
383 $markerArray['###STORAGE_PID###'] = $this->spid;
384 $markerArray['###USERNAME###'] = htmlspecialchars($GLOBALS['TSFE']->fe_user->user['username']);
385 $markerArray['###USERNAME_LABEL###'] = $this->pi_getLL('username', '', 1);
386 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
387 $markerArray['###PREFIXID###'] = $this->prefixId;
388 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
389
390 if ($this->redirectUrl) {
391 // use redirectUrl for action tag because of possible access restricted pages
392 $markerArray['###ACTION_URI###'] = htmlspecialchars($this->redirectUrl);
393 $this->redirectUrl = '';
394 }
395 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
396 }
397
398 /**
399 * Shows login form
400 *
401 * @return string content
402 */
403 protected function showLogin() {
404 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGIN###');
405 $subpartArray = $linkpartArray = array();
406
407 $gpRedirectUrl = '';
408
409 $markerArray['###LEGEND###'] = $this->pi_getLL('oLabel_header_welcome', '', 1);
410
411 if($this->logintype === 'login') {
412 if($this->userIsLoggedIn) {
413 // login success
414 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('success_header',$this->conf['successHeader_stdWrap.']);
415 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('success_message', $this->conf['successMessage_stdWrap.']);
416 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
417 $subpartArray['###LOGIN_FORM###'] = '';
418
419 // Hook for general actions after after login has been confirmed (by Thomas Danzl <thomas@danzl.org>)
420 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed']) {
421 $_params = array();
422 foreach($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed'] as $_funcRef) {
423 if ($_funcRef) {
424 t3lib_div::callUserFunction($_funcRef, $_params, $this);
425 }
426 }
427 }
428
429 } else {
430 // login error
431 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('error_header',$this->conf['errorHeader_stdWrap.']);
432 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('error_message',$this->conf['errorMessage_stdWrap.']);
433 $gpRedirectUrl = t3lib_div::_GP('redirect_url');
434 }
435 } else {
436 if($this->logintype === 'logout') {
437 // login form after logout
438 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('logout_header',$this->conf['welcomeHeader_stdWrap.']);
439 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('logout_message',$this->conf['welcomeMessage_stdWrap.']);
440 } else {
441 // login form
442 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('welcome_header',$this->conf['welcomeHeader_stdWrap.']);
443 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('welcome_message',$this->conf['welcomeMessage_stdWrap.']);
444 }
445 }
446
447
448 // Hook (used by kb_md5fepw extension by Kraft Bernhard <kraftb@gmx.net>)
449 // This hook allows to call User JS functions.
450 // The methods should also set the required JS functions to get included
451 $onSubmit = '';
452 $extraHidden = '';
453 if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'])) {
454 $_params = array();
455 $onSubmitAr = array();
456 $extraHiddenAr = array();
457 foreach($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] as $funcRef) {
458 list($onSub, $hid) = t3lib_div::callUserFunction($funcRef, $_params, $this);
459 $onSubmitAr[] = $onSub;
460 $extraHiddenAr[] = $hid;
461 }
462 }
463 if (count($onSubmitAr)) {
464 $onSubmit = implode('; ', $onSubmitAr).'; return true;';
465 $extraHidden = implode(chr(10), $extraHiddenAr);
466 }
467
468 // Login form
469 $markerArray['###ACTION_URI###'] = $this->getPageLink('',array(),true);
470 $markerArray['###EXTRA_HIDDEN###'] = $extraHidden; // used by kb_md5fepw extension...
471 $markerArray['###LEGEND###'] = $this->pi_getLL('login', '', 1);
472 $markerArray['###LOGIN_LABEL###'] = $this->pi_getLL('login', '', 1);
473 $markerArray['###ON_SUBMIT###'] = $onSubmit; // used by kb_md5fepw extension...
474 $markerArray['###PASSWORD_LABEL###'] = $this->pi_getLL('password', '', 1);
475 $markerArray['###STORAGE_PID###'] = $this->spid;
476 $markerArray['###USERNAME_LABEL###'] = $this->pi_getLL('username', '', 1);
477 $markerArray['###REDIRECT_URL###'] = $gpRedirectUrl ? htmlspecialchars($gpRedirectUrl) : htmlspecialchars($this->redirectUrl);
478 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
479 $markerArray['###PREFIXID###'] = $this->prefixId;
480 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
481
482 if ($this->flexFormValue('showForgotPassword','sDEF') || $this->conf['showForgotPasswordLink']) {
483 $linkpartArray['###FORGOT_PASSWORD_LINK###'] = explode('|',$this->getPageLink('|',array($this->prefixId.'[forgot]'=>1)));
484 $markerArray['###FORGOT_PASSWORD###'] = $this->pi_getLL('ll_forgot_header', '', 1);
485 } else {
486 $subpartArray['###FORGOTP_VALID###'] = '';
487 }
488
489
490
491 if ($this->redirectUrl) {
492 // use redirectUrl for action tag because of possible access restricted pages
493 $markerArray['###ACTION_URI###'] = htmlspecialchars($this->redirectUrl);
494 $this->redirectUrl = '';
495 }
496 if (($this->conf['showPermaLogin']) && ($GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'] == 0 || $GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'] == 1) && $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'] > 0) {
497 $markerArray['###PERMALOGIN###'] = $this->pi_getLL('permalogin', '', 1);
498 if($GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'] == 1) {
499 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = 'disabled="disabled"';
500 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = 'checked="checked"';
501 } else {
502 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = '';
503 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = '';
504 }
505 } else {
506 $subpartArray['###PERMALOGIN_VALID###'] = '';
507 }
508 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
509 }
510
511 /**
512 * Process redirect methods. The function searches for a redirect url using all configured methods.
513 *
514 * @return string redirect url
515 */
516 protected function processRedirect() {
517 if ($this->conf['redirectMode']) {
518 foreach (t3lib_div::trimExplode(',', $this->conf['redirectMode'],1) as $redirMethod) {
519 if ($GLOBALS['TSFE']->loginUser && $this->logintype === 'login') {
520 // logintype is needed because the login-page wouldn't be accessible anymore after a login (would always redirect)
521 switch ($redirMethod) {
522 case 'groupLogin': // taken from dkd_redirect_at_login written by Ingmar Schlecht; database-field changed
523 $groupData = $GLOBALS['TSFE']->fe_user->groupData;
524 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
525 'felogin_redirectPid',
526 $GLOBALS['TSFE']->fe_user->usergroup_table,
527 'felogin_redirectPid!="" AND uid IN (' . implode(',', $groupData['uid']) . ')'
528 );
529 if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_row($res)) {
530 $redirect_url = $this->pi_getPageLink($row[0],array(),true); // take the first group with a redirect page
531 }
532 break;
533 case 'userLogin':
534 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
535 'felogin_redirectPid',
536 $GLOBALS['TSFE']->fe_user->user_table,
537 $GLOBALS['TSFE']->fe_user->userid_column . '=' . $GLOBALS['TSFE']->fe_user->user['uid'] . ' AND felogin_redirectPid!=""'
538 );
539 if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_row($res)) {
540 $redirect_url = $this->pi_getPageLink($row[0], array(), true);
541 }
542 break;
543 case 'login':
544 if ($this->conf['redirectPageLogin']) {
545 $redirect_url = $this->pi_getPageLink(intval($this->conf['redirectPageLogin']), array(), true);
546 }
547 break;
548 case 'getpost':
549 $redirect_url = $this->redirectUrl;
550 break;
551 case 'referer':
552 $redirect_url = t3lib_div::getIndpEnv('HTTP_REFERER');
553 // avoid forced logout, when trying to login immediatly after a logout
554 $redirect_url = preg_replace('/[&?]logintype=[a-z]+/', '', $redirect_url);
555 break;
556 case 'refererDomains':
557 // Auto redirect.
558 // Feature to redirect to the page where the user came from (HTTP_REFERER).
559 // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
560 // Thanks to plan2.net / Martin Kutschker for implementing this feature.
561 if (!$redirect_url && $this->conf['domains']) {
562 $redirect_url = t3lib_div::getIndpEnv('HTTP_REFERER');
563 // is referring url allowed to redirect?
564 $match = array();
565 if (preg_match('/^http://([[:alnum:]._-]+)//', $redirect_url, $match)) {
566 $redirect_domain = $match[1];
567 $found = false;
568 foreach(split(',', $this->conf['domains']) as $d) {
569 if (preg_match('/(^|\.)/'.$d.'$', $redirect_domain)) {
570 $found = true;
571 break;
572 }
573 }
574 if (!$found) {
575 $redirect_url = '';
576 }
577 }
578
579 // Avoid forced logout, when trying to login immediatly after a logout
580 $redirect_url = preg_replace('/[&?]logintype=[a-z]+/', '', $redirect_url);
581 }
582 break;
583 }
584 } else if ($this->logintype === 'login') { // after login-error
585 switch ($redirMethod) {
586 case 'loginError':
587 if ($this->conf['redirectPageLoginError']) {
588 $redirect_url = $this->pi_getPageLink(intval($this->conf['redirectPageLoginError']), array(), true);
589 }
590 break;
591 }
592 } elseif (($this->logintype == '') && ($redirMethod == 'login') && $this->conf['redirectPageLogin']) {
593 // if login and page not accessible
594 $this->cObj->typolink('', array(
595 'parameter' => $this->conf['redirectPageLogin'],
596 'linkAccessRestrictedPages' => TRUE,
597 ));
598 $redirect_url = $this->cObj->lastTypoLinkUrl;
599
600 } elseif (($this->logintype == '') && ($redirMethod == 'logout') && $this->conf['redirectPageLogout'] && $GLOBALS['TSFE']->loginUser) {
601 // if logout and page not accessible
602 $redirect_url = $this->pi_getPageLink(intval($this->conf['redirectPageLogout']), array(), TRUE);
603
604 } elseif ($this->logintype === 'logout') { // after logout
605
606 // Hook for general actions after after logout has been confirmed
607 if ($this->logintype === 'logout' && $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed']) {
608 $_params = array();
609 foreach($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed'] as $_funcRef) {
610 if ($_funcRef) {
611 t3lib_div::callUserFunction($_funcRef, $_params, $this);
612 }
613 }
614 }
615
616 switch ($redirMethod) {
617 case 'logout':
618 if ($this->conf['redirectPageLogout']) {
619 $redirect_url = $this->pi_getPageLink(intval($this->conf['redirectPageLogout']), array(), true);
620 }
621 break;
622 }
623 } else { // not logged in
624 // Placeholder for maybe future options
625 switch ($redirMethod) {
626 case 'getpost':
627 // preserve the get/post value
628 $redirect_url = $this->redirectUrl;
629 break;
630 }
631 }
632
633 if ($redirect_url && $this->conf['redirectFirstMethod']) {
634 break;
635 }
636 }
637 }
638 return $redirect_url;
639 }
640
641 /**
642 * Reads flexform configuration and merge it with $this->conf
643 *
644 * @return void
645 */
646 protected function mergeflexFormValuesIntoConf() {
647 $flex = array();
648 if ($this->flexFormValue('showForgotPassword', 'sDEF')) {
649 $flex['showForgotPassword'] = $this->flexFormValue('showForgotPassword','sDEF');
650 }
651
652 if ($this->flexFormValue('showPermaLogin', 'sDEF')) {
653 $flex['showPermaLogin'] = $this->flexFormValue('showPermaLogin', 'sDEF');
654 }
655
656 if ($this->flexFormValue('pages', 'sDEF')) {
657 $flex['pages'] = $this->flexFormValue('pages', 'sDEF');
658 }
659
660 if ($this->flexFormValue('recursive', 'sDEF')) {
661 $flex['recursive'] = $this->flexFormValue('recursive', 'sDEF');
662 }
663
664 if ($this->flexFormValue('templateFile', 'sDEF')) {
665 $flex['templateFile'] = $this->uploadDir . $this->flexFormValue('templateFile', 'sDEF');
666 }
667
668 if ($this->flexFormValue('redirectMode', 's_redirect')) {
669 $flex['redirectMode'] = $this->flexFormValue('redirectMode', 's_redirect');
670 }
671
672 if ($this->flexFormValue('redirectFirstMethod', 's_redirect')) {
673 $flex['redirectFirstMethod'] = $this->flexFormValue('redirectFirstMethod', 's_redirect');
674 }
675
676 if ($this->flexFormValue('redirectDisable', 's_redirect')) {
677 $flex['redirectDisable'] = $this->flexFormValue('redirectDisable', 's_redirect');
678 }
679
680 if ($this->flexFormValue('redirectPageLogin', 's_redirect')) {
681 $flex['redirectPageLogin'] = $this->flexFormValue('redirectPageLogin', 's_redirect');
682 }
683
684 if ($this->flexFormValue('redirectPageLoginError', 's_redirect')) {
685 $flex['redirectPageLoginError'] = $this->flexFormValue('redirectPageLoginError','s_redirect');
686 }
687
688 if ($this->flexFormValue('redirectPageLogout', 's_redirect')) {
689 $flex['redirectPageLogout'] = $this->flexFormValue('redirectPageLogout', 's_redirect');
690 }
691
692 $pid = $flex['pages'] ? $this->pi_getPidList($flex['pages'], $flex['recursive']) : 0;
693 if ($pid > 0) {
694 $flex['storagePid'] = $pid;
695 }
696
697 $this->conf = array_merge($this->conf, $flex);
698 }
699
700 /**
701 * Loads a variable from the flexform
702 *
703 * @param string name of variable
704 * @param string name of sheet
705 * @return string value of var
706 */
707 protected function flexFormValue($var, $sheet) {
708 return $this->pi_getFFvalue($this->cObj->data['pi_flexform'], $var,$sheet);
709 }
710
711 /**
712 * Generate link with typolink function
713 *
714 * @param string linktext
715 * @param array link vars
716 * @param boolean true: returns only url false (default) returns the link)
717 *
718 * @return string link or url
719 */
720 protected function getPageLink($label, $piVars,$returnUrl = false) {
721 $additionalParams = '';
722
723 if (count($piVars)) {
724 foreach($piVars as $key=>$val) {
725 $additionalParams .= '&' . $key . '=' . $val;
726 }
727 }
728 // should GETvars be preserved?
729 if ($this->conf['preserveGETvars']) {
730 $additionalParams .= $this->getPreserveGetVars();
731 }
732
733 $this->conf['linkConfig.']['parameter'] = $GLOBALS['TSFE']->id;
734 if ($additionalParams) {
735 $this->conf['linkConfig.']['additionalParams'] = $additionalParams;
736 }
737
738 if ($returnUrl) {
739 return htmlspecialchars($this->cObj->typolink_url($this->conf['linkConfig.']));
740 } else {
741 return $this->cObj->typolink($label,$this->conf['linkConfig.']);
742 }
743 }
744
745 /**
746 * Is used by TS-setting preserveGETvars
747 * possible values are "all" or a commaseperated list of GET-vars
748 * they are used as additionalParams for link generation
749 *
750 * @return string additionalParams-string
751 */
752 protected function getPreserveGetVars() {
753
754 $params = '';
755 $preserveVars =! ($this->conf['preserveGETvars'] || $this->conf['preserveGETvars']=='all' ? array() : implode(',', (array)$this->conf['preserveGETvars']));
756 $getVars = t3lib_div::_GET();
757
758 foreach ($getVars as $key => $val) {
759 if (stristr($key,$this->prefixId) === false) {
760 if (is_array($val)) {
761 foreach ($val as $key1 => $val1) {
762 if ($this->conf['preserveGETvars'] == 'all' || in_array($key . '[' . $key1 .']', $preserveVars)) {
763 $params .= '&' . $key . '[' . $key1 . ']=' . $val1;
764 }
765 }
766 } else {
767 if (!in_array($key, array('id','no_cache','logintype','redirect_url','cHash'))) {
768 $params .= '&' . $key . '=' . $val;
769 }
770 }
771 }
772 }
773 return $params;
774 }
775
776 /**
777 * Is used by forgot password - function with md5 option.
778 *
779 * @author Bernhard Kraft
780 *
781 * @param int length of new password
782 * @return string new password
783 */
784 protected function generatePassword($len) {
785 $pass = '';
786 while ($len--) {
787 $char = rand(0,35);
788 if ($char < 10) {
789 $pass .= '' . $char;
790 } else {
791 $pass .= chr($char - 10 + 97);
792 }
793 }
794 return $pass;
795 }
796
797 /**
798 * Returns the header / message value from flexform if present, else from locallang.xml
799 *
800 * @param string label name
801 * @param string TS stdWrap array
802 * @return string label text
803 */
804 protected function getDisplayText($label, $stdWrapArray=array()) {
805 $text = $this->flexFormValue($label, 's_messages') ? $this->cObj->stdWrap($this->flexFormValue($label, 's_messages'), $stdWrapArray) : $this->cObj->stdWrap($this->pi_getLL('ll_'.$label, '', 1), $stdWrapArray);
806 $replace = $this->getUserFieldMarkers();
807 return strtr($text, $replace);
808 }
809
810 /**
811 * Returns Array of markers filled with user fields
812 *
813 * @return array marker array
814 */
815 protected function getUserFieldMarkers() {
816 $marker = array();
817 // replace markers with fe_user data
818 if ($GLOBALS['TSFE']->fe_user->user) {
819 // all fields of fe_user will be replaced, scheme is ###FEUSER_FIELDNAME###
820 foreach ($GLOBALS['TSFE']->fe_user->user as $field => $value) {
821 $marker['###FEUSER_' . t3lib_div::strtoupper($field) . '###'] = $this->cObj->stdWrap($value, $this->conf['userfields.'][$field . '.']);
822 }
823 // add ###USER### for compatibility
824 $marker['###USER###'] = $marker['###FEUSER_USERNAME###'];
825 }
826 return $marker;
827 }
828 }
829
830
831
832 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/felogin/pi1/class.tx_felogin_pi1.php']) {
833 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/felogin/pi1/class.tx_felogin_pi1.php']);
834 }
835
836 ?>