[TASK] General code cleanup in ext:sv
[Packages/TYPO3.CMS.git] / typo3 / sysext / sv / Classes / LoginFormHook.php
1 <?php
2 namespace TYPO3\CMS\Sv;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Backend\Controller\LoginController;
18
19 /**
20 * This class contains a BE login form hook. It adds all necessary JavaScript
21 * for the superchallenged authentication.
22 *
23 * @author Dmitry Dulepov <dmitry@typo3.org>
24 */
25 class LoginFormHook {
26
27 /**
28 * Provides form code for the superchallenged authentication.
29 *
30 * @param array $params Parameters to the script
31 * @param LoginController $pObj Calling object
32 * @return string The code for the login form
33 */
34 public function getLoginFormTag(array $params, LoginController &$pObj) {
35 // Get the code according to the login level
36 switch ($pObj->loginSecurityLevel) {
37 case 'challenged':
38 case 'superchallenged':
39 $_SESSION['login_challenge'] = $this->getChallenge();
40 $content = '<form action="index.php" method="post" name="loginform" ' . 'onsubmit="doChallengeResponse(' . ($pObj->loginSecurityLevel == 'challenged' ? 0 : 1) . ');">' . '<input type="hidden" name="challenge" value="' . htmlspecialchars($_SESSION['login_challenge']) . '" />';
41 break;
42 case 'normal':
43 $content = '<form action="index.php" method="post" name="loginform" onsubmit="document.loginform.userident.value=document.loginform.p_field.value;document.loginform.p_field.value=\'\';return true;">';
44 break;
45 default:
46 // No code for unknown level!
47 $content = '';
48 }
49 return $content;
50 }
51
52 /**
53 * Provides form code for the superchallenged authentication.
54 *
55 * @param array $params Parameters to the script
56 * @param LoginController $pObj Calling object
57 * @return string The code for the login form
58 */
59 public function getLoginScripts(array $params, LoginController &$pObj) {
60 $content = '';
61 if ($pObj->loginSecurityLevel === 'superchallenged' || $pObj->loginSecurityLevel === 'challenged') {
62 $content = '
63 <script type="text/javascript" src="sysext/backend/Resources/Public/JavaScript/md5.js"></script>
64 ' . $GLOBALS['TBE_TEMPLATE']->wrapScriptTags('
65 function doChallengeResponse(superchallenged) { //
66 password = document.loginform.p_field.value;
67 if (password) {
68 if (superchallenged) {
69 password = MD5(password); // this makes it superchallenged!!
70 }
71 str = document.loginform.username.value+":"+password+":"+document.loginform.challenge.value;
72 document.loginform.userident.value = MD5(str);
73 document.loginform.p_field.value = "";
74 return true;
75 }
76 }
77 ');
78 }
79 return $content;
80 }
81
82 /**
83 * Create a random challenge string
84 *
85 * @return string Challenge value
86 */
87 protected function getChallenge() {
88 return md5(uniqid('', TRUE) . getmypid());
89 }
90
91 }