Fixed bug #13506: Function changePassword does not work, when hitting enter in change...
[Packages/TYPO3.CMS.git] / typo3 / sysext / felogin / pi1 / class.tx_felogin_pi1.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2007-2009 Steffen Kamper <info@sk-typo3.de>
6 * Based on Newloginbox (c) 2002-2004 Kasper Skaarhoj <kasper@typo3.com>
7 *
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 *
19 * This script is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * This copyright notice MUST APPEAR in all copies of the script!
25 *
26 * The code was adapted from newloginbox, see manual for detailed description
27 ***************************************************************/
28 /**
29 * Plugin 'Website User Login' for the 'felogin' extension.
30 *
31 * @author Steffen Kamper <info@sk-typo3.de>
32 * @package TYPO3
33 * @subpackage tx_felogin
34 */
35 class tx_felogin_pi1 extends tslib_pibase {
36 var $prefixId = 'tx_felogin_pi1'; // Same as class name
37 var $scriptRelPath = 'pi1/class.tx_felogin_pi1.php'; // Path to this script relative to the extension dir.
38 var $extKey = 'felogin'; // The extension key.
39 public $pi_checkCHash = false;
40 public $pi_USER_INT_obj = true;
41
42 protected $userIsLoggedIn; // Is user logged in?
43 protected $template; // holds the template for FE rendering
44 protected $uploadDir; // upload dir, used for flexform template files
45 protected $redirectUrl; // URL for the redirect
46 protected $noRedirect = false; // flag for disable the redirect
47 protected $logintype; // logintype (given as GPvar), possible: login, logout
48
49 /**
50 * The main method of the plugin
51 *
52 * @param string $content: The PlugIn content
53 * @param array $conf: The PlugIn configuration
54 *
55 * @return string The content that is displayed on the website
56 */
57 public function main($content,$conf) {
58
59 // Loading TypoScript array into object variable:
60 $this->conf = $conf;
61 $this->uploadDir = 'uploads/tx_felogin/';
62
63 // Loading default pivars
64 $this->pi_setPiVarDefaults();
65
66 // Loading language-labels
67 $this->pi_loadLL();
68
69 // Init FlexForm configuration for plugin:
70 $this->pi_initPIflexForm();
71 $this->mergeflexFormValuesIntoConf();
72
73
74 // Get storage PIDs:
75 if ($this->conf['storagePid']) {
76 if (intval($this->conf['recursive'])) {
77 $this->spid = $this->pi_getPidList($this->conf['storagePid'], intval($this->conf['recursive']));
78 } else {
79 $this->spid = $this->conf['storagePid'];
80 }
81 } else {
82 $pids = $GLOBALS['TSFE']->getStorageSiterootPids();
83 $this->spid = $pids['_STORAGE_PID'];
84 }
85
86 // GPvars:
87 $this->logintype = t3lib_div::_GP('logintype');
88 $this->referer = t3lib_div::_GP('referer');
89 $this->noRedirect = ($this->piVars['noredirect'] || $this->conf['redirectDisable']);
90
91 // if config.typolinkLinkAccessRestrictedPages is set, the var is return_url
92 $returnUrl = t3lib_div::_GP('return_url');
93 if ($returnUrl) {
94 $this->redirectUrl = $returnUrl;
95 } else {
96 $this->redirectUrl = t3lib_div::_GP('redirect_url');
97 }
98
99 // Get Template
100 $templateFile = $this->conf['templateFile'] ? $this->conf['templateFile'] : 'EXT:felogin/template.html';
101 $this->template = $this->cObj->fileResource($templateFile);
102
103 // Is user logged in?
104 $this->userIsLoggedIn = $GLOBALS['TSFE']->loginUser;
105
106 // Redirect
107 if ($this->conf['redirectMode'] && !$this->conf['redirectDisable'] && !$this->noRedirect) {
108 $redirectUrl = $this->processRedirect();
109 if (count($redirectUrl)) {
110 $this->redirectUrl = $this->conf['redirectFirstMethod'] ? array_shift($redirectUrl) : array_pop($redirectUrl);
111 } else {
112 $this->redirectUrl = '';
113 }
114 }
115
116 // What to display
117 $content='';
118 if ($this->piVars['forgot']) {
119 $content .= $this->showForgot();
120 } elseif ($this->piVars['forgothash']) {
121 $content .= $this->changePassword();
122 } else {
123 if($this->userIsLoggedIn && !$this->logintype) {
124 $content .= $this->showLogout();
125 } else {
126 $content .= $this->showLogin();
127 }
128 }
129
130 // Process the redirect
131 if (($this->logintype === 'login' || $this->logintype === 'logout') && $this->redirectUrl && !$this->noRedirect) {
132 if (!$GLOBALS['TSFE']->fe_user->cookieId) {
133 $content .= $this->cObj->stdWrap($this->pi_getLL('cookie_warning', '', 1), $this->conf['cookieWarning_stdWrap.']);
134 } else {
135 t3lib_utility_Http::redirect($this->redirectUrl);
136 }
137 }
138
139 // Adds hook for processing of extra item markers / special
140 if (isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent']) && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'])) {
141 $_params = array(
142 'content' => $content
143 );
144 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'] as $_funcRef) {
145 $content = t3lib_div::callUserFunction($_funcRef, $_params, $this);
146 }
147 }
148
149 return $this->conf['wrapContentInBaseClass'] ? $this->pi_wrapInBaseClass($content) : $content;
150
151 }
152
153 /**
154 * Shows the forgot password form
155 *
156 * @return string content
157 */
158 protected function showForgot() {
159 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_FORGOT###');
160 $subpartArray = $linkpartArray = array();
161 $postData = t3lib_div::_POST($this->prefixId);
162
163 if ($postData['forgot_email']) {
164
165 // get hashes for compare
166 $postedHash = $postData['forgot_hash'];
167 $hashData = $GLOBALS['TSFE']->fe_user->getKey('ses', 'forgot_hash');
168
169
170 if ($postedHash === $hashData['forgot_hash']) {
171 $row = FALSE;
172
173 // look for user record
174 $data = $GLOBALS['TYPO3_DB']->fullQuoteStr($this->piVars['forgot_email'], 'fe_users');
175 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
176 'uid, username, password, email',
177 'fe_users',
178 '(email=' . $data .' OR username=' . $data . ') AND pid IN ('.$GLOBALS['TYPO3_DB']->cleanIntList($this->spid).') '.$this->cObj->enableFields('fe_users')
179 );
180
181 if ($GLOBALS['TYPO3_DB']->sql_num_rows($res)) {
182 $row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res);
183 }
184
185 if ($row) {
186 // generate an email with the hashed link
187 $error = $this->generateAndSendHash($row);
188 }
189 // generate message
190 if ($error) {
191 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($error, $this->conf['forgotMessage_stdWrap.']);
192 } else {
193 $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($this->pi_getLL('ll_forgot_reset_message_emailSent', '', 1), $this->conf['forgotMessage_stdWrap.']);
194 }
195 $subpartArray['###FORGOT_FORM###'] = '';
196
197
198 } else {
199 //wrong email
200 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
201 $markerArray['###BACKLINK_LOGIN###'] = '';
202 }
203 } else {
204 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
205 $markerArray['###BACKLINK_LOGIN###'] = '';
206 }
207
208 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink($this->pi_getLL('ll_forgot_header_backToLogin', '', 1), array());
209 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('forgot_header', $this->conf['forgotHeader_stdWrap.']);
210
211 $markerArray['###LEGEND###'] = $this->pi_getLL('reset_password', '', 1);
212 $markerArray['###ACTION_URI###'] = $this->getPageLink('', array($this->prefixId . '[forgot]'=>1), true);
213 $markerArray['###EMAIL_LABEL###'] = $this->pi_getLL('your_email', '', 1);
214 $markerArray['###FORGOT_PASSWORD_ENTEREMAIL###'] = $this->pi_getLL('forgot_password_enterEmail', '', 1);
215 $markerArray['###FORGOT_EMAIL###'] = $this->prefixId.'[forgot_email]';
216 $markerArray['###SEND_PASSWORD###'] = $this->pi_getLL('reset_password', '', 1);
217
218 $markerArray['###DATA_LABEL###'] = $this->pi_getLL('ll_enter_your_data', '', 1);
219
220
221
222 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
223
224 // generate hash
225 $hash = md5($this->generatePassword(3));
226 $markerArray['###FORGOTHASH###'] = $hash;
227 // set hash in feuser session
228 $GLOBALS['TSFE']->fe_user->setKey('ses', 'forgot_hash', array('forgot_hash' => $hash));
229
230
231 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
232 }
233
234 /**
235 * This function checks the hash from link and checks the validity. If it's valid it shows the form for
236 * changing the password and process the change of password after submit, if not valid it returns the error message
237 *
238 * @return string The content.
239 */
240 protected function changePassword() {
241
242 $subpartArray = $linkpartArray = array();
243 $done = false;
244
245 $minLength = intval($this->conf['newPasswordMinLength']) ? intval($this->conf['newPasswordMinLength']) : 6;
246
247 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_CHANGEPASSWORD###');
248
249 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('change_password_header', $this->conf['changePasswordHeader_stdWrap.']);
250 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText('change_password_message', $this->conf['changePasswordMessage_stdWrap.']), $minLength);
251
252 $markerArray['###BACKLINK_LOGIN###'] = '';
253 $uid = $this->piVars['user'];
254 $piHash = $this->piVars['forgothash'];
255
256 $hash = explode('|', $piHash);
257 if (intval($uid) == 0) {
258 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('change_password_notvalid_message', $this->conf['changePasswordMessage_stdWrap.']);
259 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
260 } else {
261 $user = $this->pi_getRecord('fe_users', intval($uid));
262 $userHash = $user['felogin_forgotHash'];
263 $compareHash = explode('|', $userHash);
264
265 if (!$compareHash || !$compareHash[1] || $compareHash[0] < time() || $hash[0] != $compareHash[0] || md5($hash[1]) != $compareHash[1]) {
266 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('change_password_notvalid_message',$this->conf['changePasswordMessage_stdWrap.']);
267 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
268 } else {
269 // all is fine, continue with new password
270 $postData = t3lib_div::_POST($this->prefixId);
271
272 if (isset($postData['changepasswordsubmit'])) {
273 if (strlen($postData['password1']) < $minLength) {
274 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText('change_password_tooshort_message', $this->conf['changePasswordMessage_stdWrap.']), $minLength);
275 } elseif ($postData['password1'] != $postData['password2']) {
276 $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText('change_password_notequal_message', $this->conf['changePasswordMessage_stdWrap.']), $minLength);
277 } else {
278 $newPass = $postData['password1'];
279
280 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
281 $_params = array(
282 'user' => $user,
283 'newPassword' => $newPass,
284 );
285 foreach($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
286 if ($_funcRef) {
287 t3lib_div::callUserFunction($_funcRef, $_params, $this);
288 }
289 }
290 $newPass = $_params['newPassword'];
291 }
292
293 // save new password and clear DB-hash
294 $res = $GLOBALS['TYPO3_DB']->exec_UPDATEquery(
295 'fe_users',
296 'uid=' . $user['uid'],
297 array('password' => $newPass, 'felogin_forgotHash' => '')
298 );
299 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('change_password_done_message', $this->conf['changePasswordMessage_stdWrap.']);
300 $done = true;
301 $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
302 $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink($this->pi_getLL('ll_forgot_header_backToLogin', '', 1), array());
303 }
304 }
305
306 if (!$done) {
307 // Change password form
308 $markerArray['###ACTION_URI###'] = $this->pi_getPageLink($GLOBALS['TSFE']->id, '', array(
309 $this->prefixId . '[user]' => $user['uid'],
310 $this->prefixId . '[forgothash]' => $piHash
311 ));
312 $markerArray['###LEGEND###'] = $this->pi_getLL('change_password', '', 1);
313 $markerArray['###NEWPASSWORD1_LABEL###'] = $this->pi_getLL('newpassword_label1', '', 1);
314 $markerArray['###NEWPASSWORD2_LABEL###'] = $this->pi_getLL('newpassword_label2', '', 1);
315 $markerArray['###NEWPASSWORD1###'] = $this->prefixId . '[password1]';
316 $markerArray['###NEWPASSWORD2###'] = $this->prefixId . '[password2]';
317 $markerArray['###STORAGE_PID###'] = $this->spid;
318 $markerArray['###SEND_PASSWORD###'] = $this->pi_getLL('change_password', '', 1);
319 $markerArray['###FORGOTHASH###'] = $piHash;
320 }
321 }
322 }
323
324 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
325 }
326
327 /**
328 * generates a hashed link and send it with email
329 *
330 * @param array $user contains user data
331 * @return string Empty string with success, error message with no success
332 */
333 protected function generateAndSendHash($user) {
334 $hours = intval($this->conf['forgotLinkHashValidTime']) > 0 ? intval($this->conf['forgotLinkHashValidTime']) : 24;
335 $validEnd = time() + 3600 * $hours;
336 $validEndString = date($this->conf['dateFormat'], $validEnd);
337
338 $hash = md5(rand());
339 $randHash = $validEnd . '|' . $hash;
340 $randHashDB = $validEnd . '|' . md5($hash);
341
342 //write hash to DB
343 $res = $GLOBALS['TYPO3_DB']->exec_UPDATEquery('fe_users', 'uid=' . $user['uid'], array('felogin_forgotHash' => $randHashDB));
344
345 // send hashlink to user
346 $this->conf['linkPrefix'] = -1;
347 $isAbsRelPrefix = !empty($GLOBALS['TSFE']->absRefPrefix);
348 $isBaseURL = !empty($GLOBALS['TSFE']->baseUrl);
349 $isFeloginBaseURL = !empty($this->conf['feloginBaseURL']);
350
351 if ($isFeloginBaseURL) {
352 // first priority
353 $this->conf['linkPrefix'] = $this->conf['feloginBaseURL'];
354 } else {
355 if ($isBaseURL) {
356 // 3rd priority
357 $this->conf['linkPrefix'] = $GLOBALS['TSFE']->baseUrl;
358 }
359 }
360
361 if ($this->conf['linkPrefix'] == -1 && !$isAbsRelPrefix) {
362 // no preix is set, return the error
363 return $this->pi_getLL('ll_change_password_nolinkprefix_message');
364 }
365
366 $link = ($isAbsRelPrefix ? '' : $this->conf['linkPrefix']) . $this->pi_getPageLink($GLOBALS['TSFE']->id, '', array(
367 $this->prefixId . '[user]' => $user['uid'],
368 $this->prefixId . '[forgothash]' => $randHash
369 ));
370
371 $msg = sprintf($this->pi_getLL('ll_forgot_validate_reset_password', '', 0), $user['username'], $link, $validEndString);
372
373 // no RDCT - Links for security reasons
374 $oldSetting = $GLOBALS['TSFE']->config['config']['notification_email_urlmode'];
375 $GLOBALS['TSFE']->config['config']['notification_email_urlmode'] = 0;
376 // send the email
377 $this->cObj->sendNotifyEmail($msg, $user['email'], '', $this->conf['email_from'], $this->conf['email_fromName'], $this->conf['replyTo']);
378 // restore settings
379 $GLOBALS['TSFE']->config['config']['notification_email_urlmode'] = $oldSetting;
380
381 return '';
382 }
383
384 /**
385 * Shows logout form
386 *
387 * @return string The content.
388 */
389 protected function showLogout() {
390 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGOUT###');
391 $subpartArray = $linkpartArray = array();
392
393 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('status_header',$this->conf['logoutHeader_stdWrap.']);
394 $markerArray['###STATUS_MESSAGE###']=$this->getDisplayText('status_message',$this->conf['logoutMessage_stdWrap.']);$this->cObj->stdWrap($this->flexFormValue('message','s_status'),$this->conf['logoutMessage_stdWrap.']);
395
396 $markerArray['###LEGEND###'] = $this->pi_getLL('logout', '', 1);
397 $markerArray['###ACTION_URI###'] = $this->getPageLink('',array(),true);
398 $markerArray['###LOGOUT_LABEL###'] = $this->pi_getLL('logout', '', 1);
399 $markerArray['###NAME###'] = htmlspecialchars($GLOBALS['TSFE']->fe_user->user['name']);
400 $markerArray['###STORAGE_PID###'] = $this->spid;
401 $markerArray['###USERNAME###'] = htmlspecialchars($GLOBALS['TSFE']->fe_user->user['username']);
402 $markerArray['###USERNAME_LABEL###'] = $this->pi_getLL('username', '', 1);
403 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
404 $markerArray['###PREFIXID###'] = $this->prefixId;
405 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
406
407 if ($this->redirectUrl) {
408 // use redirectUrl for action tag because of possible access restricted pages
409 $markerArray['###ACTION_URI###'] = htmlspecialchars($this->redirectUrl);
410 $this->redirectUrl = '';
411 }
412 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
413 }
414
415 /**
416 * Shows login form
417 *
418 * @return string content
419 */
420 protected function showLogin() {
421 $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGIN###');
422 $subpartArray = $linkpartArray = array();
423
424 $gpRedirectUrl = '';
425
426 $markerArray['###LEGEND###'] = $this->pi_getLL('oLabel_header_welcome', '', 1);
427
428 if($this->logintype === 'login') {
429 if($this->userIsLoggedIn) {
430 // login success
431 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('success_header',$this->conf['successHeader_stdWrap.']);
432 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('success_message', $this->conf['successMessage_stdWrap.']);
433 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
434 $subpartArray['###LOGIN_FORM###'] = '';
435
436 // Hook for general actions after after login has been confirmed (by Thomas Danzl <thomas@danzl.org>)
437 if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed']) {
438 $_params = array();
439 foreach($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed'] as $_funcRef) {
440 if ($_funcRef) {
441 t3lib_div::callUserFunction($_funcRef, $_params, $this);
442 }
443 }
444 }
445
446 } else {
447 // login error
448 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('error_header',$this->conf['errorHeader_stdWrap.']);
449 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('error_message',$this->conf['errorMessage_stdWrap.']);
450 $gpRedirectUrl = t3lib_div::_GP('redirect_url');
451 }
452 } else {
453 if($this->logintype === 'logout') {
454 // login form after logout
455 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('logout_header',$this->conf['welcomeHeader_stdWrap.']);
456 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('logout_message',$this->conf['welcomeMessage_stdWrap.']);
457 } else {
458 // login form
459 $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('welcome_header',$this->conf['welcomeHeader_stdWrap.']);
460 $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('welcome_message',$this->conf['welcomeMessage_stdWrap.']);
461 }
462 }
463
464
465 // Hook (used by kb_md5fepw extension by Kraft Bernhard <kraftb@gmx.net>)
466 // This hook allows to call User JS functions.
467 // The methods should also set the required JS functions to get included
468 $onSubmit = '';
469 $extraHidden = '';
470 $onSubmitAr = array();
471 $extraHiddenAr = array();
472
473 // check for referer redirect method. if present, save referer in form field
474 if (t3lib_div::inList($this->conf['redirectMode'], 'referer') || t3lib_div::inList($this->conf['redirectMode'], 'refererDomains')) {
475 $referer = $this->referer ? $this->referer : t3lib_div::getIndpEnv('HTTP_REFERER');
476 if ($referer) {
477 $extraHiddenAr[] = '<input type="hidden" name="referer" value="' . htmlspecialchars($referer) . '" />';
478 }
479 }
480
481 if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'])) {
482 $_params = array();
483 foreach($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] as $funcRef) {
484 list($onSub, $hid) = t3lib_div::callUserFunction($funcRef, $_params, $this);
485 $onSubmitAr[] = $onSub;
486 $extraHiddenAr[] = $hid;
487 }
488 }
489 if (count($onSubmitAr)) {
490 $onSubmit = implode('; ', $onSubmitAr).'; return true;';
491 }
492 if (count($extraHiddenAr)) {
493 $extraHidden = implode(LF, $extraHiddenAr);
494 }
495
496 if (!$gpRedirectUrl && $this->redirectUrl) {
497 $gpRedirectUrl = $this->redirectUrl;
498 }
499
500 // Login form
501 $markerArray['###ACTION_URI###'] = $this->getPageLink('',array(),true);
502 $markerArray['###EXTRA_HIDDEN###'] = $extraHidden; // used by kb_md5fepw extension...
503 $markerArray['###LEGEND###'] = $this->pi_getLL('login', '', 1);
504 $markerArray['###LOGIN_LABEL###'] = $this->pi_getLL('login', '', 1);
505 $markerArray['###ON_SUBMIT###'] = $onSubmit; // used by kb_md5fepw extension...
506 $markerArray['###PASSWORD_LABEL###'] = $this->pi_getLL('password', '', 1);
507 $markerArray['###STORAGE_PID###'] = $this->spid;
508 $markerArray['###USERNAME_LABEL###'] = $this->pi_getLL('username', '', 1);
509 $markerArray['###REDIRECT_URL###'] = htmlspecialchars($gpRedirectUrl);
510 $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
511 $markerArray['###PREFIXID###'] = $this->prefixId;
512 $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
513
514 if ($this->flexFormValue('showForgotPassword','sDEF') || $this->conf['showForgotPasswordLink']) {
515 $linkpartArray['###FORGOT_PASSWORD_LINK###'] = explode('|',$this->getPageLink('|',array($this->prefixId.'[forgot]'=>1)));
516 $markerArray['###FORGOT_PASSWORD###'] = $this->pi_getLL('ll_forgot_header', '', 1);
517 } else {
518 $subpartArray['###FORGOTP_VALID###'] = '';
519 }
520
521
522 // Permanent Login is only possible if permalogin is not deactivated (-1) and lifetime is greater than 0
523 if ($this->conf['showPermaLogin'] && t3lib_div::inList('0,1,2', $GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin']) && $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'] > 0) {
524 $markerArray['###PERMALOGIN###'] = $this->pi_getLL('permalogin', '', 1);
525 if($GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'] == 1) {
526 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = 'disabled="disabled"';
527 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = 'checked="checked"';
528 } else {
529 $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = '';
530 $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = '';
531 }
532 } else {
533 $subpartArray['###PERMALOGIN_VALID###'] = '';
534 }
535 return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
536 }
537
538 /**
539 * Process redirect methods. The function searches for a redirect url using all configured methods.
540 *
541 * @return string redirect url
542 */
543 protected function processRedirect() {
544 $redirect_url = array();
545 if ($this->conf['redirectMode']) {
546 $redirectMethods = t3lib_div::trimExplode(',', $this->conf['redirectMode'], TRUE);
547 foreach ($redirectMethods as $redirMethod) {
548 if ($GLOBALS['TSFE']->loginUser && $this->logintype === 'login') {
549 // logintype is needed because the login-page wouldn't be accessible anymore after a login (would always redirect)
550 switch ($redirMethod) {
551 case 'groupLogin': // taken from dkd_redirect_at_login written by Ingmar Schlecht; database-field changed
552 $groupData = $GLOBALS['TSFE']->fe_user->groupData;
553 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
554 'felogin_redirectPid',
555 $GLOBALS['TSFE']->fe_user->usergroup_table,
556 'felogin_redirectPid!="" AND uid IN (' . implode(',', $groupData['uid']) . ')'
557 );
558 if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_row($res)) {
559 $redirect_url[] = $this->pi_getPageLink($row[0]); // take the first group with a redirect page
560 }
561 break;
562 case 'userLogin':
563 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
564 'felogin_redirectPid',
565 $GLOBALS['TSFE']->fe_user->user_table,
566 $GLOBALS['TSFE']->fe_user->userid_column . '=' . $GLOBALS['TSFE']->fe_user->user['uid'] . ' AND felogin_redirectPid!=""'
567 );
568 if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_row($res)) {
569 $redirect_url[] = $this->pi_getPageLink($row[0]);
570 }
571 break;
572 case 'login':
573 if ($this->conf['redirectPageLogin']) {
574 $redirect_url[] = $this->pi_getPageLink(intval($this->conf['redirectPageLogin']));
575 }
576 break;
577 case 'getpost':
578 $redirect_url[] = $this->redirectUrl;
579 break;
580 case 'referer':
581 // avoid forced logout, when trying to login immediatly after a logout
582 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $this->referer);
583 break;
584 case 'refererDomains':
585 // Auto redirect.
586 // Feature to redirect to the page where the user came from (HTTP_REFERER).
587 // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
588 // Thanks to plan2.net / Martin Kutschker for implementing this feature.
589 if ($this->conf['domains']) {
590 $url = $this->referer;
591 // is referring url allowed to redirect?
592 $match = array();
593 if (preg_match('/^http://([[:alnum:]._-]+)//', $url, $match)) {
594 $redirect_domain = $match[1];
595 $found = false;
596 foreach(split(',', $this->conf['domains']) as $d) {
597 if (preg_match('/(^|\.)/'.$d.'$', $redirect_domain)) {
598 $found = true;
599 break;
600 }
601 }
602 if (!$found) {
603 $url = '';
604 }
605 }
606
607 // Avoid forced logout, when trying to login immediatly after a logout
608 if ($url) {
609 $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url);
610 }
611 }
612 break;
613 }
614 } else if ($this->logintype === 'login') { // after login-error
615 switch ($redirMethod) {
616 case 'loginError':
617 if ($this->conf['redirectPageLoginError']) {
618 $redirect_url[] = $this->pi_getPageLink(intval($this->conf['redirectPageLoginError']));
619 }
620 break;
621 }
622 } elseif (($this->logintype == '') && ($redirMethod == 'login') && $this->conf['redirectPageLogin']) {
623 // if login and page not accessible
624 $this->cObj->typolink('', array(
625 'parameter' => $this->conf['redirectPageLogin'],
626 'linkAccessRestrictedPages' => TRUE,
627 ));
628 $redirect_url[] = $this->cObj->lastTypoLinkUrl;
629
630 } elseif (($this->logintype == '') && ($redirMethod == 'logout') && $this->conf['redirectPageLogout'] && $GLOBALS['TSFE']->loginUser) {
631 // if logout and page not accessible
632 $redirect_url[] = $this->pi_getPageLink(intval($this->conf['redirectPageLogout']));
633
634 } elseif ($this->logintype === 'logout') { // after logout
635
636 // Hook for general actions after after logout has been confirmed
637 if ($this->logintype === 'logout' && $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed']) {
638 $_params = array();
639 foreach($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed'] as $_funcRef) {
640 if ($_funcRef) {
641 t3lib_div::callUserFunction($_funcRef, $_params, $this);
642 }
643 }
644 }
645
646 switch ($redirMethod) {
647 case 'logout':
648 if ($this->conf['redirectPageLogout']) {
649 $redirect_url[] = $this->pi_getPageLink(intval($this->conf['redirectPageLogout']));
650 }
651 break;
652 }
653 } else { // not logged in
654 // Placeholder for maybe future options
655 switch ($redirMethod) {
656 case 'getpost':
657 // preserve the get/post value
658 $redirect_url[] = $this->redirectUrl;
659 break;
660 }
661 }
662
663 }
664 }
665 // remove empty values
666 if (count($redirect_url)) {
667 return t3lib_div::trimExplode(',', implode(',', $redirect_url), TRUE);
668 } else {
669 return array();
670 }
671 }
672
673 /**
674 * Reads flexform configuration and merge it with $this->conf
675 *
676 * @return void
677 */
678 protected function mergeflexFormValuesIntoConf() {
679 $flex = array();
680 if ($this->flexFormValue('showForgotPassword', 'sDEF')) {
681 $flex['showForgotPassword'] = $this->flexFormValue('showForgotPassword','sDEF');
682 }
683
684 if ($this->flexFormValue('showPermaLogin', 'sDEF')) {
685 $flex['showPermaLogin'] = $this->flexFormValue('showPermaLogin', 'sDEF');
686 }
687
688 if ($this->flexFormValue('pages', 'sDEF')) {
689 $flex['pages'] = $this->flexFormValue('pages', 'sDEF');
690 }
691
692 if ($this->flexFormValue('recursive', 'sDEF')) {
693 $flex['recursive'] = $this->flexFormValue('recursive', 'sDEF');
694 }
695
696 if ($this->flexFormValue('templateFile', 'sDEF')) {
697 $flex['templateFile'] = $this->uploadDir . $this->flexFormValue('templateFile', 'sDEF');
698 }
699
700 if ($this->flexFormValue('redirectMode', 's_redirect')) {
701 $flex['redirectMode'] = $this->flexFormValue('redirectMode', 's_redirect');
702 }
703
704 if ($this->flexFormValue('redirectFirstMethod', 's_redirect')) {
705 $flex['redirectFirstMethod'] = $this->flexFormValue('redirectFirstMethod', 's_redirect');
706 }
707
708 if ($this->flexFormValue('redirectDisable', 's_redirect')) {
709 $flex['redirectDisable'] = $this->flexFormValue('redirectDisable', 's_redirect');
710 }
711
712 if ($this->flexFormValue('redirectPageLogin', 's_redirect')) {
713 $flex['redirectPageLogin'] = $this->flexFormValue('redirectPageLogin', 's_redirect');
714 }
715
716 if ($this->flexFormValue('redirectPageLoginError', 's_redirect')) {
717 $flex['redirectPageLoginError'] = $this->flexFormValue('redirectPageLoginError','s_redirect');
718 }
719
720 if ($this->flexFormValue('redirectPageLogout', 's_redirect')) {
721 $flex['redirectPageLogout'] = $this->flexFormValue('redirectPageLogout', 's_redirect');
722 }
723
724 $pid = $flex['pages'] ? $this->pi_getPidList($flex['pages'], $flex['recursive']) : 0;
725 if ($pid > 0) {
726 $flex['storagePid'] = $pid;
727 }
728
729 $this->conf = array_merge($this->conf, $flex);
730 }
731
732 /**
733 * Loads a variable from the flexform
734 *
735 * @param string name of variable
736 * @param string name of sheet
737 * @return string value of var
738 */
739 protected function flexFormValue($var, $sheet) {
740 return $this->pi_getFFvalue($this->cObj->data['pi_flexform'], $var,$sheet);
741 }
742
743 /**
744 * Generate link with typolink function
745 *
746 * @param string linktext
747 * @param array link vars
748 * @param boolean true: returns only url false (default) returns the link)
749 *
750 * @return string link or url
751 */
752 protected function getPageLink($label, $piVars,$returnUrl = false) {
753 $additionalParams = '';
754
755 if (count($piVars)) {
756 foreach($piVars as $key=>$val) {
757 $additionalParams .= '&' . $key . '=' . $val;
758 }
759 }
760 // should GETvars be preserved?
761 if ($this->conf['preserveGETvars']) {
762 $additionalParams .= $this->getPreserveGetVars();
763 }
764
765 $this->conf['linkConfig.']['parameter'] = $GLOBALS['TSFE']->id;
766 if ($additionalParams) {
767 $this->conf['linkConfig.']['additionalParams'] = $additionalParams;
768 }
769
770 if ($returnUrl) {
771 return htmlspecialchars($this->cObj->typolink_url($this->conf['linkConfig.']));
772 } else {
773 return $this->cObj->typolink($label,$this->conf['linkConfig.']);
774 }
775 }
776
777 /**
778 * Is used by TS-setting preserveGETvars
779 * possible values are "all" or a commaseperated list of GET-vars
780 * they are used as additionalParams for link generation
781 *
782 * @return string additionalParams-string
783 */
784 protected function getPreserveGetVars() {
785
786 $params = '';
787 $preserveVars =! ($this->conf['preserveGETvars'] || $this->conf['preserveGETvars']=='all' ? array() : implode(',', (array)$this->conf['preserveGETvars']));
788 $getVars = t3lib_div::_GET();
789
790 foreach ($getVars as $key => $val) {
791 if (stristr($key,$this->prefixId) === false) {
792 if (is_array($val)) {
793 foreach ($val as $key1 => $val1) {
794 if ($this->conf['preserveGETvars'] == 'all' || in_array($key . '[' . $key1 .']', $preserveVars)) {
795 $params .= '&' . $key . '[' . $key1 . ']=' . $val1;
796 }
797 }
798 } else {
799 if (!in_array($key, array('id','no_cache','logintype','redirect_url','cHash'))) {
800 $params .= '&' . $key . '=' . $val;
801 }
802 }
803 }
804 }
805 return $params;
806 }
807
808 /**
809 * Is used by forgot password - function with md5 option.
810 *
811 * @author Bernhard Kraft
812 *
813 * @param int length of new password
814 * @return string new password
815 */
816 protected function generatePassword($len) {
817 $pass = '';
818 while ($len--) {
819 $char = rand(0,35);
820 if ($char < 10) {
821 $pass .= '' . $char;
822 } else {
823 $pass .= chr($char - 10 + 97);
824 }
825 }
826 return $pass;
827 }
828
829 /**
830 * Returns the header / message value from flexform if present, else from locallang.xml
831 *
832 * @param string label name
833 * @param string TS stdWrap array
834 * @return string label text
835 */
836 protected function getDisplayText($label, $stdWrapArray=array()) {
837 $text = $this->flexFormValue($label, 's_messages') ? $this->cObj->stdWrap($this->flexFormValue($label, 's_messages'), $stdWrapArray) : $this->cObj->stdWrap($this->pi_getLL('ll_'.$label, '', 1), $stdWrapArray);
838 $replace = $this->getUserFieldMarkers();
839 return strtr($text, $replace);
840 }
841
842 /**
843 * Returns Array of markers filled with user fields
844 *
845 * @return array marker array
846 */
847 protected function getUserFieldMarkers() {
848 $marker = array();
849 // replace markers with fe_user data
850 if ($GLOBALS['TSFE']->fe_user->user) {
851 // all fields of fe_user will be replaced, scheme is ###FEUSER_FIELDNAME###
852 foreach ($GLOBALS['TSFE']->fe_user->user as $field => $value) {
853 $marker['###FEUSER_' . t3lib_div::strtoupper($field) . '###'] = $this->cObj->stdWrap($value, $this->conf['userfields.'][$field . '.']);
854 }
855 // add ###USER### for compatibility
856 $marker['###USER###'] = $marker['###FEUSER_USERNAME###'];
857 }
858 return $marker;
859 }
860 }
861
862
863
864 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/felogin/pi1/class.tx_felogin_pi1.php']) {
865 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/felogin/pi1/class.tx_felogin_pi1.php']);
866 }
867
868 ?>