Fixed bug #12872: Use "strong" instead of "b": typo3/sysext/
[Packages/TYPO3.CMS.git] / typo3 / sysext / saltedpasswords / classes / class.tx_saltedpasswords_emconfhelper.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) Steffen Ritter (info@rs-websystems.de)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 // Make sure that we are executed only in TYPO3 context
28 if (!defined ('TYPO3_MODE')) die ('Access denied.');
29
30
31 /**
32 * class providing configuration checks for saltedpasswords.
33 *
34 * @author Steffen Ritter <info@rs-websystems.de>
35 *
36 * @since 2009-09-04
37 * @package TYPO3
38 * @subpackage tx_saltedpasswords
39 */
40 class tx_saltedpasswords_emconfhelper {
41 /**
42 * @var integer
43 */
44 protected $errorType = t3lib_FlashMessage::OK;
45
46 /**
47 * @var string
48 */
49 protected $header;
50
51 /**
52 * @var string
53 */
54 protected $preText;
55
56 /*
57 * @var array
58 */
59 protected $problems = array();
60
61 /**
62 * Set the error level if no higher level
63 * is set already
64 *
65 * @param string $level: one out of error, ok, warning, info
66 * @return void
67 */
68 private function setErrorLevel($level) {
69
70 switch ($level) {
71 case 'error':
72 $this->errorType = t3lib_FlashMessage::ERROR;
73 $this->header = 'Errors found in your configuration';
74 $this->preText = 'SaltedPasswords will not work until these problems have been resolved:<br />';
75 break;
76 case 'warning':
77 if ($this->errorType < t3lib_FlashMessage::ERROR) {
78 $this->errorType = t3lib_FlashMessage::WARNING;
79 $this->header = 'Warnings about your configuration';
80 $this->preText = 'SaltedPasswords might behave different than expectated:<br />';
81 }
82 break;
83 case 'info':
84 if ($this->errorType < t3lib_FlashMessage::WARNING) {
85 $this->errorType = t3lib_FlashMessage::INFO;
86 $this->header = 'Additional information';
87 $this->preText = '<br />';
88 }
89 break;
90 case 'ok':
91 // TODO: Remove INFO condition as it has lower importance
92 if ($this->errorType < t3lib_FlashMessage::WARNING && $this->errorType != t3lib_FlashMessage::INFO) {
93 $this->errorType = t3lib_FlashMessage::OK;
94 $this->header = 'No errors were found';
95 $this->preText = 'SaltedPasswords has been configured correctly and works as expected.<br />';
96 }
97 break;
98 }
99 }
100
101 /**
102 * Renders the flash messages if problems have been found.
103 *
104 * @return string The flash message as HTML.
105 */
106 private function renderFlashMessage() {
107 $message = '';
108 // if there are problems, render them into an unordered list
109 if (count($this->problems) > 0) {
110 $message = <<< EOT
111 <ul>
112 <li>###PROBLEMS###</li>
113 </ul>
114 EOT;
115 $message = str_replace('###PROBLEMS###', implode('<br />&nbsp;</li><li>', $this->problems), $message);
116
117 if ($this->errorType > t3lib_FlashMessage::OK) {
118 $message .= <<< EOT
119 <br />
120 Note, that a wrong configuration might have impact on the security of
121 your TYPO3 installation and the usability of the backend.
122 EOT;
123 }
124 }
125
126 if (empty($message)) {
127 $this->setErrorLevel('ok');
128 }
129
130 $message = $this->preText . $message;
131 $flashMessage = t3lib_div::makeInstance('t3lib_FlashMessage', $message, $this->header, $this->errorType);
132
133 return $flashMessage->render();
134 }
135
136 /**
137 * Initializes this object.
138 *
139 * @return void
140 */
141 private function init() {
142 $requestSetup = $this->processPostData((array)$_REQUEST['data']);
143 $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords']);
144 $this->extConf['BE'] = array_merge((array)$extConf['BE.'], (array)$requestSetup['BE.']);
145 $this->extConf['FE'] = array_merge((array)$extConf['FE.'], (array)$requestSetup['FE.']);
146 $GLOBALS['LANG']->includeLLFile('EXT:saltedpasswords/locallang.xml');
147 }
148
149 /**
150 * Checks the backend configuration and shows a message if necessary.
151 *
152 * @param array $params: Field information to be rendered
153 * @param t3lib_tsStyleConfig $pObj: The calling parent object.
154 * @return string Messages as HTML if something needs to be reported
155 */
156 public function checkConfigurationBackend(array $params, t3lib_tsStyleConfig $pObj) {
157 $this->init();
158 $extConf = $this->extConf['BE'];
159
160 // the backend is called over SSL
161 $SSL = (($GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] > 0 ? TRUE : FALSE) && ($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'] != 'superchallenged'));
162 // rsaAuth is loaded/active
163 $RSAauth = (t3lib_extMgm::isLoaded('rsaauth') && ($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'] == 'rsa'));
164
165 if ($extConf['enabled']) {
166 // SSL configured?
167 if ($SSL) {
168 $this->setErrorLevel('ok');
169 $problems[] = 'The backend is configured to use SaltedPasswords over SSL.';
170 } elseif ($RSAauth) {
171 $this->setErrorLevel('ok');
172 $problems[] = 'The backend is configured to use SaltedPasswords with RSA authentification.';
173 } else {
174 $this->setErrorLevel('error');
175 $problems[] = <<< EOT
176 Backend requirements for SaltedPasswords are not met, therefore the
177 authentication will not work even if it was explicitely enabled for backend
178 usage:<br />
179 <ul>
180 <li>Install the "rsaauth" extension and use the Install Tool to set the
181 Login Security Level for the backend to "rsa"
182 (\$TYPO3_CONF_VARS['BE']['loginSecurityLevel'])</li>
183
184 <li>If you have the option to use SSL, you can also configure your
185 backend for SSL usage:<br />
186 Use the Install Tool to set the Security-Level for the backend
187 to "normal" (\$TYPO3_CONF_VARS['BE']['loginSecurityLevel']) and
188 the SSL-locking option to a value greater than "0"
189 (see description - \$TYPO3_CONF_VARS['BE']['lockSSL'])</li>
190 </ul>
191 <br />
192 It is also possible to use "lockSSL" and "rsa" Login Security Level at the same
193 time.
194 EOT;
195 }
196
197 // only saltedpasswords as authsservice
198 if ($extConf['onlyAuthService']) {
199 // warn user taht the combination with "forceSalted" may lock him out from Backend
200 if ($extConf['forceSalted']) {
201 $this->setErrorLevel('warning');
202 $problems[] = <<< EOT
203 SaltedPasswords has been configured to be the only authentication service for
204 the backend. Additionally, usage of salted passwords is enforced (forceSalted).
205 The result is that there is no chance to login with users not having a salted
206 password hash.<br />
207 <strong><i>WARNING:</i></strong> This may lock you out of the backend!
208 EOT;
209 } else {
210 // inform the user that things like openid won't work anymore
211 $this->setErrorLevel('info');
212 $problems[] = <<< EOT
213 SaltedPasswords has been configured to be the only authentication service for
214 the backend. This means that other services like "ipauth", "openid", etc. will
215 be ignored (except "rsauth", which is implicitely used).
216 EOT;
217 }
218 }
219 // forceSalted is set
220 if ($extConf['forceSalted'] && !$extConf['onlyAuthService']) {
221 $this->setErrorLevel('warning');
222 $problems[] = <<< EOT
223 SaltedPasswords has been configured to enforce salted passwords (forceSalted).
224 <br />
225 This means that only passwords in the format of this extension will succeed for
226 login.<br />
227 <strong><i>IMPORTANT:</i></strong> This has the effect that passwords that are set from
228 the Install Tool will not work!
229 EOT;
230 }
231 // updatePasswd wont work with "forceSalted"
232 if ($extConf['updatePasswd'] && $extConf['forceSalted']) {
233 $this->setErrorLevel('error');
234 $problems[] = <<< EOT
235 SaltedPasswords is configured wrong and will not work as expected:<br />
236 It is not possible to set "updatePasswd" and "forceSalted" at the same time.
237 Please disable either one of them.
238 EOT;
239 }
240 // check if the configured hash-method is available on system
241 if (!$instance = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL,'BE') || !$instance->isAvailable()) {
242 $this->setErrorLevel('error');
243 $problems[] = <<< EOT
244 The selected method for hashing your salted passwords is not available on this
245 system! Please check your configuration.
246 EOT;
247 }
248
249 } else {
250 // not enabled warning
251 $this->setErrorLevel('info');
252 $problems[] = 'SaltedPasswords has been disabled for backend users.';
253 }
254
255 $this->problems = $problems;
256
257 return $this->renderFlashMessage();
258 }
259
260 /**
261 * Checks the frontend configuration and shows a message if necessary.
262 *
263 * @param array $params: Field information to be rendered
264 * @param t3lib_tsStyleConfig $pObj: The calling parent object.
265 * @return string Messages as HTML if something needs to be reported
266 */
267 public function checkConfigurationFrontend(array $params, t3lib_tsStyleConfig $pObj) {
268 $this->init();
269 $extConf = $this->extConf['FE'];
270
271 if ($extConf['enabled']) {
272 // inform the user if securityLevel in FE is superchallenged or blank --> extension won't work
273 if (!t3lib_div::inList('normal,rsa', $GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel'])) {
274 $this->setErrorLevel('info');
275 $problems[] = <<< EOT
276 <strong>IMPORTANT:</strong><br />
277 Frontend requirements for SaltedPasswords are not met, therefore the
278 authentication will not work even if it was explicitely enabled for frontend
279 usage:<br />
280 <ul>
281 <li>Install the "rsaauth" extension and use the Install Tool to set the
282 Login Security Level for the frontend to "rsa"
283 (\$TYPO3_CONF_VARS['FE']['loginSecurityLevel'])</li>
284
285 <li>Alternatively, use the Install Tool to set the Login Security Level
286 for the frontend to "normal"
287 (\$TYPO3_CONF_VARS['FE']['loginSecurityLevel'])</li>
288 </ul>
289 <br />
290 Make sure that the Login Security Level is not set to "" or "superchallenged"!
291 EOT;
292 }
293 // only saltedpasswords as authsservice
294 if ($extConf['onlyAuthService']) {
295 // warn user taht the combination with "forceSalted" may lock him out from frontend
296 if ($extConf['forceSalted']) {
297 $this->setErrorLevel('warning');
298 $problems[] = <<< EOT
299 SaltedPasswords has been configured to enforce salted passwords (forceSalted).
300 <br />
301 This means that only passwords in the format of this extension will succeed for
302 login.<br />
303 <strong><i>IMPORTANT:</i></strong> Because of this, it is not possible to login with
304 users not having a salted password hash (e.g. existing frontend users).
305 EOT;
306 } else {
307 // inform the user that things like openid won't work anymore
308 $this->setErrorLevel('info');
309 $problems[] = <<< EOT
310 SaltedPasswords has been configured to be the only authentication service for
311 frontend logins. This means that other services like "ipauth", "openid", etc.
312 will be ignored.
313 EOT;
314 }
315 }
316 // forceSalted is set
317 if ($extConf['forceSalted'] && !$extConf['onlyAuthService']) {
318 $this->setErrorLevel('warning');
319 $problems[] = <<< EOT
320 SaltedPasswords has been configured to enforce salted passwords (forceSalted).
321 <br />
322 This means that only passwords in the format of this extension will succeed for
323 login.<br />
324 <strong><i>IMPORTANT:</i></strong> This has the effect that passwords that were set
325 before SaltedPasswords was used will not work (in fact, they need to be
326 redefined).
327 EOT;
328 }
329 // updatePasswd wont work with "forceSalted"
330 if ($extConf['updatePasswd'] && $extConf['forceSalted']) {
331 $this->setErrorLevel('error');
332 $problems[] = <<< EOT
333 SaltedPasswords is configured wrong and will not work as expected:<br />
334 It is not possible to set "updatePasswd" and "forceSalted" at the same time.
335 Please disable either one of them.
336 EOT;
337 }
338
339 } else {
340 // not enabled warning
341 $this->setErrorLevel('info');
342 $problems[] = 'SaltedPasswords has been disabled for frontend users.';
343 }
344
345 $this->problems = $problems;
346
347 return $this->renderFlashMessage();
348 }
349
350 /**
351 * Renders a selector element that allows to select the hash method to be used.
352 *
353 * @param array $params: Field information to be rendered
354 * @param t3lib_tsStyleConfig $pObj: The calling parent object.
355 * @param string $disposal: The configuration disposal ('FE' or 'BE')
356 * @return string The HTML selector
357 */
358 protected function buildHashMethodSelector(array $params, t3lib_tsStyleConfig $pObj, $disposal) {
359 $this->init();
360 $fieldName = substr($params['fieldName'], 5, -1);
361 $unknownVariablePleaseRenameMe = '\'' . substr(md5($fieldName), 0, 10) . '\'';
362
363 $p_field = '';
364
365 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'] as $class => $reference) {
366 $classInstance = t3lib_div::getUserObj($reference, 'tx_');
367
368 if ($classInstance instanceof tx_saltedpasswords_salts && $classInstance->isAvailable()) {
369 $sel = ($this->extConf[$disposal]['saltedPWHashingMethod'] == $class) ? ' selected="selected" ' : '';
370 $label = 'ext.saltedpasswords.title.' . $class;
371 $p_field .= '<option value="' . htmlspecialchars($class) . '"' . $sel . '>' . $GLOBALS['LANG']->getLL($label) . '</option>';
372 }
373 }
374
375 $p_field = '<select id="' . $fieldName . '" name="' . $params['fieldName'] . '" onChange="uFormUrl(' . $unknownVariablePleaseRenameMe . ')">' . $p_field . '</select>';
376
377 return $p_field;
378 }
379
380 /**
381 * Renders a selector element that allows to select the hash method to be used (frontend disposal).
382 *
383 * @param array $params: Field information to be rendered
384 * @param t3lib_tsStyleConfig $pObj: The calling parent object.
385 * @return string The HTML selector
386 */
387 public function buildHashMethodSelectorFE(array $params, t3lib_tsStyleConfig $pObj) {
388 return $this->buildHashMethodSelector($params, $pObj, 'FE');
389 }
390
391 /**
392 * Renders a selector element that allows to select the hash method to be used (backend disposal)
393 *
394 * @param array $params: Field information to be rendered
395 * @param t3lib_tsStyleConfig $pObj: The calling parent object.
396 * @return string The HTML selector
397 */
398 public function buildHashMethodSelectorBE(array $params, t3lib_tsStyleConfig $pObj) {
399 return $this->buildHashMethodSelector($params, $pObj, 'BE');
400 }
401
402 /**
403 * Processes the information submitted by the user using a POST request and
404 * transforms it to a TypoScript node notation.
405 *
406 * @param array $postArray: Incoming POST information
407 * @return array Processed and transformed POST information
408 */
409 private function processPostData(array $postArray = array()) {
410 foreach ($postArray as $key => $value) {
411 // TODO: Explain
412 $parts = explode('.', $key, 2);
413
414 if (count($parts)==2) {
415 // TODO: Explain
416 $value = $this->processPostData(array($parts[1] => $value));
417 $postArray[$parts[0].'.'] = array_merge((array)$postArray[$parts[0].'.'], $value);
418 } else {
419 // TODO: Explain
420 $postArray[$parts[0]] = $value;
421 }
422 }
423
424 return $postArray;
425 }
426
427 }
428
429 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/saltedpasswords/classes/class.tx_saltedpasswords_emconfhelper.php']) {
430 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/saltedpasswords/classes/class.tx_saltedpasswords_emconfhelper.php']);
431 }
432 ?>