[FEATURE] Introduce AvatarProvider
[Packages/TYPO3.CMS.git] / typo3 / sysext / setup / Classes / Controller / SetupModuleController.php
1 <?php
2 namespace TYPO3\CMS\Setup\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Backend\Backend\Avatar\ImageProvider;
18 use TYPO3\CMS\Backend\Utility\BackendUtility;
19 use TYPO3\CMS\Backend\Utility\IconUtility;
20 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
21 use TYPO3\CMS\Core\Database\DatabaseConnection;
22 use TYPO3\CMS\Core\DataHandling\DataHandler;
23 use TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
24 use TYPO3\CMS\Core\Messaging\FlashMessage;
25 use TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException;
26 use TYPO3\CMS\Core\Resource\ResourceFactory;
27 use TYPO3\CMS\Core\Utility\GeneralUtility;
28
29 /**
30 * Script class for the Setup module
31 */
32 class SetupModuleController {
33
34 const PASSWORD_NOT_UPDATED = 0;
35 const PASSWORD_UPDATED = 1;
36 const PASSWORD_NOT_THE_SAME = 2;
37 const PASSWORD_OLD_WRONG = 3;
38
39 /**
40 * @var array
41 */
42 public $MOD_MENU = array();
43
44 /**
45 * @var array
46 */
47 public $MOD_SETTINGS = array();
48
49 /**
50 * @var \TYPO3\CMS\Backend\Template\DocumentTemplate
51 */
52 public $doc;
53
54 /**
55 * @var string
56 */
57 public $content;
58
59 /**
60 * @var array
61 */
62 public $overrideConf;
63
64 /**
65 * backend user object, set during simulate-user operation
66 *
67 * @var \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
68 */
69 public $OLD_BE_USER;
70
71 /**
72 * @var bool
73 */
74 public $languageUpdate;
75
76 /**
77 * @var bool
78 */
79 protected $pagetreeNeedsRefresh = FALSE;
80
81 /**
82 * @var bool
83 */
84 protected $isAdmin;
85
86 /**
87 * @var array
88 */
89 protected $tsFieldConf;
90
91 /**
92 * @var bool
93 */
94 protected $saveData = FALSE;
95
96 /**
97 * @var int
98 */
99 protected $passwordIsUpdated = self::PASSWORD_NOT_UPDATED;
100
101 /**
102 * @var bool
103 */
104 protected $passwordIsSubmitted = FALSE;
105
106 /**
107 * @var bool
108 */
109 protected $setupIsUpdated = FALSE;
110
111 /**
112 * @var bool
113 */
114 protected $tempDataIsCleared = FALSE;
115
116 /**
117 * @var bool
118 */
119 protected $settingsAreResetToDefault = FALSE;
120
121 /**
122 * Form protection instance
123 *
124 * @var \TYPO3\CMS\Core\FormProtection\BackendFormProtection
125 */
126 protected $formProtection;
127
128 /**
129 * @var string
130 */
131 protected $simulateSelector = '';
132
133 /**
134 * @var string
135 */
136 protected $simUser = '';
137
138 /**
139 * The name of the module
140 *
141 * @var string
142 */
143 protected $moduleName = 'user_setup';
144
145 /**
146 * Instantiate the form protection before a simulated user is initialized.
147 */
148 public function __construct() {
149 $this->formProtection = FormProtectionFactory::get();
150 }
151
152 /**
153 * Getter for the form protection instance.
154 *
155 * @return \TYPO3\CMS\Core\FormProtection\BackendFormProtection
156 */
157 public function getFormProtection() {
158 return $this->formProtection;
159 }
160
161 /**
162 * If settings are submitted to _POST[DATA], store them
163 * NOTICE: This method is called before the \TYPO3\CMS\Backend\Template\DocumentTemplate
164 * is included. See bottom of document.
165 *
166 * @see \TYPO3\CMS\Backend\Template\DocumentTemplate
167 */
168 public function storeIncomingData() {
169 // First check if something is submitted in the data-array from POST vars
170 $d = GeneralUtility::_POST('data');
171 $columns = $GLOBALS['TYPO3_USER_SETTINGS']['columns'];
172 $beUser = $this->getBackendUser();
173 $beUserId = $beUser->user['uid'];
174 $storeRec = array();
175 $fieldList = $this->getFieldsFromShowItem();
176 if (is_array($d) && $this->formProtection->validateToken((string)GeneralUtility::_POST('formToken'), 'BE user setup', 'edit')) {
177 // UC hashed before applying changes
178 $save_before = md5(serialize($beUser->uc));
179 // PUT SETTINGS into the ->uc array:
180 // Reload left frame when switching BE language
181 if (isset($d['lang']) && $d['lang'] != $beUser->uc['lang']) {
182 $this->languageUpdate = TRUE;
183 }
184 // Reload pagetree if the title length is changed
185 if (isset($d['titleLen']) && $d['titleLen'] !== $beUser->uc['titleLen']) {
186 $this->pagetreeNeedsRefresh = TRUE;
187 }
188 if ($d['setValuesToDefault']) {
189 // If every value should be default
190 $beUser->resetUC();
191 $this->settingsAreResetToDefault = TRUE;
192 } elseif ($d['clearSessionVars']) {
193 foreach ($beUser->uc as $key => $value) {
194 if (!isset($columns[$key])) {
195 unset($beUser->uc[$key]);
196 }
197 }
198 $this->tempDataIsCleared = TRUE;
199 } elseif ($d['save']) {
200 // Save all submitted values if they are no array (arrays are with table=be_users) and exists in $GLOBALS['TYPO3_USER_SETTINGS'][columns]
201 foreach ($columns as $field => $config) {
202 if (!in_array($field, $fieldList)) {
203 continue;
204 }
205 if ($config['table']) {
206 if ($config['table'] === 'be_users' && !in_array($field, array('password', 'password2', 'passwordCurrent', 'email', 'realName', 'admin', 'avatar'))) {
207 if (!isset($config['access']) || $this->checkAccess($config) && $beUser->user[$field] !== $d['be_users'][$field]) {
208 if ($config['type'] === 'check') {
209 $fieldValue = isset($d['be_users'][$field]) ? 1 : 0;
210 } else {
211 $fieldValue = $d['be_users'][$field];
212 }
213 $storeRec['be_users'][$beUserId][$field] = $fieldValue;
214 $beUser->user[$field] = $fieldValue;
215 }
216 }
217 }
218 if ($config['type'] === 'check') {
219 $beUser->uc[$field] = isset($d[$field]) ? 1 : 0;
220 } else {
221 $beUser->uc[$field] = htmlspecialchars($d[$field]);
222 }
223 }
224 // Personal data for the users be_user-record (email, name, password...)
225 // If email and name is changed, set it in the users record:
226 $be_user_data = $d['be_users'];
227 // Possibility to modify the transmitted values. Useful to do transformations, like RSA password decryption
228 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['modifyUserDataBeforeSave'])) {
229 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['modifyUserDataBeforeSave'] as $function) {
230 $params = array('be_user_data' => &$be_user_data);
231 GeneralUtility::callUserFunction($function, $params, $this);
232 }
233 }
234 $this->passwordIsSubmitted = (string)$be_user_data['password'] !== '';
235 $passwordIsConfirmed = $this->passwordIsSubmitted && $be_user_data['password'] === $be_user_data['password2'];
236 // Update the real name:
237 if ($be_user_data['realName'] !== $beUser->user['realName']) {
238 $beUser->user['realName'] = ($storeRec['be_users'][$beUserId]['realName'] = substr($be_user_data['realName'], 0, 80));
239 }
240 // Update the email address:
241 if ($be_user_data['email'] !== $beUser->user['email']) {
242 $beUser->user['email'] = ($storeRec['be_users'][$beUserId]['email'] = substr($be_user_data['email'], 0, 80));
243 }
244 // Update the password:
245 if ($passwordIsConfirmed) {
246 $currentPasswordHashed = $GLOBALS['BE_USER']->user['password'];
247 $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($currentPasswordHashed);
248 if ($saltFactory->checkPassword($be_user_data['passwordCurrent'], $currentPasswordHashed)) {
249 $this->passwordIsUpdated = self::PASSWORD_UPDATED;
250 $storeRec['be_users'][$beUserId]['password'] = $be_user_data['password'];
251 } else {
252 $this->passwordIsUpdated = self::PASSWORD_OLD_WRONG;
253 }
254 } else {
255 $this->passwordIsUpdated = self::PASSWORD_NOT_THE_SAME;
256 }
257
258 $this->setAvatarFileUid($beUserId, $be_user_data['avatar'], $storeRec);
259
260 $this->saveData = TRUE;
261 }
262 // Inserts the overriding values.
263 $beUser->overrideUC();
264 $save_after = md5(serialize($beUser->uc));
265 // If something in the uc-array of the user has changed, we save the array...
266 if ($save_before != $save_after) {
267 $beUser->writeUC($beUser->uc);
268 $beUser->writelog(254, 1, 0, 1, 'Personal settings changed', array());
269 $this->setupIsUpdated = TRUE;
270 }
271 // If the temporary data has been cleared, lets make a log note about it
272 if ($this->tempDataIsCleared) {
273 $beUser->writelog(254, 1, 0, 1, $this->getLanguageService()->getLL('tempDataClearedLog'), array());
274 }
275 // Persist data if something has changed:
276 if (!empty($storeRec) && $this->saveData) {
277 // Make instance of TCE for storing the changes.
278 /** @var DataHandler $dataHandler */
279 $dataHandler = GeneralUtility::makeInstance(DataHandler::class);
280 $dataHandler->stripslashes_values = FALSE;
281 // This is so the user can actually update his user record.
282 $isAdmin = $beUser->user['admin'];
283 $beUser->user['admin'] = 1;
284 $dataHandler->start($storeRec, array(), $beUser);
285 // This is to make sure that the users record can be updated even if in another workspace. This is tolerated.
286 $dataHandler->bypassWorkspaceRestrictions = TRUE;
287 $dataHandler->process_datamap();
288 unset($tce);
289 if ($this->passwordIsUpdated === self::PASSWORD_NOT_UPDATED || count($storeRec['be_users'][$beUserId]) > 1) {
290 $this->setupIsUpdated = TRUE;
291 }
292 // Restore admin status after processing
293 $beUser->user['admin'] = $isAdmin;
294 }
295 }
296 }
297
298 /******************************
299 *
300 * Rendering module
301 *
302 ******************************/
303 /**
304 * Initializes the module for display of the settings form.
305 *
306 * @return void
307 */
308 public function init() {
309 $this->getLanguageService()->includeLLFile('EXT:setup/Resources/Private/Language/locallang.xlf');
310
311 // Returns the script user - that is the REAL logged in user! ($GLOBALS[BE_USER] might be another user due to simulation!)
312 $scriptUser = $this->getRealScriptUserObj();
313
314 $this->isAdmin = $scriptUser->isAdmin();
315 // Getting the 'override' values as set might be set in User TSconfig
316 $this->overrideConf = $this->getBackendUser()->getTSConfigProp('setup.override');
317 // Getting the disabled fields might be set in User TSconfig (eg setup.fields.password.disabled=1)
318 $this->tsFieldConf = $this->getBackendUser()->getTSConfigProp('setup.fields');
319 // id password is disabled, disable repeat of password too (password2)
320 if (isset($this->tsFieldConf['password.']) && $this->tsFieldConf['password.']['disabled']) {
321 $this->tsFieldConf['password2.']['disabled'] = 1;
322 $this->tsFieldConf['passwordCurrent.']['disabled'] = 1;
323 }
324 // Create instance of object for output of data
325 $this->doc = GeneralUtility::makeInstance(\TYPO3\CMS\Backend\Template\DocumentTemplate::class);
326 $this->doc->setModuleTemplate('EXT:setup/Resources/Private/Templates/setup.html');
327 $this->doc->form = '<form action="' . BackendUtility::getModuleUrl('user_setup') . '" method="post" name="usersetup" enctype="multipart/form-data">';
328 $this->doc->JScode .= $this->getJavaScript();
329 }
330
331 /**
332 * Generate necessary JavaScript
333 *
334 * @return string
335 */
336 protected function getJavaScript() {
337 $javaScript = '';
338 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['setupScriptHook'])) {
339 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['setupScriptHook'] as $function) {
340 $params = array();
341 $javaScript .= GeneralUtility::callUserFunction($function, $params, $this);
342 }
343 }
344 return $javaScript;
345 }
346
347 /**
348 * Generate the main settings form:
349 *
350 * @return void
351 */
352 public function main() {
353 if ($this->languageUpdate) {
354 $this->doc->JScodeArray['languageUpdate'] .= '
355 if (top.refreshMenu) {
356 top.refreshMenu();
357 } else {
358 top.TYPO3ModuleMenu.refreshMenu();
359 }
360 ';
361 }
362 if ($this->pagetreeNeedsRefresh) {
363 BackendUtility::setUpdateSignal('updatePageTree');
364 }
365 // Start page:
366 $this->doc->loadJavascriptLib('sysext/backend/Resources/Public/JavaScript/md5.js');
367 // Use a wrapper div
368 $this->content .= '<div id="user-setup-wrapper">';
369 // Load available backend modules
370 $this->loadModules = GeneralUtility::makeInstance(\TYPO3\CMS\Backend\Module\ModuleLoader::class);
371 $this->loadModules->observeWorkspaces = TRUE;
372 $this->loadModules->load($GLOBALS['TBE_MODULES']);
373 $this->content .= $this->doc->header($this->getLanguageService()->getLL('UserSettings'));
374 // Show if setup was saved
375 if ($this->setupIsUpdated && !$this->tempDataIsCleared && !$this->settingsAreResetToDefault) {
376 $flashMessage = GeneralUtility::makeInstance(FlashMessage::class, $this->getLanguageService()->getLL('setupWasUpdated'), $this->getLanguageService()->getLL('UserSettings'));
377 $this->content .= $flashMessage->render();
378 }
379
380 // Show if temporary data was cleared
381 if ($this->tempDataIsCleared) {
382 $flashMessage = GeneralUtility::makeInstance(FlashMessage::class, $this->getLanguageService()->getLL('tempDataClearedFlashMessage'), $this->getLanguageService()->getLL('tempDataCleared'));
383 $this->content .= $flashMessage->render();
384 }
385
386 // Show if temporary data was cleared
387 if ($this->settingsAreResetToDefault) {
388 $flashMessage = GeneralUtility::makeInstance(FlashMessage::class, $this->getLanguageService()->getLL('settingsAreReset'), $this->getLanguageService()->getLL('resetConfiguration'));
389 $this->content .= $flashMessage->render();
390 }
391
392 // Notice
393 if ($this->setupIsUpdated || $this->settingsAreResetToDefault) {
394 $flashMessage = GeneralUtility::makeInstance(FlashMessage::class, $this->getLanguageService()->getLL('activateChanges'), '', FlashMessage::INFO);
395 $this->content .= $flashMessage->render();
396 }
397
398 // If password is updated, output whether it failed or was OK.
399 if ($this->passwordIsSubmitted) {
400 $flashMessage = NULL;
401 switch ($this->passwordIsUpdated) {
402 case self::PASSWORD_OLD_WRONG:
403 $flashMessage = GeneralUtility::makeInstance(FlashMessage::class, $this->getLanguageService()->getLL('oldPassword_failed'), $this->getLanguageService()->getLL('newPassword'), FlashMessage::ERROR);
404 break;
405 case self::PASSWORD_NOT_THE_SAME:
406 $flashMessage = GeneralUtility::makeInstance(FlashMessage::class, $this->getLanguageService()->getLL('newPassword_failed'), $this->getLanguageService()->getLL('newPassword'), FlashMessage::ERROR);
407 break;
408 case self::PASSWORD_UPDATED:
409 $flashMessage = GeneralUtility::makeInstance(FlashMessage::class, $this->getLanguageService()->getLL('newPassword_ok'), $this->getLanguageService()->getLL('newPassword'));
410 break;
411 }
412 if ($flashMessage) {
413 $this->content .= $flashMessage->render();
414 }
415 }
416
417 // Render user switch
418 $this->content .= $this->renderSimulateUserSelectAndLabel();
419
420 // Render the menu items
421 $menuItems = $this->renderUserSetup();
422 $this->content .= $this->doc->getDynamicTabMenu($menuItems, 'user-setup', 1, FALSE, FALSE);
423 $formToken = $this->formProtection->generateToken('BE user setup', 'edit');
424 $this->content .= $this->doc->section('', '<input type="hidden" name="simUser" value="' . $this->simUser . '" />
425 <input type="hidden" name="formToken" value="' . $formToken . '" />
426 <input type="hidden" value="1" name="data[save]" />
427 <input type="hidden" name="data[setValuesToDefault]" value="0" id="setValuesToDefault" />
428 <input type="hidden" name="data[clearSessionVars]" value="0" id="clearSessionVars" />');
429 // End of wrapper div
430 $this->content .= '</div>';
431 // Setting up the buttons and markers for docheader
432 $docHeaderButtons = $this->getButtons();
433 $markers['CSH'] = $docHeaderButtons['csh'];
434 $markers['CONTENT'] = $this->content;
435 // Build the <body> for the module
436 $this->content = $this->doc->moduleBody($this->pageinfo, $docHeaderButtons, $markers);
437 // Renders the module page
438 $this->content = $this->doc->render($this->getLanguageService()->getLL('UserSettings'), $this->content);
439 }
440
441 /**
442 * Prints the content / ends page
443 *
444 * @return void
445 */
446 public function printContent() {
447 echo $this->content;
448 }
449
450 /**
451 * Create the panel of buttons for submitting the form or otherwise perform operations.
452 *
453 * @return array All available buttons as an assoc. array
454 */
455 protected function getButtons() {
456 $buttons = array(
457 'csh' => '',
458 'save' => '',
459 'shortcut' => ''
460 );
461 $buttons['csh'] = BackendUtility::cshItem('_MOD_user_setup', '');
462 $buttons['save'] = '<button class="c-inputButton" name="data[save]">'
463 . IconUtility::getSpriteIcon('actions-document-save', array('title' => $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:rm.saveDoc', TRUE)))
464 . '</button>';
465 if ($this->getBackendUser()->mayMakeShortcut()) {
466 $buttons['shortcut'] = $this->doc->makeShortcutIcon('', '', $this->moduleName);
467 }
468 return $buttons;
469 }
470
471 /******************************
472 *
473 * Render module
474 *
475 ******************************/
476
477 /**
478 * renders the data for all tabs in the user setup and returns
479 * everything that is needed with tabs and dyntab menu
480 *
481 * @return array Ready to use for the dyntabmenu itemarray
482 */
483 protected function renderUserSetup() {
484 $result = array();
485 $firstTabLabel = '';
486 $code = array();
487 $i = 0;
488 $fieldArray = $this->getFieldsFromShowItem();
489 $tabLabel = '';
490 foreach ($fieldArray as $fieldName) {
491 $more = '';
492 if (substr($fieldName, 0, 8) === '--div--;') {
493 if ($firstTabLabel === '') {
494 // First tab
495 $tabLabel = $this->getLabel(substr($fieldName, 8), '', FALSE);
496 $firstTabLabel = $tabLabel;
497 } else {
498 $result[] = array(
499 'label' => $tabLabel,
500 'content' => count($code) ? implode(LF, $code) : ''
501 );
502 $tabLabel = $this->getLabel(substr($fieldName, 8), '', FALSE);
503 $i = 0;
504 $code = array();
505 }
506 continue;
507 }
508 $config = $GLOBALS['TYPO3_USER_SETTINGS']['columns'][$fieldName];
509
510 // Field my be disabled in setup.fields
511 if (isset($this->tsFieldConf[$fieldName . '.']['disabled']) && $this->tsFieldConf[$fieldName . '.']['disabled'] == 1) {
512 continue;
513 }
514 if (isset($config['access']) && !$this->checkAccess($config)) {
515 continue;
516 }
517 $label = $this->getLabel($config['label'], $fieldName);
518 $label = $this->getCSH($config['csh'] ?: $fieldName, $label);
519 $type = $config['type'];
520 $class = $config['class'];
521
522 if ($type !== 'check') {
523 $class .= ' form-control';
524 }
525
526 $style = $config['style'];
527 if ($class) {
528 $more .= ' class="' . $class . '"';
529 }
530 if ($style) {
531 $more .= ' style="' . $style . '"';
532 }
533 if (isset($this->overrideConf[$fieldName])) {
534 $more .= ' disabled="disabled"';
535 }
536 $value = $config['table'] === 'be_users' ? $this->getBackendUser()->user[$fieldName] : $this->getBackendUser()->uc[$fieldName];
537 if (!$value && isset($config['default'])) {
538 $value = $config['default'];
539 }
540 $dataAdd = '';
541 if ($config['table'] === 'be_users') {
542 $dataAdd = '[be_users]';
543 }
544
545 switch ($type) {
546 case 'text':
547 case 'email':
548 case 'password':
549 $noAutocomplete = '';
550 if ($type === 'password') {
551 $value = '';
552 $noAutocomplete = 'autocomplete="off" ';
553 $more .= ' data-rsa-encryption=""';
554 }
555 $html = '<input id="field_' . $fieldName . '"
556 type="' . $type . '"
557 name="data' . $dataAdd . '[' . $fieldName . ']" ' .
558 $noAutocomplete .
559 'value="' . htmlspecialchars($value) . '" ' .
560 $more .
561 ' />';
562 break;
563 case 'check':
564 $html = $label . '<div class="checkbox"><label><input id="field_' . $fieldName . '"
565 type="checkbox"
566 name="data' . $dataAdd . '[' . $fieldName . ']"' .
567 ($value ? ' checked="checked"' : '') .
568 $more .
569 ' /></label></div>';
570 $label = '';
571 break;
572 case 'select':
573 if ($config['itemsProcFunc']) {
574 $html = GeneralUtility::callUserFunction($config['itemsProcFunc'], $config, $this, '');
575 } else {
576 $html = '<select id="field_' . $fieldName . '"
577 name="data' . $dataAdd . '[' . $fieldName . ']"' .
578 $more . '>' . LF;
579 foreach ($config['items'] as $key => $optionLabel) {
580 $html .= '<option value="' . $key . '"' . ($value == $key ? ' selected="selected"' : '') . '>' . $this->getLabel($optionLabel, '', FALSE) . '</option>' . LF;
581 }
582 $html .= '</select>';
583 }
584 break;
585 case 'user':
586 $html = GeneralUtility::callUserFunction($config['userFunc'], $config, $this, '');
587 break;
588 case 'button':
589 if ($config['onClick']) {
590 $onClick = $config['onClick'];
591 if ($config['onClickLabels']) {
592 foreach ($config['onClickLabels'] as $key => $labelclick) {
593 $config['onClickLabels'][$key] = $this->getLabel($labelclick, '', FALSE);
594 }
595 $onClick = vsprintf($onClick, $config['onClickLabels']);
596 }
597 $html = '<br><input class="btn btn-default" type="button"
598 value="' . $this->getLabel($config['buttonlabel'], '', FALSE) . '"
599 onclick="' . $onClick . '" />';
600 }
601 break;
602 case 'avatar':
603 // Get current avatar image
604 $html = '<br>';
605 $avatarFileUid = $this->getAvatarFileUid($this->getBackendUser()->user['uid']);
606
607 if ($avatarFileUid) {
608 $imageProvider = GeneralUtility::makeInstance(ImageProvider::class);
609 $avatarImage = $imageProvider->getImage($this->getBackendUser()->user, 32);
610 if ($avatarImage) {
611 $icon = '<span class="avatar"><span class="avatar-image">' .
612 '<img src="' . htmlspecialchars($avatarImage->getUrl()) . '"' .
613 'width="' . (int)$avatarImage->getWidth() . '" ' .
614 'height="' . (int)$avatarImage->getHeight() . '" />' .
615 '</span></span>';
616 $html .= '<span class="pull-left" style="padding-right: 10px" id="image_' . htmlspecialchars($fieldName) . '">' . $icon . ' </span>';
617 }
618 }
619 $html .= '<input id="field_' . htmlspecialchars($fieldName) . '" type="hidden" ' .
620 'name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' . $more .
621 ' value="' . $avatarFileUid . '" />';
622
623 $html .= '<div class="btn-group">';
624 if ($avatarFileUid) {
625 $html .= '<a id="clear_button_' . htmlspecialchars($fieldName) . '" onclick="clearExistingImage(); return false;" class="btn btn-default"><span class="t3-icon fa t3-icon fa fa-remove"> </span></a>';
626 }
627 $html .= '<a id="add_button_' . htmlspecialchars($fieldName) . '" class="btn btn-default btn-add-avatar" onclick="openFileBrowser();return false;"><span class="t3-icon t3-icon-actions t3-icon-actions-insert t3-icon-insert-record"> </span></a>' .
628 '</div>';
629
630 $this->addAvatarButtonJs($fieldName);
631 break;
632 default:
633 $html = '';
634 }
635
636 $code[] = '<div class="form-section"><div class="form-group">' .
637 $label .
638 $html .
639 '</div></div>';
640 }
641
642 $result[] = array(
643 'label' => $tabLabel,
644 'content' => count($code) ? implode(LF, $code) : ''
645 );
646 return $result;
647 }
648
649 /******************************
650 *
651 * Helper functions
652 *
653 ******************************/
654 /**
655 * Returns the backend user object, either the global OR the $this->OLD_BE_USER which is set during simulate-user operation.
656 * Anyway: The REAL user is returned - the one logged in.
657 *
658 * @return BackendUserAuthentication The REAL user is returned - the one logged in.
659 */
660 protected function getRealScriptUserObj() {
661 return is_object($this->OLD_BE_USER) ? $this->OLD_BE_USER : $this->getBackendUser();
662 }
663
664 /**
665 * Return a select with available languages
666 *
667 * @return string Complete select as HTML string or warning box if something went wrong.
668 */
669 public function renderLanguageSelect($params, $pObj) {
670 $languageOptions = array();
671 // Compile the languages dropdown
672 $langDefault = $this->getLanguageService()->getLL('lang_default', TRUE);
673 $languageOptions[$langDefault] = '<option value=""' . ($this->getBackendUser()->uc['lang'] === '' ? ' selected="selected"' : '') . '>' . $langDefault . '</option>';
674 // Traverse the number of languages
675 /** @var $locales \TYPO3\CMS\Core\Localization\Locales */
676 $locales = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Localization\Locales::class);
677 $languages = $locales->getLanguages();
678 foreach ($languages as $locale => $name) {
679 if ($locale !== 'default') {
680 $defaultName = isset($GLOBALS['LOCAL_LANG']['default']['lang_' . $locale]) ? $GLOBALS['LOCAL_LANG']['default']['lang_' . $locale][0]['source'] : $name;
681 $localizedName = $this->getLanguageService()->getLL('lang_' . $locale, TRUE);
682 if ($localizedName === '') {
683 $localizedName = htmlspecialchars($name);
684 }
685 $localLabel = ' - [' . htmlspecialchars($defaultName) . ']';
686 $available = is_dir(PATH_typo3conf . 'l10n/' . $locale);
687 if ($available) {
688 $languageOptions[$defaultName] = '<option value="' . $locale . '"' . ($this->getBackendUser()->uc['lang'] === $locale ? ' selected="selected"' : '') . '>' . $localizedName . $localLabel . '</option>';
689 }
690 }
691 }
692 ksort($languageOptions);
693 $languageCode = '
694 <select id="field_lang" name="data[lang]" class="form-control">' . implode('', $languageOptions) . '
695 </select>';
696 if ($this->getBackendUser()->uc['lang'] && !@is_dir((PATH_typo3conf . 'l10n/' . $this->getBackendUser()->uc['lang']))) {
697 $languageUnavailableWarning = 'The selected language "' . $this->getLanguageService()->getLL(('lang_' . $this->getBackendUser()->uc['lang']), TRUE) . '" is not available before the language files are installed.<br />' . ($this->getBackendUser()->isAdmin() ? 'You can use the Language module to easily download new language files.' : 'Please ask your system administrator to do this.');
698 $languageUnavailableMessage = GeneralUtility::makeInstance(FlashMessage::class, $languageUnavailableWarning, '', FlashMessage::WARNING);
699 $languageCode = $languageUnavailableMessage->render() . $languageCode;
700 }
701 return $languageCode;
702 }
703
704 /**
705 * Returns a select with all modules for startup
706 *
707 * @return string Complete select as HTML string
708 */
709 public function renderStartModuleSelect($params, $pObj) {
710 $startModuleSelect = '<option value="">' . $this->getLanguageService()->getLL('startModule.firstInMenu', TRUE) . '</option>';
711 foreach ($pObj->loadModules->modules as $mainMod => $modData) {
712 if (!empty($modData['sub']) && is_array($modData['sub'])) {
713 $modules = '';
714 foreach ($modData['sub'] as $subData) {
715 $modName = $subData['name'];
716 $modules .= '<option value="' . htmlspecialchars($modName) . '"';
717 $modules .= $this->getBackendUser()->uc['startModule'] === $modName ? ' selected="selected"' : '';
718 $modules .= '>' . $this->getLanguageService()->moduleLabels['tabs'][$modName . '_tab'] . '</option>';
719 }
720 $groupLabel = $this->getLanguageService()->moduleLabels['tabs'][$mainMod . '_tab'];
721 $startModuleSelect .= '<optgroup label="' . htmlspecialchars($groupLabel) . '">' . $modules . '</optgroup>';
722 }
723 }
724 return '<select id="field_startModule" name="data[startModule]" class="form-control">' . $startModuleSelect . '</select>';
725 }
726
727 /**
728 * Will make the simulate-user selector if the logged in user is administrator.
729 * It will also set the GLOBAL(!) BE_USER to the simulated user selected if any (and set $this->OLD_BE_USER to logged in user)
730 *
731 * @return void
732 */
733 public function simulateUser() {
734 // If admin, allow simulation of another user
735 $this->simUser = 0;
736 $this->simulateSelector = '';
737 unset($this->OLD_BE_USER);
738 if ($this->getBackendUser()->isAdmin()) {
739 $this->simUser = (int)GeneralUtility::_GP('simUser');
740 // Make user-selector:
741 $db = $this->getDatabaseConnection();
742 $where = 'AND username NOT LIKE ' . $db->fullQuoteStr($db->escapeStrForLike('_cli_', 'be_users') . '%', 'be_users');
743 $where .= ' AND uid <> ' . (int)$this->getBackendUser()->user['uid'] . BackendUtility::BEenableFields('be_users');
744 $users = BackendUtility::getUserNames('username,usergroup,usergroup_cached_list,uid,realName', $where);
745 $opt = array();
746 foreach ($users as $rr) {
747 $label = htmlspecialchars(($rr['username'] . ($rr['realName'] ? ' (' . $rr['realName'] . ')' : '')));
748 $opt[] = '<option value="' . $rr['uid'] . '"' . ($this->simUser == $rr['uid'] ? ' selected="selected"' : '') . '>' . $label . '</option>';
749 }
750 if (!empty($opt)) {
751 $this->simulateSelector = '<select id="field_simulate" name="simulateUser" onchange="window.location.href=' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('user_setup') . '&simUser=') . '+this.options[this.selectedIndex].value;"><option></option>' . implode('', $opt) . '</select>';
752 }
753 }
754 // This can only be set if the previous code was executed.
755 if ($this->simUser > 0) {
756 // Save old user...
757 $this->OLD_BE_USER = $this->getBackendUser();
758 unset($GLOBALS['BE_USER']);
759 // Unset current
760 // New backend user object
761 $BE_USER = GeneralUtility::makeInstance(BackendUserAuthentication::class);
762 $BE_USER->setBeUserByUid($this->simUser);
763 $BE_USER->fetchGroupData();
764 $BE_USER->backendSetUC();
765 // Must do this, because unsetting $BE_USER before apparently unsets the reference to the global variable by this name!
766 $GLOBALS['BE_USER'] = $BE_USER;
767 }
768 }
769
770 /**
771 * Render simulate user select and label
772 *
773 * @return string
774 */
775 protected function renderSimulateUserSelectAndLabel() {
776 if ($this->simulateSelector === '') {
777 return '';
778 }
779
780 return '<p>' .
781 '<label for="field_simulate" style="margin-right: 20px;">' .
782 $this->getLanguageService()->sL('LLL:EXT:setup/Resources/Private/Language/locallang.xlf:simulate') .
783 '</label>' .
784 $this->simulateSelector .
785 '</p>';
786 }
787
788 /**
789 * Returns access check (currently only "admin" is supported)
790 *
791 * @param array $config Configuration of the field, access mode is defined in key 'access'
792 * @return bool Whether it is allowed to modify the given field
793 */
794 protected function checkAccess(array $config) {
795 $access = $config['access'];
796
797 if (isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['setup']['accessLevelCheck'][$access])) {
798 if (class_exists($access)) {
799 $accessObject = GeneralUtility::makeInstance($access);
800 if (method_exists($accessObject, 'accessLevelCheck')) {
801 // Initialize vars. If method fails, $set will be set to FALSE
802 return $accessObject->accessLevelCheck($config);
803 }
804 }
805 } elseif ($access == 'admin') {
806 return $this->isAdmin;
807 }
808
809 return FALSE;
810 }
811
812 /**
813 * Returns the label $str from getLL() and grays out the value if the $str/$key is found in $this->overrideConf array
814 *
815 * @param string $str Locallang key
816 * @param string $key Alternative override-config key
817 * @param bool $addLabelTag Defines whether the string should be wrapped in a <label> tag.
818 * @param string $altLabelTagId Alternative id for use in "for" attribute of <label> tag. By default the $str key is used prepended with "field_".
819 * @return string HTML output.
820 */
821 protected function getLabel($str, $key = '', $addLabelTag = TRUE, $altLabelTagId = '') {
822 if (substr($str, 0, 4) === 'LLL:') {
823 $out = $this->getLanguageService()->sL($str);
824 } else {
825 $out = htmlspecialchars($str);
826 }
827 if (isset($this->overrideConf[$key ?: $str])) {
828 $out = '<span style="color:#999999">' . $out . '</span>';
829 }
830 if ($addLabelTag) {
831 $out = '<label for="' . ($altLabelTagId ?: 'field_' . $key) . '">' . $out . '</label>';
832 }
833 return $out;
834 }
835
836 /**
837 * Returns the CSH Icon for given string
838 *
839 * @param string $str Locallang key
840 * @param string $label The label to be used, that should be wrapped in help
841 * @return string HTML output.
842 */
843 protected function getCSH($str, $label) {
844 $context = '_MOD_user_setup';
845 $field = $str;
846 $strParts = explode(':', $str);
847 if (count($strParts) > 1) {
848 // Setting comes from another extension
849 $context = $strParts[0];
850 $field = $strParts[1];
851 } elseif (!GeneralUtility::inList('language,simuser,reset', $str)) {
852 $field = 'option_' . $str;
853 }
854 return BackendUtility::wrapInHelp($context, $field, $label);
855 }
856
857 /**
858 * Returns array with fields defined in $GLOBALS['TYPO3_USER_SETTINGS']['showitem']
859 *
860 * @return array Array with fieldnames visible in form
861 */
862 protected function getFieldsFromShowItem() {
863 return GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_USER_SETTINGS']['showitem'], TRUE);
864 }
865
866 /**
867 * Get Avatar fileUid
868 *
869 * @param int $beUserId
870 * @return int
871 */
872 protected function getAvatarFileUid($beUserId) {
873 $file = $this->getDatabaseConnection()->exec_SELECTgetSingleRow(
874 'uid_local',
875 'sys_file_reference',
876 'tablenames = \'be_users\' AND fieldname = \'avatar\' AND ' .
877 'table_local = \'sys_file\' AND uid_foreign = ' . (int)$beUserId .
878 BackendUtility::BEenableFields('sys_file_reference') . BackendUtility::deleteClause('sys_file_reference')
879 );
880 return $file ? $file['uid_local'] : 0;
881 }
882
883 /**
884 * Set avatar fileUid for backend user
885 *
886 * @param int $beUserId
887 * @param int $fileUid
888 * @param array $storeRec
889 */
890 protected function setAvatarFileUid($beUserId, $fileUid, array &$storeRec) {
891
892 // Update is only needed when new fileUid is set
893 if ((int)$fileUid === $this->getAvatarFileUid($beUserId)) {
894 return;
895 }
896
897 // Delete old file reference
898 $this->getDatabaseConnection()->exec_DELETEquery(
899 'sys_file_reference',
900 'tablenames = \'be_users\' AND fieldname = \'avatar\' AND ' .
901 'table_local = \'sys_file\' AND uid_foreign = ' . (int)$beUserId
902 );
903
904 // Create new reference
905 if ($fileUid) {
906
907 // Get file object
908 try {
909 $file = ResourceFactory::getInstance()->getFileObject($fileUid);
910 } catch (FileDoesNotExistException $e) {
911 $file = FALSE;
912 }
913
914 // Check if user is allowed to use the image (only when not in simulation mode)
915 if ($file && $this->simUser === 0 && !$file->getStorage()->checkFileActionPermission('read', $file)) {
916 $file = FALSE;
917 }
918
919 // Check if extension is allowed
920 if ($file && GeneralUtility::inList($GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext'], $file->getExtension())) {
921
922 // Create new file reference
923 $storeRec['sys_file_reference']['NEW1234'] = array(
924 'uid_local' => $fileUid,
925 'uid_foreign' => $beUserId,
926 'tablenames' => 'be_users',
927 'fieldname' => 'avatar',
928 'pid' => 0,
929 'table_local' => 'sys_file',
930 );
931 $storeRec['be_users'][(int)$beUserId]['avatar'] = 'NEW1234';
932 }
933 }
934 }
935
936 /**
937 * Add JavaScript to for browse files button
938 *
939 * @param sting $fieldName
940 */
941 protected function addAvatarButtonJs($fieldName) {
942 $this->doc->JScodeArray['avatar-button'] = '
943 var browserWin="";
944
945 function openFileBrowser() {
946 var url = ' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('wizard_element_browser', ['mode' => 'file', 'bparams' => '||||dummy|setFileUid'])) .';
947 browserWin = window.open(url,"Typo3WinBrowser","height=650,width=800,status=0,menubar=0,resizable=1,scrollbars=1");
948 browserWin.focus();
949 }
950
951 function clearExistingImage() {
952 TYPO3.jQuery(\'#image_' . htmlspecialchars($fieldName) . '\').hide();
953 TYPO3.jQuery(\'#clear_button_' . htmlspecialchars($fieldName) . '\').hide();
954 TYPO3.jQuery(\'#field_' . htmlspecialchars($fieldName) . '\').val(\'\');
955 }
956
957 function setFileUid(field, value, fileUid) {
958 clearExistingImage();
959 TYPO3.jQuery(\'#field_' . htmlspecialchars($fieldName) . '\').val(fileUid);
960 TYPO3.jQuery(\'#add_button_' . htmlspecialchars($fieldName) . '\').removeClass(\'btn-default\').addClass(\'btn-info\');
961
962 browserWin.close();
963 }
964 ';
965
966 }
967
968 /**
969 * Returns the current BE user.
970 *
971 * @return \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
972 */
973 protected function getBackendUser() {
974 return $GLOBALS['BE_USER'];
975 }
976
977 /**
978 * Returns LanguageService
979 *
980 * @return \TYPO3\CMS\Lang\LanguageService
981 */
982 protected function getLanguageService() {
983 return $GLOBALS['LANG'];
984 }
985
986 /**
987 * @return DatabaseConnection
988 */
989 protected function getDatabaseConnection() {
990 return $GLOBALS['TYPO3_DB'];
991 }
992 }
993