[API][CONF][!!!] Make the name of cookies configurable
[Packages/TYPO3.CMS.git] / typo3 / classes / class.ajaxlogin.php
index bbf9f21..1c32387 100644 (file)
@@ -2,7 +2,7 @@
 /***************************************************************
 *  Copyright notice
 *
-*  (c) 2008-2009 Christoph Koehler (christoph@webempoweredchurch.org)
+*  (c) 2008-2011 Christoph Koehler (christoph@webempoweredchurch.org)
 *  All rights reserved
 *
 *  This script is part of the TYPO3 project. The TYPO3 project is
@@ -38,85 +38,135 @@ class AjaxLogin {
         * a BE user and reset the timer and hide the login window.
         * If it was unsuccessful, we display that and show the login box again.
         *
-        * @param string $params        Always empty.
-        * @param string $ajaxObj       The Ajax object used to return content and set content types
-        * @return void
+        * @param       array           $parameters: Parameters (not used)
+        * @param       TYPO3AJAX       $ajaxObj: The calling parent AJAX object
+        * @return      void
         */
-       public function login($params = array(), TYPO3AJAX &$ajaxObj = null) {
-               if ($GLOBALS['BE_USER']->user['uid']) {
-                       $json = '{success: true}';
+       public function login(array $parameters, TYPO3AJAX $ajaxObj) {
+               if ($this->isAuthorizedBackendSession()) {
+                       $json = array('success' => TRUE);
+                       if ($this->hasLoginBeenProcessed()) {
+                               $formProtection = t3lib_formprotection_Factory::get();
+                               $formProtection->setSessionTokenFromRegistry();
+                               $formProtection->persistSessionToken();
+                       }
                } else {
-                       $json = '{success: false}';
+                       $json = array('success' => FALSE);
                }
                $ajaxObj->addContent('login', $json);
+               $ajaxObj->setContentFormat('json');
+       }
+
+       /**
+        * Checks if a user is logged in and the session is active.
+        *
+        * @return boolean
+        */
+       protected function isAuthorizedBackendSession() {
+               return (isset($GLOBALS['BE_USER']) && $GLOBALS['BE_USER'] instanceof t3lib_beUserAuth && isset($GLOBALS['BE_USER']->user['uid']));
+       }
+
+       /**
+        * Check whether the user was already authorized or not
+        *
+        * @return boolean
+        */
+       protected function hasLoginBeenProcessed() {
+               $loginFormData = $GLOBALS['BE_USER']->getLoginFormData();
+
+               return ($loginFormData['status'] == 'login')
+                       && isset($loginFormData['uname'])
+                       && isset($loginFormData['uident'])
+                       && isset($loginFormData['chalvalue'])
+                       && ((string)$_COOKIE[t3lib_beUserAuth::getCookieName()] !== (string)$GLOBALS['BE_USER']->id);
        }
 
        /**
         * Logs out the current BE user
         *
-        * @param string $params                Always empty.
-        * @param string $TYPO3AJAX     The Ajax object used to return content and set content types
-        * @return void
+        * @param       array           $parameters: Parameters (not used)
+        * @param       TYPO3AJAX       $ajaxObj: The calling parent AJAX object
+        * @return      void
         */
-       public function logout($params = array(), TYPO3AJAX &$ajaxObj = null) {
+       public function logout(array $parameters, TYPO3AJAX $ajaxObj) {
                $GLOBALS['BE_USER']->logoff();
                if($GLOBALS['BE_USER']->user['uid']) {
-                       $ajaxObj->addContent('logout', '{sucess: false}');
+                       $ajaxObj->addContent('logout', array('success' => FALSE));
                } else {
-                       $ajaxObj->addContent('logout', '{sucess: true}');
+                       $ajaxObj->addContent('logout', array('success' => TRUE));
                }
+               $ajaxObj->setContentFormat('json');
        }
 
        /**
         * Refreshes the login without needing login information. We just refresh the session.
         *
         *
-        * @param string $params                Always empty.
-        * @param string $ajaxObj       The Ajax object used to return content and set content types
-        * @return void
+        * @param       array           $parameters: Parameters (not used)
+        * @param       TYPO3AJAX       $ajaxObj: The calling parent AJAX object
+        * @return      void
         */
-       public function refreshLogin($params = array(), TYPO3AJAX &$ajaxObj = null) {
+       public function refreshLogin(array $parameters, TYPO3AJAX $ajaxObj) {
                $GLOBALS['BE_USER']->checkAuthentication();
-               $ajaxObj->addContent('refresh', '{sucess: true}');
+               $ajaxObj->addContent('refresh', array('success' => TRUE));
+               $ajaxObj->setContentFormat('json');
        }
 
 
        /**
         * Checks if the user session is expired yet
         *
-        * @param string $params                Always empty.
-        * @param string $TYPO3AJAX     The Ajax object used to return content and set content types
-        * @return void
+        * @param       array           $parameters: Parameters (not used)
+        * @param       TYPO3AJAX       $ajaxObj: The calling parent AJAX object
+        * @return      void
         */
-       function isTimedOut($params = array(), TYPO3AJAX &$ajaxObj = null) {
+       function isTimedOut(array $parameters, TYPO3AJAX $ajaxObj) {
                if(is_object($GLOBALS['BE_USER'])) {
-
+                       $ajaxObj->setContentFormat('json');
                        if (@is_file(PATH_typo3conf.'LOCK_BACKEND')) {
-                               $ajaxObj->addContent('login', '{timed_out: false,locked:true}');
+                               $ajaxObj->addContent('login', array('will_time_out' => FALSE, 'locked' => TRUE));
                                $ajaxObj->setContentFormat('json');
+                       } elseif (!isset($GLOBALS['BE_USER']->user['uid'])) {
+                               $ajaxObj->addContent('login', array('timed_out' => TRUE));
                        } else {
-                               $GLOBALS['BE_USER']->fetchUserSession(true);
+                               $GLOBALS['BE_USER']->fetchUserSession(TRUE);
                                $ses_tstamp = $GLOBALS['BE_USER']->user['ses_tstamp'];
                                $timeout = $GLOBALS['BE_USER']->auth_timeout_field;
 
                                // if 120 seconds from now is later than the session timeout, we need to show the refresh dialog.
                                // 120 is somewhat arbitrary to allow for a little room during the countdown and load times, etc.
-                               if($GLOBALS['EXEC_TIME'] >= $ses_tstamp+$timeout-120) {
-                                       $ajaxObj->addContent('login', '{timed_out: true}');
-                                       $ajaxObj->setContentFormat('json');
+                               if ($GLOBALS['EXEC_TIME'] >= $ses_tstamp + $timeout - 120) {
+                                       $ajaxObj->addContent('login', array('will_time_out' => TRUE));
                                } else {
-                                       $ajaxObj->addContent('login', '{timed_out: false}');
-                                       $ajaxObj->setContentFormat('json');
+                                       $ajaxObj->addContent('login', array('will_time_out' => FALSE));
                                }
                        }
                } else {
-                       $ajaxObj->addContent('login', '{success: false, error: "No BE_USER object"}');
+                       $ajaxObj->addContent('login', array('success' => FALSE, 'error' => 'No BE_USER object'));
                }
        }
+
+       /**
+        * Gets a MD5 challenge.
+        *
+        * @param       array           $parameters: Parameters (not used)
+        * @param       TYPO3AJAX       $parent: The calling parent AJAX object
+        * @return      void
+        */
+       public function getChallenge(array $parameters, TYPO3AJAX $parent) {
+               session_start();
+
+               $_SESSION['login_challenge'] = md5(uniqid('') . getmypid());
+
+               session_commit();
+
+               $parent->addContent('challenge', $_SESSION['login_challenge']);
+               $parent->setContentFormat('json');
+       }
 }
 
-if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php'])      {
-       include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php']);
+if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php'])) {
+       include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php']);
 }
 
-?>
+?>
\ No newline at end of file