[API][CONF][!!!] Make the name of cookies configurable
[Packages/TYPO3.CMS.git] / typo3 / classes / class.ajaxlogin.php
index e35df88..1c32387 100644 (file)
@@ -2,7 +2,7 @@
 /***************************************************************
 *  Copyright notice
 *
-*  (c) 2008-2009 Christoph Koehler (christoph@webempoweredchurch.org)
+*  (c) 2008-2011 Christoph Koehler (christoph@webempoweredchurch.org)
 *  All rights reserved
 *
 *  This script is part of the TYPO3 project. The TYPO3 project is
@@ -43,8 +43,13 @@ class AjaxLogin {
         * @return      void
         */
        public function login(array $parameters, TYPO3AJAX $ajaxObj) {
-               if ($GLOBALS['BE_USER']->user['uid']) {
+               if ($this->isAuthorizedBackendSession()) {
                        $json = array('success' => TRUE);
+                       if ($this->hasLoginBeenProcessed()) {
+                               $formProtection = t3lib_formprotection_Factory::get();
+                               $formProtection->setSessionTokenFromRegistry();
+                               $formProtection->persistSessionToken();
+                       }
                } else {
                        $json = array('success' => FALSE);
                }
@@ -53,6 +58,30 @@ class AjaxLogin {
        }
 
        /**
+        * Checks if a user is logged in and the session is active.
+        *
+        * @return boolean
+        */
+       protected function isAuthorizedBackendSession() {
+               return (isset($GLOBALS['BE_USER']) && $GLOBALS['BE_USER'] instanceof t3lib_beUserAuth && isset($GLOBALS['BE_USER']->user['uid']));
+       }
+
+       /**
+        * Check whether the user was already authorized or not
+        *
+        * @return boolean
+        */
+       protected function hasLoginBeenProcessed() {
+               $loginFormData = $GLOBALS['BE_USER']->getLoginFormData();
+
+               return ($loginFormData['status'] == 'login')
+                       && isset($loginFormData['uname'])
+                       && isset($loginFormData['uident'])
+                       && isset($loginFormData['chalvalue'])
+                       && ((string)$_COOKIE[t3lib_beUserAuth::getCookieName()] !== (string)$GLOBALS['BE_USER']->id);
+       }
+
+       /**
         * Logs out the current BE user
         *
         * @param       array           $parameters: Parameters (not used)
@@ -95,8 +124,10 @@ class AjaxLogin {
                if(is_object($GLOBALS['BE_USER'])) {
                        $ajaxObj->setContentFormat('json');
                        if (@is_file(PATH_typo3conf.'LOCK_BACKEND')) {
-                               $ajaxObj->addContent('login', array('timed_out' => FALSE, 'locked' => TRUE));
+                               $ajaxObj->addContent('login', array('will_time_out' => FALSE, 'locked' => TRUE));
                                $ajaxObj->setContentFormat('json');
+                       } elseif (!isset($GLOBALS['BE_USER']->user['uid'])) {
+                               $ajaxObj->addContent('login', array('timed_out' => TRUE));
                        } else {
                                $GLOBALS['BE_USER']->fetchUserSession(TRUE);
                                $ses_tstamp = $GLOBALS['BE_USER']->user['ses_tstamp'];
@@ -105,9 +136,9 @@ class AjaxLogin {
                                // if 120 seconds from now is later than the session timeout, we need to show the refresh dialog.
                                // 120 is somewhat arbitrary to allow for a little room during the countdown and load times, etc.
                                if ($GLOBALS['EXEC_TIME'] >= $ses_tstamp + $timeout - 120) {
-                                       $ajaxObj->addContent('login', array('timed_out' => TRUE));
+                                       $ajaxObj->addContent('login', array('will_time_out' => TRUE));
                                } else {
-                                       $ajaxObj->addContent('login', array('timed_out' => FALSE));
+                                       $ajaxObj->addContent('login', array('will_time_out' => FALSE));
                                }
                        }
                } else {
@@ -134,8 +165,8 @@ class AjaxLogin {
        }
 }
 
-if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php'])      {
-       include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php']);
+if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php'])) {
+       include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php']);
 }
 
-?>
+?>
\ No newline at end of file