[API][CONF][!!!] Make the name of cookies configurable
[Packages/TYPO3.CMS.git] / typo3 / classes / class.ajaxlogin.php
index db78628..1c32387 100644 (file)
@@ -43,15 +43,13 @@ class AjaxLogin {
         * @return      void
         */
        public function login(array $parameters, TYPO3AJAX $ajaxObj) {
-               if ($GLOBALS['BE_USER']->user['uid']) {
-                       $formprotection = t3lib_formprotection_Factory::get('t3lib_formprotection_BackendFormProtection');
-                       $token = $formprotection->generateToken('extDirect');
-                       $formprotection->persistTokens();
-
-                       $json = array(
-                               'success' => TRUE,
-                               'token' => $token
-                       );
+               if ($this->isAuthorizedBackendSession()) {
+                       $json = array('success' => TRUE);
+                       if ($this->hasLoginBeenProcessed()) {
+                               $formProtection = t3lib_formprotection_Factory::get();
+                               $formProtection->setSessionTokenFromRegistry();
+                               $formProtection->persistSessionToken();
+                       }
                } else {
                        $json = array('success' => FALSE);
                }
@@ -60,6 +58,30 @@ class AjaxLogin {
        }
 
        /**
+        * Checks if a user is logged in and the session is active.
+        *
+        * @return boolean
+        */
+       protected function isAuthorizedBackendSession() {
+               return (isset($GLOBALS['BE_USER']) && $GLOBALS['BE_USER'] instanceof t3lib_beUserAuth && isset($GLOBALS['BE_USER']->user['uid']));
+       }
+
+       /**
+        * Check whether the user was already authorized or not
+        *
+        * @return boolean
+        */
+       protected function hasLoginBeenProcessed() {
+               $loginFormData = $GLOBALS['BE_USER']->getLoginFormData();
+
+               return ($loginFormData['status'] == 'login')
+                       && isset($loginFormData['uname'])
+                       && isset($loginFormData['uident'])
+                       && isset($loginFormData['chalvalue'])
+                       && ((string)$_COOKIE[t3lib_beUserAuth::getCookieName()] !== (string)$GLOBALS['BE_USER']->id);
+       }
+
+       /**
         * Logs out the current BE user
         *
         * @param       array           $parameters: Parameters (not used)
@@ -102,8 +124,10 @@ class AjaxLogin {
                if(is_object($GLOBALS['BE_USER'])) {
                        $ajaxObj->setContentFormat('json');
                        if (@is_file(PATH_typo3conf.'LOCK_BACKEND')) {
-                               $ajaxObj->addContent('login', array('timed_out' => FALSE, 'locked' => TRUE));
+                               $ajaxObj->addContent('login', array('will_time_out' => FALSE, 'locked' => TRUE));
                                $ajaxObj->setContentFormat('json');
+                       } elseif (!isset($GLOBALS['BE_USER']->user['uid'])) {
+                               $ajaxObj->addContent('login', array('timed_out' => TRUE));
                        } else {
                                $GLOBALS['BE_USER']->fetchUserSession(TRUE);
                                $ses_tstamp = $GLOBALS['BE_USER']->user['ses_tstamp'];
@@ -112,9 +136,9 @@ class AjaxLogin {
                                // if 120 seconds from now is later than the session timeout, we need to show the refresh dialog.
                                // 120 is somewhat arbitrary to allow for a little room during the countdown and load times, etc.
                                if ($GLOBALS['EXEC_TIME'] >= $ses_tstamp + $timeout - 120) {
-                                       $ajaxObj->addContent('login', array('timed_out' => TRUE));
+                                       $ajaxObj->addContent('login', array('will_time_out' => TRUE));
                                } else {
-                                       $ajaxObj->addContent('login', array('timed_out' => FALSE));
+                                       $ajaxObj->addContent('login', array('will_time_out' => FALSE));
                                }
                        }
                } else {