Fixed bug #9052: Remove JS popup when login expired
authorDmitry Dulepov <dmitry.dulepov@gmail.com>
Sun, 4 Jan 2009 17:23:29 +0000 (17:23 +0000)
committerDmitry Dulepov <dmitry.dulepov@gmail.com>
Sun, 4 Jan 2009 17:23:29 +0000 (17:23 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@4645 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/class.t3lib_querygenerator.php
t3lib/class.t3lib_tceforms.php
t3lib/class.t3lib_userauth.php
t3lib/config_default.php
typo3/ajax.php
typo3/backend.php
typo3/classes/class.ajaxlogin.php [new file with mode: 0644]
typo3/jsfunc.tbe_editor.js
typo3/sysext/lang/locallang_core.xml

index a5ee3c0..39e4125 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2009-01-04  Dmitry Dulepov  <dmitry@typo3.org>
+
+       * Fixed bug #9052: Remove JS popup when login expired (co-authored with Christoph Koehler and Steffen Kamper)
+
 2009-01-03  Dmitry Dulepov  <dmitry@typo3.org>
 
        * Fixed bug #10047: typo3/contrib is not prefixed with config.absRefPrefix
index e326f57..727b8b7 100755 (executable)
@@ -1511,6 +1511,7 @@ class t3lib_queryGenerator        {
                        <script language="javascript" type="text/javascript">
                                TBE_EDITOR.formname = "'.$formname.'";
                                TBE_EDITOR.formnameUENC = "'.rawurlencode($formname).'";
+                               TBE_EDITOR.backend_interface = "'.$GLOBALS['BE_USER']->uc['interfaceSetup'].'";
                                '.$this->extJSCODE.'
                        </script>';
                        return $out;
@@ -1533,4 +1534,4 @@ if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class
        include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_querygenerator.php']);
 }
 
-?>
\ No newline at end of file
+?>
index d633e7c..a34250d 100755 (executable)
@@ -5201,6 +5201,7 @@ class t3lib_TCEforms      {
                        TBE_EDITOR.labels.refresh_login = '.$GLOBALS['LANG']->JScharCode($this->getLL('m_refresh_login')).';
                        TBE_EDITOR.labels.onChangeAlert = '.$GLOBALS['LANG']->JScharCode($this->getLL('m_onChangeAlert')).';
                        evalFunc.USmode = '.($GLOBALS['TYPO3_CONF_VARS']['SYS']['USdateFormat']?'1':'0').';
+                       TBE_EDITOR.backend_interface = "'.$GLOBALS['BE_USER']->uc['interfaceSetup'].'";
                        ';
                }
 
index a0f929f..5fb118f 100755 (executable)
@@ -249,8 +249,17 @@ class t3lib_userAuth {
                        // Make certain that NO user is set initially. ->check_authentication may have set a session-record which will provide us with a user record in the next section:
                unset($this->user);
 
+               // determine whether we need to skip session update.
+               // This is used mainly for checking session timeout without
+               // refreshing the session itself while checking.
+               if (t3lib_div::_GP('skipSessionUpdate')) {
+                       $skipSessionUpdate = true;
+               } else {
+                       $skipSessionUpdate = false;
+               }
+
                        // re-read user session
-               $this->user = $this->fetchUserSession();
+               $this->user = $this->fetchUserSession($skipSessionUpdate);
 
                if ($this->writeDevLog && is_array($this->user))        t3lib_div::devLog('User session finally read: '.t3lib_div::arrayToLogString($this->user, array($this->userid_column,$this->username_column)), 't3lib_userAuth', -1);
                if ($this->writeDevLog && !is_array($this->user)) t3lib_div::devLog('No user session found.', 't3lib_userAuth', 2);
@@ -413,8 +422,17 @@ class t3lib_userAuth {
 
                // the following code makes auto-login possible (if configured). No submitted data needed
 
+               // determine whether we need to skip session update.
+               // This is used mainly for checking session timeout without
+               // refreshing the session itself while checking.
+               if (t3lib_div::_GP('skipSessionUpdate')) {
+                       $skipSessionUpdate = true;
+               } else {
+                       $skipSessionUpdate = false;
+               }
+
                        // re-read user session
-               $authInfo['userSession'] = $this->fetchUserSession();
+               $authInfo['userSession'] = $this->fetchUserSession($skipSessionUpdate);
                $haveSession = is_array($authInfo['userSession']) ? TRUE : FALSE;
 
                if ($this->writeDevLog) {
@@ -527,7 +545,6 @@ class t3lib_userAuth {
                                // reset failure flag
                        $this->loginFailure = FALSE;
 
-
                                // Insert session record if needed:
                        if (!($haveSession && (
                                $tempuser['ses_id']==$this->id ||       // check if the tempuser has the current session id
@@ -653,7 +670,7 @@ class t3lib_userAuth {
         *
         * @return      array           user session data
         */
-       function fetchUserSession() {
+       function fetchUserSession($skipSessionUpdate = false) {
 
                $user = '';
 
@@ -682,6 +699,7 @@ class t3lib_userAuth {
                                // If timeout > 0 (true) and currenttime has not exceeded the latest sessions-time plus the timeout in seconds then accept user
                                // Option later on: We could check that last update was at least x seconds ago in order not to update twice in a row if one script redirects to another...
                        if ($timeout>0 && ($GLOBALS['EXEC_TIME'] < ($user['ses_tstamp']+$timeout)))     {
+                               if(!$skipSessionUpdate) {
                                        $GLOBALS['TYPO3_DB']->exec_UPDATEquery(
                                                                                        $this->session_table,
                                                                                        'ses_id='.$GLOBALS['TYPO3_DB']->fullQuoteStr($this->id, $this->session_table).'
@@ -689,6 +707,8 @@ class t3lib_userAuth {
                                                                                        array('ses_tstamp' => $GLOBALS['EXEC_TIME'])
                                                                                );
                                        $user['ses_tstamp'] = $GLOBALS['EXEC_TIME'];    // Make sure that the timestamp is also updated in the array
+                               }
+
                        } else {
                                $this->logoff();                // delete any user set...
                        }
@@ -1267,4 +1287,4 @@ if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class
        include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_userauth.php']);
 }
 
-?>
\ No newline at end of file
+?>
index d6e9473..209c190 100755 (executable)
@@ -244,6 +244,10 @@ $TYPO3_CONF_VARS = Array(
                        'ModuleMenu::saveMenuState'  => 'typo3/classes/class.modulemenu.php:ModuleMenu->saveMenuState',
                        'ModuleMenu::render'         => 'typo3/classes/class.modulemenu.php:ModuleMenu->renderAjax',
                        'SC_mod_web_perm_ajax::dispatch' => 'typo3/mod/web/perm/class.sc_mod_web_perm_ajax.php:SC_mod_web_perm_ajax->dispatch',
+                       'BackendLogin::login'                           => 'typo3/classes/class.ajaxlogin.php:AjaxLogin->login',
+                       'BackendLogin::logout'                          => 'typo3/classes/class.ajaxlogin.php:AjaxLogin->logout',
+                       'BackendLogin::refreshLogin'            => 'typo3/classes/class.ajaxlogin.php:AjaxLogin->refreshLogin',
+                       'BackendLogin::isTimedOut'                      => 'typo3/classes/class.ajaxlogin.php:AjaxLogin->isTimedOut',
                        'WorkspaceMenu::toggleWorkspacePreview' => 'typo3/classes/class.workspaceselector.php:WorkspaceSelector->toggleWorkspacePreview',
                        'WorkspaceMenu::setWorkspace'           => 'typo3/classes/class.workspaceselector.php:WorkspaceSelector->setWorkspace'
                ),
index 52499f1..8a41c48 100644 (file)
 
 $TYPO3_AJAX = true;
 
+// include t3lib_div at this time to get the GET/POST methods it provides
+require_once('../t3lib/class.t3lib_div.php');
+
+// first get the ajaxID
+$ajaxID = (string)t3lib_div::_GP('ajaxID');
+
+// this is a list of requests that don't necessarily need a valid BE user
+$noUserAjaxIDs = array(
+       'BackendLogin::login',
+       'BackendLogin::logout',
+       'BackendLogin::refreshLogin',
+       'BackendLogin::isTimedOut'
+);
+
+// if we're trying to do an ajax login, don't require a user.
+if(in_array($ajaxID, $noUserAjaxIDs)) {
+       define('TYPO3_PROCEED_IF_NO_USER', 1);
+}
+
 require('init.php');
 require('classes/class.typo3ajax.php');
 
        // finding the script path from the variable
-$ajaxID = (string) t3lib_div::_GP('ajaxID');
 $ajaxScript = $TYPO3_CONF_VARS['BE']['AJAX'][$ajaxID];
 
 
@@ -61,4 +79,4 @@ if (empty($ajaxID)) {
        // outputting the content (and setting the X-JSON-Header)
 $ajaxObj->render();
 
-?>
\ No newline at end of file
+?>
index da35084..1fe8668 100644 (file)
@@ -82,6 +82,7 @@ class TYPO3backend {
         * @return      void
         */
        public function __construct() {
+
                        // Initializes the backend modules structure for use later.
                $this->moduleLoader = t3lib_div::makeInstance('t3lib_loadModules');
                $this->moduleLoader->load($GLOBALS['TBE_MODULES']);
@@ -93,6 +94,8 @@ class TYPO3backend {
                $this->jsFiles = array(
                        'contrib/prototype/prototype.js',
                        'contrib/scriptaculous/scriptaculous.js?load=builder,effects,controls,dragdrop',
+                       'contrib/extjs/adapter/prototype/ext-prototype-adapter.js',
+                       'contrib/extjs/ext-all.js',
                        'md5.js',
                        'js/backend.js',
                        'js/common.js',
@@ -108,7 +111,9 @@ class TYPO3backend {
                $this->cssFiles = array(
                        'backend-scaffolding' => 'css/backend-scaffolding.css',
                        'backend-style'       => 'css/backend-style.css',
-                       'modulemenu'          => 'css/modulemenu.css'
+                       'modulemenu'          => 'css/modulemenu.css',
+                       'extJS'                           => 'contrib/extjs/resources/css/ext-all.css',
+                       'extJS-gray'              => 'contrib/extjs/resources/css/xtheme-gray.css'
                );
 
                $this->toolbarItems = array();
@@ -333,6 +338,18 @@ class TYPO3backend {
                        $menuFrameName = 'topmenuFrame';
                }
 
+               // create challenge for the (re)login form and save it in the session.
+               $challenge = md5(uniqid('').getmypid());
+               session_start();
+               $_SESSION['login_challenge'] = $challenge;
+
+               // determine security level from conf vars and default to super challenged
+               if ($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel']) {
+                       $this->loginSecurityLevel = $GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'];
+               } else {
+                       $this->loginSecurityLevel = 'superchallenged';
+               }
+
                $this->js .= '
        /**
         * Function similar to PHPs  rawurlencode();
@@ -382,6 +399,7 @@ class TYPO3backend {
                this.username = "'.$GLOBALS['BE_USER']->user['username'].'";
                this.uniqueID = "'.t3lib_div::shortMD5(uniqid('')).'";
                this.navFrameWidth = 0;
+               this.securityLevel = "'.$this->loginSecurityLevel.'";
        }
        var TS = new typoSetup();
 
@@ -390,43 +408,243 @@ class TYPO3backend {
         */
        function busy() {       //
                this.loginRefreshed = busy_loginRefreshed;
-               this.checkLoginTimeout = busy_checkLoginTimeout;
                this.openRefreshWindow = busy_OpenRefreshWindow;
                this.busyloadTime=0;
                this.openRefreshW=0;
                this.reloginCancelled=0;
+               this.earlyRelogin=0;
+
+               // starts the timer and resets the earlyRelogin variable so that
+               // the countdown works properly.
+               this.startTimer = function() {
+                       this.earlyRelogin = 0;
+                       this.timer.start();
+               }
+
+               this.stopTimer = function() {
+                       this.timer.stop();
+               }
+
+               // simple timer that polls the server to determine imminent timeout.
+               this.timer = new Ajax.PeriodicalUpdater("","ajax.php", {
+                       method: "get",
+                       frequency: 10,
+                       parameters: "ajaxID=BackendLogin::isTimedOut&skipSessionUpdate=1",
+                       onSuccess: function(e) {
+                               var login = e.responseJSON.login.evalJSON();
+                               if(login.timed_out) {
+                                       busy.openRefreshWindow();
+                               }
+                       }
+               });
+
+               // this function runs the countdown and opens the login window
+               // as soon as the countdown expires.
+               this.countDown = function(progressControl, progressTextFormatPlural, progressTextFormatSingular, secondsRemaining, totalSeconds) {
+
+                       if(busy.earlyRelogin == 0) {
+                               if(secondsRemaining > 1) {
+                                       progressControl.updateText(String.format(progressTextFormatPlural, secondsRemaining));
+                                       progressControl.updateProgress(secondsRemaining/(1.0*totalSeconds));
+                                       setTimeout(function () {
+                                                       busy.countDown(progressControl, progressTextFormatPlural, progressTextFormatSingular,secondsRemaining - 1, totalSeconds);
+                                               }, 1000);
+                               } else if(secondsRemaining > 0) {
+                                       progressControl.updateText(String.format(progressTextFormatSingular, secondsRemaining));
+                                       progressControl.updateProgress(secondsRemaining/(1.0*totalSeconds));
+                                       setTimeout(function () {
+                                                       busy.countDown(progressControl, progressTextFormatPlural, progressTextFormatSingular,secondsRemaining - 1, totalSeconds);
+                                               }, 1000);
+                               } else {
+                                       busy.openRefreshW = 1;
+                                       busy.openLogin();
+                               }
+                       }
+               };
+
+               // Closes the countdown window and opens a new one with a login form.
+               this.openLogin = function() {
+                       var login;
+                       doChallengeResponse = function(superchallenged) {
+                               password = $$("#loginform form")[0].p_field.value;
+
+                               if (password)   {
+                                       if (superchallenged)    {
+                                               password = MD5(password);       // this makes it superchallenged!!
+                                       }
+                                       str = $("login_username").value+":"+password+":"+$("challenge").value;
+                                       $("userident").value = MD5(str);
+                                       $("password").value = "";
+
+                                       return true;
+                               }
+                       }
+
+                       submitForm = function() {
+                               if(TS.securityLevel == "superchallenged") {
+                                       doChallengeResponse(1);
+                               } else if (TS.securityLevel == "challenged") {
+                                       doChallengeResponse(0);
+                               } else {
+                                       $("userident").value = $$("#loginform form")[0].p_field.value;
+                                       $("password").value= "";
+                               }
+
+                               login.getForm().submit({
+                                       method: "post",
+                                       waitTitle: "' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:mess.refresh_login_logging_in') . '",
+                                       waitMsg: " ",
+                                       params: "ajaxID=BackendLogin::login&login_status=login",
+                                       success: function() {
+                                               win.close();
+                                               setTimeout("busy.startTimer()", 2000);
+
+                                       },
+
+                                       failure: function() {
+                                               // TODO: add failure to notification system instead of alert
+                                               // Ext.tip.msg("Login failed", "Username or Password incorrect!");
+                                               Ext.Msg.alert("' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:mess.refresh_login_failed') . '", "' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:mess.refresh_login_failed_message') . '");
+                                       }
+                               });
+                       }
+
+                       new Ajax.Request("ajax.php", {
+                               method: "get",
+                               frequency: 10,
+                               parameters: "ajaxID=BackendLogin::logout",
+                       });
+
+                       Ext.onReady(function(){
+                               login = new Ext.FormPanel({
+                                       url: "ajax.php",
+                                       id: "loginform",
+                                       title: "' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:mess.refresh_login_title') . '",
+                                       defaultType: "textfield",
+                                       width: "100%",
+                                       bodyStyle: "padding: 5px 5px 3px 5px; border-width: 0; margin-bottom: 7px;",
+
+                                       items: [{
+                                                       xtype: "panel",
+                                                       bodyStyle: "margin-bottom: 7px; border: none;",
+                                                       html: "' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:mess.login_expired') . '",
+                                               },{
+                                                       fieldLabel: "' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:mess.refresh_login_username') . '",
+                                                       name: "username",
+                                                       id: "login_username",
+                                                       allowBlank: false,
+                                                       width: 250
+                                               },{
+                                                       fieldLabel: "' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:mess.refresh_login_password') . '",
+                                                       name: "p_field",
+                                                       width: 250,
+                                                       id: "password",
+                                                       inputType: "password"
+                                               },{
+                                                       xtype: "hidden",
+                                                       name: "userident",
+                                                       id: "userident",
+                                                       value: ""
+                                               }, {
+                                                       xtype: "hidden",
+                                                       name: "challenge",
+                                                       id: "challenge",
+                                                       value: "' . $challenge . '"
+                                               }
+                                       ],
+                                       keys:({
+                                               key: Ext.EventObject.ENTER,
+                                               fn: submitForm,
+                                               scope: this
+                                       }),
+                                       buttons: [{
+                                               text: "' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:mess.refresh_login_button') . '",
+                                               formBind: true,
+                                               handler: submitForm
+                                       }, {
+                                               text: "' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:mess.refresh_logout_button') . '",
+                                               formBind: true,
+                                               handler: function() {
+                                                       top.location.href = "' . t3lib_div::getIndpEnv('TYPO3_SITE_URL') . TYPO3_mainDir . '";
+                                               }
+                                       }]
+                               });
+                               win.close();
+                               win = new Ext.Window({
+                                       width: 450,
+                                       autoHeight: true,
+                                       closable: false,
+                                       resizable: false,
+                                       plain: true,
+                                       border: false,
+                                       modal: true,
+                                       draggable: false,
+                                       items: [login]
+                               });
+                               win.show();
+                       });
+               }
        }
+
        function busy_loginRefreshed()  {       //
-               var date = new Date();
-               this.busyloadTime = Math.floor(date.getTime()/1000);
                this.openRefreshW=0;
+               this.earlyRelogin=0;
        }
-       function busy_checkLoginTimeout()       {       //
-               var date = new Date();
-               var theTime = Math.floor(date.getTime()/1000);
-               if (theTime > this.busyloadTime+'.intval($GLOBALS['BE_USER']->auth_timeout_field).'-30) {
-                       return true;
-               }
-       }
-       function busy_OpenRefreshWindow()       {       //
-               vHWin=window.open("login_frameset.php","relogin_"+TS.uniqueID,"height=350,width=700,status=0,menubar=0,location=1");
-               vHWin.focus();
-               this.openRefreshW=1;
-       }
-       function busy_checkLoginTimeout_timer() {       //
-               if (busy.checkLoginTimeout() && !busy.reloginCancelled && !busy.openRefreshW)   {
-                       if (confirm('.$GLOBALS['LANG']->JScharCode($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:mess.refresh_login')).'))      {
-                               busy.openRefreshWindow();
-                       } else  {
-                               busy.reloginCancelled = 1;
-                       }
-               }
-               window.setTimeout("busy_checkLoginTimeout_timer();",2*1000);    // Each 2nd second is enough for checking. The popup will be triggered 10 seconds before the login expires (see above, busy_checkLoginTimeout())
 
-                       // Detecting the frameset module navigation frame widths (do this AFTER setting new timeout so that any errors in the code below does not prevent another time to be set!)
-               if (top && top.content && top.content.nav_frame && top.content.nav_frame.document && top.content.nav_frame.document.body)       {
-                       TS.navFrameWidth = (top.content.nav_frame.document.documentElement && top.content.nav_frame.document.documentElement.clientWidth) ? top.content.nav_frame.document.documentElement.clientWidth : top.content.nav_frame.document.body.clientWidth;
-               }
+       function busy_OpenRefreshWindow() {
+               this.openRefreshW = 1;
+
+               busy.stopTimer();
+
+               var seconds = 30;
+               var progressTextFormatSingular = "' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:mess.refresh_login_countdown_singular') . '";
+               var progressTextFormatPlural = "' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:mess.refresh_login_countdown') . '";
+               var progressText = String.format(progressTextFormatPlural, seconds);
+               var progressControl = new Ext.ProgressBar({
+                       autoWidth: true,
+                       autoHeight: true,
+                       value: 1,
+                       text: progressText
+               });
+
+               win = new Ext.Window({
+                       closable: false,
+                       resizable: false,
+                       draggable: false,
+                       modal: true,
+                       items: [{
+                                       xtype: "panel",
+                                       bodyStyle: "padding: 5px 5px 3px 5px; border-width: 0; margin-bottom: 7px;",
+                                       bodyBorder: false,
+                                       autoHeight: true,
+                                       autoWidth: true,
+                                       html: "' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:mess.login_about_to_expire') . '"
+                               },
+                               progressControl
+                       ],
+                       title: "' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:mess.login_about_to_expire_title') . '",
+                       width: 450,
+
+                       buttons: [{
+                               text: "' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:mess.refresh_login_refresh_button') . '",
+                               handler: function() {
+                                       new Ajax.Request("ajax.php", {
+                                               method: "get",
+                                               parameters: "ajaxID=BackendLogin::refreshLogin",
+                                       });
+                                       win.close();
+                                       busy.earlyRelogin = 1;
+                                       setTimeout("busy.startTimer()", 2000);
+                               }
+                       }, {
+                               text: "' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:mess.refresh_direct_logout_button') . '",
+                               handler: function() {
+                                       top.location.href = "' . t3lib_div::getIndpEnv('TYPO3_SITE_URL') . TYPO3_mainDir . 'logout.php";
+                               }
+                       }]
+               });
+               win.show();
+               busy.countDown(progressControl, progressTextFormatPlural, progressTextFormatSingular, seconds, seconds);
        }
 
        /**
@@ -498,7 +716,6 @@ class TYPO3backend {
         */
        var busy = new busy();
        busy.loginRefreshed();
-       busy_checkLoginTimeout_timer();
 
        /**
         * Function used to switch modules
diff --git a/typo3/classes/class.ajaxlogin.php b/typo3/classes/class.ajaxlogin.php
new file mode 100644 (file)
index 0000000..d2b04be
--- /dev/null
@@ -0,0 +1,238 @@
+<?php
+/***************************************************************
+*  Copyright notice
+*
+*  (c) 2008 Christoph Koehler (christoph@webempoweredchurch.org)
+*  All rights reserved
+*
+*  This script is part of the TYPO3 project. The TYPO3 project is
+*  free software; you can redistribute it and/or modify
+*  it under the terms of the GNU General Public License as published by
+*  the Free Software Foundation; either version 2 of the License, or
+*  (at your option) any later version.
+*
+*  The GNU General Public License can be found at
+*  http://www.gnu.org/copyleft/gpl.html.
+*  A copy is found in the textfile GPL.txt and important notices to the license
+*  from the author is found in LICENSE.txt distributed with these scripts.
+*
+*
+*  This script is distributed in the hope that it will be useful,
+*  but WITHOUT ANY WARRANTY; without even the implied warranty of
+*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*  GNU General Public License for more details.
+*
+*  This copyright notice MUST APPEAR in all copies of the script!
+***************************************************************/
+/**
+ * This is the ajax handler for backend login after timeout.
+ *
+ * @author     Christoph Koehler <christoph@webempoweredchurch.org>
+ */
+class AjaxLogin
+{
+
+       /**
+        * Handles the actual login process, more specifically it defines the response.
+        * The login details were sent in as part of the ajax request and automatically logged in
+        * the user inside the init.php part of the ajax call. If that was successful, we have
+        * a BE user and reset the timer and hide the login window.
+        * If it was unsuccessful, we display that and show the login box again.
+        *
+        * @param string $params        Always empty.
+        * @param string $ajaxObj       The Ajax object used to return content and set content types
+        * @return void
+        */
+       public function login($params = array(), TYPO3AJAX &$ajaxObj = null) {
+               if ($GLOBALS['BE_USER']->user['uid']) {
+                       $json =
+                       '{success: true}';
+               } else {
+                       $json =
+                       '{success: false}';
+               }
+               $ajaxObj->addContent('login', $json);
+       }
+
+       /**
+        * Logs out the current BE user
+        *
+        * @param string $params                Always empty.
+        * @param string $TYPO3AJAX     The Ajax object used to return content and set content types
+        * @return void
+        */
+       public function logout($params = array(), TYPO3AJAX &$ajaxObj = null) {
+               $GLOBALS['BE_USER']->logoff();
+               if($GLOBALS['BE_USER']->user['uid']) {
+                       $ajaxObj->addContent('logout', '{sucess: false}');
+               } else {
+                       $ajaxObj->addContent('logout', '{sucess: true}');
+               }
+       }
+
+       /**
+        * Refreshes the login without needing login information. We just refresh the session.
+        *
+        *
+        * @param string $params                Always empty.
+        * @param string $ajaxObj       The Ajax object used to return content and set content types
+        * @return void
+        */
+       public function refreshLogin($params = array(), TYPO3AJAX &$ajaxObj = null) {
+               $GLOBALS['BE_USER']->checkAuthentication();
+               $ajaxObj->addContent('refresh', '{sucess: true}');
+       }
+
+
+       /**
+        * Checks if the user session is expired yet
+        *
+        * @param string $params                Always empty.
+        * @param string $TYPO3AJAX     The Ajax object used to return content and set content types
+        * @return void
+        */
+       function isTimedOut($params = array(), TYPO3AJAX &$ajaxObj = null) {
+               if(is_object($GLOBALS['BE_USER'])) {
+                       $GLOBALS['BE_USER']->fetchUserSession(true);
+                       $ses_tstamp = $GLOBALS['BE_USER']->user['ses_tstamp'];
+                       $timeout = $GLOBALS['BE_USER']->auth_timeout_field;
+
+                       // if 60 seconds from now is later than the session timeout, we need to show the refresh dialog.
+                       // 60 is somewhat arbitrary to allow for a little room during the countdown and load times, etc.
+                       if($GLOBALS['EXEC_TIME'] >= $ses_tstamp+$timeout-60) {
+                               $ajaxObj->addContent('login', '{timed_out: true}');
+                               $ajaxObj->setContentFormat('json');
+                       } else {
+                               $ajaxObj->addContent('login', '{timed_out: false}');
+                               $ajaxObj->setContentFormat('json');
+                       }
+               } else {
+                       $ajaxObj->addContent('login', '{success: false, error: "No BE_USER object"}');
+               }
+       }
+}
+
+if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php'])      {
+       include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php']);
+}
+?>
+<?php
+/***************************************************************
+*  Copyright notice
+*
+*  (c) 2008 Christoph Koehler (christoph@webempoweredchurch.org)
+*  All rights reserved
+*
+*  This script is part of the TYPO3 project. The TYPO3 project is
+*  free software; you can redistribute it and/or modify
+*  it under the terms of the GNU General Public License as published by
+*  the Free Software Foundation; either version 2 of the License, or
+*  (at your option) any later version.
+*
+*  The GNU General Public License can be found at
+*  http://www.gnu.org/copyleft/gpl.html.
+*  A copy is found in the textfile GPL.txt and important notices to the license
+*  from the author is found in LICENSE.txt distributed with these scripts.
+*
+*
+*  This script is distributed in the hope that it will be useful,
+*  but WITHOUT ANY WARRANTY; without even the implied warranty of
+*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*  GNU General Public License for more details.
+*
+*  This copyright notice MUST APPEAR in all copies of the script!
+***************************************************************/
+/**
+ * This is the ajax handler for backend login after timeout.
+ *
+ * @author     Christoph Koehler <christoph@webempoweredchurch.org>
+ */
+class AjaxLogin
+{
+
+       /**
+        * Handles the actual login process, more specifically it defines the response.
+        * The login details were sent in as part of the ajax request and automatically logged in
+        * the user inside the init.php part of the ajax call. If that was successful, we have
+        * a BE user and reset the timer and hide the login window.
+        * If it was unsuccessful, we display that and show the login box again.
+        *
+        * @param string $params        Always empty.
+        * @param string $ajaxObj       The Ajax object used to return content and set content types
+        * @return void
+        */
+       public function login($params = array(), TYPO3AJAX &$ajaxObj = null) {
+               if ($GLOBALS['BE_USER']->user['uid']) {
+                       $json =
+                       '{success: true}';
+               } else {
+                       $json =
+                       '{success: false}';
+               }
+               $ajaxObj->addContent('login', $json);
+       }
+
+       /**
+        * Logs out the current BE user
+        *
+        * @param string $params                Always empty.
+        * @param string $TYPO3AJAX     The Ajax object used to return content and set content types
+        * @return void
+        */
+
+       public function logout($params = array(), TYPO3AJAX &$ajaxObj = null) {
+               $GLOBALS['BE_USER']->logoff();
+               if($GLOBALS['BE_USER']->user['uid']) {
+                       $ajaxObj->addContent('logout', '{sucess: false}');
+               } else {
+                       $ajaxObj->addContent('logout', '{sucess: true}');
+               }
+       }
+
+       /**
+        * Refreshes the login without needing login information. We just refresh the session.
+        *
+        *
+        * @param string $params                Always empty.
+        * @param string $ajaxObj       The Ajax object used to return content and set content types
+        * @return void
+        */
+       public function refreshLogin($params = array(), TYPO3AJAX &$ajaxObj = null) {
+               $GLOBALS['BE_USER']->checkAuthentication();
+               $ajaxObj->addContent('refresh', '{sucess: true}');
+       }
+
+
+       /**
+        * Checks if the user session is expired yet
+        *
+        * @param string $params                Always empty.
+        * @param string $TYPO3AJAX     The Ajax object used to return content and set content types
+        * @return void
+        */
+
+       function isTimedOut($params = array(), TYPO3AJAX &$ajaxObj = null) {
+               if(is_object($GLOBALS['BE_USER'])) {
+                       $GLOBALS['BE_USER']->fetchUserSession(true);
+                       $ses_tstamp = $GLOBALS['BE_USER']->user['ses_tstamp'];
+                       $timeout = $GLOBALS['BE_USER']->auth_timeout_field;
+
+                       // if 60 seconds from now is later than the session timeout, we need to show the refresh dialog.
+                       // 60 is somewhat arbitrary to allow for a little room during the countdown and load times, etc.
+                       if($GLOBALS['EXEC_TIME'] >= $ses_tstamp+$timeout-60) {
+                               $ajaxObj->addContent('login', '{timed_out: true}');
+                               $ajaxObj->setContentFormat('json');
+                       } else {
+                               $ajaxObj->addContent('login', '{timed_out: false}');
+                               $ajaxObj->setContentFormat('json');
+                       }
+               } else {
+                       $ajaxObj->addContent('login', '{success: false, error: "No BE_USER object"}');
+               }
+       }
+}
+
+if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php'])      {
+       include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php']);
+}
+?>
\ No newline at end of file
index 03d3234..679bc5f 100755 (executable)
@@ -397,10 +397,12 @@ var TBE_EDITOR = {
         */
        checkSubmit: function(sendAlert) {
                var funcIndex, funcMax, funcRes;
-               if (TBE_EDITOR.checkLoginTimeout() && confirm(TBE_EDITOR.labels.refresh_login)) {
-                       vHWin=window.open(TBE_EDITOR.backPath+'login_frameset.php?','relogin','height=300,width=400,status=0,menubar=0');
-                       vHWin.focus();
-                       return false;
+               if (TBE_EDITOR.backend_interface == "backend_old") {
+                       if (TBE_EDITOR.checkLoginTimeout() && confirm(TBE_EDITOR.labels.refresh_login)) {
+                               vHWin=window.open(TBE_EDITOR.backPath+'login_frameset.php?','relogin','height=300,width=400,status=0,menubar=0');
+                               vHWin.focus();
+                               return false;
+                       }
                }
                var OK=1;
 
index c5a1271..5ab2d38 100755 (executable)
@@ -148,6 +148,21 @@ Do you want to continue WITHOUT saving?</label>
                        <label index="mess.deleteClip">Are you sure you want to delete ALL selected elements (%s) on the clipboard?</label>
                        <label index="mess.refresh_login">Your login has probably expired.
 Do you want to refresh it now?</label>
+                       <label index="mess.refresh_login_refresh_button">Stay logged in!</label>
+                       <label index="mess.refresh_logout_button">Logout</label>
+                       <label index="mess.refresh_direct_logout_button">No, log out.</label>
+                       <label index="mess.refresh_login_countdown">{0} seconds</label>
+                       <label index="mess.refresh_login_countdown_singular">{0} second</label>
+                       <label index="mess.refresh_login_logging_in">Logging in...</label>
+                       <label index="mess.refresh_login_failed">Login failed</label>
+                       <label index="mess.refresh_login_failed_message">Username or password not correct.</label>
+                       <label index="mess.refresh_login_title">Login to TYPO3</label>
+                       <label index="mess.refresh_login_username">Username</label>
+                       <label index="mess.refresh_login_password">Password</label>
+                       <label index="mess.refresh_login_button">Login</label>
+                       <label index="mess.login_about_to_expire">Your TYPO3 login is about to expire. Please confirm that you want to stay logged in.</label>
+                       <label index="mess.login_about_to_expire_title">TYPO3 login expiration notice</label>
+                       <label index="mess.login_expired">Your TYPO3 login has expired. You need to login again if you want to continue. Otherwise you can close the current browser window.</label>
                        <label index="mess.noSelItemForEdit">Please select one or more items in the list before you can edit.</label>
                        <label index="mess.onChangeAlert">This change will affect which fields are available in the form.
 Would you like to save now in order to refresh the display?</label>