+2009-11-17 Oliver Hader <oliver@typo3.org>
+
+ * Fixed bug #12612: Backend Login-Popup not working
+
2009-11-17 Benjamin Mack <benni@typo3.org>
* Commited test case for #12244: Improve locallangXMLOverride feature (Thanks to Steffen Gebert), this changes the LLoverride feature to $GLOBALS['TYPO3_CONF_VARS']['SYS']['locallangXMLOverride'] as an array
'BackendLogin::logout' => 'typo3/classes/class.ajaxlogin.php:AjaxLogin->logout',
'BackendLogin::refreshLogin' => 'typo3/classes/class.ajaxlogin.php:AjaxLogin->refreshLogin',
'BackendLogin::isTimedOut' => 'typo3/classes/class.ajaxlogin.php:AjaxLogin->isTimedOut',
+ 'BackendLogin::getChallenge' => 'typo3/classes/class.ajaxlogin.php:AjaxLogin->getChallenge',
'WorkspaceMenu::toggleWorkspacePreview' => 'typo3/classes/class.workspaceselector.php:WorkspaceSelector->toggleWorkspacePreview',
'WorkspaceMenu::setWorkspace' => 'typo3/classes/class.workspaceselector.php:WorkspaceSelector->setWorkspace'
),
'BackendLogin::login',
'BackendLogin::logout',
'BackendLogin::refreshLogin',
- 'BackendLogin::isTimedOut'
+ 'BackendLogin::isTimedOut',
+ 'BackendLogin::getChallenge',
);
// if we're trying to do an ajax login, don't require a user.
$menuFrameName = 'topmenuFrame';
}
- // create challenge for the (re)login form and save it in the session.
- $challenge = md5(uniqid('').getmypid());
- session_start();
- $_SESSION['login_challenge'] = $challenge;
-
// determine security level from conf vars and default to super challenged
if ($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel']) {
$this->loginSecurityLevel = $GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'];
'username' => htmlspecialchars($GLOBALS['BE_USER']->user['username']),
'uniqueID' => t3lib_div::shortMD5(uniqid('')),
'securityLevel' => $this->loginSecurityLevel,
- 'challenge' => $challenge,
'TYPO3_mainDir' => TYPO3_mainDir,
'pageModule' => $pageModule,
'condensedMode' => $GLOBALS['BE_USER']->uc['condensedMode'] ? 1 : 0 ,
$ajaxObj->addContent('login', array('success' => FALSE, 'error' => 'No BE_USER object'));
}
}
+
+ /**
+ * Gets a MD5 challenge.
+ *
+ * @param array $parameters: Parameters (not used)
+ * @param TYPO3AJAX $parent: The calling parent AJAX object
+ * @return void
+ */
+ public function getChallenge(array $parameters, TYPO3AJAX $parent) {
+ session_start();
+
+ $_SESSION['login_challenge'] = md5(uniqid('') . getmypid());
+
+ session_commit();
+
+ $parent->addContent('challenge', $_SESSION['login_challenge']);
+ $parent->setContentFormat('json');
+ }
}
if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php']) {
inputType: "hidden",
name: "challenge",
id: "challenge",
- value: TYPO3.configuration.challenge
+ value: ''
}
],
keys:({
key: Ext.EventObject.ENTER,
- fn: this.submitForm,
+ fn: this.triggerSubmitForm,
scope: this
}),
buttons: [{
text: TYPO3.LLL.core.refresh_login_button,
formBind: true,
- handler: this.submitForm
+ handler: this.triggerSubmitForm
}, {
text: TYPO3.LLL.core.refresh_logout_button,
formBind: true,
Ext.TaskMgr.stop(this.loadingTask);
},
- submitForm: function() {
+ submitForm: function(challenge) {
var form = Ext.getCmp("loginform").getForm();
var fields = form.getValues();
if (fields.p_field === "") {
fields.p_field = MD5(fields.p_field);
}
if (TS.securityLevel == "superchallenged" || TS.securityLevel == "challenged") {
- fields.userident = MD5(fields.username + ":" + fields.p_field + ":" + fields.challenge);
+ fields.challenge = challenge;
+ fields.userident = MD5(fields.username + ":" + fields.p_field + ":" + challenge);
} else {
fields.userident = fields.p_field;
}
}
});
}
+ },
+
+ triggerSubmitForm: function() {
+ if (TS.securityLevel == 'superchallenged' || TS.securityLevel == 'challenged') {
+ Ext.Ajax.request({
+ url: 'ajax.php',
+ params: {
+ 'ajaxID': 'BackendLogin::getChallenge',
+ 'skipSessionUpdate': 1
+ },
+ method: 'GET',
+ success: function(response) {
+ var result = Ext.util.JSON.decode(response.responseText);
+ if (result.challenge) {
+ Ext.getCmp('challenge').value = result.challenge;
+ TYPO3.loginRefresh.submitForm(result.challenge);
+ }
+ },
+ scope: this
+ });
+ } else {
+ this.submitForm();
+ }
}
-
});