Fixed bug #12612: Backend Login-Popup not working
authorOliver Hader <oliver.hader@typo3.org>
Tue, 17 Nov 2009 15:33:30 +0000 (15:33 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 17 Nov 2009 15:33:30 +0000 (15:33 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@6447 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/config_default.php
typo3/ajax.php
typo3/backend.php
typo3/classes/class.ajaxlogin.php
typo3/js/loginrefresh.js

index 7b6e5ca..25560de 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2009-11-17  Oliver Hader  <oliver@typo3.org>
+
+       * Fixed bug #12612: Backend Login-Popup not working
+
 2009-11-17  Benjamin Mack  <benni@typo3.org>
 
        * Commited test case for #12244: Improve locallangXMLOverride feature (Thanks to Steffen Gebert), this changes the LLoverride feature to $GLOBALS['TYPO3_CONF_VARS']['SYS']['locallangXMLOverride'] as an array
index 3cdc3aa..e82a637 100644 (file)
@@ -275,6 +275,7 @@ $TYPO3_CONF_VARS = array(
                        'BackendLogin::logout'                          => 'typo3/classes/class.ajaxlogin.php:AjaxLogin->logout',
                        'BackendLogin::refreshLogin'            => 'typo3/classes/class.ajaxlogin.php:AjaxLogin->refreshLogin',
                        'BackendLogin::isTimedOut'                      => 'typo3/classes/class.ajaxlogin.php:AjaxLogin->isTimedOut',
+                       'BackendLogin::getChallenge'            => 'typo3/classes/class.ajaxlogin.php:AjaxLogin->getChallenge',
                        'WorkspaceMenu::toggleWorkspacePreview' => 'typo3/classes/class.workspaceselector.php:WorkspaceSelector->toggleWorkspacePreview',
                        'WorkspaceMenu::setWorkspace'           => 'typo3/classes/class.workspaceselector.php:WorkspaceSelector->setWorkspace'
                ),
index f78955c..b01a8ee 100644 (file)
@@ -43,7 +43,8 @@ $noUserAjaxIDs = array(
        'BackendLogin::login',
        'BackendLogin::logout',
        'BackendLogin::refreshLogin',
-       'BackendLogin::isTimedOut'
+       'BackendLogin::isTimedOut',
+       'BackendLogin::getChallenge',
 );
 
 // if we're trying to do an ajax login, don't require a user.
index f035946..5715c3a 100644 (file)
@@ -342,11 +342,6 @@ class TYPO3backend {
                        $menuFrameName = 'topmenuFrame';
                }
 
-               // create challenge for the (re)login form and save it in the session.
-               $challenge = md5(uniqid('').getmypid());
-               session_start();
-               $_SESSION['login_challenge'] = $challenge;
-
                // determine security level from conf vars and default to super challenged
                if ($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel']) {
                        $this->loginSecurityLevel = $GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'];
@@ -368,7 +363,6 @@ class TYPO3backend {
                'username' => htmlspecialchars($GLOBALS['BE_USER']->user['username']),
                'uniqueID' => t3lib_div::shortMD5(uniqid('')),
                'securityLevel' => $this->loginSecurityLevel,
-               'challenge' => $challenge,
                'TYPO3_mainDir' => TYPO3_mainDir,
                'pageModule' => $pageModule,
                'condensedMode' => $GLOBALS['BE_USER']->uc['condensedMode'] ? 1 : 0 ,
index 680230d..a21128e 100644 (file)
@@ -114,6 +114,24 @@ class AjaxLogin {
                        $ajaxObj->addContent('login', array('success' => FALSE, 'error' => 'No BE_USER object'));
                }
        }
+
+       /**
+        * Gets a MD5 challenge.
+        *
+        * @param       array           $parameters: Parameters (not used)
+        * @param       TYPO3AJAX       $parent: The calling parent AJAX object
+        * @return      void
+        */
+       public function getChallenge(array $parameters, TYPO3AJAX $parent) {
+               session_start();
+
+               $_SESSION['login_challenge'] = md5(uniqid('') . getmypid());
+
+               session_commit();
+
+               $parent->addContent('challenge', $_SESSION['login_challenge']);
+               $parent->setContentFormat('json');
+       }
 }
 
 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php'])      {
index 73152b9..510ddcf 100644 (file)
@@ -118,18 +118,18 @@ Ext.ux.TYPO3.loginRefresh = Ext.extend(Ext.util.Observable, {
                                        inputType: "hidden",
                                        name: "challenge",
                                        id: "challenge",
-                                       value: TYPO3.configuration.challenge
+                                       value: ''
                                }
                        ],
                        keys:({
                                key: Ext.EventObject.ENTER,
-                               fn: this.submitForm,
+                               fn: this.triggerSubmitForm,
                                scope: this
                        }),
                        buttons: [{
                                text: TYPO3.LLL.core.refresh_login_button,
                                formBind: true,
-                               handler: this.submitForm
+                               handler: this.triggerSubmitForm
                        }, {
                                text: TYPO3.LLL.core.refresh_logout_button,
                                formBind: true,
@@ -257,7 +257,7 @@ Ext.ux.TYPO3.loginRefresh = Ext.extend(Ext.util.Observable, {
                Ext.TaskMgr.stop(this.loadingTask);
        },
        
-       submitForm: function() {
+       submitForm: function(challenge) {
                var form = Ext.getCmp("loginform").getForm();
                var fields = form.getValues();
                if (fields.p_field === "") {
@@ -267,7 +267,8 @@ Ext.ux.TYPO3.loginRefresh = Ext.extend(Ext.util.Observable, {
                                fields.p_field = MD5(fields.p_field);
                        } 
                        if (TS.securityLevel == "superchallenged" || TS.securityLevel == "challenged") {
-                               fields.userident = MD5(fields.username + ":" + fields.p_field + ":" + fields.challenge);
+                               fields.challenge = challenge;
+                               fields.userident = MD5(fields.username + ":" + fields.p_field + ":" + challenge);
                        } else {
                                fields.userident = fields.p_field;
                        }
@@ -300,8 +301,30 @@ Ext.ux.TYPO3.loginRefresh = Ext.extend(Ext.util.Observable, {
                                }
                        });
                }
+       },
+
+       triggerSubmitForm: function() {
+               if (TS.securityLevel == 'superchallenged' || TS.securityLevel == 'challenged') {
+                       Ext.Ajax.request({
+                               url: 'ajax.php',
+                               params: {
+                                       'ajaxID': 'BackendLogin::getChallenge',
+                                       'skipSessionUpdate': 1
+                               },
+                               method: 'GET',
+                               success: function(response) {
+                                       var result = Ext.util.JSON.decode(response.responseText);
+                                       if (result.challenge) {
+                                               Ext.getCmp('challenge').value = result.challenge;
+                                               TYPO3.loginRefresh.submitForm(result.challenge);
+                                       }
+                               },
+                               scope: this
+                       });
+               } else {
+                       this.submitForm();
+               }
        }
-       
 });