[TASK] Move classes -> Classes
authorChristian Kuhn <lolli@schwarzbu.ch>
Fri, 24 Aug 2012 11:34:41 +0000 (13:34 +0200)
committerThomas Maroschik <tmaroschik@dfau.de>
Fri, 24 Aug 2012 11:40:03 +0000 (13:40 +0200)
In saltedpasswords and t3editor.
Additionally some fixes to swift mailer loading are done.

Change-Id: I50b98f7364265d71a80672d8572433b98a0a5bea
Resolves: #40116
Related: #40095
Releases: 6.0
Reviewed-on: http://review.typo3.org/14031
Reviewed-by: Thomas Maroschik
Tested-by: Thomas Maroschik
87 files changed:
typo3/sysext/core/Classes/Mail/MailMessage.php
typo3/sysext/saltedpasswords/Classes/Autoloader.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/Evaluation/BackendEvaluator.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/Evaluation/Evaluator.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/Evaluation/FrontendEvaluator.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/Salt/AbstractSalt.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/Salt/BlowfishSalt.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/Salt/Md5Salt.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/Salt/PhpassSalt.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/Salt/SaltFactory.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/Salt/SaltInterface.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/SaltedPasswordService.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/Task/BulkUpdateFieldProvider.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/Task/BulkUpdateTask.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/Utility/ExtensionManagerConfigurationUtility.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/Utility/SaltedPasswordsUtility.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/class.tx_saltedpasswords_autoloader.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/class.tx_saltedpasswords_div.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/class.tx_saltedpasswords_emconfhelper.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/eval/class.tx_saltedpasswords_eval.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/eval/class.tx_saltedpasswords_eval_be.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/eval/class.tx_saltedpasswords_eval_fe.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/salts/class.tx_saltedpasswords_abstract_salts.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/salts/class.tx_saltedpasswords_salts_blowfish.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/salts/class.tx_saltedpasswords_salts_factory.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/salts/class.tx_saltedpasswords_salts_md5.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/salts/class.tx_saltedpasswords_salts_phpass.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/salts/interfaces/interface.tx_saltedpasswords_salts.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/Classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate_additionalfieldprovider.php [new file with mode: 0644]
typo3/sysext/saltedpasswords/classes/Autoloader.php [deleted file]
typo3/sysext/saltedpasswords/classes/Evaluation/BackendEvaluator.php [deleted file]
typo3/sysext/saltedpasswords/classes/Evaluation/Evaluator.php [deleted file]
typo3/sysext/saltedpasswords/classes/Evaluation/FrontendEvaluator.php [deleted file]
typo3/sysext/saltedpasswords/classes/Salt/AbstractSalt.php [deleted file]
typo3/sysext/saltedpasswords/classes/Salt/BlowfishSalt.php [deleted file]
typo3/sysext/saltedpasswords/classes/Salt/Md5Salt.php [deleted file]
typo3/sysext/saltedpasswords/classes/Salt/PhpassSalt.php [deleted file]
typo3/sysext/saltedpasswords/classes/Salt/SaltFactory.php [deleted file]
typo3/sysext/saltedpasswords/classes/Salt/SaltInterface.php [deleted file]
typo3/sysext/saltedpasswords/classes/SaltedPasswordService.php [deleted file]
typo3/sysext/saltedpasswords/classes/Task/BulkUpdateFieldProvider.php [deleted file]
typo3/sysext/saltedpasswords/classes/Task/BulkUpdateTask.php [deleted file]
typo3/sysext/saltedpasswords/classes/Utility/ExtensionManagerConfigurationUtility.php [deleted file]
typo3/sysext/saltedpasswords/classes/Utility/SaltedPasswordsUtility.php [deleted file]
typo3/sysext/saltedpasswords/classes/class.tx_saltedpasswords_autoloader.php [deleted file]
typo3/sysext/saltedpasswords/classes/class.tx_saltedpasswords_div.php [deleted file]
typo3/sysext/saltedpasswords/classes/class.tx_saltedpasswords_emconfhelper.php [deleted file]
typo3/sysext/saltedpasswords/classes/eval/class.tx_saltedpasswords_eval.php [deleted file]
typo3/sysext/saltedpasswords/classes/eval/class.tx_saltedpasswords_eval_be.php [deleted file]
typo3/sysext/saltedpasswords/classes/eval/class.tx_saltedpasswords_eval_fe.php [deleted file]
typo3/sysext/saltedpasswords/classes/salts/class.tx_saltedpasswords_abstract_salts.php [deleted file]
typo3/sysext/saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_blowfish.php [deleted file]
typo3/sysext/saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_factory.php [deleted file]
typo3/sysext/saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_md5.php [deleted file]
typo3/sysext/saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_phpass.php [deleted file]
typo3/sysext/saltedpasswords/classes/salts/interfaces/interface.tx_saltedpasswords_salts.php [deleted file]
typo3/sysext/saltedpasswords/classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate.php [deleted file]
typo3/sysext/saltedpasswords/classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate_additionalfieldprovider.php [deleted file]
typo3/sysext/saltedpasswords/ext_autoload.php
typo3/sysext/saltedpasswords/ext_localconf.php
typo3/sysext/t3editor/Classes/CodeCompletion.php [new file with mode: 0644]
typo3/sysext/t3editor/Classes/FormWizard.php [new file with mode: 0644]
typo3/sysext/t3editor/Classes/Hook/FileEditHook.php [new file with mode: 0644]
typo3/sysext/t3editor/Classes/Hook/TypoScriptTemplateInfoHook.php [new file with mode: 0644]
typo3/sysext/t3editor/Classes/T3Editor.php [new file with mode: 0644]
typo3/sysext/t3editor/Classes/TypoScriptReferenceLoader.php [new file with mode: 0644]
typo3/sysext/t3editor/Classes/class.tx_t3editor.php [new file with mode: 0644]
typo3/sysext/t3editor/Classes/class.tx_t3editor_hooks_fileedit.php [new file with mode: 0644]
typo3/sysext/t3editor/Classes/class.tx_t3editor_hooks_tstemplateinfo.php [new file with mode: 0644]
typo3/sysext/t3editor/Classes/class.tx_t3editor_tceforms_wizard.php [new file with mode: 0644]
typo3/sysext/t3editor/Classes/ts_codecompletion/class.tx_t3editor_codecompletion.php [new file with mode: 0644]
typo3/sysext/t3editor/Classes/ts_codecompletion/class.tx_t3editor_tsrefloader.php [new file with mode: 0644]
typo3/sysext/t3editor/classes/CodeCompletion.php [deleted file]
typo3/sysext/t3editor/classes/FormWizard.php [deleted file]
typo3/sysext/t3editor/classes/Hook/FileEditHook.php [deleted file]
typo3/sysext/t3editor/classes/Hook/TypoScriptTemplateInfoHook.php [deleted file]
typo3/sysext/t3editor/classes/T3Editor.php [deleted file]
typo3/sysext/t3editor/classes/TypoScriptReferenceLoader.php [deleted file]
typo3/sysext/t3editor/classes/class.tx_t3editor.php [deleted file]
typo3/sysext/t3editor/classes/class.tx_t3editor_hooks_fileedit.php [deleted file]
typo3/sysext/t3editor/classes/class.tx_t3editor_hooks_tstemplateinfo.php [deleted file]
typo3/sysext/t3editor/classes/class.tx_t3editor_tceforms_wizard.php [deleted file]
typo3/sysext/t3editor/classes/ts_codecompletion/class.tx_t3editor_codecompletion.php [deleted file]
typo3/sysext/t3editor/classes/ts_codecompletion/class.tx_t3editor_tsrefloader.php [deleted file]
typo3/sysext/t3editor/ext_localconf.php
typo3/sysext/t3editor/ext_tables.php

index d90c0fd..8d0823f 100644 (file)
@@ -1,6 +1,9 @@
 <?php
 namespace TYPO3\CMS\Core\Mail;
 
+// Make sure Swift's auto-loader is registered
+require_once PATH_typo3 . 'contrib/swiftmailer/swift_required.php';
+
 /**
  * Adapter for Swift_Mailer to be used by TYPO3 extensions
  *
@@ -8,7 +11,7 @@ namespace TYPO3\CMS\Core\Mail;
  * @package TYPO3
  * @subpackage t3lib
  */
-class MailMessage extends Swift_Message {
+class MailMessage extends \Swift_Message {
 
        /**
         * @var \TYPO3\CMS\Core\Mail\Mailer
@@ -77,4 +80,4 @@ class MailMessage extends Swift_Message {
 }
 
 
-?>
\ No newline at end of file
+?>
diff --git a/typo3/sysext/saltedpasswords/Classes/Autoloader.php b/typo3/sysext/saltedpasswords/Classes/Autoloader.php
new file mode 100644 (file)
index 0000000..9e5a0a1
--- /dev/null
@@ -0,0 +1,97 @@
+<?php
+namespace TYPO3\CMS\Saltedpasswords;
+
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) 2011 Helmut Hummel <helmut.hummel@typo3.org>
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *  A copy is found in the textfile GPL.txt and important notices to the license
+ *  from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Autoloader included from Install Tool that lets saltedpasswords load itself
+ *
+ * @author Helmut Hummel <helmut.hummel@typo3.org>
+ * @package TYPO3
+ * @subpackage saltedpasswords
+ */
+class Autoloader {
+
+       /**
+        * Activates saltedpasswords if it is supported.
+        *
+        * @param \TYPO3\CMS\Install\Installer $instObj
+        * @return void
+        */
+       public function execute(\TYPO3\CMS\Install\Installer $instObj) {
+               switch ($instObj->step) {
+               case 4:
+                       if (!\TYPO3\CMS\Core\Extension\ExtensionManager::isLoaded('saltedpasswords') && $this->isSaltedPasswordsSupported()) {
+                               $this->activateSaltedPasswords();
+                       }
+                       break;
+               }
+       }
+
+       /**
+        * Checks whether the OpenSSL PHP extension is working properly.
+        *
+        * Before automatically enabling saltedpasswords, we check for a working OpenSSL PHP extension. As we enable rsaauth
+        * in the process of automatically enabling saltedpasswords, working OpenSSL is a requirement for this.
+        * Availability of the command line openssl binary is not checked here, thus saltedpasswords is NOT enabled
+        * automatically in this case.
+        *
+        * @return boolean TRUE, in case of OpenSSL works and requirements for saltedpasswords are met.
+        * @see tx_rsaauth_php_backend
+        */
+       protected function isSaltedPasswordsSupported() {
+               $isSupported = FALSE;
+               if (is_callable('openssl_pkey_new')) {
+                       $testKey = @openssl_pkey_new();
+                       if (is_resource($testKey)) {
+                               openssl_free_key($testKey);
+                               $isSupported = TRUE;
+                       }
+               }
+               return $isSupported;
+       }
+
+       /**
+        * Activates saltedpasswords.
+        *
+        * @return void
+        */
+       protected function activateSaltedPasswords() {
+               if (!\TYPO3\CMS\Core\Extension\ExtensionManager::isLoaded('rsaauth')) {
+                       \TYPO3\CMS\Core\Extension\ExtensionManager::loadExtension('rsaauth');
+               }
+               if (!\TYPO3\CMS\Core\Extension\ExtensionManager::isLoaded('saltedpasswords')) {
+                       \TYPO3\CMS\Core\Extension\ExtensionManager::loadExtension('saltedpasswords');
+               }
+               \TYPO3\CMS\Core\Configuration\ConfigurationManager::setLocalConfigurationValueByPath('EXT/extConf/saltedpasswords', 'a:2:{s:3:"FE.";a:2:{s:7:"enabled";s:1:"1";s:21:"saltedPWHashingMethod";s:28:"tx_saltedpasswords_salts_md5";}s:3:"BE.";a:2:{s:7:"enabled";s:1:"1";s:21:"saltedPWHashingMethod";s:28:"tx_saltedpasswords_salts_md5";}}');
+               \TYPO3\CMS\Core\Configuration\ConfigurationManager::setLocalConfigurationValueByPath('BE/loginSecurityLevel', 'rsa');
+               \TYPO3\CMS\Core\Configuration\ConfigurationManager::setLocalConfigurationValueByPath('FE/loginSecurityLevel', 'rsa');
+       }
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/Evaluation/BackendEvaluator.php b/typo3/sysext/saltedpasswords/Classes/Evaluation/BackendEvaluator.php
new file mode 100644 (file)
index 0000000..3ee128b
--- /dev/null
@@ -0,0 +1,51 @@
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Evaluation;
+
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) Marcus Krause (marcus#exp2009@t3sec.info)
+ *  (c) Steffen Ritter (info@rs-websystems.de)
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *  A copy is found in the textfile GPL.txt and important notices to the license
+ *  from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Class implementing salted evaluation methods for BE users.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @author Steffen Ritter <info@rs-websystems.de>
+ * @since 2009-06-14
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class BackendEvaluator extends \TYPO3\CMS\Saltedpasswords\Evaluation\Evaluator {
+
+       /**
+        * Class constructor.
+        */
+       public function __construct() {
+               $this->mode = 'BE';
+       }
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/Evaluation/Evaluator.php b/typo3/sysext/saltedpasswords/Classes/Evaluation/Evaluator.php
new file mode 100644 (file)
index 0000000..d871d96
--- /dev/null
@@ -0,0 +1,91 @@
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Evaluation;
+
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) Marcus Krause (marcus#exp2009@t3sec.info)
+ *  (c) Steffen Ritter (info@rs-websystems.de)
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *  A copy is found in the textfile GPL.txt and important notices to the license
+ *  from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Class implementing salted evaluation methods.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @author Steffen Ritter <info@rs-websystems.de>
+ * @since 2009-06-14
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class Evaluator {
+
+       /**
+        * Keeps TYPO3 mode.
+        *
+        * Either 'FE' or 'BE'.
+        *
+        * @var string
+        */
+       protected $mode = NULL;
+
+       /**
+        * This function just return the field value as it is. No transforming,
+        * hashing will be done on server-side.
+        *
+        * @return string JavaScript code for evaluating the
+        * @todo Define visibility
+        */
+       public function returnFieldJS() {
+               return 'return value;';
+       }
+
+       /**
+        * Function uses Portable PHP Hashing Framework to create a proper password string if needed
+        *
+        * @param mixed $value The value that has to be checked.
+        * @param string $is_in Is-In String
+        * @param integer $set Determines if the field can be set (value correct) or not, e.g. if input is required but the value is empty, then $set should be set to FALSE. (PASSED BY REFERENCE!)
+        * @return The new value of the field
+        * @todo Define visibility
+        */
+       public function evaluateFieldValue($value, $is_in, &$set) {
+               $isEnabled = $this->mode ? \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled($this->mode) : \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled();
+               if ($isEnabled) {
+                       $set = FALSE;
+                       $isMD5 = preg_match('/[0-9abcdef]{32,32}/', $value);
+                       $isSaltedHash = \TYPO3\CMS\Core\Utility\GeneralUtility::inList('$1$,$2$,$2a,$P$', substr($value, 0, 3));
+                       $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, $this->mode);
+                       if ($isMD5) {
+                               $set = TRUE;
+                               $value = 'M' . $this->objInstanceSaltedPW->getHashedPassword($value);
+                       } elseif (!$isSaltedHash) {
+                               $set = TRUE;
+                               $value = $this->objInstanceSaltedPW->getHashedPassword($value);
+                       }
+               }
+               return $value;
+       }
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/Evaluation/FrontendEvaluator.php b/typo3/sysext/saltedpasswords/Classes/Evaluation/FrontendEvaluator.php
new file mode 100644 (file)
index 0000000..a18eeb7
--- /dev/null
@@ -0,0 +1,51 @@
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Evaluation;
+
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) Marcus Krause (marcus#exp2009@t3sec.info)
+ *  (c) Steffen Ritter (info@rs-websystems.de)
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *  A copy is found in the textfile GPL.txt and important notices to the license
+ *  from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Class implementing salted evaluation methods for FE users.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @author Steffen Ritter <info@rs-websystems.de>
+ * @since 2009-06-14
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class FrontendEvaluator extends \TYPO3\CMS\Saltedpasswords\Evaluation\Evaluator {
+
+       /**
+        * Class constructor.
+        */
+       public function __construct() {
+               $this->mode = 'FE';
+       }
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/Salt/AbstractSalt.php b/typo3/sysext/saltedpasswords/Classes/Salt/AbstractSalt.php
new file mode 100644 (file)
index 0000000..e131435
--- /dev/null
@@ -0,0 +1,122 @@
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Salt;
+
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *  A copy is found in the textfile GPL.txt and important notices to the license
+ *  from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Contains abstract class "tx_saltedpasswords_abstract_salts"
+ * to be used in classes that provide salted hashing.
+ */
+/**
+ * Abtract class with methods needed to be extended
+ * in a salted hashing class.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @since 2009-09-06
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+abstract class AbstractSalt {
+
+       /**
+        * Method applies settings (prefix, optional hash count, optional suffix)
+        * to a salt.
+        *
+        * @param string $salt A salt to apply setting to
+        * @return string Salt with setting
+        */
+       abstract protected function applySettingsToSalt($salt);
+
+       /**
+        * Generates a random base salt settings for the hash.
+        *
+        * @return string A string containing settings and a random salt
+        */
+       abstract protected function getGeneratedSalt();
+
+       /**
+        * Returns a string for mapping an int to the corresponding base 64 character.
+        *
+        * @return string String for mapping an int to the corresponding base 64 character
+        */
+       abstract protected function getItoa64();
+
+       /**
+        * Returns setting string to indicate type of hashing method.
+        *
+        * @return string Setting string of hashing method
+        */
+       abstract protected function getSetting();
+
+       /**
+        * Encodes bytes into printable base 64 using the *nix standard from crypt().
+        *
+        * @param string $input The string containing bytes to encode.
+        * @param integer $count The number of characters (bytes) to encode.
+        * @return string Encoded string
+        */
+       public function base64Encode($input, $count) {
+               $output = '';
+               $i = 0;
+               $itoa64 = $this->getItoa64();
+               do {
+                       $value = ord($input[$i++]);
+                       $output .= $itoa64[$value & 63];
+                       if ($i < $count) {
+                               $value |= ord($input[$i]) << 8;
+                       }
+                       $output .= $itoa64[$value >> 6 & 63];
+                       if ($i++ >= $count) {
+                               break;
+                       }
+                       if ($i < $count) {
+                               $value |= ord($input[$i]) << 16;
+                       }
+                       $output .= $itoa64[$value >> 12 & 63];
+                       if ($i++ >= $count) {
+                               break;
+                       }
+                       $output .= $itoa64[$value >> 18 & 63];
+               } while ($i < $count);
+               return $output;
+       }
+
+       /**
+        * Method determines required length of base64 characters for a given
+        * length of a byte string.
+        *
+        * @param integer $byteLength Length of bytes to calculate in base64 chars
+        * @return integer Required length of base64 characters
+        */
+       protected function getLengthBase64FromBytes($byteLength) {
+               // Calculates bytes in bits in base64
+               return intval(ceil(($byteLength * 8) / 6));
+       }
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/Salt/BlowfishSalt.php b/typo3/sysext/saltedpasswords/Classes/Salt/BlowfishSalt.php
new file mode 100644 (file)
index 0000000..193887d
--- /dev/null
@@ -0,0 +1,311 @@
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Salt;
+
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *  A copy is found in the textfile GPL.txt and important notices to the license
+ *  from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Contains class "tx_saltedpasswords_salts_blowfish"
+ * that provides Blowfish salted hashing.
+ */
+/**
+ * Class that implements Blowfish salted hashing based on PHP's
+ * crypt() function.
+ *
+ * Warning: Blowfish salted hashing with PHP's crypt() is not available
+ * on every system.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @since 2009-09-06
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class BlowfishSalt extends \TYPO3\CMS\Saltedpasswords\Salt\Md5Salt {
+
+       /**
+        * The default log2 number of iterations for password stretching.
+        */
+       const HASH_COUNT = 7;
+       /**
+        * The default maximum allowed log2 number of iterations for
+        * password stretching.
+        */
+       const MAX_HASH_COUNT = 17;
+       /**
+        * The default minimum allowed log2 number of iterations for
+        * password stretching.
+        */
+       const MIN_HASH_COUNT = 4;
+       /**
+        * Keeps log2 number
+        * of iterations for password stretching.
+        *
+        * @var integer
+        */
+       static protected $hashCount;
+
+       /**
+        * Keeps maximum allowed log2 number
+        * of iterations for password stretching.
+        *
+        * @var integer
+        */
+       static protected $maxHashCount;
+
+       /**
+        * Keeps minimum allowed log2 number
+        * of iterations for password stretching.
+        *
+        * @var integer
+        */
+       static protected $minHashCount;
+
+       /**
+        * Keeps length of a Blowfish salt in bytes.
+        *
+        * @var integer
+        */
+       static protected $saltLengthBlowfish = 16;
+
+       /**
+        * Setting string to indicate type of hashing method (blowfish).
+        *
+        * @var string
+        */
+       static protected $settingBlowfish = '$2a$';
+
+       /**
+        * Method applies settings (prefix, hash count) to a salt.
+        *
+        * Overwrites {@link tx_saltedpasswords_salts_md5::applySettingsToSalt()}
+        * with Blowfish specifics.
+        *
+        * @param string $salt A salt to apply setting to
+        * @return string Salt with setting
+        */
+       protected function applySettingsToSalt($salt) {
+               $saltWithSettings = $salt;
+               $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
+               // salt without setting
+               if (strlen($salt) == $reqLenBase64) {
+                       $saltWithSettings = (($this->getSetting() . sprintf('%02u', $this->getHashCount())) . '$') . $salt;
+               }
+               return $saltWithSettings;
+       }
+
+       /**
+        * Parses the log2 iteration count from a stored hash or setting string.
+        *
+        * @param string $setting Complete hash or a hash's setting string or to get log2 iteration count from
+        * @return integer Used hashcount for given hash string
+        */
+       protected function getCountLog2($setting) {
+               $countLog2 = NULL;
+               $setting = substr($setting, strlen($this->getSetting()));
+               $firstSplitPos = strpos($setting, '$');
+               // Hashcount existing
+               if (($firstSplitPos !== FALSE && $firstSplitPos <= 2) && is_numeric(substr($setting, 0, $firstSplitPos))) {
+                       $countLog2 = intval(substr($setting, 0, $firstSplitPos));
+               }
+               return $countLog2;
+       }
+
+       /**
+        * Method returns log2 number of iterations for password stretching.
+        *
+        * @return integer log2 number of iterations for password stretching
+        * @see HASH_COUNT
+        * @see $hashCount
+        * @see setHashCount()
+        */
+       public function getHashCount() {
+               return isset(self::$hashCount) ? self::$hashCount : self::HASH_COUNT;
+       }
+
+       /**
+        * Method returns maximum allowed log2 number of iterations for password stretching.
+        *
+        * @return integer Maximum allowed log2 number of iterations for password stretching
+        * @see MAX_HASH_COUNT
+        * @see $maxHashCount
+        * @see setMaxHashCount()
+        */
+       public function getMaxHashCount() {
+               return isset(self::$maxHashCount) ? self::$maxHashCount : self::MAX_HASH_COUNT;
+       }
+
+       /**
+        * Returns wether all prequesites for the hashing methods are matched
+        *
+        * @return boolean Method available
+        */
+       public function isAvailable() {
+               return CRYPT_BLOWFISH;
+       }
+
+       /**
+        * Method returns minimum allowed log2 number of iterations for password stretching.
+        *
+        * @return integer Minimum allowed log2 number of iterations for password stretching
+        * @see MIN_HASH_COUNT
+        * @see $minHashCount
+        * @see setMinHashCount()
+        */
+       public function getMinHashCount() {
+               return isset(self::$minHashCount) ? self::$minHashCount : self::MIN_HASH_COUNT;
+       }
+
+       /**
+        * Returns length of a Blowfish salt in bytes.
+        *
+        * Overwrites {@link tx_saltedpasswords_salts_md5::getSaltLength()}
+        * with Blowfish specifics.
+        *
+        * @return integer Length of a Blowfish salt in bytes
+        */
+       public function getSaltLength() {
+               return self::$saltLengthBlowfish;
+       }
+
+       /**
+        * Returns setting string of Blowfish salted hashes.
+        *
+        * Overwrites {@link tx_saltedpasswords_salts_md5::getSetting()}
+        * with Blowfish specifics.
+        *
+        * @return string Setting string of Blowfish salted hashes
+        */
+       public function getSetting() {
+               return self::$settingBlowfish;
+       }
+
+       /**
+        * Checks whether a user's hashed password needs to be replaced with a new hash.
+        *
+        * This is typically called during the login process when the plain text
+        * password is available.  A new hash is needed when the desired iteration
+        * count has changed through a change in the variable $hashCount or
+        * HASH_COUNT.
+        *
+        * @param string $saltedPW Salted hash to check if it needs an update
+        * @return boolean TRUE if salted hash needs an update, otherwise FALSE
+        */
+       public function isHashUpdateNeeded($saltedPW) {
+               // Check whether this was an updated password.
+               if (strncmp($saltedPW, '$2', 2) || !$this->isValidSalt($saltedPW)) {
+                       return TRUE;
+               }
+               // Check whether the iteration count used differs from the standard number.
+               $countLog2 = $this->getCountLog2($saltedPW);
+               return !is_NULL($countLog2) && $countLog2 < $this->getHashCount();
+       }
+
+       /**
+        * Method determines if a given string is a valid salt.
+        *
+        * Overwrites {@link tx_saltedpasswords_salts_md5::isValidSalt()} with
+        * Blowfish specifics.
+        *
+        * @param string $salt String to check
+        * @return boolean TRUE if it's valid salt, otherwise FALSE
+        */
+       public function isValidSalt($salt) {
+               $isValid = ($skip = FALSE);
+               $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
+               if (strlen($salt) >= $reqLenBase64) {
+                       // Salt with prefixed setting
+                       if (!strncmp('$', $salt, 1)) {
+                               if (!strncmp($this->getSetting(), $salt, strlen($this->getSetting()))) {
+                                       $isValid = TRUE;
+                                       $salt = substr($salt, strrpos($salt, '$') + 1);
+                               } else {
+                                       $skip = TRUE;
+                               }
+                       }
+                       // Checking base64 characters
+                       if (!$skip && strlen($salt) >= $reqLenBase64) {
+                               if (preg_match(((((('/^[' . preg_quote($this->getItoa64(), '/')) . ']{') . $reqLenBase64) . ',') . $reqLenBase64) . '}$/', substr($salt, 0, $reqLenBase64))) {
+                                       $isValid = TRUE;
+                               }
+                       }
+               }
+               return $isValid;
+       }
+
+       /**
+        * Method determines if a given string is a valid salted hashed password.
+        *
+        * @param string $saltedPW String to check
+        * @return boolean TRUE if it's valid salted hashed password, otherwise FALSE
+        */
+       public function isValidSaltedPW($saltedPW) {
+               $isValid = FALSE;
+               $isValid = !strncmp($this->getSetting(), $saltedPW, strlen($this->getSetting())) ? TRUE : FALSE;
+               if ($isValid) {
+                       $isValid = $this->isValidSalt($saltedPW);
+               }
+               return $isValid;
+       }
+
+       /**
+        * Method sets log2 number of iterations for password stretching.
+        *
+        * @param integer $hashCount log2 number of iterations for password stretching to set
+        * @see HASH_COUNT
+        * @see $hashCount
+        * @see getHashCount()
+        */
+       public function setHashCount($hashCount = NULL) {
+               self::$hashCount = ((!is_NULL($hashCount) && is_int($hashCount)) && $hashCount >= $this->getMinHashCount()) && $hashCount <= $this->getMaxHashCount() ? $hashCount : self::HASH_COUNT;
+       }
+
+       /**
+        * Method sets maximum allowed log2 number of iterations for password stretching.
+        *
+        * @param integer $maxHashCount Maximum allowed log2 number of iterations for password stretching to set
+        * @see MAX_HASH_COUNT
+        * @see $maxHashCount
+        * @see getMaxHashCount()
+        */
+       public function setMaxHashCount($maxHashCount = NULL) {
+               self::$maxHashCount = !is_NULL($maxHashCount) && is_int($maxHashCount) ? $maxHashCount : self::MAX_HASH_COUNT;
+       }
+
+       /**
+        * Method sets minimum allowed log2 number of iterations for password stretching.
+        *
+        * @param integer $minHashCount Minimum allowed log2 number of iterations for password stretching to set
+        * @see MIN_HASH_COUNT
+        * @see $minHashCount
+        * @see getMinHashCount()
+        */
+       public function setMinHashCount($minHashCount = NULL) {
+               self::$minHashCount = !is_NULL($minHashCount) && is_int($minHashCount) ? $minHashCount : self::MIN_HASH_COUNT;
+       }
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/Salt/Md5Salt.php b/typo3/sysext/saltedpasswords/Classes/Salt/Md5Salt.php
new file mode 100644 (file)
index 0000000..4ce2fe2
--- /dev/null
@@ -0,0 +1,247 @@
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Salt;
+
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *  A copy is found in the textfile GPL.txt and important notices to the license
+ *  from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Contains class "tx_saltedpasswords_salts_md5"
+ * that provides MD5 salted hashing.
+ */
+/**
+ * Class that implements MD5 salted hashing based on PHP's
+ * crypt() function.
+ *
+ * MD5 salted hashing with PHP's crypt() should be available
+ * on most of the systems.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @since 2009-09-06
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class Md5Salt extends \TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt implements \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface {
+
+       /**
+        * Keeps a string for mapping an int to the corresponding
+        * base 64 character.
+        */
+       const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
+       /**
+        * Keeps length of a MD5 salt in bytes.
+        *
+        * @var integer
+        */
+       static protected $saltLengthMD5 = 6;
+
+       /**
+        * Keeps suffix to be appended to a salt.
+        *
+        * @var string
+        */
+       static protected $saltSuffixMD5 = '$';
+
+       /**
+        * Setting string to indicate type of hashing method (md5).
+        *
+        * @var string
+        */
+       static protected $settingMD5 = '$1$';
+
+       /**
+        * Method applies settings (prefix, suffix) to a salt.
+        *
+        * @param string $salt A salt to apply setting to
+        * @return string Salt with setting
+        */
+       protected function applySettingsToSalt($salt) {
+               $saltWithSettings = $salt;
+               $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
+               // Salt without setting
+               if (strlen($salt) == $reqLenBase64) {
+                       $saltWithSettings = ($this->getSetting() . $salt) . $this->getSaltSuffix();
+               }
+               return $saltWithSettings;
+       }
+
+       /**
+        * Method checks if a given plaintext password is correct by comparing it with
+        * a given salted hashed password.
+        *
+        * @param string $plainPW plain-text password to compare with salted hash
+        * @param string $saltedHashPW salted hash to compare plain-text password with
+        * @return boolean TRUE, if plain-text password matches the salted hash, otherwise FALSE
+        */
+       public function checkPassword($plainPW, $saltedHashPW) {
+               $isCorrect = FALSE;
+               if ($this->isValidSalt($saltedHashPW)) {
+                       $isCorrect = crypt($plainPW, $saltedHashPW) == $saltedHashPW;
+               }
+               return $isCorrect;
+       }
+
+       /**
+        * Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.
+        *
+        * Proper use of salts may defeat a number of attacks, including:
+        * - The ability to try candidate passwords against multiple hashes at once.
+        * - The ability to use pre-hashed lists of candidate passwords.
+        * - The ability to determine whether two users have the same (or different)
+        * password without actually having to guess one of the passwords.
+        *
+        * @return string A character string containing settings and a random salt
+        */
+       protected function getGeneratedSalt() {
+               $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->getSaltLength());
+               return $this->base64Encode($randomBytes, $this->getSaltLength());
+       }
+
+       /**
+        * Method creates a salted hash for a given plaintext password
+        *
+        * @param string $password plaintext password to create a salted hash from
+        * @param string $salt Optional custom salt with setting to use
+        * @return string Salted hashed password
+        */
+       public function getHashedPassword($password, $salt = NULL) {
+               $saltedPW = NULL;
+               if (!empty($password)) {
+                       if (empty($salt) || !$this->isValidSalt($salt)) {
+                               $salt = $this->getGeneratedSalt();
+                       }
+                       $saltedPW = crypt($password, $this->applySettingsToSalt($salt));
+               }
+               return $saltedPW;
+       }
+
+       /**
+        * Returns a string for mapping an int to the corresponding base 64 character.
+        *
+        * @return string String for mapping an int to the corresponding base 64 character
+        */
+       protected function getItoa64() {
+               return self::ITOA64;
+       }
+
+       /**
+        * Returns wether all prequesites for the hashing methods are matched
+        *
+        * @return boolean Method available
+        */
+       public function isAvailable() {
+               return CRYPT_MD5;
+       }
+
+       /**
+        * Returns length of a MD5 salt in bytes.
+        *
+        * @return integer Length of a MD5 salt in bytes
+        */
+       public function getSaltLength() {
+               return self::$saltLengthMD5;
+       }
+
+       /**
+        * Returns suffix to be appended to a salt.
+        *
+        * @return string Suffix of a salt
+        */
+       protected function getSaltSuffix() {
+               return self::$saltSuffixMD5;
+       }
+
+       /**
+        * Returns setting string of MD5 salted hashes.
+        *
+        * @return string Setting string of MD5 salted hashes
+        */
+       public function getSetting() {
+               return self::$settingMD5;
+       }
+
+       /**
+        * Checks whether a user's hashed password needs to be replaced with a new hash.
+        *
+        * This is typically called during the login process when the plain text
+        * password is available.  A new hash is needed when the desired iteration
+        * count has changed through a change in the variable $hashCount or
+        * HASH_COUNT or if the user's password hash was generated in an bulk update
+        * with class ext_update.
+        *
+        * @param string $passString Salted hash to check if it needs an update
+        * @return boolean TRUE if salted hash needs an update, otherwise FALSE
+        */
+       public function isHashUpdateNeeded($passString) {
+               return FALSE;
+       }
+
+       /**
+        * Method determines if a given string is a valid salt
+        *
+        * @param string $salt String to check
+        * @return boolean TRUE if it's valid salt, otherwise FALSE
+        */
+       public function isValidSalt($salt) {
+               $isValid = ($skip = FALSE);
+               $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
+               if (strlen($salt) >= $reqLenBase64) {
+                       // Salt with prefixed setting
+                       if (!strncmp('$', $salt, 1)) {
+                               if (!strncmp($this->getSetting(), $salt, strlen($this->getSetting()))) {
+                                       $isValid = TRUE;
+                                       $salt = substr($salt, strlen($this->getSetting()));
+                               } else {
+                                       $skip = TRUE;
+                               }
+                       }
+                       // Checking base64 characters
+                       if (!$skip && strlen($salt) >= $reqLenBase64) {
+                               if (preg_match(((((('/^[' . preg_quote($this->getItoa64(), '/')) . ']{') . $reqLenBase64) . ',') . $reqLenBase64) . '}$/', substr($salt, 0, $reqLenBase64))) {
+                                       $isValid = TRUE;
+                               }
+                       }
+               }
+               return $isValid;
+       }
+
+       /**
+        * Method determines if a given string is a valid salted hashed password.
+        *
+        * @param string $saltedPW String to check
+        * @return boolean TRUE if it's valid salted hashed password, otherwise FALSE
+        */
+       public function isValidSaltedPW($saltedPW) {
+               $isValid = FALSE;
+               $isValid = !strncmp($this->getSetting(), $saltedPW, strlen($this->getSetting())) ? TRUE : FALSE;
+               if ($isValid) {
+                       $isValid = $this->isValidSalt($saltedPW);
+               }
+               return $isValid;
+       }
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/Salt/PhpassSalt.php b/typo3/sysext/saltedpasswords/Classes/Salt/PhpassSalt.php
new file mode 100644 (file)
index 0000000..d0dd85b
--- /dev/null
@@ -0,0 +1,402 @@
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Salt;
+
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *  A copy is found in the textfile GPL.txt and important notices to the license
+ *  from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Contains class "tx_saltedpasswords_salts_phpass"
+ * that provides PHPass salted hashing.
+ *
+ * Derived from Drupal CMS
+ * original license: GNU General Public License (GPL)
+ *
+ * @see http://drupal.org/node/29706/
+ * @see http://www.openwall.com/phpass/
+ */
+/**
+ * Class that implements PHPass salted hashing based on Drupal's
+ * modified Openwall implementation.
+ *
+ * PHPass should work on every system.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @since 2009-09-06
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class PhpassSalt extends \TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt implements \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface {
+
+       /**
+        * Keeps a string for mapping an int to the corresponding
+        * base 64 character.
+        */
+       const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
+       /**
+        * The default log2 number of iterations for password stretching.
+        */
+       const HASH_COUNT = 14;
+       /**
+        * The default maximum allowed log2 number of iterations for
+        * password stretching.
+        */
+       const MAX_HASH_COUNT = 24;
+       /**
+        * The default minimum allowed log2 number of iterations for
+        * password stretching.
+        */
+       const MIN_HASH_COUNT = 7;
+       /**
+        * Keeps log2 number
+        * of iterations for password stretching.
+        *
+        * @var integer
+        */
+       static protected $hashCount;
+
+       /**
+        * Keeps maximum allowed log2 number
+        * of iterations for password stretching.
+        *
+        * @var integer
+        */
+       static protected $maxHashCount;
+
+       /**
+        * Keeps minimum allowed log2 number
+        * of iterations for password stretching.
+        *
+        * @var integer
+        */
+       static protected $minHashCount;
+
+       /**
+        * Keeps length of a PHPass salt in bytes.
+        *
+        * @var integer
+        */
+       static protected $saltLengthPhpass = 6;
+
+       /**
+        * Setting string to indicate type of hashing method (PHPass).
+        *
+        * @var string
+        */
+       static protected $settingPhpass = '$P$';
+
+       /**
+        * Method applies settings (prefix, hash count) to a salt.
+        *
+        * Overwrites {@link tx_saltedpasswords_salts_md5::applySettingsToSalt()}
+        * with Blowfish specifics.
+        *
+        * @param string $salt A salt to apply setting to
+        * @return string Salt with setting
+        */
+       protected function applySettingsToSalt($salt) {
+               $saltWithSettings = $salt;
+               $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
+               // Salt without setting
+               if (strlen($salt) == $reqLenBase64) {
+                       // We encode the final log2 iteration count in base 64.
+                       $itoa64 = $this->getItoa64();
+                       $saltWithSettings = $this->getSetting() . $itoa64[$this->getHashCount()];
+                       $saltWithSettings .= $salt;
+               }
+               return $saltWithSettings;
+       }
+
+       /**
+        * Method checks if a given plaintext password is correct by comparing it with
+        * a given salted hashed password.
+        *
+        * @param string $plainPW Plain-text password to compare with salted hash
+        * @param string $saltedHashPW Salted hash to compare plain-text password with
+        * @return boolean TRUE, if plain-text password matches the salted hash, otherwise FALSE
+        */
+       public function checkPassword($plainPW, $saltedHashPW) {
+               $hash = $this->cryptPassword($plainPW, $saltedHashPW);
+               return $hash && $saltedHashPW === $hash;
+       }
+
+       /**
+        * Returns wether all prequesites for the hashing methods are matched
+        *
+        * @return boolean Method available
+        */
+       public function isAvailable() {
+               return TRUE;
+       }
+
+       /**
+        * Hashes a password using a secure stretched hash.
+        *
+        * By using a salt and repeated hashing the password is "stretched". Its
+        * security is increased because it becomes much more computationally costly
+        * for an attacker to try to break the hash by brute-force computation of the
+        * hashes of a large number of plain-text words or strings to find a match.
+        *
+        * @param string $password Plain-text password to hash
+        * @param string $setting An existing hash or the output of getGeneratedSalt()
+        * @return mixed A string containing the hashed password (and salt)
+        */
+       protected function cryptPassword($password, $setting) {
+               $saltedPW = NULL;
+               $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
+               // Retrieving settings with salt
+               $setting = substr($setting, 0, (strlen($this->getSetting()) + 1) + $reqLenBase64);
+               $count_log2 = $this->getCountLog2($setting);
+               // Hashes may be imported from elsewhere, so we allow != HASH_COUNT
+               if ($count_log2 >= $this->getMinHashCount() && $count_log2 <= $this->getMaxHashCount()) {
+                       $salt = substr($setting, strlen($this->getSetting()) + 1, $reqLenBase64);
+                       // We must use md5() or sha1() here since they are the only cryptographic
+                       // primitives always available in PHP 5. To implement our own low-level
+                       // cryptographic function in PHP would result in much worse performance and
+                       // consequently in lower iteration counts and hashes that are quicker to crack
+                       // (by non-PHP code).
+                       $count = 1 << $count_log2;
+                       $hash = md5($salt . $password, TRUE);
+                       do {
+                               $hash = md5($hash . $password, TRUE);
+                       } while (--$count);
+                       $saltedPW = $setting . $this->base64Encode($hash, 16);
+                       // base64Encode() of a 16 byte MD5 will always be 22 characters.
+                       return strlen($saltedPW) == 34 ? $saltedPW : FALSE;
+               }
+               return $saltedPW;
+       }
+
+       /**
+        * Parses the log2 iteration count from a stored hash or setting string.
+        *
+        * @param string $setting Complete hash or a hash's setting string or to get log2 iteration count from
+        * @return integer Used hashcount for given hash string
+        */
+       protected function getCountLog2($setting) {
+               return strpos($this->getItoa64(), $setting[strlen($this->getSetting())]);
+       }
+
+       /**
+        * Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.
+        *
+        * Proper use of salts may defeat a number of attacks, including:
+        * - The ability to try candidate passwords against multiple hashes at once.
+        * - The ability to use pre-hashed lists of candidate passwords.
+        * - The ability to determine whether two users have the same (or different)
+        * password without actually having to guess one of the passwords.
+        *
+        * @return string A character string containing settings and a random salt
+        */
+       protected function getGeneratedSalt() {
+               $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->getSaltLength());
+               return $this->base64Encode($randomBytes, $this->getSaltLength());
+       }
+
+       /**
+        * Method returns log2 number of iterations for password stretching.
+        *
+        * @return integer log2 number of iterations for password stretching
+        * @see HASH_COUNT
+        * @see $hashCount
+        * @see setHashCount()
+        */
+       public function getHashCount() {
+               return isset(self::$hashCount) ? self::$hashCount : self::HASH_COUNT;
+       }
+
+       /**
+        * Method creates a salted hash for a given plaintext password
+        *
+        * @param string $password Plaintext password to create a salted hash from
+        * @param string $salt Optional custom salt with setting to use
+        * @return string salted hashed password
+        */
+       public function getHashedPassword($password, $salt = NULL) {
+               $saltedPW = NULL;
+               if (!empty($password)) {
+                       if (empty($salt) || !$this->isValidSalt($salt)) {
+                               $salt = $this->getGeneratedSalt();
+                       }
+                       $saltedPW = $this->cryptPassword($password, $this->applySettingsToSalt($salt));
+               }
+               return $saltedPW;
+       }
+
+       /**
+        * Returns a string for mapping an int to the corresponding base 64 character.
+        *
+        * @return string String for mapping an int to the corresponding base 64 character
+        */
+       protected function getItoa64() {
+               return self::ITOA64;
+       }
+
+       /**
+        * Method returns maximum allowed log2 number of iterations for password stretching.
+        *
+        * @return integer Maximum allowed log2 number of iterations for password stretching
+        * @see MAX_HASH_COUNT
+        * @see $maxHashCount
+        * @see setMaxHashCount()
+        */
+       public function getMaxHashCount() {
+               return isset(self::$maxHashCount) ? self::$maxHashCount : self::MAX_HASH_COUNT;
+       }
+
+       /**
+        * Method returns minimum allowed log2 number of iterations for password stretching.
+        *
+        * @return integer Minimum allowed log2 number of iterations for password stretching
+        * @see MIN_HASH_COUNT
+        * @see $minHashCount
+        * @see setMinHashCount()
+        */
+       public function getMinHashCount() {
+               return isset(self::$minHashCount) ? self::$minHashCount : self::MIN_HASH_COUNT;
+       }
+
+       /**
+        * Returns length of a Blowfish salt in bytes.
+        *
+        * @return integer Length of a Blowfish salt in bytes
+        */
+       public function getSaltLength() {
+               return self::$saltLengthPhpass;
+       }
+
+       /**
+        * Returns setting string of PHPass salted hashes.
+        *
+        * @return string Setting string of PHPass salted hashes
+        */
+       public function getSetting() {
+               return self::$settingPhpass;
+       }
+
+       /**
+        * Checks whether a user's hashed password needs to be replaced with a new hash.
+        *
+        * This is typically called during the login process when the plain text
+        * password is available. A new hash is needed when the desired iteration
+        * count has changed through a change in the variable $hashCount or
+        * HASH_COUNT or if the user's password hash was generated in an bulk update
+        * with class ext_update.
+        *
+        * @param string $passString Salted hash to check if it needs an update
+        * @return boolean TRUE if salted hash needs an update, otherwise FALSE
+        */
+       public function isHashUpdateNeeded($passString) {
+               // Check whether this was an updated password.
+               if (strncmp($passString, '$P$', 3) || strlen($passString) != 34) {
+                       return TRUE;
+               }
+               // Check whether the iteration count used differs from the standard number.
+               return $this->getCountLog2($passString) < $this->getHashCount();
+       }
+
+       /**
+        * Method determines if a given string is a valid salt.
+        *
+        * @param string $salt String to check
+        * @return boolean TRUE if it's valid salt, otherwise FALSE
+        */
+       public function isValidSalt($salt) {
+               $isValid = ($skip = FALSE);
+               $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
+               if (strlen($salt) >= $reqLenBase64) {
+                       // Salt with prefixed setting
+                       if (!strncmp('$', $salt, 1)) {
+                               if (!strncmp($this->getSetting(), $salt, strlen($this->getSetting()))) {
+                                       $isValid = TRUE;
+                                       $salt = substr($salt, strrpos($salt, '$') + 2);
+                               } else {
+                                       $skip = TRUE;
+                               }
+                       }
+                       // Checking base64 characters
+                       if (!$skip && strlen($salt) >= $reqLenBase64) {
+                               if (preg_match(((((('/^[' . preg_quote($this->getItoa64(), '/')) . ']{') . $reqLenBase64) . ',') . $reqLenBase64) . '}$/', substr($salt, 0, $reqLenBase64))) {
+                                       $isValid = TRUE;
+                               }
+                       }
+               }
+               return $isValid;
+       }
+
+       /**
+        * Method determines if a given string is a valid salted hashed password.
+        *
+        * @param string $saltedPW String to check
+        * @return boolean TRUE if it's valid salted hashed password, otherwise FALSE
+        */
+       public function isValidSaltedPW($saltedPW) {
+               $isValid = FALSE;
+               $isValid = !strncmp($this->getSetting(), $saltedPW, strlen($this->getSetting())) ? TRUE : FALSE;
+               if ($isValid) {
+                       $isValid = $this->isValidSalt($saltedPW);
+               }
+               return $isValid;
+       }
+
+       /**
+        * Method sets log2 number of iterations for password stretching.
+        *
+        * @param integer $hashCount log2 number of iterations for password stretching to set
+        * @see HASH_COUNT
+        * @see $hashCount
+        * @see getHashCount()
+        */
+       public function setHashCount($hashCount = NULL) {
+               self::$hashCount = ((!is_NULL($hashCount) && is_int($hashCount)) && $hashCount >= $this->getMinHashCount()) && $hashCount <= $this->getMaxHashCount() ? $hashCount : self::HASH_COUNT;
+       }
+
+       /**
+        * Method sets maximum allowed log2 number of iterations for password stretching.
+        *
+        * @param integer $maxHashCount Maximum allowed log2 number of iterations for password stretching to set
+        * @see MAX_HASH_COUNT
+        * @see $maxHashCount
+        * @see getMaxHashCount()
+        */
+       public function setMaxHashCount($maxHashCount = NULL) {
+               self::$maxHashCount = !is_NULL($maxHashCount) && is_int($maxHashCount) ? $maxHashCount : self::MAX_HASH_COUNT;
+       }
+
+       /**
+        * Method sets minimum allowed log2 number of iterations for password stretching.
+        *
+        * @param integer $minHashCount Minimum allowed log2 number of iterations for password stretching to set
+        * @see MIN_HASH_COUNT
+        * @see $minHashCount
+        * @see getMinHashCount()
+        */
+       public function setMinHashCount($minHashCount = NULL) {
+               self::$minHashCount = !is_NULL($minHashCount) && is_int($minHashCount) ? $minHashCount : self::MIN_HASH_COUNT;
+       }
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/Salt/SaltFactory.php b/typo3/sysext/saltedpasswords/Classes/Salt/SaltFactory.php
new file mode 100644 (file)
index 0000000..32266c0
--- /dev/null
@@ -0,0 +1,127 @@
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Salt;
+
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *  A copy is found in the textfile GPL.txt and important notices to the license
+ *  from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Contains class "tx_saltedpasswords_salts_factory"
+ * that provides a salted hashing method factory.
+ */
+/**
+ * Class that implements Blowfish salted hashing based on PHP's
+ * crypt() function.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @since 2009-09-06
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class SaltFactory {
+
+       /**
+        * An instance of the salted hashing method.
+        * This member is set in the getSaltingInstance() function.
+        *
+        * @var \TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt
+        */
+       static protected $instance = NULL;
+
+       /**
+        * Obtains a salting hashing method instance.
+        *
+        * This function will return an instance of a class that implements
+        * tx_saltedpasswords_abstract_salts.
+        *
+        * Use parameter NULL to reset the factory!
+        *
+        * @param string $saltedHash (optional) Salted hashed password to determine the type of used method from or NULL to reset the factory
+        * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
+        * @return tx_saltedpasswords_abstract_salts    an instance of salting hashing method object
+        */
+       static public function getSaltingInstance($saltedHash = '', $mode = TYPO3_MODE) {
+               // Creating new instance when
+               // * no instance existing
+               // * a salted hash given to determine salted hashing method from
+               // * a NULL parameter given to reset instance back to default method
+               if ((!is_object(self::$instance) || !empty($saltedHash)) || is_NULL($saltedHash)) {
+                       // Determine method by checking the given hash
+                       if (!empty($saltedHash)) {
+                               $result = self::determineSaltingHashingMethod($saltedHash);
+                               if (!$result) {
+                                       self::$instance = NULL;
+                               }
+                       } else {
+                               $classNameToUse = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod($mode);
+                               $availableClasses = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'];
+                               self::$instance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($availableClasses[$classNameToUse], 'tx_');
+                       }
+               }
+               return self::$instance;
+       }
+
+       /**
+        * Method tries to determine the salting hashing method used for given salt.
+        *
+        * Method implicitly sets the instance of the found method object in the class property when found.
+        *
+        * @param string $saltedHash
+        * @return boolean TRUE, if salting hashing method has been found, otherwise FALSE
+        */
+       static public function determineSaltingHashingMethod($saltedHash) {
+               $methodFound = FALSE;
+               $defaultMethods = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'];
+               foreach ($defaultMethods as $method) {
+                       $objectInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($method, 'tx_');
+                       if ($objectInstance instanceof \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface) {
+                               $methodFound = $objectInstance->isValidSaltedPW($saltedHash);
+                               if ($methodFound) {
+                                       self::$instance = $objectInstance;
+                                       break;
+                               }
+                       }
+               }
+               return $methodFound;
+       }
+
+       /**
+        * Method sets a custom salting hashing method class.
+        *
+        * @param string $resource Object resource to use (e.g. 'EXT:saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_blowfish.php:tx_saltedpasswords_salts_blowfish')
+        * @return tx_saltedpasswords_abstract_salts    an instance of salting hashing method object
+        */
+       static public function setPreferredHashingMethod($resource) {
+               self::$instance = NULL;
+               $objectInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($resource);
+               if (is_object($objectInstance) && is_subclass_of($objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\AbstractSalt')) {
+                       self::$instance = $objectInstance;
+               }
+               return self::$instance;
+       }
+
+}
+
+
+?>
diff --git a/typo3/sysext/saltedpasswords/Classes/Salt/SaltInterface.php b/typo3/sysext/saltedpasswords/Classes/Salt/SaltInterface.php
new file mode 100644 (file)
index 0000000..fb9b3b0
--- /dev/null
@@ -0,0 +1,111 @@
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Salt;
+
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
+ *  (c) 2009-2011 Steffen Ritter <info@rs-websystems.de>
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *  A copy is found in the textfile GPL.txt and important notices to the license
+ *  from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Contains interface "tx_saltedpasswords_salts" to be used in
+ * classes that provide salted hashing.
+ */
+/**
+ * Interface with public methods needed to be implemented
+ * in a salting hashing class.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @author Steffen Ritter <info@rs-websystems.de>
+ * @since 2009-09-06
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+interface SaltInterface
+{
+       /**
+        * Method checks if a given plaintext password is correct by comparing it with
+        * a given salted hashed password.
+        *
+        * @param string $plainPW plain-text password to compare with salted hash
+        * @param string $saltedHashPW Salted hash to compare plain-text password with
+        * @return boolean TRUE, if plaintext password is correct, otherwise FALSE
+        */
+       public function checkPassword($plainPW, $saltedHashPW);
+
+       /**
+        * Returns length of required salt.
+        *
+        * @return integer Length of required salt
+        */
+       public function getSaltLength();
+
+       /**
+        * Returns wether all prequesites for the hashing methods are matched
+        *
+        * @return boolean Method available
+        */
+       public function isAvailable();
+
+       /**
+        * Method creates a salted hash for a given plaintext password
+        *
+        * @param string $password Plaintext password to create a salted hash from
+        * @param string $salt Optional custom salt to use
+        * @return string Salted hashed password
+        */
+       public function getHashedPassword($password, $salt = NULL);
+
+       /**
+        * Checks whether a user's hashed password needs to be replaced with a new hash.
+        *
+        * This is typically called during the login process when the plain text
+        * password is available.  A new hash is needed when the desired iteration
+        * count has changed through a change in the variable $hashCount or
+        * HASH_COUNT or if the user's password hash was generated in an bulk update
+        * with class ext_update.
+        *
+        * @param string $passString Salted hash to check if it needs an update
+        * @return boolean TRUE if salted hash needs an update, otherwise FALSE
+        */
+       public function isHashUpdateNeeded($passString);
+
+       /**
+        * Method determines if a given string is a valid salt
+        *
+        * @param string $salt String to check
+        * @return boolean TRUE if it's valid salt, otherwise FALSE
+        */
+       public function isValidSalt($salt);
+
+       /**
+        * Method determines if a given string is a valid salted hashed password.
+        *
+        * @param string $saltedPW String to check
+        * @return boolean TRUE if it's valid salted hashed password, otherwise FALSE
+        */
+       public function isValidSaltedPW($saltedPW);
+
+}
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/SaltedPasswordService.php b/typo3/sysext/saltedpasswords/Classes/SaltedPasswordService.php
new file mode 100644 (file)
index 0000000..5a9e811
--- /dev/null
@@ -0,0 +1,289 @@
+<?php
+namespace TYPO3\CMS\Saltedpasswords;
+
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) Marcus Krause (marcus#exp2009@t3sec.info)
+ *  (c) Steffen Ritter (info@rs-websystems.de)
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *  A copy is found in the textfile GPL.txt and important notices to the license
+ *  from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Contains authentication service class for salted hashed passwords.
+ */
+/**
+ * Class implements salted-password hashes authentication service.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @author Steffen Ritter <info@rs-websystems.de>
+ * @since 2009-06-14
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class SaltedPasswordService extends \TYPO3\CMS\Sv\AbstractAuthenticationService {
+
+       /**
+        * Keeps class name.
+        *
+        * @var string
+        */
+       public $prefixId = 'tx_saltedpasswords_sv1';
+
+       /**
+        * Keeps path to this script relative to the extension directory.
+        *
+        * @var string
+        */
+       public $scriptRelPath = 'sv1/class.tx_saltedpasswords_sv1.php';
+
+       /**
+        * Keeps extension key.
+        *
+        * @var string
+        */
+       public $extKey = 'saltedpasswords';
+
+       /**
+        * Keeps extension configuration.
+        *
+        * @var mixed
+        */
+       protected $extConf;
+
+       /**
+        * An instance of the salted hashing method.
+        * This member is set in the getSaltingInstance() function.
+        *
+        * @var \TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt
+        */
+       protected $objInstanceSaltedPW = NULL;
+
+       /**
+        * Indicates whether the salted password authentication has failed.
+        *
+        * Prevents authentication bypass. See vulnerability report:
+        * { @link http://bugs.typo3.org/view.php?id=13372 }
+        *
+        * @var boolean
+        */
+       protected $authenticationFailed = FALSE;
+
+       /**
+        * Checks if service is available. In case of this service we check that
+        * following prerequesties are fulfilled:
+        * - loginSecurityLevel of according TYPO3_MODE is set to normal
+        *
+        * @return boolean TRUE if service is available
+        */
+       public function init() {
+               $available = FALSE;
+               $mode = TYPO3_MODE;
+               if ($this->info['requestedServiceSubType'] === 'authUserBE') {
+                       $mode = 'BE';
+               } elseif ($this->info['requestedServiceSubType'] === 'authUserFE') {
+                       $mode = 'FE';
+               }
+               if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled($mode)) {
+                       $available = TRUE;
+                       $this->extConf = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::returnExtConf();
+               }
+               return $available ? parent::init() : FALSE;
+       }
+
+       /**
+        * Checks the login data with the user record data for builtin login method.
+        *
+        * @param array $user User data array
+        * @param array $loginData Login data array
+        * @param string $security_level Login security level (optional)
+        * @return boolean TRUE if login data matched
+        * @todo Define visibility
+        */
+       public function compareUident(array $user, array $loginData, $security_level = 'normal') {
+               $validPasswd = FALSE;
+               // Could be merged; still here to clarify
+               if (!strcmp(TYPO3_MODE, 'BE')) {
+                       $password = $loginData['uident_text'];
+               } elseif (!strcmp(TYPO3_MODE, 'FE')) {
+                       $password = $loginData['uident_text'];
+               }
+               // Determine method used for given salted hashed password
+               $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($user['password']);
+               // Existing record is in format of Salted Hash password
+               if (is_object($this->objInstanceSaltedPW)) {
+                       $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, $user['password']);
+                       // Record is in format of Salted Hash password but authentication failed
+                       // skip further authentication methods
+                       if (!$validPasswd) {
+                               $this->authenticationFailed = TRUE;
+                       }
+                       $defaultHashingClassName = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod();
+                       $skip = FALSE;
+                       // Test for wrong salted hashing method
+                       if ($validPasswd && !(get_class($this->objInstanceSaltedPW) == $defaultHashingClassName) || is_subclass_of($this->objInstanceSaltedPW, $defaultHashingClassName)) {
+                               // Instanciate default method class
+                               $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL);
+                               $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
+                       }
+                       if (($validPasswd && !$skip) && $this->objInstanceSaltedPW->isHashUpdateNeeded($user['password'])) {
+                               $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
+                       }
+               } elseif (!intval($this->extConf['forceSalted'])) {
+                       // Stored password is in deprecated salted hashing method
+                       if (\TYPO3\CMS\Core\Utility\GeneralUtility::inList('C$,M$', substr($user['password'], 0, 2))) {
+                               // Instanciate default method class
+                               $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(substr($user['password'], 1));
+                               // md5
+                               if (!strcmp(substr($user['password'], 0, 1), 'M')) {
+                                       $validPasswd = $this->objInstanceSaltedPW->checkPassword(md5($password), substr($user['password'], 1));
+                               } else {
+                                       $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, substr($user['password'], 1));
+                               }
+                               // Skip further authentication methods
+                               if (!$validPasswd) {
+                                       $this->authenticationFailed = TRUE;
+                               }
+                       } elseif (preg_match('/[0-9abcdef]{32,32}/', $user['password'])) {
+                               $validPasswd = !strcmp(md5($password), $user['password']) ? TRUE : FALSE;
+                               // Skip further authentication methods
+                               if (!$validPasswd) {
+                                       $this->authenticationFailed = TRUE;
+                               }
+                       } else {
+                               $validPasswd = !strcmp($password, $user['password']) ? TRUE : FALSE;
+                       }
+                       // Should we store the new format value in DB?
+                       if ($validPasswd && intval($this->extConf['updatePasswd'])) {
+                               // Instanciate default method class
+                               $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL);
+                               $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
+                       }
+               }
+               return $validPasswd;
+       }
+
+       /**
+        * Method adds a further authUser method.
+        *
+        * Will return one of following authentication status codes:
+        * - 0 - authentication failure
+        * - 100 - just go on. User is not authenticated but there is still no reason to stop
+        * - 200 - the service was able to authenticate the user
+        *
+        * @param array Array containing FE user data of the logged user.
+        * @return integer Authentication statuscode, one of 0,100 and 200
+        */
+       public function authUser(array $user) {
+               $OK = 100;
+               $validPasswd = FALSE;
+               if ($this->login['uident'] && $this->login['uname']) {
+                       if (!empty($this->login['uident_text'])) {
+                               $validPasswd = $this->compareUident($user, $this->login);
+                       }
+                       if (!$validPasswd) {
+                               // Failed login attempt (wrong password)
+                               $errorMessage = 'Login-attempt from %s (%s), username \'%s\', password not accepted!';
+                               // No delegation to further services
+                               if (intval($this->extConf['onlyAuthService']) || $this->authenticationFailed) {
+                                       $this->writeLogMessage(TYPO3_MODE . ' Authentication failed - wrong password for username \'%s\'', $this->login['uname']);
+                               } else {
+                                       $this->writeLogMessage($errorMessage, $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']);
+                               }
+                               $this->writelog(255, 3, 3, 1, $errorMessage, array(
+                                       $this->authInfo['REMOTE_ADDR'],
+                                       $this->authInfo['REMOTE_HOST'],
+                                       $this->login['uname']
+                               ));
+                               \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf($errorMessage, $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_INFO);
+                               if (intval($this->extConf['onlyAuthService']) || $this->authenticationFailed) {
+                                       $OK = 0;
+                               }
+                       } elseif (($validPasswd && $user['lockToDomain']) && strcasecmp($user['lockToDomain'], $this->authInfo['HTTP_HOST'])) {
+                               // Lock domain didn't match, so error:
+                               $errorMessage = 'Login-attempt from %s (%s), username \'%s\', locked domain \'%s\' did not match \'%s\'!';
+                               $this->writeLogMessage($errorMessage, $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'], $user['lockToDomain'], $this->authInfo['HTTP_HOST']);
+                               $this->writelog(255, 3, 3, 1, $errorMessage, array(
+                                       $this->authInfo['REMOTE_ADDR'],
+                                       $this->authInfo['REMOTE_HOST'],
+                                       $user[$this->db_user['username_column']],
+                                       $user['lockToDomain'],
+                                       $this->authInfo['HTTP_HOST']
+                               ));
+                               \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf($errorMessage, $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_INFO);
+                               $OK = 0;
+                       } elseif ($validPasswd) {
+                               $this->writeLogMessage(TYPO3_MODE . ' Authentication successful for username \'%s\'', $this->login['uname']);
+                               $OK = 200;
+                       }
+               }
+               return $OK;
+       }
+
+       /**
+        * Method updates a FE/BE user record - in this case a new password string will be set.
+        *
+        * @param integer $uid uid of user record that will be updated
+        * @param mixed $updateFields Field values as key=>value pairs to be updated in database
+        * @return void
+        */
+       protected function updatePassword($uid, $updateFields) {
+               $GLOBALS['TYPO3_DB']->exec_UPDATEquery($this->pObj->user_table, sprintf('uid = %u', $uid), $updateFields);
+               \TYPO3\CMS\Core\Utility\GeneralUtility::devLog(sprintf('Automatic password update for user record in %s with uid %u', $this->pObj->user_table, $uid), $this->extKey, 1);
+       }
+
+       /**
+        * Writes log message. Destination log depends on the current system mode.
+        * For FE the function writes to the admin panel log. For BE messages are
+        * sent to the system log. If developer log is enabled, messages are also
+        * sent there.
+        *
+        * This function accepts variable number of arguments and can format
+        * parameters. The syntax is the same as for sprintf()
+        *
+        * @param string $message Message to output
+        * @return void
+        * @see         sprintf()
+        * @see         t3lib::divLog()
+        * @see         t3lib_div::sysLog()
+        * @see         t3lib_timeTrack::setTSlogMessage()
+        * @todo Define visibility
+        */
+       public function writeLogMessage($message) {
+               if (func_num_args() > 1) {
+                       $params = func_get_args();
+                       array_shift($params);
+                       $message = vsprintf($message, $params);
+               }
+               if (TYPO3_MODE === 'BE') {
+                       \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog($message, $this->extKey, \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_NOTICE);
+               } else {
+                       $GLOBALS['TT']->setTSlogMessage($message);
+               }
+               if (TYPO3_DLOG) {
+                       \TYPO3\CMS\Core\Utility\GeneralUtility::devLog($message, $this->extKey, \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_NOTICE);
+               }
+       }
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/Task/BulkUpdateFieldProvider.php b/typo3/sysext/saltedpasswords/Classes/Task/BulkUpdateFieldProvider.php
new file mode 100644 (file)
index 0000000..d415253
--- /dev/null
@@ -0,0 +1,138 @@
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Task;
+
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) 2012 Philipp Gampe (typo3@philippgampe.info)
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *  A copy is found in the textfile GPL.txt and important notices to the license
+ *  from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Additional field for salted passwords bulk update task
+ *
+ * @autor Philipp Gampe <typo3@philippgampe.info>
+ * @package TYPO3
+ * @subpackage saltedpasswords
+ */
+class BulkUpdateFieldProvider implements \TYPO3\CMS\Scheduler\AdditionalFieldProviderInterface {
+
+       /**
+        * Default value whether the task deactivates itself after last run.
+        *
+        * @var boolean Whether the task is allowed to deactivate itself after processing all existing user records.
+        */
+       protected $defaultCanDeactivateSelf = TRUE;
+
+       /**
+        * Default value for the number of records to handle at each run.
+        *
+        * @var integer Number of records
+        */
+       protected $defaultNumberOfRecords = 250;
+
+       /**
+        * Add a field for the number of records and if the task should deactivate itself after
+        * processing all records
+        *
+        * @param array $taskInfo Reference to the array containing the info used in the add/edit form
+        * @param \TYPO3\CMS\Saltedpasswords\Task\BulkUpdateTask $task When editing, reference to the current task object. Null when adding.
+        * @param \TYPO3\CMS\Scheduler\Controller\SchedulerModuleController $parentObject Reference to the calling object (Scheduler's BE module)
+        * @return array Array containing all the information pertaining to the additional fields
+        */
+       public function getAdditionalFields(array &$taskInfo, $task, \TYPO3\CMS\Scheduler\Controller\SchedulerModuleController $parentObject) {
+               // Initialize selected fields
+               if (!isset($taskInfo['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf'])) {
+                       $taskInfo['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf'] = $this->defaultCanDeactivateSelf;
+                       if ($parentObject->CMD === 'edit') {
+                               $taskInfo['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf'] = $task->getCanDeactivateSelf();
+                       }
+               }
+               if (!isset($taskInfo['scheduler_saltedpasswordsBulkUpdateNumberOfRecords'])) {
+                       $taskInfo['scheduler_saltedpasswordsBulkUpdateNumberOfRecords'] = $this->defaultNumberOfRecords;
+                       if ($parentObject->CMD === 'edit') {
+                               $taskInfo['scheduler_saltedpasswordsBulkUpdateNumberOfRecords'] = $task->getNumberOfRecords();
+                       }
+               }
+               // Configuration for canDeactivateSelf
+               $fieldName = 'TYPO3\\CMS\\Scheduler\\Scheduler[scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf]';
+               $fieldId = 'task_saltedpasswordsBulkUpdateCanDeactivateSelf';
+               $fieldValue = 'IsChecked';
+               $fieldChecked = (bool) $taskInfo['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf'];
+               $fieldHtml = (((((((((('<input type="checkbox"' . ' name="') . $fieldName) . '"') . ' id="') . $fieldId) . '"') . ' value="') . $fieldValue) . '"') . ($fieldChecked ? ' checked="checked"' : '')) . ' />';
+               $additionalFields[$fieldId] = array(
+                       'code' => $fieldHtml,
+                       'label' => 'LLL:EXT:saltedpasswords/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.label.canDeactivateSelf',
+                       'cshKey' => '_txsaltedpasswords',
+                       'cshLabel' => $fieldId
+               );
+               // Configuration for numberOfRecords
+               $fieldName = 'TYPO3\\CMS\\Scheduler\\Scheduler[scheduler_saltedpasswordsBulkUpdateNumberOfRecords]';
+               $fieldId = 'task_saltedpasswordsBulkUpdateNumberOfRecords';
+               $fieldValue = intval($taskInfo['scheduler_saltedpasswordsBulkUpdateNumberOfRecords']);
+               $fieldHtml = ((((('<input type="text" name="' . $fieldName) . '" id="') . $fieldId) . '" value="') . htmlspecialchars($fieldValue)) . '" />';
+               $additionalFields[$fieldId] = array(
+                       'code' => $fieldHtml,
+                       'label' => 'LLL:EXT:saltedpasswords/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.label.numberOfRecords',
+                       'cshKey' => '_txsaltedpasswords',
+                       'cshLabel' => $fieldId
+               );
+               return $additionalFields;
+       }
+
+       /**
+        * Checks if the given values are boolean and integer
+        *
+        * @param array $submittedData Reference to the array containing the data submitted by the user
+        * @param \TYPO3\CMS\Scheduler\Controller\SchedulerModuleController $parentObject Reference to the calling object (Scheduler's BE module)
+        * @return boolean TRUE if validation was ok (or selected class is not relevant), FALSE otherwise
+        */
+       public function validateAdditionalFields(array &$submittedData, \TYPO3\CMS\Scheduler\Controller\SchedulerModuleController $parentObject) {
+               $result = TRUE;
+               // Check if number of records is indeed a number and greater or equals to 0
+               // If not, fail validation and issue error message
+               if (!is_numeric($submittedData['scheduler_saltedpasswordsBulkUpdateNumberOfRecords']) || intval($submittedData['scheduler_saltedpasswordsBulkUpdateNumberOfRecords']) < 0) {
+                       $result = FALSE;
+                       $parentObject->addMessage($GLOBALS['LANG']->sL('LLL:EXT:saltedpasswords/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.invalidNumberOfRecords'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);
+               }
+               return $result;
+       }
+
+       /**
+        * Saves given values in task object
+        *
+        * @param array $submittedData Contains data submitted by the user
+        * @param tx_scheduler_Task|tx_saltedpasswords_Tasks_BulkUpdate $task Reference to the current task object
+        * @return void
+        */
+       public function saveAdditionalFields(array $submittedData, \TYPO3\CMS\Scheduler\Task $task) {
+               if (isset($submittedData['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf']) && $submittedData['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf'] === 'IsChecked') {
+                       $task->setCanDeactivateSelf(TRUE);
+               } else {
+                       $task->setCanDeactivateSelf(FALSE);
+               }
+               $task->setNumberOfRecords(intval($submittedData['scheduler_saltedpasswordsBulkUpdateNumberOfRecords']));
+       }
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/Task/BulkUpdateTask.php b/typo3/sysext/saltedpasswords/Classes/Task/BulkUpdateTask.php
new file mode 100644 (file)
index 0000000..cc0ebf6
--- /dev/null
@@ -0,0 +1,269 @@
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Task;
+
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) 2010-2011 Christian Kuhn <lolli@schwarzbu.ch>
+ *             Marcus Krause <marcus#exp2010@t3sec.info>
+ *
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Update plaintext and hashed passwords of existing users to salted passwords.
+ *
+ * @author Christian Kuhn <lolli@schwarzbu.ch>
+ * @author Marcus Krause <marcus#exp2010@t3sec.info>
+ * @package TYPO3
+ * @subpackage saltedpasswords
+ */
+class BulkUpdateTask extends \TYPO3\CMS\Scheduler\Task {
+
+       /**
+        * @var boolean Whether or not the task is allowed to deactivate itself after processing all existing user records.
+        */
+       protected $canDeactivateSelf = TRUE;
+
+       /**
+        * Converting a password to a salted hash takes some milliseconds (~100ms on an entry system in 2010).
+        * If all users are updated in one run, the task might run a long time if a lot of users must be handled.
+        * Therefore only a small number of frontend and backend users are processed.
+        * If saltedpasswords is enabled for both frontend and backend 2 * numberOfRecords will be handled.
+        *
+        * @var integer Number of records
+        */
+       protected $numberOfRecords = 250;
+
+       /**
+        * @var integer Pointer to last handled frontend and backend user row
+        */
+       protected $userRecordPointer = array();
+
+       /**
+        * Constructor initializes user record pointer
+        */
+       public function __construct() {
+               parent::__construct();
+               $this->userRecordPointer = array(
+                       'FE' => 0,
+                       'BE' => 0
+               );
+       }
+
+       /**
+        * Execute task
+        *
+        * @return boolean
+        */
+       public function execute() {
+               $processedAllRecords = TRUE;
+               // For frontend and backend
+               foreach ($this->userRecordPointer as $mode => $pointer) {
+                       // If saltedpasswords is active for frontend / backend
+                       if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled($mode)) {
+                               $usersToUpdate = $this->findUsersToUpdate($mode);
+                               $numberOfRows = count($usersToUpdate);
+                               if ($numberOfRows > 0) {
+                                       $processedAllRecords = FALSE;
+                                       $this->incrementUserRecordPointer($mode, $numberOfRows);
+                                       $this->convertPasswords($mode, $usersToUpdate);
+                               }
+                       }
+               }
+               if ($processedAllRecords) {
+                       // Reset the user record pointer
+                       $this->userRecordPointer = array(
+                               'FE' => 0,
+                               'BE' => 0
+                       );
+                       // Determine if task should disable itself
+                       if ($this->canDeactivateSelf) {
+                               $this->deactivateSelf();
+                       }
+               }
+               // Use save() of parent class tx_scheduler_Task to persist changed task variables
+               $this->save();
+               return TRUE;
+       }
+
+       /**
+        * Get additional information
+        *
+        * @return string Additional information
+        */
+       public function getAdditionalInformation() {
+               $information = ((($GLOBALS['LANG']->sL('LLL:EXT:saltedpasswords/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.label.additionalinformation.deactivateself') . $this->getCanDeactivateSelf()) . '; ') . $GLOBALS['LANG']->sL('LLL:EXT:saltedpasswords/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.label.additionalinformation.numberofrecords')) . $this->getNumberOfRecords();
+               return $information;
+       }
+
+       /**
+        * Finds next set of frontend or backend users to update.
+        *
+        * @param string $mode 'FE' for frontend, 'BE' for backend user records
+        * @return array Rows with uid and password
+        */
+       protected function findUsersToUpdate($mode) {
+               $usersToUpdate = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('uid, password', strtolower($mode) . '_users', '1 = 1', '', 'uid ASC', ($this->userRecordPointer[$mode] . ', ') . $this->numberOfRecords);
+               return $usersToUpdate;
+       }
+
+       /**
+        * Iterates over given user records and update password if needed.
+        *
+        * @param string $mode 'FE' for frontend, 'BE' for backend user records
+        * @param array $users With user uids and passwords
+        * @return void
+        */
+       protected function convertPasswords($mode, array $users) {
+               $updateUsers = array();
+               foreach ($users as $user) {
+                       // If a password is already a salted hash it must not be updated
+                       if ($this->isSaltedHash($user['password'])) {
+                               continue;
+                       }
+                       $updateUsers[] = $user;
+               }
+               if (count($updateUsers) > 0) {
+                       $this->updatePasswords($mode, $updateUsers);
+               }
+       }
+
+       /**
+        * Updates password and persist salted hash.
+        *
+        * @param string $mode 'FE' for frontend, 'BE' for backend user records
+        * @param array $users With user uids and passwords
+        * @return void
+        */
+       protected function updatePasswords($mode, array $users) {
+               /** @var $saltedpasswordsInstance \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface */
+               $saltedpasswordsInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, $mode);
+               foreach ($users as $user) {
+                       $newPassword = $saltedpasswordsInstance->getHashedPassword($user['password']);
+                       // If a given password is a md5 hash (usually default be_users without saltedpasswords activated),
+                       // result of getHashedPassword() is a salted hashed md5 hash.
+                       // We prefix those with 'M', saltedpasswords will then update this password
+                       // to a usual salted hash upon first login of the user.
+                       if ($this->isMd5Password($user['password'])) {
+                               $newPassword = 'M' . $newPassword;
+                       }
+                       // Persist updated password
+                       $GLOBALS['TYPO3_DB']->exec_UPDATEquery(strtolower($mode) . '_users', 'uid = ' . $user['uid'], array(
+                               'password' => $newPassword
+                       ));
+               }
+       }
+
+       /**
+        * Passwords prefixed with M or C might be salted passwords:
+        * M means: originally a md5 hash before it was salted (eg. default be_users).
+        * C means: originally a cleartext password with lower hash looping count generated by t3sec_saltedpw.
+        * Both M and C will be updated to usual salted hashes on first login of user.
+        *
+        * If a password does not start with M or C determine if a password is already a usual salted hash.
+        *
+        * @param string $password Password
+        * @return boolean TRUE if password is a salted hash
+        */
+       protected function isSaltedHash($password) {
+               $isSaltedHash = FALSE;
+               if (strlen($password) > 2 && (\TYPO3\CMS\Core\Utility\GeneralUtility::isFirstPartOfStr($password, 'C$') || \TYPO3\CMS\Core\Utility\GeneralUtility::isFirstPartOfStr($password, 'M$'))) {
+                       // Cut off M or C and test if we have a salted hash
+                       $isSaltedHash = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::determineSaltingHashingMethod(substr($password, 1));
+               }
+               // Test if given password is a already a usual salted hash
+               if (!$isSaltedHash) {
+                       $isSaltedHash = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::determineSaltingHashingMethod($password);
+               }
+               return $isSaltedHash;
+       }
+
+       /**
+        * Checks if a given password is a md5 hash, the default for be_user records before saltedpasswords.
+        *
+        * @param string $password The password to test
+        * @return boolean TRUE if password is md5
+        */
+       protected function isMd5Password($password) {
+               return (bool) preg_match('/[0-9abcdef]{32,32}/i', $password);
+       }
+
+       /**
+        * Increments current user record counter by number of handled rows.
+        *
+        * @param string $mode 'FE' for frontend, 'BE' for backend user records
+        * @param integer $number Number of handled rows
+        * @return void
+        */
+       protected function incrementUserRecordPointer($mode, $number) {
+               $this->userRecordPointer[$mode] += $number;
+       }
+
+       /**
+        * Deactivates this task instance.
+        * Uses setDisabled() method of parent class tx_scheduler_Task.
+        *
+        * @return void
+        */
+       protected function deactivateSelf() {
+               $this->setDisabled(TRUE);
+       }
+
+       /**
+        * Set if it can deactivate self
+        *
+        * @param boolean $canDeactivateSelf
+        * @return void
+        */
+       public function setCanDeactivateSelf($canDeactivateSelf) {
+               $this->canDeactivateSelf = $canDeactivateSelf;
+       }
+
+       /**
+        * Get if it can deactivate self
+        *
+        * @return boolean TRUE if task shall deactivate itself, FALSE otherwise
+        */
+       public function getCanDeactivateSelf() {
+               return $this->canDeactivateSelf;
+       }
+
+       /**
+        * Set number of records
+        *
+        * @param integer $numberOfRecords
+        * @return void
+        */
+       public function setNumberOfRecords($numberOfRecords) {
+               $this->numberOfRecords = $numberOfRecords;
+       }
+
+       /**
+        * Get number of records
+        *
+        * @return integer The number of records
+        */
+       public function getNumberOfRecords() {
+               return $this->numberOfRecords;
+       }
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/Utility/ExtensionManagerConfigurationUtility.php b/typo3/sysext/saltedpasswords/Classes/Utility/ExtensionManagerConfigurationUtility.php
new file mode 100644 (file)
index 0000000..5e44b81
--- /dev/null
@@ -0,0 +1,394 @@
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Utility;
+
+/**
+ * class providing configuration checks for saltedpasswords.
+ *
+ * @author Steffen Ritter <info@rs-websystems.de>
+ * @since 2009-09-04
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class ExtensionManagerConfigurationUtility {
+
+       /**
+        * @var integer
+        */
+       protected $errorType = \TYPO3\CMS\Core\Messaging\FlashMessage::OK;
+
+       /**
+        * @var string
+        */
+       protected $header;
+
+       /**
+        * @var string
+        */
+       protected $preText;
+
+       /**
+        * @var array
+        */
+       protected $problems = array();
+
+       /**
+        * Set the error level if no higher level
+        * is set already
+        *
+        * @param string $level One out of error, ok, warning, info
+        * @return void
+        */
+       private function setErrorLevel($level) {
+               switch ($level) {
+               case 'error':
+                       $this->errorType = \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR;
+                       $this->header = 'Errors found in your configuration';
+                       $this->preText = 'SaltedPasswords will not work until these problems have been resolved:<br />';
+                       break;
+               case 'warning':
+                       if ($this->errorType < \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR) {
+                               $this->errorType = \TYPO3\CMS\Core\Messaging\FlashMessage::WARNING;
+                               $this->header = 'Warnings about your configuration';
+                               $this->preText = 'SaltedPasswords might behave different than expected:<br />';
+                       }
+                       break;
+               case 'info':
+                       if ($this->errorType < \TYPO3\CMS\Core\Messaging\FlashMessage::WARNING) {
+                               $this->errorType = \TYPO3\CMS\Core\Messaging\FlashMessage::INFO;
+                               $this->header = 'Additional information';
+                               $this->preText = '<br />';
+                       }
+                       break;
+               case 'ok':
+                       // TODO: Remove INFO condition as it has lower importance
+                       if ($this->errorType < \TYPO3\CMS\Core\Messaging\FlashMessage::WARNING && $this->errorType != \TYPO3\CMS\Core\Messaging\FlashMessage::INFO) {
+                               $this->errorType = \TYPO3\CMS\Core\Messaging\FlashMessage::OK;
+                               $this->header = 'No errors were found';
+                               $this->preText = 'SaltedPasswords has been configured correctly and works as expected.<br />';
+                       }
+                       break;
+               }
+       }
+
+       /**
+        * Renders the flash messages if problems have been found.
+        *
+        * @return string The flash message as HTML.
+        */
+       private function renderFlashMessage() {
+               $message = '';
+               // If there are problems, render them into an unordered list
+               if (count($this->problems) > 0) {
+                       $message = '<ul>
+       <li>###PROBLEMS###</li>
+</ul>';
+                       $message = str_replace('###PROBLEMS###', implode('<br />&nbsp;</li><li>', $this->problems), $message);
+                       if ($this->errorType > \TYPO3\CMS\Core\Messaging\FlashMessage::OK) {
+                               $message .= '<br />
+Note, that a wrong configuration might have impact on the security of
+your TYPO3 installation and the usability of the backend.';
+                       }
+               }
+               if (empty($message)) {
+                       $this->setErrorLevel('ok');
+               }
+               $message = $this->preText . $message;
+               $flashMessage = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $message, $this->header, $this->errorType);
+               return $flashMessage->render();
+       }
+
+       /**
+        * Initializes this object.
+        *
+        * @return void
+        */
+       private function init() {
+               $requestSetup = $this->processPostData((array) $_REQUEST['data']);
+               $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords']);
+               $this->extConf['BE'] = array_merge((array) $extConf['BE.'], (array) $requestSetup['BE.']);
+               $this->extConf['FE'] = array_merge((array) $extConf['FE.'], (array) $requestSetup['FE.']);
+               $GLOBALS['LANG']->includeLLFile('EXT:saltedpasswords/locallang.xml');
+       }
+
+       /**
+        * Checks the backend configuration and shows a message if necessary.
+        *
+        * @param array $params Field information to be rendered
+        * @param \TYPO3\CMS\Core\TypoScript\ConfigurationForm $pObj The calling parent object.
+        * @return string Messages as HTML if something needs to be reported
+        */
+       public function checkConfigurationBackend(array $params, $pObj) {
+               $this->init();
+               $extConf = $this->extConf['BE'];
+               // The backend is called over SSL
+               $SSL = ($GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] > 0 ? TRUE : FALSE) && $GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'] != 'superchallenged';
+               $rsaAuthLoaded = \TYPO3\CMS\Core\Extension\ExtensionManager::isLoaded('rsaauth');
+               if ($extConf['enabled']) {
+                       // SSL configured?
+                       if ($SSL) {
+                               $this->setErrorLevel('ok');
+                               $problems[] = 'The backend is configured to use SaltedPasswords over SSL.';
+                       } elseif ($rsaAuthLoaded) {
+                               if (trim($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel']) === 'rsa') {
+                                       if ($this->isRsaAuthBackendAvailable()) {
+                                               $this->setErrorLevel('ok');
+                                               $problems[] = 'The backend is configured to use SaltedPasswords with RSA authentication.';
+                                       } else {
+                                               // This means that login would fail because rsaauth is not working properly
+                                               $this->setErrorLevel('error');
+                                               $problems[] = ('<strong>Using the extension "rsaauth" is not possible, as no encryption backend ' . 'is available. Please install and configure the PHP extension "openssl". ') . 'See <a href="http://php.net/manual/en/openssl.installation.php" target="_blank">PHP.net</a></strong>.';
+                                       }
+                               } else {
+                                       // This means that we are not using saltedpasswords
+                                       $this->setErrorLevel('error');
+                                       $problems[] = 'The "rsaauth" extension is installed, but TYPO3 is not configured to use it during login.
+                                               Use the Install Tool to set the Login Security Level for the backend to "rsa"
+                                               ($TYPO3_CONF_VARS[\'BE\'][\'loginSecurityLevel\'])';
+                               }
+                       } else {
+                               // This means that we are not using saltedpasswords
+                               $this->setErrorLevel('error');
+                               $problems[] = 'Backend requirements for SaltedPasswords are not met, therefore the
+authentication will not work even if it was explicitly enabled for backend
+usage:<br />
+<ul>
+       <li>Install the "rsaauth" extension and use the Install Tool to set the
+               Login Security Level for the backend to "rsa"
+               ($TYPO3_CONF_VARS[\'BE\'][\'loginSecurityLevel\'])</li>
+
+       <li>If you have the option to use SSL, you can also configure your
+               backend for SSL usage:<br />
+               Use the Install Tool to set the Security-Level for the backend
+               to "normal" ($TYPO3_CONF_VARS[\'BE\'][\'loginSecurityLevel\']) and
+               the SSL-locking option to a value greater than "0"
+               (see description - $TYPO3_CONF_VARS[\'BE\'][\'lockSSL\'])</li>
+</ul>
+<br />
+It is also possible to use "lockSSL" and "rsa" Login Security Level at the same
+time.';
+                       }
+                       // Only saltedpasswords as authsservice
+                       if ($extConf['onlyAuthService']) {
+                               // Warn user that the combination with "forceSalted" may lock him out from Backend
+                               if ($extConf['forceSalted']) {
+                                       $this->setErrorLevel('warning');
+                                       $problems[] = 'SaltedPasswords has been configured to be the only authentication service for
+the backend. Additionally, usage of salted passwords is enforced (forceSalted).
+The result is that there is no chance to login with users not having a salted
+password hash.<br />
+<strong><i>WARNING:</i></strong> This may lock you out of the backend!';
+                               } else {
+                                       // Inform the user that things like openid won't work anymore
+                                       $this->setErrorLevel('info');
+                                       $problems[] = 'SaltedPasswords has been configured to be the only authentication service for
+the backend. This means that other services like "ipauth", "openid", etc. will
+be ignored (except "rsauth", which is implicitely used).';
+                               }
+                       }
+                       // forceSalted is set
+                       if ($extConf['forceSalted'] && !$extConf['onlyAuthService']) {
+                               $this->setErrorLevel('info');
+                               $problems[] = 'SaltedPasswords has been configured to enforce salted passwords (forceSalted).
+<br />
+This means that only passwords in the format of this extension will succeed for
+login.<br />
+<strong><i>IMPORTANT:</i></strong> This has the effect that passwords that are set from
+the Install Tool will not work!';
+                       }
+                       // updatePasswd wont work with "forceSalted"
+                       if ($extConf['updatePasswd'] && $extConf['forceSalted']) {
+                               $this->setErrorLevel('error');
+                               $problems[] = 'SaltedPasswords is configured wrong and will not work as expected:<br />
+It is not possible to set "updatePasswd" and "forceSalted" at the same time.
+Please disable either one of them.';
+                       }
+                       // Check if the configured hash-method is available on system
+                       if (!($instance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, 'BE') || !$instance->isAvailable())) {
+                               $this->setErrorLevel('error');
+                               $problems[] = 'The selected method for hashing your salted passwords is not available on this
+system! Please check your configuration.';
+                       }
+               } else {
+                       // Not enabled warning
+                       $this->setErrorLevel('error');
+                       $problems[] = 'SaltedPasswords has been disabled for backend users.';
+               }
+               $this->problems = $problems;
+               return $this->renderFlashMessage();
+       }
+
+       /**
+        * Checks if rsaauth is able to obtain a backend
+        *
+        * @return boolean
+        */
+       protected function isRsaAuthBackendAvailable() {
+               /**
+                * Try to instantiate an RSAauth backend. If this does not work, it means that OpenSSL is not usable
+                *
+                * @var $rsaauthBackendFactory \TYPO3\CMS\Rsaauth\Backend\BackendFactory
+                */
+               $rsaauthBackendFactory = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Rsaauth\\Backend\\BackendFactory');
+               $backend = $rsaauthBackendFactory->getBackend();
+               return $backend !== NULL;
+       }
+
+       /**
+        * Checks the frontend configuration and shows a message if necessary.
+        *
+        * @param array $params Field information to be rendered
+        * @param \TYPO3\CMS\Core\TypoScript\ConfigurationForm $pObj The calling parent object.
+        * @return string Messages as HTML if something needs to be reported
+        */
+       public function checkConfigurationFrontend(array $params, $pObj) {
+               $this->init();
+               $extConf = $this->extConf['FE'];
+               if ($extConf['enabled']) {
+                       // Inform the user if securityLevel in FE is challenged or blank --> extension won't work
+                       if (!\TYPO3\CMS\Core\Utility\GeneralUtility::inList('normal,rsa', $GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel'])) {
+                               $this->setErrorLevel('info');
+                               $problems[] = '<strong>IMPORTANT:</strong><br />
+Frontend requirements for SaltedPasswords are not met, therefore the
+authentication will not work even if it was explicitly enabled for frontend
+usage:<br />
+<ul>
+       <li>Install the "rsaauth" extension and use the Install Tool to set the
+               Login Security Level for the frontend to "rsa"
+               ($TYPO3_CONF_VARS[\'FE\'][\'loginSecurityLevel\'])</li>
+
+       <li>Alternatively, use the Install Tool to set the Login Security Level
+               for the frontend to "normal"
+               ($TYPO3_CONF_VARS[\'FE\'][\'loginSecurityLevel\'])</li>
+</ul>
+<br />
+Make sure that the Login Security Level is not set to "" or "challenged"!';
+                       } elseif (trim($GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel']) === 'rsa') {
+                               if ($this->isRsaAuthBackendAvailable()) {
+                                       $this->setErrorLevel('ok');
+                                       $problems[] = 'The frontend is configured to use SaltedPasswords with RSA authentication.';
+                               } else {
+                                       // This means that login would fail because rsaauth is not working properly
+                                       $this->setErrorLevel('error');
+                                       $problems[] = ('<strong>Using the extension "rsaauth" is not possible, as no encryption backend ' . 'is available. Please install and configure the PHP extension "openssl". ') . 'See <a href="http://php.net/manual/en/openssl.installation.php" target="_blank">PHP.net</a></strong>.';
+                               }
+                       }
+                       // Only saltedpasswords as authsservice
+                       if ($extConf['onlyAuthService']) {
+                               // Warn user taht the combination with "forceSalted" may lock him out from frontend
+                               if ($extConf['forceSalted']) {
+                                       $this->setErrorLevel('warning');
+                                       $problems[] = 'SaltedPasswords has been configured to enforce salted passwords (forceSalted).
+<br />
+This means that only passwords in the format of this extension will succeed for
+login.<br />
+<strong><i>IMPORTANT:</i></strong> Because of this, it is not possible to login with
+users not having a salted password hash (e.g. existing frontend users).';
+                               } else {
+                                       // Inform the user that things like openid won't work anymore
+                                       $this->setErrorLevel('info');
+                                       $problems[] = 'SaltedPasswords has been configured to be the only authentication service for
+frontend logins. This means that other services like "ipauth", "openid", etc.
+will be ignored.';
+                               }
+                       }
+                       // forceSalted is set
+                       if ($extConf['forceSalted'] && !$extConf['onlyAuthService']) {
+                               $this->setErrorLevel('warning');
+                               $problems[] = 'SaltedPasswords has been configured to enforce salted passwords (forceSalted).
+<br />
+This means that only passwords in the format of this extension will succeed for
+login.<br />
+<strong><i>IMPORTANT:</i></strong> This has the effect that passwords that were set
+before SaltedPasswords was used will not work (in fact, they need to be
+redefined).';
+                       }
+                       // updatePasswd wont work with "forceSalted"
+                       if ($extConf['updatePasswd'] && $extConf['forceSalted']) {
+                               $this->setErrorLevel('error');
+                               $problems[] = 'SaltedPasswords is configured wrong and will not work as expected:<br />
+It is not possible to set "updatePasswd" and "forceSalted" at the same time.
+Please disable either one of them.';
+                       }
+               } else {
+                       // Not enabled warning
+                       $this->setErrorLevel('info');
+                       $problems[] = 'SaltedPasswords has been disabled for frontend users.';
+               }
+               $this->problems = $problems;
+               return $this->renderFlashMessage();
+       }
+
+       /**
+        * Renders a selector element that allows to select the hash method to be used.
+        *
+        * @param array $params Field information to be rendered
+        * @param \TYPO3\CMS\Core\TypoScript\ConfigurationForm $pObj The calling parent object.
+        * @param string $disposal The configuration disposal ('FE' or 'BE')
+        * @return string The HTML selector
+        */
+       protected function buildHashMethodSelector(array $params, $pObj, $disposal) {
+               $this->init();
+               $propertyName = $params['propertyName'];
+               $unknownVariablePleaseRenameMe = ('\'' . substr(md5($propertyName), 0, 10)) . '\'';
+               $p_field = '';
+               foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'] as $class => $reference) {
+                       $classInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($reference, 'tx_');
+                       if ($classInstance instanceof \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface && $classInstance->isAvailable()) {
+                               $sel = $this->extConf[$disposal]['saltedPWHashingMethod'] == $class ? ' selected="selected" ' : '';
+                               $label = 'ext.saltedpasswords.title.' . $class;
+                               $p_field .= ((((('<option value="' . htmlspecialchars($class)) . '"') . $sel) . '>') . $GLOBALS['LANG']->getLL($label)) . '</option>';
+                       }
+               }
+               $p_field = ((((((('<select id="' . $propertyName) . '" name="') . $params['fieldName']) . '" onChange="uFormUrl(') . $unknownVariablePleaseRenameMe) . ')">') . $p_field) . '</select>';
+               return $p_field;
+       }
+
+       /**
+        * Renders a selector element that allows to select the hash method to be used (frontend disposal).
+        *
+        * @param array $params Field information to be rendered
+        * @param \TYPO3\CMS\Core\TypoScript\ConfigurationForm $pObj The calling parent object.
+        * @return string The HTML selector
+        */
+       public function buildHashMethodSelectorFE(array $params, $pObj) {
+               return $this->buildHashMethodSelector($params, $pObj, 'FE');
+       }
+
+       /**
+        * Renders a selector element that allows to select the hash method to be used (backend disposal)
+        *
+        * @param array $params Field information to be rendered
+        * @param \TYPO3\CMS\Core\TypoScript\ConfigurationForm $pObj The calling parent object.
+        * @return string The HTML selector
+        */
+       public function buildHashMethodSelectorBE(array $params, $pObj) {
+               return $this->buildHashMethodSelector($params, $pObj, 'BE');
+       }
+
+       /**
+        * Processes the information submitted by the user using a POST request and
+        * transforms it to a TypoScript node notation.
+        *
+        * @param array $postArray Incoming POST information
+        * @return array Processed and transformed POST information
+        */
+       private function processPostData(array $postArray = array()) {
+               foreach ($postArray as $key => $value) {
+                       // TODO: Explain
+                       $parts = explode('.', $key, 2);
+                       if (count($parts) == 2) {
+                               // TODO: Explain
+                               $value = $this->processPostData(array($parts[1] => $value));
+                               $postArray[$parts[0] . '.'] = array_merge((array) $postArray[($parts[0] . '.')], $value);
+                       } else {
+                               // TODO: Explain
+                               $postArray[$parts[0]] = $value;
+                       }
+               }
+               return $postArray;
+       }
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/Utility/SaltedPasswordsUtility.php b/typo3/sysext/saltedpasswords/Classes/Utility/SaltedPasswordsUtility.php
new file mode 100644 (file)
index 0000000..5b5c190
--- /dev/null
@@ -0,0 +1,148 @@
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Utility;
+
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) Marcus Krause (marcus#exp2009@t3sec.info)
+ *  (c) Steffen Ritter (info@rs-websystems.de)
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *  A copy is found in the textfile GPL.txt and important notices to the license
+ *  from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Contains class "tx_saltedpasswords_div"
+ * that provides various helper functions.
+ */
+/**
+ * General library class.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @author Steffen Ritter <info@rs-websystems.de>
+ * @since 2009-06-14
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class SaltedPasswordsUtility {
+
+       /**
+        * Keeps this extension's key.
+        */
+       const EXTKEY = 'saltedpasswords';
+       /**
+        * Calculates number of backend users, who have no saltedpasswords
+        * protection.
+        *
+        * @return integer
+        */
+       static public function getNumberOfBackendUsersWithInsecurePassword() {
+               $userCount = $GLOBALS['TYPO3_DB']->exec_SELECTcountRows('*', 'be_users', (('password NOT LIKE ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('$%', 'be_users')) . ' AND password NOT LIKE ') . $GLOBALS['TYPO3_DB']->fullQuoteStr('M$%', 'be_users'));
+               return $userCount;
+       }
+
+       /**
+        * Returns extension configuration data from $TYPO3_CONF_VARS (configurable in Extension Manager)
+        *
+        * @author Rainer Kuhn <kuhn@punkt.de>
+        * @author Marcus Krause <marcus#exp2009@t3sec.info>
+        * @param string $mode TYPO3_MODE, wether Configuration for Frontend or Backend should be delivered
+        * @return array Extension configuration data
+        */
+       static public function returnExtConf($mode = TYPO3_MODE) {
+               $currentConfiguration = self::returnExtConfDefaults();
+               if (isset($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'])) {
+                       $extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords']);
+                       // Merge default configuration with modified configuration:
+                       if (isset($extensionConfiguration[$mode . '.'])) {
+                               $currentConfiguration = array_merge($currentConfiguration, $extensionConfiguration[$mode . '.']);
+                       }
+               }
+               return $currentConfiguration;
+       }
+
+       /**
+        * Hook function for felogin "forgotPassword" functionality
+        * encrypts the new password before storing in database
+        *
+        * @param array $params Parameter the hook delivers
+        * @param \TYPO3\CMS\FeLogin\Controller\FrontendLoginController $pObj Parent Object from which the hook is called
+        * @return void
+        */
+       public function feloginForgotPasswordHook(array &$params, \TYPO3\CMS\FeLogin\Controller\FrontendLoginController $pObj) {
+               if (self::isUsageEnabled('FE')) {
+                       $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance();
+                       $params['newPassword'] = $this->objInstanceSaltedPW->getHashedPassword($params['newPassword']);
+               }
+       }
+
+       /**
+        * Returns default configuration of this extension.
+        *
+        * @return array Default extension configuration data for localconf.php
+        */
+       static public function returnExtConfDefaults() {
+               return array(
+                       'onlyAuthService' => '0',
+                       'forceSalted' => '0',
+                       'updatePasswd' => '1',
+                       'saltedPWHashingMethod' => 'TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt',
+                       'enabled' => '1'
+               );
+       }
+
+       /**
+        * Function determines the default(=configured) type of
+        * salted hashing method to be used.
+        *
+        * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
+        * @return string Classname of object to be used
+        */
+       static public function getDefaultSaltingHashingMethod($mode = TYPO3_MODE) {
+               $extConf = self::returnExtConf($mode);
+               $classNameToUse = 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt';
+               if (in_array($extConf['saltedPWHashingMethod'], array_keys($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods']))) {
+                       $classNameToUse = $extConf['saltedPWHashingMethod'];
+               }
+               return $classNameToUse;
+       }
+
+       /**
+        * Returns information if salted password hashes are
+        * indeed used in the TYPO3_MODE.
+        *
+        * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
+        * @return boolean TRUE, if salted password hashes are used in the TYPO3_MODE, otherwise FALSE
+        */
+       static public function isUsageEnabled($mode = TYPO3_MODE) {
+               // Login Security Level Recognition
+               $extConf = self::returnExtConf($mode);
+               $securityLevel = $GLOBALS['TYPO3_CONF_VARS'][$mode]['loginSecurityLevel'];
+               if ($mode == 'BE' && $extConf['enabled']) {
+                       return $securityLevel == 'normal' && $GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] > 0 || $securityLevel == 'rsa';
+               } elseif ($mode == 'FE' && $extConf['enabled']) {
+                       return \TYPO3\CMS\Core\Utility\GeneralUtility::inList('normal,rsa', $securityLevel);
+               }
+               return FALSE;
+       }
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/class.tx_saltedpasswords_autoloader.php b/typo3/sysext/saltedpasswords/Classes/class.tx_saltedpasswords_autoloader.php
new file mode 100644 (file)
index 0000000..82eee80
--- /dev/null
@@ -0,0 +1,13 @@
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_autoloader and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Autoloader.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Autoloader.php';
+/**
+ * @var $SOBE \TYPO3\CMS\Saltedpasswords\Autoloader
+ */
+$SOBE = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Saltedpasswords\\Autoloader');
+$SOBE->execute($this);
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/class.tx_saltedpasswords_div.php b/typo3/sysext/saltedpasswords/Classes/class.tx_saltedpasswords_div.php
new file mode 100644 (file)
index 0000000..6c15e88
--- /dev/null
@@ -0,0 +1,8 @@
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_div and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Utility/SaltedPasswordsUtility.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Utility/SaltedPasswordsUtility.php';
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/class.tx_saltedpasswords_emconfhelper.php b/typo3/sysext/saltedpasswords/Classes/class.tx_saltedpasswords_emconfhelper.php
new file mode 100644 (file)
index 0000000..2206fd4
--- /dev/null
@@ -0,0 +1,37 @@
+<?php
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) Steffen Ritter (info@rs-websystems.de)
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *  A copy is found in the textfile GPL.txt and important notices to the license
+ *  from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+// Make sure that we are executed only in TYPO3 context
+if (!defined('TYPO3_MODE')) {
+       die('Access denied.');
+}
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_emconfhelper and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Utility/ExtensionManagerConfigurationUtility.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Utility/ExtensionManagerConfigurationUtility.php';
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/eval/class.tx_saltedpasswords_eval.php b/typo3/sysext/saltedpasswords/Classes/eval/class.tx_saltedpasswords_eval.php
new file mode 100644 (file)
index 0000000..ba2f934
--- /dev/null
@@ -0,0 +1,8 @@
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_eval and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Evaluation/Evaluator.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Evaluation/Evaluator.php';
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/eval/class.tx_saltedpasswords_eval_be.php b/typo3/sysext/saltedpasswords/Classes/eval/class.tx_saltedpasswords_eval_be.php
new file mode 100644 (file)
index 0000000..11b26e9
--- /dev/null
@@ -0,0 +1,8 @@
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_eval_be and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Evaluation/BackendEvaluator.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Evaluation/BackendEvaluator.php';
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/eval/class.tx_saltedpasswords_eval_fe.php b/typo3/sysext/saltedpasswords/Classes/eval/class.tx_saltedpasswords_eval_fe.php
new file mode 100644 (file)
index 0000000..42269eb
--- /dev/null
@@ -0,0 +1,8 @@
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_eval_fe and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Evaluation/FrontendEvaluator.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Evaluation/FrontendEvaluator.php';
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/salts/class.tx_saltedpasswords_abstract_salts.php b/typo3/sysext/saltedpasswords/Classes/salts/class.tx_saltedpasswords_abstract_salts.php
new file mode 100644 (file)
index 0000000..e054190
--- /dev/null
@@ -0,0 +1,8 @@
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_abstract_salts and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Salt/AbstractSalt.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/AbstractSalt.php';
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/salts/class.tx_saltedpasswords_salts_blowfish.php b/typo3/sysext/saltedpasswords/Classes/salts/class.tx_saltedpasswords_salts_blowfish.php
new file mode 100644 (file)
index 0000000..510ae58
--- /dev/null
@@ -0,0 +1,8 @@
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_salts_blowfish and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Salt/BlowfishSalt.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/BlowfishSalt.php';
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/salts/class.tx_saltedpasswords_salts_factory.php b/typo3/sysext/saltedpasswords/Classes/salts/class.tx_saltedpasswords_salts_factory.php
new file mode 100644 (file)
index 0000000..e01eed6
--- /dev/null
@@ -0,0 +1,8 @@
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_salts_factory and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Salt/SaltFactory.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/SaltFactory.php';
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/salts/class.tx_saltedpasswords_salts_md5.php b/typo3/sysext/saltedpasswords/Classes/salts/class.tx_saltedpasswords_salts_md5.php
new file mode 100644 (file)
index 0000000..7872f2b
--- /dev/null
@@ -0,0 +1,8 @@
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_salts_md5 and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Salt/Md5Salt.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/Md5Salt.php';
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/salts/class.tx_saltedpasswords_salts_phpass.php b/typo3/sysext/saltedpasswords/Classes/salts/class.tx_saltedpasswords_salts_phpass.php
new file mode 100644 (file)
index 0000000..458f87d
--- /dev/null
@@ -0,0 +1,8 @@
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_salts_phpass and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Salt/PhpassSalt.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/PhpassSalt.php';
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/salts/interfaces/interface.tx_saltedpasswords_salts.php b/typo3/sysext/saltedpasswords/Classes/salts/interfaces/interface.tx_saltedpasswords_salts.php
new file mode 100644 (file)
index 0000000..b3f2ba3
--- /dev/null
@@ -0,0 +1,8 @@
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_salts and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Salt/SaltInterface.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/SaltInterface.php';
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate.php b/typo3/sysext/saltedpasswords/Classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate.php
new file mode 100644 (file)
index 0000000..649f0c1
--- /dev/null
@@ -0,0 +1,8 @@
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_Tasks_BulkUpdate and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Task/BulkUpdateTask.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Task/BulkUpdateTask.php';
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/Classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate_additionalfieldprovider.php b/typo3/sysext/saltedpasswords/Classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate_additionalfieldprovider.php
new file mode 100644 (file)
index 0000000..f492c05
--- /dev/null
@@ -0,0 +1,8 @@
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_Tasks_BulkUpdate_AdditionalFieldProvider and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Task/BulkUpdateFieldProvider.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Task/BulkUpdateFieldProvider.php';
+?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/Autoloader.php b/typo3/sysext/saltedpasswords/classes/Autoloader.php
deleted file mode 100644 (file)
index 9e5a0a1..0000000
+++ /dev/null
@@ -1,97 +0,0 @@
-<?php
-namespace TYPO3\CMS\Saltedpasswords;
-
-/***************************************************************
- *  Copyright notice
- *
- *  (c) 2011 Helmut Hummel <helmut.hummel@typo3.org>
- *  All rights reserved
- *
- *  This script is part of the TYPO3 project. The TYPO3 project is
- *  free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  The GNU General Public License can be found at
- *  http://www.gnu.org/copyleft/gpl.html.
- *  A copy is found in the textfile GPL.txt and important notices to the license
- *  from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- *  This script is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Autoloader included from Install Tool that lets saltedpasswords load itself
- *
- * @author Helmut Hummel <helmut.hummel@typo3.org>
- * @package TYPO3
- * @subpackage saltedpasswords
- */
-class Autoloader {
-
-       /**
-        * Activates saltedpasswords if it is supported.
-        *
-        * @param \TYPO3\CMS\Install\Installer $instObj
-        * @return void
-        */
-       public function execute(\TYPO3\CMS\Install\Installer $instObj) {
-               switch ($instObj->step) {
-               case 4:
-                       if (!\TYPO3\CMS\Core\Extension\ExtensionManager::isLoaded('saltedpasswords') && $this->isSaltedPasswordsSupported()) {
-                               $this->activateSaltedPasswords();
-                       }
-                       break;
-               }
-       }
-
-       /**
-        * Checks whether the OpenSSL PHP extension is working properly.
-        *
-        * Before automatically enabling saltedpasswords, we check for a working OpenSSL PHP extension. As we enable rsaauth
-        * in the process of automatically enabling saltedpasswords, working OpenSSL is a requirement for this.
-        * Availability of the command line openssl binary is not checked here, thus saltedpasswords is NOT enabled
-        * automatically in this case.
-        *
-        * @return boolean TRUE, in case of OpenSSL works and requirements for saltedpasswords are met.
-        * @see tx_rsaauth_php_backend
-        */
-       protected function isSaltedPasswordsSupported() {
-               $isSupported = FALSE;
-               if (is_callable('openssl_pkey_new')) {
-                       $testKey = @openssl_pkey_new();
-                       if (is_resource($testKey)) {
-                               openssl_free_key($testKey);
-                               $isSupported = TRUE;
-                       }
-               }
-               return $isSupported;
-       }
-
-       /**
-        * Activates saltedpasswords.
-        *
-        * @return void
-        */
-       protected function activateSaltedPasswords() {
-               if (!\TYPO3\CMS\Core\Extension\ExtensionManager::isLoaded('rsaauth')) {
-                       \TYPO3\CMS\Core\Extension\ExtensionManager::loadExtension('rsaauth');
-               }
-               if (!\TYPO3\CMS\Core\Extension\ExtensionManager::isLoaded('saltedpasswords')) {
-                       \TYPO3\CMS\Core\Extension\ExtensionManager::loadExtension('saltedpasswords');
-               }
-               \TYPO3\CMS\Core\Configuration\ConfigurationManager::setLocalConfigurationValueByPath('EXT/extConf/saltedpasswords', 'a:2:{s:3:"FE.";a:2:{s:7:"enabled";s:1:"1";s:21:"saltedPWHashingMethod";s:28:"tx_saltedpasswords_salts_md5";}s:3:"BE.";a:2:{s:7:"enabled";s:1:"1";s:21:"saltedPWHashingMethod";s:28:"tx_saltedpasswords_salts_md5";}}');
-               \TYPO3\CMS\Core\Configuration\ConfigurationManager::setLocalConfigurationValueByPath('BE/loginSecurityLevel', 'rsa');
-               \TYPO3\CMS\Core\Configuration\ConfigurationManager::setLocalConfigurationValueByPath('FE/loginSecurityLevel', 'rsa');
-       }
-
-}
-
-
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/Evaluation/BackendEvaluator.php b/typo3/sysext/saltedpasswords/classes/Evaluation/BackendEvaluator.php
deleted file mode 100644 (file)
index 3ee128b..0000000
+++ /dev/null
@@ -1,51 +0,0 @@
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Evaluation;
-
-/***************************************************************
- *  Copyright notice
- *
- *  (c) Marcus Krause (marcus#exp2009@t3sec.info)
- *  (c) Steffen Ritter (info@rs-websystems.de)
- *  All rights reserved
- *
- *  This script is part of the TYPO3 project. The TYPO3 project is
- *  free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  The GNU General Public License can be found at
- *  http://www.gnu.org/copyleft/gpl.html.
- *  A copy is found in the textfile GPL.txt and important notices to the license
- *  from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- *  This script is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Class implementing salted evaluation methods for BE users.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @author Steffen Ritter <info@rs-websystems.de>
- * @since 2009-06-14
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class BackendEvaluator extends \TYPO3\CMS\Saltedpasswords\Evaluation\Evaluator {
-
-       /**
-        * Class constructor.
-        */
-       public function __construct() {
-               $this->mode = 'BE';
-       }
-
-}
-
-
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/Evaluation/Evaluator.php b/typo3/sysext/saltedpasswords/classes/Evaluation/Evaluator.php
deleted file mode 100644 (file)
index d871d96..0000000
+++ /dev/null
@@ -1,91 +0,0 @@
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Evaluation;
-
-/***************************************************************
- *  Copyright notice
- *
- *  (c) Marcus Krause (marcus#exp2009@t3sec.info)
- *  (c) Steffen Ritter (info@rs-websystems.de)
- *  All rights reserved
- *
- *  This script is part of the TYPO3 project. The TYPO3 project is
- *  free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  The GNU General Public License can be found at
- *  http://www.gnu.org/copyleft/gpl.html.
- *  A copy is found in the textfile GPL.txt and important notices to the license
- *  from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- *  This script is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Class implementing salted evaluation methods.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @author Steffen Ritter <info@rs-websystems.de>
- * @since 2009-06-14
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class Evaluator {
-
-       /**
-        * Keeps TYPO3 mode.
-        *
-        * Either 'FE' or 'BE'.
-        *
-        * @var string
-        */
-       protected $mode = NULL;
-
-       /**
-        * This function just return the field value as it is. No transforming,
-        * hashing will be done on server-side.
-        *
-        * @return string JavaScript code for evaluating the
-        * @todo Define visibility
-        */
-       public function returnFieldJS() {
-               return 'return value;';
-       }
-
-       /**
-        * Function uses Portable PHP Hashing Framework to create a proper password string if needed
-        *
-        * @param mixed $value The value that has to be checked.
-        * @param string $is_in Is-In String
-        * @param integer $set Determines if the field can be set (value correct) or not, e.g. if input is required but the value is empty, then $set should be set to FALSE. (PASSED BY REFERENCE!)
-        * @return The new value of the field
-        * @todo Define visibility
-        */
-       public function evaluateFieldValue($value, $is_in, &$set) {
-               $isEnabled = $this->mode ? \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled($this->mode) : \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled();
-               if ($isEnabled) {
-                       $set = FALSE;
-                       $isMD5 = preg_match('/[0-9abcdef]{32,32}/', $value);
-                       $isSaltedHash = \TYPO3\CMS\Core\Utility\GeneralUtility::inList('$1$,$2$,$2a,$P$', substr($value, 0, 3));
-                       $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, $this->mode);
-                       if ($isMD5) {
-                               $set = TRUE;
-                               $value = 'M' . $this->objInstanceSaltedPW->getHashedPassword($value);
-                       } elseif (!$isSaltedHash) {
-                               $set = TRUE;
-                               $value = $this->objInstanceSaltedPW->getHashedPassword($value);
-                       }
-               }
-               return $value;
-       }
-
-}
-
-
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/Evaluation/FrontendEvaluator.php b/typo3/sysext/saltedpasswords/classes/Evaluation/FrontendEvaluator.php
deleted file mode 100644 (file)
index a18eeb7..0000000
+++ /dev/null
@@ -1,51 +0,0 @@
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Evaluation;
-
-/***************************************************************
- *  Copyright notice
- *
- *  (c) Marcus Krause (marcus#exp2009@t3sec.info)
- *  (c) Steffen Ritter (info@rs-websystems.de)
- *  All rights reserved
- *
- *  This script is part of the TYPO3 project. The TYPO3 project is
- *  free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  The GNU General Public License can be found at
- *  http://www.gnu.org/copyleft/gpl.html.
- *  A copy is found in the textfile GPL.txt and important notices to the license
- *  from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- *  This script is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Class implementing salted evaluation methods for FE users.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @author Steffen Ritter <info@rs-websystems.de>
- * @since 2009-06-14
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class FrontendEvaluator extends \TYPO3\CMS\Saltedpasswords\Evaluation\Evaluator {
-
-       /**
-        * Class constructor.
-        */
-       public function __construct() {
-               $this->mode = 'FE';
-       }
-
-}
-
-
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/Salt/AbstractSalt.php b/typo3/sysext/saltedpasswords/classes/Salt/AbstractSalt.php
deleted file mode 100644 (file)
index e131435..0000000
+++ /dev/null
@@ -1,122 +0,0 @@
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Salt;
-
-/***************************************************************
- *  Copyright notice
- *
- *  (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
- *  All rights reserved
- *
- *  This script is part of the TYPO3 project. The TYPO3 project is
- *  free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  The GNU General Public License can be found at
- *  http://www.gnu.org/copyleft/gpl.html.
- *  A copy is found in the textfile GPL.txt and important notices to the license
- *  from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- *  This script is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Contains abstract class "tx_saltedpasswords_abstract_salts"
- * to be used in classes that provide salted hashing.
- */
-/**
- * Abtract class with methods needed to be extended
- * in a salted hashing class.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @since 2009-09-06
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-abstract class AbstractSalt {
-
-       /**
-        * Method applies settings (prefix, optional hash count, optional suffix)
-        * to a salt.
-        *
-        * @param string $salt A salt to apply setting to
-        * @return string Salt with setting
-        */
-       abstract protected function applySettingsToSalt($salt);
-
-       /**
-        * Generates a random base salt settings for the hash.
-        *
-        * @return string A string containing settings and a random salt
-        */
-       abstract protected function getGeneratedSalt();
-
-       /**
-        * Returns a string for mapping an int to the corresponding base 64 character.
-        *
-        * @return string String for mapping an int to the corresponding base 64 character
-        */
-       abstract protected function getItoa64();
-
-       /**
-        * Returns setting string to indicate type of hashing method.
-        *
-        * @return string Setting string of hashing method
-        */
-       abstract protected function getSetting();
-
-       /**
-        * Encodes bytes into printable base 64 using the *nix standard from crypt().
-        *
-        * @param string $input The string containing bytes to encode.
-        * @param integer $count The number of characters (bytes) to encode.
-        * @return string Encoded string
-        */
-       public function base64Encode($input, $count) {
-               $output = '';
-               $i = 0;
-               $itoa64 = $this->getItoa64();
-               do {
-                       $value = ord($input[$i++]);
-                       $output .= $itoa64[$value & 63];
-                       if ($i < $count) {
-                               $value |= ord($input[$i]) << 8;
-                       }
-                       $output .= $itoa64[$value >> 6 & 63];
-                       if ($i++ >= $count) {
-                               break;
-                       }
-                       if ($i < $count) {
-                               $value |= ord($input[$i]) << 16;
-                       }
-                       $output .= $itoa64[$value >> 12 & 63];
-                       if ($i++ >= $count) {
-                               break;
-                       }
-                       $output .= $itoa64[$value >> 18 & 63];
-               } while ($i < $count);
-               return $output;
-       }
-
-       /**
-        * Method determines required length of base64 characters for a given
-        * length of a byte string.
-        *
-        * @param integer $byteLength Length of bytes to calculate in base64 chars
-        * @return integer Required length of base64 characters
-        */
-       protected function getLengthBase64FromBytes($byteLength) {
-               // Calculates bytes in bits in base64
-               return intval(ceil(($byteLength * 8) / 6));
-       }
-
-}
-
-
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/Salt/BlowfishSalt.php b/typo3/sysext/saltedpasswords/classes/Salt/BlowfishSalt.php
deleted file mode 100644 (file)
index 193887d..0000000
+++ /dev/null
@@ -1,311 +0,0 @@
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Salt;
-
-/***************************************************************
- *  Copyright notice
- *
- *  (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
- *  All rights reserved
- *
- *  This script is part of the TYPO3 project. The TYPO3 project is
- *  free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  The GNU General Public License can be found at
- *  http://www.gnu.org/copyleft/gpl.html.
- *  A copy is found in the textfile GPL.txt and important notices to the license
- *  from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- *  This script is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Contains class "tx_saltedpasswords_salts_blowfish"
- * that provides Blowfish salted hashing.
- */
-/**
- * Class that implements Blowfish salted hashing based on PHP's
- * crypt() function.
- *
- * Warning: Blowfish salted hashing with PHP's crypt() is not available
- * on every system.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @since 2009-09-06
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class BlowfishSalt extends \TYPO3\CMS\Saltedpasswords\Salt\Md5Salt {
-
-       /**
-        * The default log2 number of iterations for password stretching.
-        */
-       const HASH_COUNT = 7;
-       /**
-        * The default maximum allowed log2 number of iterations for
-        * password stretching.
-        */
-       const MAX_HASH_COUNT = 17;
-       /**
-        * The default minimum allowed log2 number of iterations for
-        * password stretching.
-        */
-       const MIN_HASH_COUNT = 4;
-       /**
-        * Keeps log2 number
-        * of iterations for password stretching.
-        *
-        * @var integer
-        */
-       static protected $hashCount;
-
-       /**
-        * Keeps maximum allowed log2 number
-        * of iterations for password stretching.
-        *
-        * @var integer
-        */
-       static protected $maxHashCount;
-
-       /**
-        * Keeps minimum allowed log2 number
-        * of iterations for password stretching.
-        *
-        * @var integer
-        */
-       static protected $minHashCount;
-
-       /**
-        * Keeps length of a Blowfish salt in bytes.
-        *
-        * @var integer
-        */
-       static protected $saltLengthBlowfish = 16;
-
-       /**
-        * Setting string to indicate type of hashing method (blowfish).
-        *
-        * @var string
-        */
-       static protected $settingBlowfish = '$2a$';
-
-       /**
-        * Method applies settings (prefix, hash count) to a salt.
-        *
-        * Overwrites {@link tx_saltedpasswords_salts_md5::applySettingsToSalt()}
-        * with Blowfish specifics.
-        *
-        * @param string $salt A salt to apply setting to
-        * @return string Salt with setting
-        */
-       protected function applySettingsToSalt($salt) {
-               $saltWithSettings = $salt;
-               $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
-               // salt without setting
-               if (strlen($salt) == $reqLenBase64) {
-                       $saltWithSettings = (($this->getSetting() . sprintf('%02u', $this->getHashCount())) . '$') . $salt;
-               }
-               return $saltWithSettings;
-       }
-
-       /**
-        * Parses the log2 iteration count from a stored hash or setting string.
-        *
-        * @param string $setting Complete hash or a hash's setting string or to get log2 iteration count from
-        * @return integer Used hashcount for given hash string
-        */
-       protected function getCountLog2($setting) {
-               $countLog2 = NULL;
-               $setting = substr($setting, strlen($this->getSetting()));
-               $firstSplitPos = strpos($setting, '$');
-               // Hashcount existing
-               if (($firstSplitPos !== FALSE && $firstSplitPos <= 2) && is_numeric(substr($setting, 0, $firstSplitPos))) {
-                       $countLog2 = intval(substr($setting, 0, $firstSplitPos));
-               }
-               return $countLog2;
-       }
-
-       /**
-        * Method returns log2 number of iterations for password stretching.
-        *
-        * @return integer log2 number of iterations for password stretching
-        * @see HASH_COUNT
-        * @see $hashCount
-        * @see setHashCount()
-        */
-       public function getHashCount() {
-               return isset(self::$hashCount) ? self::$hashCount : self::HASH_COUNT;
-       }
-
-       /**
-        * Method returns maximum allowed log2 number of iterations for password stretching.
-        *
-        * @return integer Maximum allowed log2 number of iterations for password stretching
-        * @see MAX_HASH_COUNT
-        * @see $maxHashCount
-        * @see setMaxHashCount()
-        */
-       public function getMaxHashCount() {
-               return isset(self::$maxHashCount) ? self::$maxHashCount : self::MAX_HASH_COUNT;
-       }
-
-       /**
-        * Returns wether all prequesites for the hashing methods are matched
-        *
-        * @return boolean Method available
-        */
-       public function isAvailable() {
-               return CRYPT_BLOWFISH;
-       }
-
-       /**
-        * Method returns minimum allowed log2 number of iterations for password stretching.
-        *
-        * @return integer Minimum allowed log2 number of iterations for password stretching
-        * @see MIN_HASH_COUNT
-        * @see $minHashCount
-        * @see setMinHashCount()
-        */
-       public function getMinHashCount() {
-               return isset(self::$minHashCount) ? self::$minHashCount : self::MIN_HASH_COUNT;
-       }
-
-       /**
-        * Returns length of a Blowfish salt in bytes.
-        *
-        * Overwrites {@link tx_saltedpasswords_salts_md5::getSaltLength()}
-        * with Blowfish specifics.
-        *
-        * @return integer Length of a Blowfish salt in bytes
-        */
-       public function getSaltLength() {
-               return self::$saltLengthBlowfish;
-       }
-
-       /**
-        * Returns setting string of Blowfish salted hashes.
-        *
-        * Overwrites {@link tx_saltedpasswords_salts_md5::getSetting()}
-        * with Blowfish specifics.
-        *
-        * @return string Setting string of Blowfish salted hashes
-        */
-       public function getSetting() {
-               return self::$settingBlowfish;
-       }
-
-       /**
-        * Checks whether a user's hashed password needs to be replaced with a new hash.
-        *
-        * This is typically called during the login process when the plain text
-        * password is available.  A new hash is needed when the desired iteration
-        * count has changed through a change in the variable $hashCount or
-        * HASH_COUNT.
-        *
-        * @param string $saltedPW Salted hash to check if it needs an update
-        * @return boolean TRUE if salted hash needs an update, otherwise FALSE
-        */
-       public function isHashUpdateNeeded($saltedPW) {
-               // Check whether this was an updated password.
-               if (strncmp($saltedPW, '$2', 2) || !$this->isValidSalt($saltedPW)) {
-                       return TRUE;
-               }
-               // Check whether the iteration count used differs from the standard number.
-               $countLog2 = $this->getCountLog2($saltedPW);
-               return !is_NULL($countLog2) && $countLog2 < $this->getHashCount();
-       }
-
-       /**
-        * Method determines if a given string is a valid salt.
-        *
-        * Overwrites {@link tx_saltedpasswords_salts_md5::isValidSalt()} with
-        * Blowfish specifics.
-        *
-        * @param string $salt String to check
-        * @return boolean TRUE if it's valid salt, otherwise FALSE
-        */
-       public function isValidSalt($salt) {
-               $isValid = ($skip = FALSE);
-               $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
-               if (strlen($salt) >= $reqLenBase64) {
-                       // Salt with prefixed setting
-                       if (!strncmp('$', $salt, 1)) {
-                               if (!strncmp($this->getSetting(), $salt, strlen($this->getSetting()))) {
-                                       $isValid = TRUE;
-                                       $salt = substr($salt, strrpos($salt, '$') + 1);
-                               } else {
-                                       $skip = TRUE;
-                               }
-                       }
-                       // Checking base64 characters
-                       if (!$skip && strlen($salt) >= $reqLenBase64) {
-                               if (preg_match(((((('/^[' . preg_quote($this->getItoa64(), '/')) . ']{') . $reqLenBase64) . ',') . $reqLenBase64) . '}$/', substr($salt, 0, $reqLenBase64))) {
-                                       $isValid = TRUE;
-                               }
-                       }
-               }
-               return $isValid;
-       }
-
-       /**
-        * Method determines if a given string is a valid salted hashed password.
-        *
-        * @param string $saltedPW String to check
-        * @return boolean TRUE if it's valid salted hashed password, otherwise FALSE
-        */
-       public function isValidSaltedPW($saltedPW) {
-               $isValid = FALSE;
-               $isValid = !strncmp($this->getSetting(), $saltedPW, strlen($this->getSetting())) ? TRUE : FALSE;
-               if ($isValid) {
-                       $isValid = $this->isValidSalt($saltedPW);
-               }
-               return $isValid;
-       }
-
-       /**
-        * Method sets log2 number of iterations for password stretching.
-        *
-        * @param integer $hashCount log2 number of iterations for password stretching to set
-        * @see HASH_COUNT
-        * @see $hashCount
-        * @see getHashCount()
-        */
-       public function setHashCount($hashCount = NULL) {
-               self::$hashCount = ((!is_NULL($hashCount) && is_int($hashCount)) && $hashCount >= $this->getMinHashCount()) && $hashCount <= $this->getMaxHashCount() ? $hashCount : self::HASH_COUNT;
-       }
-
-       /**
-        * Method sets maximum allowed log2 number of iterations for password stretching.
-        *
-        * @param integer $maxHashCount Maximum allowed log2 number of iterations for password stretching to set
-        * @see MAX_HASH_COUNT
-        * @see $maxHashCount
-        * @see getMaxHashCount()
-        */
-       public function setMaxHashCount($maxHashCount = NULL) {
-               self::$maxHashCount = !is_NULL($maxHashCount) && is_int($maxHashCount) ? $maxHashCount : self::MAX_HASH_COUNT;
-       }
-
-       /**
-        * Method sets minimum allowed log2 number of iterations for password stretching.
-        *
-        * @param integer $minHashCount Minimum allowed log2 number of iterations for password stretching to set
-        * @see MIN_HASH_COUNT
-        * @see $minHashCount
-        * @see getMinHashCount()
-        */
-       public function setMinHashCount($minHashCount = NULL) {
-               self::$minHashCount = !is_NULL($minHashCount) && is_int($minHashCount) ? $minHashCount : self::MIN_HASH_COUNT;
-       }
-
-}
-
-
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/Salt/Md5Salt.php b/typo3/sysext/saltedpasswords/classes/Salt/Md5Salt.php
deleted file mode 100644 (file)
index 4ce2fe2..0000000
+++ /dev/null
@@ -1,247 +0,0 @@
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Salt;
-
-/***************************************************************
- *  Copyright notice
- *
- *  (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
- *  All rights reserved
- *
- *  This script is part of the TYPO3 project. The TYPO3 project is
- *  free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  The GNU General Public License can be found at
- *  http://www.gnu.org/copyleft/gpl.html.
- *  A copy is found in the textfile GPL.txt and important notices to the license
- *  from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- *  This script is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Contains class "tx_saltedpasswords_salts_md5"
- * that provides MD5 salted hashing.
- */
-/**
- * Class that implements MD5 salted hashing based on PHP's
- * crypt() function.
- *
- * MD5 salted hashing with PHP's crypt() should be available
- * on most of the systems.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @since 2009-09-06
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class Md5Salt extends \TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt implements \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface {
-
-       /**
-        * Keeps a string for mapping an int to the corresponding
-        * base 64 character.
-        */
-       const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
-       /**
-        * Keeps length of a MD5 salt in bytes.
-        *
-        * @var integer
-        */
-       static protected $saltLengthMD5 = 6;
-
-       /**
-        * Keeps suffix to be appended to a salt.
-        *
-        * @var string
-        */
-       static protected $saltSuffixMD5 = '$';
-
-       /**
-        * Setting string to indicate type of hashing method (md5).
-        *
-        * @var string
-        */
-       static protected $settingMD5 = '$1$';
-
-       /**
-        * Method applies settings (prefix, suffix) to a salt.
-        *
-        * @param string $salt A salt to apply setting to
-        * @return string Salt with setting
-        */
-       protected function applySettingsToSalt($salt) {
-               $saltWithSettings = $salt;
-               $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
-               // Salt without setting
-               if (strlen($salt) == $reqLenBase64) {
-                       $saltWithSettings = ($this->getSetting() . $salt) . $this->getSaltSuffix();
-               }
-               return $saltWithSettings;
-       }
-
-       /**
-        * Method checks if a given plaintext password is correct by comparing it with
-        * a given salted hashed password.
-        *
-        * @param string $plainPW plain-text password to compare with salted hash
-        * @param string $saltedHashPW salted hash to compare plain-text password with
-        * @return boolean TRUE, if plain-text password matches the salted hash, otherwise FALSE
-        */
-       public function checkPassword($plainPW, $saltedHashPW) {
-               $isCorrect = FALSE;
-               if ($this->isValidSalt($saltedHashPW)) {
-                       $isCorrect = crypt($plainPW, $saltedHashPW) == $saltedHashPW;
-               }
-               return $isCorrect;
-       }
-
-       /**
-        * Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.
-        *
-        * Proper use of salts may defeat a number of attacks, including:
-        * - The ability to try candidate passwords against multiple hashes at once.
-        * - The ability to use pre-hashed lists of candidate passwords.
-        * - The ability to determine whether two users have the same (or different)
-        * password without actually having to guess one of the passwords.
-        *
-        * @return string A character string containing settings and a random salt
-        */
-       protected function getGeneratedSalt() {
-               $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->getSaltLength());
-               return $this->base64Encode($randomBytes, $this->getSaltLength());
-       }
-
-       /**
-        * Method creates a salted hash for a given plaintext password
-        *
-        * @param string $password plaintext password to create a salted hash from
-        * @param string $salt Optional custom salt with setting to use
-        * @return string Salted hashed password
-        */
-       public function getHashedPassword($password, $salt = NULL) {
-               $saltedPW = NULL;
-               if (!empty($password)) {
-                       if (empty($salt) || !$this->isValidSalt($salt)) {
-                               $salt = $this->getGeneratedSalt();
-                       }
-                       $saltedPW = crypt($password, $this->applySettingsToSalt($salt));
-               }
-               return $saltedPW;
-       }
-
-       /**
-        * Returns a string for mapping an int to the corresponding base 64 character.
-        *
-        * @return string String for mapping an int to the corresponding base 64 character
-        */
-       protected function getItoa64() {
-               return self::ITOA64;
-       }
-
-       /**
-        * Returns wether all prequesites for the hashing methods are matched
-        *
-        * @return boolean Method available
-        */
-       public function isAvailable() {
-               return CRYPT_MD5;
-       }
-
-       /**
-        * Returns length of a MD5 salt in bytes.
-        *
-        * @return integer Length of a MD5 salt in bytes
-        */
-       public function getSaltLength() {
-               return self::$saltLengthMD5;
-       }
-
-       /**
-        * Returns suffix to be appended to a salt.
-        *
-        * @return string Suffix of a salt
-        */
-       protected function getSaltSuffix() {
-               return self::$saltSuffixMD5;
-       }
-
-       /**
-        * Returns setting string of MD5 salted hashes.
-        *
-        * @return string Setting string of MD5 salted hashes
-        */
-       public function getSetting() {
-               return self::$settingMD5;
-       }
-
-       /**
-        * Checks whether a user's hashed password needs to be replaced with a new hash.
-        *
-        * This is typically called during the login process when the plain text
-        * password is available.  A new hash is needed when the desired iteration
-        * count has changed through a change in the variable $hashCount or
-        * HASH_COUNT or if the user's password hash was generated in an bulk update
-        * with class ext_update.
-        *
-        * @param string $passString Salted hash to check if it needs an update
-        * @return boolean TRUE if salted hash needs an update, otherwise FALSE
-        */
-       public function isHashUpdateNeeded($passString) {
-               return FALSE;
-       }
-
-       /**
-        * Method determines if a given string is a valid salt
-        *
-        * @param string $salt String to check
-        * @return boolean TRUE if it's valid salt, otherwise FALSE
-        */
-       public function isValidSalt($salt) {
-               $isValid = ($skip = FALSE);
-               $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
-               if (strlen($salt) >= $reqLenBase64) {
-                       // Salt with prefixed setting
-                       if (!strncmp('$', $salt, 1)) {
-                               if (!strncmp($this->getSetting(), $salt, strlen($this->getSetting()))) {
-                                       $isValid = TRUE;
-                                       $salt = substr($salt, strlen($this->getSetting()));
-                               } else {
-                                       $skip = TRUE;
-                               }
-                       }
-                       // Checking base64 characters
-                       if (!$skip && strlen($salt) >= $reqLenBase64) {
-                               if (preg_match(((((('/^[' . preg_quote($this->getItoa64(), '/')) . ']{') . $reqLenBase64) . ',') . $reqLenBase64) . '}$/', substr($salt, 0, $reqLenBase64))) {
-                                       $isValid = TRUE;
-                               }
-                       }
-               }
-               return $isValid;
-       }
-
-       /**
-        * Method determines if a given string is a valid salted hashed password.
-        *
-        * @param string $saltedPW String to check
-        * @return boolean TRUE if it's valid salted hashed password, otherwise FALSE
-        */
-       public function isValidSaltedPW($saltedPW) {
-               $isValid = FALSE;
-               $isValid = !strncmp($this->getSetting(), $saltedPW, strlen($this->getSetting())) ? TRUE : FALSE;
-               if ($isValid) {
-                       $isValid = $this->isValidSalt($saltedPW);
-               }
-               return $isValid;
-       }
-
-}
-
-
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/Salt/PhpassSalt.php b/typo3/sysext/saltedpasswords/classes/Salt/PhpassSalt.php
deleted file mode 100644 (file)
index d0dd85b..0000000
+++ /dev/null
@@ -1,402 +0,0 @@
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Salt;
-
-/***************************************************************
- *  Copyright notice
- *
- *  (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
- *  All rights reserved
- *
- *  This script is part of the TYPO3 project. The TYPO3 project is
- *  free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  The GNU General Public License can be found at
- *  http://www.gnu.org/copyleft/gpl.html.
- *  A copy is found in the textfile GPL.txt and important notices to the license
- *  from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- *  This script is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Contains class "tx_saltedpasswords_salts_phpass"
- * that provides PHPass salted hashing.
- *
- * Derived from Drupal CMS
- * original license: GNU General Public License (GPL)
- *
- * @see http://drupal.org/node/29706/
- * @see http://www.openwall.com/phpass/
- */
-/**
- * Class that implements PHPass salted hashing based on Drupal's
- * modified Openwall implementation.
- *
- * PHPass should work on every system.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @since 2009-09-06
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class PhpassSalt extends \TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt implements \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface {
-
-       /**
-        * Keeps a string for mapping an int to the corresponding
-        * base 64 character.
-        */
-       const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
-       /**
-        * The default log2 number of iterations for password stretching.
-        */
-       const HASH_COUNT = 14;
-       /**
-        * The default maximum allowed log2 number of iterations for
-        * password stretching.
-        */
-       const MAX_HASH_COUNT = 24;
-       /**
-        * The default minimum allowed log2 number of iterations for
-        * password stretching.
-        */
-       const MIN_HASH_COUNT = 7;
-       /**
-        * Keeps log2 number
-        * of iterations for password stretching.
-        *
-        * @var integer
-        */
-       static protected $hashCount;
-
-       /**
-        * Keeps maximum allowed log2 number
-        * of iterations for password stretching.
-        *
-        * @var integer
-        */
-       static protected $maxHashCount;
-
-       /**
-        * Keeps minimum allowed log2 number
-        * of iterations for password stretching.
-        *
-        * @var integer
-        */
-       static protected $minHashCount;
-
-       /**
-        * Keeps length of a PHPass salt in bytes.
-        *
-        * @var integer
-        */
-       static protected $saltLengthPhpass = 6;
-
-       /**
-        * Setting string to indicate type of hashing method (PHPass).
-        *
-        * @var string
-        */
-       static protected $settingPhpass = '$P$';
-
-       /**
-        * Method applies settings (prefix, hash count) to a salt.
-        *
-        * Overwrites {@link tx_saltedpasswords_salts_md5::applySettingsToSalt()}
-        * with Blowfish specifics.
-        *
-        * @param string $salt A salt to apply setting to
-        * @return string Salt with setting
-        */
-       protected function applySettingsToSalt($salt) {
-               $saltWithSettings = $salt;
-               $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
-               // Salt without setting
-               if (strlen($salt) == $reqLenBase64) {
-                       // We encode the final log2 iteration count in base 64.
-                       $itoa64 = $this->getItoa64();
-                       $saltWithSettings = $this->getSetting() . $itoa64[$this->getHashCount()];
-                       $saltWithSettings .= $salt;
-               }
-               return $saltWithSettings;
-       }
-
-       /**
-        * Method checks if a given plaintext password is correct by comparing it with
-        * a given salted hashed password.
-        *
-        * @param string $plainPW Plain-text password to compare with salted hash
-        * @param string $saltedHashPW Salted hash to compare plain-text password with
-        * @return boolean TRUE, if plain-text password matches the salted hash, otherwise FALSE
-        */
-       public function checkPassword($plainPW, $saltedHashPW) {
-               $hash = $this->cryptPassword($plainPW, $saltedHashPW);
-               return $hash && $saltedHashPW === $hash;
-       }
-
-       /**
-        * Returns wether all prequesites for the hashing methods are matched
-        *
-        * @return boolean Method available
-        */
-       public function isAvailable() {
-               return TRUE;
-       }
-
-       /**
-        * Hashes a password using a secure stretched hash.
-        *
-        * By using a salt and repeated hashing the password is "stretched". Its
-        * security is increased because it becomes much more computationally costly
-        * for an attacker to try to break the hash by brute-force computation of the
-        * hashes of a large number of plain-text words or strings to find a match.
-        *
-        * @param string $password Plain-text password to hash
-        * @param string $setting An existing hash or the output of getGeneratedSalt()
-        * @return mixed A string containing the hashed password (and salt)
-        */
-       protected function cryptPassword($password, $setting) {
-               $saltedPW = NULL;
-               $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
-               // Retrieving settings with salt
-               $setting = substr($setting, 0, (strlen($this->getSetting()) + 1) + $reqLenBase64);
-               $count_log2 = $this->getCountLog2($setting);
-               // Hashes may be imported from elsewhere, so we allow != HASH_COUNT
-               if ($count_log2 >= $this->getMinHashCount() && $count_log2 <= $this->getMaxHashCount()) {
-                       $salt = substr($setting, strlen($this->getSetting()) + 1, $reqLenBase64);
-                       // We must use md5() or sha1() here since they are the only cryptographic
-                       // primitives always available in PHP 5. To implement our own low-level
-                       // cryptographic function in PHP would result in much worse performance and
-                       // consequently in lower iteration counts and hashes that are quicker to crack
-                       // (by non-PHP code).
-                       $count = 1 << $count_log2;
-                       $hash = md5($salt . $password, TRUE);
-                       do {
-                               $hash = md5($hash . $password, TRUE);
-                       } while (--$count);
-                       $saltedPW = $setting . $this->base64Encode($hash, 16);
-                       // base64Encode() of a 16 byte MD5 will always be 22 characters.
-                       return strlen($saltedPW) == 34 ? $saltedPW : FALSE;
-               }
-               return $saltedPW;
-       }
-
-       /**
-        * Parses the log2 iteration count from a stored hash or setting string.
-        *
-        * @param string $setting Complete hash or a hash's setting string or to get log2 iteration count from
-        * @return integer Used hashcount for given hash string
-        */
-       protected function getCountLog2($setting) {
-               return strpos($this->getItoa64(), $setting[strlen($this->getSetting())]);
-       }
-
-       /**
-        * Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.
-        *
-        * Proper use of salts may defeat a number of attacks, including:
-        * - The ability to try candidate passwords against multiple hashes at once.
-        * - The ability to use pre-hashed lists of candidate passwords.
-        * - The ability to determine whether two users have the same (or different)
-        * password without actually having to guess one of the passwords.
-        *
-        * @return string A character string containing settings and a random salt
-        */
-       protected function getGeneratedSalt() {
-               $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->getSaltLength());
-               return $this->base64Encode($randomBytes, $this->getSaltLength());
-       }
-
-       /**
-        * Method returns log2 number of iterations for password stretching.
-        *
-        * @return integer log2 number of iterations for password stretching
-        * @see HASH_COUNT
-        * @see $hashCount
-        * @see setHashCount()
-        */
-       public function getHashCount() {
-               return isset(self::$hashCount) ? self::$hashCount : self::HASH_COUNT;
-       }
-
-       /**
-        * Method creates a salted hash for a given plaintext password
-        *
-        * @param string $password Plaintext password to create a salted hash from
-        * @param string $salt Optional custom salt with setting to use
-        * @return string salted hashed password
-        */
-       public function getHashedPassword($password, $salt = NULL) {
-               $saltedPW = NULL;
-               if (!empty($password)) {
-                       if (empty($salt) || !$this->isValidSalt($salt)) {
-                               $salt = $this->getGeneratedSalt();
-                       }
-                       $saltedPW = $this->cryptPassword($password, $this->applySettingsToSalt($salt));
-               }
-               return $saltedPW;
-       }
-
-       /**
-        * Returns a string for mapping an int to the corresponding base 64 character.
-        *
-        * @return string String for mapping an int to the corresponding base 64 character
-        */
-       protected function getItoa64() {
-               return self::ITOA64;
-       }
-
-       /**
-        * Method returns maximum allowed log2 number of iterations for password stretching.
-        *
-        * @return integer Maximum allowed log2 number of iterations for password stretching
-        * @see MAX_HASH_COUNT
-        * @see $maxHashCount
-        * @see setMaxHashCount()
-        */
-       public function getMaxHashCount() {
-               return isset(self::$maxHashCount) ? self::$maxHashCount : self::MAX_HASH_COUNT;
-       }
-
-       /**
-        * Method returns minimum allowed log2 number of iterations for password stretching.
-        *
-        * @return integer Minimum allowed log2 number of iterations for password stretching
-        * @see MIN_HASH_COUNT
-        * @see $minHashCount
-        * @see setMinHashCount()
-        */
-       public function getMinHashCount() {
-               return isset(self::$minHashCount) ? self::$minHashCount : self::MIN_HASH_COUNT;
-       }
-
-       /**
-        * Returns length of a Blowfish salt in bytes.
-        *
-        * @return integer Length of a Blowfish salt in bytes
-        */
-       public function getSaltLength() {
-               return self::$saltLengthPhpass;
-       }
-
-       /**
-        * Returns setting string of PHPass salted hashes.
-        *
-        * @return string Setting string of PHPass salted hashes
-        */
-       public function getSetting() {
-               return self::$settingPhpass;
-       }
-
-       /**
-        * Checks whether a user's hashed password needs to be replaced with a new hash.
-        *
-        * This is typically called during the login process when the plain text
-        * password is available. A new hash is needed when the desired iteration
-        * count has changed through a change in the variable $hashCount or
-        * HASH_COUNT or if the user's password hash was generated in an bulk update
-        * with class ext_update.
-        *
-        * @param string $passString Salted hash to check if it needs an update
-        * @return boolean TRUE if salted hash needs an update, otherwise FALSE
-        */
-       public function isHashUpdateNeeded($passString) {
-               // Check whether this was an updated password.
-               if (strncmp($passString, '$P$', 3) || strlen($passString) != 34) {
-                       return TRUE;
-               }
-               // Check whether the iteration count used differs from the standard number.
-               return $this->getCountLog2($passString) < $this->getHashCount();
-       }
-
-       /**
-        * Method determines if a given string is a valid salt.
-        *
-        * @param string $salt String to check
-        * @return boolean TRUE if it's valid salt, otherwise FALSE
-        */
-       public function isValidSalt($salt) {
-               $isValid = ($skip = FALSE);
-               $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
-               if (strlen($salt) >= $reqLenBase64) {
-                       // Salt with prefixed setting
-                       if (!strncmp('$', $salt, 1)) {
-                               if (!strncmp($this->getSetting(), $salt, strlen($this->getSetting()))) {
-                                       $isValid = TRUE;
-                                       $salt = substr($salt, strrpos($salt, '$') + 2);
-                               } else {
-                                       $skip = TRUE;
-                               }
-                       }
-                       // Checking base64 characters
-                       if (!$skip && strlen($salt) >= $reqLenBase64) {
-                               if (preg_match(((((('/^[' . preg_quote($this->getItoa64(), '/')) . ']{') . $reqLenBase64) . ',') . $reqLenBase64) . '}$/', substr($salt, 0, $reqLenBase64))) {
-                                       $isValid = TRUE;
-                               }
-                       }
-               }
-               return $isValid;
-       }
-
-       /**
-        * Method determines if a given string is a valid salted hashed password.
-        *
-        * @param string $saltedPW String to check
-        * @return boolean TRUE if it's valid salted hashed password, otherwise FALSE
-        */
-       public function isValidSaltedPW($saltedPW) {
-               $isValid = FALSE;
-               $isValid = !strncmp($this->getSetting(), $saltedPW, strlen($this->getSetting())) ? TRUE : FALSE;
-               if ($isValid) {
-                       $isValid = $this->isValidSalt($saltedPW);
-               }
-               return $isValid;
-       }
-
-       /**
-        * Method sets log2 number of iterations for password stretching.
-        *
-        * @param integer $hashCount log2 number of iterations for password stretching to set
-        * @see HASH_COUNT
-        * @see $hashCount
-        * @see getHashCount()
-        */
-       public function setHashCount($hashCount = NULL) {
-               self::$hashCount = ((!is_NULL($hashCount) && is_int($hashCount)) && $hashCount >= $this->getMinHashCount()) && $hashCount <= $this->getMaxHashCount() ? $hashCount : self::HASH_COUNT;
-       }
-
-       /**
-        * Method sets maximum allowed log2 number of iterations for password stretching.
-        *
-        * @param integer $maxHashCount Maximum allowed log2 number of iterations for password stretching to set
-        * @see MAX_HASH_COUNT
-        * @see $maxHashCount
-        * @see getMaxHashCount()
-        */
-       public function setMaxHashCount($maxHashCount = NULL) {
-               self::$maxHashCount = !is_NULL($maxHashCount) && is_int($maxHashCount) ? $maxHashCount : self::MAX_HASH_COUNT;
-       }
-
-       /**
-        * Method sets minimum allowed log2 number of iterations for password stretching.
-        *
-        * @param integer $minHashCount Minimum allowed log2 number of iterations for password stretching to set
-        * @see MIN_HASH_COUNT
-        * @see $minHashCount
-        * @see getMinHashCount()
-        */
-       public function setMinHashCount($minHashCount = NULL) {
-               self::$minHashCount = !is_NULL($minHashCount) && is_int($minHashCount) ? $minHashCount : self::MIN_HASH_COUNT;
-       }
-
-}
-
-
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/Salt/SaltFactory.php b/typo3/sysext/saltedpasswords/classes/Salt/SaltFactory.php
deleted file mode 100644 (file)
index e77db54..0000000
+++ /dev/null
@@ -1,127 +0,0 @@
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Salt;
-
-/***************************************************************
- *  Copyright notice
- *
- *  (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
- *  All rights reserved
- *
- *  This script is part of the TYPO3 project. The TYPO3 project is
- *  free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  The GNU General Public License can be found at
- *  http://www.gnu.org/copyleft/gpl.html.
- *  A copy is found in the textfile GPL.txt and important notices to the license
- *  from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- *  This script is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Contains class "tx_saltedpasswords_salts_factory"
- * that provides a salted hashing method factory.
- */
-/**
- * Class that implements Blowfish salted hashing based on PHP's
- * crypt() function.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @since 2009-09-06
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class SaltFactory {
-
-       /**
-        * An instance of the salted hashing method.
-        * This member is set in the getSaltingInstance() function.
-        *
-        * @var \TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt
-        */
-       static protected $instance = NULL;
-
-       /**
-        * Obtains a salting hashing method instance.
-        *
-        * This function will return an instance of a class that implements
-        * tx_saltedpasswords_abstract_salts.
-        *
-        * Use parameter NULL to reset the factory!
-        *
-        * @param string $saltedHash (optional) Salted hashed password to determine the type of used method from or NULL to reset the factory
-        * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
-        * @return tx_saltedpasswords_abstract_salts    an instance of salting hashing method object
-        */
-       static public function getSaltingInstance($saltedHash = '', $mode = TYPO3_MODE) {
-               // Creating new instance when
-               // * no instance existing
-               // * a salted hash given to determine salted hashing method from
-               // * a NULL parameter given to reset instance back to default method
-               if ((!is_object(self::$instance) || !empty($saltedHash)) || is_NULL($saltedHash)) {
-                       // Determine method by checking the given hash
-                       if (!empty($saltedHash)) {
-                               $result = self::determineSaltingHashingMethod($saltedHash);
-                               if (!$result) {
-                                       self::$instance = NULL;
-                               }
-                       } else {
-                               $classNameToUse = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod($mode);
-                               $availableClasses = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'];
-                               self::$instance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($availableClasses[$classNameToUse], 'tx_');
-                       }
-               }
-               return self::$instance;
-       }
-
-       /**
-        * Method tries to determine the salting hashing method used for given salt.
-        *
-        * Method implicitly sets the instance of the found method object in the class property when found.
-        *
-        * @param string $saltedHash
-        * @return boolean TRUE, if salting hashing method has been found, otherwise FALSE
-        */
-       static public function determineSaltingHashingMethod($saltedHash) {
-               $methodFound = FALSE;
-               $defaultMethods = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'];
-               foreach ($defaultMethods as $method) {
-                       $objectInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($method, 'tx_');
-                       if ($objectInstance instanceof \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface) {
-                               $methodFound = $objectInstance->isValidSaltedPW($saltedHash);
-                               if ($methodFound) {
-                                       self::$instance = $objectInstance;
-                                       break;
-                               }
-                       }
-               }
-               return $methodFound;
-       }
-
-       /**
-        * Method sets a custom salting hashing method class.
-        *
-        * @param string $resource Object resource to use (e.g. 'EXT:saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_blowfish.php:tx_saltedpasswords_salts_blowfish')
-        * @return tx_saltedpasswords_abstract_salts    an instance of salting hashing method object
-        */
-       static public function setPreferredHashingMethod($resource) {
-               self::$instance = NULL;
-               $objectInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($resource);
-               if (is_object($objectInstance) && is_subclass_of($objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\AbstractSalt')) {
-                       self::$instance = $objectInstance;
-               }
-               return self::$instance;
-       }
-
-}
-
-
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/Salt/SaltInterface.php b/typo3/sysext/saltedpasswords/classes/Salt/SaltInterface.php
deleted file mode 100644 (file)
index fb9b3b0..0000000
+++ /dev/null
@@ -1,111 +0,0 @@
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Salt;
-
-/***************************************************************
- *  Copyright notice
- *
- *  (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
- *  (c) 2009-2011 Steffen Ritter <info@rs-websystems.de>
- *  All rights reserved
- *
- *  This script is part of the TYPO3 project. The TYPO3 project is
- *  free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  The GNU General Public License can be found at
- *  http://www.gnu.org/copyleft/gpl.html.
- *  A copy is found in the textfile GPL.txt and important notices to the license
- *  from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- *  This script is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Contains interface "tx_saltedpasswords_salts" to be used in
- * classes that provide salted hashing.
- */
-/**
- * Interface with public methods needed to be implemented
- * in a salting hashing class.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @author Steffen Ritter <info@rs-websystems.de>
- * @since 2009-09-06
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-interface SaltInterface
-{
-       /**
-        * Method checks if a given plaintext password is correct by comparing it with
-        * a given salted hashed password.
-        *
-        * @param string $plainPW plain-text password to compare with salted hash
-        * @param string $saltedHashPW Salted hash to compare plain-text password with
-        * @return boolean TRUE, if plaintext password is correct, otherwise FALSE
-        */
-       public function checkPassword($plainPW, $saltedHashPW);
-
-       /**
-        * Returns length of required salt.
-        *
-        * @return integer Length of required salt
-        */
-       public function getSaltLength();
-
-       /**
-        * Returns wether all prequesites for the hashing methods are matched
-        *
-        * @return boolean Method available
-        */
-       public function isAvailable();
-
-       /**
-        * Method creates a salted hash for a given plaintext password
-        *
-        * @param string $password Plaintext password to create a salted hash from
-        * @param string $salt Optional custom salt to use
-        * @return string Salted hashed password
-        */
-       public function getHashedPassword($password, $salt = NULL);
-
-       /**
-        * Checks whether a user's hashed password needs to be replaced with a new hash.
-        *
-        * This is typically called during the login process when the plain text
-        * password is available.  A new hash is needed when the desired iteration
-        * count has changed through a change in the variable $hashCount or
-        * HASH_COUNT or if the user's password hash was generated in an bulk update
-        * with class ext_update.
-        *
-        * @param string $passString Salted hash to check if it needs an update
-        * @return boolean TRUE if salted hash needs an update, otherwise FALSE
-        */
-       public function isHashUpdateNeeded($passString);
-
-       /**
-        * Method determines if a given string is a valid salt
-        *
-        * @param string $salt String to check
-        * @return boolean TRUE if it's valid salt, otherwise FALSE
-        */
-       public function isValidSalt($salt);
-
-       /**
-        * Method determines if a given string is a valid salted hashed password.
-        *
-        * @param string $saltedPW String to check
-        * @return boolean TRUE if it's valid salted hashed password, otherwise FALSE
-        */
-       public function isValidSaltedPW($saltedPW);
-
-}
-
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/SaltedPasswordService.php b/typo3/sysext/saltedpasswords/classes/SaltedPasswordService.php
deleted file mode 100644 (file)
index 5a9e811..0000000
+++ /dev/null
@@ -1,289 +0,0 @@
-<?php
-namespace TYPO3\CMS\Saltedpasswords;
-
-/***************************************************************
- *  Copyright notice
- *
- *  (c) Marcus Krause (marcus#exp2009@t3sec.info)
- *  (c) Steffen Ritter (info@rs-websystems.de)
- *  All rights reserved
- *
- *  This script is part of the TYPO3 project. The TYPO3 project is
- *  free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  The GNU General Public License can be found at
- *  http://www.gnu.org/copyleft/gpl.html.
- *  A copy is found in the textfile GPL.txt and important notices to the license
- *  from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- *  This script is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Contains authentication service class for salted hashed passwords.
- */
-/**
- * Class implements salted-password hashes authentication service.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @author Steffen Ritter <info@rs-websystems.de>
- * @since 2009-06-14
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class SaltedPasswordService extends \TYPO3\CMS\Sv\AbstractAuthenticationService {
-
-       /**
-        * Keeps class name.
-        *
-        * @var string
-        */
-       public $prefixId = 'tx_saltedpasswords_sv1';
-
-       /**
-        * Keeps path to this script relative to the extension directory.
-        *
-        * @var string
-        */
-       public $scriptRelPath = 'sv1/class.tx_saltedpasswords_sv1.php';
-
-       /**
-        * Keeps extension key.
-        *
-        * @var string
-        */
-       public $extKey = 'saltedpasswords';
-
-       /**
-        * Keeps extension configuration.
-        *
-        * @var mixed
-        */
-       protected $extConf;
-
-       /**
-        * An instance of the salted hashing method.
-        * This member is set in the getSaltingInstance() function.
-        *
-        * @var \TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt
-        */
-       protected $objInstanceSaltedPW = NULL;
-
-       /**
-        * Indicates whether the salted password authentication has failed.
-        *
-        * Prevents authentication bypass. See vulnerability report:
-        * { @link http://bugs.typo3.org/view.php?id=13372 }
-        *
-        * @var boolean
-        */
-       protected $authenticationFailed = FALSE;
-
-       /**
-        * Checks if service is available. In case of this service we check that
-        * following prerequesties are fulfilled:
-        * - loginSecurityLevel of according TYPO3_MODE is set to normal
-        *
-        * @return boolean TRUE if service is available
-        */
-       public function init() {
-               $available = FALSE;
-               $mode = TYPO3_MODE;
-               if ($this->info['requestedServiceSubType'] === 'authUserBE') {
-                       $mode = 'BE';
-               } elseif ($this->info['requestedServiceSubType'] === 'authUserFE') {
-                       $mode = 'FE';
-               }
-               if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled($mode)) {
-                       $available = TRUE;
-                       $this->extConf = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::returnExtConf();
-               }
-               return $available ? parent::init() : FALSE;
-       }
-
-       /**
-        * Checks the login data with the user record data for builtin login method.
-        *
-        * @param array $user User data array
-        * @param array $loginData Login data array
-        * @param string $security_level Login security level (optional)
-        * @return boolean TRUE if login data matched
-        * @todo Define visibility
-        */
-       public function compareUident(array $user, array $loginData, $security_level = 'normal') {
-               $validPasswd = FALSE;
-               // Could be merged; still here to clarify
-               if (!strcmp(TYPO3_MODE, 'BE')) {
-                       $password = $loginData['uident_text'];
-               } elseif (!strcmp(TYPO3_MODE, 'FE')) {
-                       $password = $loginData['uident_text'];
-               }
-               // Determine method used for given salted hashed password
-               $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($user['password']);
-               // Existing record is in format of Salted Hash password
-               if (is_object($this->objInstanceSaltedPW)) {
-                       $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, $user['password']);
-                       // Record is in format of Salted Hash password but authentication failed
-                       // skip further authentication methods
-                       if (!$validPasswd) {
-                               $this->authenticationFailed = TRUE;
-                       }
-                       $defaultHashingClassName = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod();
-                       $skip = FALSE;
-                       // Test for wrong salted hashing method
-                       if ($validPasswd && !(get_class($this->objInstanceSaltedPW) == $defaultHashingClassName) || is_subclass_of($this->objInstanceSaltedPW, $defaultHashingClassName)) {
-                               // Instanciate default method class
-                               $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL);
-                               $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
-                       }
-                       if (($validPasswd && !$skip) && $this->objInstanceSaltedPW->isHashUpdateNeeded($user['password'])) {
-                               $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
-                       }
-               } elseif (!intval($this->extConf['forceSalted'])) {
-                       // Stored password is in deprecated salted hashing method
-                       if (\TYPO3\CMS\Core\Utility\GeneralUtility::inList('C$,M$', substr($user['password'], 0, 2))) {
-                               // Instanciate default method class
-                               $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(substr($user['password'], 1));
-                               // md5
-                               if (!strcmp(substr($user['password'], 0, 1), 'M')) {
-                                       $validPasswd = $this->objInstanceSaltedPW->checkPassword(md5($password), substr($user['password'], 1));
-                               } else {
-                                       $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, substr($user['password'], 1));
-                               }
-                               // Skip further authentication methods
-                               if (!$validPasswd) {
-                                       $this->authenticationFailed = TRUE;
-                               }
-                       } elseif (preg_match('/[0-9abcdef]{32,32}/', $user['password'])) {
-                               $validPasswd = !strcmp(md5($password), $user['password']) ? TRUE : FALSE;
-                               // Skip further authentication methods
-                               if (!$validPasswd) {
-                                       $this->authenticationFailed = TRUE;
-                               }
-                       } else {
-                               $validPasswd = !strcmp($password, $user['password']) ? TRUE : FALSE;
-                       }
-                       // Should we store the new format value in DB?
-                       if ($validPasswd && intval($this->extConf['updatePasswd'])) {
-                               // Instanciate default method class
-                               $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL);
-                               $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
-                       }
-               }
-               return $validPasswd;
-       }
-
-       /**
-        * Method adds a further authUser method.
-        *
-        * Will return one of following authentication status codes:
-        * - 0 - authentication failure
-        * - 100 - just go on. User is not authenticated but there is still no reason to stop
-        * - 200 - the service was able to authenticate the user
-        *
-        * @param array Array containing FE user data of the logged user.
-        * @return integer Authentication statuscode, one of 0,100 and 200
-        */
-       public function authUser(array $user) {
-               $OK = 100;
-               $validPasswd = FALSE;
-               if ($this->login['uident'] && $this->login['uname']) {
-                       if (!empty($this->login['uident_text'])) {
-                               $validPasswd = $this->compareUident($user, $this->login);
-                       }
-                       if (!$validPasswd) {
-                               // Failed login attempt (wrong password)
-                               $errorMessage = 'Login-attempt from %s (%s), username \'%s\', password not accepted!';
-                               // No delegation to further services
-                               if (intval($this->extConf['onlyAuthService']) || $this->authenticationFailed) {
-                                       $this->writeLogMessage(TYPO3_MODE . ' Authentication failed - wrong password for username \'%s\'', $this->login['uname']);
-                               } else {
-                                       $this->writeLogMessage($errorMessage, $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']);
-                               }
-                               $this->writelog(255, 3, 3, 1, $errorMessage, array(
-                                       $this->authInfo['REMOTE_ADDR'],
-                                       $this->authInfo['REMOTE_HOST'],
-                                       $this->login['uname']
-                               ));
-                               \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf($errorMessage, $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_INFO);
-                               if (intval($this->extConf['onlyAuthService']) || $this->authenticationFailed) {
-                                       $OK = 0;
-                               }
-                       } elseif (($validPasswd && $user['lockToDomain']) && strcasecmp($user['lockToDomain'], $this->authInfo['HTTP_HOST'])) {
-                               // Lock domain didn't match, so error:
-                               $errorMessage = 'Login-attempt from %s (%s), username \'%s\', locked domain \'%s\' did not match \'%s\'!';
-                               $this->writeLogMessage($errorMessage, $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'], $user['lockToDomain'], $this->authInfo['HTTP_HOST']);
-                               $this->writelog(255, 3, 3, 1, $errorMessage, array(
-                                       $this->authInfo['REMOTE_ADDR'],
-                                       $this->authInfo['REMOTE_HOST'],
-                                       $user[$this->db_user['username_column']],
-                                       $user['lockToDomain'],
-                                       $this->authInfo['HTTP_HOST']
-                               ));
-                               \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf($errorMessage, $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_INFO);
-                               $OK = 0;
-                       } elseif ($validPasswd) {
-                               $this->writeLogMessage(TYPO3_MODE . ' Authentication successful for username \'%s\'', $this->login['uname']);
-                               $OK = 200;
-                       }
-               }
-               return $OK;
-       }
-
-       /**
-        * Method updates a FE/BE user record - in this case a new password string will be set.
-        *
-        * @param integer $uid uid of user record that will be updated
-        * @param mixed $updateFields Field values as key=>value pairs to be updated in database
-        * @return void
-        */
-       protected function updatePassword($uid, $updateFields) {
-               $GLOBALS['TYPO3_DB']->exec_UPDATEquery($this->pObj->user_table, sprintf('uid = %u', $uid), $updateFields);
-               \TYPO3\CMS\Core\Utility\GeneralUtility::devLog(sprintf('Automatic password update for user record in %s with uid %u', $this->pObj->user_table, $uid), $this->extKey, 1);
-       }
-
-       /**
-        * Writes log message. Destination log depends on the current system mode.
-        * For FE the function writes to the admin panel log. For BE messages are
-        * sent to the system log. If developer log is enabled, messages are also
-        * sent there.
-        *
-        * This function accepts variable number of arguments and can format
-        * parameters. The syntax is the same as for sprintf()
-        *
-        * @param string $message Message to output
-        * @return void
-        * @see         sprintf()
-        * @see         t3lib::divLog()
-        * @see         t3lib_div::sysLog()
-        * @see         t3lib_timeTrack::setTSlogMessage()
-        * @todo Define visibility
-        */
-       public function writeLogMessage($message) {
-               if (func_num_args() > 1) {
-                       $params = func_get_args();
-                       array_shift($params);
-                       $message = vsprintf($message, $params);
-               }
-               if (TYPO3_MODE === 'BE') {
-                       \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog($message, $this->extKey, \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_NOTICE);
-               } else {
-                       $GLOBALS['TT']->setTSlogMessage($message);
-               }
-               if (TYPO3_DLOG) {
-                       \TYPO3\CMS\Core\Utility\GeneralUtility::devLog($message, $this->extKey, \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_NOTICE);
-               }
-       }
-
-}
-
-
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/Task/BulkUpdateFieldProvider.php b/typo3/sysext/saltedpasswords/classes/Task/BulkUpdateFieldProvider.php
deleted file mode 100644 (file)
index d415253..0000000
+++ /dev/null
@@ -1,138 +0,0 @@
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Task;
-
-/***************************************************************
- *  Copyright notice
- *
- *  (c) 2012 Philipp Gampe (typo3@philippgampe.info)
- *  All rights reserved
- *
- *  This script is part of the TYPO3 project. The TYPO3 project is
- *  free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  The GNU General Public License can be found at
- *  http://www.gnu.org/copyleft/gpl.html.
- *  A copy is found in the textfile GPL.txt and important notices to the license
- *  from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- *  This script is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Additional field for salted passwords bulk update task
- *
- * @autor Philipp Gampe <typo3@philippgampe.info>
- * @package TYPO3
- * @subpackage saltedpasswords
- */
-class BulkUpdateFieldProvider implements \TYPO3\CMS\Scheduler\AdditionalFieldProviderInterface {
-
-       /**
-        * Default value whether the task deactivates itself after last run.
-        *
-        * @var boolean Whether the task is allowed to deactivate itself after processing all existing user records.
-        */
-       protected $defaultCanDeactivateSelf = TRUE;
-
-       /**
-        * Default value for the number of records to handle at each run.
-        *
-        * @var integer Number of records
-        */
-       protected $defaultNumberOfRecords = 250;
-
-       /**
-        * Add a field for the number of records and if the task should deactivate itself after
-        * processing all records
-        *
-        * @param array $taskInfo Reference to the array containing the info used in the add/edit form
-        * @param \TYPO3\CMS\Saltedpasswords\Task\BulkUpdateTask $task When editing, reference to the current task object. Null when adding.
-        * @param \TYPO3\CMS\Scheduler\Controller\SchedulerModuleController $parentObject Reference to the calling object (Scheduler's BE module)
-        * @return array Array containing all the information pertaining to the additional fields
-        */
-       public function getAdditionalFields(array &$taskInfo, $task, \TYPO3\CMS\Scheduler\Controller\SchedulerModuleController $parentObject) {
-               // Initialize selected fields
-               if (!isset($taskInfo['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf'])) {
-                       $taskInfo['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf'] = $this->defaultCanDeactivateSelf;
-                       if ($parentObject->CMD === 'edit') {
-                               $taskInfo['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf'] = $task->getCanDeactivateSelf();
-                       }
-               }
-               if (!isset($taskInfo['scheduler_saltedpasswordsBulkUpdateNumberOfRecords'])) {
-                       $taskInfo['scheduler_saltedpasswordsBulkUpdateNumberOfRecords'] = $this->defaultNumberOfRecords;
-                       if ($parentObject->CMD === 'edit') {
-                               $taskInfo['scheduler_saltedpasswordsBulkUpdateNumberOfRecords'] = $task->getNumberOfRecords();
-                       }
-               }
-               // Configuration for canDeactivateSelf
-               $fieldName = 'TYPO3\\CMS\\Scheduler\\Scheduler[scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf]';
-               $fieldId = 'task_saltedpasswordsBulkUpdateCanDeactivateSelf';
-               $fieldValue = 'IsChecked';
-               $fieldChecked = (bool) $taskInfo['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf'];
-               $fieldHtml = (((((((((('<input type="checkbox"' . ' name="') . $fieldName) . '"') . ' id="') . $fieldId) . '"') . ' value="') . $fieldValue) . '"') . ($fieldChecked ? ' checked="checked"' : '')) . ' />';
-               $additionalFields[$fieldId] = array(
-                       'code' => $fieldHtml,
-                       'label' => 'LLL:EXT:saltedpasswords/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.label.canDeactivateSelf',
-                       'cshKey' => '_txsaltedpasswords',
-                       'cshLabel' => $fieldId
-               );
-               // Configuration for numberOfRecords
-               $fieldName = 'TYPO3\\CMS\\Scheduler\\Scheduler[scheduler_saltedpasswordsBulkUpdateNumberOfRecords]';
-               $fieldId = 'task_saltedpasswordsBulkUpdateNumberOfRecords';
-               $fieldValue = intval($taskInfo['scheduler_saltedpasswordsBulkUpdateNumberOfRecords']);
-               $fieldHtml = ((((('<input type="text" name="' . $fieldName) . '" id="') . $fieldId) . '" value="') . htmlspecialchars($fieldValue)) . '" />';
-               $additionalFields[$fieldId] = array(
-                       'code' => $fieldHtml,
-                       'label' => 'LLL:EXT:saltedpasswords/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.label.numberOfRecords',
-                       'cshKey' => '_txsaltedpasswords',
-                       'cshLabel' => $fieldId
-               );
-               return $additionalFields;
-       }
-
-       /**
-        * Checks if the given values are boolean and integer
-        *
-        * @param array $submittedData Reference to the array containing the data submitted by the user
-        * @param \TYPO3\CMS\Scheduler\Controller\SchedulerModuleController $parentObject Reference to the calling object (Scheduler's BE module)
-        * @return boolean TRUE if validation was ok (or selected class is not relevant), FALSE otherwise
-        */
-       public function validateAdditionalFields(array &$submittedData, \TYPO3\CMS\Scheduler\Controller\SchedulerModuleController $parentObject) {
-               $result = TRUE;
-               // Check if number of records is indeed a number and greater or equals to 0
-               // If not, fail validation and issue error message
-               if (!is_numeric($submittedData['scheduler_saltedpasswordsBulkUpdateNumberOfRecords']) || intval($submittedData['scheduler_saltedpasswordsBulkUpdateNumberOfRecords']) < 0) {
-                       $result = FALSE;
-                       $parentObject->addMessage($GLOBALS['LANG']->sL('LLL:EXT:saltedpasswords/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.invalidNumberOfRecords'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);
-               }
-               return $result;
-       }
-
-       /**
-        * Saves given values in task object
-        *
-        * @param array $submittedData Contains data submitted by the user
-        * @param tx_scheduler_Task|tx_saltedpasswords_Tasks_BulkUpdate $task Reference to the current task object
-        * @return void
-        */
-       public function saveAdditionalFields(array $submittedData, \TYPO3\CMS\Scheduler\Task $task) {
-               if (isset($submittedData['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf']) && $submittedData['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf'] === 'IsChecked') {
-                       $task->setCanDeactivateSelf(TRUE);
-               } else {
-                       $task->setCanDeactivateSelf(FALSE);
-               }
-               $task->setNumberOfRecords(intval($submittedData['scheduler_saltedpasswordsBulkUpdateNumberOfRecords']));
-       }
-
-}
-
-
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/Task/BulkUpdateTask.php b/typo3/sysext/saltedpasswords/classes/Task/BulkUpdateTask.php
deleted file mode 100644 (file)
index cc0ebf6..0000000
+++ /dev/null
@@ -1,269 +0,0 @@
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Task;
-
-/***************************************************************
- *  Copyright notice
- *
- *  (c) 2010-2011 Christian Kuhn <lolli@schwarzbu.ch>
- *             Marcus Krause <marcus#exp2010@t3sec.info>
- *
- *  All rights reserved
- *
- *  This script is part of the TYPO3 project. The TYPO3 project is
- *  free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  The GNU General Public License can be found at
- *  http://www.gnu.org/copyleft/gpl.html.
- *
- *  This script is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Update plaintext and hashed passwords of existing users to salted passwords.
- *
- * @author Christian Kuhn <lolli@schwarzbu.ch>
- * @author Marcus Krause <marcus#exp2010@t3sec.info>
- * @package TYPO3
- * @subpackage saltedpasswords
- */
-class BulkUpdateTask extends \TYPO3\CMS\Scheduler\Task {
-
-       /**
-        * @var boolean Whether or not the task is allowed to deactivate itself after processing all existing user records.
-        */
-       protected $canDeactivateSelf = TRUE;
-
-       /**
-        * Converting a password to a salted hash takes some milliseconds (~100ms on an entry system in 2010).
-        * If all users are updated in one run, the task might run a long time if a lot of users must be handled.
-        * Therefore only a small number of frontend and backend users are processed.
-        * If saltedpasswords is enabled for both frontend and backend 2 * numberOfRecords will be handled.
-        *
-        * @var integer Number of records
-        */
-       protected $numberOfRecords = 250;
-
-       /**
-        * @var integer Pointer to last handled frontend and backend user row
-        */
-       protected $userRecordPointer = array();
-
-       /**
-        * Constructor initializes user record pointer
-        */
-       public function __construct() {
-               parent::__construct();
-               $this->userRecordPointer = array(
-                       'FE' => 0,
-                       'BE' => 0
-               );
-       }
-
-       /**
-        * Execute task
-        *
-        * @return boolean
-        */
-       public function execute() {
-               $processedAllRecords = TRUE;
-               // For frontend and backend
-               foreach ($this->userRecordPointer as $mode => $pointer) {
-                       // If saltedpasswords is active for frontend / backend
-                       if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled($mode)) {
-                               $usersToUpdate = $this->findUsersToUpdate($mode);
-                               $numberOfRows = count($usersToUpdate);
-                               if ($numberOfRows > 0) {
-                                       $processedAllRecords = FALSE;
-                                       $this->incrementUserRecordPointer($mode, $numberOfRows);
-                                       $this->convertPasswords($mode, $usersToUpdate);
-                               }
-                       }
-               }
-               if ($processedAllRecords) {
-                       // Reset the user record pointer
-                       $this->userRecordPointer = array(
-                               'FE' => 0,
-                               'BE' => 0
-                       );
-                       // Determine if task should disable itself
-                       if ($this->canDeactivateSelf) {
-                               $this->deactivateSelf();
-                       }
-               }
-               // Use save() of parent class tx_scheduler_Task to persist changed task variables
-               $this->save();
-               return TRUE;
-       }
-
-       /**
-        * Get additional information
-        *
-        * @return string Additional information
-        */
-       public function getAdditionalInformation() {
-               $information = ((($GLOBALS['LANG']->sL('LLL:EXT:saltedpasswords/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.label.additionalinformation.deactivateself') . $this->getCanDeactivateSelf()) . '; ') . $GLOBALS['LANG']->sL('LLL:EXT:saltedpasswords/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.label.additionalinformation.numberofrecords')) . $this->getNumberOfRecords();
-               return $information;
-       }
-
-       /**
-        * Finds next set of frontend or backend users to update.
-        *
-        * @param string $mode 'FE' for frontend, 'BE' for backend user records
-        * @return array Rows with uid and password
-        */
-       protected function findUsersToUpdate($mode) {
-               $usersToUpdate = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('uid, password', strtolower($mode) . '_users', '1 = 1', '', 'uid ASC', ($this->userRecordPointer[$mode] . ', ') . $this->numberOfRecords);
-               return $usersToUpdate;
-       }
-
-       /**
-        * Iterates over given user records and update password if needed.
-        *
-        * @param string $mode 'FE' for frontend, 'BE' for backend user records
-        * @param array $users With user uids and passwords
-        * @return void
-        */
-       protected function convertPasswords($mode, array $users) {
-               $updateUsers = array();
-               foreach ($users as $user) {
-                       // If a password is already a salted hash it must not be updated
-                       if ($this->isSaltedHash($user['password'])) {
-                               continue;
-                       }
-                       $updateUsers[] = $user;
-               }
-               if (count($updateUsers) > 0) {
-                       $this->updatePasswords($mode, $updateUsers);
-               }
-       }
-
-       /**
-        * Updates password and persist salted hash.
-        *
-        * @param string $mode 'FE' for frontend, 'BE' for backend user records
-        * @param array $users With user uids and passwords
-        * @return void
-        */
-       protected function updatePasswords($mode, array $users) {
-               /** @var $saltedpasswordsInstance \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface */
-               $saltedpasswordsInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, $mode);
-               foreach ($users as $user) {
-                       $newPassword = $saltedpasswordsInstance->getHashedPassword($user['password']);
-                       // If a given password is a md5 hash (usually default be_users without saltedpasswords activated),
-                       // result of getHashedPassword() is a salted hashed md5 hash.
-                       // We prefix those with 'M', saltedpasswords will then update this password
-                       // to a usual salted hash upon first login of the user.
-                       if ($this->isMd5Password($user['password'])) {
-                               $newPassword = 'M' . $newPassword;
-                       }
-                       // Persist updated password
-                       $GLOBALS['TYPO3_DB']->exec_UPDATEquery(strtolower($mode) . '_users', 'uid = ' . $user['uid'], array(
-                               'password' => $newPassword
-                       ));
-               }
-       }
-
-       /**
-        * Passwords prefixed with M or C might be salted passwords:
-        * M means: originally a md5 hash before it was salted (eg. default be_users).
-        * C means: originally a cleartext password with lower hash looping count generated by t3sec_saltedpw.
-        * Both M and C will be updated to usual salted hashes on first login of user.
-        *
-        * If a password does not start with M or C determine if a password is already a usual salted hash.
-        *
-        * @param string $password Password
-        * @return boolean TRUE if password is a salted hash
-        */
-       protected function isSaltedHash($password) {
-               $isSaltedHash = FALSE;
-               if (strlen($password) > 2 && (\TYPO3\CMS\Core\Utility\GeneralUtility::isFirstPartOfStr($password, 'C$') || \TYPO3\CMS\Core\Utility\GeneralUtility::isFirstPartOfStr($password, 'M$'))) {
-                       // Cut off M or C and test if we have a salted hash
-                       $isSaltedHash = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::determineSaltingHashingMethod(substr($password, 1));
-               }
-               // Test if given password is a already a usual salted hash
-               if (!$isSaltedHash) {
-                       $isSaltedHash = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::determineSaltingHashingMethod($password);
-               }
-               return $isSaltedHash;
-       }
-
-       /**
-        * Checks if a given password is a md5 hash, the default for be_user records before saltedpasswords.
-        *
-        * @param string $password The password to test
-        * @return boolean TRUE if password is md5
-        */
-       protected function isMd5Password($password) {
-               return (bool) preg_match('/[0-9abcdef]{32,32}/i', $password);
-       }
-
-       /**
-        * Increments current user record counter by number of handled rows.
-        *
-        * @param string $mode 'FE' for frontend, 'BE' for backend user records
-        * @param integer $number Number of handled rows
-        * @return void
-        */
-       protected function incrementUserRecordPointer($mode, $number) {
-               $this->userRecordPointer[$mode] += $number;
-       }
-
-       /**
-        * Deactivates this task instance.
-        * Uses setDisabled() method of parent class tx_scheduler_Task.
-        *
-        * @return void
-        */
-       protected function deactivateSelf() {
-               $this->setDisabled(TRUE);
-       }
-
-       /**
-        * Set if it can deactivate self
-        *
-        * @param boolean $canDeactivateSelf
-        * @return void
-        */
-       public function setCanDeactivateSelf($canDeactivateSelf) {
-               $this->canDeactivateSelf = $canDeactivateSelf;
-       }
-
-       /**
-        * Get if it can deactivate self
-        *
-        * @return boolean TRUE if task shall deactivate itself, FALSE otherwise
-        */
-       public function getCanDeactivateSelf() {
-               return $this->canDeactivateSelf;
-       }
-
-       /**
-        * Set number of records
-        *
-        * @param integer $numberOfRecords
-        * @return void
-        */
-       public function setNumberOfRecords($numberOfRecords) {
-               $this->numberOfRecords = $numberOfRecords;
-       }
-
-       /**
-        * Get number of records
-        *
-        * @return integer The number of records
-        */
-       public function getNumberOfRecords() {
-               return $this->numberOfRecords;
-       }
-
-}
-
-
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/Utility/ExtensionManagerConfigurationUtility.php b/typo3/sysext/saltedpasswords/classes/Utility/ExtensionManagerConfigurationUtility.php
deleted file mode 100644 (file)
index 5e44b81..0000000
+++ /dev/null
@@ -1,394 +0,0 @@
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Utility;
-
-/**
- * class providing configuration checks for saltedpasswords.
- *
- * @author Steffen Ritter <info@rs-websystems.de>
- * @since 2009-09-04
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class ExtensionManagerConfigurationUtility {
-
-       /**
-        * @var integer
-        */
-       protected $errorType = \TYPO3\CMS\Core\Messaging\FlashMessage::OK;
-
-       /**
-        * @var string
-        */
-       protected $header;
-
-       /**
-        * @var string
-        */
-       protected $preText;
-
-       /**
-        * @var array
-        */
-       protected $problems = array();
-
-       /**
-        * Set the error level if no higher level
-        * is set already
-        *
-        * @param string $level One out of error, ok, warning, info
-        * @return void
-        */
-       private function setErrorLevel($level) {
-               switch ($level) {
-               case 'error':
-                       $this->errorType = \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR;
-                       $this->header = 'Errors found in your configuration';
-                       $this->preText = 'SaltedPasswords will not work until these problems have been resolved:<br />';
-                       break;
-               case 'warning':
-                       if ($this->errorType < \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR) {
-                               $this->errorType = \TYPO3\CMS\Core\Messaging\FlashMessage::WARNING;
-                               $this->header = 'Warnings about your configuration';
-                               $this->preText = 'SaltedPasswords might behave different than expected:<br />';
-                       }
-                       break;
-               case 'info':
-                       if ($this->errorType < \TYPO3\CMS\Core\Messaging\FlashMessage::WARNING) {
-                               $this->errorType = \TYPO3\CMS\Core\Messaging\FlashMessage::INFO;
-                               $this->header = 'Additional information';
-                               $this->preText = '<br />';
-                       }
-                       break;
-               case 'ok':
-                       // TODO: Remove INFO condition as it has lower importance
-                       if ($this->errorType < \TYPO3\CMS\Core\Messaging\FlashMessage::WARNING && $this->errorType != \TYPO3\CMS\Core\Messaging\FlashMessage::INFO) {
-                               $this->errorType = \TYPO3\CMS\Core\Messaging\FlashMessage::OK;
-                               $this->header = 'No errors were found';
-                               $this->preText = 'SaltedPasswords has been configured correctly and works as expected.<br />';
-                       }
-                       break;
-               }
-       }
-
-       /**
-        * Renders the flash messages if problems have been found.
-        *
-        * @return string The flash message as HTML.
-        */
-       private function renderFlashMessage() {
-               $message = '';
-               // If there are problems, render them into an unordered list
-               if (count($this->problems) > 0) {
-                       $message = '<ul>
-       <li>###PROBLEMS###</li>
-</ul>';
-                       $message = str_replace('###PROBLEMS###', implode('<br />&nbsp;</li><li>', $this->problems), $message);
-                       if ($this->errorType > \TYPO3\CMS\Core\Messaging\FlashMessage::OK) {
-                               $message .= '<br />
-Note, that a wrong configuration might have impact on the security of
-your TYPO3 installation and the usability of the backend.';
-                       }
-               }
-               if (empty($message)) {
-                       $this->setErrorLevel('ok');
-               }
-               $message = $this->preText . $message;
-               $flashMessage = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $message, $this->header, $this->errorType);
-               return $flashMessage->render();
-       }
-
-       /**
-        * Initializes this object.
-        *
-        * @return void
-        */
-       private function init() {
-               $requestSetup = $this->processPostData((array) $_REQUEST['data']);
-               $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords']);
-               $this->extConf['BE'] = array_merge((array) $extConf['BE.'], (array) $requestSetup['BE.']);
-               $this->extConf['FE'] = array_merge((array) $extConf['FE.'], (array) $requestSetup['FE.']);
-               $GLOBALS['LANG']->includeLLFile('EXT:saltedpasswords/locallang.xml');
-       }
-
-       /**
-        * Checks the backend configuration and shows a message if necessary.
-        *
-        * @param array $params Field information to be rendered
-        * @param \TYPO3\CMS\Core\TypoScript\ConfigurationForm $pObj The calling parent object.
-        * @return string Messages as HTML if something needs to be reported
-        */
-       public function checkConfigurationBackend(array $params, $pObj) {
-               $this->init();
-               $extConf = $this->extConf['BE'];
-               // The backend is called over SSL
-               $SSL = ($GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] > 0 ? TRUE : FALSE) && $GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'] != 'superchallenged';
-               $rsaAuthLoaded = \TYPO3\CMS\Core\Extension\ExtensionManager::isLoaded('rsaauth');
-               if ($extConf['enabled']) {
-                       // SSL configured?
-                       if ($SSL) {
-                               $this->setErrorLevel('ok');
-                               $problems[] = 'The backend is configured to use SaltedPasswords over SSL.';
-                       } elseif ($rsaAuthLoaded) {
-                               if (trim($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel']) === 'rsa') {
-                                       if ($this->isRsaAuthBackendAvailable()) {
-                                               $this->setErrorLevel('ok');
-                                               $problems[] = 'The backend is configured to use SaltedPasswords with RSA authentication.';
-                                       } else {
-                                               // This means that login would fail because rsaauth is not working properly
-                                               $this->setErrorLevel('error');
-                                               $problems[] = ('<strong>Using the extension "rsaauth" is not possible, as no encryption backend ' . 'is available. Please install and configure the PHP extension "openssl". ') . 'See <a href="http://php.net/manual/en/openssl.installation.php" target="_blank">PHP.net</a></strong>.';
-                                       }
-                               } else {
-                                       // This means that we are not using saltedpasswords
-                                       $this->setErrorLevel('error');
-                                       $problems[] = 'The "rsaauth" extension is installed, but TYPO3 is not configured to use it during login.
-                                               Use the Install Tool to set the Login Security Level for the backend to "rsa"
-                                               ($TYPO3_CONF_VARS[\'BE\'][\'loginSecurityLevel\'])';
-                               }
-                       } else {
-                               // This means that we are not using saltedpasswords
-                               $this->setErrorLevel('error');
-                               $problems[] = 'Backend requirements for SaltedPasswords are not met, therefore the
-authentication will not work even if it was explicitly enabled for backend
-usage:<br />
-<ul>
-       <li>Install the "rsaauth" extension and use the Install Tool to set the
-               Login Security Level for the backend to "rsa"
-               ($TYPO3_CONF_VARS[\'BE\'][\'loginSecurityLevel\'])</li>
-
-       <li>If you have the option to use SSL, you can also configure your
-               backend for SSL usage:<br />
-               Use the Install Tool to set the Security-Level for the backend
-               to "normal" ($TYPO3_CONF_VARS[\'BE\'][\'loginSecurityLevel\']) and
-               the SSL-locking option to a value greater than "0"
-               (see description - $TYPO3_CONF_VARS[\'BE\'][\'lockSSL\'])</li>
-</ul>
-<br />
-It is also possible to use "lockSSL" and "rsa" Login Security Level at the same
-time.';
-                       }
-                       // Only saltedpasswords as authsservice
-                       if ($extConf['onlyAuthService']) {
-                               // Warn user that the combination with "forceSalted" may lock him out from Backend
-                               if ($extConf['forceSalted']) {
-                                       $this->setErrorLevel('warning');
-                                       $problems[] = 'SaltedPasswords has been configured to be the only authentication service for
-the backend. Additionally, usage of salted passwords is enforced (forceSalted).
-The result is that there is no chance to login with users not having a salted
-password hash.<br />
-<strong><i>WARNING:</i></strong> This may lock you out of the backend!';
-                               } else {
-                                       // Inform the user that things like openid won't work anymore
-                                       $this->setErrorLevel('info');
-                                       $problems[] = 'SaltedPasswords has been configured to be the only authentication service for
-the backend. This means that other services like "ipauth", "openid", etc. will
-be ignored (except "rsauth", which is implicitely used).';
-                               }
-                       }
-                       // forceSalted is set
-                       if ($extConf['forceSalted'] && !$extConf['onlyAuthService']) {
-                               $this->setErrorLevel('info');
-                               $problems[] = 'SaltedPasswords has been configured to enforce salted passwords (forceSalted).
-<br />
-This means that only passwords in the format of this extension will succeed for
-login.<br />
-<strong><i>IMPORTANT:</i></strong> This has the effect that passwords that are set from
-the Install Tool will not work!';
-                       }
-                       // updatePasswd wont work with "forceSalted"
-                       if ($extConf['updatePasswd'] && $extConf['forceSalted']) {
-                               $this->setErrorLevel('error');
-                               $problems[] = 'SaltedPasswords is configured wrong and will not work as expected:<br />
-It is not possible to set "updatePasswd" and "forceSalted" at the same time.
-Please disable either one of them.';
-                       }
-                       // Check if the configured hash-method is available on system
-                       if (!($instance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, 'BE') || !$instance->isAvailable())) {
-                               $this->setErrorLevel('error');
-                               $problems[] = 'The selected method for hashing your salted passwords is not available on this
-system! Please check your configuration.';
-                       }
-               } else {
-                       // Not enabled warning
-                       $this->setErrorLevel('error');
-                       $problems[] = 'SaltedPasswords has been disabled for backend users.';
-               }
-               $this->problems = $problems;
-               return $this->renderFlashMessage();
-       }
-
-       /**
-        * Checks if rsaauth is able to obtain a backend
-        *
-        * @return boolean
-        */
-       protected function isRsaAuthBackendAvailable() {
-               /**
-                * Try to instantiate an RSAauth backend. If this does not work, it means that OpenSSL is not usable
-                *
-                * @var $rsaauthBackendFactory \TYPO3\CMS\Rsaauth\Backend\BackendFactory
-                */
-               $rsaauthBackendFactory = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Rsaauth\\Backend\\BackendFactory');
-               $backend = $rsaauthBackendFactory->getBackend();
-               return $backend !== NULL;
-       }
-
-       /**
-        * Checks the frontend configuration and shows a message if necessary.
-        *
-        * @param array $params Field information to be rendered
-        * @param \TYPO3\CMS\Core\TypoScript\ConfigurationForm $pObj The calling parent object.
-        * @return string Messages as HTML if something needs to be reported
-        */
-       public function checkConfigurationFrontend(array $params, $pObj) {
-               $this->init();
-               $extConf = $this->extConf['FE'];
-               if ($extConf['enabled']) {
-                       // Inform the user if securityLevel in FE is challenged or blank --> extension won't work
-                       if (!\TYPO3\CMS\Core\Utility\GeneralUtility::inList('normal,rsa', $GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel'])) {
-                               $this->setErrorLevel('info');
-                               $problems[] = '<strong>IMPORTANT:</strong><br />
-Frontend requirements for SaltedPasswords are not met, therefore the
-authentication will not work even if it was explicitly enabled for frontend
-usage:<br />
-<ul>
-       <li>Install the "rsaauth" extension and use the Install Tool to set the
-               Login Security Level for the frontend to "rsa"
-               ($TYPO3_CONF_VARS[\'FE\'][\'loginSecurityLevel\'])</li>
-
-       <li>Alternatively, use the Install Tool to set the Login Security Level
-               for the frontend to "normal"
-               ($TYPO3_CONF_VARS[\'FE\'][\'loginSecurityLevel\'])</li>
-</ul>
-<br />
-Make sure that the Login Security Level is not set to "" or "challenged"!';
-                       } elseif (trim($GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel']) === 'rsa') {
-                               if ($this->isRsaAuthBackendAvailable()) {
-                                       $this->setErrorLevel('ok');
-                                       $problems[] = 'The frontend is configured to use SaltedPasswords with RSA authentication.';
-                               } else {
-                                       // This means that login would fail because rsaauth is not working properly
-                                       $this->setErrorLevel('error');
-                                       $problems[] = ('<strong>Using the extension "rsaauth" is not possible, as no encryption backend ' . 'is available. Please install and configure the PHP extension "openssl". ') . 'See <a href="http://php.net/manual/en/openssl.installation.php" target="_blank">PHP.net</a></strong>.';
-                               }
-                       }
-                       // Only saltedpasswords as authsservice
-                       if ($extConf['onlyAuthService']) {
-                               // Warn user taht the combination with "forceSalted" may lock him out from frontend
-                               if ($extConf['forceSalted']) {
-                                       $this->setErrorLevel('warning');
-                                       $problems[] = 'SaltedPasswords has been configured to enforce salted passwords (forceSalted).
-<br />
-This means that only passwords in the format of this extension will succeed for
-login.<br />
-<strong><i>IMPORTANT:</i></strong> Because of this, it is not possible to login with
-users not having a salted password hash (e.g. existing frontend users).';
-                               } else {
-                                       // Inform the user that things like openid won't work anymore
-                                       $this->setErrorLevel('info');
-                                       $problems[] = 'SaltedPasswords has been configured to be the only authentication service for
-frontend logins. This means that other services like "ipauth", "openid", etc.
-will be ignored.';
-                               }
-                       }
-                       // forceSalted is set
-                       if ($extConf['forceSalted'] && !$extConf['onlyAuthService']) {
-                               $this->setErrorLevel('warning');
-                               $problems[] = 'SaltedPasswords has been configured to enforce salted passwords (forceSalted).
-<br />
-This means that only passwords in the format of this extension will succeed for
-login.<br />
-<strong><i>IMPORTANT:</i></strong> This has the effect that passwords that were set
-before SaltedPasswords was used will not work (in fact, they need to be
-redefined).';
-                       }
-                       // updatePasswd wont work with "forceSalted"
-                       if ($extConf['updatePasswd'] && $extConf['forceSalted']) {
-                               $this->setErrorLevel('error');
-                               $problems[] = 'SaltedPasswords is configured wrong and will not work as expected:<br />
-It is not possible to set "updatePasswd" and "forceSalted" at the same time.
-Please disable either one of them.';
-                       }
-               } else {
-                       // Not enabled warning
-                       $this->setErrorLevel('info');
-                       $problems[] = 'SaltedPasswords has been disabled for frontend users.';
-               }
-               $this->problems = $problems;
-               return $this->renderFlashMessage();
-       }
-
-       /**
-        * Renders a selector element that allows to select the hash method to be used.
-        *
-        * @param array $params Field information to be rendered
-        * @param \TYPO3\CMS\Core\TypoScript\ConfigurationForm $pObj The calling parent object.
-        * @param string $disposal The configuration disposal ('FE' or 'BE')
-        * @return string The HTML selector
-        */
-       protected function buildHashMethodSelector(array $params, $pObj, $disposal) {
-               $this->init();
-               $propertyName = $params['propertyName'];
-               $unknownVariablePleaseRenameMe = ('\'' . substr(md5($propertyName), 0, 10)) . '\'';
-               $p_field = '';
-               foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'] as $class => $reference) {
-                       $classInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($reference, 'tx_');
-                       if ($classInstance instanceof \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface && $classInstance->isAvailable()) {
-                               $sel = $this->extConf[$disposal]['saltedPWHashingMethod'] == $class ? ' selected="selected" ' : '';
-                               $label = 'ext.saltedpasswords.title.' . $class;
-                               $p_field .= ((((('<option value="' . htmlspecialchars($class)) . '"') . $sel) . '>') . $GLOBALS['LANG']->getLL($label)) . '</option>';
-                       }
-               }
-               $p_field = ((((((('<select id="' . $propertyName) . '" name="') . $params['fieldName']) . '" onChange="uFormUrl(') . $unknownVariablePleaseRenameMe) . ')">') . $p_field) . '</select>';
-               return $p_field;
-       }
-
-       /**
-        * Renders a selector element that allows to select the hash method to be used (frontend disposal).
-        *
-        * @param array $params Field information to be rendered
-        * @param \TYPO3\CMS\Core\TypoScript\ConfigurationForm $pObj The calling parent object.
-        * @return string The HTML selector
-        */
-       public function buildHashMethodSelectorFE(array $params, $pObj) {
-               return $this->buildHashMethodSelector($params, $pObj, 'FE');
-       }
-
-       /**
-        * Renders a selector element that allows to select the hash method to be used (backend disposal)
-        *
-        * @param array $params Field information to be rendered
-        * @param \TYPO3\CMS\Core\TypoScript\ConfigurationForm $pObj The calling parent object.
-        * @return string The HTML selector
-        */
-       public function buildHashMethodSelectorBE(array $params, $pObj) {
-               return $this->buildHashMethodSelector($params, $pObj, 'BE');
-       }
-
-       /**
-        * Processes the information submitted by the user using a POST request and
-        * transforms it to a TypoScript node notation.
-        *
-        * @param array $postArray Incoming POST information
-        * @return array Processed and transformed POST information
-        */
-       private function processPostData(array $postArray = array()) {
-               foreach ($postArray as $key => $value) {
-                       // TODO: Explain
-                       $parts = explode('.', $key, 2);
-                       if (count($parts) == 2) {
-                               // TODO: Explain
-                               $value = $this->processPostData(array($parts[1] => $value));
-                               $postArray[$parts[0] . '.'] = array_merge((array) $postArray[($parts[0] . '.')], $value);
-                       } else {
-                               // TODO: Explain
-                               $postArray[$parts[0]] = $value;
-                       }
-               }
-               return $postArray;
-       }
-
-}
-
-
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/Utility/SaltedPasswordsUtility.php b/typo3/sysext/saltedpasswords/classes/Utility/SaltedPasswordsUtility.php
deleted file mode 100644 (file)
index 5b5c190..0000000
+++ /dev/null
@@ -1,148 +0,0 @@
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Utility;
-
-/***************************************************************
- *  Copyright notice
- *
- *  (c) Marcus Krause (marcus#exp2009@t3sec.info)
- *  (c) Steffen Ritter (info@rs-websystems.de)
- *  All rights reserved
- *
- *  This script is part of the TYPO3 project. The TYPO3 project is
- *  free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  The GNU General Public License can be found at
- *  http://www.gnu.org/copyleft/gpl.html.
- *  A copy is found in the textfile GPL.txt and important notices to the license
- *  from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- *  This script is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Contains class "tx_saltedpasswords_div"
- * that provides various helper functions.
- */
-/**
- * General library class.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @author Steffen Ritter <info@rs-websystems.de>
- * @since 2009-06-14
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class SaltedPasswordsUtility {
-
-       /**
-        * Keeps this extension's key.
-        */
-       const EXTKEY = 'saltedpasswords';
-       /**
-        * Calculates number of backend users, who have no saltedpasswords
-        * protection.
-        *
-        * @return integer
-        */
-       static public function getNumberOfBackendUsersWithInsecurePassword() {
-               $userCount = $GLOBALS['TYPO3_DB']->exec_SELECTcountRows('*', 'be_users', (('password NOT LIKE ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('$%', 'be_users')) . ' AND password NOT LIKE ') . $GLOBALS['TYPO3_DB']->fullQuoteStr('M$%', 'be_users'));
-               return $userCount;
-       }
-
-       /**
-        * Returns extension configuration data from $TYPO3_CONF_VARS (configurable in Extension Manager)
-        *
-        * @author Rainer Kuhn <kuhn@punkt.de>
-        * @author Marcus Krause <marcus#exp2009@t3sec.info>
-        * @param string $mode TYPO3_MODE, wether Configuration for Frontend or Backend should be delivered
-        * @return array Extension configuration data
-        */
-       static public function returnExtConf($mode = TYPO3_MODE) {
-               $currentConfiguration = self::returnExtConfDefaults();
-               if (isset($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'])) {
-                       $extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords']);
-                       // Merge default configuration with modified configuration:
-                       if (isset($extensionConfiguration[$mode . '.'])) {
-                               $currentConfiguration = array_merge($currentConfiguration, $extensionConfiguration[$mode . '.']);
-                       }
-               }
-               return $currentConfiguration;
-       }
-
-       /**
-        * Hook function for felogin "forgotPassword" functionality
-        * encrypts the new password before storing in database
-        *
-        * @param array $params Parameter the hook delivers
-        * @param \TYPO3\CMS\FeLogin\Controller\FrontendLoginController $pObj Parent Object from which the hook is called
-        * @return void
-        */
-       public function feloginForgotPasswordHook(array &$params, \TYPO3\CMS\FeLogin\Controller\FrontendLoginController $pObj) {
-               if (self::isUsageEnabled('FE')) {
-                       $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance();
-                       $params['newPassword'] = $this->objInstanceSaltedPW->getHashedPassword($params['newPassword']);
-               }
-       }
-
-       /**
-        * Returns default configuration of this extension.
-        *
-        * @return array Default extension configuration data for localconf.php
-        */
-       static public function returnExtConfDefaults() {
-               return array(
-                       'onlyAuthService' => '0',
-                       'forceSalted' => '0',
-                       'updatePasswd' => '1',
-                       'saltedPWHashingMethod' => 'TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt',
-                       'enabled' => '1'
-               );
-       }
-
-       /**
-        * Function determines the default(=configured) type of
-        * salted hashing method to be used.
-        *
-        * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
-        * @return string Classname of object to be used
-        */
-       static public function getDefaultSaltingHashingMethod($mode = TYPO3_MODE) {
-               $extConf = self::returnExtConf($mode);
-               $classNameToUse = 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt';
-               if (in_array($extConf['saltedPWHashingMethod'], array_keys($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods']))) {
-                       $classNameToUse = $extConf['saltedPWHashingMethod'];
-               }
-               return $classNameToUse;
-       }
-
-       /**
-        * Returns information if salted password hashes are
-        * indeed used in the TYPO3_MODE.
-        *
-        * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
-        * @return boolean TRUE, if salted password hashes are used in the TYPO3_MODE, otherwise FALSE
-        */
-       static public function isUsageEnabled($mode = TYPO3_MODE) {
-               // Login Security Level Recognition
-               $extConf = self::returnExtConf($mode);
-               $securityLevel = $GLOBALS['TYPO3_CONF_VARS'][$mode]['loginSecurityLevel'];
-               if ($mode == 'BE' && $extConf['enabled']) {
-                       return $securityLevel == 'normal' && $GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] > 0 || $securityLevel == 'rsa';
-               } elseif ($mode == 'FE' && $extConf['enabled']) {
-                       return \TYPO3\CMS\Core\Utility\GeneralUtility::inList('normal,rsa', $securityLevel);
-               }
-               return FALSE;
-       }
-
-}
-
-
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/class.tx_saltedpasswords_autoloader.php b/typo3/sysext/saltedpasswords/classes/class.tx_saltedpasswords_autoloader.php
deleted file mode 100644 (file)
index 82eee80..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_autoloader and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Autoloader.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Autoloader.php';
-/**
- * @var $SOBE \TYPO3\CMS\Saltedpasswords\Autoloader
- */
-$SOBE = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Saltedpasswords\\Autoloader');
-$SOBE->execute($this);
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/class.tx_saltedpasswords_div.php b/typo3/sysext/saltedpasswords/classes/class.tx_saltedpasswords_div.php
deleted file mode 100644 (file)
index 6c15e88..0000000
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_div and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Utility/SaltedPasswordsUtility.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Utility/SaltedPasswordsUtility.php';
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/class.tx_saltedpasswords_emconfhelper.php b/typo3/sysext/saltedpasswords/classes/class.tx_saltedpasswords_emconfhelper.php
deleted file mode 100644 (file)
index 2206fd4..0000000
+++ /dev/null
@@ -1,37 +0,0 @@
-<?php
-/***************************************************************
- *  Copyright notice
- *
- *  (c) Steffen Ritter (info@rs-websystems.de)
- *  All rights reserved
- *
- *  This script is part of the TYPO3 project. The TYPO3 project is
- *  free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  The GNU General Public License can be found at
- *  http://www.gnu.org/copyleft/gpl.html.
- *  A copy is found in the textfile GPL.txt and important notices to the license
- *  from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- *  This script is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-// Make sure that we are executed only in TYPO3 context
-if (!defined('TYPO3_MODE')) {
-       die('Access denied.');
-}
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_emconfhelper and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Utility/ExtensionManagerConfigurationUtility.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Utility/ExtensionManagerConfigurationUtility.php';
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/eval/class.tx_saltedpasswords_eval.php b/typo3/sysext/saltedpasswords/classes/eval/class.tx_saltedpasswords_eval.php
deleted file mode 100644 (file)
index ba2f934..0000000
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_eval and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Evaluation/Evaluator.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Evaluation/Evaluator.php';
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/eval/class.tx_saltedpasswords_eval_be.php b/typo3/sysext/saltedpasswords/classes/eval/class.tx_saltedpasswords_eval_be.php
deleted file mode 100644 (file)
index 11b26e9..0000000
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_eval_be and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Evaluation/BackendEvaluator.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Evaluation/BackendEvaluator.php';
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/eval/class.tx_saltedpasswords_eval_fe.php b/typo3/sysext/saltedpasswords/classes/eval/class.tx_saltedpasswords_eval_fe.php
deleted file mode 100644 (file)
index 42269eb..0000000
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_eval_fe and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Evaluation/FrontendEvaluator.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Evaluation/FrontendEvaluator.php';
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/salts/class.tx_saltedpasswords_abstract_salts.php b/typo3/sysext/saltedpasswords/classes/salts/class.tx_saltedpasswords_abstract_salts.php
deleted file mode 100644 (file)
index e054190..0000000
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_abstract_salts and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Salt/AbstractSalt.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/AbstractSalt.php';
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_blowfish.php b/typo3/sysext/saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_blowfish.php
deleted file mode 100644 (file)
index 510ae58..0000000
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_salts_blowfish and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Salt/BlowfishSalt.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/BlowfishSalt.php';
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_factory.php b/typo3/sysext/saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_factory.php
deleted file mode 100644 (file)
index e01eed6..0000000
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_salts_factory and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Salt/SaltFactory.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/SaltFactory.php';
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_md5.php b/typo3/sysext/saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_md5.php
deleted file mode 100644 (file)
index 7872f2b..0000000
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_salts_md5 and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Salt/Md5Salt.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/Md5Salt.php';
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_phpass.php b/typo3/sysext/saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_phpass.php
deleted file mode 100644 (file)
index 458f87d..0000000
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_salts_phpass and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Salt/PhpassSalt.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/PhpassSalt.php';
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/salts/interfaces/interface.tx_saltedpasswords_salts.php b/typo3/sysext/saltedpasswords/classes/salts/interfaces/interface.tx_saltedpasswords_salts.php
deleted file mode 100644 (file)
index b3f2ba3..0000000
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_salts and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Salt/SaltInterface.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/SaltInterface.php';
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate.php b/typo3/sysext/saltedpasswords/classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate.php
deleted file mode 100644 (file)
index 649f0c1..0000000
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_Tasks_BulkUpdate and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Task/BulkUpdateTask.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Task/BulkUpdateTask.php';
-?>
\ No newline at end of file
diff --git a/typo3/sysext/saltedpasswords/classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate_additionalfieldprovider.php b/typo3/sysext/saltedpasswords/classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate_additionalfieldprovider.php
deleted file mode 100644 (file)
index f492c05..0000000
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_Tasks_BulkUpdate_AdditionalFieldProvider and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Task/BulkUpdateFieldProvider.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Task/BulkUpdateFieldProvider.php';
-?>
\ No newline at end of file
index ab34842..de7e723 100644 (file)
@@ -3,19 +3,19 @@
 // This file was generated on 2009-09-16 14:24
 $extensionPath = \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords');
 return array(
-       'tx_saltedpasswords_div' => $extensionPath . 'classes/class.tx_saltedpasswords_div.php',
-       'tx_saltedpasswords_emconfhelper' => $extensionPath . 'classes/class.tx_saltedpasswords_emconfhelper.php',
-       'tx_saltedpasswords_abstract_salts' => $extensionPath . 'classes/salts/class.tx_saltedpasswords_abstract_salts.php',
-       'tx_saltedpasswords_salts_blowfish' => $extensionPath . 'classes/salts/class.tx_saltedpasswords_salts_blowfish.php',
-       'tx_saltedpasswords_salts_factory' => $extensionPath . 'classes/salts/class.tx_saltedpasswords_salts_factory.php',
-       'tx_saltedpasswords_salts_md5' => $extensionPath . 'classes/salts/class.tx_saltedpasswords_salts_md5.php',
-       'tx_saltedpasswords_salts_phpass' => $extensionPath . 'classes/salts/class.tx_saltedpasswords_salts_phpass.php',
-       'tx_saltedpasswords_salts' => $extensionPath . 'classes/salts/interfaces/interface.tx_saltedpasswords_salts.php',
-       'tx_saltedpasswords_eval' => $extensionPath . 'classes/eval/class.tx_saltedpasswords_eval.php',
-       'tx_saltedpasswords_eval_be' => $extensionPath . 'classes/eval/class.tx_saltedpasswords_eval_be.php',
-       'tx_saltedpasswords_eval_fe' => $extensionPath . 'classes/eval/class.tx_saltedpasswords_eval_fe.php',
-       'tx_saltedpasswords_tasks_bulkupdate' => $extensionPath . 'classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate.php',
-       'tx_saltedpasswords_tasks_bulkupdate_additionalfieldprovider' => $extensionPath . 'classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate_additionalfieldprovider.php',
+       'tx_saltedpasswords_div' => $extensionPath . 'Classes/class.tx_saltedpasswords_div.php',
+       'tx_saltedpasswords_emconfhelper' => $extensionPath . 'Classes/class.tx_saltedpasswords_emconfhelper.php',
+       'tx_saltedpasswords_abstract_salts' => $extensionPath . 'Classes/salts/class.tx_saltedpasswords_abstract_salts.php',
+       'tx_saltedpasswords_salts_blowfish' => $extensionPath . 'Classes/salts/class.tx_saltedpasswords_salts_blowfish.php',
+       'tx_saltedpasswords_salts_factory' => $extensionPath . 'Classes/salts/class.tx_saltedpasswords_salts_factory.php',
+       'tx_saltedpasswords_salts_md5' => $extensionPath . 'Classes/salts/class.tx_saltedpasswords_salts_md5.php',
+       'tx_saltedpasswords_salts_phpass' => $extensionPath . 'Classes/salts/class.tx_saltedpasswords_salts_phpass.php',
+       'tx_saltedpasswords_salts' => $extensionPath . 'Classes/salts/interfaces/interface.tx_saltedpasswords_salts.php',
+       'tx_saltedpasswords_eval' => $extensionPath . 'Classes/eval/class.tx_saltedpasswords_eval.php',
+       'tx_saltedpasswords_eval_be' => $extensionPath . 'Classes/eval/class.tx_saltedpasswords_eval_be.php',
+       'tx_saltedpasswords_eval_fe' => $extensionPath . 'Classes/eval/class.tx_saltedpasswords_eval_fe.php',
+       'tx_saltedpasswords_tasks_bulkupdate' => $extensionPath . 'Classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate.php',
+       'tx_saltedpasswords_tasks_bulkupdate_additionalfieldprovider' => $extensionPath . 'Classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate_additionalfieldprovider.php',
        'tx_saltedpasswords_sv1' => $extensionPath . 'sv1/class.tx_saltedpasswords_sv1.php',
        'tx_saltedpasswords_div_testcase' => $extensionPath . 'tests/tx_saltedpasswords_div_testcase.php',
        'tx_saltedpasswords_salts_blowfish_testcase' => $extensionPath . 'tests/tx_saltedpasswords_salts_blowfish_testcase.php',
@@ -23,4 +23,4 @@ return array(
        'tx_saltedpasswords_salts_md5_testcase' => $extensionPath . 'tests/tx_saltedpasswords_salts_md5_testcase.php',
        'tx_saltedpasswords_salts_phpass_testcase' => $extensionPath . 'tests/tx_saltedpasswords_salts_phpass_testcase.php'
 );
-?>
\ No newline at end of file
+?>
index 473babb..2048946 100644 (file)
@@ -3,16 +3,16 @@ if (!defined('TYPO3_MODE')) {
        die('Access denied.');
 }
 // Form evaluation function for fe_users
-$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tce']['formevals']['TYPO3\\CMS\\Saltedpasswords\\Evaluation\\Evaluator_fe'] = 'EXT:saltedpasswords/classes/eval/class.tx_saltedpasswords_eval_fe.php';
+$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tce']['formevals']['TYPO3\\CMS\\Saltedpasswords\\Evaluation\\Evaluator_fe'] = 'EXT:saltedpasswords/Classes/eval/class.tx_saltedpasswords_eval_fe.php';
 // Form evaluation function for be_users
-$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tce']['formevals']['TYPO3\\CMS\\Saltedpasswords\\Evaluation\\BackendEvaluator'] = 'EXT:saltedpasswords/classes/eval/class.tx_saltedpasswords_eval_be.php';
+$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tce']['formevals']['TYPO3\\CMS\\Saltedpasswords\\Evaluation\\BackendEvaluator'] = 'EXT:saltedpasswords/Classes/eval/class.tx_saltedpasswords_eval_be.php';
 // Hook for processing "forgotPassword" in felogin
-$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'][] = 'EXT:saltedpasswords/classes/class.tx_saltedpasswords_div.php:TYPO3\\CMS\\Saltedpasswords\\Utility\\SaltedPasswordsUtility->feloginForgotPasswordHook';
+$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'][] = 'EXT:saltedpasswords/Classes/class.tx_saltedpasswords_div.php:TYPO3\\CMS\\Saltedpasswords\\Utility\\SaltedPasswordsUtility->feloginForgotPasswordHook';
 // Registering all available hashes to factory
 $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'] = array(
-       'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt' => 'EXT:saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_md5.php:TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt',
-       'TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt' => 'EXT:saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_blowfish.php:TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt',
-       'TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt' => 'EXT:saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_phpass.php:TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt'
+       'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt' => 'EXT:saltedpasswords/Classes/salts/class.tx_saltedpasswords_salts_md5.php:TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt',
+       'TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt' => 'EXT:saltedpasswords/Classes/salts/class.tx_saltedpasswords_salts_blowfish.php:TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt',
+       'TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt' => 'EXT:saltedpasswords/Classes/salts/class.tx_saltedpasswords_salts_phpass.php:TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt'
 );
 \TYPO3\CMS\Core\Extension\ExtensionManager::addService('saltedpasswords', 'auth', 'TYPO3\\CMS\\Saltedpasswords\\SaltedPasswordService', array(
        'title' => 'FE/BE Authentification salted',
@@ -36,4 +36,4 @@ $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['scheduler']['tasks']['TYPO3\\CMS\\Sal
        'description' => ('LLL:EXT:' . $_EXTKEY) . '/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.description',
        'additionalFields' => 'TYPO3\\CMS\\Saltedpasswords\\Task\\BulkUpdateFieldProvider'
 );
-?>
\ No newline at end of file
+?>
diff --git a/typo3/sysext/t3editor/Classes/CodeCompletion.php b/typo3/sysext/t3editor/Classes/CodeCompletion.php
new file mode 100644 (file)
index 0000000..113547a
--- /dev/null
@@ -0,0 +1,136 @@
+<?php
+namespace TYPO3\CMS\T3Editor;
+
+/**
+ * Code completion for t3editor
+ *
+ * @author Stephan Petzl <spetzl@gmx.at>
+ * @author Christian Kartnig <office@hahnepeter.de>
+ */
+class CodeCompletion {
+
+       /**
+        * @var \TYPO3\CMS\Core\Http\AjaxRequestHandler
+        */
+       protected $ajaxObj;
+
+       /**
+        * General processor for AJAX requests.
+        * (called by typo3/ajax.php)
+        *
+        * @param array $params Additional parameters (not used here)
+        * @param \TYPO3\CMS\Core\Http\AjaxRequestHandler &$ajaxObj The TYPO3AJAX object of this request
+        * @return void
+        * @author Oliver Hader <oliver@typo3.org>
+        */
+       public function processAjaxRequest($params, \TYPO3\CMS\Core\Http\AjaxRequestHandler &$ajaxObj) {
+               $this->ajaxObj = $ajaxObj;
+               $ajaxIdParts = explode('::', $ajaxObj->getAjaxID(), 2);
+               $ajaxMethod = $ajaxIdParts[1];
+               $response = array();
+               // Process the AJAX requests:
+               if ($ajaxMethod == 'loadTemplates') {
+                       $ajaxObj->setContent($this->loadTemplates(intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('pageId'))));
+                       $ajaxObj->setContentFormat('jsonbody');
+               }
+       }
+
+       /**
+        * Loads all templates up to a given page id (walking the rootline) and
+        * cleans parts that are not required for the t3editor codecompletion.
+        *
+        * @param integer $pageId ID of the page
+        * @param integer $templateId Currently unused (default: 0)
+        * @return array Cleaned array of TypoScript information
+        * @author Oliver Hader <oliver@typo3.org>
+        */
+       protected function loadTemplates($pageId, $templateId = 0) {
+               $templates = array();
+               // Check whether access is granted (only admin have access to sys_template records):
+               if ($GLOBALS['BE_USER']->isAdmin()) {
+                       // Check whether there is a pageId given:
+                       if ($pageId) {
+                               $templates = $this->getMergedTemplates($pageId);
+                       } else {
+                               $this->ajaxObj->setError($GLOBALS['LANG']->getLL('pageIDInteger'));
+                       }
+               } else {
+                       $this->ajaxObj->setError($GLOBALS['LANG']->getLL('noPermission'));
+               }
+               return $templates;
+       }
+
+       /**
+        * Gets merged templates by walking the rootline to a given page id.
+        *
+        * @todo oliver@typo3.org: Refactor this method and comment what's going on there
+        * @param integer $pageId
+        * @param integer $templateId
+        * @return array Setup part of merged template records
+        */
+       protected function getMergedTemplates($pageId, $templateId = 0) {
+               $result = array();
+               /** @var $tsParser \TYPO3\CMS\Core\TypoScript\ExtendedTemplateService */
+               $tsParser = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\TypoScript\\ExtendedTemplateService');
+               $tsParser->tt_track = 0;
+               $tsParser->init();
+               // Gets the rootLine
+               $page = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Page\\PageRepository');
+               $rootLine = $page->getRootLine($pageId);
+               // This generates the constants/config + hierarchy info for the template.
+               $tsParser->runThroughTemplates($rootLine);
+               // ts-setup & ts-constants of the currently edited template should not be included
+               // therefor we have to delete the last template from the stack
+               array_pop($tsParser->config);
+               array_pop($tsParser->constants);
+               $tsParser->linkObjects = TRUE;
+               $tsParser->ext_regLinenumbers = FALSE;
+               $tsParser->bType = $bType;
+               $tsParser->resourceCheck = 1;
+               $tsParser->removeFromGetFilePath = PATH_site;
+               $tsParser->generateConfig();
+               $result = $this->treeWalkCleanup($tsParser->setup);
+               return $result;
+       }
+
+       /**
+        * Walks through a tree of TypoScript configuration an cleans it up.
+        *
+        * @TODO oliver@typo3.org: Define and comment why this is necessary and exactly happens below
+        * @param array $treeBranch TypoScript configuration or sub branch of it
+        * @return array Cleaned TypoScript branch
+        */
+       private function treeWalkCleanup(array $treeBranch) {
+               $cleanedTreeBranch = array();
+               foreach ($treeBranch as $key => $value) {
+                       $dotCount = substr_count($key, '.');
+                       //type definition or value-assignment
+                       if ($dotCount == 0) {
+                               if ($value != '') {
+                                       if (strlen($value) > 20) {
+                                               $value = substr($value, 0, 20);
+                                       }
+                                       if (!isset($cleanedTreeBranch[$key])) {
+                                               $cleanedTreeBranch[$key] = array();
+                                       }
+                                       $cleanedTreeBranch[$key]['v'] = $value;
+                               }
+                       } elseif ($dotCount == 1) {
+                               // subtree (definition of properties)
+                               $subBranch = $this->treeWalkCleanup($value);
+                               if ($subBranch) {
+                                       $key = str_replace('.', '', $key);
+                                       if (!isset($cleanedTreeBranch[$key])) {
+                                               $cleanedTreeBranch[$key] = array();
+                                       }
+                                       $cleanedTreeBranch[$key]['c'] = $subBranch;
+                               }
+                       }
+               }
+               return $cleanedTreeBranch;
+       }
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/t3editor/Classes/FormWizard.php b/typo3/sysext/t3editor/Classes/FormWizard.php
new file mode 100644 (file)
index 0000000..389931c
--- /dev/null
@@ -0,0 +1,42 @@
+<?php
+namespace TYPO3\CMS\T3Editor;
+
+/**
+ * Wizard for tceforms
+ *
+ * @author Tobias Liebig <mail_typo3@etobi.de>
+ */
+class FormWizard {
+
+       /**
+        * Main function
+        *
+        * @param array $parameters
+        * @param object $pObj
+        * @return string|NULL
+        */
+       public function main($parameters, $pObj) {
+               $t3editor = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\T3Editor\\T3Editor');
+               if (!$t3editor->isEnabled()) {
+                       return;
+               }
+               if ($parameters['params']['format'] !== '') {
+                       $t3editor->setModeByType($parameters['params']['format']);
+               } else {
+                       $t3editor->setMode(\TYPO3\CMS\T3Editor\T3Editor::MODE_MIXED);
+               }
+               $config = $GLOBALS['TCA'][$parameters['table']]['columns'][$parameters['field']]['config'];
+               $doc = $GLOBALS['SOBE']->doc;
+               $attributes = ((((((((((('rows="' . $config['rows']) . '" ') . 'cols="') . $config['cols']) . '" ') . 'wrap="off" ') . 'style="') . $config['wizards']['t3editor']['params']['style']) . '" ') . 'onchange="') . $parameters['fieldChangeFunc']['TBE_EDITOR_fieldChanged']) . '" ';
+               $parameters['item'] = '';
+               $parameters['item'] .= $t3editor->getCodeEditor($parameters['itemName'], 'fixed-font enable-tab', $parameters['row'][$parameters['field']], $attributes, ($parameters['table'] . ' > ') . $parameters['field'], array(
+                       'target' => intval($pObj->target)
+               ));
+               $parameters['item'] .= $t3editor->getJavascriptCode($doc);
+               return '';
+       }
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/t3editor/Classes/Hook/FileEditHook.php b/typo3/sysext/t3editor/Classes/Hook/FileEditHook.php
new file mode 100644 (file)
index 0000000..210af18
--- /dev/null
@@ -0,0 +1,103 @@
+<?php
+namespace TYPO3\CMS\T3Editor\Hook;
+
+/**
+ * File edit hook for t3editor
+ *
+ * @author Tobias Liebig <mail_typo3@etobi.de>
+ */
+class FileEditHook {
+
+       /**
+        * @var \TYPO3\CMS\T3Editor\T3Editor
+        */
+       protected $t3editor = NULL;
+
+       /**
+        * @var string
+        */
+       protected $ajaxSaveType = 'tx_tstemplateinfo';
+
+       /**
+        * @return \TYPO3\CMS\T3Editor\T3Editor
+        */
+       protected function getT3editor() {
+               if ($this->t3editor == NULL) {
+                       $this->t3editor = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\T3Editor\\T3Editor')->setAjaxSaveType($this->ajaxSaveType);
+               }
+               return $this->t3editor;
+       }
+
+       /**
+        * Hook-function: inject t3editor JavaScript code before the page is compiled
+        * called in file_edit.php:SC_file_edit->main
+        *
+        * @param array $parameters
+        * @param \TYPO3\CMS\Backend\Controller\File\EditFileController $pObj
+        */
+       public function preOutputProcessingHook($parameters, $pObj) {
+               $t3editor = $this->getT3editor();
+               $t3editor->setModeByFile($parameters['target']);
+               if (!$t3editor->isEnabled() || !$t3editor->getMode()) {
+                       return;
+               }
+               $parameters['content'] = str_replace('<!--###POSTJSMARKER###-->', '<!--###POSTJSMARKER###-->' . $t3editor->getModeSpecificJavascriptCode(), $parameters['content']);
+       }
+
+       /**
+        * Hook-function: inject t3editor JavaScript code before the page is compiled
+        * called in typo3/template.php:startPage
+        *
+        * @param array $parameters
+        * @param \TYPO3\CMS\Backend\Template\DocumentTemplate $pObj
+        */
+       public function preStartPageHook($parameters, $pObj) {
+               if (preg_match('/typo3\\/file_edit\\.php/', $_SERVER['SCRIPT_NAME'])) {
+                       $t3editor = $this->getT3editor();
+                       if (!$t3editor->isEnabled()) {
+                               return;
+                       }
+                       $pObj->JScode .= $t3editor->getJavascriptCode($pObj);
+                       $pObj->loadJavascriptLib(\t3lib_extmgm::extRelPath('t3editor') . 'res/jslib/fileedit.js');
+               }
+       }
+
+       /**
+        * Hook-function:
+        * called in file_edit.php:SC_file_edit->main
+        *
+        * @param array $parameters
+        * @param \TYPO3\CMS\Backend\Controller\File\EditFileController $pObj
+        */
+       public function postOutputProcessingHook($parameters, $pObj) {
+               $t3editor = $this->getT3editor();
+               if (!$t3editor->isEnabled() || !$t3editor->getMode()) {
+                       return;
+               }
+               $attributes = ('rows="30" ' . 'wrap="off" ') . $pObj->doc->formWidthText(48, 'width:98%;height:60%', 'off');
+               $title = ($GLOBALS['LANG']->getLL('file') . ' ') . htmlspecialchars($pObj->target);
+               $outCode = $t3editor->getCodeEditor('file[editfile][0][data]', 'fixed-font enable-tab', '$1', $attributes, $title, array(
+                       'target' => intval($pObj->target)
+               ));
+               $parameters['pageContent'] = preg_replace('/\\<textarea .*name="file\\[editfile\\]\\[0\\]\\[data\\]".*\\>([^\\<]*)\\<\\/textarea\\>/mi', $outCode, $parameters['pageContent']);
+       }
+
+       /**
+        * @return boolean TRUE if successful
+        */
+       public function save($parameters, $pObj) {
+               $savingsuccess = FALSE;
+               if ($parameters['type'] == $this->ajaxSaveType) {
+                       require_once 'init.php';
+                       $tceFile = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Backend\\Controller\\File\\FileController');
+                       $tceFile->processAjaxRequest(array(), $parameters['ajaxObj']);
+                       $result = $parameters['ajaxObj']->getContent('result');
+                       $savingsuccess = is_array($result) && $result['editfile'][0];
+               }
+               return $savingsuccess;
+       }
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/t3editor/Classes/Hook/TypoScriptTemplateInfoHook.php b/typo3/sysext/t3editor/Classes/Hook/TypoScriptTemplateInfoHook.php
new file mode 100644 (file)
index 0000000..0f024a6
--- /dev/null
@@ -0,0 +1,151 @@
+<?php
+namespace TYPO3\CMS\T3Editor\Hook;
+
+/**
+ * Hook for tstemplate info
+ *
+ * @author Tobias Liebig <mail_typo3@etobi.de>
+ */
+class TypoScriptTemplateInfoHook {
+
+       /**
+        * @var \TYPO3\CMS\T3Editor\T3Editor
+        */
+       protected $t3editor = NULL;
+
+       /**
+        * @var string
+        */
+       protected $ajaxSaveType = 'tx_tstemplateinfo';
+
+       /**
+        * @return \TYPO3\CMS\T3Editor\T3Editor
+        */
+       protected function getT3editor() {
+               if ($this->t3editor == NULL) {
+                       $this->t3editor = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\T3Editor\\T3Editor')->setMode(\TYPO3\CMS\T3Editor\T3Editor::MODE_TYPOSCRIPT)->setAjaxSaveType($this->ajaxSaveType);
+               }
+               return $this->t3editor;
+       }
+
+       /**
+        * Hook-function: inject t3editor JavaScript code before the page is compiled
+        * called in typo3/template.php:startPage
+        *
+        * @param array $parameters
+        * @param \TYPO3\CMS\Backend\Template\DocumentTemplate $pObj
+        * @return void
+        */
+       public function preStartPageHook($parameters, $pObj) {
+               // Enable editor in Template-Modul
+               if (\TYPO3\CMS\Core\Utility\GeneralUtility::_GET('M') === 'web_ts') {
+                       $t3editor =