In saltedpasswords and t3editor.
Additionally some fixes to swift mailer loading are done.
Change-Id: I50b98f7364265d71a80672d8572433b98a0a5bea
Resolves: #40116
Related: #40095
Releases: 6.0
Reviewed-on: http://review.typo3.org/14031
Reviewed-by: Thomas Maroschik
Tested-by: Thomas Maroschik
<?php
namespace TYPO3\CMS\Core\Mail;
+// Make sure Swift's auto-loader is registered
+require_once PATH_typo3 . 'contrib/swiftmailer/swift_required.php';
+
/**
* Adapter for Swift_Mailer to be used by TYPO3 extensions
*
* @package TYPO3
* @subpackage t3lib
*/
-class MailMessage extends Swift_Message {
+class MailMessage extends \Swift_Message {
/**
* @var \TYPO3\CMS\Core\Mail\Mailer
}
-?>
\ No newline at end of file
+?>
--- /dev/null
+<?php
+namespace TYPO3\CMS\Saltedpasswords;
+
+/***************************************************************
+ * Copyright notice
+ *
+ * (c) 2011 Helmut Hummel <helmut.hummel@typo3.org>
+ * All rights reserved
+ *
+ * This script is part of the TYPO3 project. The TYPO3 project is
+ * free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The GNU General Public License can be found at
+ * http://www.gnu.org/copyleft/gpl.html.
+ * A copy is found in the textfile GPL.txt and important notices to the license
+ * from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ * This script is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Autoloader included from Install Tool that lets saltedpasswords load itself
+ *
+ * @author Helmut Hummel <helmut.hummel@typo3.org>
+ * @package TYPO3
+ * @subpackage saltedpasswords
+ */
+class Autoloader {
+
+ /**
+ * Activates saltedpasswords if it is supported.
+ *
+ * @param \TYPO3\CMS\Install\Installer $instObj
+ * @return void
+ */
+ public function execute(\TYPO3\CMS\Install\Installer $instObj) {
+ switch ($instObj->step) {
+ case 4:
+ if (!\TYPO3\CMS\Core\Extension\ExtensionManager::isLoaded('saltedpasswords') && $this->isSaltedPasswordsSupported()) {
+ $this->activateSaltedPasswords();
+ }
+ break;
+ }
+ }
+
+ /**
+ * Checks whether the OpenSSL PHP extension is working properly.
+ *
+ * Before automatically enabling saltedpasswords, we check for a working OpenSSL PHP extension. As we enable rsaauth
+ * in the process of automatically enabling saltedpasswords, working OpenSSL is a requirement for this.
+ * Availability of the command line openssl binary is not checked here, thus saltedpasswords is NOT enabled
+ * automatically in this case.
+ *
+ * @return boolean TRUE, in case of OpenSSL works and requirements for saltedpasswords are met.
+ * @see tx_rsaauth_php_backend
+ */
+ protected function isSaltedPasswordsSupported() {
+ $isSupported = FALSE;
+ if (is_callable('openssl_pkey_new')) {
+ $testKey = @openssl_pkey_new();
+ if (is_resource($testKey)) {
+ openssl_free_key($testKey);
+ $isSupported = TRUE;
+ }
+ }
+ return $isSupported;
+ }
+
+ /**
+ * Activates saltedpasswords.
+ *
+ * @return void
+ */
+ protected function activateSaltedPasswords() {
+ if (!\TYPO3\CMS\Core\Extension\ExtensionManager::isLoaded('rsaauth')) {
+ \TYPO3\CMS\Core\Extension\ExtensionManager::loadExtension('rsaauth');
+ }
+ if (!\TYPO3\CMS\Core\Extension\ExtensionManager::isLoaded('saltedpasswords')) {
+ \TYPO3\CMS\Core\Extension\ExtensionManager::loadExtension('saltedpasswords');
+ }
+ \TYPO3\CMS\Core\Configuration\ConfigurationManager::setLocalConfigurationValueByPath('EXT/extConf/saltedpasswords', 'a:2:{s:3:"FE.";a:2:{s:7:"enabled";s:1:"1";s:21:"saltedPWHashingMethod";s:28:"tx_saltedpasswords_salts_md5";}s:3:"BE.";a:2:{s:7:"enabled";s:1:"1";s:21:"saltedPWHashingMethod";s:28:"tx_saltedpasswords_salts_md5";}}');
+ \TYPO3\CMS\Core\Configuration\ConfigurationManager::setLocalConfigurationValueByPath('BE/loginSecurityLevel', 'rsa');
+ \TYPO3\CMS\Core\Configuration\ConfigurationManager::setLocalConfigurationValueByPath('FE/loginSecurityLevel', 'rsa');
+ }
+
+}
+
+
+?>
\ No newline at end of file
--- /dev/null
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Evaluation;
+
+/***************************************************************
+ * Copyright notice
+ *
+ * (c) Marcus Krause (marcus#exp2009@t3sec.info)
+ * (c) Steffen Ritter (info@rs-websystems.de)
+ * All rights reserved
+ *
+ * This script is part of the TYPO3 project. The TYPO3 project is
+ * free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The GNU General Public License can be found at
+ * http://www.gnu.org/copyleft/gpl.html.
+ * A copy is found in the textfile GPL.txt and important notices to the license
+ * from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ * This script is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Class implementing salted evaluation methods for BE users.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @author Steffen Ritter <info@rs-websystems.de>
+ * @since 2009-06-14
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class BackendEvaluator extends \TYPO3\CMS\Saltedpasswords\Evaluation\Evaluator {
+
+ /**
+ * Class constructor.
+ */
+ public function __construct() {
+ $this->mode = 'BE';
+ }
+
+}
+
+
+?>
\ No newline at end of file
--- /dev/null
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Evaluation;
+
+/***************************************************************
+ * Copyright notice
+ *
+ * (c) Marcus Krause (marcus#exp2009@t3sec.info)
+ * (c) Steffen Ritter (info@rs-websystems.de)
+ * All rights reserved
+ *
+ * This script is part of the TYPO3 project. The TYPO3 project is
+ * free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The GNU General Public License can be found at
+ * http://www.gnu.org/copyleft/gpl.html.
+ * A copy is found in the textfile GPL.txt and important notices to the license
+ * from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ * This script is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Class implementing salted evaluation methods.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @author Steffen Ritter <info@rs-websystems.de>
+ * @since 2009-06-14
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class Evaluator {
+
+ /**
+ * Keeps TYPO3 mode.
+ *
+ * Either 'FE' or 'BE'.
+ *
+ * @var string
+ */
+ protected $mode = NULL;
+
+ /**
+ * This function just return the field value as it is. No transforming,
+ * hashing will be done on server-side.
+ *
+ * @return string JavaScript code for evaluating the
+ * @todo Define visibility
+ */
+ public function returnFieldJS() {
+ return 'return value;';
+ }
+
+ /**
+ * Function uses Portable PHP Hashing Framework to create a proper password string if needed
+ *
+ * @param mixed $value The value that has to be checked.
+ * @param string $is_in Is-In String
+ * @param integer $set Determines if the field can be set (value correct) or not, e.g. if input is required but the value is empty, then $set should be set to FALSE. (PASSED BY REFERENCE!)
+ * @return The new value of the field
+ * @todo Define visibility
+ */
+ public function evaluateFieldValue($value, $is_in, &$set) {
+ $isEnabled = $this->mode ? \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled($this->mode) : \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled();
+ if ($isEnabled) {
+ $set = FALSE;
+ $isMD5 = preg_match('/[0-9abcdef]{32,32}/', $value);
+ $isSaltedHash = \TYPO3\CMS\Core\Utility\GeneralUtility::inList('$1$,$2$,$2a,$P$', substr($value, 0, 3));
+ $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, $this->mode);
+ if ($isMD5) {
+ $set = TRUE;
+ $value = 'M' . $this->objInstanceSaltedPW->getHashedPassword($value);
+ } elseif (!$isSaltedHash) {
+ $set = TRUE;
+ $value = $this->objInstanceSaltedPW->getHashedPassword($value);
+ }
+ }
+ return $value;
+ }
+
+}
+
+
+?>
\ No newline at end of file
--- /dev/null
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Evaluation;
+
+/***************************************************************
+ * Copyright notice
+ *
+ * (c) Marcus Krause (marcus#exp2009@t3sec.info)
+ * (c) Steffen Ritter (info@rs-websystems.de)
+ * All rights reserved
+ *
+ * This script is part of the TYPO3 project. The TYPO3 project is
+ * free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The GNU General Public License can be found at
+ * http://www.gnu.org/copyleft/gpl.html.
+ * A copy is found in the textfile GPL.txt and important notices to the license
+ * from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ * This script is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Class implementing salted evaluation methods for FE users.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @author Steffen Ritter <info@rs-websystems.de>
+ * @since 2009-06-14
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class FrontendEvaluator extends \TYPO3\CMS\Saltedpasswords\Evaluation\Evaluator {
+
+ /**
+ * Class constructor.
+ */
+ public function __construct() {
+ $this->mode = 'FE';
+ }
+
+}
+
+
+?>
\ No newline at end of file
--- /dev/null
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Salt;
+
+/***************************************************************
+ * Copyright notice
+ *
+ * (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
+ * All rights reserved
+ *
+ * This script is part of the TYPO3 project. The TYPO3 project is
+ * free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The GNU General Public License can be found at
+ * http://www.gnu.org/copyleft/gpl.html.
+ * A copy is found in the textfile GPL.txt and important notices to the license
+ * from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ * This script is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Contains abstract class "tx_saltedpasswords_abstract_salts"
+ * to be used in classes that provide salted hashing.
+ */
+/**
+ * Abtract class with methods needed to be extended
+ * in a salted hashing class.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @since 2009-09-06
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+abstract class AbstractSalt {
+
+ /**
+ * Method applies settings (prefix, optional hash count, optional suffix)
+ * to a salt.
+ *
+ * @param string $salt A salt to apply setting to
+ * @return string Salt with setting
+ */
+ abstract protected function applySettingsToSalt($salt);
+
+ /**
+ * Generates a random base salt settings for the hash.
+ *
+ * @return string A string containing settings and a random salt
+ */
+ abstract protected function getGeneratedSalt();
+
+ /**
+ * Returns a string for mapping an int to the corresponding base 64 character.
+ *
+ * @return string String for mapping an int to the corresponding base 64 character
+ */
+ abstract protected function getItoa64();
+
+ /**
+ * Returns setting string to indicate type of hashing method.
+ *
+ * @return string Setting string of hashing method
+ */
+ abstract protected function getSetting();
+
+ /**
+ * Encodes bytes into printable base 64 using the *nix standard from crypt().
+ *
+ * @param string $input The string containing bytes to encode.
+ * @param integer $count The number of characters (bytes) to encode.
+ * @return string Encoded string
+ */
+ public function base64Encode($input, $count) {
+ $output = '';
+ $i = 0;
+ $itoa64 = $this->getItoa64();
+ do {
+ $value = ord($input[$i++]);
+ $output .= $itoa64[$value & 63];
+ if ($i < $count) {
+ $value |= ord($input[$i]) << 8;
+ }
+ $output .= $itoa64[$value >> 6 & 63];
+ if ($i++ >= $count) {
+ break;
+ }
+ if ($i < $count) {
+ $value |= ord($input[$i]) << 16;
+ }
+ $output .= $itoa64[$value >> 12 & 63];
+ if ($i++ >= $count) {
+ break;
+ }
+ $output .= $itoa64[$value >> 18 & 63];
+ } while ($i < $count);
+ return $output;
+ }
+
+ /**
+ * Method determines required length of base64 characters for a given
+ * length of a byte string.
+ *
+ * @param integer $byteLength Length of bytes to calculate in base64 chars
+ * @return integer Required length of base64 characters
+ */
+ protected function getLengthBase64FromBytes($byteLength) {
+ // Calculates bytes in bits in base64
+ return intval(ceil(($byteLength * 8) / 6));
+ }
+
+}
+
+
+?>
\ No newline at end of file
--- /dev/null
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Salt;
+
+/***************************************************************
+ * Copyright notice
+ *
+ * (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
+ * All rights reserved
+ *
+ * This script is part of the TYPO3 project. The TYPO3 project is
+ * free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The GNU General Public License can be found at
+ * http://www.gnu.org/copyleft/gpl.html.
+ * A copy is found in the textfile GPL.txt and important notices to the license
+ * from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ * This script is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Contains class "tx_saltedpasswords_salts_blowfish"
+ * that provides Blowfish salted hashing.
+ */
+/**
+ * Class that implements Blowfish salted hashing based on PHP's
+ * crypt() function.
+ *
+ * Warning: Blowfish salted hashing with PHP's crypt() is not available
+ * on every system.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @since 2009-09-06
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class BlowfishSalt extends \TYPO3\CMS\Saltedpasswords\Salt\Md5Salt {
+
+ /**
+ * The default log2 number of iterations for password stretching.
+ */
+ const HASH_COUNT = 7;
+ /**
+ * The default maximum allowed log2 number of iterations for
+ * password stretching.
+ */
+ const MAX_HASH_COUNT = 17;
+ /**
+ * The default minimum allowed log2 number of iterations for
+ * password stretching.
+ */
+ const MIN_HASH_COUNT = 4;
+ /**
+ * Keeps log2 number
+ * of iterations for password stretching.
+ *
+ * @var integer
+ */
+ static protected $hashCount;
+
+ /**
+ * Keeps maximum allowed log2 number
+ * of iterations for password stretching.
+ *
+ * @var integer
+ */
+ static protected $maxHashCount;
+
+ /**
+ * Keeps minimum allowed log2 number
+ * of iterations for password stretching.
+ *
+ * @var integer
+ */
+ static protected $minHashCount;
+
+ /**
+ * Keeps length of a Blowfish salt in bytes.
+ *
+ * @var integer
+ */
+ static protected $saltLengthBlowfish = 16;
+
+ /**
+ * Setting string to indicate type of hashing method (blowfish).
+ *
+ * @var string
+ */
+ static protected $settingBlowfish = '$2a$';
+
+ /**
+ * Method applies settings (prefix, hash count) to a salt.
+ *
+ * Overwrites {@link tx_saltedpasswords_salts_md5::applySettingsToSalt()}
+ * with Blowfish specifics.
+ *
+ * @param string $salt A salt to apply setting to
+ * @return string Salt with setting
+ */
+ protected function applySettingsToSalt($salt) {
+ $saltWithSettings = $salt;
+ $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
+ // salt without setting
+ if (strlen($salt) == $reqLenBase64) {
+ $saltWithSettings = (($this->getSetting() . sprintf('%02u', $this->getHashCount())) . '$') . $salt;
+ }
+ return $saltWithSettings;
+ }
+
+ /**
+ * Parses the log2 iteration count from a stored hash or setting string.
+ *
+ * @param string $setting Complete hash or a hash's setting string or to get log2 iteration count from
+ * @return integer Used hashcount for given hash string
+ */
+ protected function getCountLog2($setting) {
+ $countLog2 = NULL;
+ $setting = substr($setting, strlen($this->getSetting()));
+ $firstSplitPos = strpos($setting, '$');
+ // Hashcount existing
+ if (($firstSplitPos !== FALSE && $firstSplitPos <= 2) && is_numeric(substr($setting, 0, $firstSplitPos))) {
+ $countLog2 = intval(substr($setting, 0, $firstSplitPos));
+ }
+ return $countLog2;
+ }
+
+ /**
+ * Method returns log2 number of iterations for password stretching.
+ *
+ * @return integer log2 number of iterations for password stretching
+ * @see HASH_COUNT
+ * @see $hashCount
+ * @see setHashCount()
+ */
+ public function getHashCount() {
+ return isset(self::$hashCount) ? self::$hashCount : self::HASH_COUNT;
+ }
+
+ /**
+ * Method returns maximum allowed log2 number of iterations for password stretching.
+ *
+ * @return integer Maximum allowed log2 number of iterations for password stretching
+ * @see MAX_HASH_COUNT
+ * @see $maxHashCount
+ * @see setMaxHashCount()
+ */
+ public function getMaxHashCount() {
+ return isset(self::$maxHashCount) ? self::$maxHashCount : self::MAX_HASH_COUNT;
+ }
+
+ /**
+ * Returns wether all prequesites for the hashing methods are matched
+ *
+ * @return boolean Method available
+ */
+ public function isAvailable() {
+ return CRYPT_BLOWFISH;
+ }
+
+ /**
+ * Method returns minimum allowed log2 number of iterations for password stretching.
+ *
+ * @return integer Minimum allowed log2 number of iterations for password stretching
+ * @see MIN_HASH_COUNT
+ * @see $minHashCount
+ * @see setMinHashCount()
+ */
+ public function getMinHashCount() {
+ return isset(self::$minHashCount) ? self::$minHashCount : self::MIN_HASH_COUNT;
+ }
+
+ /**
+ * Returns length of a Blowfish salt in bytes.
+ *
+ * Overwrites {@link tx_saltedpasswords_salts_md5::getSaltLength()}
+ * with Blowfish specifics.
+ *
+ * @return integer Length of a Blowfish salt in bytes
+ */
+ public function getSaltLength() {
+ return self::$saltLengthBlowfish;
+ }
+
+ /**
+ * Returns setting string of Blowfish salted hashes.
+ *
+ * Overwrites {@link tx_saltedpasswords_salts_md5::getSetting()}
+ * with Blowfish specifics.
+ *
+ * @return string Setting string of Blowfish salted hashes
+ */
+ public function getSetting() {
+ return self::$settingBlowfish;
+ }
+
+ /**
+ * Checks whether a user's hashed password needs to be replaced with a new hash.
+ *
+ * This is typically called during the login process when the plain text
+ * password is available. A new hash is needed when the desired iteration
+ * count has changed through a change in the variable $hashCount or
+ * HASH_COUNT.
+ *
+ * @param string $saltedPW Salted hash to check if it needs an update
+ * @return boolean TRUE if salted hash needs an update, otherwise FALSE
+ */
+ public function isHashUpdateNeeded($saltedPW) {
+ // Check whether this was an updated password.
+ if (strncmp($saltedPW, '$2', 2) || !$this->isValidSalt($saltedPW)) {
+ return TRUE;
+ }
+ // Check whether the iteration count used differs from the standard number.
+ $countLog2 = $this->getCountLog2($saltedPW);
+ return !is_NULL($countLog2) && $countLog2 < $this->getHashCount();
+ }
+
+ /**
+ * Method determines if a given string is a valid salt.
+ *
+ * Overwrites {@link tx_saltedpasswords_salts_md5::isValidSalt()} with
+ * Blowfish specifics.
+ *
+ * @param string $salt String to check
+ * @return boolean TRUE if it's valid salt, otherwise FALSE
+ */
+ public function isValidSalt($salt) {
+ $isValid = ($skip = FALSE);
+ $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
+ if (strlen($salt) >= $reqLenBase64) {
+ // Salt with prefixed setting
+ if (!strncmp('$', $salt, 1)) {
+ if (!strncmp($this->getSetting(), $salt, strlen($this->getSetting()))) {
+ $isValid = TRUE;
+ $salt = substr($salt, strrpos($salt, '$') + 1);
+ } else {
+ $skip = TRUE;
+ }
+ }
+ // Checking base64 characters
+ if (!$skip && strlen($salt) >= $reqLenBase64) {
+ if (preg_match(((((('/^[' . preg_quote($this->getItoa64(), '/')) . ']{') . $reqLenBase64) . ',') . $reqLenBase64) . '}$/', substr($salt, 0, $reqLenBase64))) {
+ $isValid = TRUE;
+ }
+ }
+ }
+ return $isValid;
+ }
+
+ /**
+ * Method determines if a given string is a valid salted hashed password.
+ *
+ * @param string $saltedPW String to check
+ * @return boolean TRUE if it's valid salted hashed password, otherwise FALSE
+ */
+ public function isValidSaltedPW($saltedPW) {
+ $isValid = FALSE;
+ $isValid = !strncmp($this->getSetting(), $saltedPW, strlen($this->getSetting())) ? TRUE : FALSE;
+ if ($isValid) {
+ $isValid = $this->isValidSalt($saltedPW);
+ }
+ return $isValid;
+ }
+
+ /**
+ * Method sets log2 number of iterations for password stretching.
+ *
+ * @param integer $hashCount log2 number of iterations for password stretching to set
+ * @see HASH_COUNT
+ * @see $hashCount
+ * @see getHashCount()
+ */
+ public function setHashCount($hashCount = NULL) {
+ self::$hashCount = ((!is_NULL($hashCount) && is_int($hashCount)) && $hashCount >= $this->getMinHashCount()) && $hashCount <= $this->getMaxHashCount() ? $hashCount : self::HASH_COUNT;
+ }
+
+ /**
+ * Method sets maximum allowed log2 number of iterations for password stretching.
+ *
+ * @param integer $maxHashCount Maximum allowed log2 number of iterations for password stretching to set
+ * @see MAX_HASH_COUNT
+ * @see $maxHashCount
+ * @see getMaxHashCount()
+ */
+ public function setMaxHashCount($maxHashCount = NULL) {
+ self::$maxHashCount = !is_NULL($maxHashCount) && is_int($maxHashCount) ? $maxHashCount : self::MAX_HASH_COUNT;
+ }
+
+ /**
+ * Method sets minimum allowed log2 number of iterations for password stretching.
+ *
+ * @param integer $minHashCount Minimum allowed log2 number of iterations for password stretching to set
+ * @see MIN_HASH_COUNT
+ * @see $minHashCount
+ * @see getMinHashCount()
+ */
+ public function setMinHashCount($minHashCount = NULL) {
+ self::$minHashCount = !is_NULL($minHashCount) && is_int($minHashCount) ? $minHashCount : self::MIN_HASH_COUNT;
+ }
+
+}
+
+
+?>
\ No newline at end of file
--- /dev/null
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Salt;
+
+/***************************************************************
+ * Copyright notice
+ *
+ * (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
+ * All rights reserved
+ *
+ * This script is part of the TYPO3 project. The TYPO3 project is
+ * free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The GNU General Public License can be found at
+ * http://www.gnu.org/copyleft/gpl.html.
+ * A copy is found in the textfile GPL.txt and important notices to the license
+ * from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ * This script is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Contains class "tx_saltedpasswords_salts_md5"
+ * that provides MD5 salted hashing.
+ */
+/**
+ * Class that implements MD5 salted hashing based on PHP's
+ * crypt() function.
+ *
+ * MD5 salted hashing with PHP's crypt() should be available
+ * on most of the systems.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @since 2009-09-06
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class Md5Salt extends \TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt implements \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface {
+
+ /**
+ * Keeps a string for mapping an int to the corresponding
+ * base 64 character.
+ */
+ const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
+ /**
+ * Keeps length of a MD5 salt in bytes.
+ *
+ * @var integer
+ */
+ static protected $saltLengthMD5 = 6;
+
+ /**
+ * Keeps suffix to be appended to a salt.
+ *
+ * @var string
+ */
+ static protected $saltSuffixMD5 = '$';
+
+ /**
+ * Setting string to indicate type of hashing method (md5).
+ *
+ * @var string
+ */
+ static protected $settingMD5 = '$1$';
+
+ /**
+ * Method applies settings (prefix, suffix) to a salt.
+ *
+ * @param string $salt A salt to apply setting to
+ * @return string Salt with setting
+ */
+ protected function applySettingsToSalt($salt) {
+ $saltWithSettings = $salt;
+ $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
+ // Salt without setting
+ if (strlen($salt) == $reqLenBase64) {
+ $saltWithSettings = ($this->getSetting() . $salt) . $this->getSaltSuffix();
+ }
+ return $saltWithSettings;
+ }
+
+ /**
+ * Method checks if a given plaintext password is correct by comparing it with
+ * a given salted hashed password.
+ *
+ * @param string $plainPW plain-text password to compare with salted hash
+ * @param string $saltedHashPW salted hash to compare plain-text password with
+ * @return boolean TRUE, if plain-text password matches the salted hash, otherwise FALSE
+ */
+ public function checkPassword($plainPW, $saltedHashPW) {
+ $isCorrect = FALSE;
+ if ($this->isValidSalt($saltedHashPW)) {
+ $isCorrect = crypt($plainPW, $saltedHashPW) == $saltedHashPW;
+ }
+ return $isCorrect;
+ }
+
+ /**
+ * Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.
+ *
+ * Proper use of salts may defeat a number of attacks, including:
+ * - The ability to try candidate passwords against multiple hashes at once.
+ * - The ability to use pre-hashed lists of candidate passwords.
+ * - The ability to determine whether two users have the same (or different)
+ * password without actually having to guess one of the passwords.
+ *
+ * @return string A character string containing settings and a random salt
+ */
+ protected function getGeneratedSalt() {
+ $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->getSaltLength());
+ return $this->base64Encode($randomBytes, $this->getSaltLength());
+ }
+
+ /**
+ * Method creates a salted hash for a given plaintext password
+ *
+ * @param string $password plaintext password to create a salted hash from
+ * @param string $salt Optional custom salt with setting to use
+ * @return string Salted hashed password
+ */
+ public function getHashedPassword($password, $salt = NULL) {
+ $saltedPW = NULL;
+ if (!empty($password)) {
+ if (empty($salt) || !$this->isValidSalt($salt)) {
+ $salt = $this->getGeneratedSalt();
+ }
+ $saltedPW = crypt($password, $this->applySettingsToSalt($salt));
+ }
+ return $saltedPW;
+ }
+
+ /**
+ * Returns a string for mapping an int to the corresponding base 64 character.
+ *
+ * @return string String for mapping an int to the corresponding base 64 character
+ */
+ protected function getItoa64() {
+ return self::ITOA64;
+ }
+
+ /**
+ * Returns wether all prequesites for the hashing methods are matched
+ *
+ * @return boolean Method available
+ */
+ public function isAvailable() {
+ return CRYPT_MD5;
+ }
+
+ /**
+ * Returns length of a MD5 salt in bytes.
+ *
+ * @return integer Length of a MD5 salt in bytes
+ */
+ public function getSaltLength() {
+ return self::$saltLengthMD5;
+ }
+
+ /**
+ * Returns suffix to be appended to a salt.
+ *
+ * @return string Suffix of a salt
+ */
+ protected function getSaltSuffix() {
+ return self::$saltSuffixMD5;
+ }
+
+ /**
+ * Returns setting string of MD5 salted hashes.
+ *
+ * @return string Setting string of MD5 salted hashes
+ */
+ public function getSetting() {
+ return self::$settingMD5;
+ }
+
+ /**
+ * Checks whether a user's hashed password needs to be replaced with a new hash.
+ *
+ * This is typically called during the login process when the plain text
+ * password is available. A new hash is needed when the desired iteration
+ * count has changed through a change in the variable $hashCount or
+ * HASH_COUNT or if the user's password hash was generated in an bulk update
+ * with class ext_update.
+ *
+ * @param string $passString Salted hash to check if it needs an update
+ * @return boolean TRUE if salted hash needs an update, otherwise FALSE
+ */
+ public function isHashUpdateNeeded($passString) {
+ return FALSE;
+ }
+
+ /**
+ * Method determines if a given string is a valid salt
+ *
+ * @param string $salt String to check
+ * @return boolean TRUE if it's valid salt, otherwise FALSE
+ */
+ public function isValidSalt($salt) {
+ $isValid = ($skip = FALSE);
+ $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
+ if (strlen($salt) >= $reqLenBase64) {
+ // Salt with prefixed setting
+ if (!strncmp('$', $salt, 1)) {
+ if (!strncmp($this->getSetting(), $salt, strlen($this->getSetting()))) {
+ $isValid = TRUE;
+ $salt = substr($salt, strlen($this->getSetting()));
+ } else {
+ $skip = TRUE;
+ }
+ }
+ // Checking base64 characters
+ if (!$skip && strlen($salt) >= $reqLenBase64) {
+ if (preg_match(((((('/^[' . preg_quote($this->getItoa64(), '/')) . ']{') . $reqLenBase64) . ',') . $reqLenBase64) . '}$/', substr($salt, 0, $reqLenBase64))) {
+ $isValid = TRUE;
+ }
+ }
+ }
+ return $isValid;
+ }
+
+ /**
+ * Method determines if a given string is a valid salted hashed password.
+ *
+ * @param string $saltedPW String to check
+ * @return boolean TRUE if it's valid salted hashed password, otherwise FALSE
+ */
+ public function isValidSaltedPW($saltedPW) {
+ $isValid = FALSE;
+ $isValid = !strncmp($this->getSetting(), $saltedPW, strlen($this->getSetting())) ? TRUE : FALSE;
+ if ($isValid) {
+ $isValid = $this->isValidSalt($saltedPW);
+ }
+ return $isValid;
+ }
+
+}
+
+
+?>
\ No newline at end of file
--- /dev/null
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Salt;
+
+/***************************************************************
+ * Copyright notice
+ *
+ * (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
+ * All rights reserved
+ *
+ * This script is part of the TYPO3 project. The TYPO3 project is
+ * free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The GNU General Public License can be found at
+ * http://www.gnu.org/copyleft/gpl.html.
+ * A copy is found in the textfile GPL.txt and important notices to the license
+ * from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ * This script is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Contains class "tx_saltedpasswords_salts_phpass"
+ * that provides PHPass salted hashing.
+ *
+ * Derived from Drupal CMS
+ * original license: GNU General Public License (GPL)
+ *
+ * @see http://drupal.org/node/29706/
+ * @see http://www.openwall.com/phpass/
+ */
+/**
+ * Class that implements PHPass salted hashing based on Drupal's
+ * modified Openwall implementation.
+ *
+ * PHPass should work on every system.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @since 2009-09-06
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class PhpassSalt extends \TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt implements \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface {
+
+ /**
+ * Keeps a string for mapping an int to the corresponding
+ * base 64 character.
+ */
+ const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
+ /**
+ * The default log2 number of iterations for password stretching.
+ */
+ const HASH_COUNT = 14;
+ /**
+ * The default maximum allowed log2 number of iterations for
+ * password stretching.
+ */
+ const MAX_HASH_COUNT = 24;
+ /**
+ * The default minimum allowed log2 number of iterations for
+ * password stretching.
+ */
+ const MIN_HASH_COUNT = 7;
+ /**
+ * Keeps log2 number
+ * of iterations for password stretching.
+ *
+ * @var integer
+ */
+ static protected $hashCount;
+
+ /**
+ * Keeps maximum allowed log2 number
+ * of iterations for password stretching.
+ *
+ * @var integer
+ */
+ static protected $maxHashCount;
+
+ /**
+ * Keeps minimum allowed log2 number
+ * of iterations for password stretching.
+ *
+ * @var integer
+ */
+ static protected $minHashCount;
+
+ /**
+ * Keeps length of a PHPass salt in bytes.
+ *
+ * @var integer
+ */
+ static protected $saltLengthPhpass = 6;
+
+ /**
+ * Setting string to indicate type of hashing method (PHPass).
+ *
+ * @var string
+ */
+ static protected $settingPhpass = '$P$';
+
+ /**
+ * Method applies settings (prefix, hash count) to a salt.
+ *
+ * Overwrites {@link tx_saltedpasswords_salts_md5::applySettingsToSalt()}
+ * with Blowfish specifics.
+ *
+ * @param string $salt A salt to apply setting to
+ * @return string Salt with setting
+ */
+ protected function applySettingsToSalt($salt) {
+ $saltWithSettings = $salt;
+ $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
+ // Salt without setting
+ if (strlen($salt) == $reqLenBase64) {
+ // We encode the final log2 iteration count in base 64.
+ $itoa64 = $this->getItoa64();
+ $saltWithSettings = $this->getSetting() . $itoa64[$this->getHashCount()];
+ $saltWithSettings .= $salt;
+ }
+ return $saltWithSettings;
+ }
+
+ /**
+ * Method checks if a given plaintext password is correct by comparing it with
+ * a given salted hashed password.
+ *
+ * @param string $plainPW Plain-text password to compare with salted hash
+ * @param string $saltedHashPW Salted hash to compare plain-text password with
+ * @return boolean TRUE, if plain-text password matches the salted hash, otherwise FALSE
+ */
+ public function checkPassword($plainPW, $saltedHashPW) {
+ $hash = $this->cryptPassword($plainPW, $saltedHashPW);
+ return $hash && $saltedHashPW === $hash;
+ }
+
+ /**
+ * Returns wether all prequesites for the hashing methods are matched
+ *
+ * @return boolean Method available
+ */
+ public function isAvailable() {
+ return TRUE;
+ }
+
+ /**
+ * Hashes a password using a secure stretched hash.
+ *
+ * By using a salt and repeated hashing the password is "stretched". Its
+ * security is increased because it becomes much more computationally costly
+ * for an attacker to try to break the hash by brute-force computation of the
+ * hashes of a large number of plain-text words or strings to find a match.
+ *
+ * @param string $password Plain-text password to hash
+ * @param string $setting An existing hash or the output of getGeneratedSalt()
+ * @return mixed A string containing the hashed password (and salt)
+ */
+ protected function cryptPassword($password, $setting) {
+ $saltedPW = NULL;
+ $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
+ // Retrieving settings with salt
+ $setting = substr($setting, 0, (strlen($this->getSetting()) + 1) + $reqLenBase64);
+ $count_log2 = $this->getCountLog2($setting);
+ // Hashes may be imported from elsewhere, so we allow != HASH_COUNT
+ if ($count_log2 >= $this->getMinHashCount() && $count_log2 <= $this->getMaxHashCount()) {
+ $salt = substr($setting, strlen($this->getSetting()) + 1, $reqLenBase64);
+ // We must use md5() or sha1() here since they are the only cryptographic
+ // primitives always available in PHP 5. To implement our own low-level
+ // cryptographic function in PHP would result in much worse performance and
+ // consequently in lower iteration counts and hashes that are quicker to crack
+ // (by non-PHP code).
+ $count = 1 << $count_log2;
+ $hash = md5($salt . $password, TRUE);
+ do {
+ $hash = md5($hash . $password, TRUE);
+ } while (--$count);
+ $saltedPW = $setting . $this->base64Encode($hash, 16);
+ // base64Encode() of a 16 byte MD5 will always be 22 characters.
+ return strlen($saltedPW) == 34 ? $saltedPW : FALSE;
+ }
+ return $saltedPW;
+ }
+
+ /**
+ * Parses the log2 iteration count from a stored hash or setting string.
+ *
+ * @param string $setting Complete hash or a hash's setting string or to get log2 iteration count from
+ * @return integer Used hashcount for given hash string
+ */
+ protected function getCountLog2($setting) {
+ return strpos($this->getItoa64(), $setting[strlen($this->getSetting())]);
+ }
+
+ /**
+ * Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.
+ *
+ * Proper use of salts may defeat a number of attacks, including:
+ * - The ability to try candidate passwords against multiple hashes at once.
+ * - The ability to use pre-hashed lists of candidate passwords.
+ * - The ability to determine whether two users have the same (or different)
+ * password without actually having to guess one of the passwords.
+ *
+ * @return string A character string containing settings and a random salt
+ */
+ protected function getGeneratedSalt() {
+ $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->getSaltLength());
+ return $this->base64Encode($randomBytes, $this->getSaltLength());
+ }
+
+ /**
+ * Method returns log2 number of iterations for password stretching.
+ *
+ * @return integer log2 number of iterations for password stretching
+ * @see HASH_COUNT
+ * @see $hashCount
+ * @see setHashCount()
+ */
+ public function getHashCount() {
+ return isset(self::$hashCount) ? self::$hashCount : self::HASH_COUNT;
+ }
+
+ /**
+ * Method creates a salted hash for a given plaintext password
+ *
+ * @param string $password Plaintext password to create a salted hash from
+ * @param string $salt Optional custom salt with setting to use
+ * @return string salted hashed password
+ */
+ public function getHashedPassword($password, $salt = NULL) {
+ $saltedPW = NULL;
+ if (!empty($password)) {
+ if (empty($salt) || !$this->isValidSalt($salt)) {
+ $salt = $this->getGeneratedSalt();
+ }
+ $saltedPW = $this->cryptPassword($password, $this->applySettingsToSalt($salt));
+ }
+ return $saltedPW;
+ }
+
+ /**
+ * Returns a string for mapping an int to the corresponding base 64 character.
+ *
+ * @return string String for mapping an int to the corresponding base 64 character
+ */
+ protected function getItoa64() {
+ return self::ITOA64;
+ }
+
+ /**
+ * Method returns maximum allowed log2 number of iterations for password stretching.
+ *
+ * @return integer Maximum allowed log2 number of iterations for password stretching
+ * @see MAX_HASH_COUNT
+ * @see $maxHashCount
+ * @see setMaxHashCount()
+ */
+ public function getMaxHashCount() {
+ return isset(self::$maxHashCount) ? self::$maxHashCount : self::MAX_HASH_COUNT;
+ }
+
+ /**
+ * Method returns minimum allowed log2 number of iterations for password stretching.
+ *
+ * @return integer Minimum allowed log2 number of iterations for password stretching
+ * @see MIN_HASH_COUNT
+ * @see $minHashCount
+ * @see setMinHashCount()
+ */
+ public function getMinHashCount() {
+ return isset(self::$minHashCount) ? self::$minHashCount : self::MIN_HASH_COUNT;
+ }
+
+ /**
+ * Returns length of a Blowfish salt in bytes.
+ *
+ * @return integer Length of a Blowfish salt in bytes
+ */
+ public function getSaltLength() {
+ return self::$saltLengthPhpass;
+ }
+
+ /**
+ * Returns setting string of PHPass salted hashes.
+ *
+ * @return string Setting string of PHPass salted hashes
+ */
+ public function getSetting() {
+ return self::$settingPhpass;
+ }
+
+ /**
+ * Checks whether a user's hashed password needs to be replaced with a new hash.
+ *
+ * This is typically called during the login process when the plain text
+ * password is available. A new hash is needed when the desired iteration
+ * count has changed through a change in the variable $hashCount or
+ * HASH_COUNT or if the user's password hash was generated in an bulk update
+ * with class ext_update.
+ *
+ * @param string $passString Salted hash to check if it needs an update
+ * @return boolean TRUE if salted hash needs an update, otherwise FALSE
+ */
+ public function isHashUpdateNeeded($passString) {
+ // Check whether this was an updated password.
+ if (strncmp($passString, '$P$', 3) || strlen($passString) != 34) {
+ return TRUE;
+ }
+ // Check whether the iteration count used differs from the standard number.
+ return $this->getCountLog2($passString) < $this->getHashCount();
+ }
+
+ /**
+ * Method determines if a given string is a valid salt.
+ *
+ * @param string $salt String to check
+ * @return boolean TRUE if it's valid salt, otherwise FALSE
+ */
+ public function isValidSalt($salt) {
+ $isValid = ($skip = FALSE);
+ $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
+ if (strlen($salt) >= $reqLenBase64) {
+ // Salt with prefixed setting
+ if (!strncmp('$', $salt, 1)) {
+ if (!strncmp($this->getSetting(), $salt, strlen($this->getSetting()))) {
+ $isValid = TRUE;
+ $salt = substr($salt, strrpos($salt, '$') + 2);
+ } else {
+ $skip = TRUE;
+ }
+ }
+ // Checking base64 characters
+ if (!$skip && strlen($salt) >= $reqLenBase64) {
+ if (preg_match(((((('/^[' . preg_quote($this->getItoa64(), '/')) . ']{') . $reqLenBase64) . ',') . $reqLenBase64) . '}$/', substr($salt, 0, $reqLenBase64))) {
+ $isValid = TRUE;
+ }
+ }
+ }
+ return $isValid;
+ }
+
+ /**
+ * Method determines if a given string is a valid salted hashed password.
+ *
+ * @param string $saltedPW String to check
+ * @return boolean TRUE if it's valid salted hashed password, otherwise FALSE
+ */
+ public function isValidSaltedPW($saltedPW) {
+ $isValid = FALSE;
+ $isValid = !strncmp($this->getSetting(), $saltedPW, strlen($this->getSetting())) ? TRUE : FALSE;
+ if ($isValid) {
+ $isValid = $this->isValidSalt($saltedPW);
+ }
+ return $isValid;
+ }
+
+ /**
+ * Method sets log2 number of iterations for password stretching.
+ *
+ * @param integer $hashCount log2 number of iterations for password stretching to set
+ * @see HASH_COUNT
+ * @see $hashCount
+ * @see getHashCount()
+ */
+ public function setHashCount($hashCount = NULL) {
+ self::$hashCount = ((!is_NULL($hashCount) && is_int($hashCount)) && $hashCount >= $this->getMinHashCount()) && $hashCount <= $this->getMaxHashCount() ? $hashCount : self::HASH_COUNT;
+ }
+
+ /**
+ * Method sets maximum allowed log2 number of iterations for password stretching.
+ *
+ * @param integer $maxHashCount Maximum allowed log2 number of iterations for password stretching to set
+ * @see MAX_HASH_COUNT
+ * @see $maxHashCount
+ * @see getMaxHashCount()
+ */
+ public function setMaxHashCount($maxHashCount = NULL) {
+ self::$maxHashCount = !is_NULL($maxHashCount) && is_int($maxHashCount) ? $maxHashCount : self::MAX_HASH_COUNT;
+ }
+
+ /**
+ * Method sets minimum allowed log2 number of iterations for password stretching.
+ *
+ * @param integer $minHashCount Minimum allowed log2 number of iterations for password stretching to set
+ * @see MIN_HASH_COUNT
+ * @see $minHashCount
+ * @see getMinHashCount()
+ */
+ public function setMinHashCount($minHashCount = NULL) {
+ self::$minHashCount = !is_NULL($minHashCount) && is_int($minHashCount) ? $minHashCount : self::MIN_HASH_COUNT;
+ }
+
+}
+
+
+?>
\ No newline at end of file
--- /dev/null
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Salt;
+
+/***************************************************************
+ * Copyright notice
+ *
+ * (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
+ * All rights reserved
+ *
+ * This script is part of the TYPO3 project. The TYPO3 project is
+ * free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The GNU General Public License can be found at
+ * http://www.gnu.org/copyleft/gpl.html.
+ * A copy is found in the textfile GPL.txt and important notices to the license
+ * from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ * This script is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Contains class "tx_saltedpasswords_salts_factory"
+ * that provides a salted hashing method factory.
+ */
+/**
+ * Class that implements Blowfish salted hashing based on PHP's
+ * crypt() function.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @since 2009-09-06
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class SaltFactory {
+
+ /**
+ * An instance of the salted hashing method.
+ * This member is set in the getSaltingInstance() function.
+ *
+ * @var \TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt
+ */
+ static protected $instance = NULL;
+
+ /**
+ * Obtains a salting hashing method instance.
+ *
+ * This function will return an instance of a class that implements
+ * tx_saltedpasswords_abstract_salts.
+ *
+ * Use parameter NULL to reset the factory!
+ *
+ * @param string $saltedHash (optional) Salted hashed password to determine the type of used method from or NULL to reset the factory
+ * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
+ * @return tx_saltedpasswords_abstract_salts an instance of salting hashing method object
+ */
+ static public function getSaltingInstance($saltedHash = '', $mode = TYPO3_MODE) {
+ // Creating new instance when
+ // * no instance existing
+ // * a salted hash given to determine salted hashing method from
+ // * a NULL parameter given to reset instance back to default method
+ if ((!is_object(self::$instance) || !empty($saltedHash)) || is_NULL($saltedHash)) {
+ // Determine method by checking the given hash
+ if (!empty($saltedHash)) {
+ $result = self::determineSaltingHashingMethod($saltedHash);
+ if (!$result) {
+ self::$instance = NULL;
+ }
+ } else {
+ $classNameToUse = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod($mode);
+ $availableClasses = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'];
+ self::$instance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($availableClasses[$classNameToUse], 'tx_');
+ }
+ }
+ return self::$instance;
+ }
+
+ /**
+ * Method tries to determine the salting hashing method used for given salt.
+ *
+ * Method implicitly sets the instance of the found method object in the class property when found.
+ *
+ * @param string $saltedHash
+ * @return boolean TRUE, if salting hashing method has been found, otherwise FALSE
+ */
+ static public function determineSaltingHashingMethod($saltedHash) {
+ $methodFound = FALSE;
+ $defaultMethods = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'];
+ foreach ($defaultMethods as $method) {
+ $objectInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($method, 'tx_');
+ if ($objectInstance instanceof \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface) {
+ $methodFound = $objectInstance->isValidSaltedPW($saltedHash);
+ if ($methodFound) {
+ self::$instance = $objectInstance;
+ break;
+ }
+ }
+ }
+ return $methodFound;
+ }
+
+ /**
+ * Method sets a custom salting hashing method class.
+ *
+ * @param string $resource Object resource to use (e.g. 'EXT:saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_blowfish.php:tx_saltedpasswords_salts_blowfish')
+ * @return tx_saltedpasswords_abstract_salts an instance of salting hashing method object
+ */
+ static public function setPreferredHashingMethod($resource) {
+ self::$instance = NULL;
+ $objectInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($resource);
+ if (is_object($objectInstance) && is_subclass_of($objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\AbstractSalt')) {
+ self::$instance = $objectInstance;
+ }
+ return self::$instance;
+ }
+
+}
+
+
+?>
--- /dev/null
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Salt;
+
+/***************************************************************
+ * Copyright notice
+ *
+ * (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
+ * (c) 2009-2011 Steffen Ritter <info@rs-websystems.de>
+ * All rights reserved
+ *
+ * This script is part of the TYPO3 project. The TYPO3 project is
+ * free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The GNU General Public License can be found at
+ * http://www.gnu.org/copyleft/gpl.html.
+ * A copy is found in the textfile GPL.txt and important notices to the license
+ * from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ * This script is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Contains interface "tx_saltedpasswords_salts" to be used in
+ * classes that provide salted hashing.
+ */
+/**
+ * Interface with public methods needed to be implemented
+ * in a salting hashing class.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @author Steffen Ritter <info@rs-websystems.de>
+ * @since 2009-09-06
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+interface SaltInterface
+{
+ /**
+ * Method checks if a given plaintext password is correct by comparing it with
+ * a given salted hashed password.
+ *
+ * @param string $plainPW plain-text password to compare with salted hash
+ * @param string $saltedHashPW Salted hash to compare plain-text password with
+ * @return boolean TRUE, if plaintext password is correct, otherwise FALSE
+ */
+ public function checkPassword($plainPW, $saltedHashPW);
+
+ /**
+ * Returns length of required salt.
+ *
+ * @return integer Length of required salt
+ */
+ public function getSaltLength();
+
+ /**
+ * Returns wether all prequesites for the hashing methods are matched
+ *
+ * @return boolean Method available
+ */
+ public function isAvailable();
+
+ /**
+ * Method creates a salted hash for a given plaintext password
+ *
+ * @param string $password Plaintext password to create a salted hash from
+ * @param string $salt Optional custom salt to use
+ * @return string Salted hashed password
+ */
+ public function getHashedPassword($password, $salt = NULL);
+
+ /**
+ * Checks whether a user's hashed password needs to be replaced with a new hash.
+ *
+ * This is typically called during the login process when the plain text
+ * password is available. A new hash is needed when the desired iteration
+ * count has changed through a change in the variable $hashCount or
+ * HASH_COUNT or if the user's password hash was generated in an bulk update
+ * with class ext_update.
+ *
+ * @param string $passString Salted hash to check if it needs an update
+ * @return boolean TRUE if salted hash needs an update, otherwise FALSE
+ */
+ public function isHashUpdateNeeded($passString);
+
+ /**
+ * Method determines if a given string is a valid salt
+ *
+ * @param string $salt String to check
+ * @return boolean TRUE if it's valid salt, otherwise FALSE
+ */
+ public function isValidSalt($salt);
+
+ /**
+ * Method determines if a given string is a valid salted hashed password.
+ *
+ * @param string $saltedPW String to check
+ * @return boolean TRUE if it's valid salted hashed password, otherwise FALSE
+ */
+ public function isValidSaltedPW($saltedPW);
+
+}
+
+?>
\ No newline at end of file
--- /dev/null
+<?php
+namespace TYPO3\CMS\Saltedpasswords;
+
+/***************************************************************
+ * Copyright notice
+ *
+ * (c) Marcus Krause (marcus#exp2009@t3sec.info)
+ * (c) Steffen Ritter (info@rs-websystems.de)
+ * All rights reserved
+ *
+ * This script is part of the TYPO3 project. The TYPO3 project is
+ * free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The GNU General Public License can be found at
+ * http://www.gnu.org/copyleft/gpl.html.
+ * A copy is found in the textfile GPL.txt and important notices to the license
+ * from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ * This script is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Contains authentication service class for salted hashed passwords.
+ */
+/**
+ * Class implements salted-password hashes authentication service.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @author Steffen Ritter <info@rs-websystems.de>
+ * @since 2009-06-14
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class SaltedPasswordService extends \TYPO3\CMS\Sv\AbstractAuthenticationService {
+
+ /**
+ * Keeps class name.
+ *
+ * @var string
+ */
+ public $prefixId = 'tx_saltedpasswords_sv1';
+
+ /**
+ * Keeps path to this script relative to the extension directory.
+ *
+ * @var string
+ */
+ public $scriptRelPath = 'sv1/class.tx_saltedpasswords_sv1.php';
+
+ /**
+ * Keeps extension key.
+ *
+ * @var string
+ */
+ public $extKey = 'saltedpasswords';
+
+ /**
+ * Keeps extension configuration.
+ *
+ * @var mixed
+ */
+ protected $extConf;
+
+ /**
+ * An instance of the salted hashing method.
+ * This member is set in the getSaltingInstance() function.
+ *
+ * @var \TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt
+ */
+ protected $objInstanceSaltedPW = NULL;
+
+ /**
+ * Indicates whether the salted password authentication has failed.
+ *
+ * Prevents authentication bypass. See vulnerability report:
+ * { @link http://bugs.typo3.org/view.php?id=13372 }
+ *
+ * @var boolean
+ */
+ protected $authenticationFailed = FALSE;
+
+ /**
+ * Checks if service is available. In case of this service we check that
+ * following prerequesties are fulfilled:
+ * - loginSecurityLevel of according TYPO3_MODE is set to normal
+ *
+ * @return boolean TRUE if service is available
+ */
+ public function init() {
+ $available = FALSE;
+ $mode = TYPO3_MODE;
+ if ($this->info['requestedServiceSubType'] === 'authUserBE') {
+ $mode = 'BE';
+ } elseif ($this->info['requestedServiceSubType'] === 'authUserFE') {
+ $mode = 'FE';
+ }
+ if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled($mode)) {
+ $available = TRUE;
+ $this->extConf = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::returnExtConf();
+ }
+ return $available ? parent::init() : FALSE;
+ }
+
+ /**
+ * Checks the login data with the user record data for builtin login method.
+ *
+ * @param array $user User data array
+ * @param array $loginData Login data array
+ * @param string $security_level Login security level (optional)
+ * @return boolean TRUE if login data matched
+ * @todo Define visibility
+ */
+ public function compareUident(array $user, array $loginData, $security_level = 'normal') {
+ $validPasswd = FALSE;
+ // Could be merged; still here to clarify
+ if (!strcmp(TYPO3_MODE, 'BE')) {
+ $password = $loginData['uident_text'];
+ } elseif (!strcmp(TYPO3_MODE, 'FE')) {
+ $password = $loginData['uident_text'];
+ }
+ // Determine method used for given salted hashed password
+ $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($user['password']);
+ // Existing record is in format of Salted Hash password
+ if (is_object($this->objInstanceSaltedPW)) {
+ $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, $user['password']);
+ // Record is in format of Salted Hash password but authentication failed
+ // skip further authentication methods
+ if (!$validPasswd) {
+ $this->authenticationFailed = TRUE;
+ }
+ $defaultHashingClassName = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod();
+ $skip = FALSE;
+ // Test for wrong salted hashing method
+ if ($validPasswd && !(get_class($this->objInstanceSaltedPW) == $defaultHashingClassName) || is_subclass_of($this->objInstanceSaltedPW, $defaultHashingClassName)) {
+ // Instanciate default method class
+ $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL);
+ $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
+ }
+ if (($validPasswd && !$skip) && $this->objInstanceSaltedPW->isHashUpdateNeeded($user['password'])) {
+ $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
+ }
+ } elseif (!intval($this->extConf['forceSalted'])) {
+ // Stored password is in deprecated salted hashing method
+ if (\TYPO3\CMS\Core\Utility\GeneralUtility::inList('C$,M$', substr($user['password'], 0, 2))) {
+ // Instanciate default method class
+ $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(substr($user['password'], 1));
+ // md5
+ if (!strcmp(substr($user['password'], 0, 1), 'M')) {
+ $validPasswd = $this->objInstanceSaltedPW->checkPassword(md5($password), substr($user['password'], 1));
+ } else {
+ $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, substr($user['password'], 1));
+ }
+ // Skip further authentication methods
+ if (!$validPasswd) {
+ $this->authenticationFailed = TRUE;
+ }
+ } elseif (preg_match('/[0-9abcdef]{32,32}/', $user['password'])) {
+ $validPasswd = !strcmp(md5($password), $user['password']) ? TRUE : FALSE;
+ // Skip further authentication methods
+ if (!$validPasswd) {
+ $this->authenticationFailed = TRUE;
+ }
+ } else {
+ $validPasswd = !strcmp($password, $user['password']) ? TRUE : FALSE;
+ }
+ // Should we store the new format value in DB?
+ if ($validPasswd && intval($this->extConf['updatePasswd'])) {
+ // Instanciate default method class
+ $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL);
+ $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
+ }
+ }
+ return $validPasswd;
+ }
+
+ /**
+ * Method adds a further authUser method.
+ *
+ * Will return one of following authentication status codes:
+ * - 0 - authentication failure
+ * - 100 - just go on. User is not authenticated but there is still no reason to stop
+ * - 200 - the service was able to authenticate the user
+ *
+ * @param array Array containing FE user data of the logged user.
+ * @return integer Authentication statuscode, one of 0,100 and 200
+ */
+ public function authUser(array $user) {
+ $OK = 100;
+ $validPasswd = FALSE;
+ if ($this->login['uident'] && $this->login['uname']) {
+ if (!empty($this->login['uident_text'])) {
+ $validPasswd = $this->compareUident($user, $this->login);
+ }
+ if (!$validPasswd) {
+ // Failed login attempt (wrong password)
+ $errorMessage = 'Login-attempt from %s (%s), username \'%s\', password not accepted!';
+ // No delegation to further services
+ if (intval($this->extConf['onlyAuthService']) || $this->authenticationFailed) {
+ $this->writeLogMessage(TYPO3_MODE . ' Authentication failed - wrong password for username \'%s\'', $this->login['uname']);
+ } else {
+ $this->writeLogMessage($errorMessage, $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']);
+ }
+ $this->writelog(255, 3, 3, 1, $errorMessage, array(
+ $this->authInfo['REMOTE_ADDR'],
+ $this->authInfo['REMOTE_HOST'],
+ $this->login['uname']
+ ));
+ \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf($errorMessage, $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_INFO);
+ if (intval($this->extConf['onlyAuthService']) || $this->authenticationFailed) {
+ $OK = 0;
+ }
+ } elseif (($validPasswd && $user['lockToDomain']) && strcasecmp($user['lockToDomain'], $this->authInfo['HTTP_HOST'])) {
+ // Lock domain didn't match, so error:
+ $errorMessage = 'Login-attempt from %s (%s), username \'%s\', locked domain \'%s\' did not match \'%s\'!';
+ $this->writeLogMessage($errorMessage, $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'], $user['lockToDomain'], $this->authInfo['HTTP_HOST']);
+ $this->writelog(255, 3, 3, 1, $errorMessage, array(
+ $this->authInfo['REMOTE_ADDR'],
+ $this->authInfo['REMOTE_HOST'],
+ $user[$this->db_user['username_column']],
+ $user['lockToDomain'],
+ $this->authInfo['HTTP_HOST']
+ ));
+ \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf($errorMessage, $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_INFO);
+ $OK = 0;
+ } elseif ($validPasswd) {
+ $this->writeLogMessage(TYPO3_MODE . ' Authentication successful for username \'%s\'', $this->login['uname']);
+ $OK = 200;
+ }
+ }
+ return $OK;
+ }
+
+ /**
+ * Method updates a FE/BE user record - in this case a new password string will be set.
+ *
+ * @param integer $uid uid of user record that will be updated
+ * @param mixed $updateFields Field values as key=>value pairs to be updated in database
+ * @return void
+ */
+ protected function updatePassword($uid, $updateFields) {
+ $GLOBALS['TYPO3_DB']->exec_UPDATEquery($this->pObj->user_table, sprintf('uid = %u', $uid), $updateFields);
+ \TYPO3\CMS\Core\Utility\GeneralUtility::devLog(sprintf('Automatic password update for user record in %s with uid %u', $this->pObj->user_table, $uid), $this->extKey, 1);
+ }
+
+ /**
+ * Writes log message. Destination log depends on the current system mode.
+ * For FE the function writes to the admin panel log. For BE messages are
+ * sent to the system log. If developer log is enabled, messages are also
+ * sent there.
+ *
+ * This function accepts variable number of arguments and can format
+ * parameters. The syntax is the same as for sprintf()
+ *
+ * @param string $message Message to output
+ * @return void
+ * @see sprintf()
+ * @see t3lib::divLog()
+ * @see t3lib_div::sysLog()
+ * @see t3lib_timeTrack::setTSlogMessage()
+ * @todo Define visibility
+ */
+ public function writeLogMessage($message) {
+ if (func_num_args() > 1) {
+ $params = func_get_args();
+ array_shift($params);
+ $message = vsprintf($message, $params);
+ }
+ if (TYPO3_MODE === 'BE') {
+ \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog($message, $this->extKey, \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_NOTICE);
+ } else {
+ $GLOBALS['TT']->setTSlogMessage($message);
+ }
+ if (TYPO3_DLOG) {
+ \TYPO3\CMS\Core\Utility\GeneralUtility::devLog($message, $this->extKey, \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_NOTICE);
+ }
+ }
+
+}
+
+
+?>
\ No newline at end of file
--- /dev/null
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Task;
+
+/***************************************************************
+ * Copyright notice
+ *
+ * (c) 2012 Philipp Gampe (typo3@philippgampe.info)
+ * All rights reserved
+ *
+ * This script is part of the TYPO3 project. The TYPO3 project is
+ * free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The GNU General Public License can be found at
+ * http://www.gnu.org/copyleft/gpl.html.
+ * A copy is found in the textfile GPL.txt and important notices to the license
+ * from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ * This script is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Additional field for salted passwords bulk update task
+ *
+ * @autor Philipp Gampe <typo3@philippgampe.info>
+ * @package TYPO3
+ * @subpackage saltedpasswords
+ */
+class BulkUpdateFieldProvider implements \TYPO3\CMS\Scheduler\AdditionalFieldProviderInterface {
+
+ /**
+ * Default value whether the task deactivates itself after last run.
+ *
+ * @var boolean Whether the task is allowed to deactivate itself after processing all existing user records.
+ */
+ protected $defaultCanDeactivateSelf = TRUE;
+
+ /**
+ * Default value for the number of records to handle at each run.
+ *
+ * @var integer Number of records
+ */
+ protected $defaultNumberOfRecords = 250;
+
+ /**
+ * Add a field for the number of records and if the task should deactivate itself after
+ * processing all records
+ *
+ * @param array $taskInfo Reference to the array containing the info used in the add/edit form
+ * @param \TYPO3\CMS\Saltedpasswords\Task\BulkUpdateTask $task When editing, reference to the current task object. Null when adding.
+ * @param \TYPO3\CMS\Scheduler\Controller\SchedulerModuleController $parentObject Reference to the calling object (Scheduler's BE module)
+ * @return array Array containing all the information pertaining to the additional fields
+ */
+ public function getAdditionalFields(array &$taskInfo, $task, \TYPO3\CMS\Scheduler\Controller\SchedulerModuleController $parentObject) {
+ // Initialize selected fields
+ if (!isset($taskInfo['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf'])) {
+ $taskInfo['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf'] = $this->defaultCanDeactivateSelf;
+ if ($parentObject->CMD === 'edit') {
+ $taskInfo['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf'] = $task->getCanDeactivateSelf();
+ }
+ }
+ if (!isset($taskInfo['scheduler_saltedpasswordsBulkUpdateNumberOfRecords'])) {
+ $taskInfo['scheduler_saltedpasswordsBulkUpdateNumberOfRecords'] = $this->defaultNumberOfRecords;
+ if ($parentObject->CMD === 'edit') {
+ $taskInfo['scheduler_saltedpasswordsBulkUpdateNumberOfRecords'] = $task->getNumberOfRecords();
+ }
+ }
+ // Configuration for canDeactivateSelf
+ $fieldName = 'TYPO3\\CMS\\Scheduler\\Scheduler[scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf]';
+ $fieldId = 'task_saltedpasswordsBulkUpdateCanDeactivateSelf';
+ $fieldValue = 'IsChecked';
+ $fieldChecked = (bool) $taskInfo['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf'];
+ $fieldHtml = (((((((((('<input type="checkbox"' . ' name="') . $fieldName) . '"') . ' id="') . $fieldId) . '"') . ' value="') . $fieldValue) . '"') . ($fieldChecked ? ' checked="checked"' : '')) . ' />';
+ $additionalFields[$fieldId] = array(
+ 'code' => $fieldHtml,
+ 'label' => 'LLL:EXT:saltedpasswords/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.label.canDeactivateSelf',
+ 'cshKey' => '_txsaltedpasswords',
+ 'cshLabel' => $fieldId
+ );
+ // Configuration for numberOfRecords
+ $fieldName = 'TYPO3\\CMS\\Scheduler\\Scheduler[scheduler_saltedpasswordsBulkUpdateNumberOfRecords]';
+ $fieldId = 'task_saltedpasswordsBulkUpdateNumberOfRecords';
+ $fieldValue = intval($taskInfo['scheduler_saltedpasswordsBulkUpdateNumberOfRecords']);
+ $fieldHtml = ((((('<input type="text" name="' . $fieldName) . '" id="') . $fieldId) . '" value="') . htmlspecialchars($fieldValue)) . '" />';
+ $additionalFields[$fieldId] = array(
+ 'code' => $fieldHtml,
+ 'label' => 'LLL:EXT:saltedpasswords/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.label.numberOfRecords',
+ 'cshKey' => '_txsaltedpasswords',
+ 'cshLabel' => $fieldId
+ );
+ return $additionalFields;
+ }
+
+ /**
+ * Checks if the given values are boolean and integer
+ *
+ * @param array $submittedData Reference to the array containing the data submitted by the user
+ * @param \TYPO3\CMS\Scheduler\Controller\SchedulerModuleController $parentObject Reference to the calling object (Scheduler's BE module)
+ * @return boolean TRUE if validation was ok (or selected class is not relevant), FALSE otherwise
+ */
+ public function validateAdditionalFields(array &$submittedData, \TYPO3\CMS\Scheduler\Controller\SchedulerModuleController $parentObject) {
+ $result = TRUE;
+ // Check if number of records is indeed a number and greater or equals to 0
+ // If not, fail validation and issue error message
+ if (!is_numeric($submittedData['scheduler_saltedpasswordsBulkUpdateNumberOfRecords']) || intval($submittedData['scheduler_saltedpasswordsBulkUpdateNumberOfRecords']) < 0) {
+ $result = FALSE;
+ $parentObject->addMessage($GLOBALS['LANG']->sL('LLL:EXT:saltedpasswords/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.invalidNumberOfRecords'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);
+ }
+ return $result;
+ }
+
+ /**
+ * Saves given values in task object
+ *
+ * @param array $submittedData Contains data submitted by the user
+ * @param tx_scheduler_Task|tx_saltedpasswords_Tasks_BulkUpdate $task Reference to the current task object
+ * @return void
+ */
+ public function saveAdditionalFields(array $submittedData, \TYPO3\CMS\Scheduler\Task $task) {
+ if (isset($submittedData['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf']) && $submittedData['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf'] === 'IsChecked') {
+ $task->setCanDeactivateSelf(TRUE);
+ } else {
+ $task->setCanDeactivateSelf(FALSE);
+ }
+ $task->setNumberOfRecords(intval($submittedData['scheduler_saltedpasswordsBulkUpdateNumberOfRecords']));
+ }
+
+}
+
+
+?>
\ No newline at end of file
--- /dev/null
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Task;
+
+/***************************************************************
+ * Copyright notice
+ *
+ * (c) 2010-2011 Christian Kuhn <lolli@schwarzbu.ch>
+ * Marcus Krause <marcus#exp2010@t3sec.info>
+ *
+ * All rights reserved
+ *
+ * This script is part of the TYPO3 project. The TYPO3 project is
+ * free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The GNU General Public License can be found at
+ * http://www.gnu.org/copyleft/gpl.html.
+ *
+ * This script is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Update plaintext and hashed passwords of existing users to salted passwords.
+ *
+ * @author Christian Kuhn <lolli@schwarzbu.ch>
+ * @author Marcus Krause <marcus#exp2010@t3sec.info>
+ * @package TYPO3
+ * @subpackage saltedpasswords
+ */
+class BulkUpdateTask extends \TYPO3\CMS\Scheduler\Task {
+
+ /**
+ * @var boolean Whether or not the task is allowed to deactivate itself after processing all existing user records.
+ */
+ protected $canDeactivateSelf = TRUE;
+
+ /**
+ * Converting a password to a salted hash takes some milliseconds (~100ms on an entry system in 2010).
+ * If all users are updated in one run, the task might run a long time if a lot of users must be handled.
+ * Therefore only a small number of frontend and backend users are processed.
+ * If saltedpasswords is enabled for both frontend and backend 2 * numberOfRecords will be handled.
+ *
+ * @var integer Number of records
+ */
+ protected $numberOfRecords = 250;
+
+ /**
+ * @var integer Pointer to last handled frontend and backend user row
+ */
+ protected $userRecordPointer = array();
+
+ /**
+ * Constructor initializes user record pointer
+ */
+ public function __construct() {
+ parent::__construct();
+ $this->userRecordPointer = array(
+ 'FE' => 0,
+ 'BE' => 0
+ );
+ }
+
+ /**
+ * Execute task
+ *
+ * @return boolean
+ */
+ public function execute() {
+ $processedAllRecords = TRUE;
+ // For frontend and backend
+ foreach ($this->userRecordPointer as $mode => $pointer) {
+ // If saltedpasswords is active for frontend / backend
+ if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled($mode)) {
+ $usersToUpdate = $this->findUsersToUpdate($mode);
+ $numberOfRows = count($usersToUpdate);
+ if ($numberOfRows > 0) {
+ $processedAllRecords = FALSE;
+ $this->incrementUserRecordPointer($mode, $numberOfRows);
+ $this->convertPasswords($mode, $usersToUpdate);
+ }
+ }
+ }
+ if ($processedAllRecords) {
+ // Reset the user record pointer
+ $this->userRecordPointer = array(
+ 'FE' => 0,
+ 'BE' => 0
+ );
+ // Determine if task should disable itself
+ if ($this->canDeactivateSelf) {
+ $this->deactivateSelf();
+ }
+ }
+ // Use save() of parent class tx_scheduler_Task to persist changed task variables
+ $this->save();
+ return TRUE;
+ }
+
+ /**
+ * Get additional information
+ *
+ * @return string Additional information
+ */
+ public function getAdditionalInformation() {
+ $information = ((($GLOBALS['LANG']->sL('LLL:EXT:saltedpasswords/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.label.additionalinformation.deactivateself') . $this->getCanDeactivateSelf()) . '; ') . $GLOBALS['LANG']->sL('LLL:EXT:saltedpasswords/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.label.additionalinformation.numberofrecords')) . $this->getNumberOfRecords();
+ return $information;
+ }
+
+ /**
+ * Finds next set of frontend or backend users to update.
+ *
+ * @param string $mode 'FE' for frontend, 'BE' for backend user records
+ * @return array Rows with uid and password
+ */
+ protected function findUsersToUpdate($mode) {
+ $usersToUpdate = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('uid, password', strtolower($mode) . '_users', '1 = 1', '', 'uid ASC', ($this->userRecordPointer[$mode] . ', ') . $this->numberOfRecords);
+ return $usersToUpdate;
+ }
+
+ /**
+ * Iterates over given user records and update password if needed.
+ *
+ * @param string $mode 'FE' for frontend, 'BE' for backend user records
+ * @param array $users With user uids and passwords
+ * @return void
+ */
+ protected function convertPasswords($mode, array $users) {
+ $updateUsers = array();
+ foreach ($users as $user) {
+ // If a password is already a salted hash it must not be updated
+ if ($this->isSaltedHash($user['password'])) {
+ continue;
+ }
+ $updateUsers[] = $user;
+ }
+ if (count($updateUsers) > 0) {
+ $this->updatePasswords($mode, $updateUsers);
+ }
+ }
+
+ /**
+ * Updates password and persist salted hash.
+ *
+ * @param string $mode 'FE' for frontend, 'BE' for backend user records
+ * @param array $users With user uids and passwords
+ * @return void
+ */
+ protected function updatePasswords($mode, array $users) {
+ /** @var $saltedpasswordsInstance \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface */
+ $saltedpasswordsInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, $mode);
+ foreach ($users as $user) {
+ $newPassword = $saltedpasswordsInstance->getHashedPassword($user['password']);
+ // If a given password is a md5 hash (usually default be_users without saltedpasswords activated),
+ // result of getHashedPassword() is a salted hashed md5 hash.
+ // We prefix those with 'M', saltedpasswords will then update this password
+ // to a usual salted hash upon first login of the user.
+ if ($this->isMd5Password($user['password'])) {
+ $newPassword = 'M' . $newPassword;
+ }
+ // Persist updated password
+ $GLOBALS['TYPO3_DB']->exec_UPDATEquery(strtolower($mode) . '_users', 'uid = ' . $user['uid'], array(
+ 'password' => $newPassword
+ ));
+ }
+ }
+
+ /**
+ * Passwords prefixed with M or C might be salted passwords:
+ * M means: originally a md5 hash before it was salted (eg. default be_users).
+ * C means: originally a cleartext password with lower hash looping count generated by t3sec_saltedpw.
+ * Both M and C will be updated to usual salted hashes on first login of user.
+ *
+ * If a password does not start with M or C determine if a password is already a usual salted hash.
+ *
+ * @param string $password Password
+ * @return boolean TRUE if password is a salted hash
+ */
+ protected function isSaltedHash($password) {
+ $isSaltedHash = FALSE;
+ if (strlen($password) > 2 && (\TYPO3\CMS\Core\Utility\GeneralUtility::isFirstPartOfStr($password, 'C$') || \TYPO3\CMS\Core\Utility\GeneralUtility::isFirstPartOfStr($password, 'M$'))) {
+ // Cut off M or C and test if we have a salted hash
+ $isSaltedHash = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::determineSaltingHashingMethod(substr($password, 1));
+ }
+ // Test if given password is a already a usual salted hash
+ if (!$isSaltedHash) {
+ $isSaltedHash = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::determineSaltingHashingMethod($password);
+ }
+ return $isSaltedHash;
+ }
+
+ /**
+ * Checks if a given password is a md5 hash, the default for be_user records before saltedpasswords.
+ *
+ * @param string $password The password to test
+ * @return boolean TRUE if password is md5
+ */
+ protected function isMd5Password($password) {
+ return (bool) preg_match('/[0-9abcdef]{32,32}/i', $password);
+ }
+
+ /**
+ * Increments current user record counter by number of handled rows.
+ *
+ * @param string $mode 'FE' for frontend, 'BE' for backend user records
+ * @param integer $number Number of handled rows
+ * @return void
+ */
+ protected function incrementUserRecordPointer($mode, $number) {
+ $this->userRecordPointer[$mode] += $number;
+ }
+
+ /**
+ * Deactivates this task instance.
+ * Uses setDisabled() method of parent class tx_scheduler_Task.
+ *
+ * @return void
+ */
+ protected function deactivateSelf() {
+ $this->setDisabled(TRUE);
+ }
+
+ /**
+ * Set if it can deactivate self
+ *
+ * @param boolean $canDeactivateSelf
+ * @return void
+ */
+ public function setCanDeactivateSelf($canDeactivateSelf) {
+ $this->canDeactivateSelf = $canDeactivateSelf;
+ }
+
+ /**
+ * Get if it can deactivate self
+ *
+ * @return boolean TRUE if task shall deactivate itself, FALSE otherwise
+ */
+ public function getCanDeactivateSelf() {
+ return $this->canDeactivateSelf;
+ }
+
+ /**
+ * Set number of records
+ *
+ * @param integer $numberOfRecords
+ * @return void
+ */
+ public function setNumberOfRecords($numberOfRecords) {
+ $this->numberOfRecords = $numberOfRecords;
+ }
+
+ /**
+ * Get number of records
+ *
+ * @return integer The number of records
+ */
+ public function getNumberOfRecords() {
+ return $this->numberOfRecords;
+ }
+
+}
+
+
+?>
\ No newline at end of file
--- /dev/null
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Utility;
+
+/**
+ * class providing configuration checks for saltedpasswords.
+ *
+ * @author Steffen Ritter <info@rs-websystems.de>
+ * @since 2009-09-04
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class ExtensionManagerConfigurationUtility {
+
+ /**
+ * @var integer
+ */
+ protected $errorType = \TYPO3\CMS\Core\Messaging\FlashMessage::OK;
+
+ /**
+ * @var string
+ */
+ protected $header;
+
+ /**
+ * @var string
+ */
+ protected $preText;
+
+ /**
+ * @var array
+ */
+ protected $problems = array();
+
+ /**
+ * Set the error level if no higher level
+ * is set already
+ *
+ * @param string $level One out of error, ok, warning, info
+ * @return void
+ */
+ private function setErrorLevel($level) {
+ switch ($level) {
+ case 'error':
+ $this->errorType = \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR;
+ $this->header = 'Errors found in your configuration';
+ $this->preText = 'SaltedPasswords will not work until these problems have been resolved:<br />';
+ break;
+ case 'warning':
+ if ($this->errorType < \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR) {
+ $this->errorType = \TYPO3\CMS\Core\Messaging\FlashMessage::WARNING;
+ $this->header = 'Warnings about your configuration';
+ $this->preText = 'SaltedPasswords might behave different than expected:<br />';
+ }
+ break;
+ case 'info':
+ if ($this->errorType < \TYPO3\CMS\Core\Messaging\FlashMessage::WARNING) {
+ $this->errorType = \TYPO3\CMS\Core\Messaging\FlashMessage::INFO;
+ $this->header = 'Additional information';
+ $this->preText = '<br />';
+ }
+ break;
+ case 'ok':
+ // TODO: Remove INFO condition as it has lower importance
+ if ($this->errorType < \TYPO3\CMS\Core\Messaging\FlashMessage::WARNING && $this->errorType != \TYPO3\CMS\Core\Messaging\FlashMessage::INFO) {
+ $this->errorType = \TYPO3\CMS\Core\Messaging\FlashMessage::OK;
+ $this->header = 'No errors were found';
+ $this->preText = 'SaltedPasswords has been configured correctly and works as expected.<br />';
+ }
+ break;
+ }
+ }
+
+ /**
+ * Renders the flash messages if problems have been found.
+ *
+ * @return string The flash message as HTML.
+ */
+ private function renderFlashMessage() {
+ $message = '';
+ // If there are problems, render them into an unordered list
+ if (count($this->problems) > 0) {
+ $message = '<ul>
+ <li>###PROBLEMS###</li>
+</ul>';
+ $message = str_replace('###PROBLEMS###', implode('<br /> </li><li>', $this->problems), $message);
+ if ($this->errorType > \TYPO3\CMS\Core\Messaging\FlashMessage::OK) {
+ $message .= '<br />
+Note, that a wrong configuration might have impact on the security of
+your TYPO3 installation and the usability of the backend.';
+ }
+ }
+ if (empty($message)) {
+ $this->setErrorLevel('ok');
+ }
+ $message = $this->preText . $message;
+ $flashMessage = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $message, $this->header, $this->errorType);
+ return $flashMessage->render();
+ }
+
+ /**
+ * Initializes this object.
+ *
+ * @return void
+ */
+ private function init() {
+ $requestSetup = $this->processPostData((array) $_REQUEST['data']);
+ $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords']);
+ $this->extConf['BE'] = array_merge((array) $extConf['BE.'], (array) $requestSetup['BE.']);
+ $this->extConf['FE'] = array_merge((array) $extConf['FE.'], (array) $requestSetup['FE.']);
+ $GLOBALS['LANG']->includeLLFile('EXT:saltedpasswords/locallang.xml');
+ }
+
+ /**
+ * Checks the backend configuration and shows a message if necessary.
+ *
+ * @param array $params Field information to be rendered
+ * @param \TYPO3\CMS\Core\TypoScript\ConfigurationForm $pObj The calling parent object.
+ * @return string Messages as HTML if something needs to be reported
+ */
+ public function checkConfigurationBackend(array $params, $pObj) {
+ $this->init();
+ $extConf = $this->extConf['BE'];
+ // The backend is called over SSL
+ $SSL = ($GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] > 0 ? TRUE : FALSE) && $GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'] != 'superchallenged';
+ $rsaAuthLoaded = \TYPO3\CMS\Core\Extension\ExtensionManager::isLoaded('rsaauth');
+ if ($extConf['enabled']) {
+ // SSL configured?
+ if ($SSL) {
+ $this->setErrorLevel('ok');
+ $problems[] = 'The backend is configured to use SaltedPasswords over SSL.';
+ } elseif ($rsaAuthLoaded) {
+ if (trim($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel']) === 'rsa') {
+ if ($this->isRsaAuthBackendAvailable()) {
+ $this->setErrorLevel('ok');
+ $problems[] = 'The backend is configured to use SaltedPasswords with RSA authentication.';
+ } else {
+ // This means that login would fail because rsaauth is not working properly
+ $this->setErrorLevel('error');
+ $problems[] = ('<strong>Using the extension "rsaauth" is not possible, as no encryption backend ' . 'is available. Please install and configure the PHP extension "openssl". ') . 'See <a href="http://php.net/manual/en/openssl.installation.php" target="_blank">PHP.net</a></strong>.';
+ }
+ } else {
+ // This means that we are not using saltedpasswords
+ $this->setErrorLevel('error');
+ $problems[] = 'The "rsaauth" extension is installed, but TYPO3 is not configured to use it during login.
+ Use the Install Tool to set the Login Security Level for the backend to "rsa"
+ ($TYPO3_CONF_VARS[\'BE\'][\'loginSecurityLevel\'])';
+ }
+ } else {
+ // This means that we are not using saltedpasswords
+ $this->setErrorLevel('error');
+ $problems[] = 'Backend requirements for SaltedPasswords are not met, therefore the
+authentication will not work even if it was explicitly enabled for backend
+usage:<br />
+<ul>
+ <li>Install the "rsaauth" extension and use the Install Tool to set the
+ Login Security Level for the backend to "rsa"
+ ($TYPO3_CONF_VARS[\'BE\'][\'loginSecurityLevel\'])</li>
+
+ <li>If you have the option to use SSL, you can also configure your
+ backend for SSL usage:<br />
+ Use the Install Tool to set the Security-Level for the backend
+ to "normal" ($TYPO3_CONF_VARS[\'BE\'][\'loginSecurityLevel\']) and
+ the SSL-locking option to a value greater than "0"
+ (see description - $TYPO3_CONF_VARS[\'BE\'][\'lockSSL\'])</li>
+</ul>
+<br />
+It is also possible to use "lockSSL" and "rsa" Login Security Level at the same
+time.';
+ }
+ // Only saltedpasswords as authsservice
+ if ($extConf['onlyAuthService']) {
+ // Warn user that the combination with "forceSalted" may lock him out from Backend
+ if ($extConf['forceSalted']) {
+ $this->setErrorLevel('warning');
+ $problems[] = 'SaltedPasswords has been configured to be the only authentication service for
+the backend. Additionally, usage of salted passwords is enforced (forceSalted).
+The result is that there is no chance to login with users not having a salted
+password hash.<br />
+<strong><i>WARNING:</i></strong> This may lock you out of the backend!';
+ } else {
+ // Inform the user that things like openid won't work anymore
+ $this->setErrorLevel('info');
+ $problems[] = 'SaltedPasswords has been configured to be the only authentication service for
+the backend. This means that other services like "ipauth", "openid", etc. will
+be ignored (except "rsauth", which is implicitely used).';
+ }
+ }
+ // forceSalted is set
+ if ($extConf['forceSalted'] && !$extConf['onlyAuthService']) {
+ $this->setErrorLevel('info');
+ $problems[] = 'SaltedPasswords has been configured to enforce salted passwords (forceSalted).
+<br />
+This means that only passwords in the format of this extension will succeed for
+login.<br />
+<strong><i>IMPORTANT:</i></strong> This has the effect that passwords that are set from
+the Install Tool will not work!';
+ }
+ // updatePasswd wont work with "forceSalted"
+ if ($extConf['updatePasswd'] && $extConf['forceSalted']) {
+ $this->setErrorLevel('error');
+ $problems[] = 'SaltedPasswords is configured wrong and will not work as expected:<br />
+It is not possible to set "updatePasswd" and "forceSalted" at the same time.
+Please disable either one of them.';
+ }
+ // Check if the configured hash-method is available on system
+ if (!($instance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, 'BE') || !$instance->isAvailable())) {
+ $this->setErrorLevel('error');
+ $problems[] = 'The selected method for hashing your salted passwords is not available on this
+system! Please check your configuration.';
+ }
+ } else {
+ // Not enabled warning
+ $this->setErrorLevel('error');
+ $problems[] = 'SaltedPasswords has been disabled for backend users.';
+ }
+ $this->problems = $problems;
+ return $this->renderFlashMessage();
+ }
+
+ /**
+ * Checks if rsaauth is able to obtain a backend
+ *
+ * @return boolean
+ */
+ protected function isRsaAuthBackendAvailable() {
+ /**
+ * Try to instantiate an RSAauth backend. If this does not work, it means that OpenSSL is not usable
+ *
+ * @var $rsaauthBackendFactory \TYPO3\CMS\Rsaauth\Backend\BackendFactory
+ */
+ $rsaauthBackendFactory = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Rsaauth\\Backend\\BackendFactory');
+ $backend = $rsaauthBackendFactory->getBackend();
+ return $backend !== NULL;
+ }
+
+ /**
+ * Checks the frontend configuration and shows a message if necessary.
+ *
+ * @param array $params Field information to be rendered
+ * @param \TYPO3\CMS\Core\TypoScript\ConfigurationForm $pObj The calling parent object.
+ * @return string Messages as HTML if something needs to be reported
+ */
+ public function checkConfigurationFrontend(array $params, $pObj) {
+ $this->init();
+ $extConf = $this->extConf['FE'];
+ if ($extConf['enabled']) {
+ // Inform the user if securityLevel in FE is challenged or blank --> extension won't work
+ if (!\TYPO3\CMS\Core\Utility\GeneralUtility::inList('normal,rsa', $GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel'])) {
+ $this->setErrorLevel('info');
+ $problems[] = '<strong>IMPORTANT:</strong><br />
+Frontend requirements for SaltedPasswords are not met, therefore the
+authentication will not work even if it was explicitly enabled for frontend
+usage:<br />
+<ul>
+ <li>Install the "rsaauth" extension and use the Install Tool to set the
+ Login Security Level for the frontend to "rsa"
+ ($TYPO3_CONF_VARS[\'FE\'][\'loginSecurityLevel\'])</li>
+
+ <li>Alternatively, use the Install Tool to set the Login Security Level
+ for the frontend to "normal"
+ ($TYPO3_CONF_VARS[\'FE\'][\'loginSecurityLevel\'])</li>
+</ul>
+<br />
+Make sure that the Login Security Level is not set to "" or "challenged"!';
+ } elseif (trim($GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel']) === 'rsa') {
+ if ($this->isRsaAuthBackendAvailable()) {
+ $this->setErrorLevel('ok');
+ $problems[] = 'The frontend is configured to use SaltedPasswords with RSA authentication.';
+ } else {
+ // This means that login would fail because rsaauth is not working properly
+ $this->setErrorLevel('error');
+ $problems[] = ('<strong>Using the extension "rsaauth" is not possible, as no encryption backend ' . 'is available. Please install and configure the PHP extension "openssl". ') . 'See <a href="http://php.net/manual/en/openssl.installation.php" target="_blank">PHP.net</a></strong>.';
+ }
+ }
+ // Only saltedpasswords as authsservice
+ if ($extConf['onlyAuthService']) {
+ // Warn user taht the combination with "forceSalted" may lock him out from frontend
+ if ($extConf['forceSalted']) {
+ $this->setErrorLevel('warning');
+ $problems[] = 'SaltedPasswords has been configured to enforce salted passwords (forceSalted).
+<br />
+This means that only passwords in the format of this extension will succeed for
+login.<br />
+<strong><i>IMPORTANT:</i></strong> Because of this, it is not possible to login with
+users not having a salted password hash (e.g. existing frontend users).';
+ } else {
+ // Inform the user that things like openid won't work anymore
+ $this->setErrorLevel('info');
+ $problems[] = 'SaltedPasswords has been configured to be the only authentication service for
+frontend logins. This means that other services like "ipauth", "openid", etc.
+will be ignored.';
+ }
+ }
+ // forceSalted is set
+ if ($extConf['forceSalted'] && !$extConf['onlyAuthService']) {
+ $this->setErrorLevel('warning');
+ $problems[] = 'SaltedPasswords has been configured to enforce salted passwords (forceSalted).
+<br />
+This means that only passwords in the format of this extension will succeed for
+login.<br />
+<strong><i>IMPORTANT:</i></strong> This has the effect that passwords that were set
+before SaltedPasswords was used will not work (in fact, they need to be
+redefined).';
+ }
+ // updatePasswd wont work with "forceSalted"
+ if ($extConf['updatePasswd'] && $extConf['forceSalted']) {
+ $this->setErrorLevel('error');
+ $problems[] = 'SaltedPasswords is configured wrong and will not work as expected:<br />
+It is not possible to set "updatePasswd" and "forceSalted" at the same time.
+Please disable either one of them.';
+ }
+ } else {
+ // Not enabled warning
+ $this->setErrorLevel('info');
+ $problems[] = 'SaltedPasswords has been disabled for frontend users.';
+ }
+ $this->problems = $problems;
+ return $this->renderFlashMessage();
+ }
+
+ /**
+ * Renders a selector element that allows to select the hash method to be used.
+ *
+ * @param array $params Field information to be rendered
+ * @param \TYPO3\CMS\Core\TypoScript\ConfigurationForm $pObj The calling parent object.
+ * @param string $disposal The configuration disposal ('FE' or 'BE')
+ * @return string The HTML selector
+ */
+ protected function buildHashMethodSelector(array $params, $pObj, $disposal) {
+ $this->init();
+ $propertyName = $params['propertyName'];
+ $unknownVariablePleaseRenameMe = ('\'' . substr(md5($propertyName), 0, 10)) . '\'';
+ $p_field = '';
+ foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'] as $class => $reference) {
+ $classInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($reference, 'tx_');
+ if ($classInstance instanceof \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface && $classInstance->isAvailable()) {
+ $sel = $this->extConf[$disposal]['saltedPWHashingMethod'] == $class ? ' selected="selected" ' : '';
+ $label = 'ext.saltedpasswords.title.' . $class;
+ $p_field .= ((((('<option value="' . htmlspecialchars($class)) . '"') . $sel) . '>') . $GLOBALS['LANG']->getLL($label)) . '</option>';
+ }
+ }
+ $p_field = ((((((('<select id="' . $propertyName) . '" name="') . $params['fieldName']) . '" onChange="uFormUrl(') . $unknownVariablePleaseRenameMe) . ')">') . $p_field) . '</select>';
+ return $p_field;
+ }
+
+ /**
+ * Renders a selector element that allows to select the hash method to be used (frontend disposal).
+ *
+ * @param array $params Field information to be rendered
+ * @param \TYPO3\CMS\Core\TypoScript\ConfigurationForm $pObj The calling parent object.
+ * @return string The HTML selector
+ */
+ public function buildHashMethodSelectorFE(array $params, $pObj) {
+ return $this->buildHashMethodSelector($params, $pObj, 'FE');
+ }
+
+ /**
+ * Renders a selector element that allows to select the hash method to be used (backend disposal)
+ *
+ * @param array $params Field information to be rendered
+ * @param \TYPO3\CMS\Core\TypoScript\ConfigurationForm $pObj The calling parent object.
+ * @return string The HTML selector
+ */
+ public function buildHashMethodSelectorBE(array $params, $pObj) {
+ return $this->buildHashMethodSelector($params, $pObj, 'BE');
+ }
+
+ /**
+ * Processes the information submitted by the user using a POST request and
+ * transforms it to a TypoScript node notation.
+ *
+ * @param array $postArray Incoming POST information
+ * @return array Processed and transformed POST information
+ */
+ private function processPostData(array $postArray = array()) {
+ foreach ($postArray as $key => $value) {
+ // TODO: Explain
+ $parts = explode('.', $key, 2);
+ if (count($parts) == 2) {
+ // TODO: Explain
+ $value = $this->processPostData(array($parts[1] => $value));
+ $postArray[$parts[0] . '.'] = array_merge((array) $postArray[($parts[0] . '.')], $value);
+ } else {
+ // TODO: Explain
+ $postArray[$parts[0]] = $value;
+ }
+ }
+ return $postArray;
+ }
+
+}
+
+
+?>
\ No newline at end of file
--- /dev/null
+<?php
+namespace TYPO3\CMS\Saltedpasswords\Utility;
+
+/***************************************************************
+ * Copyright notice
+ *
+ * (c) Marcus Krause (marcus#exp2009@t3sec.info)
+ * (c) Steffen Ritter (info@rs-websystems.de)
+ * All rights reserved
+ *
+ * This script is part of the TYPO3 project. The TYPO3 project is
+ * free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The GNU General Public License can be found at
+ * http://www.gnu.org/copyleft/gpl.html.
+ * A copy is found in the textfile GPL.txt and important notices to the license
+ * from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ * This script is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+/**
+ * Contains class "tx_saltedpasswords_div"
+ * that provides various helper functions.
+ */
+/**
+ * General library class.
+ *
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @author Steffen Ritter <info@rs-websystems.de>
+ * @since 2009-06-14
+ * @package TYPO3
+ * @subpackage tx_saltedpasswords
+ */
+class SaltedPasswordsUtility {
+
+ /**
+ * Keeps this extension's key.
+ */
+ const EXTKEY = 'saltedpasswords';
+ /**
+ * Calculates number of backend users, who have no saltedpasswords
+ * protection.
+ *
+ * @return integer
+ */
+ static public function getNumberOfBackendUsersWithInsecurePassword() {
+ $userCount = $GLOBALS['TYPO3_DB']->exec_SELECTcountRows('*', 'be_users', (('password NOT LIKE ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('$%', 'be_users')) . ' AND password NOT LIKE ') . $GLOBALS['TYPO3_DB']->fullQuoteStr('M$%', 'be_users'));
+ return $userCount;
+ }
+
+ /**
+ * Returns extension configuration data from $TYPO3_CONF_VARS (configurable in Extension Manager)
+ *
+ * @author Rainer Kuhn <kuhn@punkt.de>
+ * @author Marcus Krause <marcus#exp2009@t3sec.info>
+ * @param string $mode TYPO3_MODE, wether Configuration for Frontend or Backend should be delivered
+ * @return array Extension configuration data
+ */
+ static public function returnExtConf($mode = TYPO3_MODE) {
+ $currentConfiguration = self::returnExtConfDefaults();
+ if (isset($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'])) {
+ $extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords']);
+ // Merge default configuration with modified configuration:
+ if (isset($extensionConfiguration[$mode . '.'])) {
+ $currentConfiguration = array_merge($currentConfiguration, $extensionConfiguration[$mode . '.']);
+ }
+ }
+ return $currentConfiguration;
+ }
+
+ /**
+ * Hook function for felogin "forgotPassword" functionality
+ * encrypts the new password before storing in database
+ *
+ * @param array $params Parameter the hook delivers
+ * @param \TYPO3\CMS\FeLogin\Controller\FrontendLoginController $pObj Parent Object from which the hook is called
+ * @return void
+ */
+ public function feloginForgotPasswordHook(array &$params, \TYPO3\CMS\FeLogin\Controller\FrontendLoginController $pObj) {
+ if (self::isUsageEnabled('FE')) {
+ $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance();
+ $params['newPassword'] = $this->objInstanceSaltedPW->getHashedPassword($params['newPassword']);
+ }
+ }
+
+ /**
+ * Returns default configuration of this extension.
+ *
+ * @return array Default extension configuration data for localconf.php
+ */
+ static public function returnExtConfDefaults() {
+ return array(
+ 'onlyAuthService' => '0',
+ 'forceSalted' => '0',
+ 'updatePasswd' => '1',
+ 'saltedPWHashingMethod' => 'TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt',
+ 'enabled' => '1'
+ );
+ }
+
+ /**
+ * Function determines the default(=configured) type of
+ * salted hashing method to be used.
+ *
+ * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
+ * @return string Classname of object to be used
+ */
+ static public function getDefaultSaltingHashingMethod($mode = TYPO3_MODE) {
+ $extConf = self::returnExtConf($mode);
+ $classNameToUse = 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt';
+ if (in_array($extConf['saltedPWHashingMethod'], array_keys($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods']))) {
+ $classNameToUse = $extConf['saltedPWHashingMethod'];
+ }
+ return $classNameToUse;
+ }
+
+ /**
+ * Returns information if salted password hashes are
+ * indeed used in the TYPO3_MODE.
+ *
+ * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
+ * @return boolean TRUE, if salted password hashes are used in the TYPO3_MODE, otherwise FALSE
+ */
+ static public function isUsageEnabled($mode = TYPO3_MODE) {
+ // Login Security Level Recognition
+ $extConf = self::returnExtConf($mode);
+ $securityLevel = $GLOBALS['TYPO3_CONF_VARS'][$mode]['loginSecurityLevel'];
+ if ($mode == 'BE' && $extConf['enabled']) {
+ return $securityLevel == 'normal' && $GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] > 0 || $securityLevel == 'rsa';
+ } elseif ($mode == 'FE' && $extConf['enabled']) {
+ return \TYPO3\CMS\Core\Utility\GeneralUtility::inList('normal,rsa', $securityLevel);
+ }
+ return FALSE;
+ }
+
+}
+
+
+?>
\ No newline at end of file
--- /dev/null
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_autoloader and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Autoloader.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Autoloader.php';
+/**
+ * @var $SOBE \TYPO3\CMS\Saltedpasswords\Autoloader
+ */
+$SOBE = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Saltedpasswords\\Autoloader');
+$SOBE->execute($this);
+?>
\ No newline at end of file
--- /dev/null
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_div and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Utility/SaltedPasswordsUtility.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Utility/SaltedPasswordsUtility.php';
+?>
\ No newline at end of file
--- /dev/null
+<?php
+/***************************************************************
+ * Copyright notice
+ *
+ * (c) Steffen Ritter (info@rs-websystems.de)
+ * All rights reserved
+ *
+ * This script is part of the TYPO3 project. The TYPO3 project is
+ * free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * The GNU General Public License can be found at
+ * http://www.gnu.org/copyleft/gpl.html.
+ * A copy is found in the textfile GPL.txt and important notices to the license
+ * from the author is found in LICENSE.txt distributed with these scripts.
+ *
+ *
+ * This script is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+// Make sure that we are executed only in TYPO3 context
+if (!defined('TYPO3_MODE')) {
+ die('Access denied.');
+}
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_emconfhelper and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Utility/ExtensionManagerConfigurationUtility.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Utility/ExtensionManagerConfigurationUtility.php';
+?>
\ No newline at end of file
--- /dev/null
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_eval and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Evaluation/Evaluator.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Evaluation/Evaluator.php';
+?>
\ No newline at end of file
--- /dev/null
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_eval_be and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Evaluation/BackendEvaluator.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Evaluation/BackendEvaluator.php';
+?>
\ No newline at end of file
--- /dev/null
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_eval_fe and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Evaluation/FrontendEvaluator.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Evaluation/FrontendEvaluator.php';
+?>
\ No newline at end of file
--- /dev/null
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_abstract_salts and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Salt/AbstractSalt.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/AbstractSalt.php';
+?>
\ No newline at end of file
--- /dev/null
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_salts_blowfish and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Salt/BlowfishSalt.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/BlowfishSalt.php';
+?>
\ No newline at end of file
--- /dev/null
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_salts_factory and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Salt/SaltFactory.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/SaltFactory.php';
+?>
\ No newline at end of file
--- /dev/null
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_salts_md5 and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Salt/Md5Salt.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/Md5Salt.php';
+?>
\ No newline at end of file
--- /dev/null
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_salts_phpass and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Salt/PhpassSalt.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/PhpassSalt.php';
+?>
\ No newline at end of file
--- /dev/null
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_salts and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Salt/SaltInterface.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/SaltInterface.php';
+?>
\ No newline at end of file
--- /dev/null
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_Tasks_BulkUpdate and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Task/BulkUpdateTask.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Task/BulkUpdateTask.php';
+?>
\ No newline at end of file
--- /dev/null
+<?php
+/*
+ * @deprecated since 6.0, the classname tx_saltedpasswords_Tasks_BulkUpdate_AdditionalFieldProvider and this file is obsolete
+ * and will be removed by 7.0. The class was renamed and is now located at:
+ * typo3/sysext/saltedpasswords/Classes/Task/BulkUpdateFieldProvider.php
+ */
+require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Task/BulkUpdateFieldProvider.php';
+?>
\ No newline at end of file
+++ /dev/null
-<?php
-namespace TYPO3\CMS\Saltedpasswords;
-
-/***************************************************************
- * Copyright notice
- *
- * (c) 2011 Helmut Hummel <helmut.hummel@typo3.org>
- * All rights reserved
- *
- * This script is part of the TYPO3 project. The TYPO3 project is
- * free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * The GNU General Public License can be found at
- * http://www.gnu.org/copyleft/gpl.html.
- * A copy is found in the textfile GPL.txt and important notices to the license
- * from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- * This script is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Autoloader included from Install Tool that lets saltedpasswords load itself
- *
- * @author Helmut Hummel <helmut.hummel@typo3.org>
- * @package TYPO3
- * @subpackage saltedpasswords
- */
-class Autoloader {
-
- /**
- * Activates saltedpasswords if it is supported.
- *
- * @param \TYPO3\CMS\Install\Installer $instObj
- * @return void
- */
- public function execute(\TYPO3\CMS\Install\Installer $instObj) {
- switch ($instObj->step) {
- case 4:
- if (!\TYPO3\CMS\Core\Extension\ExtensionManager::isLoaded('saltedpasswords') && $this->isSaltedPasswordsSupported()) {
- $this->activateSaltedPasswords();
- }
- break;
- }
- }
-
- /**
- * Checks whether the OpenSSL PHP extension is working properly.
- *
- * Before automatically enabling saltedpasswords, we check for a working OpenSSL PHP extension. As we enable rsaauth
- * in the process of automatically enabling saltedpasswords, working OpenSSL is a requirement for this.
- * Availability of the command line openssl binary is not checked here, thus saltedpasswords is NOT enabled
- * automatically in this case.
- *
- * @return boolean TRUE, in case of OpenSSL works and requirements for saltedpasswords are met.
- * @see tx_rsaauth_php_backend
- */
- protected function isSaltedPasswordsSupported() {
- $isSupported = FALSE;
- if (is_callable('openssl_pkey_new')) {
- $testKey = @openssl_pkey_new();
- if (is_resource($testKey)) {
- openssl_free_key($testKey);
- $isSupported = TRUE;
- }
- }
- return $isSupported;
- }
-
- /**
- * Activates saltedpasswords.
- *
- * @return void
- */
- protected function activateSaltedPasswords() {
- if (!\TYPO3\CMS\Core\Extension\ExtensionManager::isLoaded('rsaauth')) {
- \TYPO3\CMS\Core\Extension\ExtensionManager::loadExtension('rsaauth');
- }
- if (!\TYPO3\CMS\Core\Extension\ExtensionManager::isLoaded('saltedpasswords')) {
- \TYPO3\CMS\Core\Extension\ExtensionManager::loadExtension('saltedpasswords');
- }
- \TYPO3\CMS\Core\Configuration\ConfigurationManager::setLocalConfigurationValueByPath('EXT/extConf/saltedpasswords', 'a:2:{s:3:"FE.";a:2:{s:7:"enabled";s:1:"1";s:21:"saltedPWHashingMethod";s:28:"tx_saltedpasswords_salts_md5";}s:3:"BE.";a:2:{s:7:"enabled";s:1:"1";s:21:"saltedPWHashingMethod";s:28:"tx_saltedpasswords_salts_md5";}}');
- \TYPO3\CMS\Core\Configuration\ConfigurationManager::setLocalConfigurationValueByPath('BE/loginSecurityLevel', 'rsa');
- \TYPO3\CMS\Core\Configuration\ConfigurationManager::setLocalConfigurationValueByPath('FE/loginSecurityLevel', 'rsa');
- }
-
-}
-
-
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Evaluation;
-
-/***************************************************************
- * Copyright notice
- *
- * (c) Marcus Krause (marcus#exp2009@t3sec.info)
- * (c) Steffen Ritter (info@rs-websystems.de)
- * All rights reserved
- *
- * This script is part of the TYPO3 project. The TYPO3 project is
- * free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * The GNU General Public License can be found at
- * http://www.gnu.org/copyleft/gpl.html.
- * A copy is found in the textfile GPL.txt and important notices to the license
- * from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- * This script is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Class implementing salted evaluation methods for BE users.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @author Steffen Ritter <info@rs-websystems.de>
- * @since 2009-06-14
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class BackendEvaluator extends \TYPO3\CMS\Saltedpasswords\Evaluation\Evaluator {
-
- /**
- * Class constructor.
- */
- public function __construct() {
- $this->mode = 'BE';
- }
-
-}
-
-
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Evaluation;
-
-/***************************************************************
- * Copyright notice
- *
- * (c) Marcus Krause (marcus#exp2009@t3sec.info)
- * (c) Steffen Ritter (info@rs-websystems.de)
- * All rights reserved
- *
- * This script is part of the TYPO3 project. The TYPO3 project is
- * free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * The GNU General Public License can be found at
- * http://www.gnu.org/copyleft/gpl.html.
- * A copy is found in the textfile GPL.txt and important notices to the license
- * from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- * This script is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Class implementing salted evaluation methods.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @author Steffen Ritter <info@rs-websystems.de>
- * @since 2009-06-14
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class Evaluator {
-
- /**
- * Keeps TYPO3 mode.
- *
- * Either 'FE' or 'BE'.
- *
- * @var string
- */
- protected $mode = NULL;
-
- /**
- * This function just return the field value as it is. No transforming,
- * hashing will be done on server-side.
- *
- * @return string JavaScript code for evaluating the
- * @todo Define visibility
- */
- public function returnFieldJS() {
- return 'return value;';
- }
-
- /**
- * Function uses Portable PHP Hashing Framework to create a proper password string if needed
- *
- * @param mixed $value The value that has to be checked.
- * @param string $is_in Is-In String
- * @param integer $set Determines if the field can be set (value correct) or not, e.g. if input is required but the value is empty, then $set should be set to FALSE. (PASSED BY REFERENCE!)
- * @return The new value of the field
- * @todo Define visibility
- */
- public function evaluateFieldValue($value, $is_in, &$set) {
- $isEnabled = $this->mode ? \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled($this->mode) : \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled();
- if ($isEnabled) {
- $set = FALSE;
- $isMD5 = preg_match('/[0-9abcdef]{32,32}/', $value);
- $isSaltedHash = \TYPO3\CMS\Core\Utility\GeneralUtility::inList('$1$,$2$,$2a,$P$', substr($value, 0, 3));
- $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, $this->mode);
- if ($isMD5) {
- $set = TRUE;
- $value = 'M' . $this->objInstanceSaltedPW->getHashedPassword($value);
- } elseif (!$isSaltedHash) {
- $set = TRUE;
- $value = $this->objInstanceSaltedPW->getHashedPassword($value);
- }
- }
- return $value;
- }
-
-}
-
-
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Evaluation;
-
-/***************************************************************
- * Copyright notice
- *
- * (c) Marcus Krause (marcus#exp2009@t3sec.info)
- * (c) Steffen Ritter (info@rs-websystems.de)
- * All rights reserved
- *
- * This script is part of the TYPO3 project. The TYPO3 project is
- * free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * The GNU General Public License can be found at
- * http://www.gnu.org/copyleft/gpl.html.
- * A copy is found in the textfile GPL.txt and important notices to the license
- * from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- * This script is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Class implementing salted evaluation methods for FE users.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @author Steffen Ritter <info@rs-websystems.de>
- * @since 2009-06-14
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class FrontendEvaluator extends \TYPO3\CMS\Saltedpasswords\Evaluation\Evaluator {
-
- /**
- * Class constructor.
- */
- public function __construct() {
- $this->mode = 'FE';
- }
-
-}
-
-
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Salt;
-
-/***************************************************************
- * Copyright notice
- *
- * (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
- * All rights reserved
- *
- * This script is part of the TYPO3 project. The TYPO3 project is
- * free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * The GNU General Public License can be found at
- * http://www.gnu.org/copyleft/gpl.html.
- * A copy is found in the textfile GPL.txt and important notices to the license
- * from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- * This script is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Contains abstract class "tx_saltedpasswords_abstract_salts"
- * to be used in classes that provide salted hashing.
- */
-/**
- * Abtract class with methods needed to be extended
- * in a salted hashing class.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @since 2009-09-06
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-abstract class AbstractSalt {
-
- /**
- * Method applies settings (prefix, optional hash count, optional suffix)
- * to a salt.
- *
- * @param string $salt A salt to apply setting to
- * @return string Salt with setting
- */
- abstract protected function applySettingsToSalt($salt);
-
- /**
- * Generates a random base salt settings for the hash.
- *
- * @return string A string containing settings and a random salt
- */
- abstract protected function getGeneratedSalt();
-
- /**
- * Returns a string for mapping an int to the corresponding base 64 character.
- *
- * @return string String for mapping an int to the corresponding base 64 character
- */
- abstract protected function getItoa64();
-
- /**
- * Returns setting string to indicate type of hashing method.
- *
- * @return string Setting string of hashing method
- */
- abstract protected function getSetting();
-
- /**
- * Encodes bytes into printable base 64 using the *nix standard from crypt().
- *
- * @param string $input The string containing bytes to encode.
- * @param integer $count The number of characters (bytes) to encode.
- * @return string Encoded string
- */
- public function base64Encode($input, $count) {
- $output = '';
- $i = 0;
- $itoa64 = $this->getItoa64();
- do {
- $value = ord($input[$i++]);
- $output .= $itoa64[$value & 63];
- if ($i < $count) {
- $value |= ord($input[$i]) << 8;
- }
- $output .= $itoa64[$value >> 6 & 63];
- if ($i++ >= $count) {
- break;
- }
- if ($i < $count) {
- $value |= ord($input[$i]) << 16;
- }
- $output .= $itoa64[$value >> 12 & 63];
- if ($i++ >= $count) {
- break;
- }
- $output .= $itoa64[$value >> 18 & 63];
- } while ($i < $count);
- return $output;
- }
-
- /**
- * Method determines required length of base64 characters for a given
- * length of a byte string.
- *
- * @param integer $byteLength Length of bytes to calculate in base64 chars
- * @return integer Required length of base64 characters
- */
- protected function getLengthBase64FromBytes($byteLength) {
- // Calculates bytes in bits in base64
- return intval(ceil(($byteLength * 8) / 6));
- }
-
-}
-
-
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Salt;
-
-/***************************************************************
- * Copyright notice
- *
- * (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
- * All rights reserved
- *
- * This script is part of the TYPO3 project. The TYPO3 project is
- * free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * The GNU General Public License can be found at
- * http://www.gnu.org/copyleft/gpl.html.
- * A copy is found in the textfile GPL.txt and important notices to the license
- * from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- * This script is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Contains class "tx_saltedpasswords_salts_blowfish"
- * that provides Blowfish salted hashing.
- */
-/**
- * Class that implements Blowfish salted hashing based on PHP's
- * crypt() function.
- *
- * Warning: Blowfish salted hashing with PHP's crypt() is not available
- * on every system.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @since 2009-09-06
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class BlowfishSalt extends \TYPO3\CMS\Saltedpasswords\Salt\Md5Salt {
-
- /**
- * The default log2 number of iterations for password stretching.
- */
- const HASH_COUNT = 7;
- /**
- * The default maximum allowed log2 number of iterations for
- * password stretching.
- */
- const MAX_HASH_COUNT = 17;
- /**
- * The default minimum allowed log2 number of iterations for
- * password stretching.
- */
- const MIN_HASH_COUNT = 4;
- /**
- * Keeps log2 number
- * of iterations for password stretching.
- *
- * @var integer
- */
- static protected $hashCount;
-
- /**
- * Keeps maximum allowed log2 number
- * of iterations for password stretching.
- *
- * @var integer
- */
- static protected $maxHashCount;
-
- /**
- * Keeps minimum allowed log2 number
- * of iterations for password stretching.
- *
- * @var integer
- */
- static protected $minHashCount;
-
- /**
- * Keeps length of a Blowfish salt in bytes.
- *
- * @var integer
- */
- static protected $saltLengthBlowfish = 16;
-
- /**
- * Setting string to indicate type of hashing method (blowfish).
- *
- * @var string
- */
- static protected $settingBlowfish = '$2a$';
-
- /**
- * Method applies settings (prefix, hash count) to a salt.
- *
- * Overwrites {@link tx_saltedpasswords_salts_md5::applySettingsToSalt()}
- * with Blowfish specifics.
- *
- * @param string $salt A salt to apply setting to
- * @return string Salt with setting
- */
- protected function applySettingsToSalt($salt) {
- $saltWithSettings = $salt;
- $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
- // salt without setting
- if (strlen($salt) == $reqLenBase64) {
- $saltWithSettings = (($this->getSetting() . sprintf('%02u', $this->getHashCount())) . '$') . $salt;
- }
- return $saltWithSettings;
- }
-
- /**
- * Parses the log2 iteration count from a stored hash or setting string.
- *
- * @param string $setting Complete hash or a hash's setting string or to get log2 iteration count from
- * @return integer Used hashcount for given hash string
- */
- protected function getCountLog2($setting) {
- $countLog2 = NULL;
- $setting = substr($setting, strlen($this->getSetting()));
- $firstSplitPos = strpos($setting, '$');
- // Hashcount existing
- if (($firstSplitPos !== FALSE && $firstSplitPos <= 2) && is_numeric(substr($setting, 0, $firstSplitPos))) {
- $countLog2 = intval(substr($setting, 0, $firstSplitPos));
- }
- return $countLog2;
- }
-
- /**
- * Method returns log2 number of iterations for password stretching.
- *
- * @return integer log2 number of iterations for password stretching
- * @see HASH_COUNT
- * @see $hashCount
- * @see setHashCount()
- */
- public function getHashCount() {
- return isset(self::$hashCount) ? self::$hashCount : self::HASH_COUNT;
- }
-
- /**
- * Method returns maximum allowed log2 number of iterations for password stretching.
- *
- * @return integer Maximum allowed log2 number of iterations for password stretching
- * @see MAX_HASH_COUNT
- * @see $maxHashCount
- * @see setMaxHashCount()
- */
- public function getMaxHashCount() {
- return isset(self::$maxHashCount) ? self::$maxHashCount : self::MAX_HASH_COUNT;
- }
-
- /**
- * Returns wether all prequesites for the hashing methods are matched
- *
- * @return boolean Method available
- */
- public function isAvailable() {
- return CRYPT_BLOWFISH;
- }
-
- /**
- * Method returns minimum allowed log2 number of iterations for password stretching.
- *
- * @return integer Minimum allowed log2 number of iterations for password stretching
- * @see MIN_HASH_COUNT
- * @see $minHashCount
- * @see setMinHashCount()
- */
- public function getMinHashCount() {
- return isset(self::$minHashCount) ? self::$minHashCount : self::MIN_HASH_COUNT;
- }
-
- /**
- * Returns length of a Blowfish salt in bytes.
- *
- * Overwrites {@link tx_saltedpasswords_salts_md5::getSaltLength()}
- * with Blowfish specifics.
- *
- * @return integer Length of a Blowfish salt in bytes
- */
- public function getSaltLength() {
- return self::$saltLengthBlowfish;
- }
-
- /**
- * Returns setting string of Blowfish salted hashes.
- *
- * Overwrites {@link tx_saltedpasswords_salts_md5::getSetting()}
- * with Blowfish specifics.
- *
- * @return string Setting string of Blowfish salted hashes
- */
- public function getSetting() {
- return self::$settingBlowfish;
- }
-
- /**
- * Checks whether a user's hashed password needs to be replaced with a new hash.
- *
- * This is typically called during the login process when the plain text
- * password is available. A new hash is needed when the desired iteration
- * count has changed through a change in the variable $hashCount or
- * HASH_COUNT.
- *
- * @param string $saltedPW Salted hash to check if it needs an update
- * @return boolean TRUE if salted hash needs an update, otherwise FALSE
- */
- public function isHashUpdateNeeded($saltedPW) {
- // Check whether this was an updated password.
- if (strncmp($saltedPW, '$2', 2) || !$this->isValidSalt($saltedPW)) {
- return TRUE;
- }
- // Check whether the iteration count used differs from the standard number.
- $countLog2 = $this->getCountLog2($saltedPW);
- return !is_NULL($countLog2) && $countLog2 < $this->getHashCount();
- }
-
- /**
- * Method determines if a given string is a valid salt.
- *
- * Overwrites {@link tx_saltedpasswords_salts_md5::isValidSalt()} with
- * Blowfish specifics.
- *
- * @param string $salt String to check
- * @return boolean TRUE if it's valid salt, otherwise FALSE
- */
- public function isValidSalt($salt) {
- $isValid = ($skip = FALSE);
- $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
- if (strlen($salt) >= $reqLenBase64) {
- // Salt with prefixed setting
- if (!strncmp('$', $salt, 1)) {
- if (!strncmp($this->getSetting(), $salt, strlen($this->getSetting()))) {
- $isValid = TRUE;
- $salt = substr($salt, strrpos($salt, '$') + 1);
- } else {
- $skip = TRUE;
- }
- }
- // Checking base64 characters
- if (!$skip && strlen($salt) >= $reqLenBase64) {
- if (preg_match(((((('/^[' . preg_quote($this->getItoa64(), '/')) . ']{') . $reqLenBase64) . ',') . $reqLenBase64) . '}$/', substr($salt, 0, $reqLenBase64))) {
- $isValid = TRUE;
- }
- }
- }
- return $isValid;
- }
-
- /**
- * Method determines if a given string is a valid salted hashed password.
- *
- * @param string $saltedPW String to check
- * @return boolean TRUE if it's valid salted hashed password, otherwise FALSE
- */
- public function isValidSaltedPW($saltedPW) {
- $isValid = FALSE;
- $isValid = !strncmp($this->getSetting(), $saltedPW, strlen($this->getSetting())) ? TRUE : FALSE;
- if ($isValid) {
- $isValid = $this->isValidSalt($saltedPW);
- }
- return $isValid;
- }
-
- /**
- * Method sets log2 number of iterations for password stretching.
- *
- * @param integer $hashCount log2 number of iterations for password stretching to set
- * @see HASH_COUNT
- * @see $hashCount
- * @see getHashCount()
- */
- public function setHashCount($hashCount = NULL) {
- self::$hashCount = ((!is_NULL($hashCount) && is_int($hashCount)) && $hashCount >= $this->getMinHashCount()) && $hashCount <= $this->getMaxHashCount() ? $hashCount : self::HASH_COUNT;
- }
-
- /**
- * Method sets maximum allowed log2 number of iterations for password stretching.
- *
- * @param integer $maxHashCount Maximum allowed log2 number of iterations for password stretching to set
- * @see MAX_HASH_COUNT
- * @see $maxHashCount
- * @see getMaxHashCount()
- */
- public function setMaxHashCount($maxHashCount = NULL) {
- self::$maxHashCount = !is_NULL($maxHashCount) && is_int($maxHashCount) ? $maxHashCount : self::MAX_HASH_COUNT;
- }
-
- /**
- * Method sets minimum allowed log2 number of iterations for password stretching.
- *
- * @param integer $minHashCount Minimum allowed log2 number of iterations for password stretching to set
- * @see MIN_HASH_COUNT
- * @see $minHashCount
- * @see getMinHashCount()
- */
- public function setMinHashCount($minHashCount = NULL) {
- self::$minHashCount = !is_NULL($minHashCount) && is_int($minHashCount) ? $minHashCount : self::MIN_HASH_COUNT;
- }
-
-}
-
-
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Salt;
-
-/***************************************************************
- * Copyright notice
- *
- * (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
- * All rights reserved
- *
- * This script is part of the TYPO3 project. The TYPO3 project is
- * free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * The GNU General Public License can be found at
- * http://www.gnu.org/copyleft/gpl.html.
- * A copy is found in the textfile GPL.txt and important notices to the license
- * from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- * This script is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Contains class "tx_saltedpasswords_salts_md5"
- * that provides MD5 salted hashing.
- */
-/**
- * Class that implements MD5 salted hashing based on PHP's
- * crypt() function.
- *
- * MD5 salted hashing with PHP's crypt() should be available
- * on most of the systems.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @since 2009-09-06
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class Md5Salt extends \TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt implements \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface {
-
- /**
- * Keeps a string for mapping an int to the corresponding
- * base 64 character.
- */
- const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
- /**
- * Keeps length of a MD5 salt in bytes.
- *
- * @var integer
- */
- static protected $saltLengthMD5 = 6;
-
- /**
- * Keeps suffix to be appended to a salt.
- *
- * @var string
- */
- static protected $saltSuffixMD5 = '$';
-
- /**
- * Setting string to indicate type of hashing method (md5).
- *
- * @var string
- */
- static protected $settingMD5 = '$1$';
-
- /**
- * Method applies settings (prefix, suffix) to a salt.
- *
- * @param string $salt A salt to apply setting to
- * @return string Salt with setting
- */
- protected function applySettingsToSalt($salt) {
- $saltWithSettings = $salt;
- $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
- // Salt without setting
- if (strlen($salt) == $reqLenBase64) {
- $saltWithSettings = ($this->getSetting() . $salt) . $this->getSaltSuffix();
- }
- return $saltWithSettings;
- }
-
- /**
- * Method checks if a given plaintext password is correct by comparing it with
- * a given salted hashed password.
- *
- * @param string $plainPW plain-text password to compare with salted hash
- * @param string $saltedHashPW salted hash to compare plain-text password with
- * @return boolean TRUE, if plain-text password matches the salted hash, otherwise FALSE
- */
- public function checkPassword($plainPW, $saltedHashPW) {
- $isCorrect = FALSE;
- if ($this->isValidSalt($saltedHashPW)) {
- $isCorrect = crypt($plainPW, $saltedHashPW) == $saltedHashPW;
- }
- return $isCorrect;
- }
-
- /**
- * Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.
- *
- * Proper use of salts may defeat a number of attacks, including:
- * - The ability to try candidate passwords against multiple hashes at once.
- * - The ability to use pre-hashed lists of candidate passwords.
- * - The ability to determine whether two users have the same (or different)
- * password without actually having to guess one of the passwords.
- *
- * @return string A character string containing settings and a random salt
- */
- protected function getGeneratedSalt() {
- $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->getSaltLength());
- return $this->base64Encode($randomBytes, $this->getSaltLength());
- }
-
- /**
- * Method creates a salted hash for a given plaintext password
- *
- * @param string $password plaintext password to create a salted hash from
- * @param string $salt Optional custom salt with setting to use
- * @return string Salted hashed password
- */
- public function getHashedPassword($password, $salt = NULL) {
- $saltedPW = NULL;
- if (!empty($password)) {
- if (empty($salt) || !$this->isValidSalt($salt)) {
- $salt = $this->getGeneratedSalt();
- }
- $saltedPW = crypt($password, $this->applySettingsToSalt($salt));
- }
- return $saltedPW;
- }
-
- /**
- * Returns a string for mapping an int to the corresponding base 64 character.
- *
- * @return string String for mapping an int to the corresponding base 64 character
- */
- protected function getItoa64() {
- return self::ITOA64;
- }
-
- /**
- * Returns wether all prequesites for the hashing methods are matched
- *
- * @return boolean Method available
- */
- public function isAvailable() {
- return CRYPT_MD5;
- }
-
- /**
- * Returns length of a MD5 salt in bytes.
- *
- * @return integer Length of a MD5 salt in bytes
- */
- public function getSaltLength() {
- return self::$saltLengthMD5;
- }
-
- /**
- * Returns suffix to be appended to a salt.
- *
- * @return string Suffix of a salt
- */
- protected function getSaltSuffix() {
- return self::$saltSuffixMD5;
- }
-
- /**
- * Returns setting string of MD5 salted hashes.
- *
- * @return string Setting string of MD5 salted hashes
- */
- public function getSetting() {
- return self::$settingMD5;
- }
-
- /**
- * Checks whether a user's hashed password needs to be replaced with a new hash.
- *
- * This is typically called during the login process when the plain text
- * password is available. A new hash is needed when the desired iteration
- * count has changed through a change in the variable $hashCount or
- * HASH_COUNT or if the user's password hash was generated in an bulk update
- * with class ext_update.
- *
- * @param string $passString Salted hash to check if it needs an update
- * @return boolean TRUE if salted hash needs an update, otherwise FALSE
- */
- public function isHashUpdateNeeded($passString) {
- return FALSE;
- }
-
- /**
- * Method determines if a given string is a valid salt
- *
- * @param string $salt String to check
- * @return boolean TRUE if it's valid salt, otherwise FALSE
- */
- public function isValidSalt($salt) {
- $isValid = ($skip = FALSE);
- $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
- if (strlen($salt) >= $reqLenBase64) {
- // Salt with prefixed setting
- if (!strncmp('$', $salt, 1)) {
- if (!strncmp($this->getSetting(), $salt, strlen($this->getSetting()))) {
- $isValid = TRUE;
- $salt = substr($salt, strlen($this->getSetting()));
- } else {
- $skip = TRUE;
- }
- }
- // Checking base64 characters
- if (!$skip && strlen($salt) >= $reqLenBase64) {
- if (preg_match(((((('/^[' . preg_quote($this->getItoa64(), '/')) . ']{') . $reqLenBase64) . ',') . $reqLenBase64) . '}$/', substr($salt, 0, $reqLenBase64))) {
- $isValid = TRUE;
- }
- }
- }
- return $isValid;
- }
-
- /**
- * Method determines if a given string is a valid salted hashed password.
- *
- * @param string $saltedPW String to check
- * @return boolean TRUE if it's valid salted hashed password, otherwise FALSE
- */
- public function isValidSaltedPW($saltedPW) {
- $isValid = FALSE;
- $isValid = !strncmp($this->getSetting(), $saltedPW, strlen($this->getSetting())) ? TRUE : FALSE;
- if ($isValid) {
- $isValid = $this->isValidSalt($saltedPW);
- }
- return $isValid;
- }
-
-}
-
-
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Salt;
-
-/***************************************************************
- * Copyright notice
- *
- * (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
- * All rights reserved
- *
- * This script is part of the TYPO3 project. The TYPO3 project is
- * free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * The GNU General Public License can be found at
- * http://www.gnu.org/copyleft/gpl.html.
- * A copy is found in the textfile GPL.txt and important notices to the license
- * from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- * This script is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Contains class "tx_saltedpasswords_salts_phpass"
- * that provides PHPass salted hashing.
- *
- * Derived from Drupal CMS
- * original license: GNU General Public License (GPL)
- *
- * @see http://drupal.org/node/29706/
- * @see http://www.openwall.com/phpass/
- */
-/**
- * Class that implements PHPass salted hashing based on Drupal's
- * modified Openwall implementation.
- *
- * PHPass should work on every system.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @since 2009-09-06
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class PhpassSalt extends \TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt implements \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface {
-
- /**
- * Keeps a string for mapping an int to the corresponding
- * base 64 character.
- */
- const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
- /**
- * The default log2 number of iterations for password stretching.
- */
- const HASH_COUNT = 14;
- /**
- * The default maximum allowed log2 number of iterations for
- * password stretching.
- */
- const MAX_HASH_COUNT = 24;
- /**
- * The default minimum allowed log2 number of iterations for
- * password stretching.
- */
- const MIN_HASH_COUNT = 7;
- /**
- * Keeps log2 number
- * of iterations for password stretching.
- *
- * @var integer
- */
- static protected $hashCount;
-
- /**
- * Keeps maximum allowed log2 number
- * of iterations for password stretching.
- *
- * @var integer
- */
- static protected $maxHashCount;
-
- /**
- * Keeps minimum allowed log2 number
- * of iterations for password stretching.
- *
- * @var integer
- */
- static protected $minHashCount;
-
- /**
- * Keeps length of a PHPass salt in bytes.
- *
- * @var integer
- */
- static protected $saltLengthPhpass = 6;
-
- /**
- * Setting string to indicate type of hashing method (PHPass).
- *
- * @var string
- */
- static protected $settingPhpass = '$P$';
-
- /**
- * Method applies settings (prefix, hash count) to a salt.
- *
- * Overwrites {@link tx_saltedpasswords_salts_md5::applySettingsToSalt()}
- * with Blowfish specifics.
- *
- * @param string $salt A salt to apply setting to
- * @return string Salt with setting
- */
- protected function applySettingsToSalt($salt) {
- $saltWithSettings = $salt;
- $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
- // Salt without setting
- if (strlen($salt) == $reqLenBase64) {
- // We encode the final log2 iteration count in base 64.
- $itoa64 = $this->getItoa64();
- $saltWithSettings = $this->getSetting() . $itoa64[$this->getHashCount()];
- $saltWithSettings .= $salt;
- }
- return $saltWithSettings;
- }
-
- /**
- * Method checks if a given plaintext password is correct by comparing it with
- * a given salted hashed password.
- *
- * @param string $plainPW Plain-text password to compare with salted hash
- * @param string $saltedHashPW Salted hash to compare plain-text password with
- * @return boolean TRUE, if plain-text password matches the salted hash, otherwise FALSE
- */
- public function checkPassword($plainPW, $saltedHashPW) {
- $hash = $this->cryptPassword($plainPW, $saltedHashPW);
- return $hash && $saltedHashPW === $hash;
- }
-
- /**
- * Returns wether all prequesites for the hashing methods are matched
- *
- * @return boolean Method available
- */
- public function isAvailable() {
- return TRUE;
- }
-
- /**
- * Hashes a password using a secure stretched hash.
- *
- * By using a salt and repeated hashing the password is "stretched". Its
- * security is increased because it becomes much more computationally costly
- * for an attacker to try to break the hash by brute-force computation of the
- * hashes of a large number of plain-text words or strings to find a match.
- *
- * @param string $password Plain-text password to hash
- * @param string $setting An existing hash or the output of getGeneratedSalt()
- * @return mixed A string containing the hashed password (and salt)
- */
- protected function cryptPassword($password, $setting) {
- $saltedPW = NULL;
- $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
- // Retrieving settings with salt
- $setting = substr($setting, 0, (strlen($this->getSetting()) + 1) + $reqLenBase64);
- $count_log2 = $this->getCountLog2($setting);
- // Hashes may be imported from elsewhere, so we allow != HASH_COUNT
- if ($count_log2 >= $this->getMinHashCount() && $count_log2 <= $this->getMaxHashCount()) {
- $salt = substr($setting, strlen($this->getSetting()) + 1, $reqLenBase64);
- // We must use md5() or sha1() here since they are the only cryptographic
- // primitives always available in PHP 5. To implement our own low-level
- // cryptographic function in PHP would result in much worse performance and
- // consequently in lower iteration counts and hashes that are quicker to crack
- // (by non-PHP code).
- $count = 1 << $count_log2;
- $hash = md5($salt . $password, TRUE);
- do {
- $hash = md5($hash . $password, TRUE);
- } while (--$count);
- $saltedPW = $setting . $this->base64Encode($hash, 16);
- // base64Encode() of a 16 byte MD5 will always be 22 characters.
- return strlen($saltedPW) == 34 ? $saltedPW : FALSE;
- }
- return $saltedPW;
- }
-
- /**
- * Parses the log2 iteration count from a stored hash or setting string.
- *
- * @param string $setting Complete hash or a hash's setting string or to get log2 iteration count from
- * @return integer Used hashcount for given hash string
- */
- protected function getCountLog2($setting) {
- return strpos($this->getItoa64(), $setting[strlen($this->getSetting())]);
- }
-
- /**
- * Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.
- *
- * Proper use of salts may defeat a number of attacks, including:
- * - The ability to try candidate passwords against multiple hashes at once.
- * - The ability to use pre-hashed lists of candidate passwords.
- * - The ability to determine whether two users have the same (or different)
- * password without actually having to guess one of the passwords.
- *
- * @return string A character string containing settings and a random salt
- */
- protected function getGeneratedSalt() {
- $randomBytes = \TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes($this->getSaltLength());
- return $this->base64Encode($randomBytes, $this->getSaltLength());
- }
-
- /**
- * Method returns log2 number of iterations for password stretching.
- *
- * @return integer log2 number of iterations for password stretching
- * @see HASH_COUNT
- * @see $hashCount
- * @see setHashCount()
- */
- public function getHashCount() {
- return isset(self::$hashCount) ? self::$hashCount : self::HASH_COUNT;
- }
-
- /**
- * Method creates a salted hash for a given plaintext password
- *
- * @param string $password Plaintext password to create a salted hash from
- * @param string $salt Optional custom salt with setting to use
- * @return string salted hashed password
- */
- public function getHashedPassword($password, $salt = NULL) {
- $saltedPW = NULL;
- if (!empty($password)) {
- if (empty($salt) || !$this->isValidSalt($salt)) {
- $salt = $this->getGeneratedSalt();
- }
- $saltedPW = $this->cryptPassword($password, $this->applySettingsToSalt($salt));
- }
- return $saltedPW;
- }
-
- /**
- * Returns a string for mapping an int to the corresponding base 64 character.
- *
- * @return string String for mapping an int to the corresponding base 64 character
- */
- protected function getItoa64() {
- return self::ITOA64;
- }
-
- /**
- * Method returns maximum allowed log2 number of iterations for password stretching.
- *
- * @return integer Maximum allowed log2 number of iterations for password stretching
- * @see MAX_HASH_COUNT
- * @see $maxHashCount
- * @see setMaxHashCount()
- */
- public function getMaxHashCount() {
- return isset(self::$maxHashCount) ? self::$maxHashCount : self::MAX_HASH_COUNT;
- }
-
- /**
- * Method returns minimum allowed log2 number of iterations for password stretching.
- *
- * @return integer Minimum allowed log2 number of iterations for password stretching
- * @see MIN_HASH_COUNT
- * @see $minHashCount
- * @see setMinHashCount()
- */
- public function getMinHashCount() {
- return isset(self::$minHashCount) ? self::$minHashCount : self::MIN_HASH_COUNT;
- }
-
- /**
- * Returns length of a Blowfish salt in bytes.
- *
- * @return integer Length of a Blowfish salt in bytes
- */
- public function getSaltLength() {
- return self::$saltLengthPhpass;
- }
-
- /**
- * Returns setting string of PHPass salted hashes.
- *
- * @return string Setting string of PHPass salted hashes
- */
- public function getSetting() {
- return self::$settingPhpass;
- }
-
- /**
- * Checks whether a user's hashed password needs to be replaced with a new hash.
- *
- * This is typically called during the login process when the plain text
- * password is available. A new hash is needed when the desired iteration
- * count has changed through a change in the variable $hashCount or
- * HASH_COUNT or if the user's password hash was generated in an bulk update
- * with class ext_update.
- *
- * @param string $passString Salted hash to check if it needs an update
- * @return boolean TRUE if salted hash needs an update, otherwise FALSE
- */
- public function isHashUpdateNeeded($passString) {
- // Check whether this was an updated password.
- if (strncmp($passString, '$P$', 3) || strlen($passString) != 34) {
- return TRUE;
- }
- // Check whether the iteration count used differs from the standard number.
- return $this->getCountLog2($passString) < $this->getHashCount();
- }
-
- /**
- * Method determines if a given string is a valid salt.
- *
- * @param string $salt String to check
- * @return boolean TRUE if it's valid salt, otherwise FALSE
- */
- public function isValidSalt($salt) {
- $isValid = ($skip = FALSE);
- $reqLenBase64 = $this->getLengthBase64FromBytes($this->getSaltLength());
- if (strlen($salt) >= $reqLenBase64) {
- // Salt with prefixed setting
- if (!strncmp('$', $salt, 1)) {
- if (!strncmp($this->getSetting(), $salt, strlen($this->getSetting()))) {
- $isValid = TRUE;
- $salt = substr($salt, strrpos($salt, '$') + 2);
- } else {
- $skip = TRUE;
- }
- }
- // Checking base64 characters
- if (!$skip && strlen($salt) >= $reqLenBase64) {
- if (preg_match(((((('/^[' . preg_quote($this->getItoa64(), '/')) . ']{') . $reqLenBase64) . ',') . $reqLenBase64) . '}$/', substr($salt, 0, $reqLenBase64))) {
- $isValid = TRUE;
- }
- }
- }
- return $isValid;
- }
-
- /**
- * Method determines if a given string is a valid salted hashed password.
- *
- * @param string $saltedPW String to check
- * @return boolean TRUE if it's valid salted hashed password, otherwise FALSE
- */
- public function isValidSaltedPW($saltedPW) {
- $isValid = FALSE;
- $isValid = !strncmp($this->getSetting(), $saltedPW, strlen($this->getSetting())) ? TRUE : FALSE;
- if ($isValid) {
- $isValid = $this->isValidSalt($saltedPW);
- }
- return $isValid;
- }
-
- /**
- * Method sets log2 number of iterations for password stretching.
- *
- * @param integer $hashCount log2 number of iterations for password stretching to set
- * @see HASH_COUNT
- * @see $hashCount
- * @see getHashCount()
- */
- public function setHashCount($hashCount = NULL) {
- self::$hashCount = ((!is_NULL($hashCount) && is_int($hashCount)) && $hashCount >= $this->getMinHashCount()) && $hashCount <= $this->getMaxHashCount() ? $hashCount : self::HASH_COUNT;
- }
-
- /**
- * Method sets maximum allowed log2 number of iterations for password stretching.
- *
- * @param integer $maxHashCount Maximum allowed log2 number of iterations for password stretching to set
- * @see MAX_HASH_COUNT
- * @see $maxHashCount
- * @see getMaxHashCount()
- */
- public function setMaxHashCount($maxHashCount = NULL) {
- self::$maxHashCount = !is_NULL($maxHashCount) && is_int($maxHashCount) ? $maxHashCount : self::MAX_HASH_COUNT;
- }
-
- /**
- * Method sets minimum allowed log2 number of iterations for password stretching.
- *
- * @param integer $minHashCount Minimum allowed log2 number of iterations for password stretching to set
- * @see MIN_HASH_COUNT
- * @see $minHashCount
- * @see getMinHashCount()
- */
- public function setMinHashCount($minHashCount = NULL) {
- self::$minHashCount = !is_NULL($minHashCount) && is_int($minHashCount) ? $minHashCount : self::MIN_HASH_COUNT;
- }
-
-}
-
-
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Salt;
-
-/***************************************************************
- * Copyright notice
- *
- * (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
- * All rights reserved
- *
- * This script is part of the TYPO3 project. The TYPO3 project is
- * free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * The GNU General Public License can be found at
- * http://www.gnu.org/copyleft/gpl.html.
- * A copy is found in the textfile GPL.txt and important notices to the license
- * from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- * This script is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Contains class "tx_saltedpasswords_salts_factory"
- * that provides a salted hashing method factory.
- */
-/**
- * Class that implements Blowfish salted hashing based on PHP's
- * crypt() function.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @since 2009-09-06
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class SaltFactory {
-
- /**
- * An instance of the salted hashing method.
- * This member is set in the getSaltingInstance() function.
- *
- * @var \TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt
- */
- static protected $instance = NULL;
-
- /**
- * Obtains a salting hashing method instance.
- *
- * This function will return an instance of a class that implements
- * tx_saltedpasswords_abstract_salts.
- *
- * Use parameter NULL to reset the factory!
- *
- * @param string $saltedHash (optional) Salted hashed password to determine the type of used method from or NULL to reset the factory
- * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
- * @return tx_saltedpasswords_abstract_salts an instance of salting hashing method object
- */
- static public function getSaltingInstance($saltedHash = '', $mode = TYPO3_MODE) {
- // Creating new instance when
- // * no instance existing
- // * a salted hash given to determine salted hashing method from
- // * a NULL parameter given to reset instance back to default method
- if ((!is_object(self::$instance) || !empty($saltedHash)) || is_NULL($saltedHash)) {
- // Determine method by checking the given hash
- if (!empty($saltedHash)) {
- $result = self::determineSaltingHashingMethod($saltedHash);
- if (!$result) {
- self::$instance = NULL;
- }
- } else {
- $classNameToUse = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod($mode);
- $availableClasses = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'];
- self::$instance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($availableClasses[$classNameToUse], 'tx_');
- }
- }
- return self::$instance;
- }
-
- /**
- * Method tries to determine the salting hashing method used for given salt.
- *
- * Method implicitly sets the instance of the found method object in the class property when found.
- *
- * @param string $saltedHash
- * @return boolean TRUE, if salting hashing method has been found, otherwise FALSE
- */
- static public function determineSaltingHashingMethod($saltedHash) {
- $methodFound = FALSE;
- $defaultMethods = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'];
- foreach ($defaultMethods as $method) {
- $objectInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($method, 'tx_');
- if ($objectInstance instanceof \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface) {
- $methodFound = $objectInstance->isValidSaltedPW($saltedHash);
- if ($methodFound) {
- self::$instance = $objectInstance;
- break;
- }
- }
- }
- return $methodFound;
- }
-
- /**
- * Method sets a custom salting hashing method class.
- *
- * @param string $resource Object resource to use (e.g. 'EXT:saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_blowfish.php:tx_saltedpasswords_salts_blowfish')
- * @return tx_saltedpasswords_abstract_salts an instance of salting hashing method object
- */
- static public function setPreferredHashingMethod($resource) {
- self::$instance = NULL;
- $objectInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($resource);
- if (is_object($objectInstance) && is_subclass_of($objectInstance, 'TYPO3\\CMS\\Saltedpasswords\\Salt\\AbstractSalt')) {
- self::$instance = $objectInstance;
- }
- return self::$instance;
- }
-
-}
-
-
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Salt;
-
-/***************************************************************
- * Copyright notice
- *
- * (c) 2009-2011 Marcus Krause <marcus#exp2009@t3sec.info>
- * (c) 2009-2011 Steffen Ritter <info@rs-websystems.de>
- * All rights reserved
- *
- * This script is part of the TYPO3 project. The TYPO3 project is
- * free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * The GNU General Public License can be found at
- * http://www.gnu.org/copyleft/gpl.html.
- * A copy is found in the textfile GPL.txt and important notices to the license
- * from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- * This script is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Contains interface "tx_saltedpasswords_salts" to be used in
- * classes that provide salted hashing.
- */
-/**
- * Interface with public methods needed to be implemented
- * in a salting hashing class.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @author Steffen Ritter <info@rs-websystems.de>
- * @since 2009-09-06
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-interface SaltInterface
-{
- /**
- * Method checks if a given plaintext password is correct by comparing it with
- * a given salted hashed password.
- *
- * @param string $plainPW plain-text password to compare with salted hash
- * @param string $saltedHashPW Salted hash to compare plain-text password with
- * @return boolean TRUE, if plaintext password is correct, otherwise FALSE
- */
- public function checkPassword($plainPW, $saltedHashPW);
-
- /**
- * Returns length of required salt.
- *
- * @return integer Length of required salt
- */
- public function getSaltLength();
-
- /**
- * Returns wether all prequesites for the hashing methods are matched
- *
- * @return boolean Method available
- */
- public function isAvailable();
-
- /**
- * Method creates a salted hash for a given plaintext password
- *
- * @param string $password Plaintext password to create a salted hash from
- * @param string $salt Optional custom salt to use
- * @return string Salted hashed password
- */
- public function getHashedPassword($password, $salt = NULL);
-
- /**
- * Checks whether a user's hashed password needs to be replaced with a new hash.
- *
- * This is typically called during the login process when the plain text
- * password is available. A new hash is needed when the desired iteration
- * count has changed through a change in the variable $hashCount or
- * HASH_COUNT or if the user's password hash was generated in an bulk update
- * with class ext_update.
- *
- * @param string $passString Salted hash to check if it needs an update
- * @return boolean TRUE if salted hash needs an update, otherwise FALSE
- */
- public function isHashUpdateNeeded($passString);
-
- /**
- * Method determines if a given string is a valid salt
- *
- * @param string $salt String to check
- * @return boolean TRUE if it's valid salt, otherwise FALSE
- */
- public function isValidSalt($salt);
-
- /**
- * Method determines if a given string is a valid salted hashed password.
- *
- * @param string $saltedPW String to check
- * @return boolean TRUE if it's valid salted hashed password, otherwise FALSE
- */
- public function isValidSaltedPW($saltedPW);
-
-}
-
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-namespace TYPO3\CMS\Saltedpasswords;
-
-/***************************************************************
- * Copyright notice
- *
- * (c) Marcus Krause (marcus#exp2009@t3sec.info)
- * (c) Steffen Ritter (info@rs-websystems.de)
- * All rights reserved
- *
- * This script is part of the TYPO3 project. The TYPO3 project is
- * free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * The GNU General Public License can be found at
- * http://www.gnu.org/copyleft/gpl.html.
- * A copy is found in the textfile GPL.txt and important notices to the license
- * from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- * This script is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Contains authentication service class for salted hashed passwords.
- */
-/**
- * Class implements salted-password hashes authentication service.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @author Steffen Ritter <info@rs-websystems.de>
- * @since 2009-06-14
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class SaltedPasswordService extends \TYPO3\CMS\Sv\AbstractAuthenticationService {
-
- /**
- * Keeps class name.
- *
- * @var string
- */
- public $prefixId = 'tx_saltedpasswords_sv1';
-
- /**
- * Keeps path to this script relative to the extension directory.
- *
- * @var string
- */
- public $scriptRelPath = 'sv1/class.tx_saltedpasswords_sv1.php';
-
- /**
- * Keeps extension key.
- *
- * @var string
- */
- public $extKey = 'saltedpasswords';
-
- /**
- * Keeps extension configuration.
- *
- * @var mixed
- */
- protected $extConf;
-
- /**
- * An instance of the salted hashing method.
- * This member is set in the getSaltingInstance() function.
- *
- * @var \TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt
- */
- protected $objInstanceSaltedPW = NULL;
-
- /**
- * Indicates whether the salted password authentication has failed.
- *
- * Prevents authentication bypass. See vulnerability report:
- * { @link http://bugs.typo3.org/view.php?id=13372 }
- *
- * @var boolean
- */
- protected $authenticationFailed = FALSE;
-
- /**
- * Checks if service is available. In case of this service we check that
- * following prerequesties are fulfilled:
- * - loginSecurityLevel of according TYPO3_MODE is set to normal
- *
- * @return boolean TRUE if service is available
- */
- public function init() {
- $available = FALSE;
- $mode = TYPO3_MODE;
- if ($this->info['requestedServiceSubType'] === 'authUserBE') {
- $mode = 'BE';
- } elseif ($this->info['requestedServiceSubType'] === 'authUserFE') {
- $mode = 'FE';
- }
- if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled($mode)) {
- $available = TRUE;
- $this->extConf = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::returnExtConf();
- }
- return $available ? parent::init() : FALSE;
- }
-
- /**
- * Checks the login data with the user record data for builtin login method.
- *
- * @param array $user User data array
- * @param array $loginData Login data array
- * @param string $security_level Login security level (optional)
- * @return boolean TRUE if login data matched
- * @todo Define visibility
- */
- public function compareUident(array $user, array $loginData, $security_level = 'normal') {
- $validPasswd = FALSE;
- // Could be merged; still here to clarify
- if (!strcmp(TYPO3_MODE, 'BE')) {
- $password = $loginData['uident_text'];
- } elseif (!strcmp(TYPO3_MODE, 'FE')) {
- $password = $loginData['uident_text'];
- }
- // Determine method used for given salted hashed password
- $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($user['password']);
- // Existing record is in format of Salted Hash password
- if (is_object($this->objInstanceSaltedPW)) {
- $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, $user['password']);
- // Record is in format of Salted Hash password but authentication failed
- // skip further authentication methods
- if (!$validPasswd) {
- $this->authenticationFailed = TRUE;
- }
- $defaultHashingClassName = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod();
- $skip = FALSE;
- // Test for wrong salted hashing method
- if ($validPasswd && !(get_class($this->objInstanceSaltedPW) == $defaultHashingClassName) || is_subclass_of($this->objInstanceSaltedPW, $defaultHashingClassName)) {
- // Instanciate default method class
- $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL);
- $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
- }
- if (($validPasswd && !$skip) && $this->objInstanceSaltedPW->isHashUpdateNeeded($user['password'])) {
- $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
- }
- } elseif (!intval($this->extConf['forceSalted'])) {
- // Stored password is in deprecated salted hashing method
- if (\TYPO3\CMS\Core\Utility\GeneralUtility::inList('C$,M$', substr($user['password'], 0, 2))) {
- // Instanciate default method class
- $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(substr($user['password'], 1));
- // md5
- if (!strcmp(substr($user['password'], 0, 1), 'M')) {
- $validPasswd = $this->objInstanceSaltedPW->checkPassword(md5($password), substr($user['password'], 1));
- } else {
- $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, substr($user['password'], 1));
- }
- // Skip further authentication methods
- if (!$validPasswd) {
- $this->authenticationFailed = TRUE;
- }
- } elseif (preg_match('/[0-9abcdef]{32,32}/', $user['password'])) {
- $validPasswd = !strcmp(md5($password), $user['password']) ? TRUE : FALSE;
- // Skip further authentication methods
- if (!$validPasswd) {
- $this->authenticationFailed = TRUE;
- }
- } else {
- $validPasswd = !strcmp($password, $user['password']) ? TRUE : FALSE;
- }
- // Should we store the new format value in DB?
- if ($validPasswd && intval($this->extConf['updatePasswd'])) {
- // Instanciate default method class
- $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL);
- $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
- }
- }
- return $validPasswd;
- }
-
- /**
- * Method adds a further authUser method.
- *
- * Will return one of following authentication status codes:
- * - 0 - authentication failure
- * - 100 - just go on. User is not authenticated but there is still no reason to stop
- * - 200 - the service was able to authenticate the user
- *
- * @param array Array containing FE user data of the logged user.
- * @return integer Authentication statuscode, one of 0,100 and 200
- */
- public function authUser(array $user) {
- $OK = 100;
- $validPasswd = FALSE;
- if ($this->login['uident'] && $this->login['uname']) {
- if (!empty($this->login['uident_text'])) {
- $validPasswd = $this->compareUident($user, $this->login);
- }
- if (!$validPasswd) {
- // Failed login attempt (wrong password)
- $errorMessage = 'Login-attempt from %s (%s), username \'%s\', password not accepted!';
- // No delegation to further services
- if (intval($this->extConf['onlyAuthService']) || $this->authenticationFailed) {
- $this->writeLogMessage(TYPO3_MODE . ' Authentication failed - wrong password for username \'%s\'', $this->login['uname']);
- } else {
- $this->writeLogMessage($errorMessage, $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']);
- }
- $this->writelog(255, 3, 3, 1, $errorMessage, array(
- $this->authInfo['REMOTE_ADDR'],
- $this->authInfo['REMOTE_HOST'],
- $this->login['uname']
- ));
- \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf($errorMessage, $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_INFO);
- if (intval($this->extConf['onlyAuthService']) || $this->authenticationFailed) {
- $OK = 0;
- }
- } elseif (($validPasswd && $user['lockToDomain']) && strcasecmp($user['lockToDomain'], $this->authInfo['HTTP_HOST'])) {
- // Lock domain didn't match, so error:
- $errorMessage = 'Login-attempt from %s (%s), username \'%s\', locked domain \'%s\' did not match \'%s\'!';
- $this->writeLogMessage($errorMessage, $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'], $user['lockToDomain'], $this->authInfo['HTTP_HOST']);
- $this->writelog(255, 3, 3, 1, $errorMessage, array(
- $this->authInfo['REMOTE_ADDR'],
- $this->authInfo['REMOTE_HOST'],
- $user[$this->db_user['username_column']],
- $user['lockToDomain'],
- $this->authInfo['HTTP_HOST']
- ));
- \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf($errorMessage, $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_INFO);
- $OK = 0;
- } elseif ($validPasswd) {
- $this->writeLogMessage(TYPO3_MODE . ' Authentication successful for username \'%s\'', $this->login['uname']);
- $OK = 200;
- }
- }
- return $OK;
- }
-
- /**
- * Method updates a FE/BE user record - in this case a new password string will be set.
- *
- * @param integer $uid uid of user record that will be updated
- * @param mixed $updateFields Field values as key=>value pairs to be updated in database
- * @return void
- */
- protected function updatePassword($uid, $updateFields) {
- $GLOBALS['TYPO3_DB']->exec_UPDATEquery($this->pObj->user_table, sprintf('uid = %u', $uid), $updateFields);
- \TYPO3\CMS\Core\Utility\GeneralUtility::devLog(sprintf('Automatic password update for user record in %s with uid %u', $this->pObj->user_table, $uid), $this->extKey, 1);
- }
-
- /**
- * Writes log message. Destination log depends on the current system mode.
- * For FE the function writes to the admin panel log. For BE messages are
- * sent to the system log. If developer log is enabled, messages are also
- * sent there.
- *
- * This function accepts variable number of arguments and can format
- * parameters. The syntax is the same as for sprintf()
- *
- * @param string $message Message to output
- * @return void
- * @see sprintf()
- * @see t3lib::divLog()
- * @see t3lib_div::sysLog()
- * @see t3lib_timeTrack::setTSlogMessage()
- * @todo Define visibility
- */
- public function writeLogMessage($message) {
- if (func_num_args() > 1) {
- $params = func_get_args();
- array_shift($params);
- $message = vsprintf($message, $params);
- }
- if (TYPO3_MODE === 'BE') {
- \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog($message, $this->extKey, \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_NOTICE);
- } else {
- $GLOBALS['TT']->setTSlogMessage($message);
- }
- if (TYPO3_DLOG) {
- \TYPO3\CMS\Core\Utility\GeneralUtility::devLog($message, $this->extKey, \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_NOTICE);
- }
- }
-
-}
-
-
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Task;
-
-/***************************************************************
- * Copyright notice
- *
- * (c) 2012 Philipp Gampe (typo3@philippgampe.info)
- * All rights reserved
- *
- * This script is part of the TYPO3 project. The TYPO3 project is
- * free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * The GNU General Public License can be found at
- * http://www.gnu.org/copyleft/gpl.html.
- * A copy is found in the textfile GPL.txt and important notices to the license
- * from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- * This script is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Additional field for salted passwords bulk update task
- *
- * @autor Philipp Gampe <typo3@philippgampe.info>
- * @package TYPO3
- * @subpackage saltedpasswords
- */
-class BulkUpdateFieldProvider implements \TYPO3\CMS\Scheduler\AdditionalFieldProviderInterface {
-
- /**
- * Default value whether the task deactivates itself after last run.
- *
- * @var boolean Whether the task is allowed to deactivate itself after processing all existing user records.
- */
- protected $defaultCanDeactivateSelf = TRUE;
-
- /**
- * Default value for the number of records to handle at each run.
- *
- * @var integer Number of records
- */
- protected $defaultNumberOfRecords = 250;
-
- /**
- * Add a field for the number of records and if the task should deactivate itself after
- * processing all records
- *
- * @param array $taskInfo Reference to the array containing the info used in the add/edit form
- * @param \TYPO3\CMS\Saltedpasswords\Task\BulkUpdateTask $task When editing, reference to the current task object. Null when adding.
- * @param \TYPO3\CMS\Scheduler\Controller\SchedulerModuleController $parentObject Reference to the calling object (Scheduler's BE module)
- * @return array Array containing all the information pertaining to the additional fields
- */
- public function getAdditionalFields(array &$taskInfo, $task, \TYPO3\CMS\Scheduler\Controller\SchedulerModuleController $parentObject) {
- // Initialize selected fields
- if (!isset($taskInfo['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf'])) {
- $taskInfo['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf'] = $this->defaultCanDeactivateSelf;
- if ($parentObject->CMD === 'edit') {
- $taskInfo['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf'] = $task->getCanDeactivateSelf();
- }
- }
- if (!isset($taskInfo['scheduler_saltedpasswordsBulkUpdateNumberOfRecords'])) {
- $taskInfo['scheduler_saltedpasswordsBulkUpdateNumberOfRecords'] = $this->defaultNumberOfRecords;
- if ($parentObject->CMD === 'edit') {
- $taskInfo['scheduler_saltedpasswordsBulkUpdateNumberOfRecords'] = $task->getNumberOfRecords();
- }
- }
- // Configuration for canDeactivateSelf
- $fieldName = 'TYPO3\\CMS\\Scheduler\\Scheduler[scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf]';
- $fieldId = 'task_saltedpasswordsBulkUpdateCanDeactivateSelf';
- $fieldValue = 'IsChecked';
- $fieldChecked = (bool) $taskInfo['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf'];
- $fieldHtml = (((((((((('<input type="checkbox"' . ' name="') . $fieldName) . '"') . ' id="') . $fieldId) . '"') . ' value="') . $fieldValue) . '"') . ($fieldChecked ? ' checked="checked"' : '')) . ' />';
- $additionalFields[$fieldId] = array(
- 'code' => $fieldHtml,
- 'label' => 'LLL:EXT:saltedpasswords/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.label.canDeactivateSelf',
- 'cshKey' => '_txsaltedpasswords',
- 'cshLabel' => $fieldId
- );
- // Configuration for numberOfRecords
- $fieldName = 'TYPO3\\CMS\\Scheduler\\Scheduler[scheduler_saltedpasswordsBulkUpdateNumberOfRecords]';
- $fieldId = 'task_saltedpasswordsBulkUpdateNumberOfRecords';
- $fieldValue = intval($taskInfo['scheduler_saltedpasswordsBulkUpdateNumberOfRecords']);
- $fieldHtml = ((((('<input type="text" name="' . $fieldName) . '" id="') . $fieldId) . '" value="') . htmlspecialchars($fieldValue)) . '" />';
- $additionalFields[$fieldId] = array(
- 'code' => $fieldHtml,
- 'label' => 'LLL:EXT:saltedpasswords/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.label.numberOfRecords',
- 'cshKey' => '_txsaltedpasswords',
- 'cshLabel' => $fieldId
- );
- return $additionalFields;
- }
-
- /**
- * Checks if the given values are boolean and integer
- *
- * @param array $submittedData Reference to the array containing the data submitted by the user
- * @param \TYPO3\CMS\Scheduler\Controller\SchedulerModuleController $parentObject Reference to the calling object (Scheduler's BE module)
- * @return boolean TRUE if validation was ok (or selected class is not relevant), FALSE otherwise
- */
- public function validateAdditionalFields(array &$submittedData, \TYPO3\CMS\Scheduler\Controller\SchedulerModuleController $parentObject) {
- $result = TRUE;
- // Check if number of records is indeed a number and greater or equals to 0
- // If not, fail validation and issue error message
- if (!is_numeric($submittedData['scheduler_saltedpasswordsBulkUpdateNumberOfRecords']) || intval($submittedData['scheduler_saltedpasswordsBulkUpdateNumberOfRecords']) < 0) {
- $result = FALSE;
- $parentObject->addMessage($GLOBALS['LANG']->sL('LLL:EXT:saltedpasswords/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.invalidNumberOfRecords'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);
- }
- return $result;
- }
-
- /**
- * Saves given values in task object
- *
- * @param array $submittedData Contains data submitted by the user
- * @param tx_scheduler_Task|tx_saltedpasswords_Tasks_BulkUpdate $task Reference to the current task object
- * @return void
- */
- public function saveAdditionalFields(array $submittedData, \TYPO3\CMS\Scheduler\Task $task) {
- if (isset($submittedData['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf']) && $submittedData['scheduler_saltedpasswordsBulkUpdateCanDeactivateSelf'] === 'IsChecked') {
- $task->setCanDeactivateSelf(TRUE);
- } else {
- $task->setCanDeactivateSelf(FALSE);
- }
- $task->setNumberOfRecords(intval($submittedData['scheduler_saltedpasswordsBulkUpdateNumberOfRecords']));
- }
-
-}
-
-
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Task;
-
-/***************************************************************
- * Copyright notice
- *
- * (c) 2010-2011 Christian Kuhn <lolli@schwarzbu.ch>
- * Marcus Krause <marcus#exp2010@t3sec.info>
- *
- * All rights reserved
- *
- * This script is part of the TYPO3 project. The TYPO3 project is
- * free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * The GNU General Public License can be found at
- * http://www.gnu.org/copyleft/gpl.html.
- *
- * This script is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Update plaintext and hashed passwords of existing users to salted passwords.
- *
- * @author Christian Kuhn <lolli@schwarzbu.ch>
- * @author Marcus Krause <marcus#exp2010@t3sec.info>
- * @package TYPO3
- * @subpackage saltedpasswords
- */
-class BulkUpdateTask extends \TYPO3\CMS\Scheduler\Task {
-
- /**
- * @var boolean Whether or not the task is allowed to deactivate itself after processing all existing user records.
- */
- protected $canDeactivateSelf = TRUE;
-
- /**
- * Converting a password to a salted hash takes some milliseconds (~100ms on an entry system in 2010).
- * If all users are updated in one run, the task might run a long time if a lot of users must be handled.
- * Therefore only a small number of frontend and backend users are processed.
- * If saltedpasswords is enabled for both frontend and backend 2 * numberOfRecords will be handled.
- *
- * @var integer Number of records
- */
- protected $numberOfRecords = 250;
-
- /**
- * @var integer Pointer to last handled frontend and backend user row
- */
- protected $userRecordPointer = array();
-
- /**
- * Constructor initializes user record pointer
- */
- public function __construct() {
- parent::__construct();
- $this->userRecordPointer = array(
- 'FE' => 0,
- 'BE' => 0
- );
- }
-
- /**
- * Execute task
- *
- * @return boolean
- */
- public function execute() {
- $processedAllRecords = TRUE;
- // For frontend and backend
- foreach ($this->userRecordPointer as $mode => $pointer) {
- // If saltedpasswords is active for frontend / backend
- if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled($mode)) {
- $usersToUpdate = $this->findUsersToUpdate($mode);
- $numberOfRows = count($usersToUpdate);
- if ($numberOfRows > 0) {
- $processedAllRecords = FALSE;
- $this->incrementUserRecordPointer($mode, $numberOfRows);
- $this->convertPasswords($mode, $usersToUpdate);
- }
- }
- }
- if ($processedAllRecords) {
- // Reset the user record pointer
- $this->userRecordPointer = array(
- 'FE' => 0,
- 'BE' => 0
- );
- // Determine if task should disable itself
- if ($this->canDeactivateSelf) {
- $this->deactivateSelf();
- }
- }
- // Use save() of parent class tx_scheduler_Task to persist changed task variables
- $this->save();
- return TRUE;
- }
-
- /**
- * Get additional information
- *
- * @return string Additional information
- */
- public function getAdditionalInformation() {
- $information = ((($GLOBALS['LANG']->sL('LLL:EXT:saltedpasswords/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.label.additionalinformation.deactivateself') . $this->getCanDeactivateSelf()) . '; ') . $GLOBALS['LANG']->sL('LLL:EXT:saltedpasswords/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.label.additionalinformation.numberofrecords')) . $this->getNumberOfRecords();
- return $information;
- }
-
- /**
- * Finds next set of frontend or backend users to update.
- *
- * @param string $mode 'FE' for frontend, 'BE' for backend user records
- * @return array Rows with uid and password
- */
- protected function findUsersToUpdate($mode) {
- $usersToUpdate = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('uid, password', strtolower($mode) . '_users', '1 = 1', '', 'uid ASC', ($this->userRecordPointer[$mode] . ', ') . $this->numberOfRecords);
- return $usersToUpdate;
- }
-
- /**
- * Iterates over given user records and update password if needed.
- *
- * @param string $mode 'FE' for frontend, 'BE' for backend user records
- * @param array $users With user uids and passwords
- * @return void
- */
- protected function convertPasswords($mode, array $users) {
- $updateUsers = array();
- foreach ($users as $user) {
- // If a password is already a salted hash it must not be updated
- if ($this->isSaltedHash($user['password'])) {
- continue;
- }
- $updateUsers[] = $user;
- }
- if (count($updateUsers) > 0) {
- $this->updatePasswords($mode, $updateUsers);
- }
- }
-
- /**
- * Updates password and persist salted hash.
- *
- * @param string $mode 'FE' for frontend, 'BE' for backend user records
- * @param array $users With user uids and passwords
- * @return void
- */
- protected function updatePasswords($mode, array $users) {
- /** @var $saltedpasswordsInstance \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface */
- $saltedpasswordsInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, $mode);
- foreach ($users as $user) {
- $newPassword = $saltedpasswordsInstance->getHashedPassword($user['password']);
- // If a given password is a md5 hash (usually default be_users without saltedpasswords activated),
- // result of getHashedPassword() is a salted hashed md5 hash.
- // We prefix those with 'M', saltedpasswords will then update this password
- // to a usual salted hash upon first login of the user.
- if ($this->isMd5Password($user['password'])) {
- $newPassword = 'M' . $newPassword;
- }
- // Persist updated password
- $GLOBALS['TYPO3_DB']->exec_UPDATEquery(strtolower($mode) . '_users', 'uid = ' . $user['uid'], array(
- 'password' => $newPassword
- ));
- }
- }
-
- /**
- * Passwords prefixed with M or C might be salted passwords:
- * M means: originally a md5 hash before it was salted (eg. default be_users).
- * C means: originally a cleartext password with lower hash looping count generated by t3sec_saltedpw.
- * Both M and C will be updated to usual salted hashes on first login of user.
- *
- * If a password does not start with M or C determine if a password is already a usual salted hash.
- *
- * @param string $password Password
- * @return boolean TRUE if password is a salted hash
- */
- protected function isSaltedHash($password) {
- $isSaltedHash = FALSE;
- if (strlen($password) > 2 && (\TYPO3\CMS\Core\Utility\GeneralUtility::isFirstPartOfStr($password, 'C$') || \TYPO3\CMS\Core\Utility\GeneralUtility::isFirstPartOfStr($password, 'M$'))) {
- // Cut off M or C and test if we have a salted hash
- $isSaltedHash = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::determineSaltingHashingMethod(substr($password, 1));
- }
- // Test if given password is a already a usual salted hash
- if (!$isSaltedHash) {
- $isSaltedHash = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::determineSaltingHashingMethod($password);
- }
- return $isSaltedHash;
- }
-
- /**
- * Checks if a given password is a md5 hash, the default for be_user records before saltedpasswords.
- *
- * @param string $password The password to test
- * @return boolean TRUE if password is md5
- */
- protected function isMd5Password($password) {
- return (bool) preg_match('/[0-9abcdef]{32,32}/i', $password);
- }
-
- /**
- * Increments current user record counter by number of handled rows.
- *
- * @param string $mode 'FE' for frontend, 'BE' for backend user records
- * @param integer $number Number of handled rows
- * @return void
- */
- protected function incrementUserRecordPointer($mode, $number) {
- $this->userRecordPointer[$mode] += $number;
- }
-
- /**
- * Deactivates this task instance.
- * Uses setDisabled() method of parent class tx_scheduler_Task.
- *
- * @return void
- */
- protected function deactivateSelf() {
- $this->setDisabled(TRUE);
- }
-
- /**
- * Set if it can deactivate self
- *
- * @param boolean $canDeactivateSelf
- * @return void
- */
- public function setCanDeactivateSelf($canDeactivateSelf) {
- $this->canDeactivateSelf = $canDeactivateSelf;
- }
-
- /**
- * Get if it can deactivate self
- *
- * @return boolean TRUE if task shall deactivate itself, FALSE otherwise
- */
- public function getCanDeactivateSelf() {
- return $this->canDeactivateSelf;
- }
-
- /**
- * Set number of records
- *
- * @param integer $numberOfRecords
- * @return void
- */
- public function setNumberOfRecords($numberOfRecords) {
- $this->numberOfRecords = $numberOfRecords;
- }
-
- /**
- * Get number of records
- *
- * @return integer The number of records
- */
- public function getNumberOfRecords() {
- return $this->numberOfRecords;
- }
-
-}
-
-
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Utility;
-
-/**
- * class providing configuration checks for saltedpasswords.
- *
- * @author Steffen Ritter <info@rs-websystems.de>
- * @since 2009-09-04
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class ExtensionManagerConfigurationUtility {
-
- /**
- * @var integer
- */
- protected $errorType = \TYPO3\CMS\Core\Messaging\FlashMessage::OK;
-
- /**
- * @var string
- */
- protected $header;
-
- /**
- * @var string
- */
- protected $preText;
-
- /**
- * @var array
- */
- protected $problems = array();
-
- /**
- * Set the error level if no higher level
- * is set already
- *
- * @param string $level One out of error, ok, warning, info
- * @return void
- */
- private function setErrorLevel($level) {
- switch ($level) {
- case 'error':
- $this->errorType = \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR;
- $this->header = 'Errors found in your configuration';
- $this->preText = 'SaltedPasswords will not work until these problems have been resolved:<br />';
- break;
- case 'warning':
- if ($this->errorType < \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR) {
- $this->errorType = \TYPO3\CMS\Core\Messaging\FlashMessage::WARNING;
- $this->header = 'Warnings about your configuration';
- $this->preText = 'SaltedPasswords might behave different than expected:<br />';
- }
- break;
- case 'info':
- if ($this->errorType < \TYPO3\CMS\Core\Messaging\FlashMessage::WARNING) {
- $this->errorType = \TYPO3\CMS\Core\Messaging\FlashMessage::INFO;
- $this->header = 'Additional information';
- $this->preText = '<br />';
- }
- break;
- case 'ok':
- // TODO: Remove INFO condition as it has lower importance
- if ($this->errorType < \TYPO3\CMS\Core\Messaging\FlashMessage::WARNING && $this->errorType != \TYPO3\CMS\Core\Messaging\FlashMessage::INFO) {
- $this->errorType = \TYPO3\CMS\Core\Messaging\FlashMessage::OK;
- $this->header = 'No errors were found';
- $this->preText = 'SaltedPasswords has been configured correctly and works as expected.<br />';
- }
- break;
- }
- }
-
- /**
- * Renders the flash messages if problems have been found.
- *
- * @return string The flash message as HTML.
- */
- private function renderFlashMessage() {
- $message = '';
- // If there are problems, render them into an unordered list
- if (count($this->problems) > 0) {
- $message = '<ul>
- <li>###PROBLEMS###</li>
-</ul>';
- $message = str_replace('###PROBLEMS###', implode('<br /> </li><li>', $this->problems), $message);
- if ($this->errorType > \TYPO3\CMS\Core\Messaging\FlashMessage::OK) {
- $message .= '<br />
-Note, that a wrong configuration might have impact on the security of
-your TYPO3 installation and the usability of the backend.';
- }
- }
- if (empty($message)) {
- $this->setErrorLevel('ok');
- }
- $message = $this->preText . $message;
- $flashMessage = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $message, $this->header, $this->errorType);
- return $flashMessage->render();
- }
-
- /**
- * Initializes this object.
- *
- * @return void
- */
- private function init() {
- $requestSetup = $this->processPostData((array) $_REQUEST['data']);
- $extConf = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords']);
- $this->extConf['BE'] = array_merge((array) $extConf['BE.'], (array) $requestSetup['BE.']);
- $this->extConf['FE'] = array_merge((array) $extConf['FE.'], (array) $requestSetup['FE.']);
- $GLOBALS['LANG']->includeLLFile('EXT:saltedpasswords/locallang.xml');
- }
-
- /**
- * Checks the backend configuration and shows a message if necessary.
- *
- * @param array $params Field information to be rendered
- * @param \TYPO3\CMS\Core\TypoScript\ConfigurationForm $pObj The calling parent object.
- * @return string Messages as HTML if something needs to be reported
- */
- public function checkConfigurationBackend(array $params, $pObj) {
- $this->init();
- $extConf = $this->extConf['BE'];
- // The backend is called over SSL
- $SSL = ($GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] > 0 ? TRUE : FALSE) && $GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'] != 'superchallenged';
- $rsaAuthLoaded = \TYPO3\CMS\Core\Extension\ExtensionManager::isLoaded('rsaauth');
- if ($extConf['enabled']) {
- // SSL configured?
- if ($SSL) {
- $this->setErrorLevel('ok');
- $problems[] = 'The backend is configured to use SaltedPasswords over SSL.';
- } elseif ($rsaAuthLoaded) {
- if (trim($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel']) === 'rsa') {
- if ($this->isRsaAuthBackendAvailable()) {
- $this->setErrorLevel('ok');
- $problems[] = 'The backend is configured to use SaltedPasswords with RSA authentication.';
- } else {
- // This means that login would fail because rsaauth is not working properly
- $this->setErrorLevel('error');
- $problems[] = ('<strong>Using the extension "rsaauth" is not possible, as no encryption backend ' . 'is available. Please install and configure the PHP extension "openssl". ') . 'See <a href="http://php.net/manual/en/openssl.installation.php" target="_blank">PHP.net</a></strong>.';
- }
- } else {
- // This means that we are not using saltedpasswords
- $this->setErrorLevel('error');
- $problems[] = 'The "rsaauth" extension is installed, but TYPO3 is not configured to use it during login.
- Use the Install Tool to set the Login Security Level for the backend to "rsa"
- ($TYPO3_CONF_VARS[\'BE\'][\'loginSecurityLevel\'])';
- }
- } else {
- // This means that we are not using saltedpasswords
- $this->setErrorLevel('error');
- $problems[] = 'Backend requirements for SaltedPasswords are not met, therefore the
-authentication will not work even if it was explicitly enabled for backend
-usage:<br />
-<ul>
- <li>Install the "rsaauth" extension and use the Install Tool to set the
- Login Security Level for the backend to "rsa"
- ($TYPO3_CONF_VARS[\'BE\'][\'loginSecurityLevel\'])</li>
-
- <li>If you have the option to use SSL, you can also configure your
- backend for SSL usage:<br />
- Use the Install Tool to set the Security-Level for the backend
- to "normal" ($TYPO3_CONF_VARS[\'BE\'][\'loginSecurityLevel\']) and
- the SSL-locking option to a value greater than "0"
- (see description - $TYPO3_CONF_VARS[\'BE\'][\'lockSSL\'])</li>
-</ul>
-<br />
-It is also possible to use "lockSSL" and "rsa" Login Security Level at the same
-time.';
- }
- // Only saltedpasswords as authsservice
- if ($extConf['onlyAuthService']) {
- // Warn user that the combination with "forceSalted" may lock him out from Backend
- if ($extConf['forceSalted']) {
- $this->setErrorLevel('warning');
- $problems[] = 'SaltedPasswords has been configured to be the only authentication service for
-the backend. Additionally, usage of salted passwords is enforced (forceSalted).
-The result is that there is no chance to login with users not having a salted
-password hash.<br />
-<strong><i>WARNING:</i></strong> This may lock you out of the backend!';
- } else {
- // Inform the user that things like openid won't work anymore
- $this->setErrorLevel('info');
- $problems[] = 'SaltedPasswords has been configured to be the only authentication service for
-the backend. This means that other services like "ipauth", "openid", etc. will
-be ignored (except "rsauth", which is implicitely used).';
- }
- }
- // forceSalted is set
- if ($extConf['forceSalted'] && !$extConf['onlyAuthService']) {
- $this->setErrorLevel('info');
- $problems[] = 'SaltedPasswords has been configured to enforce salted passwords (forceSalted).
-<br />
-This means that only passwords in the format of this extension will succeed for
-login.<br />
-<strong><i>IMPORTANT:</i></strong> This has the effect that passwords that are set from
-the Install Tool will not work!';
- }
- // updatePasswd wont work with "forceSalted"
- if ($extConf['updatePasswd'] && $extConf['forceSalted']) {
- $this->setErrorLevel('error');
- $problems[] = 'SaltedPasswords is configured wrong and will not work as expected:<br />
-It is not possible to set "updatePasswd" and "forceSalted" at the same time.
-Please disable either one of them.';
- }
- // Check if the configured hash-method is available on system
- if (!($instance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, 'BE') || !$instance->isAvailable())) {
- $this->setErrorLevel('error');
- $problems[] = 'The selected method for hashing your salted passwords is not available on this
-system! Please check your configuration.';
- }
- } else {
- // Not enabled warning
- $this->setErrorLevel('error');
- $problems[] = 'SaltedPasswords has been disabled for backend users.';
- }
- $this->problems = $problems;
- return $this->renderFlashMessage();
- }
-
- /**
- * Checks if rsaauth is able to obtain a backend
- *
- * @return boolean
- */
- protected function isRsaAuthBackendAvailable() {
- /**
- * Try to instantiate an RSAauth backend. If this does not work, it means that OpenSSL is not usable
- *
- * @var $rsaauthBackendFactory \TYPO3\CMS\Rsaauth\Backend\BackendFactory
- */
- $rsaauthBackendFactory = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Rsaauth\\Backend\\BackendFactory');
- $backend = $rsaauthBackendFactory->getBackend();
- return $backend !== NULL;
- }
-
- /**
- * Checks the frontend configuration and shows a message if necessary.
- *
- * @param array $params Field information to be rendered
- * @param \TYPO3\CMS\Core\TypoScript\ConfigurationForm $pObj The calling parent object.
- * @return string Messages as HTML if something needs to be reported
- */
- public function checkConfigurationFrontend(array $params, $pObj) {
- $this->init();
- $extConf = $this->extConf['FE'];
- if ($extConf['enabled']) {
- // Inform the user if securityLevel in FE is challenged or blank --> extension won't work
- if (!\TYPO3\CMS\Core\Utility\GeneralUtility::inList('normal,rsa', $GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel'])) {
- $this->setErrorLevel('info');
- $problems[] = '<strong>IMPORTANT:</strong><br />
-Frontend requirements for SaltedPasswords are not met, therefore the
-authentication will not work even if it was explicitly enabled for frontend
-usage:<br />
-<ul>
- <li>Install the "rsaauth" extension and use the Install Tool to set the
- Login Security Level for the frontend to "rsa"
- ($TYPO3_CONF_VARS[\'FE\'][\'loginSecurityLevel\'])</li>
-
- <li>Alternatively, use the Install Tool to set the Login Security Level
- for the frontend to "normal"
- ($TYPO3_CONF_VARS[\'FE\'][\'loginSecurityLevel\'])</li>
-</ul>
-<br />
-Make sure that the Login Security Level is not set to "" or "challenged"!';
- } elseif (trim($GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel']) === 'rsa') {
- if ($this->isRsaAuthBackendAvailable()) {
- $this->setErrorLevel('ok');
- $problems[] = 'The frontend is configured to use SaltedPasswords with RSA authentication.';
- } else {
- // This means that login would fail because rsaauth is not working properly
- $this->setErrorLevel('error');
- $problems[] = ('<strong>Using the extension "rsaauth" is not possible, as no encryption backend ' . 'is available. Please install and configure the PHP extension "openssl". ') . 'See <a href="http://php.net/manual/en/openssl.installation.php" target="_blank">PHP.net</a></strong>.';
- }
- }
- // Only saltedpasswords as authsservice
- if ($extConf['onlyAuthService']) {
- // Warn user taht the combination with "forceSalted" may lock him out from frontend
- if ($extConf['forceSalted']) {
- $this->setErrorLevel('warning');
- $problems[] = 'SaltedPasswords has been configured to enforce salted passwords (forceSalted).
-<br />
-This means that only passwords in the format of this extension will succeed for
-login.<br />
-<strong><i>IMPORTANT:</i></strong> Because of this, it is not possible to login with
-users not having a salted password hash (e.g. existing frontend users).';
- } else {
- // Inform the user that things like openid won't work anymore
- $this->setErrorLevel('info');
- $problems[] = 'SaltedPasswords has been configured to be the only authentication service for
-frontend logins. This means that other services like "ipauth", "openid", etc.
-will be ignored.';
- }
- }
- // forceSalted is set
- if ($extConf['forceSalted'] && !$extConf['onlyAuthService']) {
- $this->setErrorLevel('warning');
- $problems[] = 'SaltedPasswords has been configured to enforce salted passwords (forceSalted).
-<br />
-This means that only passwords in the format of this extension will succeed for
-login.<br />
-<strong><i>IMPORTANT:</i></strong> This has the effect that passwords that were set
-before SaltedPasswords was used will not work (in fact, they need to be
-redefined).';
- }
- // updatePasswd wont work with "forceSalted"
- if ($extConf['updatePasswd'] && $extConf['forceSalted']) {
- $this->setErrorLevel('error');
- $problems[] = 'SaltedPasswords is configured wrong and will not work as expected:<br />
-It is not possible to set "updatePasswd" and "forceSalted" at the same time.
-Please disable either one of them.';
- }
- } else {
- // Not enabled warning
- $this->setErrorLevel('info');
- $problems[] = 'SaltedPasswords has been disabled for frontend users.';
- }
- $this->problems = $problems;
- return $this->renderFlashMessage();
- }
-
- /**
- * Renders a selector element that allows to select the hash method to be used.
- *
- * @param array $params Field information to be rendered
- * @param \TYPO3\CMS\Core\TypoScript\ConfigurationForm $pObj The calling parent object.
- * @param string $disposal The configuration disposal ('FE' or 'BE')
- * @return string The HTML selector
- */
- protected function buildHashMethodSelector(array $params, $pObj, $disposal) {
- $this->init();
- $propertyName = $params['propertyName'];
- $unknownVariablePleaseRenameMe = ('\'' . substr(md5($propertyName), 0, 10)) . '\'';
- $p_field = '';
- foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'] as $class => $reference) {
- $classInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($reference, 'tx_');
- if ($classInstance instanceof \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface && $classInstance->isAvailable()) {
- $sel = $this->extConf[$disposal]['saltedPWHashingMethod'] == $class ? ' selected="selected" ' : '';
- $label = 'ext.saltedpasswords.title.' . $class;
- $p_field .= ((((('<option value="' . htmlspecialchars($class)) . '"') . $sel) . '>') . $GLOBALS['LANG']->getLL($label)) . '</option>';
- }
- }
- $p_field = ((((((('<select id="' . $propertyName) . '" name="') . $params['fieldName']) . '" onChange="uFormUrl(') . $unknownVariablePleaseRenameMe) . ')">') . $p_field) . '</select>';
- return $p_field;
- }
-
- /**
- * Renders a selector element that allows to select the hash method to be used (frontend disposal).
- *
- * @param array $params Field information to be rendered
- * @param \TYPO3\CMS\Core\TypoScript\ConfigurationForm $pObj The calling parent object.
- * @return string The HTML selector
- */
- public function buildHashMethodSelectorFE(array $params, $pObj) {
- return $this->buildHashMethodSelector($params, $pObj, 'FE');
- }
-
- /**
- * Renders a selector element that allows to select the hash method to be used (backend disposal)
- *
- * @param array $params Field information to be rendered
- * @param \TYPO3\CMS\Core\TypoScript\ConfigurationForm $pObj The calling parent object.
- * @return string The HTML selector
- */
- public function buildHashMethodSelectorBE(array $params, $pObj) {
- return $this->buildHashMethodSelector($params, $pObj, 'BE');
- }
-
- /**
- * Processes the information submitted by the user using a POST request and
- * transforms it to a TypoScript node notation.
- *
- * @param array $postArray Incoming POST information
- * @return array Processed and transformed POST information
- */
- private function processPostData(array $postArray = array()) {
- foreach ($postArray as $key => $value) {
- // TODO: Explain
- $parts = explode('.', $key, 2);
- if (count($parts) == 2) {
- // TODO: Explain
- $value = $this->processPostData(array($parts[1] => $value));
- $postArray[$parts[0] . '.'] = array_merge((array) $postArray[($parts[0] . '.')], $value);
- } else {
- // TODO: Explain
- $postArray[$parts[0]] = $value;
- }
- }
- return $postArray;
- }
-
-}
-
-
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-namespace TYPO3\CMS\Saltedpasswords\Utility;
-
-/***************************************************************
- * Copyright notice
- *
- * (c) Marcus Krause (marcus#exp2009@t3sec.info)
- * (c) Steffen Ritter (info@rs-websystems.de)
- * All rights reserved
- *
- * This script is part of the TYPO3 project. The TYPO3 project is
- * free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * The GNU General Public License can be found at
- * http://www.gnu.org/copyleft/gpl.html.
- * A copy is found in the textfile GPL.txt and important notices to the license
- * from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- * This script is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-/**
- * Contains class "tx_saltedpasswords_div"
- * that provides various helper functions.
- */
-/**
- * General library class.
- *
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @author Steffen Ritter <info@rs-websystems.de>
- * @since 2009-06-14
- * @package TYPO3
- * @subpackage tx_saltedpasswords
- */
-class SaltedPasswordsUtility {
-
- /**
- * Keeps this extension's key.
- */
- const EXTKEY = 'saltedpasswords';
- /**
- * Calculates number of backend users, who have no saltedpasswords
- * protection.
- *
- * @return integer
- */
- static public function getNumberOfBackendUsersWithInsecurePassword() {
- $userCount = $GLOBALS['TYPO3_DB']->exec_SELECTcountRows('*', 'be_users', (('password NOT LIKE ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('$%', 'be_users')) . ' AND password NOT LIKE ') . $GLOBALS['TYPO3_DB']->fullQuoteStr('M$%', 'be_users'));
- return $userCount;
- }
-
- /**
- * Returns extension configuration data from $TYPO3_CONF_VARS (configurable in Extension Manager)
- *
- * @author Rainer Kuhn <kuhn@punkt.de>
- * @author Marcus Krause <marcus#exp2009@t3sec.info>
- * @param string $mode TYPO3_MODE, wether Configuration for Frontend or Backend should be delivered
- * @return array Extension configuration data
- */
- static public function returnExtConf($mode = TYPO3_MODE) {
- $currentConfiguration = self::returnExtConfDefaults();
- if (isset($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'])) {
- $extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords']);
- // Merge default configuration with modified configuration:
- if (isset($extensionConfiguration[$mode . '.'])) {
- $currentConfiguration = array_merge($currentConfiguration, $extensionConfiguration[$mode . '.']);
- }
- }
- return $currentConfiguration;
- }
-
- /**
- * Hook function for felogin "forgotPassword" functionality
- * encrypts the new password before storing in database
- *
- * @param array $params Parameter the hook delivers
- * @param \TYPO3\CMS\FeLogin\Controller\FrontendLoginController $pObj Parent Object from which the hook is called
- * @return void
- */
- public function feloginForgotPasswordHook(array &$params, \TYPO3\CMS\FeLogin\Controller\FrontendLoginController $pObj) {
- if (self::isUsageEnabled('FE')) {
- $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance();
- $params['newPassword'] = $this->objInstanceSaltedPW->getHashedPassword($params['newPassword']);
- }
- }
-
- /**
- * Returns default configuration of this extension.
- *
- * @return array Default extension configuration data for localconf.php
- */
- static public function returnExtConfDefaults() {
- return array(
- 'onlyAuthService' => '0',
- 'forceSalted' => '0',
- 'updatePasswd' => '1',
- 'saltedPWHashingMethod' => 'TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt',
- 'enabled' => '1'
- );
- }
-
- /**
- * Function determines the default(=configured) type of
- * salted hashing method to be used.
- *
- * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
- * @return string Classname of object to be used
- */
- static public function getDefaultSaltingHashingMethod($mode = TYPO3_MODE) {
- $extConf = self::returnExtConf($mode);
- $classNameToUse = 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt';
- if (in_array($extConf['saltedPWHashingMethod'], array_keys($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods']))) {
- $classNameToUse = $extConf['saltedPWHashingMethod'];
- }
- return $classNameToUse;
- }
-
- /**
- * Returns information if salted password hashes are
- * indeed used in the TYPO3_MODE.
- *
- * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
- * @return boolean TRUE, if salted password hashes are used in the TYPO3_MODE, otherwise FALSE
- */
- static public function isUsageEnabled($mode = TYPO3_MODE) {
- // Login Security Level Recognition
- $extConf = self::returnExtConf($mode);
- $securityLevel = $GLOBALS['TYPO3_CONF_VARS'][$mode]['loginSecurityLevel'];
- if ($mode == 'BE' && $extConf['enabled']) {
- return $securityLevel == 'normal' && $GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] > 0 || $securityLevel == 'rsa';
- } elseif ($mode == 'FE' && $extConf['enabled']) {
- return \TYPO3\CMS\Core\Utility\GeneralUtility::inList('normal,rsa', $securityLevel);
- }
- return FALSE;
- }
-
-}
-
-
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_autoloader and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Autoloader.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Autoloader.php';
-/**
- * @var $SOBE \TYPO3\CMS\Saltedpasswords\Autoloader
- */
-$SOBE = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Saltedpasswords\\Autoloader');
-$SOBE->execute($this);
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_div and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Utility/SaltedPasswordsUtility.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Utility/SaltedPasswordsUtility.php';
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-/***************************************************************
- * Copyright notice
- *
- * (c) Steffen Ritter (info@rs-websystems.de)
- * All rights reserved
- *
- * This script is part of the TYPO3 project. The TYPO3 project is
- * free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * The GNU General Public License can be found at
- * http://www.gnu.org/copyleft/gpl.html.
- * A copy is found in the textfile GPL.txt and important notices to the license
- * from the author is found in LICENSE.txt distributed with these scripts.
- *
- *
- * This script is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
-// Make sure that we are executed only in TYPO3 context
-if (!defined('TYPO3_MODE')) {
- die('Access denied.');
-}
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_emconfhelper and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Utility/ExtensionManagerConfigurationUtility.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Utility/ExtensionManagerConfigurationUtility.php';
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_eval and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Evaluation/Evaluator.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Evaluation/Evaluator.php';
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_eval_be and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Evaluation/BackendEvaluator.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Evaluation/BackendEvaluator.php';
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_eval_fe and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Evaluation/FrontendEvaluator.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Evaluation/FrontendEvaluator.php';
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_abstract_salts and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Salt/AbstractSalt.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/AbstractSalt.php';
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_salts_blowfish and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Salt/BlowfishSalt.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/BlowfishSalt.php';
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_salts_factory and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Salt/SaltFactory.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/SaltFactory.php';
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_salts_md5 and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Salt/Md5Salt.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/Md5Salt.php';
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_salts_phpass and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Salt/PhpassSalt.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/PhpassSalt.php';
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_salts and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Salt/SaltInterface.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Salt/SaltInterface.php';
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_Tasks_BulkUpdate and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Task/BulkUpdateTask.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Task/BulkUpdateTask.php';
-?>
\ No newline at end of file
+++ /dev/null
-<?php
-/*
- * @deprecated since 6.0, the classname tx_saltedpasswords_Tasks_BulkUpdate_AdditionalFieldProvider and this file is obsolete
- * and will be removed by 7.0. The class was renamed and is now located at:
- * typo3/sysext/saltedpasswords/Classes/Task/BulkUpdateFieldProvider.php
- */
-require_once \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords') . 'Classes/Task/BulkUpdateFieldProvider.php';
-?>
\ No newline at end of file
// This file was generated on 2009-09-16 14:24
$extensionPath = \TYPO3\CMS\Core\Extension\ExtensionManager::extPath('saltedpasswords');
return array(
- 'tx_saltedpasswords_div' => $extensionPath . 'classes/class.tx_saltedpasswords_div.php',
- 'tx_saltedpasswords_emconfhelper' => $extensionPath . 'classes/class.tx_saltedpasswords_emconfhelper.php',
- 'tx_saltedpasswords_abstract_salts' => $extensionPath . 'classes/salts/class.tx_saltedpasswords_abstract_salts.php',
- 'tx_saltedpasswords_salts_blowfish' => $extensionPath . 'classes/salts/class.tx_saltedpasswords_salts_blowfish.php',
- 'tx_saltedpasswords_salts_factory' => $extensionPath . 'classes/salts/class.tx_saltedpasswords_salts_factory.php',
- 'tx_saltedpasswords_salts_md5' => $extensionPath . 'classes/salts/class.tx_saltedpasswords_salts_md5.php',
- 'tx_saltedpasswords_salts_phpass' => $extensionPath . 'classes/salts/class.tx_saltedpasswords_salts_phpass.php',
- 'tx_saltedpasswords_salts' => $extensionPath . 'classes/salts/interfaces/interface.tx_saltedpasswords_salts.php',
- 'tx_saltedpasswords_eval' => $extensionPath . 'classes/eval/class.tx_saltedpasswords_eval.php',
- 'tx_saltedpasswords_eval_be' => $extensionPath . 'classes/eval/class.tx_saltedpasswords_eval_be.php',
- 'tx_saltedpasswords_eval_fe' => $extensionPath . 'classes/eval/class.tx_saltedpasswords_eval_fe.php',
- 'tx_saltedpasswords_tasks_bulkupdate' => $extensionPath . 'classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate.php',
- 'tx_saltedpasswords_tasks_bulkupdate_additionalfieldprovider' => $extensionPath . 'classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate_additionalfieldprovider.php',
+ 'tx_saltedpasswords_div' => $extensionPath . 'Classes/class.tx_saltedpasswords_div.php',
+ 'tx_saltedpasswords_emconfhelper' => $extensionPath . 'Classes/class.tx_saltedpasswords_emconfhelper.php',
+ 'tx_saltedpasswords_abstract_salts' => $extensionPath . 'Classes/salts/class.tx_saltedpasswords_abstract_salts.php',
+ 'tx_saltedpasswords_salts_blowfish' => $extensionPath . 'Classes/salts/class.tx_saltedpasswords_salts_blowfish.php',
+ 'tx_saltedpasswords_salts_factory' => $extensionPath . 'Classes/salts/class.tx_saltedpasswords_salts_factory.php',
+ 'tx_saltedpasswords_salts_md5' => $extensionPath . 'Classes/salts/class.tx_saltedpasswords_salts_md5.php',
+ 'tx_saltedpasswords_salts_phpass' => $extensionPath . 'Classes/salts/class.tx_saltedpasswords_salts_phpass.php',
+ 'tx_saltedpasswords_salts' => $extensionPath . 'Classes/salts/interfaces/interface.tx_saltedpasswords_salts.php',
+ 'tx_saltedpasswords_eval' => $extensionPath . 'Classes/eval/class.tx_saltedpasswords_eval.php',
+ 'tx_saltedpasswords_eval_be' => $extensionPath . 'Classes/eval/class.tx_saltedpasswords_eval_be.php',
+ 'tx_saltedpasswords_eval_fe' => $extensionPath . 'Classes/eval/class.tx_saltedpasswords_eval_fe.php',
+ 'tx_saltedpasswords_tasks_bulkupdate' => $extensionPath . 'Classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate.php',
+ 'tx_saltedpasswords_tasks_bulkupdate_additionalfieldprovider' => $extensionPath . 'Classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate_additionalfieldprovider.php',
'tx_saltedpasswords_sv1' => $extensionPath . 'sv1/class.tx_saltedpasswords_sv1.php',
'tx_saltedpasswords_div_testcase' => $extensionPath . 'tests/tx_saltedpasswords_div_testcase.php',
'tx_saltedpasswords_salts_blowfish_testcase' => $extensionPath . 'tests/tx_saltedpasswords_salts_blowfish_testcase.php',
'tx_saltedpasswords_salts_md5_testcase' => $extensionPath . 'tests/tx_saltedpasswords_salts_md5_testcase.php',
'tx_saltedpasswords_salts_phpass_testcase' => $extensionPath . 'tests/tx_saltedpasswords_salts_phpass_testcase.php'
);
-?>
\ No newline at end of file
+?>
die('Access denied.');
}
// Form evaluation function for fe_users
-$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tce']['formevals']['TYPO3\\CMS\\Saltedpasswords\\Evaluation\\Evaluator_fe'] = 'EXT:saltedpasswords/classes/eval/class.tx_saltedpasswords_eval_fe.php';
+$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tce']['formevals']['TYPO3\\CMS\\Saltedpasswords\\Evaluation\\Evaluator_fe'] = 'EXT:saltedpasswords/Classes/eval/class.tx_saltedpasswords_eval_fe.php';
// Form evaluation function for be_users
-$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tce']['formevals']['TYPO3\\CMS\\Saltedpasswords\\Evaluation\\BackendEvaluator'] = 'EXT:saltedpasswords/classes/eval/class.tx_saltedpasswords_eval_be.php';
+$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tce']['formevals']['TYPO3\\CMS\\Saltedpasswords\\Evaluation\\BackendEvaluator'] = 'EXT:saltedpasswords/Classes/eval/class.tx_saltedpasswords_eval_be.php';
// Hook for processing "forgotPassword" in felogin
-$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'][] = 'EXT:saltedpasswords/classes/class.tx_saltedpasswords_div.php:TYPO3\\CMS\\Saltedpasswords\\Utility\\SaltedPasswordsUtility->feloginForgotPasswordHook';
+$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'][] = 'EXT:saltedpasswords/Classes/class.tx_saltedpasswords_div.php:TYPO3\\CMS\\Saltedpasswords\\Utility\\SaltedPasswordsUtility->feloginForgotPasswordHook';
// Registering all available hashes to factory
$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'] = array(
- 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt' => 'EXT:saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_md5.php:TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt',
- 'TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt' => 'EXT:saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_blowfish.php:TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt',
- 'TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt' => 'EXT:saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_phpass.php:TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt'
+ 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt' => 'EXT:saltedpasswords/Classes/salts/class.tx_saltedpasswords_salts_md5.php:TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt',
+ 'TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt' => 'EXT:saltedpasswords/Classes/salts/class.tx_saltedpasswords_salts_blowfish.php:TYPO3\\CMS\\Saltedpasswords\\Salt\\BlowfishSalt',
+ 'TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt' => 'EXT:saltedpasswords/Classes/salts/class.tx_saltedpasswords_salts_phpass.php:TYPO3\\CMS\\Saltedpasswords\\Salt\\PhpassSalt'
);
\TYPO3\CMS\Core\Extension\ExtensionManager::addService('saltedpasswords', 'auth', 'TYPO3\\CMS\\Saltedpasswords\\SaltedPasswordService', array(
'title' => 'FE/BE Authentification salted',
'description' => ('LLL:EXT:' . $_EXTKEY) . '/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.description',
'additionalFields' => 'TYPO3\\CMS\\Saltedpasswords\\Task\\BulkUpdateFieldProvider'
);
-?>
\ No newline at end of file
+?>
--- /dev/null
+<?php
+namespace TYPO3\CMS\T3Editor;
+
+/**
+ * Code completion for t3editor
+ *
+ * @author Stephan Petzl <spetzl@gmx.at>
+ * @author Christian Kartnig <office@hahnepeter.de>
+ */
+class CodeCompletion {
+
+ /**
+ * @var \TYPO3\CMS\Core\Http\AjaxRequestHandler
+ */
+ protected $ajaxObj;
+
+ /**
+ * General processor for AJAX requests.
+ * (called by typo3/ajax.php)
+ *
+ * @param array $params Additional parameters (not used here)
+ * @param \TYPO3\CMS\Core\Http\AjaxRequestHandler &$ajaxObj The TYPO3AJAX object of this request
+ * @return void
+ * @author Oliver Hader <oliver@typo3.org>
+ */
+ public function processAjaxRequest($params, \TYPO3\CMS\Core\Http\AjaxRequestHandler &$ajaxObj) {
+ $this->ajaxObj = $ajaxObj;
+ $ajaxIdParts = explode('::', $ajaxObj->getAjaxID(), 2);
+ $ajaxMethod = $ajaxIdParts[1];
+ $response = array();
+ // Process the AJAX requests:
+ if ($ajaxMethod == 'loadTemplates') {
+ $ajaxObj->setContent($this->loadTemplates(intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('pageId'))));
+ $ajaxObj->setContentFormat('jsonbody');
+ }
+ }
+
+ /**
+ * Loads all templates up to a given page id (walking the rootline) and
+ * cleans parts that are not required for the t3editor codecompletion.
+ *
+ * @param integer $pageId ID of the page
+ * @param integer $templateId Currently unused (default: 0)
+ * @return array Cleaned array of TypoScript information
+ * @author Oliver Hader <oliver@typo3.org>
+ */
+ protected function loadTemplates($pageId, $templateId = 0) {
+ $templates = array();
+ // Check whether access is granted (only admin have access to sys_template records):
+ if ($GLOBALS['BE_USER']->isAdmin()) {
+ // Check whether there is a pageId given:
+ if ($pageId) {
+ $templates = $this->getMergedTemplates($pageId);
+ } else {
+ $this->ajaxObj->setError($GLOBALS['LANG']->getLL('pageIDInteger'));
+ }
+ } else {
+ $this->ajaxObj->setError($GLOBALS['LANG']->getLL('noPermission'));
+ }
+ return $templates;
+ }
+
+ /**
+ * Gets merged templates by walking the rootline to a given page id.
+ *
+ * @todo oliver@typo3.org: Refactor this method and comment what's going on there
+ * @param integer $pageId
+ * @param integer $templateId
+ * @return array Setup part of merged template records
+ */
+ protected function getMergedTemplates($pageId, $templateId = 0) {
+ $result = array();
+ /** @var $tsParser \TYPO3\CMS\Core\TypoScript\ExtendedTemplateService */
+ $tsParser = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\TypoScript\\ExtendedTemplateService');
+ $tsParser->tt_track = 0;
+ $tsParser->init();
+ // Gets the rootLine
+ $page = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Page\\PageRepository');
+ $rootLine = $page->getRootLine($pageId);
+ // This generates the constants/config + hierarchy info for the template.
+ $tsParser->runThroughTemplates($rootLine);
+ // ts-setup & ts-constants of the currently edited template should not be included
+ // therefor we have to delete the last template from the stack
+ array_pop($tsParser->config);
+ array_pop($tsParser->constants);
+ $tsParser->linkObjects = TRUE;
+ $tsParser->ext_regLinenumbers = FALSE;
+ $tsParser->bType = $bType;
+ $tsParser->resourceCheck = 1;
+ $tsParser->removeFromGetFilePath = PATH_site;
+ $tsParser->generateConfig();
+ $result = $this->treeWalkCleanup($tsParser->setup);
+ return $result;
+ }
+
+ /**
+ * Walks through a tree of TypoScript configuration an cleans it up.
+ *
+ * @TODO oliver@typo3.org: Define and comment why this is necessary and exactly happens below
+ * @param array $treeBranch TypoScript configuration or sub branch of it
+ * @return array Cleaned TypoScript branch
+ */
+ private function treeWalkCleanup(array $treeBranch) {
+ $cleanedTreeBranch = array();
+ foreach ($treeBranch as $key => $value) {
+ $dotCount = substr_count($key, '.');
+ //type definition or value-assignment
+ if ($dotCount == 0) {
+ if ($value != '') {
+ if (strlen($value) > 20) {
+ $value = substr($value, 0, 20);
+ }
+ if (!isset($cleanedTreeBranch[$key])) {
+ $cleanedTreeBranch[$key] = array();
+ }
+ $cleanedTreeBranch[$key]['v'] = $value;
+ }
+ } elseif ($dotCount == 1) {
+ // subtree (definition of properties)
+ $subBranch = $this->treeWalkCleanup($value);
+ if ($subBranch) {
+ $key = str_replace('.', '', $key);
+ if (!isset($cleanedTreeBranch[$key])) {
+ $cleanedTreeBranch[$key] = array();
+ }
+ $cleanedTreeBranch[$key]['c'] = $subBranch;
+ }
+ }
+ }
+ return $cleanedTreeBranch;
+ }
+
+}
+
+
+?>
\ No newline at end of file
--- /dev/null
+<?php
+namespace TYPO3\CMS\T3Editor;
+
+/**
+ * Wizard for tceforms
+ *
+ * @author Tobias Liebig <mail_typo3@etobi.de>
+ */
+class FormWizard {
+
+ /**
+ * Main function
+ *
+ * @param array $parameters
+ * @param object $pObj
+ * @return string|NULL
+ */
+ public function main($parameters, $pObj) {
+ $t3editor = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\T3Editor\\T3Editor');
+ if (!$t3editor->isEnabled()) {
+ return;
+ }
+ if ($parameters['params']['format'] !== '') {
+ $t3editor->setModeByType($parameters['params']['format']);
+ } else {
+ $t3editor->setMode(\TYPO3\CMS\T3Editor\T3Editor::MODE_MIXED);
+ }
+ $config = $GLOBALS['TCA'][$parameters['table']]['columns'][$parameters['field']]['config'];
+ $doc = $GLOBALS['SOBE']->doc;
+ $attributes = ((((((((((('rows="' . $config['rows']) . '" ') . 'cols="') . $config['cols']) . '" ') . 'wrap="off" ') . 'style="') . $config['wizards']['t3editor']['params']['style']) . '" ') . 'onchange="') . $parameters['fieldChangeFunc']['TBE_EDITOR_fieldChanged']) . '" ';
+ $parameters['item'] = '';
+ $parameters['item'] .= $t3editor->getCodeEditor($parameters['itemName'], 'fixed-font enable-tab', $parameters['row'][$parameters['field']], $attributes, ($parameters['table'] . ' > ') . $parameters['field'], array(
+ 'target' => intval($pObj->target)
+ ));
+ $parameters['item'] .= $t3editor->getJavascriptCode($doc);
+ return '';
+ }
+
+}
+
+
+?>
\ No newline at end of file
--- /dev/null
+<?php
+namespace TYPO3\CMS\T3Editor\Hook;
+
+/**
+ * File edit hook for t3editor
+ *
+ * @author Tobias Liebig <mail_typo3@etobi.de>
+ */
+class FileEditHook {
+
+ /**
+ * @var \TYPO3\CMS\T3Editor\T3Editor
+ */
+ protected $t3editor = NULL;
+
+ /**
+ * @var string
+ */
+ protected $ajaxSaveType = 'tx_tstemplateinfo';
+
+ /**
+ * @return \TYPO3\CMS\T3Editor\T3Editor
+ */
+ protected function getT3editor() {
+ if ($this->t3editor == NULL) {
+ $this->t3editor = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\T3Editor\\T3Editor')->setAjaxSaveType($this->ajaxSaveType);
+ }
+ return $this->t3editor;
+ }
+
+ /**
+ * Hook-function: inject t3editor JavaScript code before the page is compiled
+ * called in file_edit.php:SC_file_edit->main
+ *
+ * @param array $parameters
+ * @param \TYPO3\CMS\Backend\Controller\File\EditFileController $pObj
+ */
+ public function preOutputProcessingHook($parameters, $pObj) {
+ $t3editor = $this->getT3editor();
+ $t3editor->setModeByFile($parameters['target']);
+ if (!$t3editor->isEnabled() || !$t3editor->getMode()) {
+ return;
+ }
+ $parameters['content'] = str_replace('<!--###POSTJSMARKER###-->', '<!--###POSTJSMARKER###-->' . $t3editor->getModeSpecificJavascriptCode(), $parameters['content']);
+ }
+
+ /**
+ * Hook-function: inject t3editor JavaScript code before the page is compiled
+ * called in typo3/template.php:startPage
+ *
+ * @param array $parameters
+ * @param \TYPO3\CMS\Backend\Template\DocumentTemplate $pObj
+ */
+ public function preStartPageHook($parameters, $pObj) {
+ if (preg_match('/typo3\\/file_edit\\.php/', $_SERVER['SCRIPT_NAME'])) {
+ $t3editor = $this->getT3editor();
+ if (!$t3editor->isEnabled()) {
+ return;
+ }
+ $pObj->JScode .= $t3editor->getJavascriptCode($pObj);
+ $pObj->loadJavascriptLib(\t3lib_extmgm::extRelPath('t3editor') . 'res/jslib/fileedit.js');
+ }
+ }
+
+ /**
+ * Hook-function:
+ * called in file_edit.php:SC_file_edit->main
+ *
+ * @param array $parameters
+ * @param \TYPO3\CMS\Backend\Controller\File\EditFileController $pObj
+ */
+ public function postOutputProcessingHook($parameters, $pObj) {
+ $t3editor = $this->getT3editor();
+ if (!$t3editor->isEnabled() || !$t3editor->getMode()) {
+ return;
+ }
+ $attributes = ('rows="30" ' . 'wrap="off" ') . $pObj->doc->formWidthText(48, 'width:98%;height:60%', 'off');
+ &n