TYPO3 CMS  TYPO3_6-2
AbstractController.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Install\Controller;
3 
17 use TYPO3\CMS\Core\Utility\GeneralUtility;
18 use TYPO3\CMS\Install\Service\EnableFileService;
19 
23 class AbstractController {
24 
28  protected $objectManager = NULL;
29 
33  protected $session = NULL;
34 
38  protected $authenticationActions = array();
39 
43  protected function isInstallToolAvailable() {
45  $installToolEnableService = $this->objectManager->get('TYPO3\\CMS\\Install\\Service\\EnableFileService');
46  if ($installToolEnableService->isFirstInstallAllowed()) {
47  return TRUE;
48  }
49  return $installToolEnableService->checkInstallToolEnableFile();
50  }
51 
61  protected function outputInstallToolNotEnabledMessageIfNeeded() {
62  if (!$this->isInstallToolAvailable()) {
63  if (!EnableFileService::isFirstInstallAllowed() && !is_dir(PATH_typo3conf)) {
65  $action = $this->objectManager->get('TYPO3\\CMS\\Install\\Controller\\Action\\Common\\AccessNotAllowedAction');
66  $action->setAction('accessNotAllowed');
67  } else {
69  $action = $this->objectManager->get('TYPO3\\CMS\\Install\\Controller\\Action\\Common\\InstallToolDisabledAction');
70  $action->setAction('installToolDisabled');
71  }
72  $action->setController('common');
73  $this->output($action->handle());
74  }
75  }
76 
83  protected function outputInstallToolPasswordNotSetMessageIfNeeded() {
84  if (!$this->isInitialInstallationInProgress()
85  && (empty($GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword']))
86  ) {
88  $action = $this->objectManager->get('TYPO3\\CMS\\Install\\Controller\\Action\\Common\\InstallToolPasswordNotSetAction');
89  $action->setController('common');
90  $action->setAction('installToolPasswordNotSet');
91  $this->output($action->handle());
92  }
93  }
94 
101  protected function checkSessionToken() {
102  $postValues = $this->getPostValues();
103  $tokenOk = FALSE;
104  if (count($postValues) > 0) {
105  // A token must be given as soon as there is POST data
106  if (isset($postValues['token'])) {
108  $formProtection = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get(
109  'TYPO3\\CMS\\Core\\FormProtection\\InstallToolFormProtection'
110  );
111  $action = $this->getAction();
112  if ($action === '') {
113  throw new Exception(
114  'No POST action given for token check',
115  1369326593
116  );
117  }
118  $tokenOk = $formProtection->validateToken($postValues['token'], 'installTool', $action);
119  }
120  } else {
121  $tokenOk = TRUE;
122  }
123 
124  $this->handleSessionTokenCheck($tokenOk);
125  }
126 
135  protected function handleSessionTokenCheck($tokenOk) {
136  if (!$tokenOk) {
137  $this->session->resetSession();
138  $this->session->startSession();
139 
140  if ($this->isInitialInstallationInProgress()) {
141  $this->redirect();
142  } else {
144  $message = $this->objectManager->get('TYPO3\\CMS\\Install\\Status\\ErrorStatus');
145  $message->setTitle('Invalid form token');
146  $message->setMessage(
147  'The form protection token was invalid. You have been logged out, please log in and try again.'
148  );
149  $this->output($this->loginForm($message));
150  }
151  }
152  }
153 
159  protected function checkSessionLifetime() {
160  if ($this->session->isExpired()) {
161  // Session expired, log out user, start new session
162  $this->session->resetSession();
163  $this->session->startSession();
164 
165  $this->handleSessionLifeTimeExpired();
166  }
167  }
168 
175  protected function handleSessionLifeTimeExpired() {
176  if ($this->isInitialInstallationInProgress()) {
177  $this->redirect();
178  } else {
180  $message = $this->objectManager->get('TYPO3\\CMS\\Install\\Status\\ErrorStatus');
181  $message->setTitle('Session expired');
182  $message->setMessage(
183  'Your Install Tool session has expired. You have been logged out, please log in and try again.'
184  );
185  $this->output($this->loginForm($message));
186  }
187  }
188 
195  protected function loginForm(\TYPO3\CMS\Install\Status\StatusInterface $message = NULL) {
197  $action = $this->objectManager->get('TYPO3\\CMS\\Install\\Controller\\Action\\Common\\LoginForm');
198  $action->setController('common');
199  $action->setAction('login');
200  $action->setToken($this->generateTokenForAction('login'));
201  $action->setPostValues($this->getPostValues());
202  if ($message) {
203  $action->setMessages(array($message));
204  }
205  $content = $action->handle();
206  return $content;
207  }
208 
214  protected function loginIfRequested() {
215  $action = $this->getAction();
216  $postValues = $this->getPostValues();
217  if ($action === 'login') {
218  $password = '';
219  $validPassword = FALSE;
220  if (isset($postValues['values']['password'])) {
221  $password = $postValues['values']['password'];
222  $installToolPassword = $GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'];
223  $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($installToolPassword);
224  if (is_object($saltFactory)) {
225  $validPassword = $saltFactory->checkPassword($password, $installToolPassword);
226  } elseif (md5($password) === $installToolPassword) {
227  // Update install tool password
228  $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, 'BE');
229  $configurationManager = $this->objectManager->get('TYPO3\\CMS\\Core\\Configuration\\ConfigurationManager');
230  $configurationManager->setLocalConfigurationValueByPath(
231  'BE/installToolPassword',
232  $saltFactory->getHashedPassword($password)
233  );
234  $validPassword = TRUE;
235  }
236  }
237  if ($validPassword) {
238  $this->session->setAuthorized();
239  $this->sendLoginSuccessfulMail();
240  $this->redirect();
241  } else {
242  $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, 'BE');
243  $hashedPassword = $saltFactory->getHashedPassword($password);
245  $message = $this->objectManager->get('TYPO3\\CMS\\Install\\Status\\ErrorStatus');
246  $message->setTitle('Login failed');
247  $message->setMessage('Given password does not match the install tool login password. ' .
248  'Calculated hash: ' . $hashedPassword);
249  $this->sendLoginFailedMail();
250  $this->output($this->loginForm($message));
251  }
252  }
253  }
254 
261  protected function outputLoginFormIfNotAuthorized() {
262  if (!$this->session->isAuthorized()
263  && !$this->isInitialInstallationInProgress()
264  ) {
265  $this->output($this->loginForm());
266  } else {
267  $this->session->refreshSession();
268  }
269  }
270 
276  protected function sendLoginSuccessfulMail() {
277  $warningEmailAddress = $GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'];
278  if ($warningEmailAddress) {
280  $mailMessage = $this->objectManager->get('TYPO3\\CMS\\Core\\Mail\\MailMessage');
281  $mailMessage
282  ->addTo($warningEmailAddress)
283  ->setSubject('Install Tool Login at \'' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] . '\'')
284  ->addFrom($this->getSenderEmailAddress(), $this->getSenderEmailName())
285  ->setBody('There has been an Install Tool login at TYPO3 site'
286  . ' \'' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] . '\''
287  . ' (' . GeneralUtility::getIndpEnv('HTTP_HOST') . ')'
288  . ' from remote address \'' . GeneralUtility::getIndpEnv('REMOTE_ADDR') . '\''
289  . ' (' . GeneralUtility::getIndpEnv('REMOTE_HOST') . ')')
290  ->send();
291  }
292  }
293 
299  protected function sendLoginFailedMail() {
300  $formValues = GeneralUtility::_GP('install');
301  $warningEmailAddress = $GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'];
302  if ($warningEmailAddress) {
304  $mailMessage = $this->objectManager->get('TYPO3\\CMS\\Core\\Mail\\MailMessage');
305  $mailMessage
306  ->addTo($warningEmailAddress)
307  ->setSubject('Install Tool Login ATTEMPT at \'' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] . '\'')
308  ->addFrom($this->getSenderEmailAddress(), $this->getSenderEmailName())
309  ->setBody('There has been an Install Tool login attempt at TYPO3 site'
310  . ' \'' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] . '\''
311  . ' (' . GeneralUtility::getIndpEnv('HTTP_HOST') . ')'
312  . ' The last 5 characters of the MD5 hash of the password tried was \'' . substr(md5($formValues['password']), -5) . '\''
313  . ' remote address was \'' . GeneralUtility::getIndpEnv('REMOTE_ADDR') . '\''
314  . ' (' . GeneralUtility::getIndpEnv('REMOTE_HOST') . ')')
315  ->send();
316  }
317  }
318 
326  protected function generateTokenForAction($action = NULL) {
327  if (!$action) {
328  $action = $this->getAction();
329  }
330  if ($action === '') {
331  throw new Exception(
332  'Token must have a valid action name',
333  1369326592
334  );
335  }
337  $formProtection = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get(
338  'TYPO3\\CMS\\Core\\FormProtection\\InstallToolFormProtection'
339  );
340  return $formProtection->generateToken('installTool', $action);
341  }
342 
349  protected function isInitialInstallationInProgress() {
351  $configurationManager = $this->objectManager->get('TYPO3\\CMS\\Core\\Configuration\\ConfigurationManager');
352 
353  $localConfigurationFileLocation = $configurationManager->getLocalConfigurationFileLocation();
354  $localConfigurationFileExists = @is_file($localConfigurationFileLocation);
355  $result = FALSE;
356  if (!$localConfigurationFileExists
357  || !empty($GLOBALS['TYPO3_CONF_VARS']['SYS']['isInitialInstallationInProgress'])
358  ) {
359  $result = TRUE;
360  }
361  return $result;
362  }
363 
371  protected function initializeSession() {
373  $this->session = $this->objectManager->get('TYPO3\\CMS\\Install\\Service\\SessionService');
374  if (!$this->session->hasSession()) {
375  $this->session->startSession();
376  }
377  }
378 
385  protected function addSessionMessages(array $messages) {
386  foreach ($messages as $message) {
387  $this->session->addMessage($message);
388  }
389  }
390 
396  protected function initializeObjectManager() {
398  $objectManager = GeneralUtility::makeInstance('TYPO3\\CMS\\Extbase\\Object\\ObjectManager');
399  $this->objectManager = $objectManager;
400  }
401 
409  protected function loadBaseExtensions() {
410  if ($this->isDbalEnabled()) {
411  require(\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath('dbal') . 'ext_localconf.php');
412  $GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations']['dbal']['backend']
413  = 'TYPO3\\CMS\\Core\\Cache\\Backend\\NullBackend';
414  $GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations']['dbal']['options'] = array();
415  }
416 
417  require(\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath('extbase') . 'ext_localconf.php');
418  require(\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath('fluid') . 'ext_localconf.php');
419 
420  $GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations']['extbase_datamapfactory_datamap']['backend']
421  = 'TYPO3\\CMS\\Core\\Cache\\Backend\\NullBackend';
422  $GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations']['extbase_datamapfactory_datamap']['options'] = array();
423  $GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations']['extbase_object']['backend']
424  = 'TYPO3\\CMS\\Core\\Cache\\Backend\\NullBackend';
425  $GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations']['extbase_object']['options'] = array();
426  $GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations']['extbase_reflection']['backend']
427  = 'TYPO3\\CMS\\Core\\Cache\\Backend\\NullBackend';
428  $GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations']['extbase_reflection']['options'] = array();
429  $GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations']['extbase_typo3dbbackend_tablecolumns']['backend']
430  = 'TYPO3\\CMS\\Core\\Cache\\Backend\\NullBackend';
431  $GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations']['extbase_typo3dbbackend_tablecolumns']['options'] = array();
432  $GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations']['fluid_template']['backend']
433  = 'TYPO3\\CMS\\Core\\Cache\\Backend\\NullBackend';
434  $GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations']['fluid_template']['options'] = array();
435 
437  $cacheManager = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Cache\\CacheManager');
438  $cacheManager->setCacheConfigurations($GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations']);
439  }
440 
446  protected function isDbalEnabled() {
447  if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('adodb')
448  && \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('dbal')
449  ) {
450  return TRUE;
451  }
452  return FALSE;
453  }
454 
461  protected function validateAuthenticationAction($action) {
462  if (!in_array($action, $this->authenticationActions)) {
463  throw new Exception(
464  $action . ' is not a valid authentication action',
465  1369345838
466  );
467  }
468  }
469 
476  protected function getAction() {
477  $formValues = GeneralUtility::_GP('install');
478  $action = '';
479  if (isset($formValues['action'])) {
480  $action = $formValues['action'];
481  }
482  if ($action !== ''
483  && $action !== 'login'
484  && $action !== 'loginForm'
485  && $action !== 'logout'
486  && !in_array($action, $this->authenticationActions)
487  ) {
488  throw new Exception(
489  'Invalid action ' . $action,
490  1369325619
491  );
492  }
493  return $action;
494  }
495 
502  protected function getPostValues() {
503  $postValues = GeneralUtility::_POST('install');
504  if (!is_array($postValues)) {
505  $postValues = array();
506  }
507  return $postValues;
508  }
509 
518  protected function redirect($controller = '', $action = '') {
519  $getPostValues = GeneralUtility::_GP('install');
520 
521  $parameters = array();
522 
523  // Current redirect count
524  if (isset($getPostValues['redirectCount'])) {
525  $redirectCount = (int)$getPostValues['redirectCount'] + 1;
526  } else {
527  $redirectCount = 0;
528  }
529  if ($redirectCount >= 10) {
530  // Abort a redirect loop by throwing an exception. Calling this method
531  // some times in a row is ok, but break a loop if this happens too often.
532  throw new Exception\RedirectLoopException(
533  'Redirect loop aborted. If this message is shown again after a reload,' .
534  ' your setup is so weird that the install tool is unable to handle it.' .
535  ' Please make sure to remove the "install[redirectCount]" parameter from your request or' .
536  ' restart the install tool from the backend navigation.',
537  1380581244
538  );
539  }
540  $parameters[] = 'install[redirectCount]=' . $redirectCount;
541 
542  // Add context parameter in case this script was called within backend scope
543  $context = 'install[context]=standalone';
544  if (isset($getPostValues['context']) && $getPostValues['context'] === 'backend') {
545  $context = 'install[context]=backend';
546  }
547  $parameters[] = $context;
548 
549  // Add controller parameter
550  $controllerParameter = 'install[controller]=step';
551  if ((isset($getPostValues['controller']) && $getPostValues['controller'] === 'tool')
552  || $controller === 'tool'
553  ) {
554  $controllerParameter = 'install[controller]=tool';
555  }
556  $parameters[] = $controllerParameter;
557 
558  // Add action if specified
559  if (strlen($action) > 0) {
560  $parameters[] = 'install[action]=' . $action;
561  }
562 
563  $redirectLocation = 'Install.php?' . implode('&', $parameters);
564 
565  \TYPO3\CMS\Core\Utility\HttpUtility::redirect(
566  $redirectLocation,
567  \TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_303
568  );
569  }
570 
577  protected function output($content = '') {
578  header('Content-Type: text/html; charset=utf-8');
579  header('Cache-Control: no-cache, must-revalidate');
580  header('Pragma: no-cache');
581  echo $content;
582  die;
583  }
584 
592  protected function getSenderEmailAddress() {
593  return !empty($GLOBALS['TYPO3_CONF_VARS']['MAIL']['defaultMailFromAddress'])
594  ? $GLOBALS['TYPO3_CONF_VARS']['MAIL']['defaultMailFromAddress']
595  : 'no-reply@example.com';
596  }
597 
605  protected function getSenderEmailName() {
606  return !empty($GLOBALS['TYPO3_CONF_VARS']['MAIL']['defaultMailFromName'])
607  ? $GLOBALS['TYPO3_CONF_VARS']['MAIL']['defaultMailFromName']
608  : 'TYPO3 CMS install tool';
609  }
610 }
$parameters
$parameters
Definition: FileDumpEID.php:15
TYPO3\CMS\Saltedpasswords\Salt\SaltFactory\getSaltingInstance
static getSaltingInstance($saltedHash='', $mode=TYPO3_MODE)
Definition: SaltFactory.php:83
die
die
Definition: index.php:6
$result
if($list_of_literals) if(!empty($literals)) if(!empty($literals)) $result
Analyse literals to prepend the N char to them if their contents aren&#39;t numeric.
Definition: adodb-mssql_n.inc.php:148
TYPO3\CMS\Core\Utility\HttpUtility\redirect
static redirect($url, $httpStatus=self::HTTP_STATUS_303)
Definition: HttpUtility.php:76
$GLOBALS
if(!defined('TYPO3_MODE')) $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_pre_processing'][]
Definition: ext_localconf.php:5