TYPO3 CMS  TYPO3_7-6
FrontendLoginController.php
Go to the documentation of this file.
1 <?php
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
19 
24 {
30  public $prefixId = 'tx_felogin_pi1';
31 
37  public $extKey = 'felogin';
38 
42  public $pi_checkCHash = false;
43 
47  public $pi_USER_INT_obj = true;
48 
54  protected $userIsLoggedIn;
55 
61  protected $template;
62 
68  protected $uploadDir;
69 
75  protected $redirectUrl;
76 
82  protected $noRedirect = false;
83 
89  protected $logintype;
90 
96  public $spid;
97 
103  public $referer;
104 
112  public function main($content, $conf)
113  {
114  // Loading TypoScript array into object variable:
115  $this->conf = $conf;
116  $this->uploadDir = 'uploads/tx_felogin/';
117  // Loading default pivars
118  $this->pi_setPiVarDefaults();
119  // Loading language-labels
120  $this->pi_loadLL('EXT:felogin/Resources/Private/Language/locallang.xlf');
121  // Init FlexForm configuration for plugin:
122  $this->pi_initPIflexForm();
124  // Get storage PIDs:
125  if ($this->conf['storagePid']) {
126  if ((int)$this->conf['recursive']) {
127  $this->spid = $this->pi_getPidList($this->conf['storagePid'], (int)$this->conf['recursive']);
128  } else {
129  $this->spid = $this->conf['storagePid'];
130  }
131  } else {
132  GeneralUtility::deprecationLog('Extension "felogin" must have a storagePid set via TypoScript or the plugin configuration.');
133  $pids = $this->frontendController->getStorageSiterootPids();
134  $this->spid = $pids['_STORAGE_PID'];
135  }
136  // GPvars:
137  $this->logintype = GeneralUtility::_GP('logintype');
138  $this->referer = $this->validateRedirectUrl(GeneralUtility::_GP('referer'));
139  $this->noRedirect = $this->piVars['noredirect'] || $this->conf['redirectDisable'];
140  // If config.typolinkLinkAccessRestrictedPages is set, the var is return_url
141  $returnUrl = GeneralUtility::_GP('return_url');
142  if ($returnUrl) {
143  $this->redirectUrl = $returnUrl;
144  } else {
145  $this->redirectUrl = GeneralUtility::_GP('redirect_url');
146  }
147  $this->redirectUrl = $this->validateRedirectUrl($this->redirectUrl);
148  // Get Template
149  $templateFile = $this->conf['templateFile'] ?: 'EXT:felogin/Resources/Private/Templates/FrontendLogin.html';
150  $this->template = $this->cObj->fileResource($templateFile);
151  // Is user logged in?
152  $this->userIsLoggedIn = $this->frontendController->loginUser;
153  // Redirect
154  if ($this->conf['redirectMode'] && !$this->conf['redirectDisable'] && !$this->noRedirect) {
155  $redirectUrl = $this->processRedirect();
156  if (!empty($redirectUrl)) {
157  $this->redirectUrl = $this->conf['redirectFirstMethod'] ? array_shift($redirectUrl) : array_pop($redirectUrl);
158  } else {
159  $this->redirectUrl = '';
160  }
161  }
162  // What to display
163  $content = '';
164  if ($this->piVars['forgot'] && $this->conf['showForgotPasswordLink']) {
165  $content .= $this->showForgot();
166  } elseif ($this->piVars['forgothash']) {
167  $content .= $this->changePassword();
168  } else {
169  if ($this->userIsLoggedIn && !$this->logintype) {
170  $content .= $this->showLogout();
171  } else {
172  $content .= $this->showLogin();
173  }
174  }
175  // Process the redirect
176  if (($this->logintype === 'login' || $this->logintype === 'logout') && $this->redirectUrl && !$this->noRedirect) {
177  if (!$this->frontendController->fe_user->isCookieSet() && $this->userIsLoggedIn) {
178  $content .= $this->cObj->stdWrap($this->pi_getLL('cookie_warning'), $this->conf['cookieWarning_stdWrap.']);
179  } else {
180  // Add hook for extra processing before redirect
181  if (
182  isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect']) &&
183  is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'])
184  ) {
185  $_params = [
186  'loginType' => $this->logintype,
187  'redirectUrl' => &$this->redirectUrl
188  ];
189  foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'] as $_funcRef) {
190  if ($_funcRef) {
191  GeneralUtility::callUserFunction($_funcRef, $_params, $this);
192  }
193  }
194  }
196  }
197  }
198  // Adds hook for processing of extra item markers / special
199  if (
200  isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'])
201  && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'])
202  ) {
203  $_params = [
204  'content' => $content
205  ];
206  foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'] as $_funcRef) {
207  $content = GeneralUtility::callUserFunction($_funcRef, $_params, $this);
208  }
209  }
210  return $this->conf['wrapContentInBaseClass'] ? $this->pi_wrapInBaseClass($content) : $content;
211  }
212 
218  protected function showForgot()
219  {
220  $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_FORGOT###');
221  $subpartArray = ($linkpartArray = []);
222  $postData = GeneralUtility::_POST($this->prefixId);
223  if ($postData['forgot_email']) {
224  // Get hashes for compare
225  $postedHash = $postData['forgot_hash'];
226  $hashData = $this->frontendController->fe_user->getKey('ses', 'forgot_hash');
227  if ($postedHash === $hashData['forgot_hash']) {
228  $row = false;
229  // Look for user record
230  $data = $this->databaseConnection->fullQuoteStr($this->piVars['forgot_email'], 'fe_users');
231  $res = $this->databaseConnection->exec_SELECTquery(
232  'uid, username, password, email',
233  'fe_users',
234  '(email=' . $data . ' OR username=' . $data . ') AND pid IN (' . $this->databaseConnection->cleanIntList($this->spid) . ') ' . $this->cObj->enableFields('fe_users')
235  );
236  if ($this->databaseConnection->sql_num_rows($res)) {
237  $row = $this->databaseConnection->sql_fetch_assoc($res);
238  }
239  $error = null;
240  if ($row) {
241  // Generate an email with the hashed link
242  $error = $this->generateAndSendHash($row);
243  } elseif ($this->conf['exposeNonexistentUserInForgotPasswordDialog']) {
244  $error = $this->pi_getLL('ll_forgot_reset_message_error');
245  }
246  // Generate message
247  if ($error) {
248  $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($error, $this->conf['forgotErrorMessage_stdWrap.']);
249  } else {
250  $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap(
251  $this->pi_getLL('ll_forgot_reset_message_emailSent'),
252  $this->conf['forgotResetMessageEmailSentMessage_stdWrap.']
253  );
254  }
255  $subpartArray['###FORGOT_FORM###'] = '';
256  } else {
257  // Wrong email
258  $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
259  $markerArray['###BACKLINK_LOGIN###'] = '';
260  }
261  } else {
262  $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
263  $markerArray['###BACKLINK_LOGIN###'] = '';
264  }
265  $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink($this->pi_getLL('ll_forgot_header_backToLogin', '', true), []);
266  $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('forgot_header', $this->conf['forgotHeader_stdWrap.']);
267  $markerArray['###LEGEND###'] = $this->pi_getLL('legend', $this->pi_getLL('reset_password'), true);
268  $markerArray['###ACTION_URI###'] = $this->getPageLink('', [$this->prefixId . '[forgot]' => 1], true);
269  $markerArray['###EMAIL_LABEL###'] = $this->pi_getLL('your_email', '', true);
270  $markerArray['###FORGOT_PASSWORD_ENTEREMAIL###'] = $this->pi_getLL('forgot_password_enterEmail', '', true);
271  $markerArray['###FORGOT_EMAIL###'] = $this->prefixId . '[forgot_email]';
272  $markerArray['###SEND_PASSWORD###'] = $this->pi_getLL('reset_password', '', true);
273  $markerArray['###DATA_LABEL###'] = $this->pi_getLL('ll_enter_your_data', '', true);
274  $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
275  // Generate hash
276  $hash = md5($this->generatePassword(3));
277  $markerArray['###FORGOTHASH###'] = $hash;
278  // Set hash in feuser session
279  $this->frontendController->fe_user->setKey('ses', 'forgot_hash', ['forgot_hash' => $hash]);
280  return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
281  }
282 
289  protected function changePassword()
290  {
291  $subpartArray = ($linkpartArray = []);
292  $done = false;
293  $minLength = (int)$this->conf['newPasswordMinLength'] ?: 6;
294  $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_CHANGEPASSWORD###');
295  $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('change_password_header', $this->conf['changePasswordHeader_stdWrap.']);
296  $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
297  'change_password_message',
298  $this->conf['changePasswordMessage_stdWrap.']
299  ), $minLength);
300 
301  $markerArray['###BACKLINK_LOGIN###'] = '';
302  $uid = $this->piVars['user'];
303  $piHash = $this->piVars['forgothash'];
304  $hash = explode('|', rawurldecode($piHash));
305  if ((int)$uid === 0) {
306  $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
307  'change_password_notvalid_message',
308  $this->conf['changePasswordNotValidMessage_stdWrap.']
309  );
310  $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
311  } else {
312  $user = $this->pi_getRecord('fe_users', (int)$uid);
313  $userHash = $user['felogin_forgotHash'];
314  $compareHash = explode('|', $userHash);
315  if (!$compareHash || !$compareHash[1] || $compareHash[0] < time() || $hash[0] != $compareHash[0] || md5($hash[1]) != $compareHash[1]) {
316  $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
317  'change_password_notvalid_message',
318  $this->conf['changePasswordNotValidMessage_stdWrap.']
319  );
320  $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
321  } else {
322  // All is fine, continue with new password
323  $postData = GeneralUtility::_POST($this->prefixId);
324  if (isset($postData['changepasswordsubmit'])) {
325  if (strlen($postData['password1']) < $minLength) {
326  $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
327  'change_password_tooshort_message',
328  $this->conf['changePasswordTooShortMessage_stdWrap.']),
329  $minLength
330  );
331  } elseif ($postData['password1'] != $postData['password2']) {
332  $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
333  'change_password_notequal_message',
334  $this->conf['changePasswordNotEqualMessage_stdWrap.']),
335  $minLength
336  );
337  } else {
338  $newPass = $postData['password1'];
339  if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
340  $_params = [
341  'user' => $user,
342  'newPassword' => $newPass,
343  'newPasswordUnencrypted' => $newPass
344  ];
345  foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
346  if ($_funcRef) {
347  GeneralUtility::callUserFunction($_funcRef, $_params, $this);
348  }
349  }
350  $newPass = $_params['newPassword'];
351  }
352  // Save new password and clear DB-hash
353  $res = $this->databaseConnection->exec_UPDATEquery(
354  'fe_users',
355  'uid=' . $user['uid'],
356  ['password' => $newPass, 'felogin_forgotHash' => '', 'tstamp' => $GLOBALS['EXEC_TIME']]
357  );
358  $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
359  'change_password_done_message',
360  $this->conf['changePasswordDoneMessage_stdWrap.']
361  );
362  $done = true;
363  $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
364  $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(
365  $this->pi_getLL('ll_forgot_header_backToLogin', '', true),
366  [$this->prefixId . '[redirectReferrer]' => 'off']
367  );
368  }
369  }
370  if (!$done) {
371  // Change password form
372  $markerArray['###ACTION_URI###'] = $this->getPageLink('', [
373  $this->prefixId . '[user]' => $user['uid'],
374  $this->prefixId . '[forgothash]' => $piHash
375  ], true);
376  $markerArray['###LEGEND###'] = $this->pi_getLL('change_password', '', true);
377  $markerArray['###NEWPASSWORD1_LABEL###'] = $this->pi_getLL('newpassword_label1', '', true);
378  $markerArray['###NEWPASSWORD2_LABEL###'] = $this->pi_getLL('newpassword_label2', '', true);
379  $markerArray['###NEWPASSWORD1###'] = $this->prefixId . '[password1]';
380  $markerArray['###NEWPASSWORD2###'] = $this->prefixId . '[password2]';
381  $markerArray['###STORAGE_PID###'] = $this->spid;
382  $markerArray['###SEND_PASSWORD###'] = $this->pi_getLL('change_password', '', true);
383  $markerArray['###FORGOTHASH###'] = $piHash;
384  }
385  }
386  }
387  return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
388  }
389 
396  protected function generateAndSendHash($user)
397  {
398  $hours = (int)$this->conf['forgotLinkHashValidTime'] > 0 ? (int)$this->conf['forgotLinkHashValidTime'] : 24;
399  $validEnd = time() + 3600 * $hours;
400  $validEndString = date($this->conf['dateFormat'], $validEnd);
401  $hash = md5(GeneralUtility::generateRandomBytes(64));
402  $randHash = $validEnd . '|' . $hash;
403  $randHashDB = $validEnd . '|' . md5($hash);
404  // Write hash to DB
405  $res = $this->databaseConnection->exec_UPDATEquery('fe_users', 'uid=' . $user['uid'], ['felogin_forgotHash' => $randHashDB]);
406  // Send hashlink to user
407  $this->conf['linkPrefix'] = -1;
408  $isAbsRefPrefix = !empty($this->frontendController->absRefPrefix);
409  $isBaseURL = !empty($this->frontendController->baseUrl);
410  $isFeloginBaseURL = !empty($this->conf['feloginBaseURL']);
411  $link = $this->pi_getPageLink($this->frontendController->id, '', [
412  rawurlencode($this->prefixId . '[user]') => $user['uid'],
413  rawurlencode($this->prefixId . '[forgothash]') => $randHash
414  ]);
415  // Prefix link if necessary
416  if ($isFeloginBaseURL) {
417  // First priority, use specific base URL
418  // "absRefPrefix" must be removed first, otherwise URL will be prepended twice
419  if ($isAbsRefPrefix) {
420  $link = substr($link, strlen($this->frontendController->absRefPrefix));
421  }
422  $link = $this->conf['feloginBaseURL'] . $link;
423  } elseif ($isAbsRefPrefix) {
424  // Second priority
425  // absRefPrefix must not necessarily contain a hostname and URL scheme, so add it if needed
426  $link = GeneralUtility::locationHeaderUrl($link);
427  } elseif ($isBaseURL) {
428  // Third priority
429  // Add the global base URL to the link
430  $link = $this->frontendController->baseUrlWrap($link);
431  } else {
432  // No prefix is set, return the error
433  return $this->pi_getLL('ll_change_password_nolinkprefix_message');
434  }
435  $msg = sprintf($this->pi_getLL('ll_forgot_validate_reset_password'), $user['username'], $link, $validEndString);
436  // Add hook for extra processing of mail message
437  if (
438  isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'])
439  && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'])
440  ) {
441  $params = [
442  'message' => &$msg,
443  'user' => &$user
444  ];
445  foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'] as $reference) {
446  if ($reference) {
447  GeneralUtility::callUserFunction($reference, $params, $this);
448  }
449  }
450  }
451  if ($user['email']) {
452  $this->cObj->sendNotifyEmail($msg, $user['email'], '', $this->conf['email_from'], $this->conf['email_fromName'], $this->conf['replyTo']);
453  }
454 
455  return '';
456  }
457 
463  protected function showLogout()
464  {
465  $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGOUT###');
466  $subpartArray = ($linkpartArray = []);
467  $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('status_header', $this->conf['logoutHeader_stdWrap.']);
468  $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('status_message', $this->conf['logoutMessage_stdWrap.']);
469  $this->cObj->stdWrap($this->flexFormValue('message', 's_status'), $this->conf['logoutMessage_stdWrap.']);
470  $markerArray['###LEGEND###'] = $this->pi_getLL('logout', '', true);
471  $markerArray['###ACTION_URI###'] = $this->getPageLink('', [], true);
472  $markerArray['###LOGOUT_LABEL###'] = $this->pi_getLL('logout', '', true);
473  $markerArray['###NAME###'] = htmlspecialchars($this->frontendController->fe_user->user['name']);
474  $markerArray['###STORAGE_PID###'] = $this->spid;
475  $markerArray['###USERNAME###'] = htmlspecialchars($this->frontendController->fe_user->user['username']);
476  $markerArray['###USERNAME_LABEL###'] = $this->pi_getLL('username', '', true);
477  $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
478  $markerArray['###PREFIXID###'] = $this->prefixId;
479  $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
480  if ($this->redirectUrl) {
481  // Use redirectUrl for action tag because of possible access restricted pages
482  $markerArray['###ACTION_URI###'] = htmlspecialchars($this->redirectUrl);
483  $this->redirectUrl = '';
484  }
485  return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
486  }
487 
493  protected function showLogin()
494  {
495  $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGIN###');
496  $subpartArray = ($linkpartArray = ($markerArray = []));
497  $gpRedirectUrl = '';
498  $markerArray['###LEGEND###'] = $this->pi_getLL('oLabel_header_welcome', '', true);
499  if ($this->logintype === 'login') {
500  if ($this->userIsLoggedIn) {
501  // login success
502  $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('success_header', $this->conf['successHeader_stdWrap.']);
503  $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('success_message', $this->conf['successMessage_stdWrap.']);
504  $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
505  $subpartArray['###LOGIN_FORM###'] = '';
506  // Hook for general actions after after login has been confirmed (by Thomas Danzl <thomas@danzl.org>)
507  if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed']) {
508  $_params = [];
509  foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed'] as $_funcRef) {
510  if ($_funcRef) {
511  GeneralUtility::callUserFunction($_funcRef, $_params, $this);
512  }
513  }
514  }
515  // show logout form directly
516  if ($this->conf['showLogoutFormAfterLogin']) {
517  $this->redirectUrl = '';
518  return $this->showLogout();
519  }
520  } else {
521  // Hook for general actions on login error
522  if (
523  isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'])
524  && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'])
525  ) {
526  $params = [];
527  foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'] as $funcRef) {
528  if ($funcRef) {
529  GeneralUtility::callUserFunction($funcRef, $params, $this);
530  }
531  }
532  }
533  // login error
534  $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('error_header', $this->conf['errorHeader_stdWrap.']);
535  $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('error_message', $this->conf['errorMessage_stdWrap.']);
536  $gpRedirectUrl = GeneralUtility::_GP('redirect_url');
537  }
538  } else {
539  if ($this->logintype === 'logout') {
540  // login form after logout
541  $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('logout_header', $this->conf['logoutHeader_stdWrap.']);
542  $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('logout_message', $this->conf['logoutMessage_stdWrap.']);
543  } else {
544  // login form
545  $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('welcome_header', $this->conf['welcomeHeader_stdWrap.']);
546  $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('welcome_message', $this->conf['welcomeMessage_stdWrap.']);
547  }
548  }
549 
550  // This hook allows to call User JS functions.
551  // The methods should also set the required JS functions to get included
552  $onSubmit = '';
553  $extraHidden = '';
554  $onSubmitAr = [];
555  $extraHiddenAr = [];
556  // Check for referer redirect method. if present, save referer in form field
557  if (GeneralUtility::inList($this->conf['redirectMode'], 'referer') || GeneralUtility::inList($this->conf['redirectMode'], 'refererDomains')) {
558  $referer = $this->referer ? $this->referer : GeneralUtility::getIndpEnv('HTTP_REFERER');
559  if ($referer) {
560  $extraHiddenAr[] = '<input type="hidden" name="referer" value="' . htmlspecialchars($referer) . '" />';
561  if ($this->piVars['redirectReferrer'] === 'off') {
562  $extraHiddenAr[] = '<input type="hidden" name="' . $this->prefixId . '[redirectReferrer]" value="off" />';
563  }
564  }
565  }
566  if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'])) {
567  $_params = [];
568  foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] as $funcRef) {
569  list($onSub, $hid) = GeneralUtility::callUserFunction($funcRef, $_params, $this);
570  $onSubmitAr[] = $onSub;
571  $extraHiddenAr[] = $hid;
572  }
573  }
574  if (!empty($onSubmitAr)) {
575  $onSubmit = implode('; ', $onSubmitAr) . '; return true;';
576  }
577  if (!empty($extraHiddenAr)) {
578  $extraHidden = implode(LF, $extraHiddenAr);
579  }
580  if (!$gpRedirectUrl && $this->redirectUrl) {
581  $gpRedirectUrl = $this->redirectUrl;
582  }
583  // Login form
584  $markerArray['###ACTION_URI###'] = $this->getPageLink('', [], true);
585  // Used by kb_md5fepw extension...
586  $markerArray['###EXTRA_HIDDEN###'] = $extraHidden;
587  $markerArray['###LEGEND###'] = $this->pi_getLL('login', '', true);
588  $markerArray['###LOGIN_LABEL###'] = $this->pi_getLL('login', '', true);
589  // Used by kb_md5fepw extension...
590  $markerArray['###ON_SUBMIT###'] = $onSubmit;
591  $markerArray['###PASSWORD_LABEL###'] = $this->pi_getLL('password', '', true);
592  $markerArray['###STORAGE_PID###'] = $this->spid;
593  $markerArray['###USERNAME_LABEL###'] = $this->pi_getLL('username', '', true);
594  $markerArray['###REDIRECT_URL###'] = htmlspecialchars($gpRedirectUrl);
595  $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
596  $markerArray['###PREFIXID###'] = $this->prefixId;
597  $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
598  if ($this->conf['showForgotPasswordLink']) {
599  $linkpartArray['###FORGOT_PASSWORD_LINK###'] = explode('|', $this->getPageLink('|', [$this->prefixId . '[forgot]' => 1]));
600  $markerArray['###FORGOT_PASSWORD###'] = $this->pi_getLL('ll_forgot_header', '', true);
601  } else {
602  $subpartArray['###FORGOTP_VALID###'] = '';
603  }
604  // The permanent login checkbox should only be shown if permalogin is not deactivated (-1),
605  // not forced to be always active (2) and lifetime is greater than 0
606  $permalogin = (int)$GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'];
607  if (
608  $this->conf['showPermaLogin']
609  && ($permalogin === 0 || $permalogin === 1)
610  && $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'] > 0
611  ) {
612  $markerArray['###PERMALOGIN###'] = $this->pi_getLL('permalogin', '', true);
613  if ($permalogin === 1) {
614  $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = 'disabled="disabled"';
615  $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = 'checked="checked"';
616  } else {
617  $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = '';
618  $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = '';
619  }
620  } else {
621  $subpartArray['###PERMALOGIN_VALID###'] = '';
622  }
623  return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
624  }
625 
631  protected function processRedirect()
632  {
633  $redirect_url = [];
634  if ($this->conf['redirectMode']) {
635  $redirectMethods = GeneralUtility::trimExplode(',', $this->conf['redirectMode'], true);
636  foreach ($redirectMethods as $redirMethod) {
637  if ($this->frontendController->loginUser && $this->logintype === 'login') {
638  // Logintype is needed because the login-page wouldn't be accessible anymore after a login (would always redirect)
639  switch ($redirMethod) {
640  case 'groupLogin':
641  // taken from dkd_redirect_at_login written by Ingmar Schlecht; database-field changed
642  $groupData = $this->frontendController->fe_user->groupData;
643  if (!empty($groupData['uid'])) {
644  // take the first group with a redirect page
645  $row = $this->databaseConnection->exec_SELECTgetSingleRow(
646  'felogin_redirectPid',
647  $this->frontendController->fe_user->usergroup_table,
648  'felogin_redirectPid<>\'\' AND uid IN (' . implode(',', $groupData['uid']) . ')'
649  );
650  if ($row) {
651  $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
652  }
653  }
654  break;
655  case 'userLogin':
656  $row = $this->databaseConnection->exec_SELECTgetSingleRow(
657  'felogin_redirectPid',
658  $this->frontendController->fe_user->user_table,
659  $this->frontendController->fe_user->userid_column . '=' . $this->frontendController->fe_user->user['uid'] . ' AND felogin_redirectPid<>\'\''
660  );
661  if ($row) {
662  $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
663  }
664  break;
665  case 'login':
666  if ($this->conf['redirectPageLogin']) {
667  $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogin']);
668  }
669  break;
670  case 'getpost':
671  $redirect_url[] = $this->redirectUrl;
672  break;
673  case 'referer':
674  // Avoid redirect when logging in after changing password
675  if ($this->piVars['redirectReferrer'] !== 'off') {
676  // Avoid forced logout, when trying to login immediately after a logout
677  $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $this->referer);
678  }
679  break;
680  case 'refererDomains':
681  // Auto redirect.
682  // Feature to redirect to the page where the user came from (HTTP_REFERER).
683  // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
684  // Thanks to plan2.net / Martin Kutschker for implementing this feature.
685  // also avoid redirect when logging in after changing password
686  if ($this->conf['domains'] && $this->piVars['redirectReferrer'] !== 'off') {
687  $url = $this->referer;
688  // Is referring url allowed to redirect?
689  $match = [];
690  if (preg_match('#^http://([[:alnum:]._-]+)/#', $url, $match)) {
691  $redirect_domain = $match[1];
692  $found = false;
693  foreach (GeneralUtility::trimExplode(',', $this->conf['domains'], true) as $d) {
694  if (preg_match('/(?:^|\\.)' . $d . '$/', $redirect_domain)) {
695  $found = true;
696  break;
697  }
698  }
699  if (!$found) {
700  $url = '';
701  }
702  }
703  // Avoid forced logout, when trying to login immediately after a logout
704  if ($url) {
705  $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url);
706  }
707  }
708  break;
709  }
710  } elseif ($this->logintype === 'login') {
711  // after login-error
712  switch ($redirMethod) {
713  case 'loginError':
714  if ($this->conf['redirectPageLoginError']) {
715  $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLoginError']);
716  }
717  break;
718  }
719  } elseif ($this->logintype == '' && $redirMethod == 'login' && $this->conf['redirectPageLogin']) {
720  // If login and page not accessible
721  $this->cObj->typoLink('', [
722  'parameter' => $this->conf['redirectPageLogin'],
723  'linkAccessRestrictedPages' => true
724  ]);
725  $redirect_url[] = $this->cObj->lastTypoLinkUrl;
726  } elseif ($this->logintype == '' && $redirMethod == 'logout' && $this->conf['redirectPageLogout'] && $this->frontendController->loginUser) {
727  // If logout and page not accessible
728  $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
729  } elseif ($this->logintype === 'logout') {
730  // after logout
731  // Hook for general actions after after logout has been confirmed
732  if ($this->logintype === 'logout' && $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed']) {
733  $_params = [];
734  foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed'] as $_funcRef) {
735  if ($_funcRef) {
736  GeneralUtility::callUserFunction($_funcRef, $_params, $this);
737  }
738  }
739  }
740  switch ($redirMethod) {
741  case 'logout':
742  if ($this->conf['redirectPageLogout']) {
743  $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
744  }
745  break;
746  }
747  } else {
748  // not logged in
749  // Placeholder for maybe future options
750  switch ($redirMethod) {
751  case 'getpost':
752  // Preserve the get/post value
753  $redirect_url[] = $this->redirectUrl;
754  break;
755  }
756  }
757  }
758  }
759  // Remove empty values, but keep "0" as value (that's why "strlen" is used as second parameter)
760  if (!empty($redirect_url)) {
761  return array_filter($redirect_url, 'strlen');
762  }
763  return [];
764  }
765 
771  protected function mergeflexFormValuesIntoConf()
772  {
773  $flex = [];
774  if ($this->flexFormValue('showForgotPassword', 'sDEF')) {
775  $flex['showForgotPasswordLink'] = $this->flexFormValue('showForgotPassword', 'sDEF');
776  }
777  if ($this->flexFormValue('showPermaLogin', 'sDEF')) {
778  $flex['showPermaLogin'] = $this->flexFormValue('showPermaLogin', 'sDEF');
779  }
780  if ($this->flexFormValue('showLogoutFormAfterLogin', 'sDEF')) {
781  $flex['showLogoutFormAfterLogin'] = $this->flexFormValue('showLogoutFormAfterLogin', 'sDEF');
782  }
783  if ($this->flexFormValue('pages', 'sDEF')) {
784  $flex['pages'] = $this->flexFormValue('pages', 'sDEF');
785  }
786  if ($this->flexFormValue('recursive', 'sDEF')) {
787  $flex['recursive'] = $this->flexFormValue('recursive', 'sDEF');
788  }
789  if ($this->flexFormValue('templateFile', 'sDEF')) {
790  $flex['templateFile'] = $this->uploadDir . $this->flexFormValue('templateFile', 'sDEF');
791  }
792  if ($this->flexFormValue('redirectMode', 's_redirect')) {
793  $flex['redirectMode'] = $this->flexFormValue('redirectMode', 's_redirect');
794  }
795  if ($this->flexFormValue('redirectFirstMethod', 's_redirect')) {
796  $flex['redirectFirstMethod'] = $this->flexFormValue('redirectFirstMethod', 's_redirect');
797  }
798  if ($this->flexFormValue('redirectDisable', 's_redirect')) {
799  $flex['redirectDisable'] = $this->flexFormValue('redirectDisable', 's_redirect');
800  }
801  if ($this->flexFormValue('redirectPageLogin', 's_redirect')) {
802  $flex['redirectPageLogin'] = $this->flexFormValue('redirectPageLogin', 's_redirect');
803  }
804  if ($this->flexFormValue('redirectPageLoginError', 's_redirect')) {
805  $flex['redirectPageLoginError'] = $this->flexFormValue('redirectPageLoginError', 's_redirect');
806  }
807  if ($this->flexFormValue('redirectPageLogout', 's_redirect')) {
808  $flex['redirectPageLogout'] = $this->flexFormValue('redirectPageLogout', 's_redirect');
809  }
810  $pid = $flex['pages'] ? $this->pi_getPidList($flex['pages'], $flex['recursive']) : 0;
811  if ($pid > 0) {
812  $flex['storagePid'] = $pid;
813  }
814  $this->conf = array_merge($this->conf, $flex);
815  }
816 
824  protected function flexFormValue($var, $sheet)
825  {
826  return $this->pi_getFFvalue($this->cObj->data['pi_flexform'], $var, $sheet);
827  }
828 
837  protected function getPageLink($label, $piVars, $returnUrl = false)
838  {
839  $additionalParams = '';
840  if (!empty($piVars)) {
841  foreach ($piVars as $key => $val) {
842  $additionalParams .= '&' . $key . '=' . $val;
843  }
844  }
845  // Should GETvars be preserved?
846  if ($this->conf['preserveGETvars']) {
847  $additionalParams .= $this->getPreserveGetVars();
848  }
849  $this->conf['linkConfig.']['parameter'] = $this->frontendController->id;
850  if ($additionalParams) {
851  $this->conf['linkConfig.']['additionalParams'] = $additionalParams;
852  }
853  if ($returnUrl) {
854  return htmlspecialchars($this->cObj->typoLink_URL($this->conf['linkConfig.']));
855  } else {
856  return $this->cObj->typoLink($label, $this->conf['linkConfig.']);
857  }
858  }
859 
868  protected function getPreserveGetVars()
869  {
870  $getVars = GeneralUtility::_GET();
871  unset(
872  $getVars['id'],
873  $getVars['no_cache'],
874  $getVars['logintype'],
875  $getVars['redirect_url'],
876  $getVars['cHash'],
877  $getVars[$this->prefixId]
878  );
879  if ($this->conf['preserveGETvars'] === 'all') {
880  $preserveQueryParts = $getVars;
881  } else {
882  $preserveQueryParts = GeneralUtility::trimExplode(',', $this->conf['preserveGETvars']);
883  $preserveQueryParts = GeneralUtility::explodeUrl2Array(implode('=1&', $preserveQueryParts) . '=1', true);
884  $preserveQueryParts = \TYPO3\CMS\Core\Utility\ArrayUtility::intersectRecursive($getVars, $preserveQueryParts);
885  }
886  $parameters = GeneralUtility::implodeArrayForUrl('', $preserveQueryParts);
887  return $parameters;
888  }
889 
895  protected function generatePassword($len)
896  {
897  $pass = '';
898  while ($len--) {
899  $char = rand(0, 35);
900  if ($char < 10) {
901  $pass .= '' . $char;
902  } else {
903  $pass .= chr($char - 10 + 97);
904  }
905  }
906  return $pass;
907  }
908 
916  protected function getDisplayText($label, $stdWrapArray = [])
917  {
918  $text = $this->flexFormValue($label, 's_messages') ? $this->cObj->stdWrap($this->flexFormValue($label, 's_messages'), $stdWrapArray) : $this->cObj->stdWrap($this->pi_getLL('ll_' . $label), $stdWrapArray);
919  $replace = $this->getUserFieldMarkers();
920  return strtr($text, $replace);
921  }
922 
928  protected function getUserFieldMarkers()
929  {
930  $marker = [];
931  // replace markers with fe_user data
932  if ($this->frontendController->fe_user->user) {
933  // All fields of fe_user will be replaced, scheme is ###FEUSER_FIELDNAME###
934  foreach ($this->frontendController->fe_user->user as $field => $value) {
935  $conf = isset($this->conf['userfields.'][$field . '.']) ? $this->conf['userfields.'][$field . '.'] : [];
936  $conf = array_replace_recursive(['htmlSpecialChars' => '1'], $conf);
937  $marker['###FEUSER_' . GeneralUtility::strtoupper($field) . '###'] = $this->cObj->stdWrap($value, $conf);
938  }
939  // Add ###USER### for compatibility
940  $marker['###USER###'] = $marker['###FEUSER_USERNAME###'];
941  }
942  return $marker;
943  }
944 
951  protected function validateRedirectUrl($url)
952  {
953  $url = strval($url);
954  if ($url === '') {
955  return '';
956  }
957  $decodedUrl = rawurldecode($url);
958  $sanitizedUrl = GeneralUtility::removeXSS($decodedUrl);
959  if ($decodedUrl !== $sanitizedUrl || preg_match('#["<>\\\\]+#', $url)) {
960  GeneralUtility::sysLog(sprintf($this->pi_getLL('xssAttackDetected'), $url), 'felogin', GeneralUtility::SYSLOG_SEVERITY_WARNING);
961  return '';
962  }
963  // Validate the URL:
964  if ($this->isRelativeUrl($url) || $this->isInCurrentDomain($url) || $this->isInLocalDomain($url)) {
965  return $url;
966  }
967  // URL is not allowed
968  GeneralUtility::sysLog(sprintf($this->pi_getLL('noValidRedirectUrl'), $url), 'felogin', GeneralUtility::SYSLOG_SEVERITY_WARNING);
969  return '';
970  }
971 
979  protected function isInCurrentDomain($url)
980  {
981  $urlWithoutSchema = preg_replace('#^https?://#', '', $url);
982  $siteUrlWithoutSchema = preg_replace('#^https?://#', '', GeneralUtility::getIndpEnv('TYPO3_SITE_URL'));
983  return StringUtility::beginsWith($urlWithoutSchema . '/', GeneralUtility::getIndpEnv('HTTP_HOST') . '/')
984  && StringUtility::beginsWith($urlWithoutSchema, $siteUrlWithoutSchema);
985  }
986 
994  protected function isInLocalDomain($url)
995  {
996  $result = false;
997  if (GeneralUtility::isValidUrl($url)) {
998  $parsedUrl = parse_url($url);
999  if ($parsedUrl['scheme'] === 'http' || $parsedUrl['scheme'] === 'https') {
1000  $host = $parsedUrl['host'];
1001  // Removes the last path segment and slash sequences like /// (if given):
1002  $path = preg_replace('#/+[^/]*$#', '', $parsedUrl['path']);
1003  $localDomains = $this->databaseConnection->exec_SELECTgetRows('domainName', 'sys_domain', '1=1' . $this->cObj->enableFields('sys_domain'));
1004  if (is_array($localDomains)) {
1005  foreach ($localDomains as $localDomain) {
1006  // strip trailing slashes (if given)
1007  $domainName = rtrim($localDomain['domainName'], '/');
1008  if (GeneralUtility::isFirstPartOfStr($host . $path . '/', $domainName . '/')) {
1009  $result = true;
1010  break;
1011  }
1012  }
1013  }
1014  }
1015  }
1016  return $result;
1017  }
1018 
1026  protected function isRelativeUrl($url)
1027  {
1028  $parsedUrl = @parse_url($url);
1029  if ($parsedUrl !== false && !isset($parsedUrl['scheme']) && !isset($parsedUrl['host'])) {
1030  // If the relative URL starts with a slash, we need to check if it's within the current site path
1031  return $parsedUrl['path'][0] !== '/' || GeneralUtility::isFirstPartOfStr($parsedUrl['path'], GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'));
1032  }
1033  return false;
1034  }
1035 }
pi_getFFvalue($T3FlexForm_array, $fieldName, $sheet='sDEF', $lang='lDEF', $value='vDEF')
static isFirstPartOfStr($str, $partStr)
static intersectRecursive(array $source, array $mask=[])
pi_getRecord($table, $uid, $checkPage=false)
static generateRandomBytes($bytesToReturn)
static trimExplode($delim, $string, $removeEmptyValues=false, $limit=0)
static callUserFunction($funcName, &$params, &$ref, $checkPrefix='', $errorMode=0)
static implodeArrayForUrl($name, array $theArray, $str='', $skipBlank=false, $rawurlencodeParamName=false)
static explodeUrl2Array($string, $multidim=false)
pi_getPageLink($id, $target='', $urlParameters=[])
static redirect($url, $httpStatus=self::HTTP_STATUS_303)
Definition: HttpUtility.php:76
$uid
Definition: server.php:38
$host
Definition: server.php:37
static beginsWith($haystack, $needle)
pi_getLL($key, $alternativeLabel='', $hsc=false)
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']