TYPO3_7-6/_salted_password_service_8php_source.html

 <?php
 namespace TYPO3\CMS\Saltedpasswords;

 /*
  * This file is part of the TYPO3 CMS project.
  *
  * It is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License, either version 2
  * of the License, or any later version.
  *
  * For the full copyright and license information, please read the
  * LICENSE.txt file that was distributed with this source code.
  *
  * The TYPO3 project - inspiring people to share!
  */

 class SaltedPasswordService extends \TYPO3\CMS\Sv\AbstractAuthenticationService
 {
     public $prefixId = 'tx_saltedpasswords_sv1';

     public $scriptRelPath = 'sv1/class.tx_saltedpasswords_sv1.php';

     public $extKey = 'saltedpasswords';

     protected $extConf;

     protected $objInstanceSaltedPW = null;

     protected $authenticationFailed = false;

     public function init()
     {
         $available = false;
         $mode = TYPO3_MODE;
         if ($this->info['requestedServiceSubType'] === 'authUserBE') {
             $mode = 'BE';
         } elseif ($this->info['requestedServiceSubType'] === 'authUserFE') {
             $mode = 'FE';
         }
         if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled($mode)) {
             $available = true;
             $this->extConf = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::returnExtConf();
         }
         return $available ? parent::init() : false;
     }

     public function compareUident(array $user, array $loginData, $passwordCompareStrategy = '')
     {
         $validPasswd = false;
         $password = $loginData['uident_text'];
         // Determine method used for given salted hashed password
         $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($user['password']);
         // Existing record is in format of Salted Hash password
         if (is_object($this->objInstanceSaltedPW)) {
             $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, $user['password']);
             // Record is in format of Salted Hash password but authentication failed
             // skip further authentication methods
             if (!$validPasswd) {
                 $this->authenticationFailed = true;
             }
             $defaultHashingClassName = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod();
             $skip = false;
             // Test for wrong salted hashing method (only if current method is not related to default method)
             if ($validPasswd && get_class($this->objInstanceSaltedPW) !== $defaultHashingClassName && !is_subclass_of($this->objInstanceSaltedPW, $defaultHashingClassName)) {
                 // Instantiate default method class
                 $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(null);
                 $this->updatePassword((int)$user['uid'], ['password' => $this->objInstanceSaltedPW->getHashedPassword($password)]);
             }
             if ($validPasswd && !$skip && $this->objInstanceSaltedPW->isHashUpdateNeeded($user['password'])) {
                 $this->updatePassword((int)$user['uid'], ['password' => $this->objInstanceSaltedPW->getHashedPassword($password)]);
             }
         } elseif (!(int)$this->extConf['forceSalted']) {
             // Stored password is in deprecated salted hashing method
             $hashingMethod = substr($user['password'], 0, 2);
             if ($hashingMethod === 'C$' || $hashingMethod === 'M$') {
                 // Instantiate default method class
                 $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(substr($user['password'], 1));
                 // md5
                 if ($hashingMethod === 'M$') {
                     $validPasswd = $this->objInstanceSaltedPW->checkPassword(md5($password), substr($user['password'], 1));
                 } else {
                     $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, substr($user['password'], 1));
                 }
                 // Skip further authentication methods
                 if (!$validPasswd) {
                     $this->authenticationFailed = true;
                 }
             } elseif (preg_match('/[0-9abcdef]{32,32}/', $user['password'])) {
                 $validPasswd = md5($password) === (string)$user['password'];
                 // Skip further authentication methods
                 if (!$validPasswd) {
                     $this->authenticationFailed = true;
                 }
             } else {
                 $validPasswd = (string)$password !== '' && (string)$password === (string)$user['password'];
             }
             // Should we store the new format value in DB?
             if ($validPasswd && (int)$this->extConf['updatePasswd']) {
                 // Instantiate default method class
                 $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(null);
                 $this->updatePassword((int)$user['uid'], ['password' => $this->objInstanceSaltedPW->getHashedPassword($password)]);
             }
         }
         return $validPasswd;
     }

     public function authUser(array $user)
     {
         $OK = 100;
         // The salted password service can only work correctly, if a non empty username along with a non empty password is provided.
         // Otherwise a different service is allowed to check for other login credentials
         if ((string)$this->login['uident_text'] !== '' && (string)$this->login['uname'] !== '') {
             $validPasswd = $this->compareUident($user, $this->login);
             if (!$validPasswd) {
                 // Failed login attempt (wrong password)
                 $errorMessage = 'Login-attempt from %s (%s), username \'%s\', password not accepted!';
                 // No delegation to further services
                 if ((int)$this->extConf['onlyAuthService'] || $this->authenticationFailed) {
                     $this->writeLogMessage(TYPO3_MODE . ' Authentication failed - wrong password for username \'%s\'', $this->login['uname']);
                     $OK = 0;
                 } else {
                     $this->writeLogMessage($errorMessage, $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']);
                 }
                 $this->writelog(255, 3, 3, 1, $errorMessage, [
                     $this->authInfo['REMOTE_ADDR'],
                     $this->authInfo['REMOTE_HOST'],
                     $this->login['uname']
                 ]);
                 \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf($errorMessage, $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']), 'core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_INFO);
             } elseif ($validPasswd && $user['lockToDomain'] && strcasecmp($user['lockToDomain'], $this->authInfo['HTTP_HOST'])) {
                 // Lock domain didn't match, so error:
                 $errorMessage = 'Login-attempt from %s (%s), username \'%s\', locked domain \'%s\' did not match \'%s\'!';
                 $this->writeLogMessage($errorMessage, $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'], $user['lockToDomain'], $this->authInfo['HTTP_HOST']);
                 $this->writelog(255, 3, 3, 1, $errorMessage, [
                     $this->authInfo['REMOTE_ADDR'],
                     $this->authInfo['REMOTE_HOST'],
                     $user[$this->db_user['username_column']],
                     $user['lockToDomain'],
                     $this->authInfo['HTTP_HOST']
                 ]);
                 \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf($errorMessage, $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST']), 'core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_INFO);
                 $OK = 0;
             } elseif ($validPasswd) {
                 $this->writeLogMessage(TYPO3_MODE . ' Authentication successful for username \'%s\'', $this->login['uname']);
                 $OK = 200;
             }
         }
         return $OK;
     }

     protected function updatePassword($uid, $updateFields)
     {
         $GLOBALS['TYPO3_DB']->exec_UPDATEquery($this->pObj->user_table, sprintf('uid = %u', $uid), $updateFields);
         \TYPO3\CMS\Core\Utility\GeneralUtility::devLog(sprintf('Automatic password update for user record in %s with uid %u', $this->pObj->user_table, $uid), $this->extKey, 1);
     }

     public function writeLogMessage($message)
     {
         if (func_num_args() > 1) {
             $params = func_get_args();
             array_shift($params);
             $message = vsprintf($message, $params);
         }
         if (TYPO3_MODE === 'BE') {
             \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog($message, $this->extKey, \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_NOTICE);
         } else {
             $GLOBALS['TT']->setTSlogMessage($message);
         }
         if (TYPO3_DLOG) {
             \TYPO3\CMS\Core\Utility\GeneralUtility::devLog($message, $this->extKey, \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_NOTICE);
         }
     }
 }
TYPO3\CMS\Core\Utility\GeneralUtility\devLog
static devLog($msg, $extKey, $severity=0, $dataVar=false)
Definition: GeneralUtility.php:5221

TYPO3

TYPO3\CMS\Saltedpasswords\SaltedPasswordService\compareUident
compareUident(array $user, array $loginData, $passwordCompareStrategy='')
Definition: SaltedPasswordService.php:101

TYPO3\CMS\Saltedpasswords\SaltedPasswordService
Definition: SaltedPasswordService.php:22

TYPO3\CMS\Sv\AbstractAuthenticationService\writelog
writelog($type, $action, $error, $details_nr, $details, $data, $tablename='', $recuid='', $recpid='')
Definition: AbstractAuthenticationService.php:130

$params
$params
Definition: auth_adodb_example.php:17

TYPO3\CMS\Saltedpasswords\SaltedPasswordService\$scriptRelPath
$scriptRelPath
Definition: SaltedPasswordService.php:36

TYPO3\CMS\Saltedpasswords\Salt\SaltFactory\getSaltingInstance
static getSaltingInstance($saltedHash='', $mode=TYPO3_MODE)
Definition: SaltFactory.php:82

TYPO3\CMS\Saltedpasswords\SaltedPasswordService\$extKey
$extKey
Definition: SaltedPasswordService.php:43

TYPO3\CMS\Saltedpasswords\SaltedPasswordService\authUser
authUser(array $user)
Definition: SaltedPasswordService.php:172

TYPO3\CMS\Saltedpasswords\SaltedPasswordService\$prefixId
$prefixId
Definition: SaltedPasswordService.php:29

TYPO3\CMS\Saltedpasswords\SaltedPasswordService\writeLogMessage
writeLogMessage($message)
Definition: SaltedPasswordService.php:242

TYPO3\CMS\Saltedpasswords\SaltedPasswordService\updatePassword
updatePassword($uid, $updateFields)
Definition: SaltedPasswordService.php:223

TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility\returnExtConf
static returnExtConf($mode=TYPO3_MODE)
Definition: SaltedPasswordsUtility.php:50

TYPO3\CMS\Sv\AbstractAuthenticationService
Definition: AbstractAuthenticationService.php:23

TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility\getDefaultSaltingHashingMethod
static getDefaultSaltingHashingMethod($mode=TYPO3_MODE)
Definition: SaltedPasswordsUtility.php:102

TYPO3\CMS\Saltedpasswords

TYPO3\CMS\Saltedpasswords\SaltedPasswordService\init
init()
Definition: SaltedPasswordService.php:77

TYPO3\CMS\Saltedpasswords\SaltedPasswordService\$objInstanceSaltedPW
$objInstanceSaltedPW
Definition: SaltedPasswordService.php:58

TYPO3\CMS\Sv\AbstractAuthenticationService\$mode
$mode
Definition: AbstractAuthenticationService.php:37

$uid
$uid
Definition: server.php:38

TYPO3\CMS\Saltedpasswords\SaltedPasswordService\$authenticationFailed
$authenticationFailed
Definition: SaltedPasswordService.php:68

$GLOBALS
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']
Definition: ext_localconf.php:31

TYPO3\CMS\Saltedpasswords\SaltedPasswordService\$extConf
$extConf
Definition: SaltedPasswordService.php:50