TYPO3 CMS  TYPO3_7-6
SaltedPasswordsUtility.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Saltedpasswords\Utility;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
20 class SaltedPasswordsUtility
21 {
25  const EXTKEY = 'saltedpasswords';
26 
33  public static function getNumberOfBackendUsersWithInsecurePassword()
34  {
35  $userCount = $GLOBALS['TYPO3_DB']->exec_SELECTcountRows(
36  '*',
37  'be_users',
38  'password != \'\''
39  . ' AND password NOT LIKE ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('$%', 'be_users')
40  . ' AND password NOT LIKE ' . $GLOBALS['TYPO3_DB']->fullQuoteStr('M$%', 'be_users')
41  );
42  return $userCount;
43  }
44 
50  public static function returnExtConf($mode = TYPO3_MODE)
51  {
52  $currentConfiguration = self::returnExtConfDefaults();
53  if (isset($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'])) {
54  $extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords']);
55  // Merge default configuration with modified configuration:
56  if (isset($extensionConfiguration[$mode . '.'])) {
57  $currentConfiguration = array_merge($currentConfiguration, $extensionConfiguration[$mode . '.']);
58  }
59  }
60  return $currentConfiguration;
61  }
62 
71  public function feloginForgotPasswordHook(array &$params, \TYPO3\CMS\Felogin\Controller\FrontendLoginController $pObj)
72  {
73  if (self::isUsageEnabled('FE')) {
74  $objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance();
75  $params['newPassword'] = $objInstanceSaltedPW->getHashedPassword($params['newPassword']);
76  }
77  }
78 
84  public static function returnExtConfDefaults()
85  {
86  return [
87  'onlyAuthService' => '0',
88  'forceSalted' => '0',
89  'updatePasswd' => '1',
90  'saltedPWHashingMethod' => \TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::class,
91  'enabled' => '1'
92  ];
93  }
94 
102  public static function getDefaultSaltingHashingMethod($mode = TYPO3_MODE)
103  {
104  $extConf = self::returnExtConf($mode);
105  $classNameToUse = \TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::class;
106  if (in_array($extConf['saltedPWHashingMethod'], array_keys(\TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getRegisteredSaltedHashingMethods()))) {
107  $classNameToUse = $extConf['saltedPWHashingMethod'];
108  }
109  return $classNameToUse;
110  }
111 
119  public static function isUsageEnabled($mode = TYPO3_MODE)
120  {
121  // Login Security Level Recognition
122  $extConf = self::returnExtConf($mode);
123  $securityLevel = trim($GLOBALS['TYPO3_CONF_VARS'][$mode]['loginSecurityLevel']) ?: 'normal';
124  if ($mode === 'BE') {
125  return true;
126  } elseif ($mode === 'FE' && $extConf['enabled']) {
127  return $securityLevel === 'normal' || $securityLevel === 'rsa';
128  }
129  return false;
130  }
131 }
TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility\feloginForgotPasswordHook
feloginForgotPasswordHook(array &$params, \TYPO3\CMS\Felogin\Controller\FrontendLoginController $pObj)
Definition: SaltedPasswordsUtility.php:71
$params
$params
Definition: auth_adodb_example.php:17
TYPO3\CMS\Saltedpasswords\Salt\SaltFactory\getSaltingInstance
static getSaltingInstance($saltedHash='', $mode=TYPO3_MODE)
Definition: SaltFactory.php:82
$GLOBALS
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']
Definition: ext_localconf.php:31
$extConf
$extConf
Definition: ext_localconf.php:5