TYPO3 CMS  TYPO3_8-7
SaltedPasswordsUtility.php
Go to the documentation of this file.
1 <?php
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
19 
24 {
28  const EXTKEY = 'saltedpasswords';
29 
36  {
37  $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_users');
38  $queryBuilder->getRestrictions()->removeAll();
39 
40  $userCount = $queryBuilder
41  ->count('*')
42  ->from('be_users')
43  ->where(
44  $queryBuilder->expr()->neq('password', $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)),
45  $queryBuilder->expr()->notLike('password', $queryBuilder->createNamedParameter('$%', \PDO::PARAM_STR)),
46  $queryBuilder->expr()->notLike('password', $queryBuilder->createNamedParameter('M$%', \PDO::PARAM_STR))
47  )
48  ->execute()
49  ->fetchColumn();
50 
51  return $userCount;
52  }
53 
59  public static function returnExtConf($mode = TYPO3_MODE)
60  {
61  $currentConfiguration = self::returnExtConfDefaults();
62  if (isset($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'])) {
63  $extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'], ['allowed_classes' => false]);
64  // Merge default configuration with modified configuration:
65  if (isset($extensionConfiguration[$mode . '.'])) {
66  $currentConfiguration = array_merge($currentConfiguration, $extensionConfiguration[$mode . '.']);
67  }
68  }
69  return $currentConfiguration;
70  }
71 
79  public function feloginForgotPasswordHook(array &$params, \TYPO3\CMS\Felogin\Controller\FrontendLoginController $pObj)
80  {
81  if (self::isUsageEnabled('FE')) {
83  $params['newPassword'] = $objInstanceSaltedPW->getHashedPassword($params['newPassword']);
84  }
85  }
86 
92  public static function returnExtConfDefaults()
93  {
94  return [
95  'onlyAuthService' => '0',
96  'forceSalted' => '0',
97  'updatePasswd' => '1',
98  'saltedPWHashingMethod' => \TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::class,
99  'enabled' => '1'
100  ];
101  }
102 
110  public static function getDefaultSaltingHashingMethod($mode = TYPO3_MODE)
111  {
112  $extConf = self::returnExtConf($mode);
113  $classNameToUse = \TYPO3\CMS\Saltedpasswords\Salt\Md5Salt::class;
114  if (in_array($extConf['saltedPWHashingMethod'], array_keys(\TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getRegisteredSaltedHashingMethods()))) {
115  $classNameToUse = $extConf['saltedPWHashingMethod'];
116  }
117  return $classNameToUse;
118  }
119 
127  public static function isUsageEnabled($mode = TYPO3_MODE)
128  {
129  // Login Security Level Recognition
130  $extConf = self::returnExtConf($mode);
131  $securityLevel = trim($GLOBALS['TYPO3_CONF_VARS'][$mode]['loginSecurityLevel']) ?: 'normal';
132  if ($mode === 'BE') {
133  return true;
134  }
135  if ($mode === 'FE' && $extConf['enabled']) {
136  return $securityLevel === 'normal' || $securityLevel === 'rsa';
137  }
138  return false;
139  }
140 }
feloginForgotPasswordHook(array &$params, \TYPO3\CMS\Felogin\Controller\FrontendLoginController $pObj)
static getSaltingInstance($saltedHash='', $mode=TYPO3_MODE)
Definition: SaltFactory.php:83
static makeInstance($className,... $constructorArguments)
$extConf
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']