TYPO3CMS  8
 All Classes Namespaces Files Functions Variables Pages
FrontendLoginController.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Felogin\Controller;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
23 
28 {
34  public $prefixId = 'tx_felogin_pi1';
35 
41  public $extKey = 'felogin';
42 
46  public $pi_checkCHash = false;
47 
51  public $pi_USER_INT_obj = true;
52 
58  protected $userIsLoggedIn;
59 
65  protected $template;
66 
72  protected $redirectUrl;
73 
79  protected $noRedirect = false;
80 
86  protected $logintype;
87 
93  public $spid;
94 
100  public $referer;
101 
110  public function main($content, $conf)
111  {
112  // Loading TypoScript array into object variable:
113  $this->conf = $conf;
114  // Loading default pivars
115  $this->pi_setPiVarDefaults();
116  // Loading language-labels
117  $this->pi_loadLL('EXT:felogin/Resources/Private/Language/locallang.xlf');
118  // Init FlexForm configuration for plugin:
119  $this->pi_initPIflexForm();
121  // Get storage PIDs:
122  if ($this->conf['storagePid']) {
123  if ((int)$this->conf['recursive']) {
124  $this->spid = $this->pi_getPidList($this->conf['storagePid'], (int)$this->conf['recursive']);
125  } else {
126  $this->spid = $this->conf['storagePid'];
127  }
128  } else {
129  throw new \RuntimeException('No storage folder (option storagePid) for frontend users given.', 1450904202);
130  }
131  // GPvars:
132  $this->logintype = GeneralUtility::_GP('logintype');
133  $this->referer = $this->validateRedirectUrl(GeneralUtility::_GP('referer'));
134  $this->noRedirect = $this->piVars['noredirect'] || $this->conf['redirectDisable'];
135  // If config.typolinkLinkAccessRestrictedPages is set, the var is return_url
136  $returnUrl = GeneralUtility::_GP('return_url');
137  if ($returnUrl) {
138  $this->redirectUrl = $returnUrl;
139  } else {
140  $this->redirectUrl = GeneralUtility::_GP('redirect_url');
141  }
142  $this->redirectUrl = $this->validateRedirectUrl($this->redirectUrl);
143  // Get Template
144  $templateFile = $this->conf['templateFile'] ?: 'EXT:felogin/Resources/Private/Templates/FrontendLogin.html';
145  $template = $this->getTypoScriptFrontendController()->tmpl->getFileName($templateFile);
146  if ($template !== null && file_exists($template)) {
147  $this->template = file_get_contents($template);
148  }
149  // Is user logged in?
150  $this->userIsLoggedIn = $this->frontendController->loginUser;
151  // Redirect
152  if ($this->conf['redirectMode'] && !$this->conf['redirectDisable'] && !$this->noRedirect) {
153  $redirectUrl = $this->processRedirect();
154  if (!empty($redirectUrl)) {
155  $this->redirectUrl = $this->conf['redirectFirstMethod'] ? array_shift($redirectUrl) : array_pop($redirectUrl);
156  } else {
157  $this->redirectUrl = '';
158  }
159  }
160  // What to display
161  $content = '';
162  if ($this->piVars['forgot'] && $this->conf['showForgotPasswordLink']) {
163  $content .= $this->showForgot();
164  } elseif ($this->piVars['forgothash']) {
165  $content .= $this->changePassword();
166  } else {
167  if ($this->userIsLoggedIn && !$this->logintype) {
168  $content .= $this->showLogout();
169  } else {
170  $content .= $this->showLogin();
171  }
172  }
173  // Process the redirect
174  if (($this->logintype === 'login' || $this->logintype === 'logout') && $this->redirectUrl && !$this->noRedirect) {
175  if (!$this->frontendController->fe_user->isCookieSet() && $this->userIsLoggedIn) {
176  $content .= $this->cObj->stdWrap($this->pi_getLL('cookie_warning'), $this->conf['cookieWarning_stdWrap.']);
177  } else {
178  // Add hook for extra processing before redirect
179  if (
180  isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect']) &&
181  is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'])
182  ) {
183  $_params = [
184  'loginType' => $this->logintype,
185  'redirectUrl' => &$this->redirectUrl
186  ];
187  foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['beforeRedirect'] as $_funcRef) {
188  if ($_funcRef) {
189  GeneralUtility::callUserFunction($_funcRef, $_params, $this);
190  }
191  }
192  }
194  }
195  }
196  // Adds hook for processing of extra item markers / special
197  if (
198  isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'])
199  && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'])
200  ) {
201  $_params = [
202  'content' => $content
203  ];
204  foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['postProcContent'] as $_funcRef) {
205  $content = GeneralUtility::callUserFunction($_funcRef, $_params, $this);
206  }
207  }
208  return $this->conf['wrapContentInBaseClass'] ? $this->pi_wrapInBaseClass($content) : $content;
209  }
210 
216  protected function showForgot()
217  {
218  $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_FORGOT###');
219  $subpartArray = ($linkpartArray = []);
220  $postData = GeneralUtility::_POST($this->prefixId);
221  if ($postData['forgot_email']) {
222  // Get hashes for compare
223  $postedHash = $postData['forgot_hash'];
224  $hashData = $this->frontendController->fe_user->getKey('ses', 'forgot_hash');
225  if ($postedHash === $hashData['forgot_hash']) {
226  $userTable = $this->frontendController->fe_user->user_table;
227  $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
228  $queryBuilder->setRestrictions(GeneralUtility::makeInstance(FrontendRestrictionContainer::class));
229  $row = $queryBuilder
230  ->select('uid', 'username', 'password', 'email')
231  ->from($userTable)
232  ->where(
233  $queryBuilder->expr()->orX(
234  $queryBuilder->expr()->eq(
235  'email',
236  $queryBuilder->createNamedParameter($this->piVars['forgot_email'], \PDO::PARAM_STR)
237  ),
238  $queryBuilder->expr()->eq(
239  'username',
240  $queryBuilder->createNamedParameter($this->piVars['forgot_email'], \PDO::PARAM_STR)
241  )
242  ),
243  $queryBuilder->expr()->in(
244  'pid',
245  $queryBuilder->createNamedParameter(
246  GeneralUtility::intExplode(',', $this->spid),
247  Connection::PARAM_INT_ARRAY
248  )
249  )
250  )
251  ->execute()
252  ->fetch();
253 
254  $error = null;
255  if ($row) {
256  // Generate an email with the hashed link
257  $error = $this->generateAndSendHash($row);
258  } elseif ($this->conf['exposeNonexistentUserInForgotPasswordDialog']) {
259  $error = $this->pi_getLL('ll_forgot_reset_message_error');
260  }
261  // Generate message
262  if ($error) {
263  $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap($error, $this->conf['forgotErrorMessage_stdWrap.']);
264  } else {
265  $markerArray['###STATUS_MESSAGE###'] = $this->cObj->stdWrap(
266  $this->pi_getLL('ll_forgot_reset_message_emailSent'),
267  $this->conf['forgotResetMessageEmailSentMessage_stdWrap.']
268  );
269  }
270  $subpartArray['###FORGOT_FORM###'] = '';
271  } else {
272  // Wrong email
273  $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
274  $markerArray['###BACKLINK_LOGIN###'] = '';
275  }
276  } else {
277  $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('forgot_reset_message', $this->conf['forgotMessage_stdWrap.']);
278  $markerArray['###BACKLINK_LOGIN###'] = '';
279  }
280  $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(htmlspecialchars($this->pi_getLL('ll_forgot_header_backToLogin')), []);
281  $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('forgot_header', $this->conf['forgotHeader_stdWrap.']);
282  $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('legend', $this->pi_getLL('reset_password')));
283  $markerArray['###ACTION_URI###'] = $this->getPageLink('', [$this->prefixId . '[forgot]' => 1], true);
284  $markerArray['###EMAIL_LABEL###'] = htmlspecialchars($this->pi_getLL('your_email'));
285  $markerArray['###FORGOT_PASSWORD_ENTEREMAIL###'] = htmlspecialchars($this->pi_getLL('forgot_password_enterEmail'));
286  $markerArray['###FORGOT_EMAIL###'] = $this->prefixId . '[forgot_email]';
287  $markerArray['###SEND_PASSWORD###'] = htmlspecialchars($this->pi_getLL('reset_password'));
288  $markerArray['###DATA_LABEL###'] = htmlspecialchars($this->pi_getLL('ll_enter_your_data'));
289  $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
290  // Generate hash
291  $hash = md5($this->generatePassword(3));
292  $markerArray['###FORGOTHASH###'] = $hash;
293  // Set hash in feuser session
294  $this->frontendController->fe_user->setKey('ses', 'forgot_hash', ['forgot_hash' => $hash]);
295  return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
296  }
297 
304  protected function changePassword()
305  {
306  $subpartArray = ($linkpartArray = []);
307  $done = false;
308  $minLength = (int)$this->conf['newPasswordMinLength'] ?: 6;
309  $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_CHANGEPASSWORD###');
310  $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('change_password_header', $this->conf['changePasswordHeader_stdWrap.']);
311  $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
312  'change_password_message',
313  $this->conf['changePasswordMessage_stdWrap.']
314  ), $minLength);
315 
316  $markerArray['###BACKLINK_LOGIN###'] = '';
317  $uid = $this->piVars['user'];
318  $piHash = $this->piVars['forgothash'];
319  $hash = explode('|', rawurldecode($piHash));
320  if ((int)$uid === 0) {
321  $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
322  'change_password_notvalid_message',
323  $this->conf['changePasswordNotValidMessage_stdWrap.']
324  );
325  $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
326  } else {
327  $user = $this->pi_getRecord('fe_users', (int)$uid);
328  $userHash = $user['felogin_forgotHash'];
329  $compareHash = explode('|', $userHash);
330  if (!$compareHash || !$compareHash[1] || $compareHash[0] < time() || $hash[0] != $compareHash[0] || md5($hash[1]) != $compareHash[1]) {
331  $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
332  'change_password_notvalid_message',
333  $this->conf['changePasswordNotValidMessage_stdWrap.']
334  );
335  $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
336  } else {
337  // All is fine, continue with new password
338  $postData = GeneralUtility::_POST($this->prefixId);
339  if (isset($postData['changepasswordsubmit'])) {
340  if (strlen($postData['password1']) < $minLength) {
341  $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
342  'change_password_tooshort_message',
343  $this->conf['changePasswordTooShortMessage_stdWrap.']),
344  $minLength
345  );
346  } elseif ($postData['password1'] != $postData['password2']) {
347  $markerArray['###STATUS_MESSAGE###'] = sprintf($this->getDisplayText(
348  'change_password_notequal_message',
349  $this->conf['changePasswordNotEqualMessage_stdWrap.']),
350  $minLength
351  );
352  } else {
353  $newPass = $postData['password1'];
354  if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed']) {
355  $_params = [
356  'user' => $user,
357  'newPassword' => $newPass,
358  'newPasswordUnencrypted' => $newPass
359  ];
360  foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) {
361  if ($_funcRef) {
362  GeneralUtility::callUserFunction($_funcRef, $_params, $this);
363  }
364  }
365  $newPass = $_params['newPassword'];
366  }
367 
368  // Save new password and clear DB-hash
369  $userTable = $this->frontendController->fe_user->user_table;
370  $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
371  $queryBuilder->getRestrictions()->removeAll();
372  $queryBuilder->update($userTable)
373  ->set('password', $newPass)
374  ->set('felogin_forgotHash', '')
375  ->set('tstamp', (int)$GLOBALS['EXEC_TIME'])
376  ->where(
377  $queryBuilder->expr()->eq(
378  'uid',
379  $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT)
380  )
381  )
382  ->execute();
383 
384  $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText(
385  'change_password_done_message',
386  $this->conf['changePasswordDoneMessage_stdWrap.']
387  );
388  $done = true;
389  $subpartArray['###CHANGEPASSWORD_FORM###'] = '';
390  $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink(
391  htmlspecialchars($this->pi_getLL('ll_forgot_header_backToLogin')),
392  [$this->prefixId . '[redirectReferrer]' => 'off']
393  );
394  }
395  }
396  if (!$done) {
397  // Change password form
398  $markerArray['###ACTION_URI###'] = $this->getPageLink('', [
399  $this->prefixId . '[user]' => $user['uid'],
400  $this->prefixId . '[forgothash]' => $piHash
401  ], true);
402  $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('change_password'));
403  $markerArray['###NEWPASSWORD1_LABEL###'] = htmlspecialchars($this->pi_getLL('newpassword_label1'));
404  $markerArray['###NEWPASSWORD2_LABEL###'] = htmlspecialchars($this->pi_getLL('newpassword_label2'));
405  $markerArray['###NEWPASSWORD1###'] = $this->prefixId . '[password1]';
406  $markerArray['###NEWPASSWORD2###'] = $this->prefixId . '[password2]';
407  $markerArray['###STORAGE_PID###'] = $this->spid;
408  $markerArray['###SEND_PASSWORD###'] = htmlspecialchars($this->pi_getLL('change_password'));
409  $markerArray['###FORGOTHASH###'] = $piHash;
410  }
411  }
412  }
413  return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
414  }
415 
422  protected function generateAndSendHash($user)
423  {
424  $hours = (int)$this->conf['forgotLinkHashValidTime'] > 0 ? (int)$this->conf['forgotLinkHashValidTime'] : 24;
425  $validEnd = time() + 3600 * $hours;
426  $validEndString = date($this->conf['dateFormat'], $validEnd);
427  $hash = md5(GeneralUtility::makeInstance(Random::class)->generateRandomBytes(64));
428  $randHash = $validEnd . '|' . $hash;
429  $randHashDB = $validEnd . '|' . md5($hash);
430 
431  // Write hash to DB
432  $userTable = $this->frontendController->fe_user->user_table;
433  $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
434  $queryBuilder->getRestrictions()->removeAll();
435  $queryBuilder->update($userTable)
436  ->set('felogin_forgotHash', $randHashDB)
437  ->where(
438  $queryBuilder->expr()->eq(
439  'uid',
440  $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT)
441  )
442  )
443  ->execute();
444 
445  // Send hashlink to user
446  $this->conf['linkPrefix'] = -1;
447  $isAbsRefPrefix = !empty($this->frontendController->absRefPrefix);
448  $isBaseURL = !empty($this->frontendController->baseUrl);
449  $isFeloginBaseURL = !empty($this->conf['feloginBaseURL']);
450  $link = $this->pi_getPageLink($this->frontendController->id, '', [
451  rawurlencode($this->prefixId . '[user]') => $user['uid'],
452  rawurlencode($this->prefixId . '[forgothash]') => $randHash
453  ]);
454  // Prefix link if necessary
455  if ($isFeloginBaseURL) {
456  // First priority, use specific base URL
457  // "absRefPrefix" must be removed first, otherwise URL will be prepended twice
458  if ($isAbsRefPrefix) {
459  $link = substr($link, strlen($this->frontendController->absRefPrefix));
460  }
461  $link = $this->conf['feloginBaseURL'] . $link;
462  } elseif ($isAbsRefPrefix) {
463  // Second priority
464  // absRefPrefix must not necessarily contain a hostname and URL scheme, so add it if needed
465  $link = GeneralUtility::locationHeaderUrl($link);
466  } elseif ($isBaseURL) {
467  // Third priority
468  // Add the global base URL to the link
469  $link = $this->frontendController->baseUrlWrap($link);
470  } else {
471  // No prefix is set, return the error
472  return $this->pi_getLL('ll_change_password_nolinkprefix_message');
473  }
474  $msg = sprintf($this->pi_getLL('ll_forgot_validate_reset_password'), $user['username'], $link, $validEndString);
475  // Add hook for extra processing of mail message
476  if (
477  isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'])
478  && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'])
479  ) {
480  $params = [
481  'message' => &$msg,
482  'user' => &$user
483  ];
484  foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['forgotPasswordMail'] as $reference) {
485  if ($reference) {
486  GeneralUtility::callUserFunction($reference, $params, $this);
487  }
488  }
489  }
490  if ($user['email']) {
491  $this->cObj->sendNotifyEmail($msg, $user['email'], '', $this->conf['email_from'], $this->conf['email_fromName'], $this->conf['replyTo']);
492  }
493 
494  return '';
495  }
496 
502  protected function showLogout()
503  {
504  $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGOUT###');
505  $subpartArray = ($linkpartArray = []);
506  $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('status_header', $this->conf['logoutHeader_stdWrap.']);
507  $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('status_message', $this->conf['logoutMessage_stdWrap.']);
508  $this->cObj->stdWrap($this->flexFormValue('message', 's_status'), $this->conf['logoutMessage_stdWrap.']);
509  $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('logout'));
510  $markerArray['###ACTION_URI###'] = $this->getPageLink('', [], true);
511  $markerArray['###LOGOUT_LABEL###'] = htmlspecialchars($this->pi_getLL('logout'));
512  $markerArray['###NAME###'] = htmlspecialchars($this->frontendController->fe_user->user['name']);
513  $markerArray['###STORAGE_PID###'] = $this->spid;
514  $markerArray['###USERNAME###'] = htmlspecialchars($this->frontendController->fe_user->user['username']);
515  $markerArray['###USERNAME_LABEL###'] = htmlspecialchars($this->pi_getLL('username'));
516  $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
517  $markerArray['###PREFIXID###'] = $this->prefixId;
518  $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
519  if ($this->redirectUrl) {
520  // Use redirectUrl for action tag because of possible access restricted pages
521  $markerArray['###ACTION_URI###'] = htmlspecialchars($this->redirectUrl);
522  $this->redirectUrl = '';
523  }
524  return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
525  }
526 
532  protected function showLogin()
533  {
534  $subpart = $this->cObj->getSubpart($this->template, '###TEMPLATE_LOGIN###');
535  $subpartArray = ($linkpartArray = ($markerArray = []));
536  $gpRedirectUrl = '';
537  $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('oLabel_header_welcome'));
538  if ($this->logintype === 'login') {
539  if ($this->userIsLoggedIn) {
540  // login success
541  $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('success_header', $this->conf['successHeader_stdWrap.']);
542  $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('success_message', $this->conf['successMessage_stdWrap.']);
543  $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
544  $subpartArray['###LOGIN_FORM###'] = '';
545  // Hook for general actions after after login has been confirmed (by Thomas Danzl <thomas@danzl.org>)
546  if ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed']) {
547  $_params = [];
548  foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_confirmed'] as $_funcRef) {
549  if ($_funcRef) {
550  GeneralUtility::callUserFunction($_funcRef, $_params, $this);
551  }
552  }
553  }
554  // show logout form directly
555  if ($this->conf['showLogoutFormAfterLogin']) {
556  $this->redirectUrl = '';
557  return $this->showLogout();
558  }
559  } else {
560  // Hook for general actions on login error
561  if (
562  isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'])
563  && is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'])
564  ) {
565  $params = [];
566  foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['login_error'] as $funcRef) {
567  if ($funcRef) {
568  GeneralUtility::callUserFunction($funcRef, $params, $this);
569  }
570  }
571  }
572  // login error
573  $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('error_header', $this->conf['errorHeader_stdWrap.']);
574  $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('error_message', $this->conf['errorMessage_stdWrap.']);
575  $gpRedirectUrl = GeneralUtility::_GP('redirect_url');
576  }
577  } else {
578  if ($this->logintype === 'logout') {
579  // login form after logout
580  $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('logout_header', $this->conf['logoutHeader_stdWrap.']);
581  $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('logout_message', $this->conf['logoutMessage_stdWrap.']);
582  } else {
583  // login form
584  $markerArray['###STATUS_HEADER###'] = $this->getDisplayText('welcome_header', $this->conf['welcomeHeader_stdWrap.']);
585  $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText('welcome_message', $this->conf['welcomeMessage_stdWrap.']);
586  }
587  }
588 
589  // This hook allows to call User JS functions.
590  // The methods should also set the required JS functions to get included
591  $onSubmit = '';
592  $extraHidden = '';
593  $onSubmitAr = [];
594  $extraHiddenAr = [];
595  // Check for referer redirect method. if present, save referer in form field
596  if (GeneralUtility::inList($this->conf['redirectMode'], 'referer') || GeneralUtility::inList($this->conf['redirectMode'], 'refererDomains')) {
597  $referer = $this->referer ? $this->referer : GeneralUtility::getIndpEnv('HTTP_REFERER');
598  if ($referer) {
599  $extraHiddenAr[] = '<input type="hidden" name="referer" value="' . htmlspecialchars($referer) . '" />';
600  if ($this->piVars['redirectReferrer'] === 'off') {
601  $extraHiddenAr[] = '<input type="hidden" name="' . $this->prefixId . '[redirectReferrer]" value="off" />';
602  }
603  }
604  }
605  if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'])) {
606  $_params = [];
607  foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['loginFormOnSubmitFuncs'] as $funcRef) {
608  list($onSub, $hid) = GeneralUtility::callUserFunction($funcRef, $_params, $this);
609  $onSubmitAr[] = $onSub;
610  $extraHiddenAr[] = $hid;
611  }
612  }
613  if (!empty($onSubmitAr)) {
614  $onSubmit = implode('; ', $onSubmitAr) . '; return true;';
615  }
616  if (!empty($extraHiddenAr)) {
617  $extraHidden = implode(LF, $extraHiddenAr);
618  }
619  if (!$gpRedirectUrl && $this->redirectUrl) {
620  $gpRedirectUrl = $this->redirectUrl;
621  }
622  // Login form
623  $markerArray['###ACTION_URI###'] = $this->getPageLink('', [], true);
624  // Used by kb_md5fepw extension...
625  $markerArray['###EXTRA_HIDDEN###'] = $extraHidden;
626  $markerArray['###LEGEND###'] = htmlspecialchars($this->pi_getLL('login'));
627  $markerArray['###LOGIN_LABEL###'] = htmlspecialchars($this->pi_getLL('login'));
628  // Used by kb_md5fepw extension...
629  $markerArray['###ON_SUBMIT###'] = $onSubmit;
630  $markerArray['###PASSWORD_LABEL###'] = htmlspecialchars($this->pi_getLL('password'));
631  $markerArray['###STORAGE_PID###'] = $this->spid;
632  $markerArray['###USERNAME_LABEL###'] = htmlspecialchars($this->pi_getLL('username'));
633  $markerArray['###REDIRECT_URL###'] = htmlspecialchars($gpRedirectUrl);
634  $markerArray['###NOREDIRECT###'] = $this->noRedirect ? '1' : '0';
635  $markerArray['###PREFIXID###'] = $this->prefixId;
636  $markerArray = array_merge($markerArray, $this->getUserFieldMarkers());
637  if ($this->conf['showForgotPasswordLink']) {
638  $linkpartArray['###FORGOT_PASSWORD_LINK###'] = explode('|', $this->getPageLink('|', [$this->prefixId . '[forgot]' => 1]));
639  $markerArray['###FORGOT_PASSWORD###'] = htmlspecialchars($this->pi_getLL('ll_forgot_header'));
640  } else {
641  $subpartArray['###FORGOTP_VALID###'] = '';
642  }
643  // The permanent login checkbox should only be shown if permalogin is not deactivated (-1),
644  // not forced to be always active (2) and lifetime is greater than 0
645  $permalogin = (int)$GLOBALS['TYPO3_CONF_VARS']['FE']['permalogin'];
646  if (
647  $this->conf['showPermaLogin']
648  && ($permalogin === 0 || $permalogin === 1)
649  && $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'] > 0
650  ) {
651  $markerArray['###PERMALOGIN###'] = htmlspecialchars($this->pi_getLL('permalogin'));
652  if ($permalogin === 1) {
653  $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = 'disabled="disabled"';
654  $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = 'checked="checked"';
655  } else {
656  $markerArray['###PERMALOGIN_HIDDENFIELD_ATTRIBUTES###'] = '';
657  $markerArray['###PERMALOGIN_CHECKBOX_ATTRIBUTES###'] = '';
658  }
659  } else {
660  $subpartArray['###PERMALOGIN_VALID###'] = '';
661  }
662  return $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, $subpartArray, $linkpartArray);
663  }
664 
670  protected function processRedirect()
671  {
672  $redirect_url = [];
673  if ($this->conf['redirectMode']) {
674  $redirectMethods = GeneralUtility::trimExplode(',', $this->conf['redirectMode'], true);
675  foreach ($redirectMethods as $redirMethod) {
676  if ($this->frontendController->loginUser && $this->logintype === 'login') {
677  // Logintype is needed because the login-page wouldn't be accessible anymore after a login (would always redirect)
678  switch ($redirMethod) {
679  case 'groupLogin':
680  // taken from dkd_redirect_at_login written by Ingmar Schlecht; database-field changed
681  $groupData = $this->frontendController->fe_user->groupData;
682  if (!empty($groupData['uid'])) {
683 
684  // take the first group with a redirect page
685  $userGroupTable = $this->frontendController->fe_user->usergroup_table;
686  $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userGroupTable);
687  $queryBuilder->getRestrictions()->removeAll();
688  $row = $queryBuilder
689  ->select('felogin_redirectPid')
690  ->from($userGroupTable)
691  ->where(
692  $queryBuilder->expr()->neq(
693  'felogin_redirectPid',
694  $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)
695  ),
696  $queryBuilder->expr()->in(
697  'uid',
698  $queryBuilder->createNamedParameter(
699  $groupData['uid'],
700  Connection::PARAM_INT_ARRAY
701  )
702  )
703  )
704  ->execute()
705  ->fetch();
706 
707  if ($row) {
708  $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
709  }
710  }
711  break;
712  case 'userLogin':
713 
714  $userTable = $this->frontendController->fe_user->user_table;
715  $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable);
716  $queryBuilder->getRestrictions()->removeAll();
717  $row = $queryBuilder
718  ->select('felogin_redirectPid')
719  ->from($userTable)
720  ->where(
721  $queryBuilder->expr()->neq(
722  'felogin_redirectPid',
723  $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)
724  ),
725  $queryBuilder->expr()->eq(
726  $this->frontendController->fe_user->userid_column,
727  $queryBuilder->createNamedParameter(
728  $this->frontendController->fe_user->user['uid'],
729  \PDO::PARAM_INT
730  )
731  )
732  )
733  ->execute()
734  ->fetch();
735 
736  if ($row) {
737  $redirect_url[] = $this->pi_getPageLink($row['felogin_redirectPid']);
738  }
739 
740  break;
741  case 'login':
742  if ($this->conf['redirectPageLogin']) {
743  $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogin']);
744  }
745  break;
746  case 'getpost':
747  $redirect_url[] = $this->redirectUrl;
748  break;
749  case 'referer':
750  // Avoid redirect when logging in after changing password
751  if ($this->piVars['redirectReferrer'] !== 'off') {
752  // Avoid forced logout, when trying to login immediately after a logout
753  $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $this->referer);
754  }
755  break;
756  case 'refererDomains':
757  // Auto redirect.
758  // Feature to redirect to the page where the user came from (HTTP_REFERER).
759  // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
760  // Thanks to plan2.net / Martin Kutschker for implementing this feature.
761  // also avoid redirect when logging in after changing password
762  if ($this->conf['domains'] && $this->piVars['redirectReferrer'] !== 'off') {
763  $url = $this->referer;
764  // Is referring url allowed to redirect?
765  $match = [];
766  if (preg_match('#^http://([[:alnum:]._-]+)/#', $url, $match)) {
767  $redirect_domain = $match[1];
768  $found = false;
769  foreach (GeneralUtility::trimExplode(',', $this->conf['domains'], true) as $d) {
770  if (preg_match('/(?:^|\\.)' . $d . '$/', $redirect_domain)) {
771  $found = true;
772  break;
773  }
774  }
775  if (!$found) {
776  $url = '';
777  }
778  }
779  // Avoid forced logout, when trying to login immediately after a logout
780  if ($url) {
781  $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url);
782  }
783  }
784  break;
785  }
786  } elseif ($this->logintype === 'login') {
787  // after login-error
788  switch ($redirMethod) {
789  case 'loginError':
790  if ($this->conf['redirectPageLoginError']) {
791  $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLoginError']);
792  }
793  break;
794  }
795  } elseif ($this->logintype == '' && $redirMethod == 'login' && $this->conf['redirectPageLogin']) {
796  // If login and page not accessible
797  $this->cObj->typoLink('', [
798  'parameter' => $this->conf['redirectPageLogin'],
799  'linkAccessRestrictedPages' => true
800  ]);
801  $redirect_url[] = $this->cObj->lastTypoLinkUrl;
802  } elseif ($this->logintype == '' && $redirMethod == 'logout' && $this->conf['redirectPageLogout'] && $this->frontendController->loginUser) {
803  // If logout and page not accessible
804  $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
805  } elseif ($this->logintype === 'logout') {
806  // after logout
807  // Hook for general actions after after logout has been confirmed
808  if ($this->logintype === 'logout' && $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed']) {
809  $_params = [];
810  foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['logout_confirmed'] as $_funcRef) {
811  if ($_funcRef) {
812  GeneralUtility::callUserFunction($_funcRef, $_params, $this);
813  }
814  }
815  }
816  switch ($redirMethod) {
817  case 'logout':
818  if ($this->conf['redirectPageLogout']) {
819  $redirect_url[] = $this->pi_getPageLink((int)$this->conf['redirectPageLogout']);
820  }
821  break;
822  }
823  } else {
824  // not logged in
825  // Placeholder for maybe future options
826  switch ($redirMethod) {
827  case 'getpost':
828  // Preserve the get/post value
829  $redirect_url[] = $this->redirectUrl;
830  break;
831  }
832  }
833  }
834  }
835  // Remove empty values, but keep "0" as value (that's why "strlen" is used as second parameter)
836  if (!empty($redirect_url)) {
837  return array_filter($redirect_url, 'strlen');
838  }
839  return [];
840  }
841 
847  protected function mergeflexFormValuesIntoConf()
848  {
849  $flex = [];
850  if ($this->flexFormValue('showForgotPassword', 'sDEF')) {
851  $flex['showForgotPasswordLink'] = $this->flexFormValue('showForgotPassword', 'sDEF');
852  }
853  if ($this->flexFormValue('showPermaLogin', 'sDEF')) {
854  $flex['showPermaLogin'] = $this->flexFormValue('showPermaLogin', 'sDEF');
855  }
856  if ($this->flexFormValue('showLogoutFormAfterLogin', 'sDEF')) {
857  $flex['showLogoutFormAfterLogin'] = $this->flexFormValue('showLogoutFormAfterLogin', 'sDEF');
858  }
859  if ($this->flexFormValue('pages', 'sDEF')) {
860  $flex['pages'] = $this->flexFormValue('pages', 'sDEF');
861  }
862  if ($this->flexFormValue('recursive', 'sDEF')) {
863  $flex['recursive'] = $this->flexFormValue('recursive', 'sDEF');
864  }
865  if ($this->flexFormValue('redirectMode', 's_redirect')) {
866  $flex['redirectMode'] = $this->flexFormValue('redirectMode', 's_redirect');
867  }
868  if ($this->flexFormValue('redirectFirstMethod', 's_redirect')) {
869  $flex['redirectFirstMethod'] = $this->flexFormValue('redirectFirstMethod', 's_redirect');
870  }
871  if ($this->flexFormValue('redirectDisable', 's_redirect')) {
872  $flex['redirectDisable'] = $this->flexFormValue('redirectDisable', 's_redirect');
873  }
874  if ($this->flexFormValue('redirectPageLogin', 's_redirect')) {
875  $flex['redirectPageLogin'] = $this->flexFormValue('redirectPageLogin', 's_redirect');
876  }
877  if ($this->flexFormValue('redirectPageLoginError', 's_redirect')) {
878  $flex['redirectPageLoginError'] = $this->flexFormValue('redirectPageLoginError', 's_redirect');
879  }
880  if ($this->flexFormValue('redirectPageLogout', 's_redirect')) {
881  $flex['redirectPageLogout'] = $this->flexFormValue('redirectPageLogout', 's_redirect');
882  }
883  $pid = $flex['pages'] ? $this->pi_getPidList($flex['pages'], $flex['recursive']) : 0;
884  if ($pid > 0) {
885  $flex['storagePid'] = $pid;
886  }
887  $this->conf = array_merge($this->conf, $flex);
888  }
889 
897  protected function flexFormValue($var, $sheet)
898  {
899  return $this->pi_getFFvalue($this->cObj->data['pi_flexform'], $var, $sheet);
900  }
901 
910  protected function getPageLink($label, $piVars, $returnUrl = false)
911  {
912  $additionalParams = '';
913  if (!empty($piVars)) {
914  foreach ($piVars as $key => $val) {
915  $additionalParams .= '&' . $key . '=' . $val;
916  }
917  }
918  // Should GETvars be preserved?
919  if ($this->conf['preserveGETvars']) {
920  $additionalParams .= $this->getPreserveGetVars();
921  }
922  $this->conf['linkConfig.']['parameter'] = $this->frontendController->id;
923  if ($additionalParams) {
924  $this->conf['linkConfig.']['additionalParams'] = $additionalParams;
925  }
926  if ($returnUrl) {
927  return htmlspecialchars($this->cObj->typoLink_URL($this->conf['linkConfig.']));
928  } else {
929  return $this->cObj->typoLink($label, $this->conf['linkConfig.']);
930  }
931  }
932 
941  protected function getPreserveGetVars()
942  {
943  $getVars = GeneralUtility::_GET();
944  unset(
945  $getVars['id'],
946  $getVars['no_cache'],
947  $getVars['logintype'],
948  $getVars['redirect_url'],
949  $getVars['cHash'],
950  $getVars[$this->prefixId]
951  );
952  if ($this->conf['preserveGETvars'] === 'all') {
953  $preserveQueryParts = $getVars;
954  } else {
955  $preserveQueryParts = GeneralUtility::trimExplode(',', $this->conf['preserveGETvars']);
956  $preserveQueryParts = GeneralUtility::explodeUrl2Array(implode('=1&', $preserveQueryParts) . '=1', true);
957  $preserveQueryParts = \TYPO3\CMS\Core\Utility\ArrayUtility::intersectRecursive($getVars, $preserveQueryParts);
958  }
959  $parameters = GeneralUtility::implodeArrayForUrl('', $preserveQueryParts);
960  return $parameters;
961  }
962 
968  protected function generatePassword($len)
969  {
970  $pass = '';
971  while ($len--) {
972  $char = rand(0, 35);
973  if ($char < 10) {
974  $pass .= '' . $char;
975  } else {
976  $pass .= chr($char - 10 + 97);
977  }
978  }
979  return $pass;
980  }
981 
989  protected function getDisplayText($label, $stdWrapArray = [])
990  {
991  $text = $this->flexFormValue($label, 's_messages') ? $this->cObj->stdWrap($this->flexFormValue($label, 's_messages'), $stdWrapArray) : $this->cObj->stdWrap($this->pi_getLL('ll_' . $label), $stdWrapArray);
992  $replace = $this->getUserFieldMarkers();
993  return strtr($text, $replace);
994  }
995 
1001  protected function getUserFieldMarkers()
1002  {
1003  $marker = [];
1004  // replace markers with fe_user data
1005  if ($this->frontendController->fe_user->user) {
1006  // All fields of fe_user will be replaced, scheme is ###FEUSER_FIELDNAME###
1007  foreach ($this->frontendController->fe_user->user as $field => $value) {
1008  $marker['###FEUSER_' . strtoupper($field) . '###'] = $this->cObj->stdWrap($value, $this->conf['userfields.'][$field . '.']);
1009  }
1010  // Add ###USER### for compatibility
1011  $marker['###USER###'] = $marker['###FEUSER_USERNAME###'];
1012  }
1013  return $marker;
1014  }
1015 
1022  protected function validateRedirectUrl($url)
1023  {
1024  $url = strval($url);
1025  if ($url === '') {
1026  return '';
1027  }
1028  // Validate the URL:
1029  if ($this->isRelativeUrl($url) || $this->isInCurrentDomain($url) || $this->isInLocalDomain($url)) {
1030  return $url;
1031  }
1032  // URL is not allowed
1033  GeneralUtility::sysLog(sprintf($this->pi_getLL('noValidRedirectUrl'), $url), 'felogin', GeneralUtility::SYSLOG_SEVERITY_WARNING);
1034  return '';
1035  }
1036 
1044  protected function isInCurrentDomain($url)
1045  {
1046  $urlWithoutSchema = preg_replace('#^https?://#', '', $url);
1047  $siteUrlWithoutSchema = preg_replace('#^https?://#', '', GeneralUtility::getIndpEnv('TYPO3_SITE_URL'));
1048  return strpos($urlWithoutSchema . '/', GeneralUtility::getIndpEnv('HTTP_HOST') . '/') === 0
1049  && strpos($urlWithoutSchema, $siteUrlWithoutSchema) === 0;
1050  }
1051 
1059  protected function isInLocalDomain($url)
1060  {
1061  $result = false;
1062  if (GeneralUtility::isValidUrl($url)) {
1063  $parsedUrl = parse_url($url);
1064  if ($parsedUrl['scheme'] === 'http' || $parsedUrl['scheme'] === 'https') {
1065  $host = $parsedUrl['host'];
1066  // Removes the last path segment and slash sequences like /// (if given):
1067  $path = preg_replace('#/+[^/]*$#', '', $parsedUrl['path']);
1068 
1069  $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('sys_domain');
1070  $queryBuilder->setRestrictions(GeneralUtility::makeInstance(FrontendRestrictionContainer::class));
1071  $localDomains = $queryBuilder->select('domainName')
1072  ->from('sys_domain')
1073  ->execute()
1074  ->fetchAll();
1075 
1076  if (is_array($localDomains)) {
1077  foreach ($localDomains as $localDomain) {
1078  // strip trailing slashes (if given)
1079  $domainName = rtrim($localDomain['domainName'], '/');
1080  if (GeneralUtility::isFirstPartOfStr($host . $path . '/', $domainName . '/')) {
1081  $result = true;
1082  break;
1083  }
1084  }
1085  }
1086  }
1087  }
1088  return $result;
1089  }
1090 
1098  protected function isRelativeUrl($url)
1099  {
1100  $url = GeneralUtility::sanitizeLocalUrl($url);
1101  if (!empty($url)) {
1102  $parsedUrl = @parse_url($url);
1103  if ($parsedUrl !== false && !isset($parsedUrl['scheme']) && !isset($parsedUrl['host'])) {
1104  // If the relative URL starts with a slash, we need to check if it's within the current site path
1105  return $parsedUrl['path'][0] !== '/' || GeneralUtility::isFirstPartOfStr($parsedUrl['path'], GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'));
1106  }
1107  }
1108  return false;
1109  }
1110 
1116  protected function getTypoScriptFrontendController()
1117  {
1118  return $GLOBALS['TSFE'];
1119  }
1120 }
static redirect($url, $httpStatus=self::HTTP_STATUS_303)
Definition: HttpUtility.php:76
static isFirstPartOfStr($str, $partStr)
static trimExplode($delim, $string, $removeEmptyValues=false, $limit=0)
static explodeUrl2Array($string, $multidim=false)
static implodeArrayForUrl($name, array $theArray, $str= '', $skipBlank=false, $rawurlencodeParamName=false)
static intersectRecursive(array $source, array $mask=[])
pi_getFFvalue($T3FlexForm_array, $fieldName, $sheet= 'sDEF', $lang= 'lDEF', $value= 'vDEF')
pi_getRecord($table, $uid, $checkPage=false)
pi_getLL($key, $alternativeLabel= '', $hsc=false)
pi_getPageLink($id, $target= '', $urlParameters=[])
if(TYPO3_MODE=== 'BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']
static makeInstance($className,...$constructorArguments)
static intExplode($delimiter, $string, $removeEmptyValues=false, $limit=0)
static callUserFunction($funcName, &$params, &$ref, $_= '', $errorMode=0)