TYPO3 API  SVNRelease
class.tx_sv_loginformhook.php
Go to the documentation of this file.
00001 <?php
00002 /***************************************************************
00003 *  Copyright notice
00004 *
00005 *  (c) 2009-2011 Dmitry Dulepov <dmitry@typo3.org>
00006 *  All rights reserved
00007 *
00008 *  This script is part of the TYPO3 project. The TYPO3 project is
00009 *  free software; you can redistribute it and/or modify
00010 *  it under the terms of the GNU General Public License as published by
00011 *  the Free Software Foundation; either version 2 of the License, or
00012 *  (at your option) any later version.
00013 *
00014 *  The GNU General Public License can be found at
00015 *  http://www.gnu.org/copyleft/gpl.html.
00016 *
00017 *  This script is distributed in the hope that it will be useful,
00018 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00019 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00020 *  GNU General Public License for more details.
00021 *
00022 *  This copyright notice MUST APPEAR in all copies of the script!
00023 ***************************************************************/
00024 
00025 /**
00026  * [CLASS/FUNCTION INDEX of SCRIPT]
00027  *
00028  * $Id: class.tx_sv_loginformhook.php 10120 2011-01-18 20:03:36Z ohader $
00029  */
00030 
00031 
00032 /**
00033  * This class contains a BE login form hook. It adds all necessary JavaScript
00034  * for the superchallenged authentication.
00035  *
00036  * @author  Dmitry Dulepov <dmitry@typo3.org>
00037  * @package TYPO3
00038  * @subpackage  tx_sv
00039  */
00040 class tx_sv_loginformhook {
00041 
00042     /**
00043      * Provides form code for the superchallenged authentication.
00044      *
00045      * @param   array   $params Parameters to the script
00046      * @param   SC_index    $pObj   Calling object
00047      * @return  string  The code for the login form
00048      */
00049     public function getLoginFormTag(array $params, SC_index &$pObj) {
00050         // Get the code according to the login level
00051         switch ($pObj->loginSecurityLevel) {
00052             case 'challenged':
00053             case 'superchallenged':
00054                 $_SESSION['login_challenge'] = $this->getChallenge();
00055                 $content = '<form action="index.php" method="post" name="loginform" ' .
00056                     'onsubmit="doChallengeResponse(' .
00057                     ($pObj->loginSecurityLevel == 'challenged' ? 0 : 1) . ');">' .
00058                     '<input type="hidden" name="challenge" value="' .
00059                     htmlspecialchars($_SESSION['login_challenge']) . '" />';
00060                 break;
00061             case 'normal':
00062                 $content = '<form action="index.php" method="post" name="loginform" onsubmit="document.loginform.userident.value=document.loginform.p_field.value;document.loginform.p_field.value=\'\';return true;">';
00063                 break;
00064             default:
00065                 // No code for unknown level!
00066                 $content = '';
00067         }
00068 
00069         return $content;
00070     }
00071 
00072     /**
00073      * Provides form code for the superchallenged authentication.
00074      *
00075      * @param   array   $params Parameters to the script
00076      * @param   SC_index    $pObj   Calling object
00077      * @return  string  The code for the login form
00078      */
00079     public function getLoginScripts(array $params, SC_index &$pObj) {
00080         $content = '';
00081 
00082         if ($pObj->loginSecurityLevel == 'superchallenged' ||
00083                 $pObj->loginSecurityLevel == 'challenged') {
00084             $content = '
00085                 <script type="text/javascript" src="md5.js"></script>
00086                 ' . $GLOBALS['TBE_TEMPLATE']->wrapScriptTags('
00087                     function doChallengeResponse(superchallenged) { //
00088                         password = document.loginform.p_field.value;
00089                         if (password)   {
00090                             if (superchallenged)    {
00091                                 password = MD5(password);   // this makes it superchallenged!!
00092                             }
00093                             str = document.loginform.username.value+":"+password+":"+document.loginform.challenge.value;
00094                             document.loginform.userident.value = MD5(str);
00095                             document.loginform.p_field.value = "";
00096                             return true;
00097                         }
00098                     }
00099                     ');
00100         }
00101 
00102         return $content;
00103     }
00104 
00105 
00106     /**
00107      * Create a random challenge string
00108      *
00109      * @return  string      Challenge value
00110      */
00111     protected function getChallenge()   {
00112         $challenge = md5(uniqid('') . getmypid());
00113         return $challenge;
00114     }
00115 
00116 }
00117 
00118 if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/sv/class.tx_sv_loginformhook.php'])) {
00119     include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/sv/class.tx_sv_loginformhook.php']);
00120 }
00121 
00122 ?>
Generated on Sat May 19 2012 04:21:01 for TYPO3 API by   doxygen 1.8.0