|
TYPO3 API
SVNRelease
|
00001 <?php 00002 /*************************************************************** 00003 * Copyright notice 00004 * 00005 * (c) 2008-2011 Christoph Koehler (christoph@webempoweredchurch.org) 00006 * All rights reserved 00007 * 00008 * This script is part of the TYPO3 project. The TYPO3 project is 00009 * free software; you can redistribute it and/or modify 00010 * it under the terms of the GNU General Public License as published by 00011 * the Free Software Foundation; either version 2 of the License, or 00012 * (at your option) any later version. 00013 * 00014 * The GNU General Public License can be found at 00015 * http://www.gnu.org/copyleft/gpl.html. 00016 * A copy is found in the textfile GPL.txt and important notices to the license 00017 * from the author is found in LICENSE.txt distributed with these scripts. 00018 * 00019 * 00020 * This script is distributed in the hope that it will be useful, 00021 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00022 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00023 * GNU General Public License for more details. 00024 * 00025 * This copyright notice MUST APPEAR in all copies of the script! 00026 ***************************************************************/ 00027 /** 00028 * This is the ajax handler for backend login after timeout. 00029 * 00030 * @author Christoph Koehler <christoph@webempoweredchurch.org> 00031 */ 00032 class AjaxLogin { 00033 00034 /** 00035 * Handles the actual login process, more specifically it defines the response. 00036 * The login details were sent in as part of the ajax request and automatically logged in 00037 * the user inside the init.php part of the ajax call. If that was successful, we have 00038 * a BE user and reset the timer and hide the login window. 00039 * If it was unsuccessful, we display that and show the login box again. 00040 * 00041 * @param array $parameters: Parameters (not used) 00042 * @param TYPO3AJAX $ajaxObj: The calling parent AJAX object 00043 * @return void 00044 */ 00045 public function login(array $parameters, TYPO3AJAX $ajaxObj) { 00046 if ($this->isAuthorizedBackendSession()) { 00047 $json = array('success' => TRUE); 00048 $token = ''; 00049 if ($this->hasLoginBeenProcessed()) { 00050 $formprotection = t3lib_formprotection_Factory::get(); 00051 $json['accessToken'] = $formprotection->generateToken('refreshTokens'); 00052 $formprotection->persistTokens(); 00053 } 00054 } else { 00055 $json = array('success' => FALSE); 00056 } 00057 $ajaxObj->addContent('login', $json); 00058 $ajaxObj->setContentFormat('json'); 00059 } 00060 00061 /** 00062 * Checks if a user is logged in and the session is active. 00063 * 00064 * @return boolean 00065 */ 00066 protected function isAuthorizedBackendSession() { 00067 return (isset($GLOBALS['BE_USER']) && $GLOBALS['BE_USER'] instanceof t3lib_beUserAuth && isset($GLOBALS['BE_USER']->user['uid'])); 00068 } 00069 00070 /** 00071 * Check whether the user was not already authorized 00072 * 00073 * @return boolean 00074 */ 00075 protected function hasLoginBeenProcessed() { 00076 $loginFormData = $GLOBALS['BE_USER']->getLoginFormData(); 00077 00078 return ($loginFormData['status'] == 'login') 00079 && isset($loginFormData['uname']) 00080 && isset($loginFormData['uident']) 00081 && isset($loginFormData['chalvalue']) 00082 && ((string)$_COOKIE['be_typo_user'] !== (string)$GLOBALS['BE_USER']->id); 00083 } 00084 00085 /** 00086 * Logs out the current BE user 00087 * 00088 * @param array $parameters: Parameters (not used) 00089 * @param TYPO3AJAX $ajaxObj: The calling parent AJAX object 00090 * @return void 00091 */ 00092 public function logout(array $parameters, TYPO3AJAX $ajaxObj) { 00093 $GLOBALS['BE_USER']->logoff(); 00094 if($GLOBALS['BE_USER']->user['uid']) { 00095 $ajaxObj->addContent('logout', array('success' => FALSE)); 00096 } else { 00097 $ajaxObj->addContent('logout', array('success' => TRUE)); 00098 } 00099 $ajaxObj->setContentFormat('json'); 00100 } 00101 00102 /** 00103 * Refreshes the login without needing login information. We just refresh the session. 00104 * 00105 * 00106 * @param array $parameters: Parameters (not used) 00107 * @param TYPO3AJAX $ajaxObj: The calling parent AJAX object 00108 * @return void 00109 */ 00110 public function refreshLogin(array $parameters, TYPO3AJAX $ajaxObj) { 00111 $GLOBALS['BE_USER']->checkAuthentication(); 00112 $ajaxObj->addContent('refresh', array('success' => TRUE)); 00113 $ajaxObj->setContentFormat('json'); 00114 } 00115 00116 00117 /** 00118 * Checks if the user session is expired yet 00119 * 00120 * @param array $parameters: Parameters (not used) 00121 * @param TYPO3AJAX $ajaxObj: The calling parent AJAX object 00122 * @return void 00123 */ 00124 function isTimedOut(array $parameters, TYPO3AJAX $ajaxObj) { 00125 if(is_object($GLOBALS['BE_USER'])) { 00126 $ajaxObj->setContentFormat('json'); 00127 if (@is_file(PATH_typo3conf.'LOCK_BACKEND')) { 00128 $ajaxObj->addContent('login', array('will_time_out' => FALSE, 'locked' => TRUE)); 00129 $ajaxObj->setContentFormat('json'); 00130 } else if (!isset($GLOBALS['BE_USER']->user['uid'])) { 00131 $ajaxObj->addContent('login', array('timed_out' => TRUE)); 00132 } else { 00133 $GLOBALS['BE_USER']->fetchUserSession(TRUE); 00134 $ses_tstamp = $GLOBALS['BE_USER']->user['ses_tstamp']; 00135 $timeout = $GLOBALS['BE_USER']->auth_timeout_field; 00136 00137 // if 120 seconds from now is later than the session timeout, we need to show the refresh dialog. 00138 // 120 is somewhat arbitrary to allow for a little room during the countdown and load times, etc. 00139 if ($GLOBALS['EXEC_TIME'] >= $ses_tstamp + $timeout - 120) { 00140 $ajaxObj->addContent('login', array('will_time_out' => TRUE)); 00141 } else { 00142 $ajaxObj->addContent('login', array('will_time_out' => FALSE)); 00143 } 00144 } 00145 } else { 00146 $ajaxObj->addContent('login', array('success' => FALSE, 'error' => 'No BE_USER object')); 00147 } 00148 } 00149 00150 /** 00151 * Gets a MD5 challenge. 00152 * 00153 * @param array $parameters: Parameters (not used) 00154 * @param TYPO3AJAX $parent: The calling parent AJAX object 00155 * @return void 00156 */ 00157 public function getChallenge(array $parameters, TYPO3AJAX $parent) { 00158 session_start(); 00159 00160 $_SESSION['login_challenge'] = md5(uniqid('') . getmypid()); 00161 00162 session_commit(); 00163 00164 $parent->addContent('challenge', $_SESSION['login_challenge']); 00165 $parent->setContentFormat('json'); 00166 } 00167 00168 /** 00169 * Generates new tokens for the ones found in the DOM. 00170 * 00171 * @param array $parameters: Parameters (not used) 00172 * @param TYPO3AJAX $parent: The calling parent AJAX object 00173 */ 00174 public function refreshTokens(array $parameters, TYPO3AJAX $parent) { 00175 $accessToken = (string)t3lib_div::_GP('accessToken'); 00176 $formprotection = t3lib_formprotection_Factory::get(); 00177 00178 if ($formprotection->validateToken($accessToken, 'refreshTokens')) { 00179 $oldTokens = json_decode((string)t3lib_div::_GP('tokens')); 00180 $regeneratedTokens = new stdClass(); 00181 00182 foreach ($oldTokens as $oldToken) { 00183 $newToken = $this->generateNewToken($oldToken); 00184 $regeneratedTokens->$oldToken = $newToken; 00185 } 00186 } 00187 $parent->addContent('newTokens', $regeneratedTokens); 00188 $parent->setContentFormat('json'); 00189 00190 $formprotection->persistTokens(); 00191 } 00192 00193 /** 00194 * Generate new token. 00195 * 00196 * @param string $oldToken 00197 * @return string regenerated Token 00198 */ 00199 protected function generateNewToken($oldToken) { 00200 list ($tokenId, $formName) = explode('-', $oldToken); 00201 return t3lib_formprotection_Factory::get()->generateToken($formName) . '-' . $formName; 00202 } 00203 00204 } 00205 00206 if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php'])) { 00207 include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php']); 00208 } 00209 00210 ?>
1.8.0