/**
* Returns TRUE if submitted password is ok.
*
* If password is ok, set session as "authorized".
*
* @return boolean TRUE if the submitted password was ok and session was
* @todo Define visibility
*/
public function checkPassword()
{
$p = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('password');
if ($p && md5($p) === $GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword']) {
$this->session->setAuthorized();
// Sending warning email
$wEmail = $GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'];
if ($wEmail) {
$subject = 'Install Tool Login at "' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] . '"';
$email_body = 'There has been an Install Tool login at TYPO3 site "' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] . '" (' . \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('HTTP_HOST') . ') from remote address "' . \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REMOTE_ADDR') . '" (' . \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REMOTE_HOST') . ')';
mail($wEmail, $subject, $email_body, 'From: TYPO3 Install Tool WARNING <>');
}
return TRUE;
} else {
// Bad password, send warning:
if ($p) {
$wEmail = $GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'];
if ($wEmail) {
$subject = 'Install Tool Login ATTEMPT at \'' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] . '\'';
$email_body = 'There has been an Install Tool login attempt at TYPO3 site \'' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] . '\' (' . \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('HTTP_HOST') . ').
The MD5 hash of the last 5 characters of the password tried was \'' . substr(md5($p), -5) . '\'
REMOTE_ADDR was \'' . \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REMOTE_ADDR') . '\' (' . \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REMOTE_HOST') . ')';
mail($wEmail, $subject, $email_body, 'From: TYPO3 Install Tool WARNING <>');
}
}
return FALSE;
}
}
